1 /* $NetBSD: if_pppoe.c,v 1.96 2010/04/05 07:22:23 joerg Exp $ */ 2 3 /*- 4 * Copyright (c) 2002, 2008 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Martin Husemann <martin@NetBSD.org>. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 #include <sys/cdefs.h> 33 __KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.96 2010/04/05 07:22:23 joerg Exp $"); 34 35 #include "pppoe.h" 36 #include "opt_pfil_hooks.h" 37 #include "opt_pppoe.h" 38 39 #include <sys/param.h> 40 #include <sys/systm.h> 41 #include <sys/kernel.h> 42 #include <sys/callout.h> 43 #include <sys/malloc.h> 44 #include <sys/mbuf.h> 45 #include <sys/socket.h> 46 #include <sys/proc.h> 47 #include <sys/ioctl.h> 48 #include <sys/kauth.h> 49 #include <sys/intr.h> 50 #include <sys/socketvar.h> 51 52 #include <net/if.h> 53 #include <net/if_types.h> 54 #include <net/if_ether.h> 55 #include <net/if_sppp.h> 56 #include <net/if_spppvar.h> 57 #include <net/if_pppoe.h> 58 59 #include <net/bpf.h> 60 61 62 #undef PPPOE_DEBUG /* XXX - remove this or make it an option */ 63 /* #define PPPOE_DEBUG 1 */ 64 65 struct pppoehdr { 66 uint8_t vertype; 67 uint8_t code; 68 uint16_t session; 69 uint16_t plen; 70 } __packed; 71 72 struct pppoetag { 73 uint16_t tag; 74 uint16_t len; 75 } __packed; 76 77 #define PPPOE_HEADERLEN sizeof(struct pppoehdr) 78 #define PPPOE_OVERHEAD (PPPOE_HEADERLEN + 2) 79 #define PPPOE_VERTYPE 0x11 /* VER=1, TYPE = 1 */ 80 81 #define PPPOE_TAG_EOL 0x0000 /* end of list */ 82 #define PPPOE_TAG_SNAME 0x0101 /* service name */ 83 #define PPPOE_TAG_ACNAME 0x0102 /* access concentrator name */ 84 #define PPPOE_TAG_HUNIQUE 0x0103 /* host unique */ 85 #define PPPOE_TAG_ACCOOKIE 0x0104 /* AC cookie */ 86 #define PPPOE_TAG_VENDOR 0x0105 /* vendor specific */ 87 #define PPPOE_TAG_RELAYSID 0x0110 /* relay session id */ 88 #define PPPOE_TAG_SNAME_ERR 0x0201 /* service name error */ 89 #define PPPOE_TAG_ACSYS_ERR 0x0202 /* AC system error */ 90 #define PPPOE_TAG_GENERIC_ERR 0x0203 /* gerneric error */ 91 92 #define PPPOE_CODE_PADI 0x09 /* Active Discovery Initiation */ 93 #define PPPOE_CODE_PADO 0x07 /* Active Discovery Offer */ 94 #define PPPOE_CODE_PADR 0x19 /* Active Discovery Request */ 95 #define PPPOE_CODE_PADS 0x65 /* Active Discovery Session confirmation */ 96 #define PPPOE_CODE_PADT 0xA7 /* Active Discovery Terminate */ 97 98 /* two byte PPP protocol discriminator, then IP data */ 99 #define PPPOE_MAXMTU (ETHERMTU - PPPOE_OVERHEAD) 100 101 /* Add a 16 bit unsigned value to a buffer pointed to by PTR */ 102 #define PPPOE_ADD_16(PTR, VAL) \ 103 *(PTR)++ = (VAL) / 256; \ 104 *(PTR)++ = (VAL) % 256 105 106 /* Add a complete PPPoE header to the buffer pointed to by PTR */ 107 #define PPPOE_ADD_HEADER(PTR, CODE, SESS, LEN) \ 108 *(PTR)++ = PPPOE_VERTYPE; \ 109 *(PTR)++ = (CODE); \ 110 PPPOE_ADD_16(PTR, SESS); \ 111 PPPOE_ADD_16(PTR, LEN) 112 113 #define PPPOE_DISC_TIMEOUT (hz*5) /* base for quick timeout calculation */ 114 #define PPPOE_SLOW_RETRY (hz*60) /* persistent retry interval */ 115 #define PPPOE_RECON_FAST (hz*15) /* first retry after auth failure */ 116 #define PPPOE_RECON_IMMEDIATE (hz/10) /* "no delay" reconnect */ 117 #define PPPOE_DISC_MAXPADI 4 /* retry PADI four times (quickly) */ 118 #define PPPOE_DISC_MAXPADR 2 /* retry PADR twice */ 119 120 #ifdef PPPOE_SERVER 121 /* from if_spppsubr.c */ 122 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 123 #endif 124 125 struct pppoe_softc { 126 struct sppp sc_sppp; /* contains a struct ifnet as first element */ 127 LIST_ENTRY(pppoe_softc) sc_list; 128 struct ifnet *sc_eth_if; /* ethernet interface we are using */ 129 130 int sc_state; /* discovery phase or session connected */ 131 struct ether_addr sc_dest; /* hardware address of concentrator */ 132 uint16_t sc_session; /* PPPoE session id */ 133 134 char *sc_service_name; /* if != NULL: requested name of service */ 135 char *sc_concentrator_name; /* if != NULL: requested concentrator id */ 136 uint8_t *sc_ac_cookie; /* content of AC cookie we must echo back */ 137 size_t sc_ac_cookie_len; /* length of cookie data */ 138 uint8_t *sc_relay_sid; /* content of relay SID we must echo back */ 139 size_t sc_relay_sid_len; /* length of relay SID data */ 140 #ifdef PPPOE_SERVER 141 uint8_t *sc_hunique; /* content of host unique we must echo back */ 142 size_t sc_hunique_len; /* length of host unique */ 143 #endif 144 callout_t sc_timeout; /* timeout while not in session state */ 145 int sc_padi_retried; /* number of PADI retries already done */ 146 int sc_padr_retried; /* number of PADR retries already done */ 147 }; 148 149 /* incoming traffic will be queued here */ 150 struct ifqueue ppoediscinq = { .ifq_maxlen = IFQ_MAXLEN }; 151 struct ifqueue ppoeinq = { .ifq_maxlen = IFQ_MAXLEN }; 152 153 void *pppoe_softintr = NULL; 154 static void pppoe_softintr_handler(void *); 155 156 extern int sppp_ioctl(struct ifnet *, unsigned long, void *); 157 158 /* input routines */ 159 static void pppoe_input(void); 160 static void pppoe_disc_input(struct mbuf *); 161 static void pppoe_dispatch_disc_pkt(struct mbuf *, int); 162 static void pppoe_data_input(struct mbuf *); 163 164 /* management routines */ 165 void pppoeattach(int); 166 static int pppoe_connect(struct pppoe_softc *); 167 static int pppoe_disconnect(struct pppoe_softc *); 168 static void pppoe_abort_connect(struct pppoe_softc *); 169 static int pppoe_ioctl(struct ifnet *, unsigned long, void *); 170 static void pppoe_tls(struct sppp *); 171 static void pppoe_tlf(struct sppp *); 