1 /* $NetBSD: if_pppoe.c,v 1.86 2008/04/28 20:24:09 martin Exp $ */ 2 3 /*- 4 * Copyright (c) 2002 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Martin Husemann <martin@NetBSD.org>. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 #include <sys/cdefs.h> 33 __KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.86 2008/04/28 20:24:09 martin Exp $"); 34 35 #include "pppoe.h" 36 #include "bpfilter.h" 37 #include "opt_pfil_hooks.h" 38 #include "opt_pppoe.h" 39 40 #include <sys/param.h> 41 #include <sys/systm.h> 42 #include <sys/kernel.h> 43 #include <sys/callout.h> 44 #include <sys/malloc.h> 45 #include <sys/mbuf.h> 46 #include <sys/socket.h> 47 #include <sys/proc.h> 48 #include <sys/ioctl.h> 49 #include <sys/kauth.h> 50 #include <sys/intr.h> 51 #include <sys/socketvar.h> 52 53 #include <net/if.h> 54 #include <net/if_types.h> 55 #include <net/if_ether.h> 56 #include <net/if_sppp.h> 57 #include <net/if_spppvar.h> 58 #include <net/if_pppoe.h> 59 60 #if NBPFILTER > 0 61 #include <net/bpf.h> 62 #endif 63 64 65 #undef PPPOE_DEBUG /* XXX - remove this or make it an option */ 66 /* #define PPPOE_DEBUG 1 */ 67 68 struct pppoehdr { 69 uint8_t vertype; 70 uint8_t code; 71 uint16_t session; 72 uint16_t plen; 73 } __packed; 74 75 struct pppoetag { 76 uint16_t tag; 77 uint16_t len; 78 } __packed; 79 80 #define PPPOE_HEADERLEN sizeof(struct pppoehdr) 81 #define PPPOE_OVERHEAD (PPPOE_HEADERLEN + 2) 82 #define PPPOE_VERTYPE 0x11 /* VER=1, TYPE = 1 */ 83 84 #define PPPOE_TAG_EOL 0x0000 /* end of list */ 85 #define PPPOE_TAG_SNAME 0x0101 /* service name */ 86 #define PPPOE_TAG_ACNAME 0x0102 /* access concentrator name */ 87 #define PPPOE_TAG_HUNIQUE 0x0103 /* host unique */ 88 #define PPPOE_TAG_ACCOOKIE 0x0104 /* AC cookie */ 89 #define PPPOE_TAG_VENDOR 0x0105 /* vendor specific */ 90 #define PPPOE_TAG_RELAYSID 0x0110 /* relay session id */ 91 #define PPPOE_TAG_SNAME_ERR 0x0201 /* service name error */ 92 #define PPPOE_TAG_ACSYS_ERR 0x0202 /* AC system error */ 93 #define PPPOE_TAG_GENERIC_ERR 0x0203 /* gerneric error */ 94 95 #define PPPOE_CODE_PADI 0x09 /* Active Discovery Initiation */ 96 #define PPPOE_CODE_PADO 0x07 /* Active Discovery Offer */ 97 #define PPPOE_CODE_PADR 0x19 /* Active Discovery Request */ 98 #define PPPOE_CODE_PADS 0x65 /* Active Discovery Session confirmation */ 99 #define PPPOE_CODE_PADT 0xA7 /* Active Discovery Terminate */ 100 101 /* two byte PPP protocol discriminator, then IP data */ 102 #define PPPOE_MAXMTU (ETHERMTU - PPPOE_OVERHEAD) 103 104 /* Add a 16 bit unsigned value to a buffer pointed to by PTR */ 105 #define PPPOE_ADD_16(PTR, VAL) \ 106 *(PTR)++ = (VAL) / 256; \ 107 *(PTR)++ = (VAL) % 256 108 109 /* Add a complete PPPoE header to the buffer pointed to by PTR */ 110 #define PPPOE_ADD_HEADER(PTR, CODE, SESS, LEN) \ 111 *(PTR)++ = PPPOE_VERTYPE; \ 112 *(PTR)++ = (CODE); \ 113 PPPOE_ADD_16(PTR, SESS); \ 114 PPPOE_ADD_16(PTR, LEN) 115 116 #define PPPOE_DISC_TIMEOUT (hz*5) /* base for quick timeout calculation */ 117 #define PPPOE_SLOW_RETRY (hz*60) /* persistent retry interval */ 118 #define PPPOE_DISC_MAXPADI 4 /* retry PADI four times (quickly) */ 119 #define PPPOE_DISC_MAXPADR 2 /* retry PADR twice */ 120 121 #ifdef PPPOE_SERVER 122 /* from if_spppsubr.c */ 123 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 124 #endif 125 126 struct pppoe_softc { 127 struct sppp sc_sppp; /* contains a struct ifnet as first element */ 128 LIST_ENTRY(pppoe_softc) sc_list; 129 struct ifnet *sc_eth_if; /* ethernet interface we are using */ 130 131 int sc_state; /* discovery phase or session connected */ 132 struct ether_addr sc_dest; /* hardware address of concentrator */ 133 uint16_t sc_session; /* PPPoE session id */ 134 135 char *sc_service_name; /* if != NULL: requested name of service */ 136 char *sc_concentrator_name; /* if != NULL: requested concentrator id */ 137 uint8_t *sc_ac_cookie; /* content of AC cookie we must echo back */ 138 size_t sc_ac_cookie_len; /* length of cookie data */ 139 #ifdef PPPOE_SERVER 140 uint8_t *sc_hunique; /* content of host unique we must echo back */ 141 size_t sc_hunique_len; /* length of host unique */ 142 #endif 143 callout_t sc_timeout; /* timeout while not in session state */ 144 int sc_padi_retried; /* number of PADI retries already done */ 145 int sc_padr_retried; /* number of PADR retries already done */ 146 }; 147 148 /* incoming traffic will be queued here */ 149 struct ifqueue ppoediscinq = { .ifq_maxlen = IFQ_MAXLEN }; 150 struct ifqueue ppoeinq = { .ifq_maxlen = IFQ_MAXLEN }; 151 152 void *pppoe_softintr = NULL; 153 static void pppoe_softintr_handler(void *); 154 155 extern int sppp_ioctl(struct ifnet *, unsigned long, void *); 156 157 /* input routines */ 158 static void pppoe_input(void); 159 static void pppoe_disc_input(struct mbuf *); 160 static void pppoe_dispatch_disc_pkt(struct mbuf *, int); 161 static void pppoe_data_input(struct mbuf *); 162 163 /* management routines */ 164 void pppoeattach(int); 165 static int pppoe_connect(struct pppoe_softc *); 166 static int pppoe_disconnect(struct pppoe_softc *); 167 static void pppoe_abort_connect(struct pppoe_softc *); 168 static int pppoe_ioctl(struct ifnet *, unsigned long, void *); 169 static void pppoe_tls(struct sppp *); 170 