1 /* $NetBSD: if_pppoe.c,v 1.184 2024/07/05 04:31:53 rin Exp $ */
2
3 /*
4 * Copyright (c) 2002, 2008 The NetBSD Foundation, Inc.
5 * All rights reserved.
6 *
7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Martin Husemann <martin@NetBSD.org>.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 * POSSIBILITY OF SUCH DAMAGE.
30 */
31
32 #include <sys/cdefs.h>
33 __KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.184 2024/07/05 04:31:53 rin Exp $");
34
35 #ifdef _KERNEL_OPT
36 #include "pppoe.h"
37 #include "opt_pppoe.h"
38 #include "opt_net_mpsafe.h"
39 #endif
40
41 #include <sys/param.h>
42 #include <sys/systm.h>
43 #include <sys/kernel.h>
44 #include <sys/atomic.h>
45 #include <sys/callout.h>
46 #include <sys/malloc.h>
47 #include <sys/mbuf.h>
48 #include <sys/socket.h>
49 #include <sys/proc.h>
50 #include <sys/ioctl.h>
51 #include <sys/kauth.h>
52 #include <sys/intr.h>
53 #include <sys/socketvar.h>
54 #include <sys/device.h>
55 #include <sys/module.h>
56 #include <sys/sysctl.h>
57 #include <sys/rwlock.h>
58 #include <sys/mutex.h>
59 #include <sys/psref.h>
60 #include <sys/cprng.h>
61 #include <sys/workqueue.h>
62
63 #include <net/if.h>
64 #include <net/if_types.h>
65 #include <net/if_ether.h>
66 #include <net/if_sppp.h>
67 #include <net/if_spppvar.h>
68 #include <net/if_pppoe.h>
69 #include <net/if_dl.h>
70
71 #include <net/bpf.h>
72
73 #include "ioconf.h"
74
75 #ifdef NET_MPSAFE
76 #define PPPOE_MPSAFE 1
77 #endif
78
79 #ifndef PPPOE_DEQUEUE_MAXLEN
80 #define PPPOE_DEQUEUE_MAXLEN IFQ_MAXLEN
81 #endif
82
83 struct pppoehdr {
84 uint8_t vertype;
85 uint8_t code;
86 uint16_t session;
87 uint16_t plen;
88 } __packed;
89
90 struct pppoetag {
91 uint16_t tag;
92 uint16_t len;
93 } __packed;
94
95 #define PPPOE_HEADERLEN sizeof(struct pppoehdr)
96 #define PPPOE_OVERHEAD (PPPOE_HEADERLEN + 2)
97 #define PPPOE_VERTYPE 0x11 /* VER=1, TYPE = 1 */
98
99 #define PPPOE_TAG_EOL 0x0000 /* end of list */
100 #define PPPOE_TAG_SNAME 0x0101 /* service name */
101 #define PPPOE_TAG_ACNAME 0x0102 /* access concentrator name */
102 #define PPPOE_TAG_HUNIQUE 0x0103 /* host unique */
103 #define PPPOE_TAG_ACCOOKIE 0x0104 /* AC cookie */
104 #define PPPOE_TAG_VENDOR 0x0105 /* vendor specific */
105 #define PPPOE_TAG_RELAYSID 0x0110 /* relay session id */
106 #define PPPOE_TAG_MAX_PAYLOAD 0x0120 /* max payload */
107 #define PPPOE_TAG_SNAME_ERR 0x0201 /* service name error */
108 #define PPPOE_TAG_ACSYS_ERR 0x0202 /* AC system error */
109 #define PPPOE_TAG_GENERIC_ERR 0x0203 /* generic error */
110
111 #define PPPOE_CODE_PADI 0x09 /* Active Discovery Initiation */
112 #define PPPOE_CODE_PADO 0x07 /* Active Discovery Offer */
113 #define PPPOE_CODE_PADR 0x19 /* Active Discovery Request */
114 #define PPPOE_CODE_PADS 0x65 /* Active Discovery Session confirmation */
115 #define PPPOE_CODE_PADT 0xA7 /* Active Discovery Terminate */
116
117 /* two byte PPP protocol discriminator, then IP data */
118 #define PPPOE_MAXMTU (ETHERMTU - PPPOE_OVERHEAD)
119
120 /* Add a 16 bit unsigned value to a buffer pointed to by PTR */
121 #define PPPOE_ADD_16(PTR, VAL) \
122 *(PTR)++ = (VAL) / 256; \
123 *(PTR)++ = (VAL) % 256
124
125 /* Add a complete PPPoE header to the buffer pointed to by PTR */
126 #define PPPOE_ADD_HEADER(PTR, CODE, SESS, LEN) \
127 *(PTR)++ = PPPOE_VERTYPE; \
128 *(PTR)++ = (CODE); \
129 PPPOE_ADD_16(PTR, SESS); \
130 PPPOE_ADD_16(PTR, LEN)
131
132 #define PPPOE_DISC_TIMEOUT (hz*5) /* base for quick timeout calculation */
133 #define PPPOE_SLOW_RETRY (hz*60) /* persistent retry interval */
134 #define PPPOE_RECON_FAST (hz*15) /* first retry after auth failure */
135 #define PPPOE_RECON_IMMEDIATE (hz/10) /* "no delay" reconnect */
136 #define PPPOE_RECON_PADTRCVD (hz*5) /* reconnect delay after PADT received */
137 #define PPPOE_DISC_MAXPADI 4 /* retry PADI four times (quickly) */
138 #define PPPOE_DISC_MAXPADR 2 /* retry PADR twice */
139
140 #ifdef PPPOE_SERVER
141 /* from if_spppsubr.c */
142 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */
143 #endif
144
145 #define PPPOE_LOCK(_sc, _op) rw_enter(&(_sc)->sc_lock, (_op))
146 #define PPPOE_UNLOCK(_sc) rw_exit(&(_sc)->sc_lock)
147 #define PPPOE_WLOCKED(_sc) rw_write_held(&(_sc)->sc_lock)
148
149 #ifdef PPPOE_MPSAFE
150 #define DECLARE_SPLNET_VARIABLE
151 #define ACQUIRE_SPLNET() do { } while (0)
152 #define RELEASE_SPLNET() do { } while (0)
153 #else
154 #define DECLARE_SPLNET_VARIABLE int __s
155 #define ACQUIRE_SPLNET() do { \
156 __s = splnet(); \
157 } while (0)
158 #define RELEASE_SPLNET() do { \
159 splx(__s); \
160 } while (0)
161 #endif
162
163 #ifdef PPPOE_DEBUG
164 #define DPRINTF(_sc, _fmt, _arg...) pppoe_printf((_sc), (_fmt), ##_arg)
165 #else
166 #define DPRINTF(_sc, _fmt, _arg...) __nothing
167 #endif
168
169 struct pppoe_softc {
170 struct sppp sc_sppp; /* contains a struct ifnet as first element */
171 LIST_ENTRY(pppoe_softc) sc_list;
172 struct ifnet *sc_eth_if; /* ethernet interface we are using */
173
174 uint64_t sc_id; /* id of this softc, our hunique */
175 int sc_state; /* discovery phase or session connected */
176 struct ether_addr sc_dest; /* hardware address of concentrator */
177 uint16_t sc_session; /* PPPoE session id */
178
179 char *sc_service_name; /* if != NULL: requested name of service */
180 char *sc_concentrator_name; /* if != NULL: requested concentrator id */
181 uint8_t *sc_ac_cookie; /* content of AC cookie we must echo back */
182 size_t sc_ac_cookie_len; /* length of cookie data */
183 uint8_t *sc_relay_sid; /* content of relay SID we must echo back */
184 size_t sc_relay_sid_len; /* length of relay SID data */
185 #ifdef PPPOE_SERVER
186 uint8_t *sc_hunique; /* content of host unique we must echo back */
187 size_t sc_hunique_len; /* length of host unique */
188 #endif
189 callout_t sc_timeout; /* timeout while not in session state */
190 struct workqueue *sc_timeout_wq; /* workqueue for timeout */
191 struct work sc_timeout_wk;
192 u_int sc_timeout_scheduled;
193 int sc_padi_retried; /* number of PADI retries already done */
194 int sc_padr_retried; /* number of PADR retries already done */
195 krwlock_t sc_lock; /* lock of sc_state, sc_session, and sc_eth_if */
196 bool sc_detaching;
197 };
198
199 /* incoming traffic will be queued here */
200 struct ifqueue ppoediscinq = { .ifq_maxlen = IFQ_MAXLEN };
201 struct ifqueue ppoeinq = { .ifq_maxlen = IFQ_MAXLEN };
202
203 void *pppoe_softintr = NULL;
204 static void pppoe_softintr_handler(void *);
205
206 extern int sppp_ioctl(struct ifnet *, unsigned long, void *);
207
208 /* input routines */
209 static void pppoeintr(void);
210 static void pppoe_disc_input(struct mbuf *);
211 static void pppoe_dispatch_disc_pkt(struct mbuf *, int);
212 static void pppoe_data_input(struct mbuf *);
213 static void pppoe_enqueue(struct ifqueue *, struct mbuf *);
214
215 /* management routines */
216 static int pppoe_connect(struct pppoe_softc *);
217 static int pppoe_disconnect(struct pppoe_softc *);
218 static void pppoe_abort_connect(struct pppoe_softc *);
219 static int pppoe_ioctl(struct ifnet *, unsigned long, void *);
220 static void pppoe_tls(struct sppp *);
221 static void pppoe_tlf(struct sppp *);
222 static void pppoe_start(struct ifnet *);
223 #ifdef PPPOE_MPSAFE
224 static int pppoe_transmit(struct ifnet *, struct mbuf *);
225 #endif
226 static void pppoe_clear_softc(struct pppoe_softc *, const char *);
227 static void pppoe_printf(struct pppoe_softc *, const char *, ...);
228
229 /* internal timeout handling */
230 static void pppoe_timeout_co(void *);
231 static void pppoe_timeout_co_halt(void *);
232 static void pppoe_timeout_wk(struct work *, void *);
233 static void pppoe_timeout(struct pppoe_softc *);
234
235 /* sending actual protocol control packets */
236 static int pppoe_send_padi(struct pppoe_softc *);
237 static int pppoe_send_padr(struct pppoe_softc *);
238 #ifdef PPPOE_SERVER
239 static int pppoe_send_pado(struct pppoe_softc *);
240 static int pppoe_send_pads(struct pppoe_softc *);
241 #endif
242 static int pppoe_send_padt(struct ifnet *, u_int, const uint8_t *);
243
244 /* raw output */
245 static int pppoe_output(struct pppoe_softc *, struct mbuf *);
246
247 /* internal helper functions */
248 static struct pppoe_softc * pppoe_find_softc_by_session(u_int, struct ifnet *,
249 krw_t);
250 static struct pppoe_softc * pppoe_find_softc_by_hunique(uint8_t *, size_t,
251 struct ifnet *, krw_t);
252 static struct mbuf *pppoe_get_mbuf(size_t len);
253
254 static void pppoe_ifattach_hook(void *, unsigned long, void *);
255
256 static LIST_HEAD(pppoe_softc_head, pppoe_softc) pppoe_softc_list;
257 static krwlock_t pppoe_softc_list_lock;
258
259 static int pppoe_clone_create(struct if_clone *, int);
260 static int pppoe_clone_destroy(struct ifnet *);
261
262 static bool pppoe_term_unknown = false;
263 static int pppoe_term_unknown_pps = 1;
264
265 static struct sysctllog *pppoe_sysctl_clog;
266 static void sysctl_net_pppoe_setup(struct sysctllog **);
267
268 static struct if_clone pppoe_cloner =
269 IF_CLONE_INITIALIZER("pppoe", pppoe_clone_create, pppoe_clone_destroy);
270
271 /* ARGSUSED */
272 void
pppoeattach(int count)273 pppoeattach(int count)
274 {
275
276 /*
277 * Nothing to do here, initialization is handled by the
278 * module initialization code in pppoeinit() below).