172 static void pppoe_start(struct ifnet *); 173 static void pppoe_clear_softc(struct pppoe_softc *, const char *); 174 175 /* internal timeout handling */ 176 static void pppoe_timeout(void *); 177 178 /* sending actual protocol controll packets */ 179 static int pppoe_send_padi(struct pppoe_softc *); 180 static int pppoe_send_padr(struct pppoe_softc *); 181 #ifdef PPPOE_SERVER 182 static int pppoe_send_pado(struct pppoe_softc *); 183 static int pppoe_send_pads(struct pppoe_softc *); 184 #endif 185 static int pppoe_send_padt(struct ifnet *, u_int, const uint8_t *); 186 187 /* raw output */ 188 static int pppoe_output(struct pppoe_softc *, struct mbuf *); 189 190 /* internal helper functions */ 191 static struct pppoe_softc * pppoe_find_softc_by_session(u_int, struct ifnet *); 192 static struct pppoe_softc * pppoe_find_softc_by_hunique(uint8_t *, size_t, struct ifnet *); 193 static struct mbuf *pppoe_get_mbuf(size_t len); 194 195 #ifdef PFIL_HOOKS 196 static int pppoe_ifattach_hook(void *, struct mbuf **, struct ifnet *, int); 197 #endif 198 199 static LIST_HEAD(pppoe_softc_head, pppoe_softc) pppoe_softc_list; 200 201 static int pppoe_clone_create(struct if_clone *, int); 202 static int pppoe_clone_destroy(struct ifnet *); 203 204 static struct if_clone pppoe_cloner = 205 IF_CLONE_INITIALIZER("pppoe", pppoe_clone_create, pppoe_clone_destroy); 206 207 /* ARGSUSED */ 208 void 209 pppoeattach(int count) 210 { 211 LIST_INIT(&pppoe_softc_list); 212 if_clone_attach(&pppoe_cloner); 213 214 pppoe_softintr = softint_establish(SOFTINT_NET, pppoe_softintr_handler, NULL); 215 } 216 217 static int 218 pppoe_clone_create(struct if_clone *ifc, int unit) 219 { 220 struct pppoe_softc *sc; 221 222 sc = malloc(sizeof(struct pppoe_softc), M_DEVBUF, M_WAITOK|M_ZERO); 223 224 if_initname(&sc->sc_sppp.pp_if, "pppoe", unit); 225 sc->sc_sppp.pp_if.if_softc = sc; 226 sc->sc_sppp.pp_if.if_mtu = PPPOE_MAXMTU; 227 sc->sc_sppp.pp_if.if_flags = IFF_SIMPLEX|IFF_POINTOPOINT|IFF_MULTICAST; 228 sc->sc_sppp.pp_if.if_type = IFT_PPP; 229 sc->sc_sppp.pp_if.if_hdrlen = sizeof(struct ether_header) + PPPOE_HEADERLEN; 230 sc->sc_sppp.pp_if.if_dlt = DLT_PPP_ETHER; 231 sc->sc_sppp.pp_flags |= PP_KEEPALIVE | /* use LCP keepalive */ 232 PP_NOFRAMING; /* no serial encapsulation */ 233 sc->sc_sppp.pp_if.if_ioctl = pppoe_ioctl; 234 IFQ_SET_MAXLEN(&sc->sc_sppp.pp_if.if_snd, IFQ_MAXLEN); 235 IFQ_SET_READY(&sc->sc_sppp.pp_if.if_snd); 236 237 /* changed to real address later */ 238 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 239 240 callout_init(&sc->sc_timeout, 0); 241 242 sc->sc_sppp.pp_if.if_start = pppoe_start; 243 sc->sc_sppp.pp_tls = pppoe_tls; 244 sc->sc_sppp.pp_tlf = pppoe_tlf; 245 sc->sc_sppp.pp_framebytes = PPPOE_HEADERLEN; /* framing added to ppp packets */ 246 247 if_attach(&sc->sc_sppp.pp_if); 248 sppp_attach(&sc->sc_sppp.pp_if); 249 250 bpf_attach(&sc->sc_sppp.pp_if, DLT_PPP_ETHER, 0); 251 #ifdef PFIL_HOOKS 252 if (LIST_EMPTY(&pppoe_softc_list)) 253 pfil_add_hook(pppoe_ifattach_hook, NULL, 254 PFIL_IFNET|PFIL_WAITOK, &if_pfil); 255 #endif 256 LIST_INSERT_HEAD(&pppoe_softc_list, sc, sc_list); 257 return 0; 258 } 259 260 static int 261 pppoe_clone_destroy(struct ifnet *ifp) 262 { 263 struct pppoe_softc * sc = ifp->if_softc; 264 265 callout_stop(&sc->sc_timeout); 266 LIST_REMOVE(sc, sc_list); 267 #ifdef PFIL_HOOKS 268 if (LIST_EMPTY(&pppoe_softc_list)) 269 pfil_remove_hook(pppoe_ifattach_hook, NULL, 270 PFIL_IFNET|PFIL_WAITOK, &if_pfil); 271 #endif 272 bpf_detach(ifp); 273 sppp_detach(&sc->sc_sppp.pp_if); 274 if_detach(ifp); 275 if (sc->sc_concentrator_name) 276 free(sc->sc_concentrator_name, M_DEVBUF); 277 if (sc->sc_service_name) 278 free(sc->sc_service_name, M_DEVBUF); 279 if (sc->sc_ac_cookie) 280 free(sc->sc_ac_cookie, M_DEVBUF); 281 if (sc->sc_relay_sid) 282 free(sc->sc_relay_sid, M_DEVBUF); 283 callout_destroy(&sc->sc_timeout); 284 free(sc, M_DEVBUF); 285 286 return (0); 287 } 288 289 /* 290 * Find the interface handling the specified session. 291 * Note: O(number of sessions open), this is a client-side only, mean 292 * and lean implementation, so number of open sessions typically should 293 * be 1. 294 */ 295 static struct pppoe_softc * 296 pppoe_find_softc_by_session(u_int session, struct ifnet *rcvif) 297 { 298 struct pppoe_softc *sc; 299 300 if (session == 0) 301 return NULL; 302 303 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) { 304 if (sc->sc_state == PPPOE_STATE_SESSION 305 && sc->sc_session == session 306 && sc->sc_eth_if == rcvif) 307 return sc; 308 } 309 return NULL; 310 } 311 312 /* Check host unique token passed and return appropriate softc pointer, 313 * or NULL if token is bogus. */ 314 static struct pppoe_softc * 315 pppoe_find_softc_by_hunique(uint8_t *token, size_t len, struct ifnet *rcvif) 316 { 317 struct pppoe_softc *sc, *t; 318 319 if (LIST_EMPTY(&pppoe_softc_list)) 320 return NULL; 321 322 if (len != sizeof sc) 323 return NULL; 324 memcpy(&t, token, len); 325 326 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) 327 if (sc == t) break; 328 329 if (sc == NULL) { 330 #ifdef PPPOE_DEBUG 331 printf("pppoe: alien host unique tag, no session found\n"); 332 #endif 333 return NULL; 334 } 335 336 /* should be safe to access *sc now */ 337 if (sc->sc_state < PPPOE_STATE_PADI_SENT || sc->sc_state >= PPPOE_STATE_SESSION) { 338 printf("%s: host unique tag found, but it belongs to a connection in state %d\n", 339 sc->sc_sppp.pp_if.if_xname, sc->sc_state); 340 return NULL; 341 } 342 if (sc->sc_eth_if != rcvif) { 343 printf("%s: wrong interface, not accepting host unique\n", 344 sc->sc_sppp.pp_if.if_xname); 345 return NULL; 346 } 347 return sc; 348 } 349 350 static void 351 pppoe_softintr_handler(void *dummy) 352 { 353 /* called at splsoftnet() */ 354 mutex_enter(softnet_lock); 355 pppoe_input(); 356 mutex_exit(softnet_lock); 357 } 358 359 /* called at appropriate protection level */ 360 static void 361 pppoe_input(void) 362 { 363 struct mbuf *m; 364 int s, disc_done, data_done; 365 366 do { 367 disc_done = 0; 368 data_done = 0; 369 for (;;) { 370 s = splnet(); 371 IF_DEQUEUE(&ppoediscinq, m); 372 splx(s); 373 if (m == NULL) break; 374 disc_done = 1; 375 pppoe_disc_input(m); 376 } 377 378 for (;;) { 379 s = splnet(); 380 IF_DEQUEUE(&ppoeinq, m); 381 splx(s); 382 if (m == NULL) break; 383 data_done = 1; 384 pppoe_data_input(m); 385 } 386 } while (disc_done || data_done); 387 } 388 389 /* analyze and handle a single received packet while not in session state */ 390 static void 391 pppoe_dispatch_disc_pkt(struct mbuf *m, int off) 392 { 393 uint16_t tag, len; 394 uint16_t session, plen; 395 struct pppoe_softc *sc; 396 const char *err_msg, *devname; 397 char *error; 398 uint8_t *ac_cookie; 399 size_t ac_cookie_len; 400 uint8_t *relay_sid; 401 size_t relay_sid_len; 402 #ifdef PPPOE_SERVER 403 uint8_t *hunique; 404 size_t hunique_len; 405 #endif 406 struct pppoehdr *ph; 407 struct pppoetag *pt; 408 struct mbuf *n; 409 int noff, err, errortag; 410 struct ether_header *eh; 411 412 devname = "pppoe"; /* as long as we don't know which instance */ 413 err_msg = NULL; 414 errortag = 0; 415 if (m->m_len < sizeof(*eh)) { 416 m = m_pullup(m, sizeof(*eh)); 417 if (!m) 418 goto done; 419 } 420 eh = mtod(m, struct ether_header *); 421 off += sizeof(*eh); 422 423 ac_cookie = NULL; 424 ac_cookie_len = 0; 425 relay_sid = NULL; 426 relay_sid_len = 0; 427 #ifdef PPPOE_SERVER 428 hunique = NULL; 429 hunique_len = 0; 430 #endif 431 session = 0; 432 if (m->m_pkthdr.len - off <= PPPOE_HEADERLEN) { 433 printf("pppoe: packet too short: %d\n", m->m_pkthdr.len); 434 goto done; 435 } 436 437 n = m_pulldown(m, off, sizeof(*ph), &noff); 438 if (!n) { 439 printf("pppoe: could not get PPPoE header\n"); 440 m = NULL; 441 goto done; 442 } 443 ph = (struct pppoehdr *)(mtod(n, char *) + noff); 444 if (ph->vertype != PPPOE_VERTYPE) { 445 printf("pppoe: unknown version/type packet: 0x%x\n", 446 ph->vertype); 447 goto done; 448 } 449 session = ntohs(ph->session); 450 plen = ntohs(ph->plen); 451 off += sizeof(*ph); 452 453 if (plen + off > m->m_pkthdr.len) { 454 printf("pppoe: packet content does not fit: data available = %d, packet size = %u\n", 455 m->m_pkthdr.len - off, plen); 456 goto done; 457 } 458 m_adj(m, off + plen - m->m_pkthdr.len); /* ignore trailing garbage */ 459 tag = 0; 460 len = 0; 461 sc = NULL; 462 while (off + sizeof(*pt) <= m->m_pkthdr.len) { 463 n = m_pulldown(m, off, sizeof(*pt), &noff); 464 if (!n) { 465 printf("%s: parse error\n", devname); 466 m = NULL; 467 goto done; 468 } 469 pt = (struct pppoetag *)(mtod(n, char *) + noff); 470 tag = ntohs(pt->tag); 471 len = ntohs(pt->len); 472 if (off + len + sizeof(*pt) > m->m_pkthdr.len) { 473 printf("pppoe: tag 0x%x len 0x%x is too long\n", 474 tag, len); 475 goto done; 476 } 477 switch (tag) { 478 case PPPOE_TAG_EOL: 479 goto breakbreak; 480 case PPPOE_TAG_SNAME: 481 break; /* ignored */ 482 case PPPOE_TAG_ACNAME: 483 error = NULL; 484 if (sc != NULL && len > 0) { 485 error = malloc(len+1, M_TEMP, M_NOWAIT); 486 if (error) { 487 n = m_pulldown(m, off + sizeof(*pt), 488 len, &noff); 489 if (n) { 490 strncpy(error, 491 mtod(n, char*) + noff, 492 len); 493 error[len] = '\0'; 494 } 495 printf("%s: connected to %s\n", 496 devname, error); 497 free(error, M_TEMP); 498 } 499 } 500 break; /* ignored */ 501 case PPPOE_TAG_HUNIQUE: 502 if (sc != NULL) 503 break; 504 n = m_pulldown(m, off + sizeof(*pt), len, &noff); 505 if (!n) { 506 m = NULL; 507 err_msg = "TAG HUNIQUE ERROR"; 508 break; 509 } 510 #ifdef PPPOE_SERVER 511 hunique = mtod(n, uint8_t *) + noff; 512 hunique_len = len; 513 #endif 514 sc = pppoe_find_softc_by_hunique(mtod(n, char *) + noff, 515 len, m->m_pkthdr.rcvif); 516 if (sc != NULL) 517 devname = sc->sc_sppp.pp_if.if_xname; 518 break; 519 case PPPOE_TAG_ACCOOKIE: 520 if (ac_cookie == NULL) { 521 n = m_pulldown(m, off + sizeof(*pt), len, 522 &noff); 523 if (!n) { 524 err_msg = "TAG ACCOOKIE ERROR"; 525 m = NULL; 526 break; 527 } 528 ac_cookie = mtod(n, char *) + noff; 529 ac_cookie_len = len; 530 } 531 break; 532 case PPPOE_TAG_RELAYSID: 533 if (relay_sid == NULL) { 534 n = m_pulldown(m, off + sizeof(*pt), len, 535 &noff); 536 if (!n) { 537 err_msg = "TAG RELAYSID ERROR"; 538 m = NULL; 539 break; 540 } 541 relay_sid = mtod(n, char *) + noff; 542 relay_sid_len = len; 543 } 544 break; 545 case PPPOE_TAG_SNAME_ERR: 546 err_msg = "SERVICE NAME ERROR"; 547 errortag = 1; 548 break; 549 case PPPOE_TAG_ACSYS_ERR: 550 err_msg = "AC SYSTEM ERROR"; 551 errortag = 1; 552 break; 553 case PPPOE_TAG_GENERIC_ERR: 554 err_msg = "GENERIC ERROR"; 555 errortag = 1; 556 break; 557 } 558 if (err_msg) { 559 error = NULL; 560 if (errortag && len) { 561 error = malloc(len+1, M_TEMP, M_NOWAIT); 562 n = m_pulldown(m, off + sizeof(*pt), len, 563 &noff); 564 if (n && error) { 565 strncpy(error, 566 mtod(n, char *) + noff, len); 567 error[len] = '\0'; 568 } 569 } 570 if (error) { 571 printf("%s: %s: %s\n", devname, 572 err_msg, error); 573 free(error, M_TEMP); 574 } else 575 printf("%s: %s\n", devname, err_msg); 576 if (errortag || m == NULL) 577 goto done; 578 } 579 off += sizeof(*pt) + len; 580 } 581 breakbreak:; 582 switch (ph->code) { 583 case PPPOE_CODE_PADI: 584 #ifdef PPPOE_SERVER 585 /* 586 * got service name, concentrator name, and/or host unique. 