static void pppoe_tlf(struct sppp *); 171 static void pppoe_start(struct ifnet *); 172 static void pppoe_clear_softc(struct pppoe_softc *, const char *); 173 174 /* internal timeout handling */ 175 static void pppoe_timeout(void *); 176 177 /* sending actual protocol controll packets */ 178 static int pppoe_send_padi(struct pppoe_softc *); 179 static int pppoe_send_padr(struct pppoe_softc *); 180 #ifdef PPPOE_SERVER 181 static int pppoe_send_pado(struct pppoe_softc *); 182 static int pppoe_send_pads(struct pppoe_softc *); 183 #endif 184 static int pppoe_send_padt(struct ifnet *, u_int, const uint8_t *); 185 186 /* raw output */ 187 static int pppoe_output(struct pppoe_softc *, struct mbuf *); 188 189 /* internal helper functions */ 190 static struct pppoe_softc * pppoe_find_softc_by_session(u_int, struct ifnet *); 191 static struct pppoe_softc * pppoe_find_softc_by_hunique(uint8_t *, size_t, struct ifnet *); 192 static struct mbuf *pppoe_get_mbuf(size_t len); 193 194 #ifdef PFIL_HOOKS 195 static int pppoe_ifattach_hook(void *, struct mbuf **, struct ifnet *, int); 196 #endif 197 198 static LIST_HEAD(pppoe_softc_head, pppoe_softc) pppoe_softc_list; 199 200 static int pppoe_clone_create(struct if_clone *, int); 201 static int pppoe_clone_destroy(struct ifnet *); 202 203 static struct if_clone pppoe_cloner = 204 IF_CLONE_INITIALIZER("pppoe", pppoe_clone_create, pppoe_clone_destroy); 205 206 /* ARGSUSED */ 207 void 208 pppoeattach(int count) 209 { 210 LIST_INIT(&pppoe_softc_list); 211 if_clone_attach(&pppoe_cloner); 212 213 pppoe_softintr = softint_establish(SOFTINT_NET, pppoe_softintr_handler, NULL); 214 } 215 216 static int 217 pppoe_clone_create(struct if_clone *ifc, int unit) 218 { 219 struct pppoe_softc *sc; 220 221 sc = malloc(sizeof(struct pppoe_softc), M_DEVBUF, M_WAITOK); 222 memset(sc, 0, sizeof(struct pppoe_softc)); 223 224 snprintf(sc->sc_sppp.pp_if.if_xname, sizeof(sc->sc_sppp.pp_if.if_xname), 225 "pppoe%d", unit); 226 sc->sc_sppp.pp_if.if_softc = sc; 227 sc->sc_sppp.pp_if.if_mtu = PPPOE_MAXMTU; 228 sc->sc_sppp.pp_if.if_flags = IFF_SIMPLEX|IFF_POINTOPOINT|IFF_MULTICAST; 229 sc->sc_sppp.pp_if.if_type = IFT_PPP; 230 sc->sc_sppp.pp_if.if_hdrlen = sizeof(struct ether_header) + PPPOE_HEADERLEN; 231 sc->sc_sppp.pp_if.if_dlt = DLT_PPP_ETHER; 232 sc->sc_sppp.pp_flags |= PP_KEEPALIVE | /* use LCP keepalive */ 233 PP_NOFRAMING; /* no serial encapsulation */ 234 sc->sc_sppp.pp_if.if_ioctl = pppoe_ioctl; 235 IFQ_SET_MAXLEN(&sc->sc_sppp.pp_if.if_snd, IFQ_MAXLEN); 236 IFQ_SET_READY(&sc->sc_sppp.pp_if.if_snd); 237 238 /* changed to real address later */ 239 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 240 241 callout_init(&sc->sc_timeout, 0); 242 243 sc->sc_sppp.pp_if.if_start = pppoe_start; 244 sc->sc_sppp.pp_tls = pppoe_tls; 245 sc->sc_sppp.pp_tlf = pppoe_tlf; 246 sc->sc_sppp.pp_framebytes = PPPOE_HEADERLEN; /* framing added to ppp packets */ 247 248 if_attach(&sc->sc_sppp.pp_if); 249 sppp_attach(&sc->sc_sppp.pp_if); 250 251 #if NBPFILTER > 0 252 bpfattach(&sc->sc_sppp.pp_if, DLT_PPP_ETHER, 0); 253 #endif 254 #ifdef PFIL_HOOKS 255 if (LIST_EMPTY(&pppoe_softc_list)) 256 pfil_add_hook(pppoe_ifattach_hook, NULL, 257 PFIL_IFNET|PFIL_WAITOK, &if_pfil); 258 #endif 259 LIST_INSERT_HEAD(&pppoe_softc_list, sc, sc_list); 260 return 0; 261 } 262 263 static int 264 pppoe_clone_destroy(struct ifnet *ifp) 265 { 266 struct pppoe_softc * sc = ifp->if_softc; 267 268 callout_stop(&sc->sc_timeout); 269 LIST_REMOVE(sc, sc_list); 270 #ifdef PFIL_HOOKS 271 if (LIST_EMPTY(&pppoe_softc_list)) 272 pfil_remove_hook(pppoe_ifattach_hook, NULL, 273 PFIL_IFNET|PFIL_WAITOK, &if_pfil); 274 #endif 275 #if NBPFILTER > 0 276 bpfdetach(ifp); 277 #endif 278 sppp_detach(&sc->sc_sppp.pp_if); 279 if_detach(ifp); 280 if (sc->sc_concentrator_name) 281 free(sc->sc_concentrator_name, M_DEVBUF); 282 if (sc->sc_service_name) 283 free(sc->sc_service_name, M_DEVBUF); 284 if (sc->sc_ac_cookie) 285 free(sc->sc_ac_cookie, M_DEVBUF); 286 callout_destroy(&sc->sc_timeout); 287 free(sc, M_DEVBUF); 288 289 return (0); 290 } 291 292 /* 293 * Find the interface handling the specified session. 294 * Note: O(number of sessions open), this is a client-side only, mean 295 * and lean implementation, so number of open sessions typically should 296 * be 1. 297 */ 298 static struct pppoe_softc * 299 pppoe_find_softc_by_session(u_int session, struct ifnet *rcvif) 300 { 301 struct pppoe_softc *sc; 302 303 if (session == 0) 304 return NULL; 305 306 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) { 307 if (sc->sc_state == PPPOE_STATE_SESSION 308 && sc->sc_session == session) { 309 if (sc->sc_eth_if == rcvif) 310 return sc; 311 else 312 return NULL; 313 } 314 } 315 return NULL; 316 } 317 318 /* Check host unique token passed and return appropriate softc pointer, 319 * or NULL if token is bogus. */ 320 static struct pppoe_softc * 321 pppoe_find_softc_by_hunique(uint8_t *token, size_t len, struct ifnet *rcvif) 322 { 323 struct pppoe_softc *sc, *t; 324 325 if (LIST_EMPTY(&pppoe_softc_list)) 326 return NULL; 327 328 if (len != sizeof sc) 329 return NULL; 330 memcpy(&t, token, len); 331 332 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) 333 if (sc == t) break; 334 335 if (sc == NULL) { 336 #ifdef