1 /* $OpenBSD: if_pppoe.c,v 1.85 2025/01/15 06:15:44 dlg Exp $ */
2 /* $NetBSD: if_pppoe.c,v 1.51 2003/11/28 08:56:48 keihan Exp $ */
3
4 /*
5 * Copyright (c) 2002 The NetBSD Foundation, Inc.
6 * All rights reserved.
7 *
8 * This code is derived from software contributed to The NetBSD Foundation
9 * by Martin Husemann <martin@NetBSD.org>.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
24 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 * POSSIBILITY OF SUCH DAMAGE.
31 */
32
33 #include "pppoe.h"
34 #include "bpfilter.h"
35
36 #include <sys/param.h>
37 #include <sys/systm.h>
38 #include <sys/kernel.h>
39 #include <sys/timeout.h>
40 #include <sys/malloc.h>
41 #include <sys/mbuf.h>
42 #include <sys/socket.h>
43 #include <sys/syslog.h>
44 #include <sys/ioctl.h>
45 #include <sys/smr.h>
46 #include <sys/percpu.h>
47 #include <net/if.h>
48 #include <net/if_var.h>
49 #include <net/if_types.h>
50 #include <net/if_sppp.h>
51 #include <net/if_pppoe.h>
52 #include <net/netisr.h>
53 #include <netinet/in.h>
54 #include <netinet/if_ether.h>
55
56 #if NBPFILTER > 0
57 #include <net/bpf.h>
58 #endif
59
60 #undef PPPOE_DEBUG /* XXX - remove this or make it an option */
61
62 #define PPPOEDEBUG(a) ((sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) ? printf a : 0)
63
64 struct pppoehdr {
65 u_int8_t vertype;
66 u_int8_t code;
67 u_int16_t session;
68 u_int16_t plen;
69 } __packed;
70
71 struct pppoetag {
72 u_int16_t tag;
73 u_int16_t len;
74 } __packed;
75
76 #define PPPOE_HEADERLEN sizeof(struct pppoehdr)
77 #define PPPOE_OVERHEAD (PPPOE_HEADERLEN + 2)
78 #define PPPOE_VERTYPE 0x11 /* VER=1, TYPE = 1 */
79
80 #define PPPOE_TAG_EOL 0x0000 /* end of list */
81 #define PPPOE_TAG_SNAME 0x0101 /* service name */
82 #define PPPOE_TAG_ACNAME 0x0102 /* access concentrator name */
83 #define PPPOE_TAG_HUNIQUE 0x0103 /* host unique */
84 #define PPPOE_TAG_ACCOOKIE 0x0104 /* AC cookie */
85 #define PPPOE_TAG_VENDOR 0x0105 /* vendor specific */
86 #define PPPOE_TAG_RELAYSID 0x0110 /* relay session id */
87 #define PPPOE_TAG_MAX_PAYLOAD 0x0120 /* RFC 4638 max payload */
88 #define PPPOE_TAG_SNAME_ERR 0x0201 /* service name error */
89 #define PPPOE_TAG_ACSYS_ERR 0x0202 /* AC system error */
90 #define PPPOE_TAG_GENERIC_ERR 0x0203 /* generic error */
91
92 #define PPPOE_CODE_PADI 0x09 /* Active Discovery Initiation */
93 #define PPPOE_CODE_PADO 0x07 /* Active Discovery Offer */
94 #define PPPOE_CODE_PADR 0x19 /* Active Discovery Request */
95 #define PPPOE_CODE_PADS 0x65 /* Active Discovery Session confirmation */
96 #define PPPOE_CODE_PADT 0xA7 /* Active Discovery Terminate */
97
98 /* two byte PPP protocol discriminator, then IP data */
99 #define PPPOE_MTU (ETHERMTU - PPPOE_OVERHEAD)
100 #define PPPOE_MAXMTU PP_MAX_MRU
101
102 /* Add a 16 bit unsigned value to a buffer pointed to by PTR */
103 #define PPPOE_ADD_16(PTR, VAL) \
104 *(PTR)++ = (VAL) / 256; \
105 *(PTR)++ = (VAL) % 256
106
107 /* Add a complete PPPoE header to the buffer pointed to by PTR */
108 #define PPPOE_ADD_HEADER(PTR, CODE, SESS, LEN) \
109 *(PTR)++ = PPPOE_VERTYPE; \
110 *(PTR)++ = (CODE); \
111 PPPOE_ADD_16(PTR, SESS); \
112 PPPOE_ADD_16(PTR, LEN)
113
114 #define PPPOE_DISC_TIMEOUT 5 /* base for quick timeout calculation (seconds) */
115 #define PPPOE_SLOW_RETRY 60 /* persistent retry interval (seconds) */
116 #define PPPOE_DISC_MAXPADI 4 /* retry PADI four times (quickly) */
117 #define PPPOE_DISC_MAXPADR 2 /* retry PADR twice */
118
119 /*
120 * Locks used to protect struct members and global data
121 * I immutable after creation
122 * K kernel lock
123 */
124
125 struct pppoe_softc {
126 struct sppp sc_sppp; /* contains a struct ifnet as first element */
127 LIST_ENTRY(pppoe_softc) sc_list;/* [K] */
128 unsigned int sc_eth_ifidx; /* [K] */
129 caddr_t sc_bpf;
130
131 SMR_LIST_ENTRY(pppoe_softc) sc_session_entry; /* [K] */
132 int sc_state; /* [K] discovery phase or session connected */
133 struct ether_addr sc_dest; /* [K] hardware address of concentrator */
134 u_int16_t sc_session; /* [K] PPPoE session id */
135
136 char *sc_service_name; /* [K] if != NULL: requested name of service */
137 char *sc_concentrator_name; /* [K] if != NULL: requested concentrator id */
138 u_int8_t *sc_ac_cookie; /* [K] content of AC cookie we must echo back */
139 size_t sc_ac_cookie_len; /* [K] length of cookie data */
140 u_int8_t *sc_relay_sid; /* [K] content of relay SID we must echo back */
141 size_t sc_relay_sid_len; /* [K] length of relay SID data */
142 u_int32_t sc_unique; /* [I] our unique id */
143 struct timeout sc_timeout; /* [K] timeout while not in session state */
144 int sc_padi_retried; /* [K] number of PADI retries already done */
145 int sc_padr_retried; /* [K] number of PADR retries already done */
146
147 struct timeval sc_session_time; /* [K] time the session was established */
148 };
149
150 /* input routines */
151 void pppoe_disc_input(struct mbuf *);
152 void pppoe_data_input(struct mbuf *);
153 static void pppoe_dispatch_disc_pkt(struct mbuf *);
154
155 /* management routines */
156 void pppoeattach(int);
157 static int pppoe_connect(struct pppoe_softc *);
158 static int pppoe_disconnect(struct pppoe_softc *);
159 static void pppoe_abort_connect(struct pppoe_softc *);
160 static int pppoe_ioctl(struct ifnet *, unsigned long, caddr_t);
161 static void pppoe_tls(struct sppp *);
162 static void pppoe_tlf(struct sppp *);
163 static void pppoe_start(struct ifnet *);
164
165 /* internal timeout handling */
166 static void pppoe_timeout(void *);
167
168 /* sending actual protocol control packets */
169 static int pppoe_send_padi(struct pppoe_softc *);
170 static int pppoe_send_padr(struct pppoe_softc *);
171 static int pppoe_send_padt(unsigned int, u_int, const u_int8_t *, u_int8_t);
172
173 /* raw output */
174 static int pppoe_output(struct pppoe_softc *, struct mbuf *);
175
