1 /* $OpenBSD: if_pppoe.c,v 1.73 2020/09/13 11:00:40 kn Exp $ */ 2 /* $NetBSD: if_pppoe.c,v 1.51 2003/11/28 08:56:48 keihan Exp $ */ 3 4 /* 5 * Copyright (c) 2002 The NetBSD Foundation, Inc. 6 * All rights reserved. 7 * 8 * This code is derived from software contributed to The NetBSD Foundation 9 * by Martin Husemann <martin@NetBSD.org>. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 24 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include "pppoe.h" 34 #include "bpfilter.h" 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/kernel.h> 39 #include <sys/timeout.h> 40 #include <sys/malloc.h> 41 #include <sys/mbuf.h> 42 #include <sys/socket.h> 43 #include <sys/syslog.h> 44 #include <sys/ioctl.h> 45 #include <net/if.h> 46 #include <net/if_var.h> 47 #include <net/if_types.h> 48 #include <net/if_sppp.h> 49 #include <net/if_pppoe.h> 50 #include <net/netisr.h> 51 #include <netinet/in.h> 52 #include <netinet/if_ether.h> 53 54 #if NBPFILTER > 0 55 #include <net/bpf.h> 56 #endif 57 58 #undef PPPOE_DEBUG /* XXX - remove this or make it an option */ 59 60 #define PPPOEDEBUG(a) ((sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) ? printf a : 0) 61 62 struct pppoehdr { 63 u_int8_t vertype; 64 u_int8_t code; 65 u_int16_t session; 66 u_int16_t plen; 67 } __packed; 68 69 struct pppoetag { 70 u_int16_t tag; 71 u_int16_t len; 72 } __packed; 73 74 #define PPPOE_HEADERLEN sizeof(struct pppoehdr) 75 #define PPPOE_OVERHEAD (PPPOE_HEADERLEN + 2) 76 #define PPPOE_VERTYPE 0x11 /* VER=1, TYPE = 1 */ 77 78 #define PPPOE_TAG_EOL 0x0000 /* end of list */ 79 #define PPPOE_TAG_SNAME 0x0101 /* service name */ 80 #define PPPOE_TAG_ACNAME 0x0102 /* access concentrator name */ 81 #define PPPOE_TAG_HUNIQUE 0x0103 /* host unique */ 82 #define PPPOE_TAG_ACCOOKIE 0x0104 /* AC cookie */ 83 #define PPPOE_TAG_VENDOR 0x0105 /* vendor specific */ 84 #define PPPOE_TAG_RELAYSID 0x0110 /* relay session id */ 85 #define PPPOE_TAG_MAX_PAYLOAD 0x0120 /* RFC 4638 max payload */ 86 #define PPPOE_TAG_SNAME_ERR 0x0201 /* service name error */ 87 #define PPPOE_TAG_ACSYS_ERR 0x0202 /* AC system error */ 88 #define PPPOE_TAG_GENERIC_ERR 0x0203 /* generic error */ 89 90 #define PPPOE_CODE_PADI 0x09 /* Active Discovery Initiation */ 91 #define PPPOE_CODE_PADO 0x07 /* Active Discovery Offer */ 92 #define PPPOE_CODE_PADR 0x19 /* Active Discovery Request */ 93 #define PPPOE_CODE_PADS 0x65 /* Active Discovery Session confirmation */ 94 #define PPPOE_CODE_PADT 0xA7 /* Active Discovery Terminate */ 95 96 /* two byte PPP protocol discriminator, then IP data */ 97 #define PPPOE_MTU (ETHERMTU - PPPOE_OVERHEAD) 98 #define PPPOE_MAXMTU PP_MAX_MRU 99 100 /* Add a 16 bit unsigned value to a buffer pointed to by PTR */ 101 #define PPPOE_ADD_16(PTR, VAL) \ 102 *(PTR)++ = (VAL) / 256; \ 103 *(PTR)++ = (VAL) % 256 104 105 /* Add a complete PPPoE header to the buffer pointed to by PTR */ 106 #define PPPOE_ADD_HEADER(PTR, CODE, SESS, LEN) \ 107 *(PTR)++ = PPPOE_VERTYPE; \ 108 *(PTR)++ = (CODE); \ 109 PPPOE_ADD_16(PTR, SESS); \ 110 PPPOE_ADD_16(PTR, LEN) 111 112 #define PPPOE_DISC_TIMEOUT 5 /* base for quick timeout calculation (seconds) */ 113 #define PPPOE_SLOW_RETRY 60 /* persistent retry interval (seconds) */ 114 #define PPPOE_DISC_MAXPADI 4 /* retry PADI four times (quickly) */ 115 #define PPPOE_DISC_MAXPADR 2 /* retry PADR twice */ 116 117 /* 118 * Locks used to protect struct members and global data 119 * I immutable after creation 120 * N net lock 121 */ 122 123 struct pppoe_softc { 124 struct sppp sc_sppp; /* contains a struct ifnet as first element */ 125 LIST_ENTRY(pppoe_softc) sc_list;/* [N] */ 126 unsigned int sc_eth_ifidx; /* [N] */ 127 128 int sc_state; /* [N] discovery phase or session connected */ 129 struct ether_addr sc_dest; /* [N] hardware address of concentrator */ 130 u_int16_t sc_session; /* [N] PPPoE session id */ 131 132 char *sc_service_name; /* [N] if != NULL: requested name of service */ 133 char *sc_concentrator_name; /* [N] if != NULL: requested concentrator id */ 134 u_int8_t *sc_ac_cookie; /* [N] content of AC cookie we must echo back */ 135 size_t sc_ac_cookie_len; /* [N] length of cookie data */ 136 u_int8_t *sc_relay_sid; /* [N] content of relay SID we must echo back */ 137 size_t sc_relay_sid_len; /* [N] length of relay SID data */ 138 u_int32_t sc_unique; /* [I] our unique id */ 139 struct timeout sc_timeout; /* [N] timeout while not in session state */ 140 int sc_padi_retried; /* [N] number of PADI retries already done */ 141 int sc_padr_retried; /* [N] number of PADR retries already done */ 142 143 struct timeval sc_session_time; /* [N] time the session was established */ 144 }; 145 146 /* incoming traffic will be queued here */ 147 struct niqueue pppoediscinq = NIQUEUE_INITIALIZER(IFQ_MAXLEN, NETISR_PPPOE); 148 struct niqueue pppoeinq = NIQUEUE_INITIALIZER(IFQ_MAXLEN, NETISR_PPPOE); 149 150 /* input routines */ 151 static void pppoe_disc_input(struct mbuf *); 152 static void pppoe_dispatch_disc_pkt(struct