if_pppoe.c revision 1.98
1/* $NetBSD: if_pppoe.c,v 1.98 2011/09/05 12:19:09 rjs Exp $ */ 2 3/*- 4 * Copyright (c) 2002, 2008 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Martin Husemann <martin@NetBSD.org>. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32#include <sys/cdefs.h> 33__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.98 2011/09/05 12:19:09 rjs Exp $"); 34 35#include "pppoe.h" 36#include "opt_pfil_hooks.h" 37#include "opt_pppoe.h" 38 39#include <sys/param.h> 40#include <sys/systm.h> 41#include <sys/kernel.h> 42#include <sys/callout.h> 43#include <sys/malloc.h> 44#include <sys/mbuf.h> 45#include <sys/socket.h> 46#include <sys/proc.h> 47#include <sys/ioctl.h> 48#include <sys/kauth.h> 49#include <sys/intr.h> 50#include <sys/socketvar.h> 51 52#include <net/if.h> 53#include <net/if_types.h> 54#include <net/if_ether.h> 55#include <net/if_sppp.h> 56#include <net/if_spppvar.h> 57#include <net/if_pppoe.h> 58 59#include <net/bpf.h> 60 61 62#undef PPPOE_DEBUG /* XXX - remove this or make it an option */ 63/* #define PPPOE_DEBUG 1 */ 64 65struct pppoehdr { 66 uint8_t vertype; 67 uint8_t code; 68 uint16_t session; 69 uint16_t plen; 70} __packed; 71 72struct pppoetag { 73 uint16_t tag; 74 uint16_t len; 75} __packed; 76 77#define PPPOE_HEADERLEN sizeof(struct pppoehdr) 78#define PPPOE_OVERHEAD (PPPOE_HEADERLEN + 2) 79#define PPPOE_VERTYPE 0x11 /* VER=1, TYPE = 1 */ 80 81#define PPPOE_TAG_EOL 0x0000 /* end of list */ 82#define PPPOE_TAG_SNAME 0x0101 /* service name */ 83#define PPPOE_TAG_ACNAME 0x0102 /* access concentrator name */ 84#define PPPOE_TAG_HUNIQUE 0x0103 /* host unique */ 85#define PPPOE_TAG_ACCOOKIE 0x0104 /* AC cookie */ 86#define PPPOE_TAG_VENDOR 0x0105 /* vendor specific */ 87#define PPPOE_TAG_RELAYSID 0x0110 /* relay session id */ 88#define PPPOE_TAG_MAX_PAYLOAD 0x0120 /* max payload */ 89#define PPPOE_TAG_SNAME_ERR 0x0201 /* service name error */ 90#define PPPOE_TAG_ACSYS_ERR 0x0202 /* AC system error */ 91#define PPPOE_TAG_GENERIC_ERR 0x0203 /* generic error */ 92 93#define PPPOE_CODE_PADI 0x09 /* Active Discovery Initiation */ 94#define PPPOE_CODE_PADO 0x07 /* Active Discovery Offer */ 95#define PPPOE_CODE_PADR 0x19 /* Active Discovery Request */ 96#define PPPOE_CODE_PADS 0x65 /* Active Discovery Session confirmation */ 97#define PPPOE_CODE_PADT 0xA7 /* Active Discovery Terminate */ 98 99/* two byte PPP protocol discriminator, then IP data */ 100#define PPPOE_MAXMTU (ETHERMTU - PPPOE_OVERHEAD) 101 102/* Add a 16 bit unsigned value to a buffer pointed to by PTR */ 103#define PPPOE_ADD_16(PTR, VAL) \ 104 *(PTR)++ = (VAL) / 256; \ 105 *(PTR)++ = (VAL) % 256 106 107/* Add a complete PPPoE header to the buffer pointed to by PTR */ 108#define PPPOE_ADD_HEADER(PTR, CODE, SESS, LEN) \ 109 *(PTR)++ = PPPOE_VERTYPE; \ 110 *(PTR)++ = (CODE); \ 111 PPPOE_ADD_16(PTR, SESS); \ 112 PPPOE_ADD_16(PTR, LEN) 113 114#define PPPOE_DISC_TIMEOUT (hz*5) /* base for quick timeout calculation */ 115#define PPPOE_SLOW_RETRY (hz*60) /* persistent retry interval */ 116#define PPPOE_RECON_FAST (hz*15) /* first retry after auth failure */ 117#define PPPOE_RECON_IMMEDIATE (hz/10) /* "no delay" reconnect */ 118#define PPPOE_DISC_MAXPADI 4 /* retry PADI four times (quickly) */ 119#define PPPOE_DISC_MAXPADR 2 /* retry PADR twice */ 120 121#ifdef PPPOE_SERVER 122/* from if_spppsubr.c */ 123#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 124#endif 125 126struct pppoe_softc { 127 struct sppp sc_sppp; /* contains a struct ifnet as first element */ 128 LIST_ENTRY(pppoe_softc) sc_list; 129 struct ifnet *sc_eth_if; /* ethernet interface we are using */ 130 131 int sc_state; /* discovery phase or session connected */ 132 struct ether_addr sc_dest; /* hardware address of concentrator */ 133 uint16_t sc_session; /* PPPoE session id */ 134 135 char *sc_service_name; /* if != NULL: requested name of service */ 136 char *sc_concentrator_name; /* if != NULL: requested concentrator id */ 137 uint8_t *sc_ac_cookie; /* content of AC cookie we must echo back */ 138 size_t sc_ac_cookie_len; /* length of cookie data */ 139 uint8_t *sc_relay_sid; /* content of relay SID we must echo back */ 140 size_t sc_relay_sid_len; /* length of relay SID data */ 141#ifdef PPPOE_SERVER 142 uint8_t *sc_hunique; /* content of host unique we must echo back */ 143 size_t sc_hunique_len; /* length of host unique */ 144#endif 145 callout_t sc_timeout; /* timeout while not in session state */ 146 int sc_padi_retried; /* number of PADI retries already done */ 147 int sc_padr_retried; /* number of PADR retries already done */ 148}; 149 150/* incoming traffic will be queued here */ 151struct ifqueue ppoediscinq = { .ifq_maxlen = IFQ_MAXLEN }; 152struct ifqueue ppoeinq = { .ifq_maxlen = IFQ_MAXLEN }; 153 154void *pppoe_softintr = NULL; 155static void pppoe_softintr_handler(void *); 156 157extern int sppp_ioctl(struct ifnet *, unsigned long, void *); 158 159/* input routines */ 160static void pppoe_input(void); 161static void pppoe_disc_input(struct mbuf *); 162static void pppoe_dispatch_disc_pkt(struct mbuf *, int); 163static void pppoe_data_input(struct mbuf *); 164 165/* management routines */ 166void pppoeattach(int); 167static int pppoe_connect(struct pppoe_softc *); 168static int pppoe_disconnect(struct pppoe_softc *); 169static void pppoe_abort_connect(struct pppoe_softc *); 170static int pppoe_ioctl(struct ifnet *, unsigned long, void *); 171static void pppoe_tls(struct sppp *); 172static void pppoe_tlf(struct sppp *); 173static void pppoe_start(struct ifnet *); 174static void