PPPOE_DEBUG 337 printf("pppoe: alien host unique tag, no session found\n"); 338 #endif 339 return NULL; 340 } 341 342 /* should be safe to access *sc now */ 343 if (sc->sc_state < PPPOE_STATE_PADI_SENT || sc->sc_state >= PPPOE_STATE_SESSION) { 344 printf("%s: host unique tag found, but it belongs to a connection in state %d\n", 345 sc->sc_sppp.pp_if.if_xname, sc->sc_state); 346 return NULL; 347 } 348 if (sc->sc_eth_if != rcvif) { 349 printf("%s: wrong interface, not accepting host unique\n", 350 sc->sc_sppp.pp_if.if_xname); 351 return NULL; 352 } 353 return sc; 354 } 355 356 static void 357 pppoe_softintr_handler(void *dummy) 358 { 359 /* called at splsoftnet() */ 360 mutex_enter(softnet_lock); 361 pppoe_input(); 362 mutex_exit(softnet_lock); 363 } 364 365 /* called at appropriate protection level */ 366 static void 367 pppoe_input(void) 368 { 369 struct mbuf *m; 370 int s, disc_done, data_done; 371 372 do { 373 disc_done = 0; 374 data_done = 0; 375 for (;;) { 376 s = splnet(); 377 IF_DEQUEUE(&ppoediscinq, m); 378 splx(s); 379 if (m == NULL) break; 380 disc_done = 1; 381 pppoe_disc_input(m); 382 } 383 384 for (;;) { 385 s = splnet(); 386 IF_DEQUEUE(&ppoeinq, m); 387 splx(s); 388 if (m == NULL) break; 389 data_done = 1; 390 pppoe_data_input(m); 391 } 392 } while (disc_done || data_done); 393 } 394 395 /* analyze and handle a single received packet while not in session state */ 396 static void 397 pppoe_dispatch_disc_pkt(struct mbuf *m, int off) 398 { 399 uint16_t tag, len; 400 uint16_t session, plen; 401 struct pppoe_softc *sc; 402 const char *err_msg, *devname; 403 char *error; 404 uint8_t *ac_cookie; 405 size_t ac_cookie_len; 406 #ifdef PPPOE_SERVER 407 uint8_t *hunique; 408 size_t hunique_len; 409 #endif 410 struct pppoehdr *ph; 411 struct pppoetag *pt; 412 struct mbuf *n; 413 int noff, err, errortag; 414 struct ether_header *eh; 415 416 devname = "pppoe"; /* as long as we don't know which instance */ 417 err_msg = NULL; 418 errortag = 0; 419 if (m->m_len < sizeof(*eh)) { 420 m = m_pullup(m, sizeof(*eh)); 421 if (!m) 422 goto done; 423 } 424 eh = mtod(m, struct ether_header *); 425 off += sizeof(*eh); 426 427 ac_cookie = NULL; 428 ac_cookie_len = 0; 429 #ifdef PPPOE_SERVER 430 hunique = NULL; 431 hunique_len = 0; 432 #endif 433 session = 0; 434 if (m->m_pkthdr.len - off <= PPPOE_HEADERLEN) { 435 printf("pppoe: packet too short: %d\n", m->m_pkthdr.len); 436 goto done; 437 } 438 439 n = m_pulldown(m, off, sizeof(*ph), &noff); 440 if (!n) { 441 printf("pppoe: could not get PPPoE header\n"); 442 m = NULL; 443 goto done; 444 } 445 ph = (struct pppoehdr *)(mtod(n, char *) + noff); 446 if (ph->vertype != PPPOE_VERTYPE) { 447 printf("pppoe: unknown version/type packet: 0x%x\n", 448 ph->vertype); 449 goto done; 450 } 451 session = ntohs(ph->session); 452 plen = ntohs(ph->plen); 453 off += sizeof(*ph); 454 455 if (plen + off > m->m_pkthdr.len) { 456 printf("pppoe: packet content does not fit: data available = %d, packet size = %u\n", 457 m->m_pkthdr.len - off, plen); 458 goto done; 459 } 460 m_adj(m, off + plen - m->m_pkthdr.len); /* ignore trailing garbage */ 461 tag = 0; 462 len = 0; 463 sc = NULL; 464 while (off + sizeof(*pt) <= m->m_pkthdr.len) { 465 n = m_pulldown(m, off, sizeof(*pt), &noff); 466 if (!n) { 467 printf("%s: parse error\n", devname); 468 m = NULL; 469 goto done; 470 } 471 pt = (struct pppoetag *)(mtod(n, char *) + noff); 472 tag = ntohs(pt->tag); 473 len = ntohs(pt->len); 474 if (off + len > m->m_pkthdr.len) { 475 printf("pppoe: tag 0x%x len 0x%x is too long\n", 476 tag, len); 477 goto done; 478 } 479 switch (tag) { 480 case PPPOE_TAG_EOL: 481 goto breakbreak; 482 case PPPOE_TAG_SNAME: 483 break; /* ignored */ 484 case PPPOE_TAG_ACNAME: 485 error = NULL; 486 if (sc != NULL && len > 0) { 487 error = malloc(len+1, M_TEMP, M_NOWAIT); 488 if (error) { 489 n = m_pulldown(m, off + sizeof(*pt), 490 len, &noff); 491 if (n) { 492 strncpy(error, 493 mtod(n, char*) + noff, 494 len); 495 error[len] = '\0'; 496 } 497 printf("%s: connected to %s\n", 498 devname, error); 499 free(error, M_TEMP); 500 } 501 } 502 break; /* ignored */ 503 case PPPOE_TAG_HUNIQUE: 504 if (sc != NULL) 505 break; 506 n = m_pulldown(m, off + sizeof(*pt), len, &noff); 507 if (!n) { 508 m = NULL; 509 err_msg = "TAG HUNIQUE ERROR"; 510 break; 511 } 512 #ifdef PPPOE_SERVER 513 hunique = mtod(n, uint8_t *) + noff; 514 hunique_len = len; 515 #endif 516 sc = pppoe_find_softc_by_hunique(mtod(n, char *) + noff, 517 len, m->m_pkthdr.rcvif); 518 if (sc != NULL) 519 devname = sc->sc_sppp.pp_if.if_xname; 520 break; 521 case PPPOE_TAG_ACCOOKIE: 522 if (ac_cookie == NULL) { 523 n = m_pulldown(m, off + sizeof(*pt), len, 524 &noff); 525 if (!n) { 526 err_msg = "TAG ACCOOKIE ERROR"; 527 m = NULL; 528 break; 529 } 530 ac_cookie = mtod(n, char *) + noff; 531 ac_cookie_len = len; 532 } 533 break; 534 case PPPOE_TAG_SNAME_ERR: 535 err_msg = "SERVICE NAME ERROR"; 536 errortag = 1; 537 break; 538 case PPPOE_TAG_ACSYS_ERR: 539 err_msg = "AC SYSTEM ERROR"; 540 errortag = 1; 541 break; 542 case PPPOE_TAG_GENERIC_ERR: 543 err_msg = "GENERIC ERROR"; 544 errortag = 1; 545 break; 546 } 547 if (err_msg) { 548 error = NULL; 549 if (errortag && len) { 550 error = malloc(len+1, M_TEMP, M_NOWAIT); 551 n = m_pulldown(m, off + sizeof(*pt), len, 552 &noff); 553 if (n && error) { 554 strncpy(error, 555 mtod(n, char *) + noff, len); 556 error[len] = '\0'; 557 } 558 } 559 if (error) { 560 printf("%s: %s: %s\n", devname, 561 err_msg, error); 562 free(error, M_TEMP); 563 } else 564 printf("%s: %s\n", devname, err_msg); 565 if (errortag) 566 goto done; 567 } 568 off += sizeof(*pt) + len; 569 } 570 breakbreak:; 571 switch (ph->code) { 572 case PPPOE_CODE_PADI: 573 #ifdef PPPOE_SERVER 574 /* 575 * got service name, concentrator name, and/or host unique. 