mbuf *, int); 153 static void pppoe_data_input(struct mbuf *); 154 155 /* management routines */ 156 void pppoeattach(int); 157 static int pppoe_connect(struct pppoe_softc *); 158 static int pppoe_disconnect(struct pppoe_softc *); 159 static void pppoe_abort_connect(struct pppoe_softc *); 160 static int pppoe_ioctl(struct ifnet *, unsigned long, caddr_t); 161 static void pppoe_tls(struct sppp *); 162 static void pppoe_tlf(struct sppp *); 163 static void pppoe_start(struct ifnet *); 164 165 /* internal timeout handling */ 166 static void pppoe_timeout(void *); 167 168 /* sending actual protocol control packets */ 169 static int pppoe_send_padi(struct pppoe_softc *); 170 static int pppoe_send_padr(struct pppoe_softc *); 171 static int pppoe_send_padt(unsigned int, u_int, const u_int8_t *, u_int8_t); 172 173 /* raw output */ 174 static int pppoe_output(struct pppoe_softc *, struct mbuf *); 175 176 /* internal helper functions */ 177 static struct pppoe_softc *pppoe_find_softc_by_session(u_int, u_int); 178 static struct pppoe_softc *pppoe_find_softc_by_hunique(u_int8_t *, size_t, u_int); 179 static struct mbuf *pppoe_get_mbuf(size_t len); 180 181 LIST_HEAD(pppoe_softc_head, pppoe_softc) pppoe_softc_list; 182 183 /* interface cloning */ 184 int pppoe_clone_create(struct if_clone *, int); 185 int pppoe_clone_destroy(struct ifnet *); 186 187 struct if_clone pppoe_cloner = 188 IF_CLONE_INITIALIZER("pppoe", pppoe_clone_create, pppoe_clone_destroy); 189 190 191 void 192 pppoeattach(int count) 193 { 194 LIST_INIT(&pppoe_softc_list); 195 if_clone_attach(&pppoe_cloner); 196 } 197 198 /* Create a new interface. */ 199 int 200 pppoe_clone_create(struct if_clone *ifc, int unit) 201 { 202 struct pppoe_softc *sc, *tmpsc; 203 u_int32_t unique; 204 205 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 206 snprintf(sc->sc_sppp.pp_if.if_xname, 207 sizeof(sc->sc_sppp.pp_if.if_xname), 208 "pppoe%d", unit); 209 sc->sc_sppp.pp_if.if_softc = sc; 210 sc->sc_sppp.pp_if.if_mtu = PPPOE_MTU; 211 sc->sc_sppp.pp_if.if_flags = IFF_SIMPLEX | IFF_POINTOPOINT | IFF_MULTICAST; 212 sc->sc_sppp.pp_if.if_type = IFT_PPP; 213 sc->sc_sppp.pp_if.if_hdrlen = sizeof(struct ether_header) + PPPOE_HEADERLEN; 214 sc->sc_sppp.pp_flags |= PP_KEEPALIVE; /* use LCP keepalive */ 215 sc->sc_sppp.pp_framebytes = PPPOE_HEADERLEN; /* framing added to ppp packets */ 216 sc->sc_sppp.pp_if.if_ioctl = pppoe_ioctl; 217 sc->sc_sppp.pp_if.if_start = pppoe_start; 218 sc->sc_sppp.pp_if.if_rtrequest = p2p_rtrequest; 219 sc->sc_sppp.pp_if.if_xflags = IFXF_CLONED; 220 sc->sc_sppp.pp_tls = pppoe_tls; 221 sc->sc_sppp.pp_tlf = pppoe_tlf; 222 223 /* changed to real address later */ 224 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 225 226 /* init timer for interface watchdog */ 227 timeout_set_proc(&sc->sc_timeout, pppoe_timeout, sc); 228 229 if_attach(&sc->sc_sppp.pp_if); 230 if_alloc_sadl(&sc->sc_sppp.pp_if); 231 sppp_attach(&sc->sc_sppp.pp_if); 232 #if NBPFILTER > 0 233 bpfattach(&sc->sc_sppp.pp_if.if_bpf, &sc->sc_sppp.pp_if, DLT_PPP_ETHER, 0); 234 #endif 235 236 NET_LOCK(); 237 retry: 238 unique = arc4random(); 239 LIST_FOREACH(tmpsc, &pppoe_softc_list, sc_list) 240 if (tmpsc->sc_unique == unique) 241 goto retry; 242 sc->sc_unique = unique; 243 LIST_INSERT_HEAD(&pppoe_softc_list, sc, sc_list); 244 NET_UNLOCK(); 245 246 return (0); 247 } 248 249 /* Destroy a given interface. */ 250 int 251 pppoe_clone_destroy(struct ifnet *ifp) 252 { 253 struct pppoe_softc *sc = ifp->if_softc; 254 255 NET_LOCK(); 256 LIST_REMOVE(sc, sc_list); 257 NET_UNLOCK(); 258 259 timeout_del(&sc->sc_timeout); 260 261 sppp_detach(&sc->sc_sppp.pp_if); 262 if_detach(ifp); 263 264 if (sc->sc_concentrator_name) 265 free(sc->sc_concentrator_name, M_DEVBUF, 266 strlen(sc->sc_concentrator_name) + 1); 267 if (sc->sc_service_name) 268 free(sc->sc_service_name, M_DEVBUF, 269 strlen(sc->sc_service_name) + 1); 270 if (sc->sc_ac_cookie) 271 free(sc->sc_ac_cookie, M_DEVBUF, sc->sc_ac_cookie_len); 272 if (sc->sc_relay_sid) 273 free(sc->sc_relay_sid, M_DEVBUF, sc->sc_relay_sid_len); 274 275 free(sc, M_DEVBUF, sizeof(*sc)); 276 277 return (0); 278 } 279 280 /* 281 * Find the interface handling the specified session. 282 * Note: O(number of sessions open), this is a client-side only, mean 283 * and lean implementation, so number of open sessions typically should 284 * be 1. 285 */ 286 static struct pppoe_softc * 287 pppoe_find_softc_by_session(u_int session, u_int ifidx) 288 { 289 struct pppoe_softc *sc; 290 291 if (session == 0) 292 return (NULL); 293 294 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) { 295 if (sc->sc_state == PPPOE_STATE_SESSION 296 && sc->sc_session == session 297 && sc->sc_eth_ifidx == ifidx) { 298 return (sc); 299 } 300 } 301 return (NULL); 302 } 303 304 /* 305 * Check host unique token passed and return appropriate softc pointer, 306 * or NULL if token is bogus. 