1 /* $NetBSD: if_pppoe.c,v 1.101 2013/09/13 21:09:40 martin Exp $ */ 2 3 /*- 4 * Copyright (c) 2002, 2008 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Martin Husemann <martin@NetBSD.org>. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 #include <sys/cdefs.h> 33 __KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.101 2013/09/13 21:09:40 martin Exp $"); 34 35 #include "pppoe.h" 36 #include "opt_pppoe.h" 37 38 #include <sys/param.h> 39 #include <sys/systm.h> 40 #include <sys/kernel.h> 41 #include <sys/callout.h> 42 #include <sys/malloc.h> 43 #include <sys/mbuf.h> 44 #include <sys/socket.h> 45 #include <sys/proc.h> 46 #include <sys/ioctl.h> 47 #include <sys/kauth.h> 48 #include <sys/intr.h> 49 #include <sys/socketvar.h> 50 51 #include <net/if.h> 52 #include <net/if_types.h> 53 #include <net/if_ether.h> 54 #include <net/if_sppp.h> 55 #include <net/if_spppvar.h> 56 #include <net/if_pppoe.h> 57 58 #include <net/bpf.h> 59 60 61 #undef PPPOE_DEBUG /* XXX - remove this or make it an option */ 62 /* #define PPPOE_DEBUG 1 */ 63 64 struct pppoehdr { 65 uint8_t vertype; 66 uint8_t code; 67 uint16_t session; 68 uint16_t plen; 69 } __packed; 70 71 struct pppoetag { 72 uint16_t tag; 73 uint16_t len; 74 } __packed; 75 76 #define PPPOE_HEADERLEN sizeof(struct pppoehdr) 77 #define PPPOE_OVERHEAD (PPPOE_HEADERLEN + 2) 78 #define PPPOE_VERTYPE 0x11 /* VER=1, TYPE = 1 */ 79 80 #define PPPOE_TAG_EOL 0x0000 /* end of list */ 81 #define PPPOE_TAG_SNAME 0x0101 /* service name */ 82 #define PPPOE_TAG_ACNAME 0x0102 /* access concentrator name */ 83 #define PPPOE_TAG_HUNIQUE 0x0103 /* host unique */ 84 #define PPPOE_TAG_ACCOOKIE 0x0104 /* AC cookie */ 85 #define PPPOE_TAG_VENDOR 0x0105 /* vendor specific */ 86 #define PPPOE_TAG_RELAYSID 0x0110 /* relay session id */ 87 #define PPPOE_TAG_MAX_PAYLOAD 0x0120 /* max payload */ 88 #define PPPOE_TAG_SNAME_ERR 0x0201 /* service name error */ 89 #define PPPOE_TAG_ACSYS_ERR 0x0202 /* AC system error */ 90 #define PPPOE_TAG_GENERIC_ERR 0x0203 /* generic error */ 91 92 #define PPPOE_CODE_PADI 0x09 /* Active Discovery Initiation */ 93 #define PPPOE_CODE_PADO 0x07 /* Active Discovery Offer */ 94 #define PPPOE_CODE_PADR 0x19 /* Active Discovery Request */ 95 #define PPPOE_CODE_PADS 0x65 /* Active Discovery Session confirmation */ 96 #define PPPOE_CODE_PADT 0xA7 /* Active Discovery Terminate */ 97 98 /* two byte PPP protocol discriminator, then IP data */ 99 #define PPPOE_MAXMTU (ETHERMTU - PPPOE_OVERHEAD) 100 101 /* Add a 16 bit unsigned value to a buffer pointed to by PTR */ 102 #define PPPOE_ADD_16(PTR, VAL) \ 103 *(PTR)++ = (VAL) / 256; \ 104 *(PTR)++ = (VAL) % 256 105 106 /* Add a complete PPPoE header to the buffer pointed to by PTR */ 107 #define PPPOE_ADD_HEADER(PTR, CODE, SESS, LEN) \ 108 *(PTR)++ = PPPOE_VERTYPE; \ 109 *(PTR)++ = (CODE); \ 110 PPPOE_ADD_16(PTR, SESS); \ 111 PPPOE_ADD_16(PTR, LEN) 112 113 #define PPPOE_DISC_TIMEOUT (hz*5) /* base for quick timeout calculation */ 114 #define PPPOE_SLOW_RETRY (hz*60) /* persistent retry interval */ 115 #define PPPOE_RECON_FAST (hz*15) /* first retry after auth failure */ 116 #define PPPOE_RECON_IMMEDIATE (hz/10) /* "no delay" reconnect */ 117 #define PPPOE_DISC_MAXPADI 4 /* retry PADI four times (quickly) */ 118 #define PPPOE_DISC_MAXPADR 2 /* retry PADR twice */ 119 120 #ifdef PPPOE_SERVER 121 /* from if_spppsubr.c */ 122 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 123 #endif 124 125 struct pppoe_softc { 126 struct sppp sc_sppp; /* contains a struct ifnet as first element */ 127 LIST_ENTRY(pppoe_softc) sc_list; 128 struct ifnet *sc_eth_if; /* ethernet interface we are using */ 129 130 int sc_state; /* discovery phase or session connected */ 131 struct ether_addr sc_dest; /* hardware address of concentrator */ 132 uint16_t sc_session; /* PPPoE session id */ 133 134 char *sc_service_name; /* if != NULL: requested name of service */ 135 char *sc_concentrator_name; /* if != NULL: requested concentrator id */ 136 uint8_t *sc_ac_cookie; /* content of AC cookie we must echo back */ 137 size_t sc_ac_cookie_len; /* length of cookie data */ 138 uint8_t *sc_relay_sid; /* content of relay SID we must echo back */ 139 size_t sc_relay_sid_len; /* length of relay SID data */ 140 #ifdef PPPOE_SERVER 141 uint8_t *sc_hunique; /* content of host unique we must echo back */ 142 size_t sc_hunique_len; /* length of host unique */ 143 #endif 144 callout_t sc_timeout; /* timeout while not in session state */ 145 int sc_padi_retried; /* number of PADI retries already done */ 146 int sc_padr_retried; /* number of PADR retries already done */ 147 }; 148 149 /* incoming traffic will be queued here */ 150 struct ifqueue ppoediscinq = { .ifq_maxlen = IFQ_MAXLEN }; 151 struct ifqueue ppoeinq = { .ifq_maxlen = IFQ_MAXLEN }; 152 153 void *pppoe_softintr = NULL; 154 static void pppoe_softintr_handler(void *); 155 156 extern int sppp_ioctl(struct ifnet *, unsigned long, void *); 157 158 /* input routines */ 159 static void pppoe_input(void); 160 static void pppoe_disc_input(struct mbuf *); 161 static void pppoe_dispatch_disc_pkt(struct mbuf *, int); 162 static void pppoe_data_input(struct mbuf *); 163 164 /* management routines */ 165 void pppoeattach(int); 166 static int pppoe_connect(struct pppoe_softc *); 167 static int pppoe_disconnect(struct pppoe_softc *); 168 static void pppoe_abort_connect(struct pppoe_softc *); 169 static int pppoe_ioctl(struct ifnet *, unsigned long, void *); 170 static void pppoe_tls(struct sppp *); 171 static void pppoe_tlf(struct sppp *); 172 static void pppoe_start(struct ifnet *); 173 static void pppoe_clear_softc(struct pppoe_softc *, const char *); 174 175 /* internal timeout handling */ 176 static void pppoe_timeout(void *); 177 178 /* sending actual protocol controll packets */ 179 static int pppoe_send_padi(struct pppoe_softc *); 180 static int pppoe_send_padr(struct pppoe_softc *); 181 #ifdef PPPOE_SERVER 182 static int pppoe_send_pado(struct pppoe_softc *); 183 static int pppoe_send_pads(struct pppoe_softc *); 184 #endif 185 static int pppoe_send_padt(struct ifnet *, u_int, const uint8_t *); 186 187 /* raw output */ 188 static int pppoe_output(struct pppoe_softc *, struct mbuf *); 189 190 /* internal helper functions */ 191 static struct pppoe_softc * pppoe_find_softc_by_session(u_int, struct ifnet *); 192 static struct pppoe_softc * pppoe_find_softc_by_hunique(uint8_t *, size_t, struct ifnet *); 193 static struct mbuf *pppoe_get_mbuf(size_t len); 194 195 static int pppoe_ifattach_hook(void *, struct mbuf **, struct ifnet *, int); 196 197 static LIST_HEAD(pppoe_softc_head, pppoe_softc) pppoe_softc_list; 198 199 static int pppoe_clone_create(struct if_clone *, int); 200 static int pppoe_clone_destroy(struct ifnet *); 201 202 static struct if_clone pppoe_cloner = 203 IF_CLONE_INITIALIZER("pppoe", pppoe_clone_create, pppoe_clone_destroy); 204 205 /* ARGSUSED */ 206 void 207 pppoeattach(int count) 208 { 209 LIST_INIT(&pppoe_softc_list); 210 if_clone_attach(&pppoe_cloner); 211 212 pppoe_softintr = softint_establish(SOFTINT_NET, pppoe_softintr_handler, NULL); 213 } 214 215 static int 216 pppoe_clone_create(struct if_clone *ifc, int unit) 217 { 218 struct pppoe_softc *sc; 219 220 sc = malloc(sizeof(struct pppoe_softc), M_DEVBUF, M_WAITOK|M_ZERO); 221 222 if_initname(&sc->sc_sppp.pp_if, "pppoe", unit); 223 sc->sc_sppp.pp_if.if_softc = sc; 224 sc->sc_sppp.pp_if.if_mtu = PPPOE_MAXMTU; 225 sc->sc_sppp.pp_if.if_flags = IFF_SIMPLEX|IFF_POINTOPOINT|IFF_MULTICAST; 226 sc->sc_sppp.pp_if.if_type = IFT_PPP; 227 sc->sc_sppp.pp_if.if_hdrlen = sizeof(struct ether_header) + PPPOE_HEADERLEN; 228 sc->sc_sppp.pp_if.if_dlt = DLT_PPP_ETHER; 229 sc->sc_sppp.pp_flags |= PP_KEEPALIVE | /* use LCP keepalive */ 230 PP_NOFRAMING; /* no serial encapsulation */ 231 sc->sc_sppp.pp_if.if_ioctl = pppoe_ioctl; 232 IFQ_SET_MAXLEN(&sc->sc_sppp.pp_if.if_snd, IFQ_MAXLEN); 233 IFQ_SET_READY(&sc->sc_sppp.pp_if.if_snd); 234 235 /* changed to real address later */ 236 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 237 238 callout_init(&sc->sc_timeout, 0); 239 240 sc->sc_sppp.pp_if.if_start = pppoe_start; 241 sc->sc_sppp.pp_tls = pppoe_tls; 242 sc->sc_sppp.pp_tlf = pppoe_tlf; 243 sc->sc_sppp.pp_framebytes = PPPOE_HEADERLEN; /* framing added to ppp packets */ 244 245 if_attach(&sc->sc_sppp.pp_if); 246 sppp_attach(&sc->sc_sppp.pp_if); 247 248 bpf_attach(&sc->sc_sppp.pp_if, DLT_PPP_ETHER, 0); 249 if (LIST_EMPTY(&pppoe_softc_list)) { 250 pfil_add_hook(pppoe_ifattach_hook, NULL, PFIL_IFNET, if_pfil); 251 } 252 LIST_INSERT_HEAD(&pppoe_softc_list, sc, sc_list); 253 return 0; 254 } 255 256 static int 257 pppoe_clone_destroy(struct ifnet *ifp) 258 { 259 struct pppoe_softc * sc = ifp->if_softc; 260 261 callout_stop(&sc->sc_timeout); 262 LIST_REMOVE(sc, sc_list); 263 if (LIST_EMPTY(&pppoe_softc_list)) { 264 pfil_remove_hook(pppoe_ifattach_hook, NULL, PFIL_IFNET, if_pfil); 265 } 266 bpf_detach(ifp); 267 sppp_detach(&sc->sc_sppp.pp_if); 268 if_detach(ifp); 269 if (sc->sc_concentrator_name) 270 free(sc->sc_concentrator_name, M_DEVBUF); 271 if (sc->sc_service_name) 272 free(sc->sc_service_name, M_DEVBUF); 273 if (sc->sc_ac_cookie) 274 free(sc->sc_ac_cookie, M_DEVBUF); 275 if (sc->sc_relay_sid) 276 free(sc->sc_relay_sid, M_DEVBUF); 277 callout_destroy(&sc->sc_timeout); 278 free(sc, M_DEVBUF); 279 280 return (0); 281 } 282 283 /* 284 * Find the interface handling the specified session. 285 * Note: O(number of sessions open), this is a client-side only, mean 286 * and lean implementation, so number of open sessions typically should 287 * be 1. 288 */ 289 static struct pppoe_softc * 290 pppoe_find_softc_by_session(u_int session, struct ifnet *rcvif) 291 { 292 struct pppoe_softc *sc; 293 294 if (session == 0) 295 return NULL; 296 297 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) { 298 if (sc->sc_state == PPPOE_STATE_SESSION 299 && sc->sc_session == session 300 && sc->sc_eth_if == rcvif) 301 return sc; 302 } 303 return NULL; 304 } 305 306 /* Check host unique token passed and return appropriate softc pointer, 307 * or NULL if token is bogus. */ 308 static struct pppoe_softc * 309 pppoe_find_softc_by_hunique(uint8_t *token, size_t len, struct ifnet *rcvif) 310 { 311 struct pppoe_softc *sc, *t; 312 313 if (LIST_EMPTY(&pppoe_softc_list)) 314 return NULL; 315 316 if (len != sizeof sc) 317 return NULL; 318 memcpy(&t, token, len); 319 320 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) 321 if (sc == t) break; 322 323 if (sc == NULL) { 324 #ifdef PPPOE_DEBUG 325 printf("pppoe: alien host unique tag, no session found\n"); 326 #endif 327 return NULL; 328 } 329 330 /* should be safe to access *sc now */ 331 if (sc->sc_state < PPPOE_STATE_PADI_SENT || sc->sc_state >= PPPOE_STATE_SESSION) { 332 printf("%s: host unique tag found, but it belongs to a connection in state %d\n", 333 sc->sc_sppp.pp_if.if_xname, sc->sc_state); 334 return NULL; 335 } 336 if (sc->sc_eth_if != rcvif) { 337 printf("%s: wrong interface, not accepting host unique\n", 338 sc->sc_sppp.pp_if.if_xname); 339 return NULL; 340 } 341 return sc; 342 } 343 344 static void 345 pppoe_softintr_handler(void *dummy) 346 { 347 /* called