576 * ignore if we have no interfaces with IFF_PASSIVE|IFF_UP. 577 */ 578 if (LIST_EMPTY(&pppoe_softc_list)) 579 goto done; 580 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) { 581 if (!(sc->sc_sppp.pp_if.if_flags & IFF_UP)) 582 continue; 583 if (!(sc->sc_sppp.pp_if.if_flags & IFF_PASSIVE)) 584 continue; 585 if (sc->sc_state == PPPOE_STATE_INITIAL) 586 break; 587 } 588 if (sc == NULL) { 589 /* printf("pppoe: free passive interface is not found\n");*/ 590 goto done; 591 } 592 if (hunique) { 593 if (sc->sc_hunique) 594 free(sc->sc_hunique, M_DEVBUF); 595 sc->sc_hunique = malloc(hunique_len, M_DEVBUF, 596 M_DONTWAIT); 597 if (sc->sc_hunique == NULL) 598 goto done; 599 sc->sc_hunique_len = hunique_len; 600 memcpy(sc->sc_hunique, hunique, hunique_len); 601 } 602 memcpy(&sc->sc_dest, eh->ether_shost, sizeof sc->sc_dest); 603 sc->sc_state = PPPOE_STATE_PADO_SENT; 604 pppoe_send_pado(sc); 605 break; 606 #endif /* PPPOE_SERVER */ 607 case PPPOE_CODE_PADR: 608 #ifdef PPPOE_SERVER 609 /* 610 * get sc from ac_cookie if IFF_PASSIVE 611 */ 612 if (ac_cookie == NULL) { 613 /* be quiet if there is not a single pppoe instance */ 614 printf("pppoe: received PADR but not includes ac_cookie\n"); 615 goto done; 616 } 617 sc = pppoe_find_softc_by_hunique(ac_cookie, 618 ac_cookie_len, 619 m->m_pkthdr.rcvif); 620 if (sc == NULL) { 621 /* be quiet if there is not a single pppoe instance */ 622 if (!LIST_EMPTY(&pppoe_softc_list)) 623 printf("pppoe: received PADR but could not find request for it\n"); 624 goto done; 625 } 626 if (sc->sc_state != PPPOE_STATE_PADO_SENT) { 627 printf("%s: received unexpected PADR\n", 628 sc->sc_sppp.pp_if.if_xname); 629 goto done; 630 } 631 if (hunique) { 632 if (sc->sc_hunique) 633 free(sc->sc_hunique, M_DEVBUF); 634 sc->sc_hunique = malloc(hunique_len, M_DEVBUF, 635 M_DONTWAIT); 636 if (sc->sc_hunique == NULL) 637 goto done; 638 sc->sc_hunique_len = hunique_len; 639 memcpy(sc->sc_hunique, hunique, hunique_len); 640 } 641 pppoe_send_pads(sc); 642 sc->sc_state = PPPOE_STATE_SESSION; 643 sc->sc_sppp.pp_up(&sc->sc_sppp); 644 break; 645 #else 646 /* ignore, we are no access concentrator */ 647 goto done; 648 #endif /* PPPOE_SERVER */ 649 case PPPOE_CODE_PADO: 650 if (sc == NULL) { 651 /* be quiet if there is not a single pppoe instance */ 652 if (!LIST_EMPTY(&pppoe_softc_list)) 653 printf("pppoe: received PADO but could not find request for it\n"); 654 goto done; 655 } 656 if (sc->sc_state != PPPOE_STATE_PADI_SENT) { 657 printf("%s: received unexpected PADO\n", 658 sc->sc_sppp.pp_if.if_xname); 659 goto done; 660 } 661 if (ac_cookie) { 662 if (sc->sc_ac_cookie) 663 free(sc->sc_ac_cookie, M_DEVBUF); 664 sc->sc_ac_cookie = malloc(ac_cookie_len, M_DEVBUF, 665 M_DONTWAIT); 666 if (sc->sc_ac_cookie == NULL) 667 goto done; 668 sc->sc_ac_cookie_len = ac_cookie_len; 669 memcpy(sc->sc_ac_cookie, ac_cookie, ac_cookie_len); 670 } 671 memcpy(&sc->sc_dest, eh->ether_shost, sizeof sc->sc_dest); 672 callout_stop(&sc->sc_timeout); 673 sc->sc_padr_retried = 0; 674 sc->sc_state = PPPOE_STATE_PADR_SENT; 675 if ((err = pppoe_send_padr(sc)) != 0) { 676 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 677 printf("%s: failed to send PADR, " 678 "error=%d\n", sc->sc_sppp.pp_if.if_xname, 679 err); 680 } 681 callout_reset(&sc->sc_timeout, 682 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried), 683 pppoe_timeout, sc); 684 break; 685 case PPPOE_CODE_PADS: 686 if (sc == NULL) 687 goto done; 688 sc->sc_session = session; 689 callout_stop(&sc->sc_timeout); 690 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 691 printf("%s: session 0x%x connected\n", 692 sc->sc_sppp.pp_if.if_xname, session); 693 sc->sc_state = PPPOE_STATE_SESSION; 694 sc->sc_sppp.pp_up(&sc->sc_sppp); /* notify upper layers */ 695 break; 696 case PPPOE_CODE_PADT: 697 if (sc == NULL) 698 goto done; 699 pppoe_clear_softc(sc, "received PADT"); 700 break; 701 default: 702 printf("%s: unknown code (0x%04x) session = 0x%04x\n", 703 sc? sc->sc_sppp.pp_if.if_xname : "pppoe", 704 ph->code, session); 705 break; 706 } 707 708 done: 709 if (m) 710 m_freem(m); 711 return; 712 } 713 714 static void 715 pppoe_disc_input(struct mbuf *m) 716 { 717 718 /* avoid error messages if there is not a single pppoe instance */ 719 if (!LIST_EMPTY(&pppoe_softc_list)) { 720 KASSERT(m->m_flags & M_PKTHDR); 721 pppoe_dispatch_disc_pkt(m, 0); 722 } else 723 m_freem(m); 724 } 725 726 static void 727 pppoe_data_input(struct mbuf *m) 728 { 729 uint16_t session, plen; 730 struct pppoe_softc *sc; 731 struct pppoehdr *ph; 732 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 733 uint8_t shost[ETHER_ADDR_LEN]; 734 #endif 735 736 KASSERT(m->m_flags & M_PKTHDR); 737 738 