307 */ 308 static struct pppoe_softc * 309 pppoe_find_softc_by_hunique(u_int8_t *token, size_t len, u_int ifidx) 310 { 311 struct pppoe_softc *sc; 312 u_int32_t hunique; 313 314 if (LIST_EMPTY(&pppoe_softc_list)) 315 return (NULL); 316 317 if (len != sizeof(hunique)) 318 return (NULL); 319 memcpy(&hunique, token, len); 320 321 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) 322 if (sc->sc_unique == hunique) 323 break; 324 325 if (sc == NULL) { 326 printf("pppoe: alien host unique tag, no session found\n"); 327 return (NULL); 328 } 329 330 /* should be safe to access *sc now */ 331 if (sc->sc_state < PPPOE_STATE_PADI_SENT || sc->sc_state >= PPPOE_STATE_SESSION) { 332 printf("%s: host unique tag found, but it belongs to a connection in state %d\n", 333 sc->sc_sppp.pp_if.if_xname, sc->sc_state); 334 return (NULL); 335 } 336 if (sc->sc_eth_ifidx != ifidx) { 337 printf("%s: wrong interface, not accepting host unique\n", 338 sc->sc_sppp.pp_if.if_xname); 339 return (NULL); 340 } 341 return (sc); 342 } 343 344 /* Interface interrupt handler routine. */ 345 void 346 pppoeintr(void) 347 { 348 struct mbuf *m; 349 350 NET_ASSERT_LOCKED(); 351 352 while ((m = niq_dequeue(&pppoediscinq)) != NULL) 353 pppoe_disc_input(m); 354 355 while ((m = niq_dequeue(&pppoeinq)) != NULL) 356 pppoe_data_input(m); 357 } 358 359 /* Analyze and handle a single received packet while not in session state. */ 360 static void pppoe_dispatch_disc_pkt(struct mbuf *m, int off) 361 { 362 struct pppoe_softc *sc; 363 struct pppoehdr *ph; 364 struct pppoetag *pt; 365 struct mbuf *n; 366 struct ether_header *eh; 367 const char *err_msg, *devname; 368 size_t ac_cookie_len; 369 size_t relay_sid_len; 370 int noff, err, errortag; 371 u_int16_t *max_payload; 372 u_int16_t tag, len; 373 u_int16_t session, plen; 374 u_int8_t *ac_cookie; 375 u_int8_t *relay_sid; 376 u_int8_t code; 377 378 err_msg = NULL; 379 devname = "pppoe"; 380 errortag = 0; 381 382 if (m->m_len < sizeof(*eh)) { 383 m = m_pullup(m, sizeof(*eh)); 384 if (m == NULL) 385 goto done; 386 } 387 eh = mtod(m, struct ether_header *); 388 off += sizeof(*eh); 389 390 ac_cookie = NULL; 391 ac_cookie_len = 0; 392 relay_sid = NULL; 393 relay_sid_len = 0; 394 max_payload = NULL; 395 396 session = 0; 397 if (m->m_pkthdr.len - off <= PPPOE_HEADERLEN) { 398 printf("pppoe: packet too short: %d\n", m->m_pkthdr.len); 399 goto done; 400 } 401 402 n = m_pulldown(m, off, sizeof(*ph), &noff); 403 if (n == NULL) { 404 printf("pppoe: could not get PPPoE header\n"); 405 m = NULL; 406 goto done; 407 } 408 ph = (struct pppoehdr *)(mtod(n, caddr_t) + noff); 409 if (ph->vertype != PPPOE_VERTYPE) { 410 printf("pppoe: unknown version/type packet: 0x%x\n", 411 ph->vertype); 412 goto done; 413 } 414 415 session = ntohs(ph->session); 416 plen = ntohs(ph->plen); 417 code = ph->code; 418 off += sizeof(*ph); 419 if (plen + off > m->m_pkthdr.len) { 420 printf("pppoe: packet content does not fit: data available = %d, packet size = %u\n", 421 m->m_pkthdr.len - off, plen); 422 goto done; 423 } 424 425 /* ignore trailing garbage */ 426 m_adj(m, off + plen - m->m_pkthdr.len); 427 428 tag = 0; 429 len = 0; 430 sc = NULL; 431 while (off + sizeof(*pt) <= m->m_pkthdr.len) { 432 n = m_pulldown(m, off, sizeof(*pt), &noff); 433 if (n == NULL) { 434 printf("%s: parse error\n", devname); 435 m = NULL; 436 goto done; 437 } 438 pt = (struct pppoetag *)(mtod(n, caddr_t) + noff); 439 tag = ntohs(pt->tag); 440 len = ntohs(pt->len); 441 off += sizeof(*pt); 442 if (off + len > m->m_pkthdr.len) { 443 printf("%s: tag 0x%x len 0x%x is too long\n", 444 devname, tag, len); 445 goto done; 446 } 447 switch (tag) { 448 case PPPOE_TAG_EOL: 449 goto breakbreak; 450 case PPPOE_TAG_SNAME: 451 break; /* ignored */ 452 case PPPOE_TAG_ACNAME: 453 break; /* ignored */ 454 case PPPOE_TAG_HUNIQUE: 455 if (sc != NULL) 456 break; 457 n = m_pulldown(m, off, len, &noff); 458 if (n == NULL) { 459 m = NULL; 460 err_msg = "TAG HUNIQUE ERROR"; 461 break; 462 } 463 sc = pppoe_find_softc_by_hunique(mtod(n, caddr_t) + noff, 464 len, m->m_pkthdr.ph_ifidx); 465 if (sc != NULL) 466 devname = sc->sc_sppp.pp_if.if_xname; 467 break; 468 case PPPOE_TAG_ACCOOKIE: 469 if (ac_cookie == NULL) { 470 n = m_pulldown(m, off, len, 471 &noff); 472 if (n == NULL) { 473 err_msg = "TAG ACCOOKIE ERROR"; 474 m = NULL; 475 break; 476 } 477 ac_cookie = mtod(n, caddr_t) + noff; 478 ac_cookie_len = len; 479 } 480 break; 481 case PPPOE_TAG_RELAYSID: 482 if (relay_sid == NULL) { 483 n = m_pulldown(m, off, len, 484 &noff); 485 if (n == NULL) { 486 err_msg = "TAG RELAYSID ERROR"; 487 m = NULL; 488 break; 489 } 490 relay_sid = mtod(n, caddr_t) + noff; 491 relay_sid_len = len; 492 } 493 break; 494 case PPPOE_TAG_MAX_PAYLOAD: 495 if (max_payload == NULL) { 496 n = m_pulldown(m, off, len, 497 &noff); 498 if (n == NULL || len != 2) { 499 err_msg = "TAG MAX_PAYLOAD ERROR"; 500 m = NULL; 501 break; 502 } 503 max_payload = (u_int16_t *)(mtod(n, caddr_t) + noff); 504 } 505 break; 506 case PPPOE_TAG_SNAME_ERR: 507 err_msg = "SERVICE NAME ERROR"; 508 errortag = 1; 509 break; 510 case PPPOE_TAG_ACSYS_ERR: 511 err_msg = "AC SYSTEM ERROR"; 512 errortag = 1; 513 break; 514 case PPPOE_TAG_GENERIC_ERR: 515 err_msg = "GENERIC ERROR"; 516 errortag = 1; 517 break; 518 } 519 if (err_msg) { 520 log(LOG_INFO, "%s: %s: ", devname, err_msg); 521 if (errortag && len) { 522 n = m_pulldown(m, off, len, 523 &noff); 524 if (n == NULL) { 525 m = NULL; 526 } else { 527 u_int8_t *et = mtod(n, caddr_t) + noff; 528 while (len--) 529 addlog("%c", *et++); 530 } 531 } 532 addlog("\n"); 533 goto done; 534 } 535 off += len; 536 } 537 breakbreak: 538 switch (code) { 539 case PPPOE_CODE_PADI: 540 case PPPOE_CODE_PADR: 541 /* ignore, we are no access concentrator */ 542 goto done; 543 case PPPOE_CODE_PADO: 544 if (sc == NULL) { 545 /* be quiet if there is not a single pppoe instance */ 546 if (!LIST_EMPTY(&pppoe_softc_list)) 547 printf("pppoe: received PADO but could not find request for it\n"); 548 goto done; 549 } 550 if (sc->sc_state != PPPOE_STATE_PADI_SENT) { 551 printf("%s: received unexpected PADO\n", 552 sc->sc_sppp.pp_if.if_xname); 553 goto done; 554 } 555 if (ac_cookie) { 556 if (sc->sc_ac_cookie) 557 free(sc->sc_ac_cookie, M_DEVBUF, 558 sc->sc_ac_cookie_len); 559 sc->sc_ac_cookie = malloc(ac_cookie_len, M_DEVBUF, 560 M_DONTWAIT); 561 if (sc->sc_ac_cookie == NULL) 562 goto done; 563 sc->sc_ac_cookie_len = ac_cookie_len; 564 memcpy(sc->sc_ac_cookie, ac_cookie, ac_cookie_len); 565 } 566 if (relay_sid) { 567 if (sc->sc_relay_sid) 568 free(sc->sc_relay_sid, M_DEVBUF, 569 sc->sc_relay_sid_len); 570 sc->sc_relay_sid = malloc(relay_sid_len, M_DEVBUF, 571 M_DONTWAIT); 572 if (sc->sc_relay_sid == NULL) 573 goto done; 574 sc->sc_relay_sid_len = relay_sid_len; 575 memcpy(sc->sc_relay_sid, relay_sid, relay_sid_len); 576 } 577 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU && 578 (max_payload == NULL || 579 ntohs(*max_payload) != sc->sc_sppp.pp_if.if_mtu)) { 580 printf("%s: No valid PPP-Max-Payload tag received in PADO\n", 581 sc->sc_sppp.pp_if.if_xname); 582 sc->sc_sppp.pp_if.if_mtu = PPPOE_MTU; 583 } 584 585 memcpy(&sc->sc_dest, eh->ether_shost, sizeof(sc->sc_dest)); 586 sc->sc_padr_retried = 0; 587 sc->sc_state = PPPOE_STATE_PADR_SENT; 588 if ((err = pppoe_send_padr(sc)) != 0) { 589 PPPOEDEBUG(("%s: failed to send PADR, error=%d\n", 590 sc->sc_sppp.pp_if.if_xname, err)); 591 } 592 timeout_add_sec(&sc->sc_timeout, 593 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried)); 594 595 break; 596 case PPPOE_CODE_PADS: 597 if (sc == NULL) 598 goto done; 599 600 sc->sc_session = session; 601 timeout_del(&sc->sc_timeout); 602 PPPOEDEBUG(("%s: session 0x%x connected\n", 603 sc->sc_sppp.pp_if.if_xname, session)); 604 sc->sc_state = PPPOE_STATE_SESSION; 605 microtime(&sc->sc_session_time); 606 sc->sc_sppp.pp_up(&sc->sc_sppp); /* notify upper layers */ 607 608 break; 609 case PPPOE_CODE_PADT: 610 if (sc == NULL) 611 goto done; 612 613 /* stop timer (we might be about to transmit a PADT ourself) */ 614 timeout_del(&sc->sc_timeout); 615 PPPOEDEBUG(("%s: session 0x%x terminated, received PADT\n", 616 sc->sc_sppp.pp_if.if_xname, session)); 617 618 /* clean up softc */ 619 sc->sc_state = PPPOE_STATE_INITIAL; 620 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 621 if (sc->sc_ac_cookie) { 622 free(sc->sc_ac_cookie, M_DEVBUF, 623 sc->sc_ac_cookie_len); 624 sc->sc_ac_cookie = NULL; 625 } 626 if (sc->sc_relay_sid) { 627 free(sc->sc_relay_sid, M_DEVBUF, sc->sc_relay_sid_len); 628 sc->sc_relay_sid = NULL; 629 } 630 sc->sc_ac_cookie_len = 0; 631 sc->sc_relay_sid_len = 0; 632 sc->sc_session = 0; 633 sc->sc_session_time.tv_sec = 0; 634 sc->sc_session_time.tv_usec = 0; 635 sc->sc_sppp.pp_down(&sc->sc_sppp); /* signal upper layer */ 636 637 break; 638 default: 639 printf("%s: unknown code (0x%04x) session = 0x%04x\n", 640 sc ? sc->sc_sppp.pp_if.if_xname : "pppoe", 641 code, session); 642 break; 643 } 644 645 done: 646 m_freem(m); 647 } 648 649 /* Input function for discovery packets. */ 650 static void 651 pppoe_disc_input(struct mbuf *m) 652 { 653 /* avoid error messages if there is not a single pppoe instance */ 654 if (!LIST_EMPTY(&pppoe_softc_list)) { 655 KASSERT(m->m_flags & M_PKTHDR); 656 pppoe_dispatch_disc_pkt(m, 0); 657 } else 658 m_freem(m); 659 } 660 661 /* Input function for data packets */ 662 static void 663 pppoe_data_input(struct mbuf *m) 664 { 665 struct pppoe_softc *sc; 666 struct pppoehdr *ph; 667 u_int16_t session, plen; 668 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 669 u_int8_t shost[ETHER_ADDR_LEN]; 670 #endif 671 if (LIST_EMPTY(&pppoe_softc_list)) 672 goto drop; 673 674 KASSERT(m->m_flags & M_PKTHDR); 675 676 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 677 memcpy(shost, mtod(m, struct ether_header*)->ether_shost, ETHER_ADDR_LEN); 678 #endif 679 m_adj(m, sizeof(struct ether_header)); 680 if (m->m_pkthdr.len <= PPPOE_HEADERLEN) { 681 printf("pppoe (data): dropping too short packet: %d bytes\n", 682 m->m_pkthdr.len); 683 goto