176 /* internal helper functions */
177 static struct pppoe_softc *pppoe_find_softc_by_session(u_int, u_int);
178 static struct pppoe_softc *pppoe_find_softc_by_hunique(u_int8_t *, size_t, u_int);
179 static struct mbuf *pppoe_get_mbuf(size_t len);
180
181 LIST_HEAD(pppoe_softc_head, pppoe_softc) pppoe_softc_list;
182 SMR_LIST_HEAD(pppoe_softc_sessions, pppoe_softc) pppoe_sessions; /* [K] */
183
184 /* interface cloning */
185 int pppoe_clone_create(struct if_clone *, int);
186 int pppoe_clone_destroy(struct ifnet *);
187
188 struct if_clone pppoe_cloner =
189 IF_CLONE_INITIALIZER("pppoe", pppoe_clone_create, pppoe_clone_destroy);
190
191 struct mbuf_queue pppoediscinq = MBUF_QUEUE_INITIALIZER(
192 IFQ_MAXLEN, IPL_SOFTNET);
193 struct mbuf_queue pppoeinq = MBUF_QUEUE_INITIALIZER(
194 IFQ_MAXLEN, IPL_SOFTNET);
195
196 void
pppoeintr(void)197 pppoeintr(void)
198 {
199 struct mbuf_list ml;
200 struct mbuf *m;
201
202 NET_ASSERT_LOCKED();
203
204 mq_delist(&pppoediscinq, &ml);
205 while ((m = ml_dequeue(&ml)) != NULL)
206 pppoe_disc_input(m);
207
208 mq_delist(&pppoeinq, &ml);
209 while ((m = ml_dequeue(&ml)) != NULL)
210 pppoe_data_input(m);
211 }
212
213 void
pppoeattach(int count)214 pppoeattach(int count)
215 {
216 LIST_INIT(&pppoe_softc_list);
217 SMR_LIST_INIT(&pppoe_sessions);
218 if_clone_attach(&pppoe_cloner);
219 }
220
221 static void
pppoe_set_state(struct pppoe_softc * sc,int state)222 pppoe_set_state(struct pppoe_softc *sc, int state)
223 {
224 KERNEL_ASSERT_LOCKED();
225 if (sc->sc_state == PPPOE_STATE_SESSION)
226 SMR_LIST_REMOVE_LOCKED(sc, sc_session_entry);
227 sc->sc_state = state;
228 }
229
230 /* Create a new interface. */
231 int
pppoe_clone_create(struct if_clone * ifc,int unit)232 pppoe_clone_create(struct if_clone *ifc, int unit)
233 {
234 struct pppoe_softc *sc, *tmpsc;
235 u_int32_t unique;
236
237 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO);
238 snprintf(sc->sc_sppp.pp_if.if_xname,
239 sizeof(sc->sc_sppp.pp_if.if_xname),
240 "pppoe%d", unit);
241 sc->sc_sppp.pp_if.if_softc = sc;
242 sc->sc_sppp.pp_if.if_mtu = PPPOE_MTU;
243 sc->sc_sppp.pp_if.if_flags = IFF_SIMPLEX | IFF_POINTOPOINT | IFF_MULTICAST;
244 sc->sc_sppp.pp_if.if_type = IFT_PPP;
245 sc->sc_sppp.pp_if.if_hdrlen = sizeof(struct ether_header) + PPPOE_HEADERLEN;
246 sc->sc_sppp.pp_flags |= PP_KEEPALIVE; /* use LCP keepalive */
247 sc->sc_sppp.pp_framebytes = PPPOE_HEADERLEN; /* framing added to ppp packets */
248 sc->sc_sppp.pp_if.if_input = p2p_input;
249 sc->sc_sppp.pp_if.if_bpf_mtap = p2p_bpf_mtap;
250 sc->sc_sppp.pp_if.if_ioctl = pppoe_ioctl;
251 sc->sc_sppp.pp_if.if_start = pppoe_start;
252 sc->sc_sppp.pp_if.if_rtrequest = p2p_rtrequest;
253 sc->sc_sppp.pp_if.if_xflags = IFXF_CLONED;
254 sc->sc_sppp.pp_tls = pppoe_tls;
255 sc->sc_sppp.pp_tlf = pppoe_tlf;
256
257 /* changed to real address later */
258 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest));
259
260 /* init timer for interface watchdog */
261 timeout_set_proc(&sc->sc_timeout, pppoe_timeout, sc);
262
263 if_counters_alloc(&sc->sc_sppp.pp_if);
264 if_attach(&sc->sc_sppp.pp_if);
265 if_alloc_sadl(&sc->sc_sppp.pp_if);
266 sppp_attach(&sc->sc_sppp.pp_if);
267 #if NBPFILTER > 0
268 bpfattach(&sc->sc_bpf, &sc->sc_sppp.pp_if, DLT_PPP_ETHER, 0);
269 bpfattach(&sc->sc_sppp.pp_if.if_bpf, &sc->sc_sppp.pp_if,
270 DLT_LOOP, sizeof(uint32_t));
271 #endif
272
273 NET_LOCK();
274 retry:
275 unique = arc4random();
276 LIST_FOREACH(tmpsc, &pppoe_softc_list, sc_list)
277 if (tmpsc->sc_unique == unique)
278 goto retry;
279 sc->sc_unique = unique;
280 LIST_INSERT_HEAD(&pppoe_softc_list, sc, sc_list);
281 NET_UNLOCK();
282
283 return (0);
284 }
285
286 /* Destroy a given interface. */
287 int
pppoe_clone_destroy(struct ifnet * ifp)288 pppoe_clone_destroy(struct ifnet *ifp)
289 {
290 struct pppoe_softc *sc = ifp->if_softc;
291
292 NET_LOCK();
293 LIST_REMOVE(sc, sc_list);
294 NET_UNLOCK();
295
296 timeout_del(&sc->sc_timeout);
297 pppoe_set_state(sc, PPPOE_STATE_INITIAL);
298
299 sppp_detach(&sc->sc_sppp.pp_if);
300 if_detach(ifp);
301
302 if (sc->sc_concentrator_name)
303 free(sc->sc_concentrator_name, M_DEVBUF,
304 strlen(sc->sc_concentrator_name) + 1);
305 if (sc->sc_service_name)
306 free(sc->sc_service_name, M_DEVBUF,
307 strlen(sc->sc_service_name) + 1);
308 if (sc->sc_ac_cookie)
309 free(sc->sc_ac_cookie, M_DEVBUF, sc->sc_ac_cookie_len);
310 if (sc->sc_relay_sid)
311 free(sc->sc_relay_sid, M_DEVBUF, sc->sc_relay_sid_len);
312
313 smr_barrier();
314
315 free(sc, M_DEVBUF, sizeof(*sc));
316
317 return (0);
318 }
319
320 /*
321 * Find the interface handling the specified session.
322 * Note: O(number of sessions open), this is a client-side only, mean
323 * and lean implementation, so number of open sessions typically should
324 * be 1.
325 */
326 static struct pppoe_softc *
pppoe_find_softc_by_session(u_int session,u_int ifidx)327 pppoe_find_softc_by_session(u_int session, u_int ifidx)
328 {
329 struct pppoe_softc *sc;
330
331 if (session == 0)
332 return (NULL);
333
334 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) {
335 if (sc->sc_state == PPPOE_STATE_SESSION
336 && sc->sc_session == session
337 && sc->sc_eth_ifidx == ifidx) {
338 return (sc);
339 }
340 }
341 return (NULL);
342 }
343
344 static struct pppoe_softc *
pppoe_smr_find_by_session(u_int session,u_int ifidx)345 pppoe_smr_find_by_session(u_int session, u_int ifidx)
346 {
347 struct pppoe_softc *sc;
348
349 if (session == 0)
350 return (NULL);
351
352 smr_read_enter();
353 SMR_LIST_FOREACH(sc, &pppoe_sessions, sc_session_entry) {
354 if (sc->sc_session == session &&
355 sc->sc_eth_ifidx == ifidx) {
356 /* XXX if_ref() */
357 refcnt_take(&sc->sc_sppp.pp_if.if_refcnt);
358 break;
359 }
360 }
361 smr_read_leave();
362
363 return (sc);
364 }
365
366 /*
367 * Check host unique token passed and return appropriate softc pointer,
368 * or NULL if token is bogus.
