if_pppoe.c revision 1.112
1/* $NetBSD: if_pppoe.c,v 1.112 2016/08/06 23:46:30 pgoyette Exp $ */ 2 3/*- 4 * Copyright (c) 2002, 2008 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Martin Husemann <martin@NetBSD.org>. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32#include <sys/cdefs.h> 33__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.112 2016/08/06 23:46:30 pgoyette Exp $"); 34 35#ifdef _KERNEL_OPT 36#include "pppoe.h" 37#include "opt_pppoe.h" 38#endif 39 40#include <sys/param.h> 41#include <sys/systm.h> 42#include <sys/kernel.h> 43#include <sys/callout.h> 44#include <sys/malloc.h> 45#include <sys/mbuf.h> 46#include <sys/socket.h> 47#include <sys/proc.h> 48#include <sys/ioctl.h> 49#include <sys/kauth.h> 50#include <sys/intr.h> 51#include <sys/socketvar.h> 52#include <sys/device.h> 53#include <sys/module.h> 54 55#include <net/if.h> 56#include <net/if_types.h> 57#include <net/if_ether.h> 58#include <net/if_sppp.h> 59#include <net/if_spppvar.h> 60#include <net/if_pppoe.h> 61 62#include <net/bpf.h> 63 64#include "ioconf.h" 65 66#undef PPPOE_DEBUG /* XXX - remove this or make it an option */ 67/* #define PPPOE_DEBUG 1 */ 68 69struct pppoehdr { 70 uint8_t vertype; 71 uint8_t code; 72 uint16_t session; 73 uint16_t plen; 74} __packed; 75 76struct pppoetag { 77 uint16_t tag; 78 uint16_t len; 79} __packed; 80 81#define PPPOE_HEADERLEN sizeof(struct pppoehdr) 82#define PPPOE_OVERHEAD (PPPOE_HEADERLEN + 2) 83#define PPPOE_VERTYPE 0x11 /* VER=1, TYPE = 1 */ 84 85#define PPPOE_TAG_EOL 0x0000 /* end of list */ 86#define PPPOE_TAG_SNAME 0x0101 /* service name */ 87#define PPPOE_TAG_ACNAME 0x0102 /* access concentrator name */ 88#define PPPOE_TAG_HUNIQUE 0x0103 /* host unique */ 89#define PPPOE_TAG_ACCOOKIE 0x0104 /* AC cookie */ 90#define PPPOE_TAG_VENDOR 0x0105 /* vendor specific */ 91#define PPPOE_TAG_RELAYSID 0x0110 /* relay session id */ 92#define PPPOE_TAG_MAX_PAYLOAD 0x0120 /* max payload */ 93#define PPPOE_TAG_SNAME_ERR 0x0201 /* service name error */ 94#define PPPOE_TAG_ACSYS_ERR 0x0202 /* AC system error */ 95#define PPPOE_TAG_GENERIC_ERR 0x0203 /* generic error */ 96 97#define PPPOE_CODE_PADI 0x09 /* Active Discovery Initiation */ 98#define PPPOE_CODE_PADO 0x07 /* Active Discovery Offer */ 99#define PPPOE_CODE_PADR 0x19 /* Active Discovery Request */ 100#define PPPOE_CODE_PADS 0x65 /* Active Discovery Session confirmation */ 101#define PPPOE_CODE_PADT 0xA7 /* Active Discovery Terminate */ 102 103/* two byte PPP protocol discriminator, then IP data */ 104#define PPPOE_MAXMTU (ETHERMTU - PPPOE_OVERHEAD) 105 106/* Add a 16 bit unsigned value to a buffer pointed to by PTR */ 107#define PPPOE_ADD_16(PTR, VAL) \ 108 *(PTR)++ = (VAL) / 256; \ 109 *(PTR)++ = (VAL) % 256 110 111/* Add a complete PPPoE header to the buffer pointed to by PTR */ 112#define PPPOE_ADD_HEADER(PTR, CODE, SESS, LEN) \ 113 *(PTR)++ = PPPOE_VERTYPE; \ 114 *(PTR)++ = (CODE); \ 115 PPPOE_ADD_16(PTR, SESS); \ 116 PPPOE_ADD_16(PTR, LEN) 117 118#define PPPOE_DISC_TIMEOUT (hz*5) /* base for quick timeout calculation */ 119#define PPPOE_SLOW_RETRY (hz*60) /* persistent retry interval */ 120#define PPPOE_RECON_FAST (hz*15) /* first retry after auth failure */ 121#define PPPOE_RECON_IMMEDIATE (hz/10) /* "no delay" reconnect */ 122#define PPPOE_DISC_MAXPADI 4 /* retry PADI four times (quickly) */ 123#define PPPOE_DISC_MAXPADR 2 /* retry PADR twice */ 124 125#ifdef PPPOE_SERVER 126/* from if_spppsubr.c */ 127#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 128#endif 129 130struct pppoe_softc { 131 struct sppp sc_sppp; /* contains a struct ifnet as first element */ 132 LIST_ENTRY(pppoe_softc) sc_list; 133 struct ifnet *sc_eth_if; /* ethernet interface we are using */ 134 135 int sc_state; /* discovery phase or session connected */ 136 struct ether_addr sc_dest; /* hardware address of concentrator */ 137 uint16_t sc_session; /* PPPoE session id */ 138 139 char *sc_service_name; /* if != NULL: requested name of service */ 140 char *sc_concentrator_name; /* if != NULL: requested concentrator id */ 141 uint8_t *sc_ac_cookie; /* content of AC cookie we must echo back */ 142 size_t sc_ac_cookie_len; /* length of cookie data */ 143 uint8_t *sc_relay_sid; /* content of relay SID we must echo back */ 144 size_t sc_relay_sid_len; /* length of relay SID data */ 145#ifdef PPPOE_SERVER 146 uint8_t *sc_hunique; /* content of host unique we must echo back */ 147 size_t sc_hunique_len; /* length of host unique */ 148#endif 149 callout_t sc_timeout; /* timeout while not in session state */ 150 int sc_padi_retried; /* number of PADI retries already done */ 151 int sc_padr_retried; /* number of PADR retries already done */ 152}; 153 154/* incoming traffic will be queued here */ 155struct ifqueue ppoediscinq = { .ifq_maxlen = IFQ_MAXLEN }; 156struct ifqueue ppoeinq = { .ifq_maxlen = IFQ_MAXLEN }; 157 158void *pppoe_softintr = NULL; 159static void pppoe_softintr_handler(void *); 160 161extern int sppp_ioctl(struct ifnet *, unsigned long, void *); 162 163/* input routines */ 164static void pppoeintr(void); 165static void pppoe_disc_input(struct mbuf *); 166static void pppoe_dispatch_disc_pkt(struct mbuf *, int); 167static void pppoe_data_input(struct mbuf *); 168static void pppoe_enqueue(struct ifqueue *, struct mbuf *); 169 170/* management routines */ 171static int pppoe_connect(struct pppoe_softc *); 172static int pppoe_disconnect(struct pppoe_softc *); 173static void pppoe_abort_connect(struct pppoe_softc *); 174static int pppoe_ioctl(struct ifnet *, unsigned long, void *); 175static void pppoe_tls(struct sppp *); 176static void pppoe_tlf(struct sppp *); 177static void pppoe_start(struct ifnet *); 178static void pppoe_clear_softc(struct pppoe_softc *, const char *); 179 180/* internal timeout handling */ 181static void pppoe_timeout(void *); 182 183/* sending actual protocol controll packets */ 184static int pppoe_send_padi(struct