587 * ignore if we have no interfaces with IFF_PASSIVE|IFF_UP. 588 */ 589 if (LIST_EMPTY(&pppoe_softc_list)) 590 goto done; 591 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) { 592 if (!(sc->sc_sppp.pp_if.if_flags & IFF_UP)) 593 continue; 594 if (!(sc->sc_sppp.pp_if.if_flags & IFF_PASSIVE)) 595 continue; 596 if (sc->sc_state == PPPOE_STATE_INITIAL) 597 break; 598 } 599 if (sc == NULL) { 600 /* printf("pppoe: free passive interface is not found\n");*/ 601 goto done; 602 } 603 if (hunique) { 604 if (sc->sc_hunique) 605 free(sc->sc_hunique, M_DEVBUF); 606 sc->sc_hunique = malloc(hunique_len, M_DEVBUF, 607 M_DONTWAIT); 608 if (sc->sc_hunique == NULL) 609 goto done; 610 sc->sc_hunique_len = hunique_len; 611 memcpy(sc->sc_hunique, hunique, hunique_len); 612 } 613 memcpy(&sc->sc_dest, eh->ether_shost, sizeof sc->sc_dest); 614 sc->sc_state = PPPOE_STATE_PADO_SENT; 615 pppoe_send_pado(sc); 616 break; 617 #endif /* PPPOE_SERVER */ 618 case PPPOE_CODE_PADR: 619 #ifdef PPPOE_SERVER 620 /* 621 * get sc from ac_cookie if IFF_PASSIVE 622 */ 623 if (ac_cookie == NULL) { 624 /* be quiet if there is not a single pppoe instance */ 625 printf("pppoe: received PADR but not includes ac_cookie\n"); 626 goto done; 627 } 628 sc = pppoe_find_softc_by_hunique(ac_cookie, 629 ac_cookie_len, 630 m->m_pkthdr.rcvif); 631 if (sc == NULL) { 632 /* be quiet if there is not a single pppoe instance */ 633 if (!LIST_EMPTY(&pppoe_softc_list)) 634 printf("pppoe: received PADR but could not find request for it\n"); 635 goto done; 636 } 637 if (sc->sc_state != PPPOE_STATE_PADO_SENT) { 638 printf("%s: received unexpected PADR\n", 639 sc->sc_sppp.pp_if.if_xname); 640 goto done; 641 } 642 if (hunique) { 643 if (sc->sc_hunique) 644 free(sc->sc_hunique, M_DEVBUF); 645 sc->sc_hunique = malloc(hunique_len, M_DEVBUF, 646 M_DONTWAIT); 647 if (sc->sc_hunique == NULL) 648 goto done; 649 sc->sc_hunique_len = hunique_len; 650 memcpy(sc->sc_hunique, hunique, hunique_len); 651 } 652 pppoe_send_pads(sc); 653 sc->sc_state = PPPOE_STATE_SESSION; 654 sc->sc_sppp.pp_up(&sc->sc_sppp); 655 break; 656 #else 657 /* ignore, we are no access concentrator */ 658 goto done; 659 #endif /* PPPOE_SERVER */ 660 case PPPOE_CODE_PADO: 661 if (sc == NULL) { 662 /* be quiet if there is not a single pppoe instance */ 663 if (!LIST_EMPTY(&pppoe_softc_list)) 664 printf("pppoe: received PADO but could not find request for it\n"); 665 goto done; 666 } 667 if (sc->sc_state != PPPOE_STATE_PADI_SENT) { 668 printf("%s: received unexpected PADO\n", 669 sc->sc_sppp.pp_if.if_xname); 670 goto done; 671 } 672 if (ac_cookie) { 673 if (sc->sc_ac_cookie) 674 free(sc->sc_ac_cookie, M_DEVBUF); 675 sc->sc_ac_cookie = malloc(ac_cookie_len, M_DEVBUF, 676 M_DONTWAIT); 677 if (sc->sc_ac_cookie == NULL) { 678 printf("%s: FATAL: could not allocate memory " 679 "for AC cookie\n", 680 sc->sc_sppp.pp_if.if_xname); 681 goto done; 682 } 683 sc->sc_ac_cookie_len = ac_cookie_len; 684 memcpy(sc->sc_ac_cookie, ac_cookie, ac_cookie_len); 685 } 686 if (relay_sid) { 687 if (sc->sc_relay_sid) 688 free(sc->sc_relay_sid, M_DEVBUF); 689 sc->sc_relay_sid = malloc(relay_sid_len, M_DEVBUF, 690 M_DONTWAIT); 691 if (sc->sc_relay_sid == NULL) { 692 printf("%s: FATAL: could not allocate memory " 693 "for relay SID\n", 694 sc->sc_sppp.pp_if.if_xname); 695 goto done; 696 } 697 sc->sc_relay_sid_len = relay_sid_len; 698 memcpy(sc->sc_relay_sid, relay_sid, relay_sid_len); 699 } 700 memcpy(&sc->sc_dest, eh->ether_shost, sizeof sc->sc_dest); 701 callout_stop(&sc->sc_timeout); 702 sc->sc_padr_retried = 0; 703 sc->sc_state = PPPOE_STATE_PADR_SENT; 704 if ((err = pppoe_send_padr(sc)) != 0) { 705 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 706 printf("%s: failed to send PADR, " 707 "error=%d\n", sc->sc_sppp.pp_if.if_xname, 708 err); 709 } 710 callout_reset(&sc->sc_timeout, 711 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried), 712 pppoe_timeout, sc); 713 break; 714 case PPPOE_CODE_PADS: 715 if (sc == NULL) 716 goto done; 717 sc->sc_session = session; 718 callout_stop(&sc->sc_timeout); 719 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 720 printf("%s: session 0x%x connected\n", 721 sc->sc_sppp.pp_if.if_xname, session); 722 sc->sc_state = PPPOE_STATE_SESSION; 723 sc->sc_sppp.pp_up(&sc->sc_sppp); /* notify upper layers */ 724 break; 725 case PPPOE_CODE_PADT: 726 if (sc == NULL) 727 goto done; 728 pppoe_clear_softc(sc, "received PADT"); 729 break; 730 default: 731 printf("%s: unknown code (0x%04x) session = 0x%04x\n", 732 sc? sc->sc_sppp.pp_if.if_xname : "pppoe", 733 ph->code, session); 734 break; 735 } 736 737 done: 738 if (m) 739 m_freem(m); 740 return; 741 } 742 743 static void 744 pppoe_disc_input(struct mbuf *m) 745 { 746 747 /* avoid error messages if there is not a single pppoe instance */ 748 if (!LIST_EMPTY(&pppoe_softc_list)) { 749 KASSERT(m->m_flags & M_PKTHDR); 750 pppoe_dispatch_disc_pkt(m, 0); 751 } else 752 m_freem(m); 753 } 754 755 static void 756 pppoe_data_input(struct mbuf *m) 757 { 758 uint16_t session, plen; 759 struct pppoe_softc *sc; 760 struct pppoehdr *ph; 761 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 762 uint8_t shost[ETHER_ADDR_LEN]; 763 #endif 764 765 KASSERT(m->m_flags & M_PKTHDR); 766 767 