drop; 684 } 685 if (m->m_len < sizeof(*ph)) { 686 m = m_pullup(m, sizeof(*ph)); 687 if (m == NULL) { 688 printf("pppoe (data): could not get PPPoE header\n"); 689 return; 690 } 691 } 692 ph = mtod(m, struct pppoehdr *); 693 if (ph->vertype != PPPOE_VERTYPE) { 694 printf("pppoe (data): unknown version/type packet: 0x%x\n", 695 ph->vertype); 696 goto drop; 697 } 698 if (ph->code != 0) 699 goto drop; 700 701 session = ntohs(ph->session); 702 sc = pppoe_find_softc_by_session(session, m->m_pkthdr.ph_ifidx); 703 if (sc == NULL) { 704 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 705 printf("pppoe (data): input for unknown session 0x%x, sending PADT\n", 706 session); 707 pppoe_send_padt(m->m_pkthdr.ph_ifidx, session, shost, 0); 708 #endif 709 goto drop; 710 } 711 712 plen = ntohs(ph->plen); 713 714 #if NBPFILTER > 0 715 if(sc->sc_sppp.pp_if.if_bpf) 716 bpf_mtap(sc->sc_sppp.pp_if.if_bpf, m, BPF_DIRECTION_IN); 717 #endif 718 719 m_adj(m, PPPOE_HEADERLEN); 720 721 #ifdef PPPOE_DEBUG 722 { 723 struct mbuf *p; 724 725 printf("%s: pkthdr.len=%d, pppoe.len=%d", 726 sc->sc_sppp.pp_if.if_xname, 727 m->m_pkthdr.len, plen); 728 p = m; 729 while (p) { 730 printf(" l=%d", p->m_len); 731 p = p->m_next; 732 } 733 printf("\n"); 734 } 735 #endif 736 737 if (m->m_pkthdr.len < plen) 738 goto drop; 739 740 /* fix incoming interface pointer (not the raw ethernet interface anymore) */ 741 m->m_pkthdr.ph_ifidx = sc->sc_sppp.pp_if.if_index; 742 743 /* pass packet up and account for it */ 744 sc->sc_sppp.pp_if.if_ipackets++; 745 sppp_input(&sc->sc_sppp.pp_if, m); 746 return; 747 748 drop: 749 m_freem(m); 750 } 751 752 static int 753 pppoe_output(struct pppoe_softc *sc, struct mbuf *m) 754 { 755 struct sockaddr dst; 756 struct ether_header *eh; 757 struct ifnet *eth_if; 758 u_int16_t etype; 759 int ret; 760 761 if ((eth_if = if_get(sc->sc_eth_ifidx)) == NULL) { 762 m_freem(m); 763 return (EIO); 764 } 765 766 if ((eth_if->if_flags & (IFF_UP|IFF_RUNNING)) 767 != (IFF_UP|IFF_RUNNING)) { 768 if_put(eth_if); 769 m_freem(m); 770 return (ENETDOWN); 771 } 772 773 memset(&dst, 0, sizeof dst); 774 dst.sa_family = AF_UNSPEC; 775 eh = (struct ether_header*)&dst.sa_data; 776 etype = sc->sc_state == PPPOE_STATE_SESSION ? ETHERTYPE_PPPOE : ETHERTYPE_PPPOEDISC; 777 eh->ether_type = htons(etype); 778 memcpy(&eh->ether_dhost, &sc->sc_dest, sizeof sc->sc_dest); 779 780 PPPOEDEBUG(("%s (%x) state=%d, session=0x%x output -> %s, len=%d\n", 781 sc->sc_sppp.pp_if.if_xname, etype, 782 sc->sc_state, sc->sc_session, 783 ether_sprintf((unsigned char *)&sc->sc_dest), m->m_pkthdr.len)); 784 785 m->m_flags &= ~(M_BCAST|M_MCAST); 786 /* encapsulated packet is forced into rdomain of physical interface */ 787 m->m_pkthdr.ph_rtableid = eth_if->if_rdomain; 788 789 ret = eth_if->if_output(eth_if, m, &dst, NULL); 790 if_put(eth_if); 791 792 return (ret); 793 } 794 795 /* The ioctl routine. */ 796 static int 797 pppoe_ioctl(struct ifnet *ifp, unsigned long cmd, caddr_t data) 798 { 799 struct proc *p = curproc; /* XXX */ 800 struct pppoe_softc *sc = (struct pppoe_softc *)ifp; 801 struct ifnet *eth_if; 802 int error = 0; 803 804 switch (cmd) { 805 case PPPOESETPARMS: 806 { 807 struct pppoediscparms *parms = (struct pppoediscparms *)data; 808 int len; 809 810 if ((error = suser(p)) != 0) 811 return (error); 812 if (parms->eth_ifname[0] != '\0') { 813 struct ifnet *eth_if; 814 815 eth_if = ifunit(parms->eth_ifname); 816 if (eth_if == NULL || eth_if->if_type != IFT_ETHER) { 817 sc->sc_eth_ifidx = 0; 818 return (ENXIO); 819 } 820 821 if (sc->sc_sppp.pp_if.if_mtu > 822 eth_if->if_mtu - PPPOE_OVERHEAD) { 823 sc->sc_sppp.pp_if.if_mtu = eth_if->if_mtu - 824 PPPOE_OVERHEAD; 825 } 826 sc->sc_eth_ifidx = eth_if->if_index; 827 } 828 829 if (sc->sc_concentrator_name) 830 free(sc->sc_concentrator_name, M_DEVBUF, 831 strlen(sc->sc_concentrator_name) + 1); 832 sc->sc_concentrator_name = NULL; 833 834 len = strlen(parms->ac_name); 835 if (len > 0 && len < sizeof(parms->ac_name)) { 836 char *p = malloc(len + 1, M_DEVBUF, M_WAITOK|M_CANFAIL); 837 if (p == NULL) 838 return (ENOMEM); 839 strlcpy(p, parms->ac_name, len + 1); 840 sc->sc_concentrator_name = p; 841 } 842 843 if (sc->sc_service_name) 844 free(sc->sc_service_name, M_DEVBUF, 845 strlen(sc->sc_service_name) + 1); 846 sc->sc_service_name = NULL; 847 848 len = strlen(parms->service_name); 849 if (len > 0 && len < sizeof(parms->service_name)) { 850 char *p = malloc(len + 1, M_DEVBUF, M_WAITOK|M_CANFAIL); 851 if (p == NULL) 852 return (ENOMEM); 853 strlcpy(p, parms->service_name, len + 1); 854 sc->sc_service_name = p; 855 } 856 return (0); 857 } 858 break; 859 case PPPOEGETPARMS: 860 { 861 struct pppoediscparms *parms = (struct pppoediscparms *)data; 862 863 if ((eth_if = if_get(sc->sc_eth_ifidx)) != NULL) { 864 strlcpy(parms->eth_ifname, eth_if->if_xname, 865 IFNAMSIZ); 866 if_put(eth_if); 867 } else 868 parms->eth_ifname[0] = '\0'; 869 870 if (sc->sc_concentrator_name) 871 strlcpy(parms->ac_name, sc->sc_concentrator_name, 