279 */
280 }
281
282 static void
pppoeinit(void)283 pppoeinit(void)
284 {
285
286 LIST_INIT(&pppoe_softc_list);
287 rw_init(&pppoe_softc_list_lock);
288 if_clone_attach(&pppoe_cloner);
289
290 pppoe_softintr = softint_establish(SOFTINT_MPSAFE|SOFTINT_NET,
291 pppoe_softintr_handler, NULL);
292 sysctl_net_pppoe_setup(&pppoe_sysctl_clog);
293
294 IFQ_LOCK_INIT(&ppoediscinq);
295 IFQ_LOCK_INIT(&ppoeinq);
296 }
297
298 static int
pppoedetach(void)299 pppoedetach(void)
300 {
301 int error = 0;
302
303 rw_enter(&pppoe_softc_list_lock, RW_READER);
304 if (!LIST_EMPTY(&pppoe_softc_list)) {
305 rw_exit(&pppoe_softc_list_lock);
306 error = EBUSY;
307 }
308
309 if (error == 0) {
310 if_clone_detach(&pppoe_cloner);
311 softint_disestablish(pppoe_softintr);
312 /* Remove our sysctl sub-tree */
313 sysctl_teardown(&pppoe_sysctl_clog);
314 }
315
316 return error;
317 }
318
319 static void
pppoe_softc_genid(uint64_t * id)320 pppoe_softc_genid(uint64_t *id)
321 {
322 struct pppoe_softc *sc;
323 uint64_t rndid;
324
325 rw_enter(&pppoe_softc_list_lock, RW_READER);
326
327 while (1) {
328 rndid = cprng_strong64();
329
330 sc = NULL;
331 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) {
332 if (sc->sc_id == rndid)
333 break;
334 }
335 if (sc == NULL) {
336 break;
337 }
338 }
339
340 rw_exit(&pppoe_softc_list_lock);
341 *id = rndid;
342 }
343
344 static int
pppoe_clone_create(struct if_clone * ifc,int unit)345 pppoe_clone_create(struct if_clone *ifc, int unit)
346 {
347 struct pppoe_softc *sc;
348 struct ifnet *ifp;
349 int rv;
350
351 sc = kmem_zalloc(sizeof(*sc), KM_SLEEP);
352 ifp = &sc->sc_sppp.pp_if;
353
354 rw_init(&sc->sc_lock);
355 pppoe_softc_genid(&sc->sc_id);
356 /* changed to real address later */
357 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest));
358
359 if_initname(ifp, "pppoe", unit);
360 ifp->if_softc = sc;
361 ifp->if_mtu = PPPOE_MAXMTU;
362 ifp->if_flags = IFF_SIMPLEX|IFF_POINTOPOINT|IFF_MULTICAST;
363 #ifdef PPPOE_MPSAFE
364 ifp->if_extflags = IFEF_MPSAFE;
365 #endif
366 ifp->if_type = IFT_PPP;
367 ifp->if_hdrlen = sizeof(struct ether_header) + PPPOE_HEADERLEN;
368 ifp->if_dlt = DLT_PPP_ETHER;
369 ifp->if_ioctl = pppoe_ioctl;
370 ifp->if_start = pppoe_start;
371 #ifdef PPPOE_MPSAFE
372 ifp->if_transmit = pppoe_transmit;
373 #endif
374 IFQ_SET_MAXLEN(&ifp->if_snd, IFQ_MAXLEN);
375 IFQ_SET_READY(&ifp->if_snd);
376
377 sc->sc_sppp.pp_tls = pppoe_tls;
378 sc->sc_sppp.pp_tlf = pppoe_tlf;
379 sc->sc_sppp.pp_flags |= PP_KEEPALIVE | /* use LCP keepalive */
380 PP_NOFRAMING; /* no serial encapsulation */
381 sc->sc_sppp.pp_framebytes = PPPOE_HEADERLEN; /* framing added to ppp packets */
382
383 rv = workqueue_create(&sc->sc_timeout_wq,
384 ifp->if_xname, pppoe_timeout_wk, sc,
385 PRI_SOFTNET, IPL_SOFTNET, 0);
386 if (rv != 0)
387 goto destroy_sclock;
388
389 callout_init(&sc->sc_timeout, CALLOUT_MPSAFE);
390 callout_setfunc(&sc->sc_timeout, pppoe_timeout_co, sc);
391
392 if_initialize(ifp);
393
394 ifp->if_percpuq = if_percpuq_create(ifp);
395
396 rw_enter(&pppoe_softc_list_lock, RW_READER);
397 if (LIST_EMPTY(&pppoe_softc_list)) {
398 pfil_add_ihook(pppoe_ifattach_hook, NULL, PFIL_IFNET, if_pfil);
399 }
400 LIST_INSERT_HEAD(&pppoe_softc_list, sc, sc_list);
401 rw_exit(&pppoe_softc_list_lock);
402
403 sppp_attach(ifp);
404 bpf_attach(ifp, DLT_PPP_ETHER, 0);
405 if_register(ifp);
406
407 return 0;
408
409 destroy_sclock:
410 rw_destroy(&sc->sc_lock);
411 kmem_free(sc, sizeof(*sc));
412
413 return rv;
414 }
415
416 static int
pppoe_clone_destroy(struct ifnet * ifp)417 pppoe_clone_destroy(struct ifnet *ifp)
418 {
419 struct pppoe_softc * sc = ifp->if_softc;
420
421 PPPOE_LOCK(sc, RW_WRITER);
422 /* stop ioctls */
423 sc->sc_detaching = true;
424
425 if (ifp->if_flags & IFF_RUNNING) {
426 pppoe_clear_softc(sc, "destroy interface");
427 sc->sc_eth_if = NULL;
428 }
429 PPPOE_UNLOCK(sc);
430
431 rw_enter(&pppoe_softc_list_lock, RW_WRITER);
432 LIST_REMOVE(sc, sc_list);
433
434 if (LIST_EMPTY(&pppoe_softc_list)) {
435 pfil_remove_ihook(pppoe_ifattach_hook, NULL, PFIL_IFNET, if_pfil);
436 }
437 rw_exit(&pppoe_softc_list_lock);
438
439 bpf_detach(ifp);
440 sppp_detach(&sc->sc_sppp.pp_if);
441 if_detach(ifp);
442
443 callout_setfunc(&sc->sc_timeout, pppoe_timeout_co_halt, sc);
444
445 workqueue_wait(sc->sc_timeout_wq, &sc->sc_timeout_wk);
446 workqueue_destroy(sc->sc_timeout_wq);
447
448 callout_halt(&sc->sc_timeout, NULL);
449 callout_destroy(&sc->sc_timeout);
450
451 #ifdef PPPOE_SERVER
452 if (sc->sc_hunique) {
453 free(sc->sc_hunique, M_DEVBUF);
454 sc->sc_hunique = NULL;
455 sc->sc_hunique_len = 0;
456 }
457 #endif
458 if (sc->sc_concentrator_name)
459 free(sc->sc_concentrator_name, M_DEVBUF);
460 if (sc->sc_service_name)
461 free(sc->sc_service_name, M_DEVBUF);
462 if (sc->sc_ac_cookie)
463 free(sc->sc_ac_cookie, M_DEVBUF);
464 if (sc->sc_relay_sid)
465 free(sc->sc_relay_sid, M_DEVBUF);
466
467 rw_destroy(&sc->sc_lock);
468
469 kmem_free(sc, sizeof(*sc));
470
471 return 0;
472 }
473
474 static void
pppoe_printf(struct pppoe_softc * sc,const char * fmt,...)475 pppoe_printf(struct pppoe_softc *sc, const char *fmt, ...)
476 {
477 va_list ap;
478 bool pppoe_debug;
479
480 #ifdef PPPOE_DEBUG
481 pppoe_debug = true;
482 #else
483 pppoe_debug = false;
484 #endif
485
486 if (sc == NULL) {
487 if (!pppoe_debug)
488 return;
489
490 printf("pppoe: ");
491 } else {
492 if (!ISSET(sc->sc_sppp.pp_if.if_flags, IFF_DEBUG))
493 return;
494
495 printf("%s: ", sc->sc_sppp.pp_if.if_xname);
496 }
497
498 va_start(ap, fmt);
499 vprintf(fmt, ap);
500 va_end(ap);
501 }
502
503 /*
504 * Find the interface handling the specified session.
505 * Note: O(number of sessions open), this is a client-side only, mean
506 * and lean implementation, so number of open sessions typically should
507 * be 1.