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 768 memcpy(shost, mtod(m, struct ether_header*)->ether_shost, ETHER_ADDR_LEN); 769 #endif 770 m_adj(m, sizeof(struct ether_header)); 771 if (m->m_pkthdr.len <= PPPOE_HEADERLEN) { 772 printf("pppoe (data): dropping too short packet: %d bytes\n", 773 m->m_pkthdr.len); 774 goto drop; 775 } 776 777 if (m->m_len < sizeof(*ph)) { 778 m = m_pullup(m, sizeof(*ph)); 779 if (!m) { 780 printf("pppoe: could not get PPPoE header\n"); 781 return; 782 } 783 } 784 ph = mtod(m, struct pppoehdr *); 785 786 if (ph->vertype != PPPOE_VERTYPE) { 787 printf("pppoe (data): unknown version/type packet: 0x%x\n", 788 ph->vertype); 789 goto drop; 790 } 791 if (ph->code != 0) 792 goto drop; 793 794 session = ntohs(ph->session); 795 sc = pppoe_find_softc_by_session(session, m->m_pkthdr.rcvif); 796 if (sc == NULL) { 797 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 798 printf("pppoe: input for unknown session 0x%x, sending PADT\n", 799 session); 800 pppoe_send_padt(m->m_pkthdr.rcvif, session, shost); 801 #endif 802 goto drop; 803 } 804 805 plen = ntohs(ph->plen); 806 807 bpf_mtap(&sc->sc_sppp.pp_if, m); 808 809 m_adj(m, PPPOE_HEADERLEN); 810 811 #ifdef PPPOE_DEBUG 812 { 813 struct mbuf *p; 814 815 printf("%s: pkthdr.len=%d, pppoe.len=%d", 816 sc->sc_sppp.pp_if.if_xname, 817 m->m_pkthdr.len, plen); 818 p = m; 819 while (p) { 820 printf(" l=%d", p->m_len); 821 p = p->m_next; 822 } 823 printf("\n"); 824 } 825 #endif 826 827 if (m->m_pkthdr.len < plen) 828 goto drop; 829 830 /* fix incoming interface pointer (not the raw ethernet interface anymore) */ 831 m->m_pkthdr.rcvif = &sc->sc_sppp.pp_if; 832 833 /* pass packet up and account for it */ 834 sc->sc_sppp.pp_if.if_ipackets++; 835 sppp_input(&sc->sc_sppp.pp_if, m); 836 return; 837 838 drop: 839 m_freem(m); 840 } 841 842 static int 843 pppoe_output(struct pppoe_softc *sc, struct mbuf *m) 844 { 845 struct sockaddr dst; 846 struct ether_header *eh; 847 uint16_t etype; 848 849 if (sc->sc_eth_if == NULL) { 850 m_freem(m); 851 return EIO; 852 } 853 854 memset(&dst, 0, sizeof dst); 855 dst.sa_family = AF_UNSPEC; 856 eh = (struct ether_header*)&dst.sa_data; 857 etype = sc->sc_state == PPPOE_STATE_SESSION ? ETHERTYPE_PPPOE : ETHERTYPE_PPPOEDISC; 858 eh->ether_type = htons(etype); 859 memcpy(&eh->ether_dhost, &sc->sc_dest, sizeof sc->sc_dest); 860 861 #ifdef PPPOE_DEBUG 862 printf("%s (%x) state=%d, session=0x%x output -> %s, len=%d\n", 863 sc->sc_sppp.pp_if.if_xname, etype, 864 sc->sc_state, sc->sc_session, 865 ether_sprintf((const unsigned char *)&sc->sc_dest), m->m_pkthdr.len); 866 #endif 867 868 m->m_flags &= ~(M_BCAST|M_MCAST); 869 sc->sc_sppp.pp_if.if_opackets++; 870 return sc->sc_eth_if->if_output(sc->sc_eth_if, m, &dst, NULL); 871 } 872 873 static int 874 pppoe_ioctl(struct ifnet *ifp, unsigned long cmd, void *data) 875 { 876 struct lwp *l = curlwp; /* XXX */ 877 struct pppoe_softc *sc = (struct pppoe_softc*)ifp; 878 struct ifreq *ifr = data; 879 int error = 0; 880 881 switch (cmd) { 882 case PPPOESETPARMS: 883 { 884 struct pppoediscparms *parms = (struct pppoediscparms*)data; 885 if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE, 886 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, 887 NULL) != 0) 888 return (EPERM); 889 if (parms->eth_ifname[0] != 0) { 890 struct ifnet *eth_if; 891 892 eth_if = ifunit(parms->eth_ifname); 893 if (eth_if == NULL || eth_if->if_dlt != DLT_EN10MB) { 894 sc->sc_eth_if = NULL; 895 return ENXIO; 896 } 897 898 if (sc->sc_sppp.pp_if.if_mtu > 899 eth_if->if_mtu - PPPOE_OVERHEAD) { 900 sc->sc_sppp.pp_if.if_mtu = eth_if->if_mtu - 901 PPPOE_OVERHEAD; 902 } 903 sc->sc_eth_if = eth_if; 904 } 905 if (parms->ac_name != NULL) { 906 size_t s; 907 char *b = malloc(parms->ac_name_len + 1, M_DEVBUF, 908 M_WAITOK); 909 if (b == NULL) 910 return ENOMEM; 911 error = copyinstr(parms->ac_name, b, 912 parms->ac_name_len+1, &s); 913 if (error != 0) { 914 free(b, M_DEVBUF); 915 return error; 916 } 917 if (s != parms->ac_name_len+1) { 918 free(b, M_DEVBUF); 919 return EINVAL; 920 } 921 if (sc->sc_concentrator_name) 922 free(sc->sc_concentrator_name, M_DEVBUF); 923 sc->sc_concentrator_name = b; 924 } 925 if (parms->service_name != NULL) { 926 size_t s; 927 char *b = malloc(parms->service_name_len + 1, M_DEVBUF, 928 M_WAITOK); 929 if (b == NULL) 930 return ENOMEM; 931 error = copyinstr(parms->service_name, b, 932 parms->service_name_len+1, &s); 933 if (error != 0) { 934 free(b, M_DEVBUF); 935 return error; 936 } 937 if (s != parms->service_name_len+1) { 938 free(b, M_DEVBUF); 939 return EINVAL; 940 } 941 if (sc->sc_service_name) 942 free(sc->sc_service_name, M_DEVBUF); 943 sc->sc_service_name = b; 944 } 945 return 0; 946 } 947 break; 948 case PPPOEGETPARMS: 949 { 950 struct pppoediscparms *parms = (struct pppoediscparms*)data; 951 memset(parms, 0, sizeof *parms); 952 if (sc->sc_eth_if) 953 strncpy(parms->ifname, sc->sc_eth_if->if_xname, IFNAMSIZ); 954 return 0; 955 } 956 break; 957 case PPPOEGETSESSION: 958 { 959 struct pppoeconnectionstate *state = (struct pppoeconnectionstate*)data; 960 state->state = sc->sc_state; 961 state->session_id = sc->sc_session; 962 state->padi_retry_no = sc->sc_padi_retried; 963 state->padr_retry_no = sc->sc_padr_retried; 964 return 0; 965 } 966 break; 967 case SIOCSIFFLAGS: 968 /* 969 * Prevent running re-establishment timers overriding 970 * administrators choice. 