pppoe_softc *); 185static int pppoe_send_padr(struct pppoe_softc *); 186#ifdef PPPOE_SERVER 187static int pppoe_send_pado(struct pppoe_softc *); 188static int pppoe_send_pads(struct pppoe_softc *); 189#endif 190static int pppoe_send_padt(struct ifnet *, u_int, const uint8_t *); 191 192/* raw output */ 193static int pppoe_output(struct pppoe_softc *, struct mbuf *); 194 195/* internal helper functions */ 196static struct pppoe_softc * pppoe_find_softc_by_session(u_int, struct ifnet *); 197static struct pppoe_softc * pppoe_find_softc_by_hunique(uint8_t *, size_t, struct ifnet *); 198static struct mbuf *pppoe_get_mbuf(size_t len); 199 200static int pppoe_ifattach_hook(void *, struct mbuf **, struct ifnet *, int); 201 202static LIST_HEAD(pppoe_softc_head, pppoe_softc) pppoe_softc_list; 203 204static int pppoe_clone_create(struct if_clone *, int); 205static int pppoe_clone_destroy(struct ifnet *); 206 207static struct if_clone pppoe_cloner = 208 IF_CLONE_INITIALIZER("pppoe", pppoe_clone_create, pppoe_clone_destroy); 209 210/* ARGSUSED */ 211void 212pppoeattach(int count) 213{ 214 215 /* 216 * Nothing to do here - all initialization happens as part 217 * of module init. 218 */ 219} 220 221static void 222pppoeinit(void) 223{ 224 225 LIST_INIT(&pppoe_softc_list); 226 if_clone_attach(&pppoe_cloner); 227 228 pppoe_softintr = softint_establish(SOFTINT_NET, pppoe_softintr_handler, 229 NULL); 230} 231 232static int 233pppoedetach(void) 234{ 235 236 softint_disestablish(pppoe_softintr); 237 if_clone_detach(&pppoe_cloner); 238 239 return 0; 240} 241 242static int 243pppoe_clone_create(struct if_clone *ifc, int unit) 244{ 245 struct pppoe_softc *sc; 246 247 sc = malloc(sizeof(struct pppoe_softc), M_DEVBUF, M_WAITOK|M_ZERO); 248 249 if_initname(&sc->sc_sppp.pp_if, "pppoe", unit); 250 sc->sc_sppp.pp_if.if_softc = sc; 251 sc->sc_sppp.pp_if.if_mtu = PPPOE_MAXMTU; 252 sc->sc_sppp.pp_if.if_flags = IFF_SIMPLEX|IFF_POINTOPOINT|IFF_MULTICAST; 253 sc->sc_sppp.pp_if.if_type = IFT_PPP; 254 sc->sc_sppp.pp_if.if_hdrlen = sizeof(struct ether_header) + PPPOE_HEADERLEN; 255 sc->sc_sppp.pp_if.if_dlt = DLT_PPP_ETHER; 256 sc->sc_sppp.pp_flags |= PP_KEEPALIVE | /* use LCP keepalive */ 257 PP_NOFRAMING; /* no serial encapsulation */ 258 sc->sc_sppp.pp_if.if_ioctl = pppoe_ioctl; 259 IFQ_SET_MAXLEN(&sc->sc_sppp.pp_if.if_snd, IFQ_MAXLEN); 260 IFQ_SET_READY(&sc->sc_sppp.pp_if.if_snd); 261 262 /* changed to real address later */ 263 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 264 265 callout_init(&sc->sc_timeout, 0); 266 267 sc->sc_sppp.pp_if.if_start = pppoe_start; 268 sc->sc_sppp.pp_tls = pppoe_tls; 269 sc->sc_sppp.pp_tlf = pppoe_tlf; 270 sc->sc_sppp.pp_framebytes = PPPOE_HEADERLEN; /* framing added to ppp packets */ 271 272 if_attach(&sc->sc_sppp.pp_if); 273 sppp_attach(&sc->sc_sppp.pp_if); 274 275 bpf_attach(&sc->sc_sppp.pp_if, DLT_PPP_ETHER, 0); 276 if (LIST_EMPTY(&pppoe_softc_list)) { 277 pfil_add_hook(pppoe_ifattach_hook, NULL, PFIL_IFNET, if_pfil); 278 } 279 LIST_INSERT_HEAD(&pppoe_softc_list, sc, sc_list); 280 return 0; 281} 282 283static int 284pppoe_clone_destroy(struct ifnet *ifp) 285{ 286 struct pppoe_softc * sc = ifp->if_softc; 287 288 callout_stop(&sc->sc_timeout); 289 LIST_REMOVE(sc, sc_list); 290 if (LIST_EMPTY(&pppoe_softc_list)) { 291 pfil_remove_hook(pppoe_ifattach_hook, NULL, PFIL_IFNET, if_pfil); 292 } 293 bpf_detach(ifp); 294 sppp_detach(&sc->sc_sppp.pp_if); 295 if_detach(ifp); 296 if (sc->sc_concentrator_name) 297 free(sc->sc_concentrator_name, M_DEVBUF); 298 if (sc->sc_service_name) 299 free(sc->sc_service_name, M_DEVBUF); 300 if (sc->sc_ac_cookie) 301 free(sc->sc_ac_cookie, M_DEVBUF); 302 if (sc->sc_relay_sid) 303 free(sc->sc_relay_sid, M_DEVBUF); 304 callout_destroy(&sc->sc_timeout); 305 free(sc, M_DEVBUF); 306 307 return (0); 308} 309 310/* 311 * Find the interface handling the specified session. 312 * Note: O(number of sessions open), this is a client-side only, mean 313 * and lean implementation, so number of open sessions typically should 314 * be 1. 315 */ 316static struct pppoe_softc * 317pppoe_find_softc_by_session(u_int session, struct ifnet *rcvif) 318{ 319 struct pppoe_softc *sc; 320 321 if (session == 0) 322 return NULL; 323 324 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) { 325 if (sc->sc_state == PPPOE_STATE_SESSION 326 && sc->sc_session == session 327 && sc->sc_eth_if == rcvif) 328 return sc; 329 } 330 return NULL; 331} 332 333/* Check host unique token passed and return appropriate softc pointer, 334 * or NULL if token is bogus. */ 335static struct pppoe_softc * 336pppoe_find_softc_by_hunique(uint8_t *token, size_t len, struct ifnet *rcvif) 337{ 338 struct pppoe_softc *sc, *t; 339 340 if (LIST_EMPTY(&pppoe_softc_list)) 341 return NULL; 342 343 if (len != sizeof sc) 344 return NULL; 345 memcpy(&t, token, len); 346 347 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) 348 if (sc == t) break; 349 350 if (sc == NULL) { 351#ifdef PPPOE_DEBUG 352 printf("pppoe: alien host unique tag, no session found\n"); 353#endif 354 return NULL; 355 } 356 357 /* should be safe to access *sc now */ 358 if (sc->sc_state < PPPOE_STATE_PADI_SENT || sc->sc_state >= PPPOE_STATE_SESSION) { 359 printf("%s: host unique tag found, but it belongs to a connection in state %d\n", 360 sc->sc_sppp.pp_if.if_xname, sc->sc_state); 361 return NULL; 362 } 363 if (sc->sc_eth_if != rcvif) { 364 printf("%s: wrong interface, not accepting host unique\n", 365 sc->sc_sppp.pp_if.if_xname); 366 return NULL; 367 } 368 return sc; 369} 370 371static void 372pppoe_softintr_handler(void *dummy) 373{ 374 /* called at splsoftnet() */ 375 mutex_enter(softnet_lock); 376 pppoeintr(); 377 mutex_exit(softnet_lock); 378} 379 380/* called at appropriate protection level */ 381static void 382pppoeintr(void) 383{ 384 struct mbuf *m; 385 int s, disc_done, data_done; 386 387 do { 388 disc_done = 0; 389 data_done = 0; 390 for (;;) { 391 s = splnet(); 392 IF_DEQUEUE(&ppoediscinq, m); 393 splx(s); 394 if (m == NULL) break; 395 disc_done = 1; 396 pppoe_disc_input(m); 397 } 398 399 for (;;) { 400 s = splnet(); 401 IF_DEQUEUE(&ppoeinq, m); 402 splx(s); 403 if (m == NULL) break; 404 data_done = 1; 405 pppoe_data_input(m); 406 } 407 } while (disc_done || data_done); 408} 409 410/* analyze and handle a single received packet while not in session state */ 411static void 412pppoe_dispatch_disc_pkt(struct mbuf *m, int off) 413{ 414 uint16_t tag, len; 415 uint16_t session, plen; 416 struct pppoe_softc *sc; 417 const char *err_msg, *devname; 418 char *error; 419 uint8_t *ac_cookie; 420 size_t ac_cookie_len; 421 uint8_t *relay_sid; 422 size_t relay_sid_len; 423#ifdef PPPOE_SERVER 424 uint8_t *hunique; 425 size_t hunique_len; 426#endif 427 struct pppoehdr *ph; 428 struct pppoetag *pt; 429 struct mbuf *n; 430 int noff, err, errortag; 431 struct ether_header *eh; 432 433 devname = "pppoe"; /* as long as we don't know which instance */ 434 err_msg = NULL; 435 errortag = 0; 436 if (m->m_len < sizeof(*eh)) { 437 m = m_pullup(m, sizeof(*eh)); 438 if (!m) 439 goto done; 440 } 441 eh = mtod(m, struct ether_header *); 442 off += sizeof(*eh); 443 444 ac_cookie = NULL; 445 ac_cookie_len = 0; 446 relay_sid = NULL; 447 relay_sid_len = 0; 448#ifdef PPPOE_SERVER 449 hunique = NULL; 450 hunique_len = 0; 451#endif 452 session = 0; 453 if (m->m_pkthdr.len - off <= PPPOE_HEADERLEN) { 454 printf("pppoe: packet too short: %d\n", m->m_pkthdr.len); 455 goto done; 456 } 457 458 n = m_pulldown(m, off, sizeof(*ph), &noff); 459 if (!n) { 460 printf("pppoe: could not get PPPoE header\n"); 461 m = NULL; 462 goto done; 463 } 464 ph = (struct pppoehdr *)(mtod(n, char *) + noff); 465 if (ph->vertype != PPPOE_VERTYPE) { 466 printf("pppoe: unknown version/type packet: 0x%x\n", 467 ph->vertype); 468 goto done; 469 } 470 session = ntohs(ph->session); 471 plen = ntohs(ph->plen); 472 off += sizeof(*ph); 473 474 if (plen + off > m->m_pkthdr.len) { 475 printf("pppoe: packet content does not fit: data available = %d, packet size = %u\n", 476 m->m_pkthdr.len - off, plen); 477 goto done; 478 } 479 m_adj(m, off + plen - m->m_pkthdr.len); /* ignore trailing garbage */ 480 tag = 0; 481 len = 0; 482 sc = NULL; 483 while (off + sizeof(*pt) <= m->m_pkthdr.len) { 484 n = m_pulldown(m, off, sizeof(*pt), &noff); 485 if (!n) { 486 printf("%s: parse error\n", devname); 487 m = NULL; 488 goto done; 489 } 490 pt = (struct pppoetag *)(mtod(n, char *) + noff); 491 tag = ntohs(pt->tag); 492 len = ntohs(pt->len); 493 if (off + len + sizeof(*pt) > m->m_pkthdr.len) { 494 printf("pppoe: tag 0x%x len 0x%x is too long\n", 495 tag, len); 496 goto done; 497 } 498 switch (tag) { 499 case PPPOE_TAG_EOL: 500 goto breakbreak; 501 case PPPOE_TAG_SNAME: 502 break; /* ignored */ 503 case PPPOE_TAG_ACNAME: 504 error = NULL; 505 if (sc != NULL && len > 0) { 506 error = malloc(len+1, M_TEMP, M_NOWAIT); 507 if (error) { 508 n = m_pulldown(m, off + sizeof(*pt), 509 len, &noff); 510 if (n) { 511 strlcpy(error, 512 mtod(n, char*) + noff, 513 len); 514 } 515 printf("%s: connected to %s\n", 516 devname, error); 517 free(error, M_TEMP); 518 } 519 } 520 break; /* ignored */ 521 case PPPOE_TAG_HUNIQUE: { 522 struct ifnet *rcvif; 523 int s; 524 if (sc != NULL) 525 break; 526 n = m_pulldown(m, off + sizeof(*pt), len, &noff); 527 if (!n) { 528 m = NULL; 529 err_msg = "TAG HUNIQUE ERROR"; 530 break; 531 } 532#ifdef PPPOE_SERVER 533 hunique = mtod(n, uint8_t *) + noff; 534 hunique_len = len; 535#endif 536 rcvif = m_get_rcvif(m, &s); 537 sc = pppoe_find_softc_by_hunique(mtod(n, char *) + noff, 538 len, rcvif); 539 m_put_rcvif(rcvif, &s); 540 if (sc != NULL) 541 devname = sc->sc_sppp.pp_if.if_xname; 542 break; 543 } 544 case PPPOE_TAG_ACCOOKIE: 545 if (ac_cookie == NULL) { 546 n = m_pulldown(m, off + sizeof(*pt), len, 547 &noff); 548 if (!n) { 549 err_msg = "TAG ACCOOKIE ERROR"; 550 m = NULL; 551 break; 552 } 553 ac_cookie = mtod(n, char *) + noff; 554 ac_cookie_len = len; 555 } 556 break; 557 case PPPOE_TAG_RELAYSID: 558 if (relay_sid == NULL) { 559 n = m_pulldown(m, off + sizeof(*pt), len, 560 &noff); 561 if (!n) { 562 err_msg = "TAG RELAYSID ERROR"; 563 m = NULL; 564 break; 565 } 566 relay_sid = mtod(n, char *) + noff; 567 relay_sid_len = len; 568 } 569 break; 570 case PPPOE_TAG_SNAME_ERR: 571 err_msg = "SERVICE NAME ERROR"; 572 errortag = 1; 573 break; 574 case PPPOE_TAG_ACSYS_ERR: 575 err_msg = "AC SYSTEM ERROR"; 576 errortag = 1; 577 break; 578 case PPPOE_TAG_GENERIC_ERR: 579 err_msg = "GENERIC ERROR"; 580 errortag = 1; 581 break; 582 } 583 if (err_msg) { 584 error = NULL; 585 if (errortag && len) { 586 error = malloc(len+1, M_TEMP, M_NOWAIT); 587 n = m_pulldown(m, off + sizeof(*pt), len, 588 &noff); 589 if (n && error) { 590 strlcpy(error, 591 mtod(n, char *) + noff, len); 592 } 593 } 594 if (error) { 595 printf("%s: %s: %s\n", devname, 596 err_msg, error); 597 free(error, M_TEMP); 598 } else 599 printf("%s: %s\n", devname, err_msg); 600 if (errortag || m == NULL) 601 goto done; 602 } 603 off += sizeof(*pt) + len; 604 } 605breakbreak:; 606 switch (ph->code) { 607 case PPPOE_CODE_PADI: 608#ifdef PPPOE_SERVER 609 /* 610 * got service name, concentrator name, and/or host unique. 611 * ignore if we have no interfaces with IFF_PASSIVE|IFF_UP. 612 */ 613 if (LIST_EMPTY(&pppoe_softc_list)) 614 goto done; 615 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) { 616 if (!(sc->sc_sppp.pp_if.if_flags & IFF_UP)) 617 continue; 618 if (!