369 */
370 static struct pppoe_softc *
pppoe_find_softc_by_hunique(u_int8_t * token,size_t len,u_int ifidx)371 pppoe_find_softc_by_hunique(u_int8_t *token, size_t len, u_int ifidx)
372 {
373 struct pppoe_softc *sc;
374 u_int32_t hunique;
375
376 if (LIST_EMPTY(&pppoe_softc_list))
377 return (NULL);
378
379 if (len != sizeof(hunique))
380 return (NULL);
381 memcpy(&hunique, token, len);
382
383 LIST_FOREACH(sc, &pppoe_softc_list, sc_list)
384 if (sc->sc_unique == hunique)
385 break;
386
387 if (sc == NULL) {
388 printf("pppoe: alien host unique tag, no session found\n");
389 return (NULL);
390 }
391
392 /* should be safe to access *sc now */
393 if (sc->sc_state < PPPOE_STATE_PADI_SENT || sc->sc_state >= PPPOE_STATE_SESSION) {
394 printf("%s: host unique tag found, but it belongs to a connection in state %d\n",
395 sc->sc_sppp.pp_if.if_xname, sc->sc_state);
396 return (NULL);
397 }
398 if (sc->sc_eth_ifidx != ifidx) {
399 printf("%s: wrong interface, not accepting host unique\n",
400 sc->sc_sppp.pp_if.if_xname);
401 return (NULL);
402 }
403 return (sc);
404 }
405
406 /* Analyze and handle a single received packet while not in session state. */
407 static void
pppoe_dispatch_disc_pkt(struct mbuf * m)408 pppoe_dispatch_disc_pkt(struct mbuf *m)
409 {
410 struct pppoe_softc *sc;
411 struct pppoehdr *ph;
412 struct pppoetag *pt;
413 struct mbuf *n;
414 struct ether_header *eh;
415 const char *err_msg, *devname;
416 size_t ac_cookie_len;
417 size_t relay_sid_len;
418 int off, noff, err, errortag, max_payloadtag;
419 u_int16_t max_payload;
420 u_int16_t tag, len;
421 u_int16_t session, plen;
422 u_int8_t *ac_cookie;
423 u_int8_t *relay_sid;
424 u_int8_t code;
425
426 err_msg = NULL;
427 devname = "pppoe";
428 off = 0;
429 errortag = 0;
430 max_payloadtag = 0;
431
432 if (m->m_len < sizeof(*eh)) {
433 m = m_pullup(m, sizeof(*eh));
434 if (m == NULL)
435 goto done;
436 }
437 eh = mtod(m, struct ether_header *);
438 off += sizeof(*eh);
439
440 ac_cookie = NULL;
441 ac_cookie_len = 0;
442 relay_sid = NULL;
443 relay_sid_len = 0;
444 max_payload = 0;
445
446 session = 0;
447 if (m->m_pkthdr.len - off <= PPPOE_HEADERLEN) {
448 printf("pppoe: packet too short: %d\n", m->m_pkthdr.len);
449 goto done;
450 }
451
452 n = m_pulldown(m, off, sizeof(*ph), &noff);
453 if (n == NULL) {
454 printf("pppoe: could not get PPPoE header\n");
455 m = NULL;
456 goto done;
457 }
458 ph = (struct pppoehdr *)(mtod(n, caddr_t) + noff);
459 if (ph->vertype != PPPOE_VERTYPE) {
460 printf("pppoe: unknown version/type packet: 0x%x\n",
461 ph->vertype);
462 goto done;
463 }
464
465 session = ntohs(ph->session);
466 plen = ntohs(ph->plen);
467 code = ph->code;
468 off += sizeof(*ph);
469 if (plen + off > m->m_pkthdr.len) {
470 printf("pppoe: packet content does not fit: data available = %d, packet size = %u\n",
471 m->m_pkthdr.len - off, plen);
472 goto done;
473 }
474
475 /* ignore trailing garbage */
476 m_adj(m, off + plen - m->m_pkthdr.len);
477
478 tag = 0;
479 len = 0;
480 sc = NULL;
481 while (off + sizeof(*pt) <= m->m_pkthdr.len) {
482 n = m_pulldown(m, off, sizeof(*pt), &noff);
483 if (n == NULL) {
484 printf("%s: parse error\n", devname);
485 m = NULL;
486 goto done;
487 }
488 pt = (struct pppoetag *)(mtod(n, caddr_t) + noff);
489 tag = ntohs(pt->tag);
490 len = ntohs(pt->len);
491 off += sizeof(*pt);
492 if (off + len > m->m_pkthdr.len) {
493 printf("%s: tag 0x%x len 0x%x is too long\n",
494 devname, tag, len);
495 goto done;
496 }
497 switch (tag) {
498 case PPPOE_TAG_EOL:
499 goto breakbreak;
500 case PPPOE_TAG_SNAME:
501 break; /* ignored */
502 case PPPOE_TAG_ACNAME:
503 break; /* ignored */
504 case PPPOE_TAG_HUNIQUE:
505 if (sc != NULL)
506 break;
507 n = m_pulldown(m, off, len, &noff);
508 if (n == NULL) {
509 m = NULL;
510 err_msg = "TAG HUNIQUE ERROR";
511 break;
512 }
513 sc = pppoe_find_softc_by_hunique(mtod(n, caddr_t) + noff,
514 len, m->m_pkthdr.ph_ifidx);
515 if (sc != NULL)
516 devname = sc->sc_sppp.pp_if.if_xname;
517 break;
518 case PPPOE_TAG_ACCOOKIE:
519 if (ac_cookie == NULL) {
520 n = m_pulldown(m, off, len,
521 &noff);
522 if (n == NULL) {
523 err_msg = "TAG ACCOOKIE ERROR";
524 m = NULL;
525 break;
526 }
527 ac_cookie = mtod(n, caddr_t) + noff;
528 ac_cookie_len = len;
529 }
530 break;
531 case PPPOE_TAG_RELAYSID:
532 if (relay_sid == NULL) {
533 n = m_pulldown(m, off, len,
534 &noff);
535 if (n == NULL) {
536 err_msg = "TAG RELAYSID ERROR";
537 m = NULL;
538 break;
539 }
540 relay_sid = mtod(n, caddr_t) + noff;
541 relay_sid_len = len;
542 }
543 break;
544 case PPPOE_TAG_MAX_PAYLOAD:
545 if (!max_payloadtag) {
546 n = m_pulldown(m, off, len,
547 &noff);
548 if (n == NULL || len != sizeof(max_payload)) {
549 err_msg = "TAG MAX_PAYLOAD ERROR";
550 m = NULL;
551 break;
552 }
553 memcpy(&max_payload, mtod(n, caddr_t) + noff,
554 sizeof(max_payload));
555 max_payloadtag = 1;
556 }
557 break;
558 case PPPOE_TAG_SNAME_ERR:
559 err_msg = "SERVICE NAME ERROR";
560 errortag = 1;
561 break;
562 case PPPOE_TAG_ACSYS_ERR:
563 err_msg = "AC SYSTEM ERROR";
564 errortag = 1;
565 break;
566 case PPPOE_TAG_GENERIC_ERR:
567 err_msg = "GENERIC ERROR";
568 errortag = 1;