pppoe_clear_softc(struct pppoe_softc *, const char *); 175 176/* internal timeout handling */ 177static void pppoe_timeout(void *); 178 179/* sending actual protocol controll packets */ 180static int pppoe_send_padi(struct pppoe_softc *); 181static int pppoe_send_padr(struct pppoe_softc *); 182#ifdef PPPOE_SERVER 183static int pppoe_send_pado(struct pppoe_softc *); 184static int pppoe_send_pads(struct pppoe_softc *); 185#endif 186static int pppoe_send_padt(struct ifnet *, u_int, const uint8_t *); 187 188/* raw output */ 189static int pppoe_output(struct pppoe_softc *, struct mbuf *); 190 191/* internal helper functions */ 192static struct pppoe_softc * pppoe_find_softc_by_session(u_int, struct ifnet *); 193static struct pppoe_softc * pppoe_find_softc_by_hunique(uint8_t *, size_t, struct ifnet *); 194static struct mbuf *pppoe_get_mbuf(size_t len); 195 196#ifdef PFIL_HOOKS 197static int pppoe_ifattach_hook(void *, struct mbuf **, struct ifnet *, int); 198#endif 199 200static LIST_HEAD(pppoe_softc_head, pppoe_softc) pppoe_softc_list; 201 202static int pppoe_clone_create(struct if_clone *, int); 203static int pppoe_clone_destroy(struct ifnet *); 204 205static struct if_clone pppoe_cloner = 206 IF_CLONE_INITIALIZER("pppoe", pppoe_clone_create, pppoe_clone_destroy); 207 208/* ARGSUSED */ 209void 210pppoeattach(int count) 211{ 212 LIST_INIT(&pppoe_softc_list); 213 if_clone_attach(&pppoe_cloner); 214 215 pppoe_softintr = softint_establish(SOFTINT_NET, pppoe_softintr_handler, NULL); 216} 217 218static int 219pppoe_clone_create(struct if_clone *ifc, int unit) 220{ 221 struct pppoe_softc *sc; 222 223 sc = malloc(sizeof(struct pppoe_softc), M_DEVBUF, M_WAITOK|M_ZERO); 224 225 if_initname(&sc->sc_sppp.pp_if, "pppoe", unit); 226 sc->sc_sppp.pp_if.if_softc = sc; 227 sc->sc_sppp.pp_if.if_mtu = PPPOE_MAXMTU; 228 sc->sc_sppp.pp_if.if_flags = IFF_SIMPLEX|IFF_POINTOPOINT|IFF_MULTICAST; 229 sc->sc_sppp.pp_if.if_type = IFT_PPP; 230 sc->sc_sppp.pp_if.if_hdrlen = sizeof(struct ether_header) + PPPOE_HEADERLEN; 231 sc->sc_sppp.pp_if.if_dlt = DLT_PPP_ETHER; 232 sc->sc_sppp.pp_flags |= PP_KEEPALIVE | /* use LCP keepalive */ 233 PP_NOFRAMING; /* no serial encapsulation */ 234 sc->sc_sppp.pp_if.if_ioctl = pppoe_ioctl; 235 IFQ_SET_MAXLEN(&sc->sc_sppp.pp_if.if_snd, IFQ_MAXLEN); 236 IFQ_SET_READY(&sc->sc_sppp.pp_if.if_snd); 237 238 /* changed to real address later */ 239 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 240 241 callout_init(&sc->sc_timeout, 0); 242 243 sc->sc_sppp.pp_if.if_start = pppoe_start; 244 sc->sc_sppp.pp_tls = pppoe_tls; 245 sc->sc_sppp.pp_tlf = pppoe_tlf; 246 sc->sc_sppp.pp_framebytes = PPPOE_HEADERLEN; /* framing added to ppp packets */ 247 248 if_attach(&sc->sc_sppp.pp_if); 249 sppp_attach(&sc->sc_sppp.pp_if); 250 251 bpf_attach(&sc->sc_sppp.pp_if, DLT_PPP_ETHER, 0); 252#ifdef PFIL_HOOKS 253 if (LIST_EMPTY(&pppoe_softc_list)) 254 pfil_add_hook(pppoe_ifattach_hook, NULL, 255 PFIL_IFNET|PFIL_WAITOK, &if_pfil); 256#endif 257 LIST_INSERT_HEAD(&pppoe_softc_list, sc, sc_list); 258 return 0; 259} 260 261static int 262pppoe_clone_destroy(struct ifnet *ifp) 263{ 264 struct pppoe_softc * sc = ifp->if_softc; 265 266 callout_stop(&sc->sc_timeout); 267 LIST_REMOVE(sc, sc_list); 268#ifdef PFIL_HOOKS 269 if (LIST_EMPTY(&pppoe_softc_list)) 270 pfil_remove_hook(pppoe_ifattach_hook, NULL, 271 PFIL_IFNET|PFIL_WAITOK, &if_pfil); 272#endif 273 bpf_detach(ifp); 274 sppp_detach(&sc->sc_sppp.pp_if); 275 if_detach(ifp); 276 if (sc->sc_concentrator_name) 277 free(sc->sc_concentrator_name, M_DEVBUF); 278 if (sc->sc_service_name) 279 free(sc->sc_service_name, M_DEVBUF); 280 if (sc->sc_ac_cookie) 281 free(sc->sc_ac_cookie, M_DEVBUF); 282 if (sc->sc_relay_sid) 283 free(sc->sc_relay_sid, M_DEVBUF); 284 callout_destroy(&sc->sc_timeout); 285 free(sc, M_DEVBUF); 286 287 return (0); 288} 289 290/* 291 * Find the interface handling the specified session. 292 * Note: O(number of sessions open), this is a client-side only, mean 293 * and lean implementation, so number of open sessions typically should 294 * be 1. 295 */ 296static struct pppoe_softc * 297pppoe_find_softc_by_session(u_int session, struct ifnet *rcvif) 298{ 299 struct pppoe_softc *sc; 300 301 if (session == 0) 302 return NULL; 303 304 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) { 305 if (sc->sc_state == PPPOE_STATE_SESSION 306 && sc->sc_session == session 307 && sc->sc_eth_if == rcvif) 308 return sc; 309 } 310 return NULL; 311} 312 313/* Check host unique token passed and return appropriate softc pointer, 314 * or NULL if token is bogus. */ 315static struct pppoe_softc * 316pppoe_find_softc_by_hunique(uint8_t *token, size_t len, struct ifnet *rcvif) 317{ 318 struct pppoe_softc *sc, *t; 319 320 if (LIST_EMPTY(&pppoe_softc_list)) 321 return NULL; 322 323 if (len != sizeof sc) 324 return NULL; 325 memcpy(&t, token, len); 326 327 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) 328 if (sc == t) break; 329 330 if (sc == NULL) { 331#ifdef PPPOE_DEBUG 332 printf("pppoe: alien host unique tag, no session found\n"); 333#endif 334 return NULL; 335 } 336 337 /* should be safe to access *sc now */ 338 if (sc->sc_state < PPPOE_STATE_PADI_SENT || sc->sc_state >= PPPOE_STATE_SESSION) { 339 printf("%s: host unique tag found, but it belongs to a connection in state %d\n", 340 sc->sc_sppp.pp_if.if_xname, sc->sc_state); 341 return NULL; 342 } 343 if (sc->sc_eth_if != rcvif) { 344 printf("%s: wrong interface, not accepting host unique\n", 345 sc->sc_sppp.pp_if.if_xname); 346 return NULL; 347 } 348 return sc; 349} 350 351static