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 739 memcpy(shost, mtod(m, struct ether_header*)->ether_shost, ETHER_ADDR_LEN); 740 #endif 741 m_adj(m, sizeof(struct ether_header)); 742 if (m->m_pkthdr.len <= PPPOE_HEADERLEN) { 743 printf("pppoe (data): dropping too short packet: %d bytes\n", 744 m->m_pkthdr.len); 745 goto drop; 746 } 747 748 if (m->m_len < sizeof(*ph)) { 749 m = m_pullup(m, sizeof(*ph)); 750 if (!m) { 751 printf("pppoe: could not get PPPoE header\n"); 752 return; 753 } 754 } 755 ph = mtod(m, struct pppoehdr *); 756 757 if (ph->vertype != PPPOE_VERTYPE) { 758 printf("pppoe (data): unknown version/type packet: 0x%x\n", 759 ph->vertype); 760 goto drop; 761 } 762 if (ph->code != 0) 763 goto drop; 764 765 session = ntohs(ph->session); 766 sc = pppoe_find_softc_by_session(session, m->m_pkthdr.rcvif); 767 if (sc == NULL) { 768 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 769 printf("pppoe: input for unknown session 0x%x, sending PADT\n", 770 session); 771 pppoe_send_padt(m->m_pkthdr.rcvif, session, shost); 772 #endif 773 goto drop; 774 } 775 776 plen = ntohs(ph->plen); 777 778 #if NBPFILTER > 0 779 if(sc->sc_sppp.pp_if.if_bpf) 780 bpf_mtap(sc->sc_sppp.pp_if.if_bpf, m); 781 #endif 782 783 m_adj(m, PPPOE_HEADERLEN); 784 785 #ifdef PPPOE_DEBUG 786 { 787 struct mbuf *p; 788 789 printf("%s: pkthdr.len=%d, pppoe.len=%d", 790 sc->sc_sppp.pp_if.if_xname, 791 m->m_pkthdr.len, plen); 792 p = m; 793 while (p) { 794 printf(" l=%d", p->m_len); 795 p = p->m_next; 796 } 797 printf("\n"); 798 } 799 #endif 800 801 if (m->m_pkthdr.len < plen) 802 goto drop; 803 804 /* fix incoming interface pointer (not the raw ethernet interface anymore) */ 805 m->m_pkthdr.rcvif = &sc->sc_sppp.pp_if; 806 807 /* pass packet up and account for it */ 808 sc->sc_sppp.pp_if.if_ipackets++; 809 sppp_input(&sc->sc_sppp.pp_if, m); 810 return; 811 812 drop: 813 m_freem(m); 814 } 815 816 static int 817 pppoe_output(struct pppoe_softc *sc, struct mbuf *m) 818 { 819 struct sockaddr dst; 820 struct ether_header *eh; 821 uint16_t etype; 822 823 if (sc->sc_eth_if == NULL) { 824 m_freem(m); 825 return EIO; 826 } 827 828 memset(&dst, 0, sizeof dst); 829 dst.sa_family = AF_UNSPEC; 830 eh = (struct ether_header*)&dst.sa_data; 831 etype = sc->sc_state == PPPOE_STATE_SESSION ? ETHERTYPE_PPPOE : ETHERTYPE_PPPOEDISC; 832 eh->ether_type = htons(etype); 833 memcpy(&eh->ether_dhost, &sc->sc_dest, sizeof sc->sc_dest); 834 835 #ifdef PPPOE_DEBUG 836 printf("%s (%x) state=%d, session=0x%x output -> %s, len=%d\n", 837 sc->sc_sppp.pp_if.if_xname, etype, 838 sc->sc_state, sc->sc_session, 839 ether_sprintf((const unsigned char *)&sc->sc_dest), m->m_pkthdr.len); 840 #endif 841 842 m->m_flags &= ~(M_BCAST|M_MCAST); 843 sc->sc_sppp.pp_if.if_opackets++; 844 return sc->sc_eth_if->if_output(sc->sc_eth_if, m, &dst, NULL); 845 } 846 847 static int 848 pppoe_ioctl(struct ifnet *ifp, unsigned long cmd, void *data) 849 { 850 struct lwp *l = curlwp; /* XXX */ 851 struct pppoe_softc *sc = (struct pppoe_softc*)ifp; 852 struct ifreq *ifr = data; 853 int error = 0; 854 855 switch (cmd) { 856 case PPPOESETPARMS: 857 { 858 struct pppoediscparms *parms = (struct pppoediscparms*)data; 859 if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE, 860 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, 861 NULL) != 0) 862 return (EPERM); 863 if (parms->eth_ifname[0] != 0) { 864 struct ifnet *eth_if; 865 866 eth_if = ifunit(parms->eth_ifname); 867 if (eth_if == NULL || eth_if->if_dlt != DLT_EN10MB) { 868 sc->sc_eth_if = NULL; 869 return ENXIO; 870 } 871 872 if (sc->sc_sppp.pp_if.if_mtu > 873 eth_if->if_mtu - PPPOE_OVERHEAD) { 874 sc->sc_sppp.pp_if.if_mtu = eth_if->if_mtu - 875 PPPOE_OVERHEAD; 876 } 877 sc->sc_eth_if = eth_if; 878 } 879 if (parms->ac_name != NULL) { 880 size_t s; 881 char *b = malloc(parms->ac_name_len + 1, M_DEVBUF, 882 M_WAITOK); 883 if (b == NULL) 884 return ENOMEM; 885 error = copyinstr(parms->ac_name, b, 886 parms->ac_name_len+1, &s); 887 if (error != 0) { 888 free(b, M_DEVBUF); 889 return error; 890 } 891 if (s != parms->ac_name_len+1) { 892 free(b, M_DEVBUF); 893 return EINVAL; 894 } 895 if (sc->sc_concentrator_name) 896 free(sc->sc_concentrator_name, M_DEVBUF); 897 sc->sc_concentrator_name = b; 898 } 899 if (parms->service_name != NULL) { 900 size_t s; 901 char *b = malloc(parms->service_name_len + 1, M_DEVBUF, 902 M_WAITOK); 903 if (b == NULL) 904 return ENOMEM; 905 error = copyinstr(parms->service_name, b, 906 parms->service_name_len+1, &s); 907 if (error != 0) { 908 free(b, M_DEVBUF); 909 return error; 910 } 911 if (s != parms->service_name_len+1) { 912 free(b, M_DEVBUF); 913 return EINVAL; 914 } 915 if (sc->sc_service_name) 916 free(sc->sc_service_name, M_DEVBUF); 917 sc->sc_service_name = b; 918 } 919 return 0; 920 } 921 break; 922 case PPPOEGETPARMS: 923 { 924 struct pppoediscparms *parms = (struct pppoediscparms*)data; 925 memset(parms, 0, sizeof *parms); 926 if (sc->sc_eth_if) 927 strncpy(parms->ifname, sc->sc_eth_if->if_xname, IFNAMSIZ); 928 return 0; 929 } 930 break; 931 case PPPOEGETSESSION: 932 { 933 struct pppoeconnectionstate *state = (struct pppoeconnectionstate*)data; 934 state->state = sc->sc_state; 935 state->session_id = sc->sc_session; 936 state->padi_retry_no = sc->sc_padi_retried; 937 state->padr_retry_no = sc->sc_padr_retried; 938 return 0; 939 } 940 break; 941 case SIOCSIFFLAGS: 942 /* 943 * Prevent running re-establishment timers overriding 944 * administrators choice. 