569 break;
570 }
571 if (err_msg) {
572 log(LOG_INFO, "%s: %s: ", devname, err_msg);
573 if (errortag && len) {
574 n = m_pulldown(m, off, len,
575 &noff);
576 if (n == NULL) {
577 m = NULL;
578 } else {
579 u_int8_t *et = mtod(n, caddr_t) + noff;
580 while (len--)
581 addlog("%c", *et++);
582 }
583 }
584 addlog("\n");
585 goto done;
586 }
587 off += len;
588 }
589 breakbreak:
590 switch (code) {
591 case PPPOE_CODE_PADI:
592 case PPPOE_CODE_PADR:
593 /* ignore, we are no access concentrator */
594 goto done;
595 case PPPOE_CODE_PADO:
596 if (sc == NULL) {
597 /* be quiet if there is not a single pppoe instance */
598 if (!LIST_EMPTY(&pppoe_softc_list))
599 printf("pppoe: received PADO but could not find request for it\n");
600 goto done;
601 }
602 if (sc->sc_state != PPPOE_STATE_PADI_SENT) {
603 printf("%s: received unexpected PADO\n",
604 sc->sc_sppp.pp_if.if_xname);
605 goto done;
606 }
607 if (ac_cookie) {
608 if (sc->sc_ac_cookie)
609 free(sc->sc_ac_cookie, M_DEVBUF,
610 sc->sc_ac_cookie_len);
611 sc->sc_ac_cookie = malloc(ac_cookie_len, M_DEVBUF,
612 M_DONTWAIT);
613 if (sc->sc_ac_cookie == NULL) {
614 sc->sc_ac_cookie_len = 0;
615 goto done;
616 }
617 sc->sc_ac_cookie_len = ac_cookie_len;
618 memcpy(sc->sc_ac_cookie, ac_cookie, ac_cookie_len);
619 } else if (sc->sc_ac_cookie) {
620 free(sc->sc_ac_cookie, M_DEVBUF, sc->sc_ac_cookie_len);
621 sc->sc_ac_cookie = NULL;
622 sc->sc_ac_cookie_len = 0;
623 }
624 if (relay_sid) {
625 if (sc->sc_relay_sid)
626 free(sc->sc_relay_sid, M_DEVBUF,
627 sc->sc_relay_sid_len);
628 sc->sc_relay_sid = malloc(relay_sid_len, M_DEVBUF,
629 M_DONTWAIT);
630 if (sc->sc_relay_sid == NULL) {
631 sc->sc_relay_sid_len = 0;
632 goto done;
633 }
634 sc->sc_relay_sid_len = relay_sid_len;
635 memcpy(sc->sc_relay_sid, relay_sid, relay_sid_len);
636 } else if (sc->sc_relay_sid) {
637 free(sc->sc_relay_sid, M_DEVBUF, sc->sc_relay_sid_len);
638 sc->sc_relay_sid = NULL;
639 sc->sc_relay_sid_len = 0;
640 }
641 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU &&
642 (!max_payloadtag ||
643 ntohs(max_payload) != sc->sc_sppp.pp_if.if_mtu)) {
644 printf("%s: No valid PPP-Max-Payload tag received in PADO\n",
645 sc->sc_sppp.pp_if.if_xname);
646 sc->sc_sppp.pp_if.if_mtu = PPPOE_MTU;
647 }
648
649 memcpy(&sc->sc_dest, eh->ether_shost, sizeof(sc->sc_dest));
650 sc->sc_padr_retried = 0;
651 pppoe_set_state(sc, PPPOE_STATE_PADR_SENT);
652 if ((err = pppoe_send_padr(sc)) != 0) {
653 PPPOEDEBUG(("%s: failed to send PADR, error=%d\n",
654 sc->sc_sppp.pp_if.if_xname, err));
655 }
656 timeout_add_sec(&sc->sc_timeout,
657 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried));
658
659 break;
660 case PPPOE_CODE_PADS:
661 if (sc == NULL)
662 goto done;
663
664 KERNEL_ASSERT_LOCKED();
665
666 sc->sc_session = session;
667 timeout_del(&sc->sc_timeout);
668 PPPOEDEBUG(("%s: session 0x%x connected\n",
669 sc->sc_sppp.pp_if.if_xname, session));
670 sc->sc_state = PPPOE_STATE_SESSION;
671 getmicrouptime(&sc->sc_session_time);
672 SMR_LIST_INSERT_HEAD_LOCKED(&pppoe_sessions, sc,
673 sc_session_entry);
674 sc->sc_sppp.pp_up(&sc->sc_sppp); /* notify upper layers */
675
676 break;
677 case PPPOE_CODE_PADT:
678 if (sc == NULL)
679 goto done;
680
681 /* stop timer (we might be about to transmit a PADT ourself) */
682 timeout_del(&sc->sc_timeout);
683 PPPOEDEBUG(("%s: session 0x%x terminated, received PADT\n",
684 sc->sc_sppp.pp_if.if_xname, session));
685
686 /* clean up softc */
687 pppoe_set_state(sc, PPPOE_STATE_PADR_SENT);
688 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest));
689 if (sc->sc_ac_cookie) {
690 free(sc->sc_ac_cookie, M_DEVBUF,
691 sc->sc_ac_cookie_len);
692 sc->sc_ac_cookie = NULL;
693 }
694 if (sc->sc_relay_sid) {
695 free(sc->sc_relay_sid, M_DEVBUF, sc->sc_relay_sid_len);
696 sc->sc_relay_sid = NULL;
697 }
698 sc->sc_ac_cookie_len = 0;
699 sc->sc_relay_sid_len = 0;
700 sc->sc_session = 0;
701 sc->sc_session_time.tv_sec = 0;
702 sc->sc_session_time.tv_usec = 0;
703 sc->sc_sppp.pp_down(&sc->sc_sppp); /* signal upper layer */
704
705 break;
706 default:
707 printf("%s: unknown code (0x%04x) session = 0x%04x\n",
708 sc ? sc->sc_sppp.pp_if.if_xname : "pppoe",
709 code, session);
710 break;
711 }
712
713 done:
714 m_freem(m);
715 }
716
717 /* Input function for discovery packets. */
718 void
pppoe_disc_input(struct mbuf * m)719 pppoe_disc_input(struct mbuf *m)
720 {
721 /* avoid error messages if there is not a single pppoe instance */
722 if (!LIST_EMPTY(&pppoe_softc_list)) {
723 KASSERT(m->m_flags & M_PKTHDR);
724 pppoe_dispatch_disc_pkt(m);
725 } else
726 m_freem(m);
727 }
728
729 struct mbuf *
pppoe_vinput(struct ifnet * ifp0,struct mbuf * m)730 pppoe_vinput(struct ifnet *ifp0, struct mbuf *m)
731 {
732 struct pppoe_softc *sc;
733 struct ifnet *ifp;
734 struct ether_header *eh;
735 struct pppoehdr *ph;
736 uint16_t proto;
737 int hlen = sizeof(*eh) + sizeof(*ph);
738 int phlen;
739 int plen;
740 int af = AF_UNSPEC;
741 #if NBPFILTER > 0
742 caddr_t if_bpf;
743 #endif
744 time_t now;
745
746 smr_read_enter();
747 sc = SMR_LIST_FIRST(&pppoe_sessions);
748 smr_read_leave();
749 if (sc == NULL)
750 return (m);
751