508 */
509 static struct pppoe_softc *
pppoe_find_softc_by_session(u_int session,struct ifnet * rcvif,krw_t lock)510 pppoe_find_softc_by_session(u_int session, struct ifnet *rcvif, krw_t lock)
511 {
512 struct pppoe_softc *sc = NULL;
513
514 if (session == 0)
515 return NULL;
516 rw_enter(&pppoe_softc_list_lock, RW_READER);
517 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) {
518 PPPOE_LOCK(sc, lock);
519 if ( sc->sc_state == PPPOE_STATE_SESSION
520 && sc->sc_session == session
521 && sc->sc_eth_if == rcvif)
522 break;
523
524 PPPOE_UNLOCK(sc);
525 }
526 rw_exit(&pppoe_softc_list_lock);
527 return sc;
528 }
529
530 /* Check host unique token passed and return appropriate softc pointer,
531 * or NULL if token is bogus. */
532 static struct pppoe_softc *
pppoe_find_softc_by_hunique(uint8_t * token,size_t len,struct ifnet * rcvif,krw_t lock)533 pppoe_find_softc_by_hunique(uint8_t *token, size_t len,
534 struct ifnet *rcvif, krw_t lock)
535 {
536 struct pppoe_softc *sc;
537 uint64_t t;
538
539 CTASSERT(sizeof(t) == sizeof(sc->sc_id));
540
541 rw_enter(&pppoe_softc_list_lock, RW_READER);
542 if (LIST_EMPTY(&pppoe_softc_list)) {
543 rw_exit(&pppoe_softc_list_lock);
544 return NULL;
545 }
546
547 if (len != sizeof(sc->sc_id)) {
548 rw_exit(&pppoe_softc_list_lock);
549 return NULL;
550 }
551 memcpy(&t, token, len);
552
553 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) {
554 PPPOE_LOCK(sc, lock);
555 if (sc->sc_id == t && sc->sc_eth_if != NULL) {
556 break;
557 }
558 PPPOE_UNLOCK(sc);
559 }
560 rw_exit(&pppoe_softc_list_lock);
561
562 if (sc == NULL) {
563 pppoe_printf(NULL, "alien host unique tag"
564 ", no session found\n");
565 return NULL;
566 }
567
568 /* should be safe to access *sc now */
569 if (sc->sc_state < PPPOE_STATE_PADI_SENT || sc->sc_state >= PPPOE_STATE_SESSION) {
570 pppoe_printf(sc, "host unique tag found"
571 ", but it belongs to a connection in state %d\n",
572 sc->sc_state);
573 PPPOE_UNLOCK(sc);
574 return NULL;
575 }
576 if (sc->sc_eth_if != rcvif) {
577 pppoe_printf(sc, "wrong interface, not accepting host unique\n");
578 PPPOE_UNLOCK(sc);
579 return NULL;
580 }
581 return sc;
582 }
583
584 static void
pppoe_softintr_handler(void * dummy)585 pppoe_softintr_handler(void *dummy)
586 {
587 /* called at splsoftnet() */
588 pppoeintr();
589 }
590
591 /* called at appropriate protection level */
592 static void
pppoeintr(void)593 pppoeintr(void)
594 {
595 struct mbuf *m;
596 int i;
597
598 SOFTNET_LOCK_UNLESS_NET_MPSAFE();
599
600 for (i = 0; i < PPPOE_DEQUEUE_MAXLEN; i++) {
601 IFQ_LOCK(&ppoediscinq);
602 IF_DEQUEUE(&ppoediscinq, m);
603 IFQ_UNLOCK(&ppoediscinq);
604 if (m == NULL)
605 break;
606 pppoe_disc_input(m);
607 }
608
609 for (i = 0; i < PPPOE_DEQUEUE_MAXLEN; i++) {
610 IFQ_LOCK(&ppoeinq);
611 IF_DEQUEUE(&ppoeinq, m);
612 IFQ_UNLOCK(&ppoeinq);
613 if (m == NULL)
614 break;
615 pppoe_data_input(m);
616 }
617
618 #if PPPOE_DEQUEUE_MAXLEN < IFQ_MAXLEN
619 if (!IF_IS_EMPTY(&ppoediscinq) || !IF_IS_EMPTY(&ppoeinq))
620 softint_schedule(pppoe_softintr);
621 #endif
622
623 SOFTNET_UNLOCK_UNLESS_NET_MPSAFE();
624 }
625
626 /* analyze and handle a single received packet while not in session state */
627 static void
pppoe_dispatch_disc_pkt(struct mbuf * m,int off)628 pppoe_dispatch_disc_pkt(struct mbuf *m, int off)
629 {
630 uint16_t tag, len;
631 uint16_t session, plen;
632 struct pppoe_softc *sc;
633 const char *err_msg;
634 char *error;
635 size_t dlen;
636 uint8_t *ac_cookie;
637 size_t ac_cookie_len;
638 uint8_t *relay_sid;
639 size_t relay_sid_len;
640 uint8_t *hunique;
641 size_t hunique_len;
642 struct pppoehdr *ph;
643 struct pppoetag *pt;
644 struct mbuf *n;
645 int noff, err, errortag;
646 struct ether_header *eh;
647 struct ifnet *rcvif;
648 struct psref psref;
649
650 if (m->m_len < sizeof(*eh)) {
651 m = m_pullup(m, sizeof(*eh));
652 if (m == NULL)
653 goto done;
654 }
655 eh = mtod(m, struct ether_header *);
656 off += sizeof(*eh);
657
658 if (m->m_pkthdr.len - off < PPPOE_HEADERLEN) {
659 goto done;
660 }
661
662 M_REGION_GET(ph, struct pppoehdr *, m, off, sizeof(*ph));
663 if (ph == NULL) {
664 goto done;
665 }
666 if (ph->vertype != PPPOE_VERTYPE) {
667 goto done;
668 }
669
670 ac_cookie = NULL;
671 ac_cookie_len = 0;
672 relay_sid = NULL;
673 relay_sid_len = 0;
674 hunique = NULL;
675 hunique_len = 0;
676
677 session = ntohs(ph->session);
678 plen = ntohs(ph->plen);
679 off += sizeof(*ph);
680
681 if (plen + off > m->m_pkthdr.len) {
682 goto done;
683 }
684 m_adj(m, off + plen - m->m_pkthdr.len); /* ignore trailing garbage */
685
686 tag = 0;
687 len = 0;
688 sc = NULL;
689 err_msg = NULL;
690 errortag = 0;
691 while (off + sizeof(*pt) <= m->m_pkthdr.len) {
692 M_REGION_GET(pt, struct pppoetag *, m, off, sizeof(*pt));
693 if (pt == NULL) {
694 goto done;
695 }
696
697 tag = ntohs(pt->tag);
698 len = ntohs(pt->len);
699 if (off + len + sizeof(*pt) > m->m_pkthdr.len) {
700 goto done;
701 }
702 switch (tag) {
703 case PPPOE_TAG_EOL:
704 goto breakbreak;
705 case PPPOE_TAG_SNAME:
706 break; /* ignored */
707 case PPPOE_TAG_ACNAME:
708 if (len > 0) {
709 dlen = 4 * len + 1;
710 error = malloc(dlen, M_TEMP, M_NOWAIT);
711 if (error == NULL)
712 break;
713
714 n = m_pulldown(m, off + sizeof(*pt), len,
715 &noff);
716 if (!n) {
717 m = NULL;
718 free(error, M_TEMP);
719 goto done;
720 }
721
722 strnvisx(error, dlen,
723 mtod(n, char*) + noff, len,
724 VIS_SAFE | VIS_OCTAL);
725 pppoe_printf(NULL, "connected to %s\n", error);
726 free(error, M_TEMP);
727 }
728 break; /* ignored */
729 case PPPOE_TAG_HUNIQUE:
730 if (hunique == NULL) {
731 n = m_pulldown(m, off + sizeof(*pt), len,
732 &noff);
733 if (!n) {
734 m = NULL;
735 err_msg = "TAG HUNIQUE ERROR";
736 break;
737 }
738
739 hunique = mtod(n, uint8_t *) + noff;
740 hunique_len = len;
741 }
742 break;
743 case PPPOE_TAG_ACCOOKIE:
744 if (ac_cookie == NULL) {
745 n = m_pulldown(m, off + sizeof(*pt), len,
746 &noff);
747 if (!n) {
748 err_msg = "TAG ACCOOKIE ERROR";
749 m = NULL;
750 break;
751 }
752 ac_cookie = mtod(n, char *) + noff;
753 ac_cookie_len = len;
754 }
755 break;
756 case PPPOE_TAG_RELAYSID:
757 if (relay_sid == NULL) {
758 n = m_pulldown(m, off + sizeof(*pt), len,
759 &noff);
760 if (!n) {
761 err_msg = "TAG RELAYSID ERROR";
762 m = NULL;
763 break;
764 }
765 relay_sid = mtod(n, char *) + noff;
766 relay_sid_len = len;
767 }
768 break;
769 case PPPOE_TAG_SNAME_ERR:
770 err_msg = "SERVICE NAME ERROR";
771 errortag = 1;
772 break;
773 case PPPOE_TAG_ACSYS_ERR:
774 err_msg = "AC SYSTEM ERROR";
775 errortag = 1;
776 break;
777 case PPPOE_TAG_GENERIC_ERR:
778 err_msg = "GENERIC ERROR";
779 errortag = 1;
780 break;
781 }
782 if (err_msg) {
783 error = NULL;
784 if (errortag && len) {
785 dlen = 4 * len + 1;
786 error = malloc(dlen, M_TEMP,
787 M_NOWAIT|M_ZERO);
788 n = m_pulldown(m, off + sizeof(*pt), len,
789 &noff);
790 if (!n) {
791 m = NULL;
792 } else if (error) {
793 strnvisx(error, dlen,
794 mtod(n, char*) + noff, len,
795 VIS_SAFE | VIS_OCTAL);
796 }
797 }
798 if (error) {
799 pppoe_printf(NULL, "%s: %s\n", err_msg, error);
800 free(error, M_TEMP);
801 } else
802 pppoe_printf(NULL, "%s\n", err_msg);
803 if (errortag || m == NULL)
804 goto done;
805 }
806 off += sizeof(*pt) + len;
807 }
808 breakbreak:;
809
810 switch (ph->code) {
811 case PPPOE_CODE_PADI:
812 #ifdef PPPOE_SERVER
813 /*
814 * got service name, concentrator name, and/or host unique.
815 * ignore if we have no interfaces with IFF_PASSIVE|IFF_UP.