void 352pppoe_softintr_handler(void *dummy) 353{ 354 /* called at splsoftnet() */ 355 mutex_enter(softnet_lock); 356 pppoe_input(); 357 mutex_exit(softnet_lock); 358} 359 360/* called at appropriate protection level */ 361static void 362pppoe_input(void) 363{ 364 struct mbuf *m; 365 int s, disc_done, data_done; 366 367 do { 368 disc_done = 0; 369 data_done = 0; 370 for (;;) { 371 s = splnet(); 372 IF_DEQUEUE(&ppoediscinq, m); 373 splx(s); 374 if (m == NULL) break; 375 disc_done = 1; 376 pppoe_disc_input(m); 377 } 378 379 for (;;) { 380 s = splnet(); 381 IF_DEQUEUE(&ppoeinq, m); 382 splx(s); 383 if (m == NULL) break; 384 data_done = 1; 385 pppoe_data_input(m); 386 } 387 } while (disc_done || data_done); 388} 389 390/* analyze and handle a single received packet while not in session state */ 391static void 392pppoe_dispatch_disc_pkt(struct mbuf *m, int off) 393{ 394 uint16_t tag, len; 395 uint16_t session, plen; 396 struct pppoe_softc *sc; 397 const char *err_msg, *devname; 398 char *error; 399 uint8_t *ac_cookie; 400 size_t ac_cookie_len; 401 uint8_t *relay_sid; 402 size_t relay_sid_len; 403#ifdef PPPOE_SERVER 404 uint8_t *hunique; 405 size_t hunique_len; 406#endif 407 struct pppoehdr *ph; 408 struct pppoetag *pt; 409 struct mbuf *n; 410 int noff, err, errortag; 411 struct ether_header *eh; 412 413 devname = "pppoe"; /* as long as we don't know which instance */ 414 err_msg = NULL; 415 errortag = 0; 416 if (m->m_len < sizeof(*eh)) { 417 m = m_pullup(m, sizeof(*eh)); 418 if (!m) 419 goto done; 420 } 421 eh = mtod(m, struct ether_header *); 422 off += sizeof(*eh); 423 424 ac_cookie = NULL; 425 ac_cookie_len = 0; 426 relay_sid = NULL; 427 relay_sid_len = 0; 428#ifdef PPPOE_SERVER 429 hunique = NULL; 430 hunique_len = 0; 431#endif 432 session = 0; 433 if (m->m_pkthdr.len - off <= PPPOE_HEADERLEN) { 434 printf("pppoe: packet too short: %d\n", m->m_pkthdr.len); 435 goto done; 436 } 437 438 n = m_pulldown(m, off, sizeof(*ph), &noff); 439 if (!n) { 440 printf("pppoe: could not get PPPoE header\n"); 441 m = NULL; 442 goto done; 443 } 444 ph = (struct pppoehdr *)(mtod(n, char *) + noff); 445 if (ph->vertype != PPPOE_VERTYPE) { 446 printf("pppoe: unknown version/type packet: 0x%x\n", 447 ph->vertype); 448 goto done; 449 } 450 session = ntohs(ph->session); 451 plen = ntohs(ph->plen); 452 off += sizeof(*ph); 453 454 if (plen + off > m->m_pkthdr.len) { 455 printf("pppoe: packet content does not fit: data available = %d, packet size = %u\n", 456 m->m_pkthdr.len - off, plen); 457 goto done; 458 } 459 m_adj(m, off + plen - m->m_pkthdr.len); /* ignore trailing garbage */ 460 tag = 0; 461 len = 0; 462 sc = NULL; 463 while (off + sizeof(*pt) <= m->m_pkthdr.len) { 464 n = m_pulldown(m, off, sizeof(*pt), &noff); 465 if (!n) { 466 printf("%s: parse error\n", devname); 467 m = NULL; 468 goto done; 469 } 470 pt = (struct pppoetag *)(mtod(n, char *) + noff); 471 tag = ntohs(pt->tag); 472 len = ntohs(pt->len); 473 if (off + len + sizeof(*pt) > m->m_pkthdr.len) { 474 printf("pppoe: tag 0x%x len 0x%x is too long\n", 475 tag, len); 476 goto done; 477 } 478 switch (tag) { 479 case PPPOE_TAG_EOL: 480 goto breakbreak; 481 case PPPOE_TAG_SNAME: 482 break; /* ignored */ 483 case PPPOE_TAG_ACNAME: 484 error = NULL; 485 if (sc != NULL && len > 0) { 486 error = malloc(len+1, M_TEMP, M_NOWAIT); 487 if (error) { 488 n = m_pulldown(m, off + sizeof(*pt), 489 len, &noff); 490 if (n) { 491 strncpy(error, 492 mtod(n, char*) + noff, 493 len); 494 error[len] = '\0'; 495 } 496 printf("%s: connected to %s\n", 497 devname, error); 498 free(error, M_TEMP); 499 } 500 } 501 break; /* ignored */ 502 case PPPOE_TAG_HUNIQUE: 503 if (sc != NULL) 504 break; 505 n = m_pulldown(m, off + sizeof(*pt), len, &noff); 506 if (!n) { 507 m = NULL; 508 err_msg = "TAG HUNIQUE ERROR"; 509 break; 510 } 511#ifdef PPPOE_SERVER 512 hunique = mtod(n, uint8_t *) + noff; 513 hunique_len = len; 514#endif 515 sc = pppoe_find_softc_by_hunique(mtod(n, char *) + noff, 516 len, m->m_pkthdr.rcvif); 517 if (sc != NULL) 518 devname = sc->sc_sppp.pp_if.if_xname; 519 break; 520 case PPPOE_TAG_ACCOOKIE: 521 if (ac_cookie == NULL) { 522 n = m_pulldown(m, off + sizeof(*pt), len, 523 &noff); 524 if (!n) { 525 err_msg = "TAG ACCOOKIE ERROR"; 526 m = NULL; 527 break; 528 } 529 ac_cookie = mtod(n, char *) + noff; 530 ac_cookie_len = len; 531 } 532 break; 533 case PPPOE_TAG_RELAYSID: 534 if (relay_sid == NULL) { 535 n = m_pulldown(m, off + sizeof(*pt), len, 536 &noff); 537 if (!n) { 538 err_msg = "TAG RELAYSID ERROR"; 539 m = NULL; 540 break; 541 } 542 relay_sid = mtod(n, char *) + noff; 543 relay_sid_len = len; 544 } 545 break; 546 case PPPOE_TAG_SNAME_ERR: 547 err_msg = "SERVICE NAME ERROR"; 548 errortag = 1; 549 break; 550 case PPPOE_TAG_ACSYS_ERR: 551 err_msg = "AC SYSTEM ERROR"; 552 errortag = 1; 553 break; 554 case PPPOE_TAG_GENERIC_ERR: 555 err_msg = "GENERIC ERROR"; 556 errortag = 1; 557 break; 558 } 559 if (err_msg) { 560 error = NULL; 561 if (errortag && len) { 562 error = malloc(len+1, M_TEMP, M_NOWAIT); 563 n = m_pulldown(m, off + sizeof(*pt), len, 564 &noff); 565 if (n && error) { 566 strncpy(error, 567 mtod(n, char *) + noff, len); 568 error[len] = '\0'; 569 } 570 } 571 if (error) { 572 printf("%s: %s: %s\n", devname, 573 err_msg, error); 574 free(error, M_TEMP); 575 } else 576 printf("%s: %s\n", devname, err_msg); 577 if (errortag || m == NULL) 578 goto done; 579 } 580 off += sizeof(*pt) + len; 581 } 582breakbreak:; 583 switch (ph->code) { 584 case PPPOE_CODE_PADI: 585#ifdef PPPOE_SERVER 586 /* 587 * got service name, concentrator name, and/or host unique. 