at splsoftnet() */ 348 mutex_enter(softnet_lock); 349 pppoe_input(); 350 mutex_exit(softnet_lock); 351 } 352 353 /* called at appropriate protection level */ 354 static void 355 pppoe_input(void) 356 { 357 struct mbuf *m; 358 int s, disc_done, data_done; 359 360 do { 361 disc_done = 0; 362 data_done = 0; 363 for (;;) { 364 s = splnet(); 365 IF_DEQUEUE(&ppoediscinq, m); 366 splx(s); 367 if (m == NULL) break; 368 disc_done = 1; 369 pppoe_disc_input(m); 370 } 371 372 for (;;) { 373 s = splnet(); 374 IF_DEQUEUE(&ppoeinq, m); 375 splx(s); 376 if (m == NULL) break; 377 data_done = 1; 378 pppoe_data_input(m); 379 } 380 } while (disc_done || data_done); 381 } 382 383 /* analyze and handle a single received packet while not in session state */ 384 static void 385 pppoe_dispatch_disc_pkt(struct mbuf *m, int off) 386 { 387 uint16_t tag, len; 388 uint16_t session, plen; 389 struct pppoe_softc *sc; 390 const char *err_msg, *devname; 391 char *error; 392 uint8_t *ac_cookie; 393 size_t ac_cookie_len; 394 uint8_t *relay_sid; 395 size_t relay_sid_len; 396 #ifdef PPPOE_SERVER 397 uint8_t *hunique; 398 size_t hunique_len; 399 #endif 400 struct pppoehdr *ph; 401 struct pppoetag *pt; 402 struct mbuf *n; 403 int noff, err, errortag; 404 struct ether_header *eh; 405 406 devname = "pppoe"; /* as long as we don't know which instance */ 407 err_msg = NULL; 408 errortag = 0; 409 if (m->m_len < sizeof(*eh)) { 410 m = m_pullup(m, sizeof(*eh)); 411 if (!m) 412 goto done; 413 } 414 eh = mtod(m, struct ether_header *); 415 off += sizeof(*eh); 416 417 ac_cookie = NULL; 418 ac_cookie_len = 0; 419 relay_sid = NULL; 420 relay_sid_len = 0; 421 #ifdef PPPOE_SERVER 422 hunique = NULL; 423 hunique_len = 0; 424 #endif 425 session = 0; 426 if (m->m_pkthdr.len - off <= PPPOE_HEADERLEN) { 427 printf("pppoe: packet too short: %d\n", m->m_pkthdr.len); 428 goto done; 429 } 430 431 n = m_pulldown(m, off, sizeof(*ph), &noff); 432 if (!n) { 433 printf("pppoe: could not get PPPoE header\n"); 434 m = NULL; 435 goto done; 436 } 437 ph = (struct pppoehdr *)(mtod(n, char *) + noff); 438 if (ph->vertype != PPPOE_VERTYPE) { 439 printf("pppoe: unknown version/type packet: 0x%x\n", 440 ph->vertype); 441 goto done; 442 } 443 session = ntohs(ph->session); 444 plen = ntohs(ph->plen); 445 off += sizeof(*ph); 446 447 if (plen + off > m->m_pkthdr.len) { 448 printf("pppoe: packet content does not fit: data available = %d, packet size = %u\n", 449 m->m_pkthdr.len - off, plen); 450 goto done; 451 } 452 m_adj(m, off + plen - m->m_pkthdr.len); /* ignore trailing garbage */ 453 tag = 0; 454 len = 0; 455 sc = NULL; 456 while (off + sizeof(*pt) <= m->m_pkthdr.len) { 457 n = m_pulldown(m, off, sizeof(*pt), &noff); 458 if (!n) { 459 printf("%s: parse error\n", devname); 460 m = NULL; 461 goto done; 462 } 463 pt = (struct pppoetag *)(mtod(n, char *) + noff); 464 tag = ntohs(pt->tag); 465 len = ntohs(pt->len); 466 if (off + len + sizeof(*pt) > m->m_pkthdr.len) { 467 printf("pppoe: tag 0x%x len 0x%x is too long\n", 468 tag, len); 469 goto done; 470 } 471 switch (tag) { 472 case PPPOE_TAG_EOL: 473 goto breakbreak; 474 case PPPOE_TAG_SNAME: 475 break; /* ignored */ 476 case PPPOE_TAG_ACNAME: 477 error = NULL; 478 if (sc != NULL && len > 0) { 479 error = malloc(len+1, M_TEMP, M_NOWAIT); 480 if (error) { 481 n = m_pulldown(m, off + sizeof(*pt), 482 len, &noff); 483 if (n) { 484 strncpy(error, 485 mtod(n, char*) + noff, 486 len); 487 error[len] = '\0'; 488 } 489 printf("%s: connected to %s\n", 490 devname, error); 491 free(error, M_TEMP); 492 } 493 } 494 break; /* ignored */ 495 case PPPOE_TAG_HUNIQUE: 496 if (sc != NULL) 497 break; 498 n = m_pulldown(m, off + sizeof(*pt), len, &noff); 499 if (!n) { 500 m = NULL; 501 err_msg = "TAG HUNIQUE ERROR"; 502 break; 503 } 504 #ifdef PPPOE_SERVER 505 hunique = mtod(n, uint8_t *) + noff; 506 hunique_len = len; 507 #endif 508 sc = pppoe_find_softc_by_hunique(mtod(n, char *) + noff, 509 len, m->m_pkthdr.rcvif); 510 if (sc != NULL) 511 devname = sc->sc_sppp.pp_if.if_xname; 512 break; 513 case PPPOE_TAG_ACCOOKIE: 514 if (ac_cookie == NULL) { 515 n = m_pulldown(m, off + sizeof(*pt), len, 516 &noff); 517 if (!n) { 518 err_msg = "TAG ACCOOKIE ERROR"; 519 m = NULL; 520 break; 521 } 522 ac_cookie = mtod(n, char *) + noff; 523 ac_cookie_len = len; 524 } 525 break; 526 case PPPOE_TAG_RELAYSID: 527 if (relay_sid == NULL) { 528 n = m_pulldown(m, off + sizeof(*pt), len, 529 &noff); 530 if (!n) { 531 err_msg = "TAG RELAYSID ERROR"; 532 m = NULL; 533 break; 534 } 535 relay_sid = mtod(n, char *) + noff; 536 relay_sid_len = len; 537 } 538 break; 539 case PPPOE_TAG_SNAME_ERR: 540 err_msg = "SERVICE NAME ERROR"; 541 errortag = 1; 542 break; 543 case PPPOE_TAG_ACSYS_ERR: 544 err_msg = "AC SYSTEM ERROR"; 545 errortag = 1; 546 break; 547 case PPPOE_TAG_GENERIC_ERR: 548 err_msg = "GENERIC ERROR"; 549 errortag = 1; 550 break; 551 } 552 if (err_msg) { 553 error = NULL; 554 if (errortag && len) { 555 error = malloc(len+1, M_TEMP, M_NOWAIT); 556 n = m_pulldown(m, off + sizeof(*pt), len, 557 &noff); 558 if (n && error) { 559 strncpy(error, 560 mtod(n, char *) + noff, len); 561 error[len] = '\0'; 562 } 563 } 564 if (error) { 565 printf("%s: %s: %s\n", devname, 566 err_msg, error); 567 free(error, M_TEMP); 568 } else 569 printf("%s: %s\n", devname, err_msg); 570 if (errortag || m == NULL) 571 goto done; 572 } 573 off += sizeof(*pt) + len; 574 } 575 breakbreak:; 576 switch (ph->code) { 577 case PPPOE_CODE_PADI: 578 #ifdef PPPOE_SERVER 579 /* 580 * got service name, concentrator name, and/or host unique. 