816 */
817 rw_enter(&pppoe_softc_list_lock, RW_READER);
818 if (LIST_EMPTY(&pppoe_softc_list)) {
819 rw_exit(&pppoe_softc_list_lock);
820 goto done;
821 }
822
823 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) {
824 PPPOE_LOCK(sc, RW_WRITER);
825 if (!(sc->sc_sppp.pp_if.if_flags & IFF_UP)) {
826 PPPOE_UNLOCK(sc);
827 continue;
828 }
829 if (!(sc->sc_sppp.pp_if.if_flags & IFF_PASSIVE)) {
830 PPPOE_UNLOCK(sc);
831 continue;
832 }
833
834 if (sc->sc_state == PPPOE_STATE_INITIAL)
835 break;
836
837 PPPOE_UNLOCK(sc);
838 }
839 rw_exit(&pppoe_softc_list_lock);
840
841 if (sc == NULL) {
842 goto done;
843 }
844
845 if (hunique) {
846 if (sc->sc_hunique)
847 free(sc->sc_hunique, M_DEVBUF);
848 sc->sc_hunique = malloc(hunique_len, M_DEVBUF,
849 M_DONTWAIT);
850 if (sc->sc_hunique == NULL) {
851 PPPOE_UNLOCK(sc);
852 goto done;
853 }
854 sc->sc_hunique_len = hunique_len;
855 memcpy(sc->sc_hunique, hunique, hunique_len);
856 }
857 memcpy(&sc->sc_dest, eh->ether_shost, sizeof sc->sc_dest);
858 sc->sc_state = PPPOE_STATE_PADO_SENT;
859 pppoe_send_pado(sc);
860 PPPOE_UNLOCK(sc);
861 break;
862 #endif /* PPPOE_SERVER */
863
864 case PPPOE_CODE_PADR:
865 #ifdef PPPOE_SERVER
866 /*
867 * get sc from ac_cookie if IFF_PASSIVE
868 */
869 if (ac_cookie == NULL) {
870 goto done;
871 }
872
873 rcvif = m_get_rcvif_psref(m, &psref);
874 if (__predict_true(rcvif != NULL)) {
875 sc = pppoe_find_softc_by_hunique(ac_cookie,
876 ac_cookie_len, rcvif, RW_WRITER);
877 }
878 m_put_rcvif_psref(rcvif, &psref);
879 if (sc == NULL) {
880 /* be quiet if there is not a single pppoe instance */
881 rw_enter(&pppoe_softc_list_lock, RW_READER);
882 if (!LIST_EMPTY(&pppoe_softc_list)) {
883 pppoe_printf(NULL, "received PADR"
884 " but could not find request for it\n");
885 }
886 rw_exit(&pppoe_softc_list_lock);
887 goto done;
888 }
889
890 if (sc->sc_state != PPPOE_STATE_PADO_SENT) {
891 pppoe_printf(sc, "received unexpected PADR\n");
892 PPPOE_UNLOCK(sc);
893 goto done;
894 }
895
896 if (hunique) {
897 if (sc->sc_hunique)
898 free(sc->sc_hunique, M_DEVBUF);
899 sc->sc_hunique = malloc(hunique_len, M_DEVBUF,
900 M_DONTWAIT);
901 if (sc->sc_hunique == NULL) {
902 PPPOE_UNLOCK(sc);
903 goto done;
904 }
905 sc->sc_hunique_len = hunique_len;
906 memcpy(sc->sc_hunique, hunique, hunique_len);
907 }
908 pppoe_send_pads(sc);
909 sc->sc_state = PPPOE_STATE_SESSION;
910 PPPOE_UNLOCK(sc);
911
912 sc->sc_sppp.pp_up(&sc->sc_sppp);
913 break;
914 #else
915 /* ignore, we are no access concentrator */
916 goto done;
917 #endif /* PPPOE_SERVER */
918
919 case PPPOE_CODE_PADO:
920 rcvif = m_get_rcvif_psref(m, &psref);
921 if (__predict_false(rcvif == NULL))
922 goto done;
923
924 if (hunique != NULL) {
925 sc = pppoe_find_softc_by_hunique(hunique,
926 hunique_len, rcvif, RW_WRITER);
927 }
928
929 m_put_rcvif_psref(rcvif, &psref);
930
931 if (sc == NULL) {
932 /* be quiet if there is not a single pppoe instance */
933 rw_enter(&pppoe_softc_list_lock, RW_READER);
934 if (!LIST_EMPTY(&pppoe_softc_list)) {
935 pppoe_printf(NULL, "received PADO"
936 " but could not find request for it\n");
937 }
938 rw_exit(&pppoe_softc_list_lock);
939 goto done;
940 }
941
942 if (sc->sc_state != PPPOE_STATE_PADI_SENT) {
943 pppoe_printf(sc, "received unexpected PADO\n");
944 PPPOE_UNLOCK(sc);
945 goto done;
946 }
947
948 if (ac_cookie) {
949 if (sc->sc_ac_cookie)
950 free(sc->sc_ac_cookie, M_DEVBUF);
951 sc->sc_ac_cookie = malloc(ac_cookie_len, M_DEVBUF,
952 M_DONTWAIT);
953 if (sc->sc_ac_cookie == NULL) {
954 pppoe_printf(sc, "FATAL: could not allocate memory "
955 "for AC cookie\n");
956 sc->sc_ac_cookie_len = 0;
957 PPPOE_UNLOCK(sc);
958 goto done;
959 }
960 sc->sc_ac_cookie_len = ac_cookie_len;
961 memcpy(sc->sc_ac_cookie, ac_cookie, ac_cookie_len);
962 } else if (sc->sc_ac_cookie) {
963 free(sc->sc_ac_cookie, M_DEVBUF);
964 sc->sc_ac_cookie = NULL;
965 sc->sc_ac_cookie_len = 0;
966 }
967 if (relay_sid) {
968 if (sc->sc_relay_sid)
969 free(sc->sc_relay_sid, M_DEVBUF);
970 sc->sc_relay_sid = malloc(relay_sid_len, M_DEVBUF,
971 M_DONTWAIT);
972 if (sc->sc_relay_sid == NULL) {
973 pppoe_printf(sc, "FATAL: could not allocate memory "
974 "for relay SID\n");
975 sc->sc_relay_sid_len = 0;
976 PPPOE_UNLOCK(sc);
977 goto done;
978 }
979 sc->sc_relay_sid_len = relay_sid_len;
980 memcpy(sc->sc_relay_sid, relay_sid, relay_sid_len);
981 } else if (sc->sc_relay_sid) {
982 free(sc->sc_relay_sid, M_DEVBUF);
983 sc->sc_relay_sid = NULL;
984 sc->sc_relay_sid_len = 0;
985 }
986 memcpy(&sc->sc_dest, eh->ether_shost, sizeof sc->sc_dest);
987 callout_stop(&sc->sc_timeout);
988 sc->sc_padr_retried = 0;
989 sc->sc_state = PPPOE_STATE_PADR_SENT;
990 if ((err = pppoe_send_padr(sc)) != 0) {
991 if (err == ENOBUFS) {
992 pppoe_printf(sc, "PADO is too large, drop it\n");
993 /*
994 * Cannot send PADR generated by received PADO,
995 * so restart from sending PAD*I*.
996 */
997 sc->sc_state = PPPOE_STATE_PADI_SENT;
998 callout_schedule(&sc->sc_timeout,
999 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried));
1000 PPPOE_UNLOCK(sc);
1001 goto done;
1002 }
1003
1004 pppoe_printf(sc,
1005 "failed to send PADR, error=%d\n", err);
1006 }
1007 callout_schedule(&sc->sc_timeout,
1008 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried));
1009
1010 PPPOE_UNLOCK(sc);
1011 break;
1012
1013 case PPPOE_CODE_PADS:
1014 rcvif = m_get_rcvif_psref(m, &psref);
1015 if (__predict_false(rcvif == NULL))
1016 goto done;
1017
1018 if (hunique != NULL) {
1019 sc = pppoe_find_softc_by_hunique(hunique,
1020 hunique_len, rcvif, RW_WRITER);
1021 }
1022
1023 m_put_rcvif_psref(rcvif, &psref);
1024
1025 if (sc == NULL)
1026 goto done;
1027
1028 if (memcmp(&sc->sc_dest, eh->ether_shost,
1029 sizeof sc->sc_dest) != 0) {
1030 PPPOE_UNLOCK(sc);
1031 goto done;
1032 }
1033
1034 sc->sc_session = session;
1035 callout_stop(&sc->sc_timeout);
1036 pppoe_printf(sc, "session 0x%x connected\n", session);
1037 sc->sc_state = PPPOE_STATE_SESSION;
1038 PPPOE_UNLOCK(sc);
1039
1040 sc->sc_sppp.pp_up(&sc->sc_sppp); /* notify upper layers */
1041 break;
1042
1043 case PPPOE_CODE_PADT:
1044 rcvif = m_get_rcvif_psref(m, &psref);
1045 if (__predict_false(rcvif == NULL))
1046 goto done;
1047
1048 sc = pppoe_find_softc_by_session(session, rcvif,
1049 RW_WRITER);
1050
1051 m_put_rcvif_psref(rcvif, &psref);
1052
1053 if (sc == NULL)
1054 goto done;
1055
1056 if (memcmp(&sc->sc_dest, eh->ether_shost,
1057 sizeof sc->sc_dest) != 0) {
1058 PPPOE_UNLOCK(sc);
1059 goto done;
1060 }
1061
1062 pppoe_clear_softc(sc, "received PADT");
1063 if (sc->sc_sppp.pp_if.if_flags & IFF_RUNNING) {
1064 pppoe_printf(sc, "wait for reconnect\n");
1065 callout_schedule(&sc->sc_timeout,
1066 PPPOE_RECON_PADTRCVD);
1067 }
1068 PPPOE_UNLOCK(sc);
1069 break;
1070
1071 default:
1072 rcvif = m_get_rcvif_psref(m, &psref);
1073 if (__predict_false(rcvif == NULL))
1074 goto done;
1075
1076 if (hunique != NULL) {
1077 sc = pppoe_find_softc_by_hunique(hunique,
1078 hunique_len, rcvif, RW_READER);
1079 }
1080
1081 m_put_rcvif_psref(rcvif, &psref);
1082
1083 pppoe_printf(sc, "unknown code (0x%04x) session = 0x%04x\n",
1084 ph->code, session);
1085 if (sc == NULL)
1086 goto done;
1087 PPPOE_UNLOCK(sc);
1088 break;
1089 }
1090
1091 done:
1092 m_freem(m);
1093 return;
1094 }
1095
1096 static void
pppoe_disc_input(struct mbuf * m)1097 pppoe_disc_input(struct mbuf *m)
1098 {
1099 KASSERT(m->m_flags & M_PKTHDR);
1100
1101 /*
1102 * Avoid error messages if there is not a single PPPoE instance.
1103 */
1104 rw_enter(&pppoe_softc_list_lock, RW_READER);
1105 if (!LIST_EMPTY(&pppoe_softc_list)) {
1106 rw_exit(&pppoe_softc_list_lock);
1107 pppoe_dispatch_disc_pkt(m, 0);
1108 } else {
1109 rw_exit(&pppoe_softc_list_lock);
1110 m_freem(m);
1111 }
1112 }
1113
1114 static bool
pppoe_is_my_frame(uint8_t * dhost,struct ifnet * rcvif)1115 pppoe_is_my_frame(uint8_t *dhost, struct ifnet *rcvif)
1116 {
1117
1118 if (memcmp(CLLADDR(rcvif->if_sadl), dhost, ETHER_ADDR_LEN) == 0)
1119 return true;
1120
1121 return false;
1122 }
1123
1124 static void
pppoe_data_input(struct mbuf * m)1125 pppoe_data_input(struct mbuf *m)
1126 {
1127 uint16_t session, plen;
1128 struct pppoe_softc *sc;
1129 struct pppoehdr *ph;
1130 struct ifnet *rcvif;
1131 struct psref psref;
1132 uint8_t shost[ETHER_ADDR_LEN];
1133 uint8_t dhost[ETHER_ADDR_LEN];
1134 bool term_unknown = pppoe_term_unknown;
1135
1136 KASSERT(m->m_flags & M_PKTHDR);
1137
1138 /*
1139 * Avoid error messages if there is not a single PPPoE instance.