752 if (m->m_pkthdr.len < hlen)
753 return (m);
754 if (m->m_len < hlen) {
755 m = m_pullup(m, hlen);
756 if (m == NULL)
757 return (NULL);
758 }
759
760 eh = mtod(m, struct ether_header *);
761 ph = (struct pppoehdr *)(eh + 1);
762 if (ph->vertype != PPPOE_VERTYPE)
763 return (m);
764 if (ph->code != 0)
765 return (m);
766
767 sc = pppoe_smr_find_by_session(ntohs(ph->session), ifp0->if_index);
768 if (sc == NULL) {
769 /* no session, don't waste any more time */
770 m_freem(m);
771 return (NULL);
772 }
773
774 ifp = &sc->sc_sppp.pp_if;
775
776 plen = ntohs(ph->plen);
777 if (plen < sizeof(proto))
778 goto drop;
779
780 phlen = hlen + sizeof(proto);
781 if (m->m_pkthdr.len < phlen)
782 goto drop;
783 if (m->m_len < phlen) {
784 m = m_pullup(m, phlen);
785 if (m == NULL)
786 goto put;
787 }
788
789 proto = *(uint16_t *)(mtod(m, caddr_t) + hlen);
790 af = sppp_proto_up(ifp, proto);
791 if (af == AF_UNSPEC)
792 goto put;
793
794 #if NBPFILTER > 0
795 if_bpf = sc->sc_bpf;
796 if (if_bpf) {
797 m_adj(m, sizeof(*eh));
798 bpf_mtap(sc->sc_bpf, m, BPF_DIRECTION_IN);
799 m_adj(m, phlen - sizeof(*eh));
800 } else
801 #endif
802 m_adj(m, phlen);
803
804 plen -= sizeof(proto);
805 if (m->m_pkthdr.len < plen) {
806 counters_inc(ifp->if_counters, ifc_ierrors);
807 goto drop;
808 }
809
810 if (m->m_pkthdr.len > plen)
811 m_adj(m, plen - m->m_pkthdr.len);
812
813 /* XXX not 64bit or MP safe */
814 now = getuptime();
815 if (sc->sc_sppp.pp_last_activity < now)
816 sc->sc_sppp.pp_last_activity = now;
817
818 m->m_pkthdr.ph_family = af;
819 if_vinput(ifp, m);
820 done:
821 m = NULL;
822 put:
823 if_put(ifp);
824
825 return (m);
826 drop:
827 m_freem(m);
828 goto done;
829 }
830
831 /* Input function for data packets */
832 void
pppoe_data_input(struct mbuf * m)833 pppoe_data_input(struct mbuf *m)
834 {
835 struct pppoe_softc *sc;
836 struct pppoehdr *ph;
837 u_int16_t session, plen;
838 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS
839 u_int8_t shost[ETHER_ADDR_LEN];
840 #endif
841 if (LIST_EMPTY(&pppoe_softc_list))
842 goto drop;
843
844 KASSERT(m->m_flags & M_PKTHDR);
845
846 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS
847 memcpy(shost, mtod(m, struct ether_header*)->ether_shost, ETHER_ADDR_LEN);
848 #endif
849 m_adj(m, sizeof(struct ether_header));
850 if (m->m_pkthdr.len <= PPPOE_HEADERLEN) {
851 printf("pppoe (data): dropping too short packet: %d bytes\n",
852 m->m_pkthdr.len);
853 goto drop;
854 }
855 if (m->m_len < sizeof(*ph)) {
856 m = m_pullup(m, sizeof(*ph));
857 if (m == NULL) {
858 printf("pppoe (data): could not get PPPoE header\n");
859 return;
860 }
861 }
862 ph = mtod(m, struct pppoehdr *);
863 if (ph->vertype != PPPOE_VERTYPE) {
864 printf("pppoe (data): unknown version/type packet: 0x%x\n",
865 ph->vertype);
866 goto drop;
867 }
868 if (ph->code != 0)
869 goto drop;
870
871 session = ntohs(ph->session);
872 sc = pppoe_find_softc_by_session(session, m->m_pkthdr.ph_ifidx);
873 if (sc == NULL) {
874 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS
875 printf("pppoe (data): input for unknown session 0x%x, sending PADT\n",
876 session);
877 pppoe_send_padt(m->m_pkthdr.ph_ifidx, session, shost, 0);
878 #endif
879 goto drop;
880 }
881
882 plen = ntohs(ph->plen);
883
884 #if NBPFILTER > 0
885 if (sc->sc_bpf)
886 bpf_mtap(sc->sc_bpf, m, BPF_DIRECTION_IN);
887 #endif
888
889 m_adj(m, PPPOE_HEADERLEN);
890
891 #ifdef PPPOE_DEBUG
892 {
893 struct mbuf *p;
894
895 printf("%s: pkthdr.len=%d, pppoe.len=%d",
896 sc->sc_sppp.pp_if.if_xname,
897 m->m_pkthdr.len, plen);
898 p = m;
899 while (p) {
900 printf(" l=%d", p->m_len);
901 p = p->m_next;
902 }
903 printf("\n");
904 }
905 #endif
906
907 if (m->m_pkthdr.len < plen)
908 goto drop;
909
910 /* fix incoming interface pointer (not the raw ethernet interface anymore) */
911 m->m_pkthdr.ph_ifidx = sc->sc_sppp.pp_if.if_index;
912
913 /* pass packet up and account for it */
914 sc->sc_sppp.pp_if.if_ipackets++;
915 sppp_input(&sc->sc_sppp.pp_if, m);
916 return;
917
918 drop:
919 m_freem(m);
920 }
921
922 static int
pppoe_output(struct pppoe_softc * sc,struct mbuf * m)923 pppoe_output(struct pppoe_softc *sc, struct mbuf *m)
924 {
925 struct sockaddr dst;
926 struct ether_header *eh;
927 struct ifnet *eth_if;
928 u_int16_t etype;
929 int ret;
930
931 if ((eth_if = if_get(sc->sc_eth_ifidx)) == NULL) {
932 m_freem(m);
933 return (EIO);
934 }
935
936 if ((eth_if->if_flags & (IFF_UP|IFF_RUNNING))
937 != (IFF_UP|IFF_RUNNING)) {
938 if_put(eth_if);
939 m_freem(m);
940 return (ENETDOWN);
941 }
942
943 memset(&dst, 0, sizeof dst);
944 dst.sa_family = AF_UNSPEC;
945 eh = (struct ether_header*)&dst.sa_data;
946 etype = sc->sc_state == PPPOE_STATE_SESSION ? ETHERTYPE_PPPOE : ETHERTYPE_PPPOEDISC;
947 eh->ether_type = htons(etype);
948 memcpy(&eh->ether_dhost, &sc->sc_dest, sizeof sc->sc_dest);
949
950 PPPOEDEBUG(("%s (%x) state=%d, session=0x%x output -> %s, len=%d\n",
951 sc->sc_sppp.pp_if.if_xname, etype,
952 sc->sc_state, sc->sc_session,
953 ether_sprintf((unsigned char *)&sc->sc_dest), m->m_pkthdr.len));
954
955 m->m_flags &= ~(M_BCAST|M_MCAST);
956 /* encapsulated packet is forced into rdomain of physical interface */