(sc->sc_sppp.pp_if.if_flags & IFF_PASSIVE)) 619 continue; 620 if (sc->sc_state == PPPOE_STATE_INITIAL) 621 break; 622 } 623 if (sc == NULL) { 624/* printf("pppoe: free passive interface is not found\n");*/ 625 goto done; 626 } 627 if (hunique) { 628 if (sc->sc_hunique) 629 free(sc->sc_hunique, M_DEVBUF); 630 sc->sc_hunique = malloc(hunique_len, M_DEVBUF, 631 M_DONTWAIT); 632 if (sc->sc_hunique == NULL) 633 goto done; 634 sc->sc_hunique_len = hunique_len; 635 memcpy(sc->sc_hunique, hunique, hunique_len); 636 } 637 memcpy(&sc->sc_dest, eh->ether_shost, sizeof sc->sc_dest); 638 sc->sc_state = PPPOE_STATE_PADO_SENT; 639 pppoe_send_pado(sc); 640 break; 641#endif /* PPPOE_SERVER */ 642 case PPPOE_CODE_PADR: 643#ifdef PPPOE_SERVER 644 /* 645 * get sc from ac_cookie if IFF_PASSIVE 646 */ 647 if (ac_cookie == NULL) { 648 /* be quiet if there is not a single pppoe instance */ 649 printf("pppoe: received PADR but not includes ac_cookie\n"); 650 goto done; 651 } 652 sc = pppoe_find_softc_by_hunique(ac_cookie, 653 ac_cookie_len, 654 m_get_rcvif_NOMPSAFE(m)); 655 if (sc == NULL) { 656 /* be quiet if there is not a single pppoe instance */ 657 if (!LIST_EMPTY(&pppoe_softc_list)) 658 printf("pppoe: received PADR but could not find request for it\n"); 659 goto done; 660 } 661 if (sc->sc_state != PPPOE_STATE_PADO_SENT) { 662 printf("%s: received unexpected PADR\n", 663 sc->sc_sppp.pp_if.if_xname); 664 goto done; 665 } 666 if (hunique) { 667 if (sc->sc_hunique) 668 free(sc->sc_hunique, M_DEVBUF); 669 sc->sc_hunique = malloc(hunique_len, M_DEVBUF, 670 M_DONTWAIT); 671 if (sc->sc_hunique == NULL) 672 goto done; 673 sc->sc_hunique_len = hunique_len; 674 memcpy(sc->sc_hunique, hunique, hunique_len); 675 } 676 pppoe_send_pads(sc); 677 sc->sc_state = PPPOE_STATE_SESSION; 678 sc->sc_sppp.pp_up(&sc->sc_sppp); 679 break; 680#else 681 /* ignore, we are no access concentrator */ 682 goto done; 683#endif /* PPPOE_SERVER */ 684 case PPPOE_CODE_PADO: 685 if (sc == NULL) { 686 /* be quiet if there is not a single pppoe instance */ 687 if (!LIST_EMPTY(&pppoe_softc_list)) 688 printf("pppoe: received PADO but could not find request for it\n"); 689 goto done; 690 } 691 if (sc->sc_state != PPPOE_STATE_PADI_SENT) { 692 printf("%s: received unexpected PADO\n", 693 sc->sc_sppp.pp_if.if_xname); 694 goto done; 695 } 696 if (ac_cookie) { 697 if (sc->sc_ac_cookie) 698 free(sc->sc_ac_cookie, M_DEVBUF); 699 sc->sc_ac_cookie = malloc(ac_cookie_len, M_DEVBUF, 700 M_DONTWAIT); 701 if (sc->sc_ac_cookie == NULL) { 702 printf("%s: FATAL: could not allocate memory " 703 "for AC cookie\n", 704 sc->sc_sppp.pp_if.if_xname); 705 goto done; 706 } 707 sc->sc_ac_cookie_len = ac_cookie_len; 708 memcpy(sc->sc_ac_cookie, ac_cookie, ac_cookie_len); 709 } 710 if (relay_sid) { 711 if (sc->sc_relay_sid) 712 free(sc->sc_relay_sid, M_DEVBUF); 713 sc->sc_relay_sid = malloc(relay_sid_len, M_DEVBUF, 714 M_DONTWAIT); 715 if (sc->sc_relay_sid == NULL) { 716 printf("%s: FATAL: could not allocate memory " 717 "for relay SID\n", 718 sc->sc_sppp.pp_if.if_xname); 719 goto done; 720 } 721 sc->sc_relay_sid_len = relay_sid_len; 722 memcpy(sc->sc_relay_sid, relay_sid, relay_sid_len); 723 } 724 memcpy(&sc->sc_dest, eh->ether_shost, sizeof sc->sc_dest); 725 callout_stop(&sc->sc_timeout); 726 sc->sc_padr_retried = 0; 727 sc->sc_state = PPPOE_STATE_PADR_SENT; 728 if ((err = pppoe_send_padr(sc)) != 0) { 729 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 730 printf("%s: failed to send PADR, " 731 "error=%d\n", sc->sc_sppp.pp_if.if_xname, 732 err); 733 } 734 callout_reset(&sc->sc_timeout, 735 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried), 736 pppoe_timeout, sc); 737 break; 738 case PPPOE_CODE_PADS: 739 if (sc == NULL) 740 goto done; 741 sc->sc_session = session; 742 callout_stop(&sc->sc_timeout); 743 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 744 printf("%s: session 0x%x connected\n", 745 sc->sc_sppp.pp_if.if_xname, session); 746 sc->sc_state = PPPOE_STATE_SESSION; 747 sc->sc_sppp.pp_up(&sc->sc_sppp); /* notify upper layers */ 748 break; 749 case PPPOE_CODE_PADT: { 750 struct ifnet *rcvif; 751 int s; 752 753 rcvif = m_get_rcvif(m, &s); 754 sc = pppoe_find_softc_by_session(session, rcvif); 755 m_put_rcvif(rcvif, &s); 756 if (sc == NULL) 757 goto done; 758 pppoe_clear_softc(sc, "received PADT"); 759 break; 760 } 761 default: 762 printf("%s: unknown code (0x%04x) session = 0x%04x\n", 763 sc? sc->sc_sppp.pp_if.if_xname : "pppoe", 764 ph->code, session); 765 break; 766 } 767 768done: 769 if (m) 770 m_freem(m); 771 return; 772} 773 774static void 775pppoe_disc_input(struct mbuf *m) 776{ 777 778 /* avoid error messages if there is not a single pppoe instance */ 779 if (!LIST_EMPTY(&pppoe_softc_list)) { 780 KASSERT(m->m_flags & M_PKTHDR); 781 pppoe_dispatch_disc_pkt(m, 0); 782 } else 783 m_freem(m); 784} 785 786static void 787pppoe_data_input(struct mbuf *m) 788{ 789 uint16_t session, plen; 790 struct pppoe_softc *sc; 791 struct pppoehdr *ph; 792 struct ifnet *rcvif; 793 struct psref psref; 794#ifdef PPPOE_TERM_UNKNOWN_SESSIONS 795 uint8_t shost[ETHER_ADDR_LEN]; 796#endif 797 798 KASSERT(m->m_flags & M_PKTHDR); 799 800#ifdef PPPOE_TERM_UNKNOWN_SESSIONS 801 memcpy(shost, mtod(m, struct ether_header*)->ether_shost, ETHER_ADDR_LEN); 802#endif 803 m_adj(m, sizeof(struct ether_header)); 804 if (m->m_pkthdr.len <= PPPOE_HEADERLEN) { 805 printf("pppoe (data): dropping too short packet: %d bytes\n", 806 m->m_pkthdr.len); 807 goto drop; 808 } 809 810 if (m->m_len < sizeof(*ph)) { 811 m = m_pullup(m, sizeof(*ph)); 812 if (!m) { 813 printf("pppoe: could not get PPPoE header\n"); 814 return; 815 } 816 } 817 ph = mtod(m, struct pppoehdr *); 818 819 if (ph->vertype != PPPOE_VERTYPE) { 820 printf("pppoe (data): unknown version/type packet: 0x%x\n", 821 ph->vertype); 822 goto drop; 823 } 824 if (ph->code != 0) 825 goto drop; 826 827 session = ntohs(ph->session); 828 rcvif = m_get_rcvif_psref(m, &psref); 829 if (__predict_false(rcvif == NULL)) 830 goto drop; 831 sc = pppoe_find_softc_by_session(session, rcvif); 832 if (sc == NULL) { 833#ifdef PPPOE_TERM_UNKNOWN_SESSIONS 834 printf("pppoe: input for unknown session 0x%x, sending PADT\n", 835 session); 836 pppoe_send_padt(rcvif, session, shost); 837#endif 838 