581 * ignore if we have no interfaces with IFF_PASSIVE|IFF_UP. 582 */ 583 if (LIST_EMPTY(&pppoe_softc_list)) 584 goto done; 585 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) { 586 if (!(sc->sc_sppp.pp_if.if_flags & IFF_UP)) 587 continue; 588 if (!(sc->sc_sppp.pp_if.if_flags & IFF_PASSIVE)) 589 continue; 590 if (sc->sc_state == PPPOE_STATE_INITIAL) 591 break; 592 } 593 if (sc == NULL) { 594 /* printf("pppoe: free passive interface is not found\n");*/ 595 goto done; 596 } 597 if (hunique) { 598 if (sc->sc_hunique) 599 free(sc->sc_hunique, M_DEVBUF); 600 sc->sc_hunique = malloc(hunique_len, M_DEVBUF, 601 M_DONTWAIT); 602 if (sc->sc_hunique == NULL) 603 goto done; 604 sc->sc_hunique_len = hunique_len; 605 memcpy(sc->sc_hunique, hunique, hunique_len); 606 } 607 memcpy(&sc->sc_dest, eh->ether_shost, sizeof sc->sc_dest); 608 sc->sc_state = PPPOE_STATE_PADO_SENT; 609 pppoe_send_pado(sc); 610 break; 611 #endif /* PPPOE_SERVER */ 612 case PPPOE_CODE_PADR: 613 #ifdef PPPOE_SERVER 614 /* 615 * get sc from ac_cookie if IFF_PASSIVE 616 */ 617 if (ac_cookie == NULL) { 618 /* be quiet if there is not a single pppoe instance */ 619 printf("pppoe: received PADR but not includes ac_cookie\n"); 620 goto done; 621 } 622 sc = pppoe_find_softc_by_hunique(ac_cookie, 623 ac_cookie_len, 624 m->m_pkthdr.rcvif); 625 if (sc == NULL) { 626 /* be quiet if there is not a single pppoe instance */ 627 if (!LIST_EMPTY(&pppoe_softc_list)) 628 printf("pppoe: received PADR but could not find request for it\n"); 629 goto done; 630 } 631 if (sc->sc_state != PPPOE_STATE_PADO_SENT) { 632 printf("%s: received unexpected PADR\n", 633 sc->sc_sppp.pp_if.if_xname); 634 goto done; 635 } 636 if (hunique) { 637 if (sc->sc_hunique) 638 free(sc->sc_hunique, M_DEVBUF); 639 sc->sc_hunique = malloc(hunique_len, M_DEVBUF, 640 M_DONTWAIT); 641 if (sc->sc_hunique == NULL) 642 goto done; 643 sc->sc_hunique_len = hunique_len; 644 memcpy(sc->sc_hunique, hunique, hunique_len); 645 } 646 pppoe_send_pads(sc); 647 sc->sc_state = PPPOE_STATE_SESSION; 648 sc->sc_sppp.pp_up(&sc->sc_sppp); 649 break; 650 #else 651 /* ignore, we are no access concentrator */ 652 goto done; 653 #endif /* PPPOE_SERVER */ 654 case PPPOE_CODE_PADO: 655 if (sc == NULL) { 656 /* be quiet if there is not a single pppoe instance */ 657 if (!LIST_EMPTY(&pppoe_softc_list)) 658 printf("pppoe: received PADO but could not find request for it\n"); 659 goto done; 660 } 661 if (sc->sc_state != PPPOE_STATE_PADI_SENT) { 662 printf("%s: received unexpected PADO\n", 663 sc->sc_sppp.pp_if.if_xname); 664 goto done; 665 } 666 if (ac_cookie) { 667 if (sc->sc_ac_cookie) 668 free(sc->sc_ac_cookie, M_DEVBUF); 669 sc->sc_ac_cookie = malloc(ac_cookie_len, M_DEVBUF, 670 M_DONTWAIT); 671 if (sc->sc_ac_cookie == NULL) { 672 printf("%s: FATAL: could not allocate memory " 673 "for AC cookie\n", 674 sc->sc_sppp.pp_if.if_xname); 675 goto done; 676 } 677 sc->sc_ac_cookie_len = ac_cookie_len; 678 memcpy(sc->sc_ac_cookie, ac_cookie, ac_cookie_len); 679 } 680 if (relay_sid) { 681 if (sc->sc_relay_sid) 682 free(sc->sc_relay_sid, M_DEVBUF); 683 sc->sc_relay_sid = malloc(relay_sid_len, M_DEVBUF, 684 M_DONTWAIT); 685 if (sc->sc_relay_sid == NULL) { 686 printf("%s: FATAL: could not allocate memory " 687 "for relay SID\n", 688 sc->sc_sppp.pp_if.if_xname); 689 goto done; 690 } 691 sc->sc_relay_sid_len = relay_sid_len; 692 memcpy(sc->sc_relay_sid, relay_sid, relay_sid_len); 693 } 694 memcpy(&sc->sc_dest, eh->ether_shost, sizeof sc->sc_dest); 695 callout_stop(&sc->sc_timeout); 696 sc->sc_padr_retried = 0; 697 sc->sc_state = PPPOE_STATE_PADR_SENT; 698 if ((err = pppoe_send_padr(sc)) != 0) { 699 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 700 printf("%s: failed to send PADR, " 701 "error=%d\n", sc->sc_sppp.pp_if.if_xname, 702 err); 703 } 704 callout_reset(&sc->sc_timeout, 705 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried), 706 pppoe_timeout, sc); 707 break; 708 case PPPOE_CODE_PADS: 709 if (sc == NULL) 710 goto done; 711 sc->sc_session = session; 712 callout_stop(&sc->sc_timeout); 713 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 714 printf("%s: session 0x%x connected\n", 715 sc->sc_sppp.pp_if.if_xname, session); 716 sc->sc_state = PPPOE_STATE_SESSION; 717 sc->sc_sppp.pp_up(&sc->sc_sppp); /* notify upper layers */ 718 break; 719 case PPPOE_CODE_PADT: 720 sc = pppoe_find_softc_by_session(session, m->m_pkthdr.rcvif); 721 if (sc == NULL) 722 goto done; 723 pppoe_clear_softc(sc, "received PADT"); 724 break; 725 default: 726 printf("%s: unknown code (0x%04x) session = 0x%04x\n", 727 sc? sc->sc_sppp.pp_if.if_xname : "pppoe", 728 ph->code, session); 729 break; 730 } 731 732 done: 733 if (m) 734 m_freem(m); 735 return; 736 } 737 738 static void 739 pppoe_disc_input(struct mbuf *m) 740 { 741 742 /* avoid error messages if there is not a single pppoe instance */ 743 if (!LIST_EMPTY(&pppoe_softc_list)) { 744 KASSERT(m->m_flags & M_PKTHDR); 745 pppoe_dispatch_disc_pkt(m, 0); 746 } else 747 m_freem(m); 748 } 749 750 static void 751 pppoe_data_input(struct mbuf *m) 752 { 753 uint16_t session, plen; 754 struct pppoe_softc *sc; 755 struct pppoehdr *ph; 756 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 757 uint8_t shost[ETHER_ADDR_LEN]; 758 #endif 759 760 KASSERT(m->m_flags & M_PKTHDR); 761 762 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 763 memcpy(shost, mtod(m, struct ether_header*)->ether_shost, ETHER_ADDR_LEN); 764 #endif 765 m_adj(m, sizeof(struct ether_header)); 766 if (m->m_pkthdr.len <= PPPOE_HEADERLEN) { 767 printf("pppoe (data): dropping too short packet: %d bytes\n", 768 m->m_pkthdr.len); 