1140 */
1141 rw_enter(&pppoe_softc_list_lock, RW_READER);
1142 if (LIST_EMPTY(&pppoe_softc_list)) {
1143 rw_exit(&pppoe_softc_list_lock);
1144 goto drop;
1145 }
1146 rw_exit(&pppoe_softc_list_lock);
1147
1148 if (term_unknown) {
1149 memcpy(shost, mtod(m, struct ether_header*)->ether_shost,
1150 ETHER_ADDR_LEN);
1151 memcpy(dhost, mtod(m, struct ether_header*)->ether_dhost,
1152 ETHER_ADDR_LEN);
1153 }
1154 m_adj(m, sizeof(struct ether_header));
1155 if (m->m_pkthdr.len <= PPPOE_HEADERLEN) {
1156 goto drop;
1157 }
1158
1159 if (m->m_len < sizeof(*ph)) {
1160 m = m_pullup(m, sizeof(*ph));
1161 if (m == NULL) {
1162 return;
1163 }
1164 }
1165 ph = mtod(m, struct pppoehdr *);
1166
1167 if (ph->vertype != PPPOE_VERTYPE) {
1168 goto drop;
1169 }
1170 if (ph->code != 0) {
1171 goto drop;
1172 }
1173
1174 session = ntohs(ph->session);
1175 rcvif = m_get_rcvif_psref(m, &psref);
1176 if (__predict_false(rcvif == NULL))
1177 goto drop;
1178 sc = pppoe_find_softc_by_session(session, rcvif, RW_READER);
1179 if (sc == NULL) {
1180 if (term_unknown) {
1181 static struct timeval lasttime = {0, 0};
1182 static int curpps = 0;
1183 /*
1184 * avoid to send wrong PADT which is response from
1185 * session stage packets for other hosts when parent
1186 * ethernet is promiscuous mode.
1187 */
1188 if (pppoe_is_my_frame(dhost, rcvif) &&
1189 ppsratecheck(&lasttime, &curpps,
1190 pppoe_term_unknown_pps)) {
1191 pppoe_printf(NULL, "input for unknown session %#x, "
1192 "sending PADT\n", session);
1193 pppoe_send_padt(rcvif, session, shost);
1194 }
1195 }
1196 m_put_rcvif_psref(rcvif, &psref);
1197 goto drop;
1198 }
1199
1200 m_put_rcvif_psref(rcvif, &psref);
1201
1202 plen = ntohs(ph->plen);
1203
1204 bpf_mtap(&sc->sc_sppp.pp_if, m, BPF_D_IN);
1205
1206 m_adj(m, PPPOE_HEADERLEN);
1207
1208 #ifdef PPPOE_DEBUG
1209 {
1210 struct mbuf *p;
1211
1212 printf("%s: pkthdr.len=%d, pppoe.len=%d",
1213 sc->sc_sppp.pp_if.if_xname, m->m_pkthdr.len, plen);
1214 p = m;
1215 while (p) {
1216 printf(" l=%d", p->m_len);
1217 p = p->m_next;
1218 }
1219 printf("\n");
1220 }
1221 #endif
1222 PPPOE_UNLOCK(sc);
1223
1224 if (m->m_pkthdr.len < plen)
1225 goto drop;
1226
1227 /* ignore trailing garbage */
1228 m_adj(m, plen - m->m_pkthdr.len);
1229 /*
1230 * Fix incoming interface pointer (not the raw ethernet interface
1231 * anymore)
1232 */
1233 m_set_rcvif(m, &sc->sc_sppp.pp_if);
1234
1235 /* pass packet up and account for it */
1236 if_statinc(&sc->sc_sppp.pp_if, if_ipackets);
1237 sppp_input(&sc->sc_sppp.pp_if, m);
1238 return;
1239
1240 drop:
1241 m_freem(m);
1242 }
1243
1244 static int
pppoe_output(struct pppoe_softc * sc,struct mbuf * m)1245 pppoe_output(struct pppoe_softc *sc, struct mbuf *m)
1246 {
1247 struct sockaddr dst;
1248 struct ether_header *eh;
1249 uint16_t etype;
1250
1251 if (sc->sc_eth_if == NULL) {
1252 m_freem(m);
1253 return EIO;
1254 }
1255
1256 memset(&dst, 0, sizeof dst);
1257 dst.sa_family = AF_UNSPEC;
1258 eh = (struct ether_header*)&dst.sa_data;
1259 etype = sc->sc_state == PPPOE_STATE_SESSION
1260 ? ETHERTYPE_PPPOE : ETHERTYPE_PPPOEDISC;
1261 eh->ether_type = htons(etype);
1262 memcpy(&eh->ether_dhost, &sc->sc_dest, sizeof sc->sc_dest);
1263
1264 DPRINTF(sc, "(%x) state=%d, session=0x%x output -> %s, len=%d\n",
1265 etype, sc->sc_state, sc->sc_session,
1266 ether_sprintf((const unsigned char *)&sc->sc_dest), m->m_pkthdr.len);
1267
1268 m->m_flags &= ~(M_BCAST|M_MCAST);
1269 if_statinc(&sc->sc_sppp.pp_if, if_opackets);
1270 return if_output_lock(sc->sc_eth_if, sc->sc_eth_if, m, &dst, NULL);
1271 }
1272
1273 static int
pppoe_parm_cpyinstr(struct pppoe_softc * sc,char ** dst,const void * src,size_t len)1274 pppoe_parm_cpyinstr(struct pppoe_softc *sc,
1275 char **dst, const void *src, size_t len)
1276 {
1277 int error = 0;
1278 char *next = NULL;
1279 size_t bufsiz, cpysiz, strsiz;
1280
1281 bufsiz = len + 1;
1282
1283 if (src == NULL)
1284 goto out;
1285
1286 bufsiz = len + 1;
1287 next = malloc(bufsiz, M_DEVBUF, M_WAITOK);
1288 if (next == NULL)
1289 return ENOMEM;
1290
1291 error = copyinstr(src, next, bufsiz, &cpysiz);
1292 if (error != 0)
1293 goto fail;
1294 if (cpysiz != bufsiz) {
1295 error = EINVAL;
1296 goto fail;
1297 }
1298
1299 strsiz = strnlen(next, bufsiz);
1300 if (strsiz == bufsiz) {
1301 error = EINVAL;
1302 goto fail;
1303 }
1304
1305 out:
1306 PPPOE_LOCK(sc, RW_WRITER);
1307 if (*dst != NULL)
1308 free(*dst, M_DEVBUF);
1309 *dst = next;
1310 next = NULL;
1311 PPPOE_UNLOCK(sc);
1312 fail:
1313 if (next != NULL)
1314 free(next, M_DEVBUF);
1315
1316 return error;
1317 }
1318
1319 static int
pppoe_ioctl(struct ifnet * ifp,unsigned long cmd,void * data)1320 pppoe_ioctl(struct ifnet *ifp, unsigned long cmd, void *data)
1321 {
1322 struct lwp *l = curlwp; /* XXX */
1323 struct pppoe_softc *sc = (struct pppoe_softc*)ifp;
1324 struct ifreq *ifr = data;
1325 int error = 0;
1326
1327 switch (cmd) {
1328 case PPPOESETPARMS:
1329 {
1330 struct pppoediscparms *parms = (struct pppoediscparms*)data;
1331 if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE,
1332 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
1333 NULL) != 0)
1334 return EPERM;
1335 if (parms->eth_ifname[0] != 0) {
1336 struct ifnet *eth_if;
1337
1338 PPPOE_LOCK(sc, RW_WRITER);
1339 if (sc->sc_detaching) {
1340 PPPOE_UNLOCK(sc);
1341 return ENXIO;
1342 }
1343 eth_if = ifunit(parms->eth_ifname);
1344 if (eth_if == NULL || eth_if->if_dlt != DLT_EN10MB) {
1345 sc->sc_eth_if = NULL;
1346 PPPOE_UNLOCK(sc);
1347 return ENXIO;
1348 }
1349
1350 if (sc->sc_sppp.pp_if.if_mtu !=
1351 eth_if->if_mtu - PPPOE_OVERHEAD) {
1352 sc->sc_sppp.pp_if.if_mtu = eth_if->if_mtu -
1353 PPPOE_OVERHEAD;
1354 }
1355 sc->sc_eth_if = eth_if;
1356 PPPOE_UNLOCK(sc);
1357 }
1358
1359 error = pppoe_parm_cpyinstr(sc, &sc->sc_concentrator_name,
1360 parms->ac_name, parms->ac_name_len);
1361 if (error != 0)
1362 return error;
1363
1364 error = pppoe_parm_cpyinstr(sc, &sc->sc_service_name,
1365 parms->service_name, parms->service_name_len);
1366 if (error != 0)
1367 return error;
1368 return 0;
1369 }
1370 break;
1371 case PPPOEGETPARMS:
1372 {
1373 struct pppoediscparms *parms = (struct pppoediscparms*)data;
1374 memset(parms, 0, sizeof *parms);
1375 PPPOE_LOCK(sc, RW_READER);
1376 if (sc->sc_eth_if)
1377 strlcpy(parms->ifname, sc->sc_eth_if->if_xname,
1378 sizeof(parms->ifname));
1379 PPPOE_UNLOCK(sc);
1380 return 0;
1381 }
1382 break;
1383 case PPPOEGETSESSION:
1384 {
1385 struct pppoeconnectionstate *state = (struct pppoeconnectionstate*)data;
1386 PPPOE_LOCK(sc, RW_READER);
1387 state->state = sc->sc_state;
1388 state->session_id = sc->sc_session;
1389 state->padi_retry_no = sc->sc_padi_retried;
1390 state->padr_retry_no = sc->sc_padr_retried;
1391 PPPOE_UNLOCK(sc);
1392 return 0;
1393 }
1394 break;
1395 case SIOCSIFFLAGS:
1396 /*
1397 * Prevent running re-establishment timers overriding
1398 * administrators choice.