872 sizeof(parms->ac_name)); 873 else 874 parms->ac_name[0] = '\0'; 875 876 if (sc->sc_service_name) 877 strlcpy(parms->service_name, sc->sc_service_name, 878 sizeof(parms->service_name)); 879 else 880 parms->service_name[0] = '\0'; 881 882 return (0); 883 } 884 break; 885 case PPPOEGETSESSION: 886 { 887 struct pppoeconnectionstate *state = 888 (struct pppoeconnectionstate *)data; 889 state->state = sc->sc_state; 890 state->session_id = sc->sc_session; 891 state->padi_retry_no = sc->sc_padi_retried; 892 state->padr_retry_no = sc->sc_padr_retried; 893 state->session_time.tv_sec = sc->sc_session_time.tv_sec; 894 state->session_time.tv_usec = sc->sc_session_time.tv_usec; 895 return (0); 896 } 897 break; 898 case SIOCSIFFLAGS: 899 { 900 struct ifreq *ifr = (struct ifreq *)data; 901 /* 902 * Prevent running re-establishment timers overriding 903 * administrators choice. 904 */ 905 if ((ifr->ifr_flags & IFF_UP) == 0 906 && sc->sc_state >= PPPOE_STATE_PADI_SENT 907 && sc->sc_state < PPPOE_STATE_SESSION) { 908 timeout_del(&sc->sc_timeout); 909 sc->sc_state = PPPOE_STATE_INITIAL; 910 sc->sc_padi_retried = 0; 911 sc->sc_padr_retried = 0; 912 memcpy(&sc->sc_dest, etherbroadcastaddr, 913 sizeof(sc->sc_dest)); 914 } 915 return (sppp_ioctl(ifp, cmd, data)); 916 } 917 case SIOCSIFMTU: 918 { 919 struct ifreq *ifr = (struct ifreq *)data; 920 921 eth_if = if_get(sc->sc_eth_ifidx); 922 923 if (ifr->ifr_mtu > MIN(PPPOE_MAXMTU, 924 (eth_if == NULL ? PPPOE_MAXMTU : 925 (eth_if->if_mtu - PPPOE_OVERHEAD)))) 926 error = EINVAL; 927 else 928 error = 0; 929 930 if_put(eth_if); 931 932 return (sppp_ioctl(ifp, cmd, data)); 933 } 934 default: 935 error = sppp_ioctl(ifp, cmd, data); 936 if (error == ENETRESET) { 937 error = 0; 938 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 939 (IFF_UP | IFF_RUNNING)) { 940 if_down(ifp); 941 if (sc->sc_state >= PPPOE_STATE_PADI_SENT && 942 sc->sc_state < PPPOE_STATE_SESSION) { 943 timeout_del(&sc->sc_timeout); 944 sc->sc_state = PPPOE_STATE_INITIAL; 945 sc->sc_padi_retried = 0; 946 sc->sc_padr_retried = 0; 947 memcpy(&sc->sc_dest, 948 etherbroadcastaddr, 949 sizeof(sc->sc_dest)); 950 } 951 error = sppp_ioctl(ifp, SIOCSIFFLAGS, NULL); 952 if (error) 953 return (error); 954 if_up(ifp); 955 return (sppp_ioctl(ifp, SIOCSIFFLAGS, NULL)); 956 } 957 } 958 return (error); 959 } 960 return (0); 961 } 962 963 /* 964 * Allocate a mbuf/cluster with space to store the given data length 965 * of payload, leaving space for prepending an ethernet header 966 * in front. 967 */ 968 static struct mbuf * 969 pppoe_get_mbuf(size_t len) 970 { 971 struct mbuf *m; 972 973 MGETHDR(m, M_DONTWAIT, MT_DATA); 974 if (m == NULL) 975 return (NULL); 976 if (len + sizeof(struct ether_header) > MHLEN) { 977 MCLGET(m, M_DONTWAIT); 978 if ((m->m_flags & M_EXT) == 0) { 979 m_free(m); 980 return (NULL); 981 } 982 } 983 m->m_data += sizeof(struct ether_header); 984 m->m_len = len; 985 m->m_pkthdr.len = len; 986 m->m_pkthdr.ph_ifidx = 0; 987 988 return (m); 989 } 990 991 /* Send PADI. */ 992 static int 993 pppoe_send_padi(struct pppoe_softc *sc) 994 { 995 struct mbuf *m0; 996 int len, l1 = 0, l2 = 0; /* XXX: gcc */ 997 u_int8_t *p; 998 999 if (sc->sc_state > PPPOE_STATE_PADI_SENT) 1000 panic("pppoe_send_padi in state %d", sc->sc_state); 1001 1002 /* calculate length of frame (excluding ethernet header + pppoe header) */ 1003 len = 2 + 2 + 2 + 2 + sizeof(sc->sc_unique); /* service name tag is required, host unique is sent too */ 1004 if (sc->sc_service_name != NULL) { 1005 l1 = strlen(sc->sc_service_name); 1006 len += l1; 1007 } 1008 if (sc->sc_concentrator_name != NULL) { 1009 l2 = strlen(sc->sc_concentrator_name); 1010 len += 2 + 2 + l2; 1011 } 1012 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU) 1013 len += 2 + 2 + 2; 1014 1015 /* allocate a buffer */ 1016 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); /* header len + payload len */ 1017 if (m0 == NULL) 1018 return (ENOBUFS); 1019 m0->m_pkthdr.pf.prio = sc->sc_sppp.pp_if.if_llprio; 1020 1021 /* fill in pkt */ 1022 p = mtod(m0, u_int8_t *); 1023 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADI, 0, len); 1024 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1025 if (sc->sc_service_name != NULL) { 1026 PPPOE_ADD_16(p, l1); 1027 memcpy(p, sc->sc_service_name, l1); 1028 p += l1; 1029 } else { 1030 PPPOE_ADD_16(p, 0); 1031 } 1032 if (sc->sc_concentrator_name != NULL) { 1033 PPPOE_ADD_16(p, PPPOE_TAG_ACNAME); 1034 PPPOE_ADD_16(p, l2); 1035 memcpy(p, sc->sc_concentrator_name, l2); 1036 p += l2; 1037 } 1038 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1039 PPPOE_ADD_16(p, sizeof(sc->sc_unique)); 1040 memcpy(p, &sc->sc_unique, sizeof(sc->sc_unique)); 1041 p += sizeof(sc->sc_unique); 1042 1043 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU) { 1044 PPPOE_ADD_16(p, PPPOE_TAG_MAX_PAYLOAD); 1045 PPPOE_ADD_16(p, 2); 1046 PPPOE_ADD_16(p, (u_int16_t)sc->sc_sppp.pp_if.if_mtu); 1047 } 1048 1049 #ifdef