769 goto drop; 770 } 771 772 if (m->m_len < sizeof(*ph)) { 773 m = m_pullup(m, sizeof(*ph)); 774 if (!m) { 775 printf("pppoe: could not get PPPoE header\n"); 776 return; 777 } 778 } 779 ph = mtod(m, struct pppoehdr *); 780 781 if (ph->vertype != PPPOE_VERTYPE) { 782 printf("pppoe (data): unknown version/type packet: 0x%x\n", 783 ph->vertype); 784 goto drop; 785 } 786 if (ph->code != 0) 787 goto drop; 788 789 session = ntohs(ph->session); 790 sc = pppoe_find_softc_by_session(session, m->m_pkthdr.rcvif); 791 if (sc == NULL) { 792 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 793 printf("pppoe: input for unknown session 0x%x, sending PADT\n", 794 session); 795 pppoe_send_padt(m->m_pkthdr.rcvif, session, shost); 796 #endif 797 goto drop; 798 } 799 800 plen = ntohs(ph->plen); 801 802 bpf_mtap(&sc->sc_sppp.pp_if, m); 803 804 m_adj(m, PPPOE_HEADERLEN); 805 806 #ifdef PPPOE_DEBUG 807 { 808 struct mbuf *p; 809 810 printf("%s: pkthdr.len=%d, pppoe.len=%d", 811 sc->sc_sppp.pp_if.if_xname, 812 m->m_pkthdr.len, plen); 813 p = m; 814 while (p) { 815 printf(" l=%d", p->m_len); 816 p = p->m_next; 817 } 818 printf("\n"); 819 } 820 #endif 821 822 if (m->m_pkthdr.len < plen) 823 goto drop; 824 825 /* fix incoming interface pointer (not the raw ethernet interface anymore) */ 826 m->m_pkthdr.rcvif = &sc->sc_sppp.pp_if; 827 828 /* pass packet up and account for it */ 829 sc->sc_sppp.pp_if.if_ipackets++; 830 sppp_input(&sc->sc_sppp.pp_if, m); 831 return; 832 833 drop: 834 m_freem(m); 835 } 836 837 static int 838 pppoe_output(struct pppoe_softc *sc, struct mbuf *m) 839 { 840 struct sockaddr dst; 841 struct ether_header *eh; 842 uint16_t etype; 843 844 if (sc->sc_eth_if == NULL) { 845 m_freem(m); 846 return EIO; 847 } 848 849 memset(&dst, 0, sizeof dst); 850 dst.sa_family = AF_UNSPEC; 851 eh = (struct ether_header*)&dst.sa_data; 852 etype = sc->sc_state == PPPOE_STATE_SESSION ? ETHERTYPE_PPPOE : ETHERTYPE_PPPOEDISC; 853 eh->ether_type = htons(etype); 854 memcpy(&eh->ether_dhost, &sc->sc_dest, sizeof sc->sc_dest); 855 856 #ifdef PPPOE_DEBUG 857 printf("%s (%x) state=%d, session=0x%x output -> %s, len=%d\n", 858 sc->sc_sppp.pp_if.if_xname, etype, 859 sc->sc_state, sc->sc_session, 860 ether_sprintf((const unsigned char *)&sc->sc_dest), m->m_pkthdr.len); 861 #endif 862 863 m->m_flags &= ~(M_BCAST|M_MCAST); 864 sc->sc_sppp.pp_if.if_opackets++; 865 return sc->sc_eth_if->if_output(sc->sc_eth_if, m, &dst, NULL); 866 } 867 868 static int 869 pppoe_ioctl(struct ifnet *ifp, unsigned long cmd, void *data) 870 { 871 struct lwp *l = curlwp; /* XXX */ 872 struct pppoe_softc *sc = (struct pppoe_softc*)ifp; 873 struct ifreq *ifr = data; 874 int error = 0; 875 876 switch (cmd) { 877 case PPPOESETPARMS: 878 { 879 struct pppoediscparms *parms = (struct pppoediscparms*)data; 880 if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE, 881 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, 882 NULL) != 0) 883 return (EPERM); 884 if (parms->eth_ifname[0] != 0) { 885 struct ifnet *eth_if; 886 887 eth_if = ifunit(parms->eth_ifname); 888 if (eth_if == NULL || eth_if->if_dlt != DLT_EN10MB) { 889 sc->sc_eth_if = NULL; 890 return ENXIO; 891 } 892 893 if (sc->sc_sppp.pp_if.if_mtu != 894 eth_if->if_mtu - PPPOE_OVERHEAD) { 895 sc->sc_sppp.pp_if.if_mtu = eth_if->if_mtu - 896 PPPOE_OVERHEAD; 897 } 898 sc->sc_eth_if = eth_if; 899 } 900 if (parms->ac_name != NULL) { 901 size_t s; 902 char *b = malloc(parms->ac_name_len + 1, M_DEVBUF, 903 M_WAITOK); 904 if (b == NULL) 905 return ENOMEM; 906 error = copyinstr(parms->ac_name, b, 907 parms->ac_name_len+1, &s); 908 if (error != 0) { 909 free(b, M_DEVBUF); 910 return error; 911 } 912 if (s != parms->ac_name_len+1) { 913 free(b, M_DEVBUF); 914 return EINVAL; 915 } 916 if (sc->sc_concentrator_name) 917 free(sc->sc_concentrator_name, M_DEVBUF); 918 sc->sc_concentrator_name = b; 919 } 920 if (parms->service_name != NULL) { 921 size_t s; 922 char *b = malloc(parms->service_name_len + 1, M_DEVBUF, 923 M_WAITOK); 924 if (b == NULL) 925 return ENOMEM; 926 error = copyinstr(parms->service_name, b, 927 parms->service_name_len+1, &s); 928 if (error != 0) { 929 free(b, M_DEVBUF); 930 return error; 931 } 932 if (s != parms->service_name_len+1) { 933 free(b, M_DEVBUF); 934 return EINVAL; 935 } 936 if (sc->sc_service_name) 937 free(sc->sc_service_name, M_DEVBUF); 938 sc->sc_service_name = b; 939 } 940 return 0; 941 } 942 break; 943 case PPPOEGETPARMS: 944 { 945 struct pppoediscparms *parms = (struct pppoediscparms*)data; 946 memset(parms, 0, sizeof *parms); 947 if (sc->sc_eth_if) 948 strncpy(parms->ifname, sc->sc_eth_if->if_xname, IFNAMSIZ); 949 return 0; 950 } 951 break; 952 case PPPOEGETSESSION: 953 { 954 struct pppoeconnectionstate *state = (struct pppoeconnectionstate*)data; 955 state->state = sc->sc_state; 956 state->session_id = sc->sc_session; 957 state->padi_retry_no = sc->sc_padi_retried; 958 state->padr_retry_no = sc->sc_padr_retried; 959 return 0; 960 } 961 break; 962 case SIOCSIFFLAGS: 963 /* 964 * Prevent running re-establishment timers overriding 965 * administrators choice. 966 */ 967 if ((ifr->ifr_flags & IFF_UP) == 0 968 && sc->sc_state >= PPPOE_STATE_PADI_SENT 969 && sc->sc_state < PPPOE_STATE_SESSION) { 970 callout_stop(&sc->sc_timeout); 971 sc->sc_state = PPPOE_STATE_INITIAL; 972 sc->sc_padi_retried = 0; 973 sc->sc_padr_retried = 0; 974 memcpy(&sc->sc_dest, etherbroadcastaddr, 975 sizeof(sc->sc_dest)); 976 } 977 return sppp_ioctl(ifp, cmd, data); 978 case SIOCSIFMTU: 979 if (ifr->ifr_mtu > (sc->sc_eth_if == NULL ? 