957 m->m_pkthdr.ph_rtableid = eth_if->if_rdomain;
958
959 ret = eth_if->if_output(eth_if, m, &dst, NULL);
960 if_put(eth_if);
961
962 return (ret);
963 }
964
965 /* The ioctl routine. */
966 static int
pppoe_ioctl(struct ifnet * ifp,unsigned long cmd,caddr_t data)967 pppoe_ioctl(struct ifnet *ifp, unsigned long cmd, caddr_t data)
968 {
969 struct proc *p = curproc; /* XXX */
970 struct pppoe_softc *sc = (struct pppoe_softc *)ifp;
971 struct ifnet *eth_if;
972 int error = 0;
973
974 switch (cmd) {
975 case PPPOESETPARMS:
976 {
977 struct pppoediscparms *parms = (struct pppoediscparms *)data;
978 int len;
979
980 if ((error = suser(p)) != 0)
981 return (error);
982 if (parms->eth_ifname[0] != '\0') {
983 struct ifnet *eth_if;
984
985 eth_if = if_unit(parms->eth_ifname);
986 if (eth_if == NULL || eth_if->if_type != IFT_ETHER) {
987 if_put(eth_if);
988 sc->sc_eth_ifidx = 0;
989 return (ENXIO);
990 }
991
992 if (sc->sc_sppp.pp_if.if_mtu >
993 eth_if->if_mtu - PPPOE_OVERHEAD) {
994 sc->sc_sppp.pp_if.if_mtu = eth_if->if_mtu -
995 PPPOE_OVERHEAD;
996 }
997 sc->sc_eth_ifidx = eth_if->if_index;
998 if_put(eth_if);
999 }
1000
1001 if (sc->sc_concentrator_name)
1002 free(sc->sc_concentrator_name, M_DEVBUF,
1003 strlen(sc->sc_concentrator_name) + 1);
1004 sc->sc_concentrator_name = NULL;
1005
1006 len = strlen(parms->ac_name);
1007 if (len > 0 && len < sizeof(parms->ac_name)) {
1008 char *p = malloc(len + 1, M_DEVBUF, M_WAITOK|M_CANFAIL);
1009 if (p == NULL)
1010 return (ENOMEM);
1011 strlcpy(p, parms->ac_name, len + 1);
1012 sc->sc_concentrator_name = p;
1013 }
1014
1015 if (sc->sc_service_name)
1016 free(sc->sc_service_name, M_DEVBUF,
1017 strlen(sc->sc_service_name) + 1);
1018 sc->sc_service_name = NULL;
1019
1020 len = strlen(parms->service_name);
1021 if (len > 0 && len < sizeof(parms->service_name)) {
1022 char *p = malloc(len + 1, M_DEVBUF, M_WAITOK|M_CANFAIL);
1023 if (p == NULL)
1024 return (ENOMEM);
1025 strlcpy(p, parms->service_name, len + 1);
1026 sc->sc_service_name = p;
1027 }
1028 return (0);
1029 }
1030 break;
1031 case PPPOEGETPARMS:
1032 {
1033 struct pppoediscparms *parms = (struct pppoediscparms *)data;
1034
1035 if ((eth_if = if_get(sc->sc_eth_ifidx)) != NULL) {
1036 strlcpy(parms->eth_ifname, eth_if->if_xname,
1037 IFNAMSIZ);
1038 if_put(eth_if);
1039 } else
1040 parms->eth_ifname[0] = '\0';
1041
1042 if (sc->sc_concentrator_name)
1043 strlcpy(parms->ac_name, sc->sc_concentrator_name,
1044 sizeof(parms->ac_name));
1045 else
1046 parms->ac_name[0] = '\0';
1047
1048 if (sc->sc_service_name)
1049 strlcpy(parms->service_name, sc->sc_service_name,
1050 sizeof(parms->service_name));
1051 else
1052 parms->service_name[0] = '\0';
1053
1054 return (0);
1055 }
1056 break;
1057 case PPPOEGETSESSION:
1058 {
1059 struct pppoeconnectionstate *state =
1060 (struct pppoeconnectionstate *)data;
1061 state->state = sc->sc_state;
1062 state->session_id = sc->sc_session;
1063 state->padi_retry_no = sc->sc_padi_retried;
1064 state->padr_retry_no = sc->sc_padr_retried;
1065 state->session_time.tv_sec = sc->sc_session_time.tv_sec;
1066 state->session_time.tv_usec = sc->sc_session_time.tv_usec;
1067 return (0);
1068 }
1069 break;
1070 case SIOCSIFFLAGS:
1071 {
1072 struct ifreq *ifr = (struct ifreq *)data;
1073 /*
1074 * Prevent running re-establishment timers overriding
1075 * administrators choice.
1076 */
1077 if ((ifr->ifr_flags & IFF_UP) == 0
1078 && sc->sc_state >= PPPOE_STATE_PADI_SENT
1079 && sc->sc_state < PPPOE_STATE_SESSION) {
1080 timeout_del(&sc->sc_timeout);
1081 pppoe_set_state(sc, PPPOE_STATE_INITIAL);
1082 sc->sc_padi_retried = 0;
1083 sc->sc_padr_retried = 0;
1084 memcpy(&sc->sc_dest, etherbroadcastaddr,
1085 sizeof(sc->sc_dest));
1086 }
1087 return (sppp_ioctl(ifp, cmd, data));
1088 }
1089 case SIOCSIFMTU:
1090 {
1091 struct ifreq *ifr = (struct ifreq *)data;
1092
1093 eth_if = if_get(sc->sc_eth_ifidx);
1094
1095 if (ifr->ifr_mtu > MIN(PPPOE_MAXMTU,
1096 (eth_if == NULL ? PPPOE_MAXMTU :
1097 (eth_if->if_mtu - PPPOE_OVERHEAD))))
1098 error = EINVAL;
1099 else
1100 error = 0;
1101
1102 if_put(eth_if);
1103
1104 if (error != 0)
1105 return (error);
1106
1107 return (sppp_ioctl(ifp, cmd, data));
1108 }
1109 default:
1110 error = sppp_ioctl(ifp, cmd, data);
1111 if (error == ENETRESET) {
1112 error = 0;
1113 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) ==
1114 (IFF_UP | IFF_RUNNING)) {
1115 if_down(ifp);
1116 if (sc->sc_state >= PPPOE_STATE_PADI_SENT &&
1117 sc->sc_state < PPPOE_STATE_SESSION) {
1118 timeout_del(&sc->sc_timeout);
1119 pppoe_set_state(sc,
1120 PPPOE_STATE_INITIAL);
1121 sc->sc_padi_retried = 0;
1122 sc->sc_padr_retried = 0;
1123 memcpy(&sc->sc_dest,
1124 etherbroadcastaddr,
1125 sizeof(sc->sc_dest));
1126 }
1127 error = sppp_ioctl(ifp, SIOCSIFFLAGS, NULL);
1128 if (error)
1129 return (error);
1130 if_up(ifp);
1131 return (sppp_ioctl(ifp, SIOCSIFFLAGS, NULL));
1132 }
1133 }
1134 return (error);
1135 }
1136 return (0);
1137 }
1138
1139 /*
1140 * Allocate a mbuf/cluster with space to store the given data length
1141 * of payload, leaving space for prepending an ethernet header
1142 * in front.