945 */ 946 if ((ifr->ifr_flags & IFF_UP) == 0 947 && sc->sc_state >= PPPOE_STATE_PADI_SENT 948 && sc->sc_state < PPPOE_STATE_SESSION) { 949 callout_stop(&sc->sc_timeout); 950 sc->sc_state = PPPOE_STATE_INITIAL; 951 sc->sc_padi_retried = 0; 952 sc->sc_padr_retried = 0; 953 memcpy(&sc->sc_dest, etherbroadcastaddr, 954 sizeof(sc->sc_dest)); 955 } 956 return sppp_ioctl(ifp, cmd, data); 957 case SIOCSIFMTU: 958 if (ifr->ifr_mtu > (sc->sc_eth_if == NULL ? 959 PPPOE_MAXMTU : (sc->sc_eth_if->if_mtu - PPPOE_OVERHEAD))) { 960 return EINVAL; 961 } 962 /*FALLTHROUGH*/ 963 default: 964 return sppp_ioctl(ifp, cmd, data); 965 } 966 return 0; 967 } 968 969 /* 970 * Allocate a mbuf/cluster with space to store the given data length 971 * of payload, leaving space for prepending an ethernet header 972 * in front. 973 */ 974 static struct mbuf * 975 pppoe_get_mbuf(size_t len) 976 { 977 struct mbuf *m; 978 979 MGETHDR(m, M_DONTWAIT, MT_DATA); 980 if (m == NULL) 981 return NULL; 982 if (len + sizeof(struct ether_header) > MHLEN) { 983 MCLGET(m, M_DONTWAIT); 984 if ((m->m_flags & M_EXT) == 0) { 985 struct mbuf *n; 986 MFREE(m, n); 987 return 0; 988 } 989 } 990 m->m_data += sizeof(struct ether_header); 991 m->m_len = len; 992 m->m_pkthdr.len = len; 993 m->m_pkthdr.rcvif = NULL; 994 995 return m; 996 } 997 998 static int 999 pppoe_send_padi(struct pppoe_softc *sc) 1000 { 1001 struct mbuf *m0; 1002 int len, l1 = 0, l2 = 0; /* XXX: gcc */ 1003 uint8_t *p; 1004 1005 if (sc->sc_state >PPPOE_STATE_PADI_SENT) 1006 panic("pppoe_send_padi in state %d", sc->sc_state); 1007 1008 /* calculate length of frame (excluding ethernet header + pppoe header) */ 1009 len = 2 + 2 + 2 + 2 + sizeof sc; /* service name tag is required, host unique is send too */ 1010 if (sc->sc_service_name != NULL) { 1011 l1 = strlen(sc->sc_service_name); 1012 len += l1; 1013 } 1014 if (sc->sc_concentrator_name != NULL) { 1015 l2 = strlen(sc->sc_concentrator_name); 1016 len += 2 + 2 + l2; 1017 } 1018 1019 /* allocate a buffer */ 1020 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); /* header len + payload len */ 1021 if (!m0) 1022 return ENOBUFS; 1023 1024 /* fill in pkt */ 1025 p = mtod(m0, uint8_t *); 1026 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADI, 0, len); 1027 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1028 if (sc->sc_service_name != NULL) { 1029 PPPOE_ADD_16(p, l1); 1030 memcpy(p, sc->sc_service_name, l1); 1031 p += l1; 1032 } else { 1033 PPPOE_ADD_16(p, 0); 1034 } 1035 if (sc->sc_concentrator_name != NULL) { 1036 PPPOE_ADD_16(p, PPPOE_TAG_ACNAME); 1037 PPPOE_ADD_16(p, l2); 1038 memcpy(p, sc->sc_concentrator_name, l2); 1039 p += l2; 1040 } 1041 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1042 PPPOE_ADD_16(p, sizeof(sc)); 1043 memcpy(p, &sc, sizeof sc); 1044 1045 #ifdef PPPOE_DEBUG 1046 p += sizeof sc; 1047 if (p - mtod(m0, uint8_t *) != len + PPPOE_HEADERLEN) 1048 panic("pppoe_send_padi: garbled output len, should be %ld, is %ld", 1049 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, uint8_t *))); 1050 #endif 1051 1052 /* send pkt */ 1053 return pppoe_output(sc, m0); 1054 } 1055 1056 static void 1057 pppoe_timeout(void *arg) 1058 { 1059 int x, retry_wait, err; 1060 struct pppoe_softc *sc = (struct pppoe_softc*)arg; 1061 1062 #ifdef PPPOE_DEBUG 1063 printf("%s: timeout\n", sc->sc_sppp.pp_if.if_xname); 1064 #endif 1065 1066 switch (sc->sc_state) { 1067 case PPPOE_STATE_PADI_SENT: 1068 /* 1069 * We have two basic ways of retrying: 1070 * - Quick retry mode: try a few times in short sequence 1071 * - Slow retry mode: we already had a connection successfully 1072 * established and will try infinitely (without user 1073 * intervention) 1074 * We only enter slow retry mode if IFF_LINK1 (aka autodial) 1075 * is not set. 1076 */ 1077 1078 /* initialize for quick retry mode */ 1079 retry_wait = PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried); 1080 1081 x = splnet(); 1082 sc->sc_padi_retried++; 1083 if (sc->sc_padi_retried >= PPPOE_DISC_MAXPADI) { 1084 if ((sc->sc_sppp.pp_if.if_flags & IFF_LINK1) == 0) { 1085 /* slow retry mode */ 1086 retry_wait = PPPOE_SLOW_RETRY; 1087 } else { 1088 pppoe_abort_connect(sc); 1089 splx(x); 1090 return; 1091 } 1092 } 1093 if ((err = pppoe_send_padi(sc)) != 0) { 1094 sc->sc_padi_retried--; 1095 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1096 printf("%s: failed to transmit PADI, " 1097 "error=%d\n", 1098 sc->sc_sppp.pp_if.if_xname, err); 1099 } 1100 callout_reset(&sc->sc_timeout, retry_wait, 1101 pppoe_timeout, sc); 1102 splx(x); 1103 break; 1104 1105 case PPPOE_STATE_PADR_SENT: 1106 x = splnet(); 1107 sc->sc_padr_retried++; 1108 if (sc->sc_padr_retried >= PPPOE_DISC_MAXPADR) { 1109 memcpy(&sc->sc_dest, etherbroadcastaddr, 1110 sizeof(sc->sc_dest)); 1111 sc->sc_state = PPPOE_STATE_PADI_SENT; 1112 sc->sc_padr_retried = 0; 1113 if ((err = pppoe_send_padi(sc)) != 0) { 1114 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1115 printf("%s: failed to send PADI" 1116 ", error=%d\n", 1117 sc->sc_sppp.pp_if.if_xname, 1118 err); 