980 PPPOE_MAXMTU : (sc->sc_eth_if->if_mtu - PPPOE_OVERHEAD))) { 981 return EINVAL; 982 } 983 /*FALLTHROUGH*/ 984 default: 985 return sppp_ioctl(ifp, cmd, data); 986 } 987 return 0; 988 } 989 990 /* 991 * Allocate a mbuf/cluster with space to store the given data length 992 * of payload, leaving space for prepending an ethernet header 993 * in front. 994 */ 995 static struct mbuf * 996 pppoe_get_mbuf(size_t len) 997 { 998 struct mbuf *m; 999 1000 MGETHDR(m, M_DONTWAIT, MT_DATA); 1001 if (m == NULL) 1002 return NULL; 1003 if (len + sizeof(struct ether_header) > MHLEN) { 1004 MCLGET(m, M_DONTWAIT); 1005 if ((m->m_flags & M_EXT) == 0) { 1006 m_free(m); 1007 return NULL; 1008 } 1009 } 1010 m->m_data += sizeof(struct ether_header); 1011 m->m_len = len; 1012 m->m_pkthdr.len = len; 1013 m->m_pkthdr.rcvif = NULL; 1014 1015 return m; 1016 } 1017 1018 static int 1019 pppoe_send_padi(struct pppoe_softc *sc) 1020 { 1021 struct mbuf *m0; 1022 int len, l1 = 0, l2 = 0; /* XXX: gcc */ 1023 uint8_t *p; 1024 1025 if (sc->sc_state >PPPOE_STATE_PADI_SENT) 1026 panic("pppoe_send_padi in state %d", sc->sc_state); 1027 1028 /* calculate length of frame (excluding ethernet header + pppoe header) */ 1029 len = 2 + 2 + 2 + 2 + sizeof sc; /* service name tag is required, host unique is send too */ 1030 if (sc->sc_service_name != NULL) { 1031 l1 = strlen(sc->sc_service_name); 1032 len += l1; 1033 } 1034 if (sc->sc_concentrator_name != NULL) { 1035 l2 = strlen(sc->sc_concentrator_name); 1036 len += 2 + 2 + l2; 1037 } 1038 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MAXMTU) { 1039 len += 2 + 2 + 2; 1040 } 1041 1042 /* allocate a buffer */ 1043 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); /* header len + payload len */ 1044 if (!m0) 1045 return ENOBUFS; 1046 1047 /* fill in pkt */ 1048 p = mtod(m0, uint8_t *); 1049 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADI, 0, len); 1050 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1051 if (sc->sc_service_name != NULL) { 1052 PPPOE_ADD_16(p, l1); 1053 memcpy(p, sc->sc_service_name, l1); 1054 p += l1; 1055 } else { 1056 PPPOE_ADD_16(p, 0); 1057 } 1058 if (sc->sc_concentrator_name != NULL) { 1059 PPPOE_ADD_16(p, PPPOE_TAG_ACNAME); 1060 PPPOE_ADD_16(p, l2); 1061 memcpy(p, sc->sc_concentrator_name, l2); 1062 p += l2; 1063 } 1064 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1065 PPPOE_ADD_16(p, sizeof(sc)); 1066 memcpy(p, &sc, sizeof sc); 1067 p += sizeof(sc); 1068 1069 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MAXMTU) { 1070 PPPOE_ADD_16(p, PPPOE_TAG_MAX_PAYLOAD); 1071 PPPOE_ADD_16(p, 2); 1072 PPPOE_ADD_16(p, (uint16_t)sc->sc_sppp.pp_if.if_mtu); 1073 } 1074 1075 #ifdef PPPOE_DEBUG 1076 p += sizeof sc; 1077 if (p - mtod(m0, uint8_t *) != len + PPPOE_HEADERLEN) 1078 panic("pppoe_send_padi: garbled output len, should be %ld, is %ld", 1079 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, uint8_t *))); 1080 #endif 1081 1082 /* send pkt */ 1083 return pppoe_output(sc, m0); 1084 } 1085 1086 static void 1087 pppoe_timeout(void *arg) 1088 { 1089 int x, retry_wait, err; 1090 struct pppoe_softc *sc = (struct pppoe_softc*)arg; 1091 1092 #ifdef PPPOE_DEBUG 1093 printf("%s: timeout\n", sc->sc_sppp.pp_if.if_xname); 1094 #endif 1095 1096 switch (sc->sc_state) { 1097 case PPPOE_STATE_INITIAL: 1098 /* delayed connect from pppoe_tls() */ 1099 pppoe_connect(sc); 1100 break; 1101 case PPPOE_STATE_PADI_SENT: 1102 /* 1103 * We have two basic ways of retrying: 1104 * - Quick retry mode: try a few times in short sequence 1105 * - Slow retry mode: we already had a connection successfully 1106 * established and will try infinitely (without user 1107 * intervention) 1108 * We only enter slow retry mode if IFF_LINK1 (aka autodial) 1109 * is not set. 1110 */ 1111 1112 /* initialize for quick retry mode */ 1113 retry_wait = PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried); 1114 1115 x = splnet(); 1116 sc->sc_padi_retried++; 1117 if (sc->sc_padi_retried >= PPPOE_DISC_MAXPADI) { 1118 if ((sc->sc_sppp.pp_if.if_flags & IFF_LINK1) == 0) { 1119 /* slow retry mode */ 1120 retry_wait = PPPOE_SLOW_RETRY; 1121 } else { 1122 pppoe_abort_connect(sc); 1123 splx(x); 1124 return; 1125 } 1126 } 1127 if ((err = pppoe_send_padi(sc)) != 0) { 1128 sc->sc_padi_retried--; 1129 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1130 printf("%s: failed to transmit PADI, " 1131 "error=%d\n", 1132 sc->sc_sppp.pp_if.if_xname, err); 1133 } 1134 callout_reset(&sc->sc_timeout, retry_wait, 1135 pppoe_timeout, sc); 1136 splx(x); 1137 break; 1138 1139 case PPPOE_STATE_PADR_SENT: 1140 x = splnet(); 1141 sc->sc_padr_retried++; 1142 if (sc->sc_padr_retried >= PPPOE_DISC_MAXPADR) { 1143 memcpy(&sc->sc_dest, etherbroadcastaddr, 1144 sizeof(sc->sc_dest)); 1145 sc->sc_state = PPPOE_STATE_PADI_SENT; 1146 sc->sc_padr_retried = 0; 1147 if ((err = pppoe_send_padi(sc)) != 0) { 1148 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1149 printf("%s: failed to send PADI" 1150 ", error=%d\n", 1151 sc->sc_sppp.pp_if.if_xname, 1152 err); 1153 } 1154 callout_reset(&sc->sc_timeout, 1155 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried), 1156 pppoe_timeout, sc); 1157 splx(x); 1158 return; 1159 } 1160 if ((err = pppoe_send_padr(sc)) != 0) { 1161 sc->sc_padr_retried--; 1162 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1163 printf("%s: failed to send PADR, " 1164 "error=%d\n", sc->sc_sppp.pp_if.if_xname, 1165 err); 1166 } 1167 callout_reset(&sc->sc_timeout, 1168 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried), 1169 pppoe_timeout, sc); 1170 splx(x); 1171 break; 1172 case PPPOE_STATE_CLOSING: 