m_put_rcvif_psref(rcvif, &psref); 839 goto drop; 840 } 841 m_put_rcvif_psref(rcvif, &psref); 842 843 plen = ntohs(ph->plen); 844 845 bpf_mtap(&sc->sc_sppp.pp_if, m); 846 847 m_adj(m, PPPOE_HEADERLEN); 848 849#ifdef PPPOE_DEBUG 850 { 851 struct mbuf *p; 852 853 printf("%s: pkthdr.len=%d, pppoe.len=%d", 854 sc->sc_sppp.pp_if.if_xname, 855 m->m_pkthdr.len, plen); 856 p = m; 857 while (p) { 858 printf(" l=%d", p->m_len); 859 p = p->m_next; 860 } 861 printf("\n"); 862 } 863#endif 864 865 if (m->m_pkthdr.len < plen) 866 goto drop; 867 868 /* fix incoming interface pointer (not the raw ethernet interface anymore) */ 869 m_set_rcvif(m, &sc->sc_sppp.pp_if); 870 871 /* pass packet up and account for it */ 872 sc->sc_sppp.pp_if.if_ipackets++; 873 sppp_input(&sc->sc_sppp.pp_if, m); 874 return; 875 876drop: 877 m_freem(m); 878} 879 880static int 881pppoe_output(struct pppoe_softc *sc, struct mbuf *m) 882{ 883 struct sockaddr dst; 884 struct ether_header *eh; 885 uint16_t etype; 886 887 if (sc->sc_eth_if == NULL) { 888 m_freem(m); 889 return EIO; 890 } 891 892 memset(&dst, 0, sizeof dst); 893 dst.sa_family = AF_UNSPEC; 894 eh = (struct ether_header*)&dst.sa_data; 895 etype = sc->sc_state == PPPOE_STATE_SESSION ? ETHERTYPE_PPPOE : ETHERTYPE_PPPOEDISC; 896 eh->ether_type = htons(etype); 897 memcpy(&eh->ether_dhost, &sc->sc_dest, sizeof sc->sc_dest); 898 899#ifdef PPPOE_DEBUG 900 printf("%s (%x) state=%d, session=0x%x output -> %s, len=%d\n", 901 sc->sc_sppp.pp_if.if_xname, etype, 902 sc->sc_state, sc->sc_session, 903 ether_sprintf((const unsigned char *)&sc->sc_dest), m->m_pkthdr.len); 904#endif 905 906 m->m_flags &= ~(M_BCAST|M_MCAST); 907 sc->sc_sppp.pp_if.if_opackets++; 908 return if_output_lock(sc->sc_eth_if, sc->sc_eth_if, m, &dst, NULL); 909} 910 911static int 912pppoe_ioctl(struct ifnet *ifp, unsigned long cmd, void *data) 913{ 914 struct lwp *l = curlwp; /* XXX */ 915 struct pppoe_softc *sc = (struct pppoe_softc*)ifp; 916 struct ifreq *ifr = data; 917 int error = 0; 918 919 switch (cmd) { 920 case PPPOESETPARMS: 921 { 922 struct pppoediscparms *parms = (struct pppoediscparms*)data; 923 if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE, 924 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, 925 NULL) != 0) 926 return (EPERM); 927 if (parms->eth_ifname[0] != 0) { 928 struct ifnet *eth_if; 929 930 eth_if = ifunit(parms->eth_ifname); 931 if (eth_if == NULL || eth_if->if_dlt != DLT_EN10MB) { 932 sc->sc_eth_if = NULL; 933 return ENXIO; 934 } 935 936 if (sc->sc_sppp.pp_if.if_mtu != 937 eth_if->if_mtu - PPPOE_OVERHEAD) { 938 sc->sc_sppp.pp_if.if_mtu = eth_if->if_mtu - 939 PPPOE_OVERHEAD; 940 } 941 sc->sc_eth_if = eth_if; 942 } 943 if (parms->ac_name != NULL) { 944 size_t s; 945 char *b = malloc(parms->ac_name_len + 1, M_DEVBUF, 946 M_WAITOK); 947 if (b == NULL) 948 return ENOMEM; 949 error = copyinstr(parms->ac_name, b, 950 parms->ac_name_len+1, &s); 951 if (error != 0) { 952 free(b, M_DEVBUF); 953 return error; 954 } 955 if (s != parms->ac_name_len+1) { 956 free(b, M_DEVBUF); 957 return EINVAL; 958 } 959 if (sc->sc_concentrator_name) 960 free(sc->sc_concentrator_name, M_DEVBUF); 961 sc->sc_concentrator_name = b; 962 } 963 if (parms->service_name != NULL) { 964 size_t s; 965 char *b = malloc(parms->service_name_len + 1, M_DEVBUF, 966 M_WAITOK); 967 if (b == NULL) 968 return ENOMEM; 969 error = copyinstr(parms->service_name, b, 970 parms->service_name_len+1, &s); 971 if (error != 0) { 972 free(b, M_DEVBUF); 973 return error; 974 } 975 if (s != parms->service_name_len+1) { 976 free(b, M_DEVBUF); 977 return EINVAL; 978 } 979 if (sc->sc_service_name) 980 free(sc->sc_service_name, M_DEVBUF); 981 sc->sc_service_name = b; 982 } 983 return 0; 984 } 985 break; 986 case PPPOEGETPARMS: 987 { 988 struct pppoediscparms *parms = (struct pppoediscparms*)data; 989 memset(parms, 0, sizeof *parms); 990 if (sc->sc_eth_if) 991 strlcpy(parms->ifname, sc->sc_eth_if->if_xname, 992 sizeof(parms->ifname)); 993 return 0; 994 } 995 break; 996 case PPPOEGETSESSION: 997 { 998 struct pppoeconnectionstate *state = (struct pppoeconnectionstate*)data; 999 state->state = sc->sc_state; 1000 state->session_id = sc->sc_session; 1001 state->padi_retry_no = sc->sc_padi_retried; 1002 state->padr_retry_no = sc->sc_padr_retried; 1003 return 0; 1004 } 1005 break; 1006 case SIOCSIFFLAGS: 1007 /* 1008 * Prevent running re-establishment timers overriding 1009 * administrators choice. 1010 */ 1011 if ((ifr->ifr_flags & IFF_UP) == 0 1012 && sc->sc_state >= PPPOE_STATE_PADI_SENT 1013 && sc->sc_state < PPPOE_STATE_SESSION) { 1014 callout_stop(&sc->sc_timeout); 1015 sc->sc_state = PPPOE_STATE_INITIAL; 1016 sc->sc_padi_retried = 0; 1017 sc->sc_padr_retried = 0; 1018 memcpy(&sc->sc_dest, etherbroadcastaddr, 1019 sizeof(sc->sc_dest)); 1020 } 1021 return sppp_ioctl(ifp, cmd, data); 1022 case SIOCSIFMTU: 1023 if (ifr->ifr_mtu > (sc->sc_eth_if == NULL ? 1024 PPPOE_MAXMTU : (sc->sc_eth_if->if_mtu - PPPOE_OVERHEAD))) { 1025 return EINVAL; 1026 } 1027 /*FALLTHROUGH*/ 1028 default: 1029 return sppp_ioctl(ifp, cmd, data); 1030 } 1031 return 0; 1032} 1033 1034/* 1035 * Allocate a mbuf/cluster with space to store the given data length 1036 * of payload, leaving space for prepending an ethernet header 1037 * in front. 