1399 */
1400 PPPOE_LOCK(sc, RW_WRITER);
1401 if (sc->sc_detaching) {
1402 PPPOE_UNLOCK(sc);
1403 return ENXIO;
1404 }
1405
1406 if ((ifr->ifr_flags & IFF_UP) == 0
1407 && sc->sc_state < PPPOE_STATE_SESSION) {
1408 callout_stop(&sc->sc_timeout);
1409 sc->sc_state = PPPOE_STATE_INITIAL;
1410 sc->sc_padi_retried = 0;
1411 sc->sc_padr_retried = 0;
1412 memcpy(&sc->sc_dest, etherbroadcastaddr,
1413 sizeof(sc->sc_dest));
1414 }
1415
1416 PPPOE_UNLOCK(sc);
1417
1418 error = sppp_ioctl(ifp, cmd, data);
1419
1420 return error;
1421 case SIOCSIFMTU:
1422 if (ifr->ifr_mtu > (sc->sc_eth_if == NULL ?
1423 PPPOE_MAXMTU : (sc->sc_eth_if->if_mtu - PPPOE_OVERHEAD))) {
1424 return EINVAL;
1425 }
1426 /*FALLTHROUGH*/
1427 default:
1428 return sppp_ioctl(ifp, cmd, data);
1429 }
1430 return 0;
1431 }
1432
1433 /*
1434 * Allocate a mbuf/cluster with space to store the given data length
1435 * of payload, leaving space for prepending an ethernet header
1436 * in front.
1437 */
1438 static struct mbuf *
pppoe_get_mbuf(size_t len)1439 pppoe_get_mbuf(size_t len)
1440 {
1441 struct mbuf *m;
1442
1443 if (len + sizeof(struct ether_header) > MCLBYTES)
1444 return NULL;
1445
1446 MGETHDR(m, M_DONTWAIT, MT_DATA);
1447 if (m == NULL)
1448 return NULL;
1449 if (len + sizeof(struct ether_header) > MHLEN) {
1450 MCLGET(m, M_DONTWAIT);
1451 if ((m->m_flags & M_EXT) == 0) {
1452 m_free(m);
1453 return NULL;
1454 }
1455 }
1456 m->m_data += sizeof(struct ether_header);
1457 m->m_len = len;
1458 m->m_pkthdr.len = len;
1459 m_reset_rcvif(m);
1460
1461 return m;
1462 }
1463
1464 static int
pppoe_send_padi(struct pppoe_softc * sc)1465 pppoe_send_padi(struct pppoe_softc *sc)
1466 {
1467 struct mbuf *m0;
1468 int len, l1 = 0, l2 = 0;
1469 uint8_t *p;
1470
1471 if (sc->sc_state > PPPOE_STATE_PADI_SENT)
1472 panic("pppoe_send_padi in state %d", sc->sc_state);
1473
1474 /* Compute packet length. */
1475 len = sizeof(struct pppoetag);
1476 if (sc->sc_service_name != NULL) {
1477 l1 = strlen(sc->sc_service_name);
1478 len += l1;
1479 }
1480 if (sc->sc_concentrator_name != NULL) {
1481 l2 = strlen(sc->sc_concentrator_name);
1482 len += sizeof(struct pppoetag) + l2;
1483 }
1484 len += sizeof(struct pppoetag) + sizeof(sc->sc_id);
1485 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MAXMTU) {
1486 len += sizeof(struct pppoetag) + 2;
1487 }
1488
1489 /* Allocate packet. */
1490 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN);
1491 if (m0 == NULL)
1492 return ENOBUFS;
1493
1494 /* Fill in packet. */
1495 p = mtod(m0, uint8_t *);
1496 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADI, 0, len);
1497 PPPOE_ADD_16(p, PPPOE_TAG_SNAME);
1498 if (sc->sc_service_name != NULL) {
1499 PPPOE_ADD_16(p, l1);
1500 memcpy(p, sc->sc_service_name, l1);
1501 p += l1;
1502 } else {
1503 PPPOE_ADD_16(p, 0);
1504 }
1505 if (sc->sc_concentrator_name != NULL) {
1506 PPPOE_ADD_16(p, PPPOE_TAG_ACNAME);
1507 PPPOE_ADD_16(p, l2);
1508 memcpy(p, sc->sc_concentrator_name, l2);
1509 p += l2;
1510 }
1511 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE);
1512 PPPOE_ADD_16(p, sizeof(sc->sc_id));
1513 memcpy(p, &sc->sc_id, sizeof(sc->sc_id));
1514 p += sizeof(sc->sc_id);
1515
1516 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MAXMTU) {
1517 PPPOE_ADD_16(p, PPPOE_TAG_MAX_PAYLOAD);
1518 PPPOE_ADD_16(p, 2);
1519 PPPOE_ADD_16(p, (uint16_t)sc->sc_sppp.pp_if.if_mtu);
1520 }
1521
1522 #ifdef PPPOE_DEBUG
1523 if (p - mtod(m0, uint8_t *) != len + PPPOE_HEADERLEN)
1524 panic("pppoe_send_padi: garbled output len, should be %ld, is %ld",
1525 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, uint8_t *)));
1526 #endif
1527
1528 /* Send packet. */
1529 return pppoe_output(sc, m0);
1530 }
1531
1532 static void
pppoe_timeout_co(void * arg)1533 pppoe_timeout_co(void *arg)
1534 {
1535 struct pppoe_softc *sc = (struct pppoe_softc *)arg;
1536
1537 if (atomic_swap_uint(&sc->sc_timeout_scheduled, 1) != 0)
1538 return;
1539
1540 workqueue_enqueue(sc->sc_timeout_wq, &sc->sc_timeout_wk, NULL);
1541 }
1542
1543 static void
pppoe_timeout_co_halt(void * unused __unused)1544 pppoe_timeout_co_halt(void *unused __unused)
1545 {
1546
1547 /* do nothing to halt callout safely */
1548 }
1549
1550 static void
pppoe_timeout_wk(struct work * wk __unused,void * arg)1551 pppoe_timeout_wk(struct work *wk __unused, void *arg)
1552 {
1553 struct pppoe_softc *sc = (struct pppoe_softc *)arg;
1554
1555 atomic_swap_uint(&sc->sc_timeout_scheduled, 0);
1556 pppoe_timeout(sc);
1557 }
1558
1559 static void
pppoe_timeout(struct pppoe_softc * sc)1560 pppoe_timeout(struct pppoe_softc *sc)
1561 {
1562 int retry_wait, err;
1563 DECLARE_SPLNET_VARIABLE;
1564
1565 pppoe_printf(sc, "timeout\n");
1566
1567 PPPOE_LOCK(sc, RW_WRITER);
1568 switch (sc->sc_state) {
1569 case PPPOE_STATE_INITIAL:
1570 /* delayed connect from pppoe_tls() */
1571 if (!sc->sc_detaching)
1572 pppoe_connect(sc);
1573 break;
1574 case PPPOE_STATE_PADI_SENT:
1575 /*
1576 * We have two basic ways of retrying:
1577 * - Quick retry mode: try a few times in short sequence
1578 * - Slow retry mode: we already had a connection successfully
1579 * established and will try infinitely (without user
1580 * intervention)
1581 * We only enter slow retry mode if IFF_LINK1 (aka autodial)
1582 * is not set.
1583 */
1584
1585 /* initialize for quick retry mode */
1586 retry_wait = PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried);
1587
1588 ACQUIRE_SPLNET();
1589 sc->sc_padi_retried++;
1590 if (sc->sc_padi_retried >= PPPOE_DISC_MAXPADI) {
1591 if ((sc->sc_sppp.pp_if.if_flags & IFF_LINK1) == 0) {
1592 /* slow retry mode */
1593 retry_wait = PPPOE_SLOW_RETRY;
1594 } else {
1595 pppoe_abort_connect(sc);
1596 RELEASE_SPLNET();
1597 PPPOE_UNLOCK(sc);
1598 return;
1599 }
1600 }
1601 if ((err = pppoe_send_padi(sc)) != 0) {
1602 sc->sc_padi_retried--;
1603 pppoe_printf(sc,
1604 "failed to transmit PADI, error=%d\n", err);
1605 }
1606 callout_schedule(&sc->sc_timeout,retry_wait);
1607 RELEASE_SPLNET();
1608 break;
1609
1610 case PPPOE_STATE_PADR_SENT:
1611 ACQUIRE_SPLNET();
1612 sc->sc_padr_retried++;
1613 if (sc->sc_padr_retried >= PPPOE_DISC_MAXPADR) {
1614 memcpy(&sc->sc_dest, etherbroadcastaddr,
1615 sizeof(sc->sc_dest));
1616 sc->sc_state = PPPOE_STATE_PADI_SENT;
1617 sc->sc_padi_retried = 0;
1618 sc->sc_padr_retried = 0;
1619 if ((err = pppoe_send_padi(sc)) != 0) {
1620 pppoe_printf(sc,
1621 "failed to send PADI, error=%d\n", err);
1622 }
1623 callout_schedule(&sc->sc_timeout,
1624 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried));
1625 RELEASE_SPLNET();
1626 PPPOE_UNLOCK(sc);
1627 return;
1628 }
1629 if ((err = pppoe_send_padr(sc)) != 0) {
1630 pppoe_printf(sc,"failed to send PADR, error=%d", err);
1631 }
1632 callout_schedule(&sc->sc_timeout,
1633 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried));
1634 RELEASE_SPLNET();
1635 break;
1636 case PPPOE_STATE_CLOSING:
1637 pppoe_disconnect(sc);
1638 break;
1639 default:
1640 PPPOE_UNLOCK(sc);
1641 return; /* all done, work in peace */
1642 }
1643 PPPOE_UNLOCK(sc);
1644 }
1645
1646 /* Start a connection (i.e. initiate discovery phase) */
1647 static int
pppoe_connect(struct pppoe_softc * sc)1648 pppoe_connect(struct pppoe_softc *sc)
1649 {
1650 int err;
1651 DECLARE_SPLNET_VARIABLE;
1652
1653 KASSERT(PPPOE_WLOCKED(sc));
1654
1655 if (sc->sc_state != PPPOE_STATE_INITIAL)
1656 return EBUSY;
1657
1658 #ifdef PPPOE_SERVER
1659 /* wait PADI if IFF_PASSIVE */
1660 if ((sc->sc_sppp.pp_if.if_flags & IFF_PASSIVE))
1661 return 0;
1662 #endif
1663 ACQUIRE_SPLNET();
1664 /* save state, in case we fail to send PADI */
1665 sc->sc_state = PPPOE_STATE_PADI_SENT;
1666 sc->sc_padi_retried = 0;
1667 sc->sc_padr_retried = 0;
1668 err = pppoe_send_padi(sc);
1669 if (err != 0)
1670 pppoe_printf(sc, "failed to send PADI, error=%d\n", err);
1671 callout_schedule(&sc->sc_timeout, PPPOE_DISC_TIMEOUT);
1672 RELEASE_SPLNET();
1673 return err;
1674 }
1675