1173 pppoe_disconnect(sc); 1174 break; 1175 default: 1176 return; /* all done, work in peace */ 1177 } 1178 } 1179 1180 /* Start a connection (i.e. initiate discovery phase) */ 1181 static int 1182 pppoe_connect(struct pppoe_softc *sc) 1183 { 1184 int x, err; 1185 1186 if (sc->sc_state != PPPOE_STATE_INITIAL) 1187 return EBUSY; 1188 1189 #ifdef PPPOE_SERVER 1190 /* wait PADI if IFF_PASSIVE */ 1191 if ((sc->sc_sppp.pp_if.if_flags & IFF_PASSIVE)) 1192 return 0; 1193 #endif 1194 x = splnet(); 1195 /* save state, in case we fail to send PADI */ 1196 sc->sc_state = PPPOE_STATE_PADI_SENT; 1197 sc->sc_padr_retried = 0; 1198 err = pppoe_send_padi(sc); 1199 if (err != 0 && sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1200 printf("%s: failed to send PADI, error=%d\n", 1201 sc->sc_sppp.pp_if.if_xname, err); 1202 callout_reset(&sc->sc_timeout, PPPOE_DISC_TIMEOUT, pppoe_timeout, sc); 1203 splx(x); 1204 return err; 1205 } 1206 1207 /* disconnect */ 1208 static int 1209 pppoe_disconnect(struct pppoe_softc *sc) 1210 { 1211 int err, x; 1212 1213 x = splnet(); 1214 1215 if (sc->sc_state < PPPOE_STATE_SESSION) 1216 err = EBUSY; 1217 else { 1218 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1219 printf("%s: disconnecting\n", 1220 sc->sc_sppp.pp_if.if_xname); 1221 err = pppoe_send_padt(sc->sc_eth_if, sc->sc_session, (const uint8_t *)&sc->sc_dest); 1222 } 1223 1224 /* cleanup softc */ 1225 sc->sc_state = PPPOE_STATE_INITIAL; 1226 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1227 if (sc->sc_ac_cookie) { 1228 free(sc->sc_ac_cookie, M_DEVBUF); 1229 sc->sc_ac_cookie = NULL; 1230 } 1231 sc->sc_ac_cookie_len = 0; 1232 if (sc->sc_relay_sid) { 1233 free(sc->sc_relay_sid, M_DEVBUF); 1234 sc->sc_relay_sid = NULL; 1235 } 1236 sc->sc_relay_sid_len = 0; 1237 #ifdef PPPOE_SERVER 1238 if (sc->sc_hunique) { 1239 free(sc->sc_hunique, M_DEVBUF); 1240 sc->sc_hunique = NULL; 1241 } 1242 sc->sc_hunique_len = 0; 1243 #endif 1244 sc->sc_session = 0; 1245 1246 /* notify upper layer */ 1247 sc->sc_sppp.pp_down(&sc->sc_sppp); 1248 1249 splx(x); 1250 1251 return err; 1252 } 1253 1254 /* Connection attempt aborted */ 1255 static void 1256 pppoe_abort_connect(struct pppoe_softc *sc) 1257 { 1258 printf("%s: could not establish connection\n", 1259 sc->sc_sppp.pp_if.if_xname); 1260 sc->sc_state = PPPOE_STATE_CLOSING; 1261 1262 /* notify upper layer */ 1263 sc->sc_sppp.pp_down(&sc->sc_sppp); 1264 1265 /* clear connection state */ 1266 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1267 sc->sc_state = PPPOE_STATE_INITIAL; 1268 } 1269 1270 /* Send a PADR packet */ 1271 static int 1272 pppoe_send_padr(struct pppoe_softc *sc) 1273 { 1274 struct mbuf *m0; 1275 uint8_t *p; 1276 size_t len, l1 = 0; /* XXX: gcc */ 1277 1278 if (sc->sc_state != PPPOE_STATE_PADR_SENT) 1279 return EIO; 1280 1281 len = 2 + 2 + 2 + 2 + sizeof(sc); /* service name, host unique */ 1282 if (sc->sc_service_name != NULL) { /* service name tag maybe empty */ 1283 l1 = strlen(sc->sc_service_name); 1284 len += l1; 1285 } 1286 if (sc->sc_ac_cookie_len > 0) 1287 len += 2 + 2 + sc->sc_ac_cookie_len; /* AC cookie */ 1288 if (sc->sc_relay_sid_len > 0) 1289 len += 2 + 2 + sc->sc_relay_sid_len; /* Relay SID */ 1290 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MAXMTU) { 1291 len += 2 + 2 + 2; 1292 } 1293 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); 1294 if (!m0) 1295 return ENOBUFS; 1296 p = mtod(m0, uint8_t *); 1297 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADR, 0, len); 1298 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1299 if (sc->sc_service_name != NULL) { 1300 PPPOE_ADD_16(p, l1); 1301 memcpy(p, sc->sc_service_name, l1); 1302 p += l1; 1303 } else { 1304 PPPOE_ADD_16(p, 0); 1305 } 1306 if (sc->sc_ac_cookie_len > 0) { 1307 PPPOE_ADD_16(p, PPPOE_TAG_ACCOOKIE); 1308 PPPOE_ADD_16(p, sc->sc_ac_cookie_len); 1309 memcpy(p, sc->sc_ac_cookie, sc->sc_ac_cookie_len); 1310 p += sc->sc_ac_cookie_len; 1311 } 1312 if (sc->sc_relay_sid_len > 0) { 1313 PPPOE_ADD_16(p, PPPOE_TAG_RELAYSID); 1314 PPPOE_ADD_16(p, sc->sc_relay_sid_len); 1315 memcpy(p, sc->sc_relay_sid, sc->sc_relay_sid_len); 1316 p += sc->sc_relay_sid_len; 1317 } 1318 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1319 PPPOE_ADD_16(p, sizeof(sc)); 1320 memcpy(p, &sc, sizeof sc); 1321 p += sizeof(sc); 1322 1323 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MAXMTU) { 1324 PPPOE_ADD_16(p, PPPOE_TAG_MAX_PAYLOAD); 1325 PPPOE_ADD_16(p, 2); 1326 PPPOE_ADD_16(p, (uint16_t)sc->sc_sppp.pp_if.if_mtu); 1327 } 1328 1329 #ifdef PPPOE_DEBUG 1330 p += sizeof sc; 1331 if (p - mtod(m0, uint8_t *) != len + PPPOE_HEADERLEN) 1332 panic("pppoe_send_padr: garbled output len, should be %ld, is %ld", 1333 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, uint8_t *))); 1334 #endif 1335 1336 return pppoe_output(sc, m0); 1337 } 1338 1339 /* send a PADT packet */ 1340 static int 1341 pppoe_send_padt(struct ifnet *outgoing_if, u_int session, const uint8_t *dest) 1342 { 1343 struct ether_header *eh; 1344 struct sockaddr dst; 1345 struct mbuf *m0; 1346 uint8_t *p; 1347 1348 m0 = pppoe_get_mbuf(PPPOE_HEADERLEN); 1349 if (!m0) 1350 return EIO; 1351 p = mtod(m0, uint8_t *); 1352 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADT, session, 0); 1353 1354 memset(&dst, 0, sizeof dst); 1355 dst.sa_family = AF_UNSPEC; 1356 eh = (struct ether_header*)&dst.sa_data; 1357 eh->ether_type = htons(ETHERTYPE_PPPOEDISC); 1358 memcpy(&eh->ether_dhost, dest, ETHER_ADDR_LEN); 1359 1360 m0->m_flags &= ~(M_BCAST|M_MCAST); 1361 return outgoing_if->if_output(outgoing_if, m0, &dst, NULL); 