971 */ 972 if ((ifr->ifr_flags & IFF_UP) == 0 973 && sc->sc_state >= PPPOE_STATE_PADI_SENT 974 && sc->sc_state < PPPOE_STATE_SESSION) { 975 callout_stop(&sc->sc_timeout); 976 sc->sc_state = PPPOE_STATE_INITIAL; 977 sc->sc_padi_retried = 0; 978 sc->sc_padr_retried = 0; 979 memcpy(&sc->sc_dest, etherbroadcastaddr, 980 sizeof(sc->sc_dest)); 981 } 982 return sppp_ioctl(ifp, cmd, data); 983 case SIOCSIFMTU: 984 if (ifr->ifr_mtu > (sc->sc_eth_if == NULL ? 985 PPPOE_MAXMTU : (sc->sc_eth_if->if_mtu - PPPOE_OVERHEAD))) { 986 return EINVAL; 987 } 988 /*FALLTHROUGH*/ 989 default: 990 return sppp_ioctl(ifp, cmd, data); 991 } 992 return 0; 993 } 994 995 /* 996 * Allocate a mbuf/cluster with space to store the given data length 997 * of payload, leaving space for prepending an ethernet header 998 * in front. 999 */ 1000 static struct mbuf * 1001 pppoe_get_mbuf(size_t len) 1002 { 1003 struct mbuf *m; 1004 1005 MGETHDR(m, M_DONTWAIT, MT_DATA); 1006 if (m == NULL) 1007 return NULL; 1008 if (len + sizeof(struct ether_header) > MHLEN) { 1009 MCLGET(m, M_DONTWAIT); 1010 if ((m->m_flags & M_EXT) == 0) { 1011 struct mbuf *n; 1012 MFREE(m, n); 1013 return 0; 1014 } 1015 } 1016 m->m_data += sizeof(struct ether_header); 1017 m->m_len = len; 1018 m->m_pkthdr.len = len; 1019 m->m_pkthdr.rcvif = NULL; 1020 1021 return m; 1022 } 1023 1024 static int 1025 pppoe_send_padi(struct pppoe_softc *sc) 1026 { 1027 struct mbuf *m0; 1028 int len, l1 = 0, l2 = 0; /* XXX: gcc */ 1029 uint8_t *p; 1030 1031 if (sc->sc_state >PPPOE_STATE_PADI_SENT) 1032 panic("pppoe_send_padi in state %d", sc->sc_state); 1033 1034 /* calculate length of frame (excluding ethernet header + pppoe header) */ 1035 len = 2 + 2 + 2 + 2 + sizeof sc; /* service name tag is required, host unique is send too */ 1036 if (sc->sc_service_name != NULL) { 1037 l1 = strlen(sc->sc_service_name); 1038 len += l1; 1039 } 1040 if (sc->sc_concentrator_name != NULL) { 1041 l2 = strlen(sc->sc_concentrator_name); 1042 len += 2 + 2 + l2; 1043 } 1044 1045 /* allocate a buffer */ 1046 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); /* header len + payload len */ 1047 if (!m0) 1048 return ENOBUFS; 1049 1050 /* fill in pkt */ 1051 p = mtod(m0, uint8_t *); 1052 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADI, 0, len); 1053 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1054 if (sc->sc_service_name != NULL) { 1055 PPPOE_ADD_16(p, l1); 1056 memcpy(p, sc->sc_service_name, l1); 1057 p += l1; 1058 } else { 1059 PPPOE_ADD_16(p, 0); 1060 } 1061 if (sc->sc_concentrator_name != NULL) { 1062 PPPOE_ADD_16(p, PPPOE_TAG_ACNAME); 1063 PPPOE_ADD_16(p, l2); 1064 memcpy(p, sc->sc_concentrator_name, l2); 1065 p += l2; 1066 } 1067 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1068 PPPOE_ADD_16(p, sizeof(sc)); 1069 memcpy(p, &sc, sizeof sc); 1070 1071 #ifdef PPPOE_DEBUG 1072 p += sizeof sc; 1073 if (p - mtod(m0, uint8_t *) != len + PPPOE_HEADERLEN) 1074 panic("pppoe_send_padi: garbled output len, should be %ld, is %ld", 1075 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, uint8_t *))); 1076 #endif 1077 1078 /* send pkt */ 1079 return pppoe_output(sc, m0); 1080 } 1081 1082 static void 1083 pppoe_timeout(void *arg) 1084 { 1085 int x, retry_wait, err; 1086 struct pppoe_softc *sc = (struct pppoe_softc*)arg; 1087 1088 #ifdef PPPOE_DEBUG 1089 printf("%s: timeout\n", sc->sc_sppp.pp_if.if_xname); 1090 #endif 1091 1092 switch (sc->sc_state) { 1093 case PPPOE_STATE_INITIAL: 1094 /* delayed connect from pppoe_tls() */ 1095 pppoe_connect(sc); 1096 break; 1097 case PPPOE_STATE_PADI_SENT: 1098 /* 1099 * We have two basic ways of retrying: 1100 * - Quick retry mode: try a few times in short sequence 1101 * - Slow retry mode: we already had a connection successfully 1102 * established and will try infinitely (without user 1103 * intervention) 1104 * We only enter slow retry mode if IFF_LINK1 (aka autodial) 1105 * is not set. 1106 */ 1107 1108 /* initialize for quick retry mode */ 1109 retry_wait = PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried); 1110 1111 x = splnet(); 1112 sc->sc_padi_retried++; 1113 if (sc->sc_padi_retried >= PPPOE_DISC_MAXPADI) { 1114 if ((sc->sc_sppp.pp_if.if_flags & IFF_LINK1) == 0) { 1115 /* slow retry mode */ 1116 retry_wait = PPPOE_SLOW_RETRY; 1117 } else { 1118 pppoe_abort_connect(sc); 1119 splx(x); 1120 return; 1121 } 1122 } 1123 if ((err = pppoe_send_padi(sc)) != 0) { 1124 sc->sc_padi_retried--; 1125 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1126 printf("%s: failed to transmit PADI, " 1127 "error=%d\n", 1128 sc->sc_sppp.pp_if.if_xname, err); 1129 } 1130 callout_reset(&sc->sc_timeout, retry_wait, 1131 pppoe_timeout, sc); 1132 splx(x); 1133 break; 1134 1135 case PPPOE_STATE_PADR_SENT: 1136 x = splnet(); 1137 sc->sc_padr_retried++; 1138 if (sc->sc_padr_retried >= PPPOE_DISC_MAXPADR) { 1139 memcpy(&sc->sc_dest, etherbroadcastaddr, 1140 sizeof(sc->sc_dest)); 1141 sc->sc_state = PPPOE_STATE_PADI_SENT; 1142 sc->sc_padr_retried = 0; 1143 if ((err = pppoe_send_padi(sc)) != 0) { 1144 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1145 printf("%s: failed to send PADI" 1146 ", error=%d\n", 1147 sc->sc_sppp.pp_if.if_xname, 1148 err); 1149 } 1150 callout_reset(&sc->sc_timeout, 1151 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried), 1152 pppoe_timeout, sc); 1153 splx(x); 1154 return; 1155 } 1156 if ((err = pppoe_send_padr(sc)) != 0) { 1157 sc->sc_padr_retried--; 1158 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1159 printf("%s: failed to send PADR, " 1160 "error=%d\n", sc->sc_sppp.pp_if.if_xname, 1161 err); 1162 } 1163 callout_reset(&sc->sc_timeout, 