1676 /* disconnect */
1677 static int
pppoe_disconnect(struct pppoe_softc * sc)1678 pppoe_disconnect(struct pppoe_softc *sc)
1679 {
1680 int err;
1681 DECLARE_SPLNET_VARIABLE;
1682
1683 KASSERT(PPPOE_WLOCKED(sc));
1684
1685 ACQUIRE_SPLNET();
1686
1687 if (sc->sc_state < PPPOE_STATE_SESSION)
1688 err = EBUSY;
1689 else {
1690 pppoe_printf(sc, "disconnecting\n");
1691 err = pppoe_send_padt(sc->sc_eth_if, sc->sc_session,
1692 (const uint8_t *)&sc->sc_dest);
1693 }
1694
1695 /* cleanup softc */
1696 sc->sc_state = PPPOE_STATE_INITIAL;
1697
1698 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest));
1699 if (sc->sc_ac_cookie) {
1700 free(sc->sc_ac_cookie, M_DEVBUF);
1701 sc->sc_ac_cookie = NULL;
1702 }
1703 sc->sc_ac_cookie_len = 0;
1704 if (sc->sc_relay_sid) {
1705 free(sc->sc_relay_sid, M_DEVBUF);
1706 sc->sc_relay_sid = NULL;
1707 }
1708 sc->sc_relay_sid_len = 0;
1709 #ifdef PPPOE_SERVER
1710 if (sc->sc_hunique) {
1711 free(sc->sc_hunique, M_DEVBUF);
1712 sc->sc_hunique = NULL;
1713 }
1714 sc->sc_hunique_len = 0;
1715 #endif
1716 sc->sc_session = 0;
1717
1718 PPPOE_UNLOCK(sc);
1719
1720 /* notify upper layer */
1721 sc->sc_sppp.pp_down(&sc->sc_sppp);
1722
1723 PPPOE_LOCK(sc, RW_WRITER);
1724
1725 RELEASE_SPLNET();
1726 return err;
1727 }
1728
1729 /* Connection attempt aborted */
1730 static void
pppoe_abort_connect(struct pppoe_softc * sc)1731 pppoe_abort_connect(struct pppoe_softc *sc)
1732 {
1733 KASSERT(PPPOE_WLOCKED(sc));
1734
1735 pppoe_printf(sc, "could not establish connection\n");
1736 sc->sc_state = PPPOE_STATE_CLOSING;
1737
1738 PPPOE_UNLOCK(sc);
1739
1740 /* notify upper layer */
1741 sc->sc_sppp.pp_down(&sc->sc_sppp);
1742
1743 PPPOE_LOCK(sc, RW_WRITER);
1744
1745 /* clear connection state */
1746 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest));
1747 sc->sc_state = PPPOE_STATE_INITIAL;
1748 }
1749
1750 static int
pppoe_send_padr(struct pppoe_softc * sc)1751 pppoe_send_padr(struct pppoe_softc *sc)
1752 {
1753 struct mbuf *m0;
1754 uint8_t *p;
1755 size_t len, l1 = 0;
1756
1757 if (sc->sc_state != PPPOE_STATE_PADR_SENT)
1758 return EIO;
1759
1760 /* Compute packet length. */
1761 len = sizeof(struct pppoetag);
1762 if (sc->sc_service_name != NULL) {
1763 l1 = strlen(sc->sc_service_name);
1764 len += l1;
1765 }
1766 if (sc->sc_ac_cookie_len > 0) {
1767 len += sizeof(struct pppoetag) + sc->sc_ac_cookie_len;
1768 }
1769 if (sc->sc_relay_sid_len > 0) {
1770 len += sizeof(struct pppoetag) + sc->sc_relay_sid_len;
1771 }
1772 len += sizeof(struct pppoetag) + sizeof(sc->sc_id);
1773 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MAXMTU) {
1774 len += sizeof(struct pppoetag) + 2;
1775 }
1776
1777 /* Allocate packet. */
1778 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN);
1779 if (m0 == NULL)
1780 return ENOBUFS;
1781
1782 /* Fill in packet. */
1783 p = mtod(m0, uint8_t *);
1784 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADR, 0, len);
1785 PPPOE_ADD_16(p, PPPOE_TAG_SNAME);
1786 if (sc->sc_service_name != NULL) {
1787 PPPOE_ADD_16(p, l1);
1788 memcpy(p, sc->sc_service_name, l1);
1789 p += l1;
1790 } else {
1791 PPPOE_ADD_16(p, 0);
1792 }
1793 if (sc->sc_ac_cookie_len > 0) {
1794 PPPOE_ADD_16(p, PPPOE_TAG_ACCOOKIE);
1795 PPPOE_ADD_16(p, sc->sc_ac_cookie_len);
1796 memcpy(p, sc->sc_ac_cookie, sc->sc_ac_cookie_len);
1797 p += sc->sc_ac_cookie_len;
1798 }
1799 if (sc->sc_relay_sid_len > 0) {
1800 PPPOE_ADD_16(p, PPPOE_TAG_RELAYSID);
1801 PPPOE_ADD_16(p, sc->sc_relay_sid_len);
1802 memcpy(p, sc->sc_relay_sid, sc->sc_relay_sid_len);
1803 p += sc->sc_relay_sid_len;
1804 }
1805 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE);
1806 PPPOE_ADD_16(p, sizeof(sc->sc_id));
1807 memcpy(p, &sc->sc_id, sizeof(sc->sc_id));
1808 p += sizeof(sc->sc_id);
1809
1810 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MAXMTU) {
1811 PPPOE_ADD_16(p, PPPOE_TAG_MAX_PAYLOAD);
1812 PPPOE_ADD_16(p, 2);
1813 PPPOE_ADD_16(p, (uint16_t)sc->sc_sppp.pp_if.if_mtu);
1814 }
1815
1816 #ifdef PPPOE_DEBUG
1817 if (p - mtod(m0, uint8_t *) != len + PPPOE_HEADERLEN)
1818 panic("pppoe_send_padr: garbled output len, should be %ld, is %ld",
1819 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, uint8_t *)));
1820 #endif
1821
1822 /* Send packet. */
1823 return pppoe_output(sc, m0);
1824 }
1825
1826 /* send a PADT packet */
1827 static int
pppoe_send_padt(struct ifnet * outgoing_if,u_int session,const uint8_t * dest)1828 pppoe_send_padt(struct ifnet *outgoing_if, u_int session, const uint8_t *dest)
1829 {
1830 struct ether_header *eh;
1831 struct sockaddr dst;
1832 struct mbuf *m0;
1833 uint8_t *p;
1834
1835 m0 = pppoe_get_mbuf(PPPOE_HEADERLEN);
1836 if (!m0)
1837 return EIO;
1838 p = mtod(m0, uint8_t *);
1839 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADT, session, 0);
1840
1841 memset(&dst, 0, sizeof dst);
1842 dst.sa_family = AF_UNSPEC;
1843 eh = (struct ether_header*)&dst.sa_data;
1844 eh->ether_type = htons(ETHERTYPE_PPPOEDISC);
1845 memcpy(&eh->ether_dhost, dest, ETHER_ADDR_LEN);
1846
1847 m0->m_flags &= ~(M_BCAST|M_MCAST);
1848 return if_output_lock(outgoing_if, outgoing_if, m0, &dst, NULL);
1849 }
1850
1851 #ifdef PPPOE_SERVER
1852 static int
pppoe_send_pado(struct pppoe_softc * sc)1853 pppoe_send_pado(struct pppoe_softc *sc)
1854 {
1855 struct mbuf *m0;
1856 uint8_t *p;
1857 size_t len;
1858
1859 if (sc->sc_state != PPPOE_STATE_PADO_SENT)
1860 return EIO;
1861
1862 /* Include AC cookie. */
1863 len = sizeof(struct pppoetag) + sizeof(sc->sc_id);
1864 /* Include hunique. */
1865 len += sizeof(struct pppoetag) + sc->sc_hunique_len;
1866
1867 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN);
1868 if (!m0)
1869 return EIO;
1870 p = mtod(m0, uint8_t *);
1871
1872 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADO, 0, len);
1873 PPPOE_ADD_16(p, PPPOE_TAG_ACCOOKIE);
1874 PPPOE_ADD_16(p, sizeof(sc->sc_id));
1875 memcpy(p, &sc->sc_id, sizeof(sc->sc_id));
1876 p += sizeof(sc->sc_id);
1877 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE);
1878 PPPOE_ADD_16(p, sc->sc_hunique_len);
1879 memcpy(p, sc->sc_hunique, sc->sc_hunique_len);
1880 return pppoe_output(sc, m0);
1881 }
1882
1883 static int
pppoe_send_pads(struct pppoe_softc * sc)1884 pppoe_send_pads(struct pppoe_softc *sc)
1885 {
1886 struct bintime bt;
1887 struct mbuf *m0;
1888 uint8_t *p;
1889 size_t len, l1 = 0; /* XXX: gcc */
1890
1891 KASSERT(PPPOE_WLOCKED(sc));
1892
1893 if (sc->sc_state != PPPOE_STATE_PADO_SENT)
1894 return EIO;
1895
1896 getbinuptime(&bt);
1897 sc->sc_session = bt.sec % 0xff + 1;
1898
1899 /* Include service name. */
1900 len = sizeof(struct pppoetag);
1901 if (sc->sc_service_name != NULL) {
1902 l1 = strlen(sc->sc_service_name);
1903 len += l1;
1904 }
1905 /* Include hunique. */
1906 len += sizeof(struct pppoetag) + sc->sc_hunique_len;
1907
1908 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN);
1909 if (!m0)
1910 return ENOBUFS;
1911 p = mtod(m0, uint8_t *);
1912
1913 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADS, sc->sc_session, len);
1914 PPPOE_ADD_16(p, PPPOE_TAG_SNAME);
1915 if (sc->sc_service_name != NULL) {
1916 PPPOE_ADD_16(p, l1);
1917 memcpy(p, sc->sc_service_name, l1);
1918 p += l1;
1919 } else {
1920 PPPOE_ADD_16(p, 0);
1921 }
1922 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE);
1923 PPPOE_ADD_16(p, sc->sc_hunique_len);
1924 memcpy(p, sc->sc_hunique, sc->sc_hunique_len);
1925 return pppoe_output(sc, m0);
1926 }
1927 #endif
1928
1929 static void
pppoe_tls(struct sppp * sp)1930 pppoe_tls(struct sppp *sp)
1931 {
1932 struct pppoe_softc *sc = (void *)sp;
1933 int wtime;
1934
1935 PPPOE_LOCK(sc, RW_READER);
1936
1937 if (sc->sc_state != PPPOE_STATE_INITIAL) {
1938 PPPOE_UNLOCK(sc);
1939 return;
1940 }
1941
1942 if (sc->sc_sppp.pp_phase == SPPP_PHASE_ESTABLISH &&
1943 sc->sc_sppp.pp_auth_failures > 0) {
1944 /*
1945 * Delay trying to reconnect a bit more - the peer
1946 * might have failed to contact its radius server.