1143 */
1144 static struct mbuf *
pppoe_get_mbuf(size_t len)1145 pppoe_get_mbuf(size_t len)
1146 {
1147 struct mbuf *m;
1148
1149 if (len + sizeof(struct ether_header) > MCLBYTES)
1150 return NULL;
1151
1152 MGETHDR(m, M_DONTWAIT, MT_DATA);
1153 if (m == NULL)
1154 return (NULL);
1155 if (len + sizeof(struct ether_header) > MHLEN) {
1156 MCLGET(m, M_DONTWAIT);
1157 if ((m->m_flags & M_EXT) == 0) {
1158 m_free(m);
1159 return (NULL);
1160 }
1161 }
1162 m->m_data += sizeof(struct ether_header);
1163 m->m_len = len;
1164 m->m_pkthdr.len = len;
1165 m->m_pkthdr.ph_ifidx = 0;
1166
1167 return (m);
1168 }
1169
1170 /* Send PADI. */
1171 static int
pppoe_send_padi(struct pppoe_softc * sc)1172 pppoe_send_padi(struct pppoe_softc *sc)
1173 {
1174 struct mbuf *m0;
1175 int len, l1 = 0, l2 = 0; /* XXX: gcc */
1176 u_int8_t *p;
1177
1178 if (sc->sc_state > PPPOE_STATE_PADI_SENT)
1179 panic("pppoe_send_padi in state %d", sc->sc_state);
1180
1181 /* calculate length of frame (excluding ethernet header + pppoe header) */
1182 len = 2 + 2 + 2 + 2 + sizeof(sc->sc_unique); /* service name tag is required, host unique is sent too */
1183 if (sc->sc_service_name != NULL) {
1184 l1 = strlen(sc->sc_service_name);
1185 len += l1;
1186 }
1187 if (sc->sc_concentrator_name != NULL) {
1188 l2 = strlen(sc->sc_concentrator_name);
1189 len += 2 + 2 + l2;
1190 }
1191 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU)
1192 len += 2 + 2 + 2;
1193
1194 /* allocate a buffer */
1195 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); /* header len + payload len */
1196 if (m0 == NULL)
1197 return (ENOBUFS);
1198 m0->m_pkthdr.pf.prio = sc->sc_sppp.pp_if.if_llprio;
1199
1200 /* fill in pkt */
1201 p = mtod(m0, u_int8_t *);
1202 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADI, 0, len);
1203 PPPOE_ADD_16(p, PPPOE_TAG_SNAME);
1204 if (sc->sc_service_name != NULL) {
1205 PPPOE_ADD_16(p, l1);
1206 memcpy(p, sc->sc_service_name, l1);
1207 p += l1;
1208 } else {
1209 PPPOE_ADD_16(p, 0);
1210 }
1211 if (sc->sc_concentrator_name != NULL) {
1212 PPPOE_ADD_16(p, PPPOE_TAG_ACNAME);
1213 PPPOE_ADD_16(p, l2);
1214 memcpy(p, sc->sc_concentrator_name, l2);
1215 p += l2;
1216 }
1217 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE);
1218 PPPOE_ADD_16(p, sizeof(sc->sc_unique));
1219 memcpy(p, &sc->sc_unique, sizeof(sc->sc_unique));
1220 p += sizeof(sc->sc_unique);
1221
1222 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU) {
1223 PPPOE_ADD_16(p, PPPOE_TAG_MAX_PAYLOAD);
1224 PPPOE_ADD_16(p, 2);
1225 PPPOE_ADD_16(p, (u_int16_t)sc->sc_sppp.pp_if.if_mtu);
1226 }
1227
1228 #ifdef PPPOE_DEBUG
1229 if (p - mtod(m0, u_int8_t *) != len + PPPOE_HEADERLEN)
1230 panic("pppoe_send_padi: garbled output len, should be %ld, is %ld",
1231 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, u_int8_t *)));
1232 #endif
1233
1234 /* send pkt */
1235 return (pppoe_output(sc, m0));
1236 }
1237
1238 /* Watchdog function. */
1239 static void
pppoe_timeout(void * arg)1240 pppoe_timeout(void *arg)
1241 {
1242 struct pppoe_softc *sc = (struct pppoe_softc *)arg;
1243 int x, retry_wait, err;
1244
1245 PPPOEDEBUG(("%s: timeout\n", sc->sc_sppp.pp_if.if_xname));
1246
1247 NET_LOCK();
1248
1249 switch (sc->sc_state) {
1250 case PPPOE_STATE_PADI_SENT:
1251 /*
1252 * We have two basic ways of retrying:
1253 * - Quick retry mode: try a few times in short sequence
1254 * - Slow retry mode: we already had a connection successfully
1255 * established and will try infinitely (without user
1256 * intervention)
1257 * We only enter slow retry mode if IFF_LINK1 (aka autodial)
1258 * is not set.
1259 */
1260
1261 /* initialize for quick retry mode */
1262 retry_wait = PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried);
1263
1264 x = splnet();
1265 sc->sc_padi_retried++;
1266 if (sc->sc_padi_retried >= PPPOE_DISC_MAXPADI) {
1267 if ((sc->sc_sppp.pp_if.if_flags & IFF_LINK1) == 0) {
1268 /* slow retry mode */
1269 retry_wait = PPPOE_SLOW_RETRY;
1270 } else {
1271 pppoe_abort_connect(sc);
1272 splx(x);
1273 break;
1274 }
1275 }
1276 if ((err = pppoe_send_padi(sc)) != 0) {
1277 sc->sc_padi_retried--;
1278 PPPOEDEBUG(("%s: failed to transmit PADI, error=%d\n",
1279 sc->sc_sppp.pp_if.if_xname, err));
1280 }
1281 timeout_add_sec(&sc->sc_timeout, retry_wait);
1282 splx(x);
1283
1284 break;
1285 case PPPOE_STATE_PADR_SENT:
1286 x = splnet();
1287 sc->sc_padr_retried++;
1288 if (sc->sc_padr_retried >= PPPOE_DISC_MAXPADR) {
1289 memcpy(&sc->sc_dest, etherbroadcastaddr,
1290 sizeof(sc->sc_dest));
1291 pppoe_set_state(sc, PPPOE_STATE_PADI_SENT);
1292 sc->sc_padr_retried = 0;
1293 if ((err = pppoe_send_padi(sc)) != 0) {
1294 PPPOEDEBUG(("%s: failed to send PADI, error=%d\n",
1295 sc->sc_sppp.pp_if.if_xname, err));
1296 }
1297 timeout_add_sec(&sc->sc_timeout,
1298 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried));
1299 splx(x);
1300 break;
1301 }
1302 if ((err = pppoe_send_padr(sc)) != 0) {
1303 sc->sc_padr_retried--;
1304 PPPOEDEBUG(("%s: failed to send PADR, error=%d\n",
1305 sc->sc_sppp.pp_if.if_xname, err));
1306 }
1307 timeout_add_sec(&sc->sc_timeout,
1308 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried));
1309 splx(x);
1310
1311 break;
1312 case PPPOE_STATE_CLOSING:
1313 pppoe_disconnect(sc);
1314 break;
1315 default:
1316 break; /* all done, work in peace */
1317 }
1318
1319 NET_UNLOCK();
1320 }
1321
1322 /* Start a connection (i.e. initiate discovery phase). */
1323 static int
pppoe_connect(struct pppoe_softc * sc)1324 pppoe_connect(struct pppoe_softc *sc)
1325 {
1326 int x, err;
1327
1328 if (sc->sc_state != PPPOE_STATE_INITIAL)
1329 return (EBUSY);
1330
1331 x = splnet();
1332
1333 /* save state, in case we fail to send PADI */
1334 pppoe_set_state(sc, PPPOE_STATE_PADI_SENT);
1335 sc->sc_padr_retried = 0;
1336 err = pppoe_send_padi(sc);
1337 if (err != 0)
1338 PPPOEDEBUG(("%s: failed to send PADI, error=%d\n",
1339 sc->sc_sppp.pp_if.if_xname, err));
1340
1341 timeout_add_sec(&sc->sc_timeout, PPPOE_DISC_TIMEOUT);
1342 splx(x);
1343
1344 return (err);
1345 }
1346
1347 /* disconnect */
1348 static int
pppoe_disconnect(struct pppoe_softc * sc)1349 pppoe_disconnect(struct pppoe_softc *sc)
1350 {
1351 int err, x;
1352
1353 x = splnet();
1354
1355 if (sc->sc_state < PPPOE_STATE_SESSION)
1356 err = EBUSY;
1357 else {
1358 PPPOEDEBUG(("%s: disconnecting\n",
1359 sc->sc_sppp.pp_if.if_xname));
1360 err = pppoe_send_padt(sc->sc_eth_ifidx,
1361 sc->sc_session, (const u_int8_t *)&sc->sc_dest,