1164 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried), 1165 pppoe_timeout, sc); 1166 splx(x); 1167 break; 1168 case PPPOE_STATE_CLOSING: 1169 pppoe_disconnect(sc); 1170 break; 1171 default: 1172 return; /* all done, work in peace */ 1173 } 1174 } 1175 1176 /* Start a connection (i.e. initiate discovery phase) */ 1177 static int 1178 pppoe_connect(struct pppoe_softc *sc) 1179 { 1180 int x, err; 1181 1182 if (sc->sc_state != PPPOE_STATE_INITIAL) 1183 return EBUSY; 1184 1185 #ifdef PPPOE_SERVER 1186 /* wait PADI if IFF_PASSIVE */ 1187 if ((sc->sc_sppp.pp_if.if_flags & IFF_PASSIVE)) 1188 return 0; 1189 #endif 1190 x = splnet(); 1191 /* save state, in case we fail to send PADI */ 1192 sc->sc_state = PPPOE_STATE_PADI_SENT; 1193 sc->sc_padr_retried = 0; 1194 err = pppoe_send_padi(sc); 1195 if (err != 0 && sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1196 printf("%s: failed to send PADI, error=%d\n", 1197 sc->sc_sppp.pp_if.if_xname, err); 1198 callout_reset(&sc->sc_timeout, PPPOE_DISC_TIMEOUT, pppoe_timeout, sc); 1199 splx(x); 1200 return err; 1201 } 1202 1203 /* disconnect */ 1204 static int 1205 pppoe_disconnect(struct pppoe_softc *sc) 1206 { 1207 int err, x; 1208 1209 x = splnet(); 1210 1211 if (sc->sc_state < PPPOE_STATE_SESSION) 1212 err = EBUSY; 1213 else { 1214 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1215 printf("%s: disconnecting\n", 1216 sc->sc_sppp.pp_if.if_xname); 1217 err = pppoe_send_padt(sc->sc_eth_if, sc->sc_session, (const uint8_t *)&sc->sc_dest); 1218 } 1219 1220 /* cleanup softc */ 1221 sc->sc_state = PPPOE_STATE_INITIAL; 1222 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1223 if (sc->sc_ac_cookie) { 1224 free(sc->sc_ac_cookie, M_DEVBUF); 1225 sc->sc_ac_cookie = NULL; 1226 } 1227 sc->sc_ac_cookie_len = 0; 1228 if (sc->sc_relay_sid) { 1229 free(sc->sc_relay_sid, M_DEVBUF); 1230 sc->sc_relay_sid = NULL; 1231 } 1232 sc->sc_relay_sid_len = 0; 1233 #ifdef PPPOE_SERVER 1234 if (sc->sc_hunique) { 1235 free(sc->sc_hunique, M_DEVBUF); 1236 sc->sc_hunique = NULL; 1237 } 1238 sc->sc_hunique_len = 0; 1239 #endif 1240 sc->sc_session = 0; 1241 1242 /* notify upper layer */ 1243 sc->sc_sppp.pp_down(&sc->sc_sppp); 1244 1245 splx(x); 1246 1247 return err; 1248 } 1249 1250 /* Connection attempt aborted */ 1251 static void 1252 pppoe_abort_connect(struct pppoe_softc *sc) 1253 { 1254 printf("%s: could not establish connection\n", 1255 sc->sc_sppp.pp_if.if_xname); 1256 sc->sc_state = PPPOE_STATE_CLOSING; 1257 1258 /* notify upper layer */ 1259 sc->sc_sppp.pp_down(&sc->sc_sppp); 1260 1261 /* clear connection state */ 1262 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1263 sc->sc_state = PPPOE_STATE_INITIAL; 1264 } 1265 1266 /* Send a PADR packet */ 1267 static int 1268 pppoe_send_padr(struct pppoe_softc *sc) 1269 { 1270 struct mbuf *m0; 1271 uint8_t *p; 1272 size_t len, l1 = 0; /* XXX: gcc */ 1273 1274 if (sc->sc_state != PPPOE_STATE_PADR_SENT) 1275 return EIO; 1276 1277 len = 2 + 2 + 2 + 2 + sizeof(sc); /* service name, host unique */ 1278 if (sc->sc_service_name != NULL) { /* service name tag maybe empty */ 1279 l1 = strlen(sc->sc_service_name); 1280 len += l1; 1281 } 1282 if (sc->sc_ac_cookie_len > 0) 1283 len += 2 + 2 + sc->sc_ac_cookie_len; /* AC cookie */ 1284 if (sc->sc_relay_sid_len > 0) 1285 len += 2 + 2 + sc->sc_relay_sid_len; /* Relay SID */ 1286 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); 1287 if (!m0) 1288 return ENOBUFS; 1289 p = mtod(m0, uint8_t *); 1290 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADR, 0, len); 1291 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1292 if (sc->sc_service_name != NULL) { 1293 PPPOE_ADD_16(p, l1); 1294 memcpy(p, sc->sc_service_name, l1); 1295 p += l1; 1296 } else { 1297 PPPOE_ADD_16(p, 0); 1298 } 1299 if (sc->sc_ac_cookie_len > 0) { 1300 PPPOE_ADD_16(p, PPPOE_TAG_ACCOOKIE); 1301 PPPOE_ADD_16(p, sc->sc_ac_cookie_len); 1302 memcpy(p, sc->sc_ac_cookie, sc->sc_ac_cookie_len); 1303 p += sc->sc_ac_cookie_len; 1304 } 1305 if (sc->sc_relay_sid_len > 0) { 1306 PPPOE_ADD_16(p, PPPOE_TAG_RELAYSID); 1307 PPPOE_ADD_16(p, sc->sc_relay_sid_len); 1308 memcpy(p, sc->sc_relay_sid, sc->sc_relay_sid_len); 1309 p += sc->sc_relay_sid_len; 1310 } 1311 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1312 PPPOE_ADD_16(p, sizeof(sc)); 1313 memcpy(p, &sc, sizeof sc); 1314 1315 #ifdef PPPOE_DEBUG 1316 p += sizeof sc; 1317 if (p - mtod(m0, uint8_t *) != len + PPPOE_HEADERLEN) 1318 panic("pppoe_send_padr: garbled output len, should be %ld, is %ld", 1319 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, uint8_t *))); 1320 #endif 1321 1322 return pppoe_output(sc, m0); 1323 } 1324 1325 /* send a PADT packet */ 1326 static int 1327 pppoe_send_padt(struct ifnet *outgoing_if, u_int session, const uint8_t *dest) 1328 { 1329 struct ether_header *eh; 1330 struct sockaddr dst; 1331 struct mbuf *m0; 1332 uint8_t *p; 1333 1334 m0 = pppoe_get_mbuf(PPPOE_HEADERLEN); 1335 if (!m0) 1336 return EIO; 1337 p = mtod(m0, uint8_t *); 1338 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADT, session, 0); 1339 1340 memset(&dst, 0, sizeof dst); 1341 dst.sa_family = AF_UNSPEC; 1342 eh = (struct ether_header*)&dst.sa_data; 1343 eh->ether_type = htons(ETHERTYPE_PPPOEDISC); 1344 memcpy(&eh->ether_dhost, dest, ETHER_ADDR_LEN); 1345 1346 m0->m_flags &= ~(M_BCAST|M_MCAST); 1347 return outgoing_if->if_output(outgoing_if, m0, &dst, NULL); 1348 } 1349 1350 #ifdef PPPOE_SERVER 1351 static int 1352 pppoe_send_pado(struct pppoe_softc *sc) 1353 { 1354 struct mbuf *m0; 1355 uint8_t *p; 1356 size_t len; 1357 1358 if (sc->sc_state != PPPOE_STATE_PADO_SENT) 1359 return EIO; 1360 1361 /* calc length */ 1362 len = 0; 1363 /* include ac_cookie */ 1364 len += 2 + 2 + sizeof(sc); 1365 /* include hunique */ 1366 len += 2 + 2 + sc->sc_hunique_len; 1367 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); 1368 if (!m0) 1369 return EIO; 1370 p = mtod(m0, uint8_t *); 1371 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADO, 0, len); 1372 PPPOE_ADD_16(p, PPPOE_TAG_ACCOOKIE); 1373 PPPOE_ADD_16(p, sizeof(sc)); 1374 memcpy(p, &sc, sizeof(sc)); 1375 p += sizeof(sc); 1376 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1377 PPPOE_ADD_16(p, sc->sc_hunique_len); 1378 memcpy(p, sc->sc_hunique, sc->sc_hunique_len); 1379 return pppoe_output(sc, m0); 1380 } 1381 1382 static int 1383 pppoe_send_pads(struct pppoe_softc *sc) 1384 { 1385 struct bintime bt; 1386 struct mbuf *m0; 1387 uint8_t *p; 1388 size_t len, l1 = 0; /* XXX: gcc */ 1389 1390 if (sc->sc_state != PPPOE_STATE_PADO_SENT) 1391 return EIO; 1392 1393 getbinuptime(&bt); 1394 sc->sc_session = bt.sec % 0xff + 1; 1395 /* calc length */ 1396 len = 0; 1397 /* include hunique */ 1398 len += 2 + 2 + 2 + 2 + sc->sc_hunique_len; /* service name, host unique*/ 1399 if (sc->sc_service_name != NULL) { /* service name tag maybe empty */ 1400 l1 = strlen(sc->sc_service_name); 1401 len += l1; 1402 } 1403 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); 1404 if (!m0) 1405 return ENOBUFS; 1406 p = mtod(m0, uint8_t *); 1407 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADS, sc->sc_session, len); 1408 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1409 if (sc->sc_service_name != NULL) { 1410 PPPOE_ADD_16(p, l1); 1411 memcpy(p, sc->sc_service_name, l1); 1412 p += l1; 1413 } else { 1414 PPPOE_ADD_16(p, 0); 1415 } 1416 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1417 PPPOE_ADD_16(p, sc->sc_hunique_len); 1418 memcpy(p, sc->sc_hunique, sc->sc_hunique_len); 1419 return pppoe_output(sc, m0); 1420 } 1421 #endif 1422 1423 static void 1424 pppoe_tls(struct sppp *sp) 1425 { 1426 struct pppoe_softc *sc = (void *)sp; 1427 int wtime; 1428 1429 if (sc->sc_state != PPPOE_STATE_INITIAL) 1430 return; 1431 1432 if (sc->sc_sppp.pp_phase == SPPP_PHASE_ESTABLISH && 1433 sc->sc_sppp.pp_auth_failures > 0) { 1434 /* 1435 * Delay trying to reconnect a bit more - the peer 1436 * might have failed to contact it's radius server. 1437 */ 1438 wtime = PPPOE_RECON_FAST * sc->sc_sppp.pp_auth_failures; 1439 if (wtime > PPPOE_SLOW_RETRY) 1440 wtime = PPPOE_SLOW_RETRY; 1441 } else { 1442 wtime = PPPOE_RECON_IMMEDIATE; 1443 } 1444 callout_reset(&sc->sc_timeout, wtime, pppoe_timeout, sc); 1445 } 1446 1447 static void 1448 pppoe_tlf(struct sppp *sp) 1449 { 1450 struct pppoe_softc *sc = (void *)sp; 1451 if (sc->sc_state < PPPOE_STATE_SESSION) 1452 return; 1453 /* 1454 * Do not call pppoe_disconnect here, the upper layer state 1455 * machine gets confused by this. We must return from this 1456 * function and defer disconnecting to the timeout handler. 1457 */ 1458 sc->sc_state = PPPOE_STATE_CLOSING; 1459 callout_reset(&sc->sc_timeout, hz/50, pppoe_timeout, sc); 1460 } 1461 1462 static void 1463 pppoe_start(struct ifnet *ifp) 1464 { 1465 struct pppoe_softc *sc = (void *)ifp; 1466 struct mbuf *m; 1467 uint8_t *p; 1468 size_t len; 1469 1470 if (sppp_isempty(ifp)) 1471 return; 1472 1473 /* are we ready to process data yet? */ 1474 if (sc->sc_state < PPPOE_STATE_SESSION) { 1475 sppp_flush(&sc->sc_sppp.pp_if); 1476 return; 1477 } 1478 1479 while ((m = sppp_dequeue(ifp)) != NULL) { 1480 len = m->m_pkthdr.len; 1481 M_PREPEND(m, PPPOE_HEADERLEN, M_DONTWAIT); 1482 if (m == NULL) { 1483 ifp->if_oerrors++; 1484 continue; 1485 } 1486 p = mtod(m, uint8_t *); 1487 PPPOE_ADD_HEADER(p, 0, sc->sc_session, len); 1488 1489 bpf_mtap(&sc->sc_sppp.pp_if, m); 1490 1491 pppoe_output(sc, m); 1492 } 1493 } 1494 1495 1496 #ifdef PFIL_HOOKS 1497 static int 1498 pppoe_ifattach_hook(void *arg, struct mbuf **mp, struct ifnet *ifp, 1499 int dir) 1500 { 1501 struct pppoe_softc *sc; 1502 int s; 1503 1504 if (mp != (struct mbuf **)PFIL_IFNET_DETACH) 1505 return 0; 1506 1507 s = splnet(); 1508 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) { 1509 if (sc->sc_eth_if != ifp) 1510 continue; 1511 if (sc->sc_sppp.pp_if.if_flags & IFF_UP) { 1512 sc->sc_sppp.pp_if.if_flags &= ~(IFF_UP|IFF_RUNNING); 1513 printf("%s: ethernet interface detached, going down\n", 1514 sc->sc_sppp.pp_if.if_xname); 1515 } 1516 sc->sc_eth_if = NULL; 1517 pppoe_clear_softc(sc, "ethernet interface detached"); 1518 } 1519 splx(s); 1520 1521 return 0; 1522 } 1523 #endif 1524 1525 static void 1526 pppoe_clear_softc(struct pppoe_softc *sc, const char *message) 1527 { 1528 /* stop timer */ 1529 callout_stop(&sc->sc_timeout); 1530 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1531 printf("%s: session 0x%x terminated, %s\n", 1532 sc->sc_sppp.pp_if.if_xname, sc->sc_session, message); 1533 1534 /* fix our state */ 1535 sc->sc_state = PPPOE_STATE_INITIAL; 1536 1537 /* signal upper layer */ 1538 sc->sc_sppp.pp_down(&sc->sc_sppp); 1539 1540 /* clean up softc */ 1541 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1542 if (sc->sc_ac_cookie) { 1543 free(sc->sc_ac_cookie, M_DEVBUF); 1544 sc->sc_ac_cookie = NULL; 1545 } 1546 if (sc->sc_relay_sid) { 1547 free(sc->sc_relay_sid, M_DEVBUF); 1548 sc->sc_relay_sid = NULL; 1549 } 1550 sc->sc_ac_cookie_len = 0; 1551 sc->sc_session = 0; 1552 } 1553