1038 */ 1039static struct mbuf * 1040pppoe_get_mbuf(size_t len) 1041{ 1042 struct mbuf *m; 1043 1044 MGETHDR(m, M_DONTWAIT, MT_DATA); 1045 if (m == NULL) 1046 return NULL; 1047 if (len + sizeof(struct ether_header) > MHLEN) { 1048 MCLGET(m, M_DONTWAIT); 1049 if ((m->m_flags & M_EXT) == 0) { 1050 m_free(m); 1051 return NULL; 1052 } 1053 } 1054 m->m_data += sizeof(struct ether_header); 1055 m->m_len = len; 1056 m->m_pkthdr.len = len; 1057 m_reset_rcvif(m); 1058 1059 return m; 1060} 1061 1062static int 1063pppoe_send_padi(struct pppoe_softc *sc) 1064{ 1065 struct mbuf *m0; 1066 int len, l1 = 0, l2 = 0; /* XXX: gcc */ 1067 uint8_t *p; 1068 1069 if (sc->sc_state >PPPOE_STATE_PADI_SENT) 1070 panic("pppoe_send_padi in state %d", sc->sc_state); 1071 1072 /* calculate length of frame (excluding ethernet header + pppoe header) */ 1073 len = 2 + 2 + 2 + 2 + sizeof sc; /* service name tag is required, host unique is send too */ 1074 if (sc->sc_service_name != NULL) { 1075 l1 = strlen(sc->sc_service_name); 1076 len += l1; 1077 } 1078 if (sc->sc_concentrator_name != NULL) { 1079 l2 = strlen(sc->sc_concentrator_name); 1080 len += 2 + 2 + l2; 1081 } 1082 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MAXMTU) { 1083 len += 2 + 2 + 2; 1084 } 1085 1086 /* allocate a buffer */ 1087 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); /* header len + payload len */ 1088 if (!m0) 1089 return ENOBUFS; 1090 1091 /* fill in pkt */ 1092 p = mtod(m0, uint8_t *); 1093 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADI, 0, len); 1094 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1095 if (sc->sc_service_name != NULL) { 1096 PPPOE_ADD_16(p, l1); 1097 memcpy(p, sc->sc_service_name, l1); 1098 p += l1; 1099 } else { 1100 PPPOE_ADD_16(p, 0); 1101 } 1102 if (sc->sc_concentrator_name != NULL) { 1103 PPPOE_ADD_16(p, PPPOE_TAG_ACNAME); 1104 PPPOE_ADD_16(p, l2); 1105 memcpy(p, sc->sc_concentrator_name, l2); 1106 p += l2; 1107 } 1108 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1109 PPPOE_ADD_16(p, sizeof(sc)); 1110 memcpy(p, &sc, sizeof sc); 1111 p += sizeof(sc); 1112 1113 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MAXMTU) { 1114 PPPOE_ADD_16(p, PPPOE_TAG_MAX_PAYLOAD); 1115 PPPOE_ADD_16(p, 2); 1116 PPPOE_ADD_16(p, (uint16_t)sc->sc_sppp.pp_if.if_mtu); 1117 } 1118 1119#ifdef PPPOE_DEBUG 1120 p += sizeof sc; 1121 if (p - mtod(m0, uint8_t *) != len + PPPOE_HEADERLEN) 1122 panic("pppoe_send_padi: garbled output len, should be %ld, is %ld", 1123 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, uint8_t *))); 1124#endif 1125 1126 /* send pkt */ 1127 return pppoe_output(sc, m0); 1128} 1129 1130static void 1131pppoe_timeout(void *arg) 1132{ 1133 int x, retry_wait, err; 1134 struct pppoe_softc *sc = (struct pppoe_softc*)arg; 1135 1136#ifdef PPPOE_DEBUG 1137 printf("%s: timeout\n", sc->sc_sppp.pp_if.if_xname); 1138#endif 1139 1140 switch (sc->sc_state) { 1141 case PPPOE_STATE_INITIAL: 1142 /* delayed connect from pppoe_tls() */ 1143 pppoe_connect(sc); 1144 break; 1145 case PPPOE_STATE_PADI_SENT: 1146 /* 1147 * We have two basic ways of retrying: 1148 * - Quick retry mode: try a few times in short sequence 1149 * - Slow retry mode: we already had a connection successfully 1150 * established and will try infinitely (without user 1151 * intervention) 1152 * We only enter slow retry mode if IFF_LINK1 (aka autodial) 1153 * is not set. 1154 */ 1155 1156 /* initialize for quick retry mode */ 1157 retry_wait = PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried); 1158 1159 x = splnet(); 1160 sc->sc_padi_retried++; 1161 if (sc->sc_padi_retried >= PPPOE_DISC_MAXPADI) { 1162 if ((sc->sc_sppp.pp_if.if_flags & IFF_LINK1) == 0) { 1163 /* slow retry mode */ 1164 retry_wait = PPPOE_SLOW_RETRY; 1165 } else { 1166 pppoe_abort_connect(sc); 1167 splx(x); 1168 return; 1169 } 1170 } 1171 if ((err = pppoe_send_padi(sc)) != 0) { 1172 sc->sc_padi_retried--; 1173 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1174 printf("%s: failed to transmit PADI, " 1175 "error=%d\n", 1176 sc->sc_sppp.pp_if.if_xname, err); 1177 } 1178 callout_reset(&sc->sc_timeout, retry_wait, 1179 pppoe_timeout, sc); 1180 splx(x); 1181 break; 1182 1183 case PPPOE_STATE_PADR_SENT: 1184 x = splnet(); 1185 sc->sc_padr_retried++; 1186 if (sc->sc_padr_retried >= PPPOE_DISC_MAXPADR) { 1187 memcpy(&sc->sc_dest, etherbroadcastaddr, 1188 sizeof(sc->sc_dest)); 1189 sc->sc_state = PPPOE_STATE_PADI_SENT; 1190 sc->sc_padr_retried = 0; 1191 if ((err = pppoe_send_padi(sc)) != 0) { 1192 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1193 printf("%s: failed to send PADI" 1194 ", error=%d\n", 1195 sc->sc_sppp.pp_if.if_xname, 1196 err); 1197 } 1198 callout_reset(&sc->sc_timeout, 1199 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried), 1200 pppoe_timeout, sc); 1201 splx(x); 1202 return; 1203 } 1204 if ((err = pppoe_send_padr(sc)) != 0) { 1205 sc->sc_padr_retried--; 1206 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1207 printf("%s: failed to send PADR, " 1208 "error=%d\n", sc->sc_sppp.pp_if.if_xname, 1209 err); 1210 } 1211 callout_reset(&sc->sc_timeout, 1212 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried), 1213 pppoe_timeout, sc); 1214 splx(x); 1215 break; 1216 case PPPOE_STATE_CLOSING: 1217 pppoe_disconnect(sc); 1218 break; 1219 default: 1220 return; /* all done, work in peace */ 1221 } 1222} 1223 1224/* Start a connection (i.e. initiate discovery phase) */ 1225static int 1226pppoe_connect(struct pppoe_softc *sc) 1227{ 1228 int x, err; 1229 1230 if (sc->sc_state != PPPOE_STATE_INITIAL) 1231 return EBUSY; 1232 1233#ifdef PPPOE_SERVER 1234 /* wait PADI if IFF_PASSIVE */ 1235 if ((sc->sc_sppp.pp_if.if_flags & IFF_PASSIVE)) 1236 return 0; 1237#endif 1238 x = splnet(); 1239 /* save state, in case we fail to send PADI */ 1240 sc->sc_state = PPPOE_STATE_PADI_SENT; 1241 sc->sc_padr_retried = 0; 1242 err = pppoe_send_padi(sc); 1243 if (err != 0 && sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1244 printf("%s: failed to send PADI, error=%d\n", 1245 sc->sc_sppp.pp_if.if_xname, err); 1246 callout_reset(&sc->sc_timeout, PPPOE_DISC_TIMEOUT, pppoe_timeout, sc); 1247 splx(x); 1248 return err; 1249} 1250 1251/* disconnect */ 1252static int 1253pppoe_disconnect(struct pppoe_softc *sc) 1254{ 1255 int err, x; 1256 1257 x = splnet(); 1258 1259 if (sc->sc_state < PPPOE_STATE_SESSION) 1260 err = EBUSY; 1261 else { 1262 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1263 printf("%s: disconnecting\n", 1264 sc->sc_sppp.pp_if.if_xname); 1265 err = pppoe_send_padt(sc->sc_eth_if, sc->sc_session, (const uint8_t *)&sc->sc_dest); 1266 } 1267 1268 /* cleanup softc */ 1269 sc->sc_state = PPPOE_STATE_INITIAL; 1270 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1271 if (sc->sc_ac_cookie) { 1272 free(sc->sc_ac_cookie, M_DEVBUF); 1273 sc->sc_ac_cookie = NULL; 1274 } 1275 sc->sc_ac_cookie_len = 0; 1276 if (sc->sc_relay_sid) { 1277 free(sc->sc_relay_sid, M_DEVBUF); 1278 sc->sc_relay_sid = NULL; 1279 } 1280 sc->sc_relay_sid_len = 0; 1281#ifdef PPPOE_SERVER 1282 if (sc->sc_hunique) { 1283 free(sc->sc_hunique, M_DEVBUF); 1284 sc->sc_hunique = NULL; 1285 } 1286 sc->sc_hunique_len = 0; 1287#endif 1288 sc->sc_session = 0; 1289 1290 /* notify upper layer */ 1291 sc->sc_sppp.pp_down(&sc->sc_sppp); 1292 1293 splx(x); 1294 1295 return err; 1296} 1297 1298/* Connection attempt aborted */ 1299static void 1300pppoe_abort_connect(struct pppoe_softc *sc) 1301{ 1302 printf("%s: could not establish connection\n", 1303 sc->sc_sppp.pp_if.if_xname); 1304 sc->sc_state = PPPOE_STATE_CLOSING; 1305 1306 /* notify upper layer */ 1307 sc->sc_sppp.pp_down(&sc->sc_sppp); 1308 1309 /* clear connection state */ 1310 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1311 sc->sc_state = PPPOE_STATE_INITIAL; 1312} 1313 1314/* Send a PADR packet */ 1315static int 1316pppoe_send_padr(struct pppoe_softc *sc) 1317{ 1318 struct mbuf *m0; 1319 uint8_t *p; 1320 size_t len, l1 = 0; /* XXX: gcc */ 1321 1322 if (sc->sc_state != PPPOE_STATE_PADR_SENT) 1323 return EIO; 1324 1325 len = 2 + 2 + 2 + 2 + sizeof(sc); /* service name, host unique */ 1326 if (sc->sc_service_name != NULL) { /* service name tag maybe empty */ 1327 l1 = strlen(sc->sc_service_name); 1328 len += l1; 1329 } 1330 if (sc->sc_ac_cookie_len > 0) 1331 len += 2 + 2 + sc->sc_ac_cookie_len; /* AC cookie */ 1332 if (sc->sc_relay_sid_len > 0) 1333 len += 2 + 2 + sc->sc_relay_sid_len; /* Relay SID */ 1334 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MAXMTU) { 1335 len += 2 + 2 + 2; 1336 } 1337 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); 1338 if (!m0) 1339 return ENOBUFS; 1340 p = mtod(m0, uint8_t *); 1341 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADR, 0, len); 1342 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1343 if (sc->sc_service_name != NULL) { 1344 PPPOE_ADD_16(p, l1); 1345 memcpy(p, sc->sc_service_name, l1); 1346 p += l1; 1347 } else { 1348 PPPOE_ADD_16(p, 0); 1349 } 1350 if (sc->sc_ac_cookie_len > 0) { 1351 PPPOE_ADD_16(p, PPPOE_TAG_ACCOOKIE); 1352 PPPOE_ADD_16(p, sc->sc_ac_cookie_len); 1353 memcpy(p, sc->sc_ac_cookie, sc->sc_ac_cookie_len); 1354 p += sc->sc_ac_cookie_len; 1355 } 1356 if (sc->sc_relay_sid_len > 0) { 1357 PPPOE_ADD_16(p, PPPOE_TAG_RELAYSID); 1358 PPPOE_ADD_16(p, sc->sc_relay_sid_len); 1359 memcpy(p, sc->sc_relay_sid, sc->sc_relay_sid_len); 1360 p += sc->sc_relay_sid_len; 1361 } 1362 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1363 PPPOE_ADD_16(p, sizeof(sc)); 1364 memcpy(p, &sc, sizeof sc); 1365 p += sizeof(sc); 1366 1367 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MAXMTU) { 1368 PPPOE_ADD_16(p, PPPOE_TAG_MAX_PAYLOAD); 1369 PPPOE_ADD_16(p, 2); 1370 PPPOE_ADD_16(p, (uint16_t)sc->sc_sppp.pp_if.if_mtu); 1371 } 1372 1373#ifdef PPPOE_DEBUG 1374 p += sizeof sc; 1375 if (p - mtod(m0, uint8_t *) != len + PPPOE_HEADERLEN) 1376 panic("pppoe_send_padr: garbled output len, should be %ld, is %ld", 1377 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, uint8_t *))); 1378#endif 1379 1380 return pppoe_output(sc, m0); 1381} 1382 1383/* send a PADT packet */ 1384static int 1385pppoe_send_padt(struct ifnet *outgoing_if, u_int session, const uint8_t *dest) 1386{ 1387 struct ether_header *eh; 1388 struct sockaddr dst; 1389 struct mbuf *m0; 1390 uint8_t *p; 1391 1392 m0 = pppoe_get_mbuf(PPPOE_HEADERLEN); 1393 if (!m0) 1394 return EIO; 1395 p = mtod(m0, uint8_t *); 1396 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADT, session, 0); 1397 1398 memset(&dst, 0, sizeof dst); 1399 dst.sa_family = AF_UNSPEC; 1400 eh = (struct ether_header*)&dst.sa_data; 1401 eh->ether_type = htons(ETHERTYPE_PPPOEDISC); 1402 memcpy(&eh->ether_dhost, dest, ETHER_ADDR_LEN); 1403 1404 m0->m_flags &= ~(M_BCAST|M_MCAST); 1405 return if_output_lock(outgoing_if, outgoing_if, m0, &dst, NULL); 1406} 1407 1408#ifdef PPPOE_SERVER 1409static int 1410pppoe_send_pado(struct pppoe_softc *sc) 1411{ 1412 struct mbuf *m0; 1413 uint8_t *p; 1414 size_t len; 1415 1416 if (sc->sc_state != PPPOE_STATE_PADO_SENT) 1417 return EIO; 1418 1419 /* calc length */ 1420 len = 0; 1421 /* include ac_cookie */ 1422 len += 2 + 2 + sizeof(sc); 1423 /* include hunique */ 1424 len += 2 + 2 + sc->sc_hunique_len; 1425 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); 1426 if (!m0) 1427 return EIO; 1428 p = mtod(m0, uint8_t *); 1429 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADO, 0, len); 1430 PPPOE_ADD_16(p, PPPOE_TAG_ACCOOKIE); 1431 PPPOE_ADD_16(p, sizeof(sc)); 1432 memcpy(p, &sc, sizeof(sc)); 1433 p += sizeof(sc); 1434 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1435 PPPOE_ADD_16(p, sc->sc_hunique_len); 1436 memcpy(p, sc->sc_hunique, sc->sc_hunique_len); 1437 return pppoe_output(sc, m0); 1438} 1439 1440static int 1441pppoe_send_pads(struct pppoe_softc *sc) 1442{ 1443 struct bintime bt; 1444 struct mbuf *m0; 1445 uint8_t *p; 1446 size_t len, l1 = 0; /* XXX: gcc */ 1447 1448 if (sc->sc_state != PPPOE_STATE_PADO_SENT) 1449 return EIO; 1450 1451 getbinuptime(&bt); 1452 sc->sc_session = bt.sec % 0xff + 1; 1453 /* calc length */ 1454 len = 0; 1455 /* include hunique */ 1456 len += 2 + 2 + 2 + 2 + sc->sc_hunique_len; /* service name, host unique*/ 1457 if (sc->sc_service_name != NULL) { /* service name tag maybe empty */ 1458 l1 = strlen(sc->sc_service_name); 1459 len += l1; 1460 } 1461 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); 1462 if (!m0) 1463 return ENOBUFS; 1464 p = mtod(m0, uint8_t *); 1465 