1362 sc->sc_sppp.pp_if.if_llprio);
1363 }
1364
1365 /* cleanup softc */
1366 pppoe_set_state(sc, PPPOE_STATE_INITIAL);
1367 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest));
1368 if (sc->sc_ac_cookie) {
1369 free(sc->sc_ac_cookie, M_DEVBUF, sc->sc_ac_cookie_len);
1370 sc->sc_ac_cookie = NULL;
1371 }
1372 sc->sc_ac_cookie_len = 0;
1373 if (sc->sc_relay_sid) {
1374 free(sc->sc_relay_sid, M_DEVBUF, sc->sc_relay_sid_len);
1375 sc->sc_relay_sid = NULL;
1376 }
1377 sc->sc_relay_sid_len = 0;
1378 sc->sc_session = 0;
1379
1380 /* notify upper layer */
1381 sc->sc_sppp.pp_down(&sc->sc_sppp);
1382
1383 splx(x);
1384
1385 return (err);
1386 }
1387
1388 /* Connection attempt aborted. */
1389 static void
pppoe_abort_connect(struct pppoe_softc * sc)1390 pppoe_abort_connect(struct pppoe_softc *sc)
1391 {
1392 printf("%s: could not establish connection\n",
1393 sc->sc_sppp.pp_if.if_xname);
1394 pppoe_set_state(sc, PPPOE_STATE_CLOSING);
1395
1396 /* notify upper layer */
1397 sc->sc_sppp.pp_down(&sc->sc_sppp);
1398
1399 /* clear connection state */
1400 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest));
1401 pppoe_set_state(sc, PPPOE_STATE_INITIAL);
1402 }
1403
1404 /* Send a PADR packet */
1405 static int
pppoe_send_padr(struct pppoe_softc * sc)1406 pppoe_send_padr(struct pppoe_softc *sc)
1407 {
1408 struct mbuf *m0;
1409 u_int8_t *p;
1410 size_t len, l1 = 0; /* XXX: gcc */
1411
1412 if (sc->sc_state != PPPOE_STATE_PADR_SENT)
1413 return (EIO);
1414
1415 len = 2 + 2 + 2 + 2 + sizeof(sc->sc_unique); /* service name, host unique */
1416 if (sc->sc_service_name != NULL) { /* service name tag maybe empty */
1417 l1 = strlen(sc->sc_service_name);
1418 len += l1;
1419 }
1420 if (sc->sc_ac_cookie_len > 0)
1421 len += 2 + 2 + sc->sc_ac_cookie_len; /* AC cookie */
1422 if (sc->sc_relay_sid_len > 0)
1423 len += 2 + 2 + sc->sc_relay_sid_len; /* Relay SID */
1424 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU)
1425 len += 2 + 2 + 2;
1426
1427 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN);
1428 if (m0 == NULL)
1429 return (ENOBUFS);
1430 m0->m_pkthdr.pf.prio = sc->sc_sppp.pp_if.if_llprio;
1431
1432 p = mtod(m0, u_int8_t *);
1433 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADR, 0, len);
1434 PPPOE_ADD_16(p, PPPOE_TAG_SNAME);
1435
1436 if (sc->sc_service_name != NULL) {
1437 PPPOE_ADD_16(p, l1);
1438 memcpy(p, sc->sc_service_name, l1);
1439 p += l1;
1440 } else {
1441 PPPOE_ADD_16(p, 0);
1442 }
1443 if (sc->sc_ac_cookie_len > 0) {
1444 PPPOE_ADD_16(p, PPPOE_TAG_ACCOOKIE);
1445 PPPOE_ADD_16(p, sc->sc_ac_cookie_len);
1446 memcpy(p, sc->sc_ac_cookie, sc->sc_ac_cookie_len);
1447 p += sc->sc_ac_cookie_len;
1448 }
1449 if (sc->sc_relay_sid_len > 0) {
1450 PPPOE_ADD_16(p, PPPOE_TAG_RELAYSID);
1451 PPPOE_ADD_16(p, sc->sc_relay_sid_len);
1452 memcpy(p, sc->sc_relay_sid, sc->sc_relay_sid_len);
1453 p += sc->sc_relay_sid_len;
1454 }
1455 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE);
1456 PPPOE_ADD_16(p, sizeof(sc->sc_unique));
1457 memcpy(p, &sc->sc_unique, sizeof(sc->sc_unique));
1458 p += sizeof(sc->sc_unique);
1459
1460 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU) {
1461 PPPOE_ADD_16(p, PPPOE_TAG_MAX_PAYLOAD);
1462 PPPOE_ADD_16(p, 2);
1463 PPPOE_ADD_16(p, (u_int16_t)sc->sc_sppp.pp_if.if_mtu);
1464 }
1465
1466 #ifdef PPPOE_DEBUG
1467 if (p - mtod(m0, u_int8_t *) != len + PPPOE_HEADERLEN)
1468 panic("pppoe_send_padr: garbled output len, should be %ld, is %ld",
1469 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, u_int8_t *)));
1470 #endif
1471
1472 return (pppoe_output(sc, m0));
1473 }
1474
1475 /* Send a PADT packet. */
1476 static int
pppoe_send_padt(unsigned int ifidx,u_int session,const u_int8_t * dest,u_int8_t prio)1477 pppoe_send_padt(unsigned int ifidx, u_int session, const u_int8_t *dest, u_int8_t prio)
1478 {
1479 struct ether_header *eh;
1480 struct sockaddr dst;
1481 struct ifnet *eth_if;
1482 struct mbuf *m0;
1483 u_int8_t *p;
1484 int ret;
1485
1486 if ((eth_if = if_get(ifidx)) == NULL)
1487 return (EINVAL);
1488
1489 m0 = pppoe_get_mbuf(PPPOE_HEADERLEN);
1490 if (m0 == NULL) {
1491 if_put(eth_if);
1492 return (ENOBUFS);
1493 }
1494 m0->m_pkthdr.pf.prio = prio;
1495
1496 p = mtod(m0, u_int8_t *);
1497 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADT, session, 0);
1498
1499 memset(&dst, 0, sizeof(dst));
1500 dst.sa_family = AF_UNSPEC;
1501 eh = (struct ether_header *)&dst.sa_data;
1502 eh->ether_type = htons(ETHERTYPE_PPPOEDISC);
1503 memcpy(&eh->ether_dhost, dest, ETHER_ADDR_LEN);
1504
1505 m0->m_flags &= ~(M_BCAST|M_MCAST);
1506 /* encapsulated packet is forced into rdomain of physical interface */
1507 m0->m_pkthdr.ph_rtableid = eth_if->if_rdomain;
1508
1509 ret = eth_if->if_output(eth_if, m0, &dst, NULL);
1510 if_put(eth_if);
1511
1512 return (ret);
1513 }
1514
1515
1516 /* this-layer-start function */
1517 static void
pppoe_tls(struct sppp * sp)1518 pppoe_tls(struct sppp *sp)
1519 {
1520 struct pppoe_softc *sc = (void *)sp;
1521
1522 if (sc->sc_state != PPPOE_STATE_INITIAL)
1523 return;
1524 pppoe_connect(sc);
1525 }
1526
1527 /* this-layer-finish function */
1528 static void
pppoe_tlf(struct sppp * sp)1529 pppoe_tlf(struct sppp *sp)
1530 {
1531 struct pppoe_softc *sc = (void *)sp;
1532
1533 if (sc->sc_state < PPPOE_STATE_SESSION)
1534 return;
1535 /*
1536 * Do not call pppoe_disconnect here, the upper layer state
1537 * machine gets confused by this. We must return from this
1538 * function and defer disconnecting to the timeout handler.
1539 */
1540 pppoe_set_state(sc, PPPOE_STATE_CLOSING);
1541 timeout_add_msec(&sc->sc_timeout, 20);
1542 }
1543
1544 static void
pppoe_start(struct ifnet * ifp)1545 pppoe_start(struct ifnet *ifp)
1546 {
1547 struct pppoe_softc *sc = (void *)ifp;
1548 struct mbuf *m;
1549 size_t len;
1550 u_int8_t *p;
1551
1552 if (sppp_isempty(ifp))
1553 return;
1554
1555 /* are we ready to process data yet? */
1556 if (sc->sc_state < PPPOE_STATE_SESSION) {
1557 sppp_flush(&sc->sc_sppp.pp_if);
1558 return;
1559 }
1560
1561 while ((m = sppp_dequeue(ifp)) != NULL) {
1562 len = m->m_pkthdr.len;
1563 M_PREPEND(m, PPPOE_HEADERLEN, M_DONTWAIT);
1564 if (m == NULL) {
1565 ifp->if_oerrors++;
1566 continue;
1567 }
1568 p = mtod(m, u_int8_t *);
1569 PPPOE_ADD_HEADER(p, 0, sc->sc_session, len);
1570
1571 #if NBPFILTER > 0
1572 if (sc->sc_bpf)
1573 bpf_mtap(sc->sc_bpf, m, BPF_DIRECTION_OUT);
1574 #endif
1575
1576 pppoe_output(sc, m);
1577 }
1578 }
1579