588 * ignore if we have no interfaces with IFF_PASSIVE|IFF_UP. 589 */ 590 if (LIST_EMPTY(&pppoe_softc_list)) 591 goto done; 592 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) { 593 if (!(sc->sc_sppp.pp_if.if_flags & IFF_UP)) 594 continue; 595 if (!(sc->sc_sppp.pp_if.if_flags & IFF_PASSIVE)) 596 continue; 597 if (sc->sc_state == PPPOE_STATE_INITIAL) 598 break; 599 } 600 if (sc == NULL) { 601/* printf("pppoe: free passive interface is not found\n");*/ 602 goto done; 603 } 604 if (hunique) { 605 if (sc->sc_hunique) 606 free(sc->sc_hunique, M_DEVBUF); 607 sc->sc_hunique = malloc(hunique_len, M_DEVBUF, 608 M_DONTWAIT); 609 if (sc->sc_hunique == NULL) 610 goto done; 611 sc->sc_hunique_len = hunique_len; 612 memcpy(sc->sc_hunique, hunique, hunique_len); 613 } 614 memcpy(&sc->sc_dest, eh->ether_shost, sizeof sc->sc_dest); 615 sc->sc_state = PPPOE_STATE_PADO_SENT; 616 pppoe_send_pado(sc); 617 break; 618#endif /* PPPOE_SERVER */ 619 case PPPOE_CODE_PADR: 620#ifdef PPPOE_SERVER 621 /* 622 * get sc from ac_cookie if IFF_PASSIVE 623 */ 624 if (ac_cookie == NULL) { 625 /* be quiet if there is not a single pppoe instance */ 626 printf("pppoe: received PADR but not includes ac_cookie\n"); 627 goto done; 628 } 629 sc = pppoe_find_softc_by_hunique(ac_cookie, 630 ac_cookie_len, 631 m->m_pkthdr.rcvif); 632 if (sc == NULL) { 633 /* be quiet if there is not a single pppoe instance */ 634 if (!LIST_EMPTY(&pppoe_softc_list)) 635 printf("pppoe: received PADR but could not find request for it\n"); 636 goto done; 637 } 638 if (sc->sc_state != PPPOE_STATE_PADO_SENT) { 639 printf("%s: received unexpected PADR\n", 640 sc->sc_sppp.pp_if.if_xname); 641 goto done; 642 } 643 if (hunique) { 644 if (sc->sc_hunique) 645 free(sc->sc_hunique, M_DEVBUF); 646 sc->sc_hunique = malloc(hunique_len, M_DEVBUF, 647 M_DONTWAIT); 648 if (sc->sc_hunique == NULL) 649 goto done; 650 sc->sc_hunique_len = hunique_len; 651 memcpy(sc->sc_hunique, hunique, hunique_len); 652 } 653 pppoe_send_pads(sc); 654 sc->sc_state = PPPOE_STATE_SESSION; 655 sc->sc_sppp.pp_up(&sc->sc_sppp); 656 break; 657#else 658 /* ignore, we are no access concentrator */ 659 goto done; 660#endif /* PPPOE_SERVER */ 661 case PPPOE_CODE_PADO: 662 if (sc == NULL) { 663 /* be quiet if there is not a single pppoe instance */ 664 if (!LIST_EMPTY(&pppoe_softc_list)) 665 printf("pppoe: received PADO but could not find request for it\n"); 666 goto done; 667 } 668 if (sc->sc_state != PPPOE_STATE_PADI_SENT) { 669 printf("%s: received unexpected PADO\n", 670 sc->sc_sppp.pp_if.if_xname); 671 goto done; 672 } 673 if (ac_cookie) { 674 if (sc->sc_ac_cookie) 675 free(sc->sc_ac_cookie, M_DEVBUF); 676 sc->sc_ac_cookie = malloc(ac_cookie_len, M_DEVBUF, 677 M_DONTWAIT); 678 if (sc->sc_ac_cookie == NULL) { 679 printf("%s: FATAL: could not allocate memory " 680 "for AC cookie\n", 681 sc->sc_sppp.pp_if.if_xname); 682 goto done; 683 } 684 sc->sc_ac_cookie_len = ac_cookie_len; 685 memcpy(sc->sc_ac_cookie, ac_cookie, ac_cookie_len); 686 } 687 if (relay_sid) { 688 if (sc->sc_relay_sid) 689 free(sc->sc_relay_sid, M_DEVBUF); 690 sc->sc_relay_sid = malloc(relay_sid_len, M_DEVBUF, 691 M_DONTWAIT); 692 if (sc->sc_relay_sid == NULL) { 693 printf("%s: FATAL: could not allocate memory " 694 "for relay SID\n", 695 sc->sc_sppp.pp_if.if_xname); 696 goto done; 697 } 698 sc->sc_relay_sid_len = relay_sid_len; 699 memcpy(sc->sc_relay_sid, relay_sid, relay_sid_len); 700 } 701 memcpy(&sc->sc_dest, eh->ether_shost, sizeof sc->sc_dest); 702 callout_stop(&sc->sc_timeout); 703 sc->sc_padr_retried = 0; 704 sc->sc_state = PPPOE_STATE_PADR_SENT; 705 if ((err = pppoe_send_padr(sc)) != 0) { 706 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 707 printf("%s: failed to send PADR, " 708 "error=%d\n", sc->sc_sppp.pp_if.if_xname, 709 err); 710 } 711 callout_reset(&sc->sc_timeout, 712 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried), 713 pppoe_timeout, sc); 714 break; 715 case PPPOE_CODE_PADS: 716 if (sc == NULL) 717 goto done; 718 sc->sc_session = session; 719 callout_stop(&sc->sc_timeout); 720 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 721 printf("%s: session 0x%x connected\n", 722 sc->sc_sppp.pp_if.if_xname, session); 723 sc->sc_state = PPPOE_STATE_SESSION; 724 sc->sc_sppp.pp_up(&sc->sc_sppp); /* notify upper layers */ 725 break; 726 case PPPOE_CODE_PADT: 727 if (sc == NULL) 728 goto done; 729 pppoe_clear_softc(sc, "received PADT"); 730 break; 731 default: 732 printf("%s: unknown code (0x%04x) session = 0x%04x\n", 733 sc? sc->sc_sppp.pp_if.if_xname : "pppoe", 734 ph->code, session); 735 break; 736 } 737 738done: 739 if (m) 740 m_freem(m); 741 return; 742} 743 744static void 745pppoe_disc_input(struct mbuf *m) 746{ 747 748 /* avoid error messages if there is not a single pppoe instance */ 749 if (!LIST_EMPTY(&pppoe_softc_list)) { 750 KASSERT(m->m_flags & M_PKTHDR); 751 pppoe_dispatch_disc_pkt(m, 0); 752 } else 753 m_freem(m); 754} 755 756static void 757pppoe_data_input(struct mbuf *m) 758{ 759 uint16_t session, plen; 760 struct pppoe_softc *sc; 761 struct pppoehdr *ph; 762#ifdef PPPOE_TERM_UNKNOWN_SESSIONS 763 uint8_t shost[ETHER_ADDR_LEN]; 764#endif 765 766 KASSERT(m->m_flags & M_PKTHDR); 767 768#ifdef PPPOE_TERM_UNKNOWN_SESSIONS 769 memcpy(shost, mtod(m, struct ether_header*)->ether_shost, ETHER_ADDR_LEN); 770#endif 771 m_adj(m, sizeof(struct ether_header)); 772 if (m->m_pkthdr.len <= PPPOE_HEADERLEN) { 773 printf("pppoe (data): dropping too short packet: %d bytes\n", 774 m->m_pkthdr.len); 775 goto drop; 776 } 777 778 if (m->m_len < sizeof(*ph)) { 779 m = m_pullup(m, sizeof(*ph)); 780 if (!m) { 781 printf("pppoe: could not get PPPoE header\n"); 782 return; 783 } 784 } 785 ph = mtod(m, struct pppoehdr *); 786 787 if (ph->vertype != PPPOE_VERTYPE) { 788 printf("pppoe (data): unknown version/type packet: 0x%x\n", 789 ph->vertype); 790 goto drop; 791 } 792 if (ph->code != 0) 793 goto drop; 794 795 session = ntohs(ph->session); 796 sc = pppoe_find_softc_by_session(session, m->m_pkthdr.rcvif); 797 if (sc == NULL) { 798#ifdef PPPOE_TERM_UNKNOWN_SESSIONS 799 printf("pppoe: input for unknown session 0x%x, sending PADT\n", 800 session); 801 pppoe_send_padt(m->m_pkthdr.rcvif, session, shost); 802#endif 803 goto drop; 804 } 805 806 plen = ntohs(ph->plen); 807 808 bpf_mtap(&sc->sc_sppp.pp_if, m); 809 810 m_adj(m, PPPOE_HEADERLEN); 811 812#ifdef PPPOE_DEBUG 813 { 814 struct mbuf *p; 815 816 printf("%s: pkthdr.len=%d, pppoe.len=%d", 817 sc->sc_sppp.pp_if.if_xname, 818 m->m_pkthdr.len, plen); 819 p = m; 820 while (p) { 821 printf(" l=%d", p->m_len); 822 p = p->m_next; 823 } 824 printf("\n"); 825 } 826#endif 827 828 if (m->m_pkthdr.len < plen) 829 goto drop; 830 831 /* fix incoming interface pointer (not the raw ethernet interface anymore) */ 832 m->m_pkthdr.rcvif = &sc->sc_sppp.pp_if; 833 834 /* pass packet up and account for it */ 835 sc->sc_sppp.pp_if.if_ipackets++; 836 sppp_input(&sc->sc_sppp.pp_if, m); 837 return; 838 839drop: 840 m_freem(m); 841} 842 843static int 844pppoe_output(struct pppoe_softc *sc, struct mbuf *m) 845{ 846 struct sockaddr dst; 847 struct ether_header *eh; 848 uint16_t etype; 849 850 if (sc->sc_eth_if == NULL) { 851 m_freem(m); 852 return EIO; 853 } 854 855 memset(&dst, 0, sizeof dst); 856 dst.sa_family = AF_UNSPEC; 857 eh = (struct ether_header*)&dst.sa_data; 858 etype = sc->sc_state == PPPOE_STATE_SESSION ? ETHERTYPE_PPPOE : ETHERTYPE_PPPOEDISC; 859 eh->ether_type = htons(etype); 860 memcpy(&eh->ether_dhost, &sc->sc_dest, sizeof sc->sc_dest); 861 862#ifdef PPPOE_DEBUG 863 printf("%s (%x) state=%d, session=0x%x output -> %s, len=%d\n", 864 sc->sc_sppp.pp_if.if_xname, etype, 865 sc->sc_state, sc->sc_session, 866 ether_sprintf((const unsigned char *)&sc->sc_dest), m->m_pkthdr.len); 867#endif 868 869 m->m_flags &= ~(M_BCAST|M_MCAST); 870 sc->sc_sppp.pp_if.if_opackets++; 871 return sc->sc_eth_if->if_output(sc->sc_eth_if, m, &dst, NULL); 872} 873 874static int 875pppoe_ioctl(struct ifnet *ifp, unsigned long cmd, void *data) 876{ 877 struct lwp *l = curlwp; /* XXX */ 878 struct pppoe_softc *sc = (struct pppoe_softc*)ifp; 879 struct ifreq *ifr = data; 880 int error = 0; 881 882 switch (cmd) { 883 case PPPOESETPARMS: 884 { 885 struct pppoediscparms *parms = (struct pppoediscparms*)data; 886 if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE, 887 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, 888 NULL) != 0) 889 return (EPERM); 890 if (parms->eth_ifname[0] != 0) { 891 struct ifnet *eth_if; 892 893 eth_if = ifunit(parms->eth_ifname); 894 if (eth_if == NULL || eth_if->if_dlt != DLT_EN10MB) { 895 sc->sc_eth_if = NULL; 896 return ENXIO; 897 } 898 899 if (sc->sc_sppp.pp_if.if_mtu != 900 eth_if->if_mtu - PPPOE_OVERHEAD) { 901 sc->sc_sppp.pp_if.if_mtu = eth_if->if_mtu - 902 PPPOE_OVERHEAD; 903 } 904 sc->sc_eth_if = eth_if; 905 } 906 if (parms->ac_name != NULL) { 907 size_t s; 908 char *b = malloc(parms->ac_name_len + 1, M_DEVBUF, 909 M_WAITOK); 910 if (b == NULL) 911 return ENOMEM; 912 error = copyinstr(parms->ac_name, b, 913 parms->ac_name_len+1, &s); 914 if (error != 0) { 915 free(b, M_DEVBUF); 916 return error; 917 } 918 if (s != parms->ac_name_len+1) { 919 free(b, M_DEVBUF); 920 return EINVAL; 921 } 922 if (sc->sc_concentrator_name) 923 free(sc->sc_concentrator_name, M_DEVBUF); 924 sc->sc_concentrator_name = b; 925 } 926 if (parms->service_name != NULL) { 927 size_t s; 928 char *b = malloc(parms->service_name_len + 1, M_DEVBUF, 929 M_WAITOK); 930 if (b == NULL) 931 return ENOMEM; 932 error = copyinstr(parms->service_name, b, 933 parms->service_name_len+1, &s); 934 if (error != 0) { 935 free(b, M_DEVBUF); 936 return error; 937 } 938 if (s != parms->service_name_len+1) { 939 free(b, M_DEVBUF); 940 return EINVAL; 941 } 942 if (sc->sc_service_name) 943 free(sc->sc_service_name, M_DEVBUF); 944 sc->sc_service_name = b; 945 } 946 return 0; 947 } 948 break; 949 case PPPOEGETPARMS: 950 { 951 struct pppoediscparms *parms = (struct pppoediscparms*)data; 952 memset(parms, 0, sizeof *parms); 953 if (sc->sc_eth_if) 954 strncpy(parms->ifname, sc->sc_eth_if->if_xname, IFNAMSIZ); 955 return 0; 956 } 957 break; 958 case PPPOEGETSESSION: 959 { 960 struct pppoeconnectionstate *state = (struct pppoeconnectionstate*)data; 961 state->state = sc->sc_state; 962 state->session_id = sc->sc_session; 963 state->padi_retry_no = sc->sc_padi_retried; 964 state->padr_retry_no = sc->sc_padr_retried; 965 return 0; 966 } 967 break; 968 case SIOCSIFFLAGS: 969 /* 970 * Prevent running re-establishment timers overriding 971 * administrators choice. 972 */ 973 if ((ifr->ifr_flags & IFF_UP) == 0 974 && sc->sc_state >= PPPOE_STATE_PADI_SENT 975 && sc->sc_state < PPPOE_STATE_SESSION) { 976 callout_stop(&sc->sc_timeout); 977 sc->sc_state = PPPOE_STATE_INITIAL; 978 sc->sc_padi_retried = 0; 979 sc->sc_padr_retried = 0; 980 memcpy(&sc->sc_dest, etherbroadcastaddr, 981 sizeof(sc->sc_dest)); 982 } 983 return sppp_ioctl(ifp, cmd, data); 984 case SIOCSIFMTU: 985 if (ifr->ifr_mtu > (sc->sc_eth_if == NULL ? 