1119 } 1120 callout_reset(&sc->sc_timeout, 1121 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried), 1122 pppoe_timeout, sc); 1123 splx(x); 1124 return; 1125 } 1126 if ((err = pppoe_send_padr(sc)) != 0) { 1127 sc->sc_padr_retried--; 1128 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1129 printf("%s: failed to send PADR, " 1130 "error=%d\n", sc->sc_sppp.pp_if.if_xname, 1131 err); 1132 } 1133 callout_reset(&sc->sc_timeout, 1134 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried), 1135 pppoe_timeout, sc); 1136 splx(x); 1137 break; 1138 case PPPOE_STATE_CLOSING: 1139 pppoe_disconnect(sc); 1140 break; 1141 default: 1142 return; /* all done, work in peace */ 1143 } 1144 } 1145 1146 /* Start a connection (i.e. initiate discovery phase) */ 1147 static int 1148 pppoe_connect(struct pppoe_softc *sc) 1149 { 1150 int x, err; 1151 1152 if (sc->sc_state != PPPOE_STATE_INITIAL) 1153 return EBUSY; 1154 1155 #ifdef PPPOE_SERVER 1156 /* wait PADI if IFF_PASSIVE */ 1157 if ((sc->sc_sppp.pp_if.if_flags & IFF_PASSIVE)) 1158 return 0; 1159 #endif 1160 x = splnet(); 1161 /* save state, in case we fail to send PADI */ 1162 sc->sc_state = PPPOE_STATE_PADI_SENT; 1163 sc->sc_padr_retried = 0; 1164 err = pppoe_send_padi(sc); 1165 if (err != 0 && sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1166 printf("%s: failed to send PADI, error=%d\n", 1167 sc->sc_sppp.pp_if.if_xname, err); 1168 callout_reset(&sc->sc_timeout, PPPOE_DISC_TIMEOUT, pppoe_timeout, sc); 1169 splx(x); 1170 return err; 1171 } 1172 1173 /* disconnect */ 1174 static int 1175 pppoe_disconnect(struct pppoe_softc *sc) 1176 { 1177 int err, x; 1178 1179 x = splnet(); 1180 1181 if (sc->sc_state < PPPOE_STATE_SESSION) 1182 err = EBUSY; 1183 else { 1184 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1185 printf("%s: disconnecting\n", 1186 sc->sc_sppp.pp_if.if_xname); 1187 err = pppoe_send_padt(sc->sc_eth_if, sc->sc_session, (const uint8_t *)&sc->sc_dest); 1188 } 1189 1190 /* cleanup softc */ 1191 sc->sc_state = PPPOE_STATE_INITIAL; 1192 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1193 if (sc->sc_ac_cookie) { 1194 free(sc->sc_ac_cookie, M_DEVBUF); 1195 sc->sc_ac_cookie = NULL; 1196 } 1197 sc->sc_ac_cookie_len = 0; 1198 #ifdef PPPOE_SERVER 1199 if (sc->sc_hunique) { 1200 free(sc->sc_hunique, M_DEVBUF); 1201 sc->sc_hunique = NULL; 1202 } 1203 sc->sc_hunique_len = 0; 1204 #endif 1205 sc->sc_session = 0; 1206 1207 /* notify upper layer */ 1208 sc->sc_sppp.pp_down(&sc->sc_sppp); 1209 1210 splx(x); 1211 1212 return err; 1213 } 1214 1215 /* Connection attempt aborted */ 1216 static void 1217 pppoe_abort_connect(struct pppoe_softc *sc) 1218 { 1219 printf("%s: could not establish connection\n", 1220 sc->sc_sppp.pp_if.if_xname); 1221 sc->sc_state = PPPOE_STATE_CLOSING; 1222 1223 /* notify upper layer */ 1224 sc->sc_sppp.pp_down(&sc->sc_sppp); 1225 1226 /* clear connection state */ 1227 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1228 sc->sc_state = PPPOE_STATE_INITIAL; 1229 } 1230 1231 /* Send a PADR packet */ 1232 static int 1233 pppoe_send_padr(struct pppoe_softc *sc) 1234 { 1235 struct mbuf *m0; 1236 uint8_t *p; 1237 size_t len, l1 = 0; /* XXX: gcc */ 1238 1239 if (sc->sc_state != PPPOE_STATE_PADR_SENT) 1240 return EIO; 1241 1242 len = 2 + 2 + 2 + 2 + sizeof(sc); /* service name, host unique */ 1243 if (sc->sc_service_name != NULL) { /* service name tag maybe empty */ 1244 l1 = strlen(sc->sc_service_name); 1245 len += l1; 1246 } 1247 if (sc->sc_ac_cookie_len > 0) 1248 len += 2 + 2 + sc->sc_ac_cookie_len; /* AC cookie */ 1249 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); 1250 if (!m0) 1251 return ENOBUFS; 1252 p = mtod(m0, uint8_t *); 1253 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADR, 0, len); 1254 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1255 if (sc->sc_service_name != NULL) { 1256 PPPOE_ADD_16(p, l1); 1257 memcpy(p, sc->sc_service_name, l1); 1258 p += l1; 1259 } else { 1260 PPPOE_ADD_16(p, 0); 1261 } 1262 if (sc->sc_ac_cookie_len > 0) { 1263 PPPOE_ADD_16(p, PPPOE_TAG_ACCOOKIE); 1264 PPPOE_ADD_16(p, sc->sc_ac_cookie_len); 1265 memcpy(p, sc->sc_ac_cookie, sc->sc_ac_cookie_len); 1266 p += sc->sc_ac_cookie_len; 1267 } 1268 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1269 PPPOE_ADD_16(p, sizeof(sc)); 1270 memcpy(p, &sc, sizeof sc); 1271 1272 #ifdef PPPOE_DEBUG 1273 p += sizeof sc; 1274 if (p - mtod(m0, uint8_t *) != len + PPPOE_HEADERLEN) 1275 panic("pppoe_send_padr: garbled output len, should be %ld, is %ld", 1276 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, uint8_t *))); 1277 #endif 1278 1279 return pppoe_output(sc, m0); 1280 } 1281 1282 /* send a PADT packet */ 1283 static int 1284 pppoe_send_padt(struct ifnet *outgoing_if, u_int session, const uint8_t *dest) 1285 { 1286 struct ether_header *eh; 1287 struct sockaddr dst; 1288 struct mbuf *m0; 1289 uint8_t *p; 1290 1291 m0 = pppoe_get_mbuf(PPPOE_HEADERLEN); 1292 if (!m0) 1293 return EIO; 1294 p = mtod(m0, uint8_t *); 1295 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADT, session, 0); 1296 1297 memset(&dst, 0, sizeof dst); 1298 dst.sa_family = AF_UNSPEC; 1299 eh = (struct ether_header*)&dst.sa_data; 1300 eh->ether_type = htons(ETHERTYPE_PPPOEDISC); 1301 