1947 */
1948 wtime = PPPOE_RECON_FAST * sc->sc_sppp.pp_auth_failures;
1949 if (wtime > PPPOE_SLOW_RETRY)
1950 wtime = PPPOE_SLOW_RETRY;
1951 } else {
1952 wtime = PPPOE_RECON_IMMEDIATE;
1953 }
1954 callout_schedule(&sc->sc_timeout, wtime);
1955
1956 PPPOE_UNLOCK(sc);
1957 }
1958
1959 static void
pppoe_tlf(struct sppp * sp)1960 pppoe_tlf(struct sppp *sp)
1961 {
1962 struct pppoe_softc *sc = (void *)sp;
1963
1964 PPPOE_LOCK(sc, RW_WRITER);
1965
1966 if (sc->sc_state < PPPOE_STATE_SESSION) {
1967 callout_stop(&sc->sc_timeout);
1968 sc->sc_state = PPPOE_STATE_INITIAL;
1969 sc->sc_padi_retried = 0;
1970 sc->sc_padr_retried = 0;
1971 memcpy(&sc->sc_dest, etherbroadcastaddr,
1972 sizeof(sc->sc_dest));
1973 PPPOE_UNLOCK(sc);
1974 return;
1975 }
1976
1977 /*
1978 * Do not call pppoe_disconnect here, the upper layer state
1979 * machine gets confused by this. We must return from this
1980 * function and defer disconnecting to the timeout handler.
1981 */
1982 sc->sc_state = PPPOE_STATE_CLOSING;
1983
1984 callout_schedule(&sc->sc_timeout, hz/50);
1985
1986 PPPOE_UNLOCK(sc);
1987 }
1988
1989 static void
pppoe_start(struct ifnet * ifp)1990 pppoe_start(struct ifnet *ifp)
1991 {
1992 struct pppoe_softc *sc = (void *)ifp;
1993 struct mbuf *m;
1994 uint8_t *p;
1995 size_t len;
1996
1997 if (sppp_isempty(ifp))
1998 return;
1999
2000 /* are we ready to process data yet? */
2001 PPPOE_LOCK(sc, RW_READER);
2002 if (sc->sc_state < PPPOE_STATE_SESSION) {
2003 sppp_flush(&sc->sc_sppp.pp_if);
2004 PPPOE_UNLOCK(sc);
2005 return;
2006 }
2007
2008 while ((m = sppp_dequeue(ifp)) != NULL) {
2009 len = m->m_pkthdr.len;
2010 M_PREPEND(m, PPPOE_HEADERLEN, M_DONTWAIT);
2011 if (m == NULL) {
2012 if_statinc(ifp, if_oerrors);
2013 continue;
2014 }
2015 p = mtod(m, uint8_t *);
2016 PPPOE_ADD_HEADER(p, 0, sc->sc_session, len);
2017
2018 bpf_mtap(&sc->sc_sppp.pp_if, m, BPF_D_OUT);
2019
2020 pppoe_output(sc, m);
2021 }
2022 PPPOE_UNLOCK(sc);
2023 }
2024
2025 #ifdef PPPOE_MPSAFE
2026 static int
pppoe_transmit(struct ifnet * ifp,struct mbuf * m)2027 pppoe_transmit(struct ifnet *ifp, struct mbuf *m)
2028 {
2029 struct pppoe_softc *sc = (void *)ifp;
2030 uint8_t *p;
2031 size_t len;
2032
2033 if (m == NULL)
2034 return EINVAL;
2035
2036 /* are we ready to process data yet? */
2037 PPPOE_LOCK(sc, RW_READER);
2038 if (sc->sc_state < PPPOE_STATE_SESSION) {
2039 PPPOE_UNLOCK(sc);
2040 m_freem(m);
2041 return ENOBUFS;
2042 }
2043
2044 len = m->m_pkthdr.len;
2045 M_PREPEND(m, PPPOE_HEADERLEN, M_DONTWAIT);
2046 if (m == NULL) {
2047 PPPOE_UNLOCK(sc);
2048 if_statinc(ifp, if_oerrors);
2049 return ENETDOWN;
2050 }
2051 p = mtod(m, uint8_t *);
2052 PPPOE_ADD_HEADER(p, 0, sc->sc_session, len);
2053
2054 bpf_mtap(&sc->sc_sppp.pp_if, m, BPF_D_OUT);
2055
2056 pppoe_output(sc, m);
2057 PPPOE_UNLOCK(sc);
2058 return 0;
2059 }
2060 #endif /* PPPOE_MPSAFE */
2061
2062 static void
pppoe_ifattach_hook(void * arg,unsigned long cmd,void * arg2)2063 pppoe_ifattach_hook(void *arg, unsigned long cmd, void *arg2)
2064 {
2065 struct ifnet *ifp = arg2;
2066 struct pppoe_softc *sc;
2067 DECLARE_SPLNET_VARIABLE;
2068
2069 if (cmd != PFIL_IFNET_DETACH)
2070 return;
2071
2072 ACQUIRE_SPLNET();
2073 rw_enter(&pppoe_softc_list_lock, RW_READER);
2074 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) {
2075 PPPOE_LOCK(sc, RW_WRITER);
2076 if (sc->sc_eth_if != ifp) {
2077 PPPOE_UNLOCK(sc);
2078 continue;
2079 }
2080 if (sc->sc_sppp.pp_if.if_flags & IFF_UP) {
2081 sc->sc_sppp.pp_if.if_flags &= ~(IFF_UP|IFF_RUNNING);
2082 pppoe_printf(sc,
2083 "ethernet interface detached, going down\n");
2084 }
2085 sc->sc_eth_if = NULL;
2086 pppoe_clear_softc(sc, "ethernet interface detached");
2087 PPPOE_UNLOCK(sc);
2088 }
2089 rw_exit(&pppoe_softc_list_lock);
2090 RELEASE_SPLNET();
2091 }
2092
2093 static void
pppoe_clear_softc(struct pppoe_softc * sc,const char * message)2094 pppoe_clear_softc(struct pppoe_softc *sc, const char *message)
2095 {
2096 KASSERT(PPPOE_WLOCKED(sc));
2097
2098 /* stop timer */
2099 callout_stop(&sc->sc_timeout);
2100 pppoe_printf(sc, "session 0x%x terminated, %s\n",
2101 sc->sc_session, message);
2102
2103 /* fix our state */
2104 sc->sc_state = PPPOE_STATE_INITIAL;
2105
2106 PPPOE_UNLOCK(sc);
2107
2108 /* signal upper layer */
2109 sc->sc_sppp.pp_down(&sc->sc_sppp);
2110
2111 PPPOE_LOCK(sc, RW_WRITER);
2112
2113 /* clean up softc */
2114 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest));
2115 if (sc->sc_ac_cookie) {
2116 free(sc->sc_ac_cookie, M_DEVBUF);
2117 sc->sc_ac_cookie = NULL;
2118 }
2119 if (sc->sc_relay_sid) {
2120 free(sc->sc_relay_sid, M_DEVBUF);
2121 sc->sc_relay_sid = NULL;
2122 }
2123 sc->sc_ac_cookie_len = 0;
2124 sc->sc_session = 0;
2125 }
2126
2127 static void
pppoe_enqueue(struct ifqueue * inq,struct mbuf * m)2128 pppoe_enqueue(struct ifqueue *inq, struct mbuf *m)
2129 {
2130 if (m->m_flags & M_PROMISC) {
2131 m_freem(m);
2132 return;
2133 }
2134
2135 #ifndef PPPOE_SERVER
2136 if (m->m_flags & (M_MCAST | M_BCAST)) {
2137 m_freem(m);
2138 return;
2139 }
2140 #endif
2141
2142 IFQ_LOCK(inq);
2143 if (IF_QFULL(inq)) {
2144 IF_DROP(inq);
2145 IFQ_UNLOCK(inq);
2146 m_freem(m);
2147 } else {
2148 IF_ENQUEUE(inq, m);
2149 IFQ_UNLOCK(inq);
2150 softint_schedule(pppoe_softintr);
2151 }
2152 return;
2153 }
2154
2155 void
pppoe_input(struct ifnet * ifp,struct mbuf * m)2156 pppoe_input(struct ifnet *ifp, struct mbuf *m)
2157 {
2158 pppoe_enqueue(&ppoeinq, m);
2159 return;
2160 }
2161
2162 void
pppoedisc_input(struct ifnet * ifp,struct mbuf * m)2163 pppoedisc_input(struct ifnet *ifp, struct mbuf *m)
2164 {
2165 pppoe_enqueue(&ppoediscinq, m);
2166 return;
2167 }
2168
2169 static void
sysctl_net_pppoe_setup(struct sysctllog ** clog)2170 sysctl_net_pppoe_setup(struct sysctllog **clog)
2171 {
2172 const struct sysctlnode *node = NULL;
2173 extern pktq_rps_hash_func_t sppp_pktq_rps_hash_p;
2174
2175 sppp_pktq_rps_hash_p = pktq_rps_hash_default;
2176
2177 sysctl_createv(clog, 0, NULL, &node,
2178 CTLFLAG_PERMANENT,
2179 CTLTYPE_NODE, "pppoe",
2180 SYSCTL_DESCR("PPPOE protocol"),
2181 NULL, 0, NULL, 0,
2182 CTL_NET, CTL_CREATE, CTL_EOL);
2183
2184 if (node == NULL)
2185 return;
2186
2187 sysctl_createv(clog, 0, &node, NULL,
2188 CTLFLAG_PERMANENT | CTLFLAG_READWRITE,
2189 CTLTYPE_BOOL, "term_unknown",
2190 SYSCTL_DESCR("Terminate unknown sessions"),
2191 NULL, 0, &pppoe_term_unknown, sizeof(pppoe_term_unknown),
2192 CTL_CREATE, CTL_EOL);
2193
2194 sysctl_createv(clog, 0, &node, NULL,
2195 CTLFLAG_PERMANENT | CTLFLAG_READWRITE,
2196 CTLTYPE_STRING, "rps_hash",
2197 SYSCTL_DESCR("Interface rps hash function control"),
2198 sysctl_pktq_rps_hash_handler, 0, (void *)&sppp_pktq_rps_hash_p,
2199 PKTQ_RPS_HASH_NAME_LEN,
2200 CTL_CREATE, CTL_EOL);
2201 }
2202
2203 /*
2204 * Module infrastructure
2205 */
2206 #include "if_module.h"
2207
2208 IF_MODULE(MODULE_CLASS_DRIVER, pppoe, "sppp_subr")
2209