986 PPPOE_MAXMTU : (sc->sc_eth_if->if_mtu - PPPOE_OVERHEAD))) { 987 return EINVAL; 988 } 989 /*FALLTHROUGH*/ 990 default: 991 return sppp_ioctl(ifp, cmd, data); 992 } 993 return 0; 994} 995 996/* 997 * Allocate a mbuf/cluster with space to store the given data length 998 * of payload, leaving space for prepending an ethernet header 999 * in front. 1000 */ 1001static struct mbuf * 1002pppoe_get_mbuf(size_t len) 1003{ 1004 struct mbuf *m; 1005 1006 MGETHDR(m, M_DONTWAIT, MT_DATA); 1007 if (m == NULL) 1008 return NULL; 1009 if (len + sizeof(struct ether_header) > MHLEN) { 1010 MCLGET(m, M_DONTWAIT); 1011 if ((m->m_flags & M_EXT) == 0) { 1012 struct mbuf *n; 1013 MFREE(m, n); 1014 return 0; 1015 } 1016 } 1017 m->m_data += sizeof(struct ether_header); 1018 m->m_len = len; 1019 m->m_pkthdr.len = len; 1020 m->m_pkthdr.rcvif = NULL; 1021 1022 return m; 1023} 1024 1025static int 1026pppoe_send_padi(struct pppoe_softc *sc) 1027{ 1028 struct mbuf *m0; 1029 int len, l1 = 0, l2 = 0; /* XXX: gcc */ 1030 uint8_t *p; 1031 1032 if (sc->sc_state >PPPOE_STATE_PADI_SENT) 1033 panic("pppoe_send_padi in state %d", sc->sc_state); 1034 1035 /* calculate length of frame (excluding ethernet header + pppoe header) */ 1036 len = 2 + 2 + 2 + 2 + sizeof sc; /* service name tag is required, host unique is send too */ 1037 if (sc->sc_service_name != NULL) { 1038 l1 = strlen(sc->sc_service_name); 1039 len += l1; 1040 } 1041 if (sc->sc_concentrator_name != NULL) { 1042 l2 = strlen(sc->sc_concentrator_name); 1043 len += 2 + 2 + l2; 1044 } 1045 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MAXMTU) { 1046 len += 2 + 2 + 2; 1047 } 1048 1049 /* allocate a buffer */ 1050 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); /* header len + payload len */ 1051 if (!m0) 1052 return ENOBUFS; 1053 1054 /* fill in pkt */ 1055 p = mtod(m0, uint8_t *); 1056 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADI, 0, len); 1057 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1058 if (sc->sc_service_name != NULL) { 1059 PPPOE_ADD_16(p, l1); 1060 memcpy(p, sc->sc_service_name, l1); 1061 p += l1; 1062 } else { 1063 PPPOE_ADD_16(p, 0); 1064 } 1065 if (sc->sc_concentrator_name != NULL) { 1066 PPPOE_ADD_16(p, PPPOE_TAG_ACNAME); 1067 PPPOE_ADD_16(p, l2); 1068 memcpy(p, sc->sc_concentrator_name, l2); 1069 p += l2; 1070 } 1071 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1072 PPPOE_ADD_16(p, sizeof(sc)); 1073 memcpy(p, &sc, sizeof sc); 1074 p += sizeof(sc); 1075 1076 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MAXMTU) { 1077 PPPOE_ADD_16(p, PPPOE_TAG_MAX_PAYLOAD); 1078 PPPOE_ADD_16(p, 2); 1079 PPPOE_ADD_16(p, (uint16_t)sc->sc_sppp.pp_if.if_mtu); 1080 } 1081 1082#ifdef PPPOE_DEBUG 1083 p += sizeof sc; 1084 if (p - mtod(m0, uint8_t *) != len + PPPOE_HEADERLEN) 1085 panic("pppoe_send_padi: garbled output len, should be %ld, is %ld", 1086 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, uint8_t *))); 1087#endif 1088 1089 /* send pkt */ 1090 return pppoe_output(sc, m0); 1091} 1092 1093static void 1094pppoe_timeout(void *arg) 1095{ 1096 int x, retry_wait, err; 1097 struct pppoe_softc *sc = (struct pppoe_softc*)arg; 1098 1099#ifdef PPPOE_DEBUG 1100 printf("%s: timeout\n", sc->sc_sppp.pp_if.if_xname); 1101#endif 1102 1103 switch (sc->sc_state) { 1104 case PPPOE_STATE_INITIAL: 1105 /* delayed connect from pppoe_tls() */ 1106 pppoe_connect(sc); 1107 break; 1108 case PPPOE_STATE_PADI_SENT: 1109 /* 1110 * We have two basic ways of retrying: 1111 * - Quick retry mode: try a few times in short sequence 1112 * - Slow retry mode: we already had a connection successfully 1113 * established and will try infinitely (without user 1114 * intervention) 1115 * We only enter slow retry mode if IFF_LINK1 (aka autodial) 1116 * is not set. 1117 */ 1118 1119 /* initialize for quick retry mode */ 1120 retry_wait = PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried); 1121 1122 x = splnet(); 1123 sc->sc_padi_retried++; 1124 if (sc->sc_padi_retried >= PPPOE_DISC_MAXPADI) { 1125 if ((sc->sc_sppp.pp_if.if_flags & IFF_LINK1) == 0) { 1126 /* slow retry mode */ 1127 retry_wait = PPPOE_SLOW_RETRY; 1128 } else { 1129 pppoe_abort_connect(sc); 1130 splx(x); 1131 return; 1132 } 1133 } 1134 if ((err = pppoe_send_padi(sc)) != 0) { 1135 sc->sc_padi_retried--; 1136 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1137 printf("%s: failed to transmit PADI, " 1138 "error=%d\n", 1139 sc->sc_sppp.pp_if.if_xname, err); 1140 } 1141 callout_reset(&sc->sc_timeout, retry_wait, 1142 pppoe_timeout, sc); 1143 splx(x); 1144 break; 1145 1146 case PPPOE_STATE_PADR_SENT: 1147 x = splnet(); 1148 sc->sc_padr_retried++; 1149 if (sc->sc_padr_retried >= PPPOE_DISC_MAXPADR) { 1150 memcpy(&sc->sc_dest, etherbroadcastaddr, 1151 sizeof(sc->sc_dest)); 1152 sc->sc_state = PPPOE_STATE_PADI_SENT; 1153 sc->sc_padr_retried = 0; 1154 if ((err = pppoe_send_padi(sc)) != 0) { 1155 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1156 printf("%s: failed to send PADI" 1157 ", error=%d\n", 1158 sc->sc_sppp.pp_if.if_xname, 1159 err); 1160 } 1161 callout_reset(&sc->sc_timeout, 1162 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried), 1163 pppoe_timeout, sc); 1164 splx(x); 1165 return; 1166 } 1167 if ((err = pppoe_send_padr(sc)) != 0) { 1168 sc->sc_padr_retried--; 1169 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1170 printf("%s: failed to send PADR, " 1171 "error=%d\n", sc->sc_sppp.pp_if.if_xname, 1172 err); 1173 } 1174 callout_reset(&sc->sc_timeout, 1175 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried), 1176 pppoe_timeout, sc); 1177 splx(x); 1178 break; 1179 case PPPOE_STATE_CLOSING: 1180 pppoe_disconnect(sc); 