memcpy(&eh->ether_dhost, dest, ETHER_ADDR_LEN); 1302 1303 m0->m_flags &= ~(M_BCAST|M_MCAST); 1304 return outgoing_if->if_output(outgoing_if, m0, &dst, NULL); 1305 } 1306 1307 #ifdef PPPOE_SERVER 1308 static int 1309 pppoe_send_pado(struct pppoe_softc *sc) 1310 { 1311 struct mbuf *m0; 1312 uint8_t *p; 1313 size_t len; 1314 1315 if (sc->sc_state != PPPOE_STATE_PADO_SENT) 1316 return EIO; 1317 1318 /* calc length */ 1319 len = 0; 1320 /* include ac_cookie */ 1321 len += 2 + 2 + sizeof(sc); 1322 /* include hunique */ 1323 len += 2 + 2 + sc->sc_hunique_len; 1324 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); 1325 if (!m0) 1326 return EIO; 1327 p = mtod(m0, uint8_t *); 1328 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADO, 0, len); 1329 PPPOE_ADD_16(p, PPPOE_TAG_ACCOOKIE); 1330 PPPOE_ADD_16(p, sizeof(sc)); 1331 memcpy(p, &sc, sizeof(sc)); 1332 p += sizeof(sc); 1333 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1334 PPPOE_ADD_16(p, sc->sc_hunique_len); 1335 memcpy(p, sc->sc_hunique, sc->sc_hunique_len); 1336 return pppoe_output(sc, m0); 1337 } 1338 1339 static int 1340 pppoe_send_pads(struct pppoe_softc *sc) 1341 { 1342 struct bintime bt; 1343 struct mbuf *m0; 1344 uint8_t *p; 1345 size_t len, l1 = 0; /* XXX: gcc */ 1346 1347 if (sc->sc_state != PPPOE_STATE_PADO_SENT) 1348 return EIO; 1349 1350 getbinuptime(&bt); 1351 sc->sc_session = bt.sec % 0xff + 1; 1352 /* calc length */ 1353 len = 0; 1354 /* include hunique */ 1355 len += 2 + 2 + 2 + 2 + sc->sc_hunique_len; /* service name, host unique*/ 1356 if (sc->sc_service_name != NULL) { /* service name tag maybe empty */ 1357 l1 = strlen(sc->sc_service_name); 1358 len += l1; 1359 } 1360 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); 1361 if (!m0) 1362 return ENOBUFS; 1363 p = mtod(m0, uint8_t *); 1364 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADS, sc->sc_session, len); 1365 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1366 if (sc->sc_service_name != NULL) { 1367 PPPOE_ADD_16(p, l1); 1368 memcpy(p, sc->sc_service_name, l1); 1369 p += l1; 1370 } else { 1371 PPPOE_ADD_16(p, 0); 1372 } 1373 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1374 PPPOE_ADD_16(p, sc->sc_hunique_len); 1375 memcpy(p, sc->sc_hunique, sc->sc_hunique_len); 1376 return pppoe_output(sc, m0); 1377 } 1378 #endif 1379 1380 static void 1381 pppoe_tls(struct sppp *sp) 1382 { 1383 struct pppoe_softc *sc = (void *)sp; 1384 if (sc->sc_state != PPPOE_STATE_INITIAL) 1385 return; 1386 pppoe_connect(sc); 1387 } 1388 1389 static void 1390 pppoe_tlf(struct sppp *sp) 1391 { 1392 struct pppoe_softc *sc = (void *)sp; 1393 if (sc->sc_state < PPPOE_STATE_SESSION) 1394 return; 1395 /* 1396 * Do not call pppoe_disconnect here, the upper layer state 1397 * machine gets confused by this. We must return from this 1398 * function and defer disconnecting to the timeout handler. 1399 */ 1400 sc->sc_state = PPPOE_STATE_CLOSING; 1401 callout_reset(&sc->sc_timeout, hz/50, pppoe_timeout, sc); 1402 } 1403 1404 static void 1405 pppoe_start(struct ifnet *ifp) 1406 { 1407 struct pppoe_softc *sc = (void *)ifp; 1408 struct mbuf *m; 1409 uint8_t *p; 1410 size_t len; 1411 1412 if (sppp_isempty(ifp)) 1413 return; 1414 1415 /* are we ready to process data yet? */ 1416 if (sc->sc_state < PPPOE_STATE_SESSION) { 1417 sppp_flush(&sc->sc_sppp.pp_if); 1418 return; 1419 } 1420 1421 while ((m = sppp_dequeue(ifp)) != NULL) { 1422 len = m->m_pkthdr.len; 1423 M_PREPEND(m, PPPOE_HEADERLEN, M_DONTWAIT); 1424 if (m == NULL) { 1425 ifp->if_oerrors++; 1426 continue; 1427 } 1428 p = mtod(m, uint8_t *); 1429 PPPOE_ADD_HEADER(p, 0, sc->sc_session, len); 1430 1431 #if NBPFILTER > 0 1432 if(sc->sc_sppp.pp_if.if_bpf) 1433 bpf_mtap(sc->sc_sppp.pp_if.if_bpf, m); 1434 #endif 1435 1436 pppoe_output(sc, m); 1437 } 1438 } 1439 1440 1441 #ifdef PFIL_HOOKS 1442 static int 1443 pppoe_ifattach_hook(void *arg, struct mbuf **mp, struct ifnet *ifp, 1444 int dir) 1445 { 1446 struct pppoe_softc *sc; 1447 int s; 1448 1449 if (mp != (struct mbuf **)PFIL_IFNET_DETACH) 1450 return 0; 1451 1452 s = splnet(); 1453 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) { 1454 if (sc->sc_eth_if != ifp) 1455 continue; 1456 if (sc->sc_sppp.pp_if.if_flags & IFF_UP) { 1457 sc->sc_sppp.pp_if.if_flags &= ~(IFF_UP|IFF_RUNNING); 1458 printf("%s: ethernet interface detached, going down\n", 1459 sc->sc_sppp.pp_if.if_xname); 1460 } 1461 sc->sc_eth_if = NULL; 1462 pppoe_clear_softc(sc, "ethernet interface detached"); 1463 } 1464 splx(s); 1465 1466 return 0; 1467 } 1468 #endif 1469 1470 static void 1471 pppoe_clear_softc(struct pppoe_softc *sc, const char *message) 1472 { 1473 /* stop timer */ 1474 callout_stop(&sc->sc_timeout); 1475 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1476 printf("%s: session 0x%x terminated, %s\n", 1477 sc->sc_sppp.pp_if.if_xname, sc->sc_session, message); 1478 1479 /* fix our state */ 1480 sc->sc_state = PPPOE_STATE_INITIAL; 1481 1482 /* signal upper layer */ 1483 sc->sc_sppp.pp_down(&sc->sc_sppp); 1484 1485 /* clean up softc */ 1486 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1487 if (sc->sc_ac_cookie) { 1488 free(sc->sc_ac_cookie, M_DEVBUF); 1489 sc->sc_ac_cookie = NULL; 1490 } 1491 sc->sc_ac_cookie_len = 0; 1492 sc->sc_session = 0; 1493 } 1494