1362 } 1363 1364 #ifdef PPPOE_SERVER 1365 static int 1366 pppoe_send_pado(struct pppoe_softc *sc) 1367 { 1368 struct mbuf *m0; 1369 uint8_t *p; 1370 size_t len; 1371 1372 if (sc->sc_state != PPPOE_STATE_PADO_SENT) 1373 return EIO; 1374 1375 /* calc length */ 1376 len = 0; 1377 /* include ac_cookie */ 1378 len += 2 + 2 + sizeof(sc); 1379 /* include hunique */ 1380 len += 2 + 2 + sc->sc_hunique_len; 1381 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); 1382 if (!m0) 1383 return EIO; 1384 p = mtod(m0, uint8_t *); 1385 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADO, 0, len); 1386 PPPOE_ADD_16(p, PPPOE_TAG_ACCOOKIE); 1387 PPPOE_ADD_16(p, sizeof(sc)); 1388 memcpy(p, &sc, sizeof(sc)); 1389 p += sizeof(sc); 1390 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1391 PPPOE_ADD_16(p, sc->sc_hunique_len); 1392 memcpy(p, sc->sc_hunique, sc->sc_hunique_len); 1393 return pppoe_output(sc, m0); 1394 } 1395 1396 static int 1397 pppoe_send_pads(struct pppoe_softc *sc) 1398 { 1399 struct bintime bt; 1400 struct mbuf *m0; 1401 uint8_t *p; 1402 size_t len, l1 = 0; /* XXX: gcc */ 1403 1404 if (sc->sc_state != PPPOE_STATE_PADO_SENT) 1405 return EIO; 1406 1407 getbinuptime(&bt); 1408 sc->sc_session = bt.sec % 0xff + 1; 1409 /* calc length */ 1410 len = 0; 1411 /* include hunique */ 1412 len += 2 + 2 + 2 + 2 + sc->sc_hunique_len; /* service name, host unique*/ 1413 if (sc->sc_service_name != NULL) { /* service name tag maybe empty */ 1414 l1 = strlen(sc->sc_service_name); 1415 len += l1; 1416 } 1417 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); 1418 if (!m0) 1419 return ENOBUFS; 1420 p = mtod(m0, uint8_t *); 1421 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADS, sc->sc_session, len); 1422 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1423 if (sc->sc_service_name != NULL) { 1424 PPPOE_ADD_16(p, l1); 1425 memcpy(p, sc->sc_service_name, l1); 1426 p += l1; 1427 } else { 1428 PPPOE_ADD_16(p, 0); 1429 } 1430 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1431 PPPOE_ADD_16(p, sc->sc_hunique_len); 1432 memcpy(p, sc->sc_hunique, sc->sc_hunique_len); 1433 return pppoe_output(sc, m0); 1434 } 1435 #endif 1436 1437 static void 1438 pppoe_tls(struct sppp *sp) 1439 { 1440 struct pppoe_softc *sc = (void *)sp; 1441 int wtime; 1442 1443 if (sc->sc_state != PPPOE_STATE_INITIAL) 1444 return; 1445 1446 if (sc->sc_sppp.pp_phase == SPPP_PHASE_ESTABLISH && 1447 sc->sc_sppp.pp_auth_failures > 0) { 1448 /* 1449 * Delay trying to reconnect a bit more - the peer 1450 * might have failed to contact it's radius server. 1451 */ 1452 wtime = PPPOE_RECON_FAST * sc->sc_sppp.pp_auth_failures; 1453 if (wtime > PPPOE_SLOW_RETRY) 1454 wtime = PPPOE_SLOW_RETRY; 1455 } else { 1456 wtime = PPPOE_RECON_IMMEDIATE; 1457 } 1458 callout_reset(&sc->sc_timeout, wtime, pppoe_timeout, sc); 1459 } 1460 1461 static void 1462 pppoe_tlf(struct sppp *sp) 1463 { 1464 struct pppoe_softc *sc = (void *)sp; 1465 if (sc->sc_state < PPPOE_STATE_SESSION) 1466 return; 1467 /* 1468 * Do not call pppoe_disconnect here, the upper layer state 1469 * machine gets confused by this. We must return from this 1470 * function and defer disconnecting to the timeout handler. 1471 */ 1472 sc->sc_state = PPPOE_STATE_CLOSING; 1473 callout_reset(&sc->sc_timeout, hz/50, pppoe_timeout, sc); 1474 } 1475 1476 static void 1477 pppoe_start(struct ifnet *ifp) 1478 { 1479 struct pppoe_softc *sc = (void *)ifp; 1480 struct mbuf *m; 1481 uint8_t *p; 1482 size_t len; 1483 1484 if (sppp_isempty(ifp)) 1485 return; 1486 1487 /* are we ready to process data yet? */ 1488 if (sc->sc_state < PPPOE_STATE_SESSION) { 1489 sppp_flush(&sc->sc_sppp.pp_if); 1490 return; 1491 } 1492 1493 while ((m = sppp_dequeue(ifp)) != NULL) { 1494 len = m->m_pkthdr.len; 1495 M_PREPEND(m, PPPOE_HEADERLEN, M_DONTWAIT); 1496 if (m == NULL) { 1497 ifp->if_oerrors++; 1498 continue; 1499 } 1500 p = mtod(m, uint8_t *); 1501 PPPOE_ADD_HEADER(p, 0, sc->sc_session, len); 1502 1503 bpf_mtap(&sc->sc_sppp.pp_if, m); 1504 1505 pppoe_output(sc, m); 1506 } 1507 } 1508 1509 1510 static int 1511 pppoe_ifattach_hook(void *arg, struct mbuf **mp, struct ifnet *ifp, int dir) 1512 { 1513 struct pppoe_softc *sc; 1514 int s; 1515 1516 if (mp != (struct mbuf **)PFIL_IFNET_DETACH) 1517 return 0; 1518 1519 s = splnet(); 1520 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) { 1521 if (sc->sc_eth_if != ifp) 1522 continue; 1523 if (sc->sc_sppp.pp_if.if_flags & IFF_UP) { 1524 sc->sc_sppp.pp_if.if_flags &= ~(IFF_UP|IFF_RUNNING); 1525 printf("%s: ethernet interface detached, going down\n", 1526 sc->sc_sppp.pp_if.if_xname); 1527 } 1528 sc->sc_eth_if = NULL; 1529 pppoe_clear_softc(sc, "ethernet interface detached"); 1530 } 1531 splx(s); 1532 1533 return 0; 1534 } 1535 1536 static void 1537 pppoe_clear_softc(struct pppoe_softc *sc, const char *message) 1538 { 1539 /* stop timer */ 1540 callout_stop(&sc->sc_timeout); 1541 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1542 printf("%s: session 0x%x terminated, %s\n", 1543 sc->sc_sppp.pp_if.if_xname, sc->sc_session, message); 1544 1545 /* fix our state */ 1546 sc->sc_state = PPPOE_STATE_INITIAL; 1547 1548 /* signal upper layer */ 1549 sc->sc_sppp.pp_down(&sc->sc_sppp); 1550 1551 /* clean up softc */ 1552 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1553 if (sc->sc_ac_cookie) { 1554 free(sc->sc_ac_cookie, M_DEVBUF); 1555 sc->sc_ac_cookie = NULL; 1556 } 1557 if (sc->sc_relay_sid) { 1558 free(sc->sc_relay_sid, M_DEVBUF); 1559 sc->sc_relay_sid = NULL; 1560 } 1561 sc->sc_ac_cookie_len = 0; 1562 sc->sc_session = 0; 1563 } 1564