1181 break; 1182 default: 1183 return; /* all done, work in peace */ 1184 } 1185} 1186 1187/* Start a connection (i.e. initiate discovery phase) */ 1188static int 1189pppoe_connect(struct pppoe_softc *sc) 1190{ 1191 int x, err; 1192 1193 if (sc->sc_state != PPPOE_STATE_INITIAL) 1194 return EBUSY; 1195 1196#ifdef PPPOE_SERVER 1197 /* wait PADI if IFF_PASSIVE */ 1198 if ((sc->sc_sppp.pp_if.if_flags & IFF_PASSIVE)) 1199 return 0; 1200#endif 1201 x = splnet(); 1202 /* save state, in case we fail to send PADI */ 1203 sc->sc_state = PPPOE_STATE_PADI_SENT; 1204 sc->sc_padr_retried = 0; 1205 err = pppoe_send_padi(sc); 1206 if (err != 0 && sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1207 printf("%s: failed to send PADI, error=%d\n", 1208 sc->sc_sppp.pp_if.if_xname, err); 1209 callout_reset(&sc->sc_timeout, PPPOE_DISC_TIMEOUT, pppoe_timeout, sc); 1210 splx(x); 1211 return err; 1212} 1213 1214/* disconnect */ 1215static int 1216pppoe_disconnect(struct pppoe_softc *sc) 1217{ 1218 int err, x; 1219 1220 x = splnet(); 1221 1222 if (sc->sc_state < PPPOE_STATE_SESSION) 1223 err = EBUSY; 1224 else { 1225 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1226 printf("%s: disconnecting\n", 1227 sc->sc_sppp.pp_if.if_xname); 1228 err = pppoe_send_padt(sc->sc_eth_if, sc->sc_session, (const uint8_t *)&sc->sc_dest); 1229 } 1230 1231 /* cleanup softc */ 1232 sc->sc_state = PPPOE_STATE_INITIAL; 1233 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1234 if (sc->sc_ac_cookie) { 1235 free(sc->sc_ac_cookie, M_DEVBUF); 1236 sc->sc_ac_cookie = NULL; 1237 } 1238 sc->sc_ac_cookie_len = 0; 1239 if (sc->sc_relay_sid) { 1240 free(sc->sc_relay_sid, M_DEVBUF); 1241 sc->sc_relay_sid = NULL; 1242 } 1243 sc->sc_relay_sid_len = 0; 1244#ifdef PPPOE_SERVER 1245 if (sc->sc_hunique) { 1246 free(sc->sc_hunique, M_DEVBUF); 1247 sc->sc_hunique = NULL; 1248 } 1249 sc->sc_hunique_len = 0; 1250#endif 1251 sc->sc_session = 0; 1252 1253 /* notify upper layer */ 1254 sc->sc_sppp.pp_down(&sc->sc_sppp); 1255 1256 splx(x); 1257 1258 return err; 1259} 1260 1261/* Connection attempt aborted */ 1262static void 1263pppoe_abort_connect(struct pppoe_softc *sc) 1264{ 1265 printf("%s: could not establish connection\n", 1266 sc->sc_sppp.pp_if.if_xname); 1267 sc->sc_state = PPPOE_STATE_CLOSING; 1268 1269 /* notify upper layer */ 1270 sc->sc_sppp.pp_down(&sc->sc_sppp); 1271 1272 /* clear connection state */ 1273 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1274 sc->sc_state = PPPOE_STATE_INITIAL; 1275} 1276 1277/* Send a PADR packet */ 1278static int 1279pppoe_send_padr(struct pppoe_softc *sc) 1280{ 1281 struct mbuf *m0; 1282 uint8_t *p; 1283 size_t len, l1 = 0; /* XXX: gcc */ 1284 1285 if (sc->sc_state != PPPOE_STATE_PADR_SENT) 1286 return EIO; 1287 1288 len = 2 + 2 + 2 + 2 + sizeof(sc); /* service name, host unique */ 1289 if (sc->sc_service_name != NULL) { /* service name tag maybe empty */ 1290 l1 = strlen(sc->sc_service_name); 1291 len += l1; 1292 } 1293 if (sc->sc_ac_cookie_len > 0) 1294 len += 2 + 2 + sc->sc_ac_cookie_len; /* AC cookie */ 1295 if (sc->sc_relay_sid_len > 0) 1296 len += 2 + 2 + sc->sc_relay_sid_len; /* Relay SID */ 1297 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MAXMTU) { 1298 len += 2 + 2 + 2; 1299 } 1300 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); 1301 if (!m0) 1302 return ENOBUFS; 1303 p = mtod(m0, uint8_t *); 1304 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADR, 0, len); 1305 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1306 if (sc->sc_service_name != NULL) { 1307 PPPOE_ADD_16(p, l1); 1308 memcpy(p, sc->sc_service_name, l1); 1309 p += l1; 1310 } else { 1311 PPPOE_ADD_16(p, 0); 1312 } 1313 if (sc->sc_ac_cookie_len > 0) { 1314 PPPOE_ADD_16(p, PPPOE_TAG_ACCOOKIE); 1315 PPPOE_ADD_16(p, sc->sc_ac_cookie_len); 1316 memcpy(p, sc->sc_ac_cookie, sc->sc_ac_cookie_len); 1317 p += sc->sc_ac_cookie_len; 1318 } 1319 if (sc->sc_relay_sid_len > 0) { 1320 PPPOE_ADD_16(p, PPPOE_TAG_RELAYSID); 1321 PPPOE_ADD_16(p, sc->sc_relay_sid_len); 1322 memcpy(p, sc->sc_relay_sid, sc->sc_relay_sid_len); 1323 p += sc->sc_relay_sid_len; 1324 } 1325 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1326 PPPOE_ADD_16(p, sizeof(sc)); 1327 memcpy(p, &sc, sizeof sc); 1328 p += sizeof(sc); 1329 1330 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MAXMTU) { 1331 PPPOE_ADD_16(p, PPPOE_TAG_MAX_PAYLOAD); 1332 PPPOE_ADD_16(p, 2); 1333 PPPOE_ADD_16(p, (uint16_t)sc->sc_sppp.pp_if.if_mtu); 1334 } 1335 1336#ifdef PPPOE_DEBUG 1337 p += sizeof sc; 1338 if (p - mtod(m0, uint8_t *) != len + PPPOE_HEADERLEN) 1339 panic("pppoe_send_padr: garbled output len, should be %ld, is %ld", 1340 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, uint8_t *))); 1341#endif 1342 1343 return pppoe_output(sc, m0); 1344} 1345 1346/* send a PADT packet */ 1347static int 1348pppoe_send_padt(struct ifnet *outgoing_if, u_int session, const uint8_t *dest) 1349{ 1350 struct ether_header *eh; 1351 struct sockaddr dst; 1352 struct mbuf *m0; 1353 uint8_t *p; 1354 1355 m0 = pppoe_get_mbuf(PPPOE_HEADERLEN); 1356 if (!m0) 1357 return EIO; 1358 p = mtod(m0, uint8_t *); 1359 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADT, session, 0); 1360 1361 memset(&dst, 0, sizeof dst); 1362 dst.sa_family = AF_UNSPEC; 1363 eh = (struct ether_header*)&dst.sa_data; 1364 eh->ether_type = htons(ETHERTYPE_PPPOEDISC); 1365 memcpy(&eh->ether_dhost, dest, ETHER_ADDR_LEN); 1366 1367 m0->m_flags &= ~(M_BCAST|M_MCAST); 1368 return outgoing_if->if_output(outgoing_if, m0, &dst, NULL); 1369} 1370 1371#ifdef