PPPOE_DEBUG 1050 if (p - mtod(m0, u_int8_t *) != len + PPPOE_HEADERLEN) 1051 panic("pppoe_send_padi: garbled output len, should be %ld, is %ld", 1052 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, u_int8_t *))); 1053 #endif 1054 1055 /* send pkt */ 1056 return (pppoe_output(sc, m0)); 1057 } 1058 1059 /* Watchdog function. */ 1060 static void 1061 pppoe_timeout(void *arg) 1062 { 1063 struct pppoe_softc *sc = (struct pppoe_softc *)arg; 1064 int x, retry_wait, err; 1065 1066 PPPOEDEBUG(("%s: timeout\n", sc->sc_sppp.pp_if.if_xname)); 1067 1068 NET_LOCK(); 1069 1070 switch (sc->sc_state) { 1071 case PPPOE_STATE_PADI_SENT: 1072 /* 1073 * We have two basic ways of retrying: 1074 * - Quick retry mode: try a few times in short sequence 1075 * - Slow retry mode: we already had a connection successfully 1076 * established and will try infinitely (without user 1077 * intervention) 1078 * We only enter slow retry mode if IFF_LINK1 (aka autodial) 1079 * is not set. 1080 */ 1081 1082 /* initialize for quick retry mode */ 1083 retry_wait = PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried); 1084 1085 x = splnet(); 1086 sc->sc_padi_retried++; 1087 if (sc->sc_padi_retried >= PPPOE_DISC_MAXPADI) { 1088 if ((sc->sc_sppp.pp_if.if_flags & IFF_LINK1) == 0) { 1089 /* slow retry mode */ 1090 retry_wait = PPPOE_SLOW_RETRY; 1091 } else { 1092 pppoe_abort_connect(sc); 1093 splx(x); 1094 break; 1095 } 1096 } 1097 if ((err = pppoe_send_padi(sc)) != 0) { 1098 sc->sc_padi_retried--; 1099 PPPOEDEBUG(("%s: failed to transmit PADI, error=%d\n", 1100 sc->sc_sppp.pp_if.if_xname, err)); 1101 } 1102 timeout_add_sec(&sc->sc_timeout, retry_wait); 1103 splx(x); 1104 1105 break; 1106 case PPPOE_STATE_PADR_SENT: 1107 x = splnet(); 1108 sc->sc_padr_retried++; 1109 if (sc->sc_padr_retried >= PPPOE_DISC_MAXPADR) { 1110 memcpy(&sc->sc_dest, etherbroadcastaddr, 1111 sizeof(sc->sc_dest)); 1112 sc->sc_state = PPPOE_STATE_PADI_SENT; 1113 sc->sc_padr_retried = 0; 1114 if ((err = pppoe_send_padi(sc)) != 0) { 1115 PPPOEDEBUG(("%s: failed to send PADI, error=%d\n", 1116 sc->sc_sppp.pp_if.if_xname, err)); 1117 } 1118 timeout_add_sec(&sc->sc_timeout, 1119 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried)); 1120 splx(x); 1121 break; 1122 } 1123 if ((err = pppoe_send_padr(sc)) != 0) { 1124 sc->sc_padr_retried--; 1125 PPPOEDEBUG(("%s: failed to send PADR, error=%d\n", 1126 sc->sc_sppp.pp_if.if_xname, err)); 1127 } 1128 timeout_add_sec(&sc->sc_timeout, 1129 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried)); 1130 splx(x); 1131 1132 break; 1133 case PPPOE_STATE_CLOSING: 1134 pppoe_disconnect(sc); 1135 break; 1136 default: 1137 break; /* all done, work in peace */ 1138 } 1139 1140 NET_UNLOCK(); 1141 } 1142 1143 /* Start a connection (i.e. initiate discovery phase). */ 1144 static int 1145 pppoe_connect(struct pppoe_softc *sc) 1146 { 1147 int x, err; 1148 1149 if (sc->sc_state != PPPOE_STATE_INITIAL) 1150 return (EBUSY); 1151 1152 x = splnet(); 1153 1154 /* save state, in case we fail to send PADI */ 1155 sc->sc_state = PPPOE_STATE_PADI_SENT; 1156 sc->sc_padr_retried = 0; 1157 err = pppoe_send_padi(sc); 1158 if (err != 0) 1159 PPPOEDEBUG(("%s: failed to send PADI, error=%d\n", 1160 sc->sc_sppp.pp_if.if_xname, err)); 1161 1162 timeout_add_sec(&sc->sc_timeout, PPPOE_DISC_TIMEOUT); 1163 splx(x); 1164 1165 return (err); 1166 } 1167 1168 /* disconnect */ 1169 static int 1170 pppoe_disconnect(struct pppoe_softc *sc) 1171 { 1172 int err, x; 1173 1174 x = splnet(); 1175 1176 if (sc->sc_state < PPPOE_STATE_SESSION) 1177 err = EBUSY; 1178 else { 1179 PPPOEDEBUG(("%s: disconnecting\n", 1180 sc->sc_sppp.pp_if.if_xname)); 1181 err = pppoe_send_padt(sc->sc_eth_ifidx, 1182 sc->sc_session, (const u_int8_t *)&sc->sc_dest, 1183 sc->sc_sppp.pp_if.if_llprio); 1184 } 1185 1186 /* cleanup softc */ 1187 sc->sc_state = PPPOE_STATE_INITIAL; 1188 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1189 if (sc->sc_ac_cookie) { 1190 free(sc->sc_ac_cookie, M_DEVBUF, sc->sc_ac_cookie_len); 1191 sc->sc_ac_cookie = NULL; 1192 } 1193 sc->sc_ac_cookie_len = 0; 1194 if (sc->sc_relay_sid) { 1195 free(sc->sc_relay_sid, M_DEVBUF, sc->sc_relay_sid_len); 1196 sc->sc_relay_sid = NULL; 1197 } 1198 sc->sc_relay_sid_len = 0; 1199 sc->sc_session = 0; 1200 1201 /* notify upper layer */ 1202 sc->sc_sppp.pp_down(&sc->sc_sppp); 1203 1204 splx(x); 1205 1206 return (err); 1207 } 1208 1209 /* Connection attempt aborted. */ 1210 static void 1211 pppoe_abort_connect(struct pppoe_softc *sc) 1212 { 1213 printf("%s: could not establish connection\n", 1214 sc->sc_sppp.pp_if.if_xname); 1215 sc->sc_state = PPPOE_STATE_CLOSING; 1216 1217 /* notify upper layer */ 1218 sc->sc_sppp.pp_down(&sc->sc_sppp); 1219 1220 /* clear connection state */ 1221 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1222 sc->sc_state = PPPOE_STATE_INITIAL; 1223 } 1224 1225 /* Send a PADR packet */ 1226 static int 1227 pppoe_send_padr(struct pppoe_softc *sc) 1228 { 1229 struct mbuf *m0; 1230 u_int8_t *p; 1231 size_t len, l1 = 0; /* XXX: gcc */ 1232 1233 if (sc->sc_state != PPPOE_STATE_PADR_SENT) 1234 return (EIO); 1235 1236 len = 2 + 2 + 2 + 2 + sizeof(sc->sc_unique); /* service name, host unique */ 1237 if (sc->sc_service_name != NULL) { /* service name tag maybe empty */ 1238 l1 = strlen(sc->sc_service_name); 1239 len += l1; 1240 } 1241 if (sc->sc_ac_cookie_len > 0) 1242 len += 2 + 2 + sc->sc_ac_cookie_len; /* AC cookie */ 1243 if (sc->sc_relay_sid_len > 0) 1244 len += 2 + 2 + sc->sc_relay_sid_len; /* Relay SID */ 1245 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU) 1246 len += 2 + 2 + 2; 1247 1248 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); 1249 if (m0 == NULL) 1250 return (ENOBUFS); 1251 m0->m_pkthdr.pf.prio = sc->sc_sppp.pp_if.if_llprio; 1252 1253 p = mtod(m0, u_int8_t *); 1254 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADR, 0, len); 1255 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1256 1257 if (sc->sc_service_name != NULL) { 1258 PPPOE_ADD_16(p, l1); 1259 memcpy(p, sc->sc_service_name, l1); 1260 p += l1; 1261 } else { 1262 PPPOE_ADD_16(p, 0); 1263 } 1264 if (sc->sc_ac_cookie_len > 0) { 1265 PPPOE_ADD_16(p, PPPOE_TAG_ACCOOKIE); 1266 PPPOE_ADD_16(p, sc->sc_ac_cookie_len); 1267 memcpy(p, sc->sc_ac_cookie, sc->sc_ac_cookie_len); 1268 p += sc->sc_ac_cookie_len; 1269 } 1270 if (sc->sc_relay_sid_len > 0) { 1271 PPPOE_ADD_16(p, PPPOE_TAG_RELAYSID); 1272 PPPOE_ADD_16(p, sc->sc_relay_sid_len); 1273 memcpy(p, sc->sc_relay_sid, sc->sc_relay_sid_len); 1274 p += sc->sc_relay_sid_len; 1275 } 1276 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1277 PPPOE_ADD_16(p, sizeof(sc->sc_unique)); 1278 memcpy(p, &sc->sc_unique, sizeof(sc->sc_unique)); 1279 p += sizeof(sc->sc_unique); 1280 1281 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU) { 1282 PPPOE_ADD_16(p, PPPOE_TAG_MAX_PAYLOAD); 1283 PPPOE_ADD_16(p, 2); 1284 PPPOE_ADD_16(p, (u_int16_t)sc->sc_sppp.pp_if.if_mtu); 1285 } 1286 1287 #ifdef PPPOE_DEBUG 1288 if (p - mtod(m0, u_int8_t *) != len + PPPOE_HEADERLEN) 1289 panic("pppoe_send_padr: garbled output len, should be %ld, is %ld", 1290 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, u_int8_t *))); 1291 #endif 1292 1293 return (pppoe_output(sc, m0)); 1294 } 1295 1296 /* Send a PADT packet. */ 1297 static int 1298 pppoe_send_padt(unsigned int ifidx, u_int session, const u_int8_t *dest, u_int8_t prio) 1299 { 1300 struct ether_header *eh; 1301 struct sockaddr dst; 1302 struct ifnet *eth_if; 1303 struct mbuf *m0; 1304 u_int8_t *p; 1305 int ret; 1306 1307 if ((eth_if = if_get(ifidx)) == NULL) 1308 return (EINVAL); 1309 1310 m0 = pppoe_get_mbuf(PPPOE_HEADERLEN); 1311 if (m0 == NULL) { 1312 if_put(eth_if); 1313 return (ENOBUFS); 1314 } 1315 m0->m_pkthdr.pf.prio = prio; 1316 1317 p = mtod(m0, u_int8_t *); 1318 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADT, session, 0); 1319 1320 memset(&dst, 0, sizeof(dst)); 1321 dst.sa_family = AF_UNSPEC; 1322 eh = (struct ether_header *)&dst.sa_data; 1323 eh->ether_type = htons(ETHERTYPE_PPPOEDISC); 1324 memcpy(&eh->ether_dhost, dest, ETHER_ADDR_LEN); 1325 1326 m0->m_flags &= ~(M_BCAST|M_MCAST); 1327 /* encapsulated packet is forced into rdomain of physical interface */ 1328 m0->m_pkthdr.ph_rtableid = eth_if->if_rdomain; 1329 1330 ret = eth_if->if_output(eth_if, m0, &dst, NULL); 1331 if_put(eth_if); 1332 1333 return (ret); 1334 } 1335 1336 1337 /* this-layer-start function */ 1338 static void 1339 pppoe_tls(struct sppp *sp) 1340 { 1341 struct pppoe_softc *sc = (void *)sp; 1342 1343 if (sc->sc_state != PPPOE_STATE_INITIAL) 1344 return; 1345 pppoe_connect(sc); 1346 } 1347 1348 /* this-layer-finish function */ 1349 static void 1350 pppoe_tlf(struct sppp *sp) 1351 { 1352 struct pppoe_softc *sc = (void *)sp; 1353 1354 if (sc->sc_state < PPPOE_STATE_SESSION) 1355 return; 1356 /* 1357 * Do not call pppoe_disconnect here, the upper layer state 1358 * machine gets confused by this. We must return from this 1359 * function and defer disconnecting to the timeout handler. 1360 */ 1361 sc->sc_state = PPPOE_STATE_CLOSING; 1362 timeout_add_msec(&sc->sc_timeout, 20); 1363 } 1364 1365 static void 1366 pppoe_start(struct ifnet *ifp) 1367 { 1368 struct pppoe_softc *sc = (void *)ifp; 1369 struct mbuf *m; 1370 size_t len; 1371 u_int8_t *p; 1372 1373 if (sppp_isempty(ifp)) 1374 return; 1375 1376 /* are we ready to process data yet? */ 1377 if (sc->sc_state < PPPOE_STATE_SESSION) { 1378 sppp_flush(&sc->sc_sppp.pp_if); 1379 return; 1380 } 1381 1382 while ((m = sppp_dequeue(ifp)) != NULL) { 1383 len = m->m_pkthdr.len; 1384 M_PREPEND(m, PPPOE_HEADERLEN, M_DONTWAIT); 1385 if (m == NULL) { 1386 ifp->if_oerrors++; 1387 continue; 1388 } 1389 p = mtod(m, u_int8_t *); 1390 PPPOE_ADD_HEADER(p, 0, sc->sc_session, len); 1391 1392 #if NBPFILTER > 0 1393 if(sc->sc_sppp.pp_if.if_bpf) 1394 bpf_mtap(sc->sc_sppp.pp_if.if_bpf, m, 1395 BPF_DIRECTION_OUT); 1396 #endif 1397 1398 pppoe_output(sc, m); 1399 } 1400 } 1401