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADS, sc->sc_session, len); 1466 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1467 if (sc->sc_service_name != NULL) { 1468 PPPOE_ADD_16(p, l1); 1469 memcpy(p, sc->sc_service_name, l1); 1470 p += l1; 1471 } else { 1472 PPPOE_ADD_16(p, 0); 1473 } 1474 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1475 PPPOE_ADD_16(p, sc->sc_hunique_len); 1476 memcpy(p, sc->sc_hunique, sc->sc_hunique_len); 1477 return pppoe_output(sc, m0); 1478} 1479#endif 1480 1481static void 1482pppoe_tls(struct sppp *sp) 1483{ 1484 struct pppoe_softc *sc = (void *)sp; 1485 int wtime; 1486 1487 if (sc->sc_state != PPPOE_STATE_INITIAL) 1488 return; 1489 1490 if (sc->sc_sppp.pp_phase == SPPP_PHASE_ESTABLISH && 1491 sc->sc_sppp.pp_auth_failures > 0) { 1492 /* 1493 * Delay trying to reconnect a bit more - the peer 1494 * might have failed to contact its radius server. 1495 */ 1496 wtime = PPPOE_RECON_FAST * sc->sc_sppp.pp_auth_failures; 1497 if (wtime > PPPOE_SLOW_RETRY) 1498 wtime = PPPOE_SLOW_RETRY; 1499 } else { 1500 wtime = PPPOE_RECON_IMMEDIATE; 1501 } 1502 callout_reset(&sc->sc_timeout, wtime, pppoe_timeout, sc); 1503} 1504 1505static void 1506pppoe_tlf(struct sppp *sp) 1507{ 1508 struct pppoe_softc *sc = (void *)sp; 1509 if (sc->sc_state < PPPOE_STATE_SESSION) 1510 return; 1511 /* 1512 * Do not call pppoe_disconnect here, the upper layer state 1513 * machine gets confused by this. We must return from this 1514 * function and defer disconnecting to the timeout handler. 1515 */ 1516 sc->sc_state = PPPOE_STATE_CLOSING; 1517 callout_reset(&sc->sc_timeout, hz/50, pppoe_timeout, sc); 1518} 1519 1520static void 1521pppoe_start(struct ifnet *ifp) 1522{ 1523 struct pppoe_softc *sc = (void *)ifp; 1524 struct mbuf *m; 1525 uint8_t *p; 1526 size_t len; 1527 1528 if (sppp_isempty(ifp)) 1529 return; 1530 1531 /* are we ready to process data yet? */ 1532 if (sc->sc_state < PPPOE_STATE_SESSION) { 1533 sppp_flush(&sc->sc_sppp.pp_if); 1534 return; 1535 } 1536 1537 while ((m = sppp_dequeue(ifp)) != NULL) { 1538 len = m->m_pkthdr.len; 1539 M_PREPEND(m, PPPOE_HEADERLEN, M_DONTWAIT); 1540 if (m == NULL) { 1541 ifp->if_oerrors++; 1542 continue; 1543 } 1544 p = mtod(m, uint8_t *); 1545 PPPOE_ADD_HEADER(p, 0, sc->sc_session, len); 1546 1547 bpf_mtap(&sc->sc_sppp.pp_if, m); 1548 1549 pppoe_output(sc, m); 1550 } 1551} 1552 1553 1554static int 1555pppoe_ifattach_hook(void *arg, struct mbuf **mp, struct ifnet *ifp, int dir) 1556{ 1557 struct pppoe_softc *sc; 1558 int s; 1559 1560 if (mp != (struct mbuf **)PFIL_IFNET_DETACH) 1561 return 0; 1562 1563 s = splnet(); 1564 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) { 1565 if (sc->sc_eth_if != ifp) 1566 continue; 1567 if (sc->sc_sppp.pp_if.if_flags & IFF_UP) { 1568 sc->sc_sppp.pp_if.if_flags &= ~(IFF_UP|IFF_RUNNING); 1569 printf("%s: ethernet interface detached, going down\n", 1570 sc->sc_sppp.pp_if.if_xname); 1571 } 1572 sc->sc_eth_if = NULL; 1573 pppoe_clear_softc(sc, "ethernet interface detached"); 1574 } 1575 splx(s); 1576 1577 return 0; 1578} 1579 1580static void 1581pppoe_clear_softc(struct pppoe_softc *sc, const char *message) 1582{ 1583 /* stop timer */ 1584 callout_stop(&sc->sc_timeout); 1585 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1586 printf("%s: session 0x%x terminated, %s\n", 1587 sc->sc_sppp.pp_if.if_xname, sc->sc_session, message); 1588 1589 /* fix our state */ 1590 sc->sc_state = PPPOE_STATE_INITIAL; 1591 1592 /* signal upper layer */ 1593 sc->sc_sppp.pp_down(&sc->sc_sppp); 1594 1595 /* clean up softc */ 1596 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1597 if (sc->sc_ac_cookie) { 1598 free(sc->sc_ac_cookie, M_DEVBUF); 1599 sc->sc_ac_cookie = NULL; 1600 } 1601 if (sc->sc_relay_sid) { 1602 free(sc->sc_relay_sid, M_DEVBUF); 1603 sc->sc_relay_sid = NULL; 1604 } 1605 sc->sc_ac_cookie_len = 0; 1606 sc->sc_session = 0; 1607} 1608 1609static void 1610pppoe_enqueue(struct ifqueue *inq, struct mbuf *m) 1611{ 1612 if (m->m_flags & M_PROMISC) { 1613 m_free(m); 1614 return; 1615 } 1616 1617#ifndef PPPOE_SERVER 1618 if (m->m_flags & (M_MCAST | M_BCAST)) { 1619 m_free(m); 1620 return; 1621 } 1622#endif 1623 1624 if (IF_QFULL(inq)) { 1625 IF_DROP(inq); 1626 m_freem(m); 1627 } else { 1628 IF_ENQUEUE(inq, m); 1629 softint_schedule(pppoe_softintr); 1630 } 1631 return; 1632} 1633 1634void 1635pppoe_input(struct ifnet *ifp, struct mbuf *m) 1636{ 1637 pppoe_enqueue(&ppoeinq, m); 1638 return; 1639} 1640 1641void 1642pppoedisc_input(struct ifnet *ifp, struct mbuf *m) 1643{ 1644 pppoe_enqueue(&ppoediscinq, m); 1645 return; 1646} 1647 1648/* 1649 * Module glue 1650 */ 1651MODULE(MODULE_CLASS_DRIVER, if_pppoe, "sppp_subr"); 1652 1653#ifdef _MODULE 1654CFDRIVER_DECL(pppoe, DV_IFNET, NULL); 1655#endif 1656 1657static int 1658if_pppoe_modcmd(modcmd_t cmd, void *arg) 1659{ 1660 int error = 0; 1661 1662 switch (cmd) { 1663 case MODULE_CMD_INIT: 1664#ifdef _MODULE 1665 error = config_cfdriver_attach(&pppoe_cd); 1666 if (error) { 1667 aprint_error("%s: unable to register cfdriver for" 1668 "%s, error %d\n", __func__, pppoe_cd.cd_name, 1669 error); 1670 break; 1671 } 1672#endif 1673 /* Init the cloner etc. */ 1674 pppoeinit(); 1675 break; 1676 1677 case MODULE_CMD_FINI: 1678 /* 1679 * Make sure it's ok to detach - no units left, and 1680 * line discipline is removed 1681 */ 1682 if (!LIST_EMPTY(&pppoe_softc_list)) { 1683 error = EBUSY; 1684 break; 1685 } 1686 if ((error = pppoedetach()) != 0) 1687 break; 1688#ifdef _MODULE 1689 /* Remove device from autoconf database */ 1690 if ((error = config_cfdriver_detach(&pppoe_cd)) != 0) { 1691 aprint_error("%s: failed to detach %s cfdriver, error " 1692 "%d\n", __func__, pppoe_cd.cd_name, error); 1693 break; 1694 } 1695#endif 1696 break; 1697 case MODULE_CMD_STAT: 1698 case MODULE_CMD_AUTOUNLOAD: 1699 default: 1700 error = ENOTTY; 1701 } 1702 return error; 1703} 1704 1705