PPPOE_SERVER 1372static int 1373pppoe_send_pado(struct pppoe_softc *sc) 1374{ 1375 struct mbuf *m0; 1376 uint8_t *p; 1377 size_t len; 1378 1379 if (sc->sc_state != PPPOE_STATE_PADO_SENT) 1380 return EIO; 1381 1382 /* calc length */ 1383 len = 0; 1384 /* include ac_cookie */ 1385 len += 2 + 2 + sizeof(sc); 1386 /* include hunique */ 1387 len += 2 + 2 + sc->sc_hunique_len; 1388 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); 1389 if (!m0) 1390 return EIO; 1391 p = mtod(m0, uint8_t *); 1392 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADO, 0, len); 1393 PPPOE_ADD_16(p, PPPOE_TAG_ACCOOKIE); 1394 PPPOE_ADD_16(p, sizeof(sc)); 1395 memcpy(p, &sc, sizeof(sc)); 1396 p += sizeof(sc); 1397 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1398 PPPOE_ADD_16(p, sc->sc_hunique_len); 1399 memcpy(p, sc->sc_hunique, sc->sc_hunique_len); 1400 return pppoe_output(sc, m0); 1401} 1402 1403static int 1404pppoe_send_pads(struct pppoe_softc *sc) 1405{ 1406 struct bintime bt; 1407 struct mbuf *m0; 1408 uint8_t *p; 1409 size_t len, l1 = 0; /* XXX: gcc */ 1410 1411 if (sc->sc_state != PPPOE_STATE_PADO_SENT) 1412 return EIO; 1413 1414 getbinuptime(&bt); 1415 sc->sc_session = bt.sec % 0xff + 1; 1416 /* calc length */ 1417 len = 0; 1418 /* include hunique */ 1419 len += 2 + 2 + 2 + 2 + sc->sc_hunique_len; /* service name, host unique*/ 1420 if (sc->sc_service_name != NULL) { /* service name tag maybe empty */ 1421 l1 = strlen(sc->sc_service_name); 1422 len += l1; 1423 } 1424 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); 1425 if (!m0) 1426 return ENOBUFS; 1427 p = mtod(m0, uint8_t *); 1428 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADS, sc->sc_session, len); 1429 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1430 if (sc->sc_service_name != NULL) { 1431 PPPOE_ADD_16(p, l1); 1432 memcpy(p, sc->sc_service_name, l1); 1433 p += l1; 1434 } else { 1435 PPPOE_ADD_16(p, 0); 1436 } 1437 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1438 PPPOE_ADD_16(p, sc->sc_hunique_len); 1439 memcpy(p, sc->sc_hunique, sc->sc_hunique_len); 1440 return pppoe_output(sc, m0); 1441} 1442#endif 1443 1444static void 1445pppoe_tls(struct sppp *sp) 1446{ 1447 struct pppoe_softc *sc = (void *)sp; 1448 int wtime; 1449 1450 if (sc->sc_state != PPPOE_STATE_INITIAL) 1451 return; 1452 1453 if (sc->sc_sppp.pp_phase == SPPP_PHASE_ESTABLISH && 1454 sc->sc_sppp.pp_auth_failures > 0) { 1455 /* 1456 * Delay trying to reconnect a bit more - the peer 1457 * might have failed to contact it's radius server. 1458 */ 1459 wtime = PPPOE_RECON_FAST * sc->sc_sppp.pp_auth_failures; 1460 if (wtime > PPPOE_SLOW_RETRY) 1461 wtime = PPPOE_SLOW_RETRY; 1462 } else { 1463 wtime = PPPOE_RECON_IMMEDIATE; 1464 } 1465 callout_reset(&sc->sc_timeout, wtime, pppoe_timeout, sc); 1466} 1467 1468static void 1469pppoe_tlf(struct sppp *sp) 1470{ 1471 struct pppoe_softc *sc = (void *)sp; 1472 if (sc->sc_state < PPPOE_STATE_SESSION) 1473 return; 1474 /* 1475 * Do not call pppoe_disconnect here, the upper layer state 1476 * machine gets confused by this. We must return from this 1477 * function and defer disconnecting to the timeout handler. 1478 */ 1479 sc->sc_state = PPPOE_STATE_CLOSING; 1480 callout_reset(&sc->sc_timeout, hz/50, pppoe_timeout, sc); 1481} 1482 1483static void 1484pppoe_start(struct ifnet *ifp) 1485{ 1486 struct pppoe_softc *sc = (void *)ifp; 1487 struct mbuf *m; 1488 uint8_t *p; 1489 size_t len; 1490 1491 if (sppp_isempty(ifp)) 1492 return; 1493 1494 /* are we ready to process data yet? */ 1495 if (sc->sc_state < PPPOE_STATE_SESSION) { 1496 sppp_flush(&sc->sc_sppp.pp_if); 1497 return; 1498 } 1499 1500 while ((m = sppp_dequeue(ifp)) != NULL) { 1501 len = m->m_pkthdr.len; 1502 M_PREPEND(m, PPPOE_HEADERLEN, M_DONTWAIT); 1503 if (m == NULL) { 1504 ifp->if_oerrors++; 1505 continue; 1506 } 1507 p = mtod(m, uint8_t *); 1508 PPPOE_ADD_HEADER(p, 0, sc->sc_session, len); 1509 1510 bpf_mtap(&sc->sc_sppp.pp_if, m); 1511 1512 pppoe_output(sc, m); 1513 } 1514} 1515 1516 1517#ifdef PFIL_HOOKS 1518static int 1519pppoe_ifattach_hook(void *arg, struct mbuf **mp, struct ifnet *ifp, 1520 int dir) 1521{ 1522 struct pppoe_softc *sc; 1523 int s; 1524 1525 if (mp != (struct mbuf **)PFIL_IFNET_DETACH) 1526 return 0; 1527 1528 s = splnet(); 1529 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) { 1530 if (sc->sc_eth_if != ifp) 1531 continue; 1532 if (sc->sc_sppp.pp_if.if_flags & IFF_UP) { 1533 sc->sc_sppp.pp_if.if_flags &= ~(IFF_UP|IFF_RUNNING); 1534 printf("%s: ethernet interface detached, going down\n", 1535 sc->sc_sppp.pp_if.if_xname); 1536 } 1537 sc->sc_eth_if = NULL; 1538 pppoe_clear_softc(sc, "ethernet interface detached"); 1539 } 1540 splx(s); 1541 1542 return 0; 1543} 1544#endif 1545 1546static void 1547pppoe_clear_softc(struct pppoe_softc *sc, const char *message) 1548{ 1549 /* stop timer */ 1550 callout_stop(&sc->sc_timeout); 1551 if (sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) 1552 printf("%s: session 0x%x terminated, %s\n", 1553 sc->sc_sppp.pp_if.if_xname, sc->sc_session, message); 1554 1555 /* fix our state */ 1556 sc->sc_state = PPPOE_STATE_INITIAL; 1557 1558 /* signal upper layer */ 1559 sc->sc_sppp.pp_down(&sc->sc_sppp); 1560 1561 /* clean up softc */ 1562 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1563 if (sc->sc_ac_cookie) { 1564 free(sc->sc_ac_cookie, M_DEVBUF); 1565 sc->sc_ac_cookie = NULL; 1566 } 1567 if (sc->sc_relay_sid) { 1568 free(sc->sc_relay_sid, M_DEVBUF); 1569 sc->sc_relay_sid = NULL; 1570 } 1571 sc->sc_ac_cookie_len = 0; 1572 sc->sc_session = 0; 1573} 1574