1 /* $OpenBSD: if_pppoe.c,v 1.78 2021/07/19 19:00:58 stsp Exp $ */ 2 /* $NetBSD: if_pppoe.c,v 1.51 2003/11/28 08:56:48 keihan Exp $ */ 3 4 /* 5 * Copyright (c) 2002 The NetBSD Foundation, Inc. 6 * All rights reserved. 7 * 8 * This code is derived from software contributed to The NetBSD Foundation 9 * by Martin Husemann <martin@NetBSD.org>. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 24 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include "pppoe.h" 34 #include "bpfilter.h" 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/kernel.h> 39 #include <sys/timeout.h> 40 #include <sys/malloc.h> 41 #include <sys/mbuf.h> 42 #include <sys/socket.h> 43 #include <sys/syslog.h> 44 #include <sys/ioctl.h> 45 #include <net/if.h> 46 #include <net/if_var.h> 47 #include <net/if_types.h> 48 #include <net/if_sppp.h> 49 #include <net/if_pppoe.h> 50 #include <net/netisr.h> 51 #include <netinet/in.h> 52 #include <netinet/if_ether.h> 53 54 #if NBPFILTER > 0 55 #include <net/bpf.h> 56 #endif 57 58 #undef PPPOE_DEBUG /* XXX - remove this or make it an option */ 59 60 #define PPPOEDEBUG(a) ((sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) ? printf a : 0) 61 62 struct pppoehdr { 63 u_int8_t vertype; 64 u_int8_t code; 65 u_int16_t session; 66 u_int16_t plen; 67 } __packed; 68 69 struct pppoetag { 70 u_int16_t tag; 71 u_int16_t len; 72 } __packed; 73 74 #define PPPOE_HEADERLEN sizeof(struct pppoehdr) 75 #define PPPOE_OVERHEAD (PPPOE_HEADERLEN + 2) 76 #define PPPOE_VERTYPE 0x11 /* VER=1, TYPE = 1 */ 77 78 #define PPPOE_TAG_EOL 0x0000 /* end of list */ 79 #define PPPOE_TAG_SNAME 0x0101 /* service name */ 80 #define PPPOE_TAG_ACNAME 0x0102 /* access concentrator name */ 81 #define PPPOE_TAG_HUNIQUE 0x0103 /* host unique */ 82 #define PPPOE_TAG_ACCOOKIE 0x0104 /* AC cookie */ 83 #define PPPOE_TAG_VENDOR 0x0105 /* vendor specific */ 84 #define PPPOE_TAG_RELAYSID 0x0110 /* relay session id */ 85 #define PPPOE_TAG_MAX_PAYLOAD 0x0120 /* RFC 4638 max payload */ 86 #define PPPOE_TAG_SNAME_ERR 0x0201 /* service name error */ 87 #define PPPOE_TAG_ACSYS_ERR 0x0202 /* AC system error */ 88 #define PPPOE_TAG_GENERIC_ERR 0x0203 /* generic error */ 89 90 #define PPPOE_CODE_PADI 0x09 /* Active Discovery Initiation */ 91 #define PPPOE_CODE_PADO 0x07 /* Active Discovery Offer */ 92 #define PPPOE_CODE_PADR 0x19 /* Active Discovery Request */ 93 #define PPPOE_CODE_PADS 0x65 /* Active Discovery Session confirmation */ 94 #define PPPOE_CODE_PADT 0xA7 /* Active Discovery Terminate */ 95 96 /* two byte PPP protocol discriminator, then IP data */ 97 #define PPPOE_MTU (ETHERMTU - PPPOE_OVERHEAD) 98 #define PPPOE_MAXMTU PP_MAX_MRU 99 100 /* Add a 16 bit unsigned value to a buffer pointed to by PTR */ 101 #define PPPOE_ADD_16(PTR, VAL) \ 102 *(PTR)++ = (VAL) / 256; \ 103 *(PTR)++ = (VAL) % 256 104 105 /* Add a complete PPPoE header to the buffer pointed to by PTR */ 106 #define PPPOE_ADD_HEADER(PTR, CODE, SESS, LEN) \ 107 *(PTR)++ = PPPOE_VERTYPE; \ 108 *(PTR)++ = (CODE); \ 109 PPPOE_ADD_16(PTR, SESS); \ 110 PPPOE_ADD_16(PTR, LEN) 111 112 #define PPPOE_DISC_TIMEOUT 5 /* base for quick timeout calculation (seconds) */ 113 #define PPPOE_SLOW_RETRY 60 /* persistent retry interval (seconds) */ 114 #define PPPOE_DISC_MAXPADI 4 /* retry PADI four times (quickly) */ 115 #define PPPOE_DISC_MAXPADR 2 /* retry PADR twice */ 116 117 /* 118 * Locks used to protect struct members and global data 119 * I immutable after creation 120 * N net lock 121 */ 122 123 struct pppoe_softc { 124 struct sppp sc_sppp; /* contains a struct ifnet as first element */ 125 LIST_ENTRY(pppoe_softc) sc_list;/* [N] */ 126 unsigned int sc_eth_ifidx; /* [N] */ 127 128 int sc_state; /* [N] discovery phase or session connected */ 129 struct ether_addr sc_dest; /* [N] hardware address of concentrator */ 130 u_int16_t sc_session; /* [N] PPPoE session id */ 131 132 char *sc_service_name; /* [N] if != NULL: requested name of service */ 133 char *sc_concentrator_name; /* [N] if != NULL: requested concentrator id */ 134 u_int8_t *sc_ac_cookie; /* [N] content of AC cookie we must echo back */ 135 size_t sc_ac_cookie_len; /* [N] length of cookie data */ 136 u_int8_t *sc_relay_sid; /* [N] content of relay SID we must echo back */ 137 size_t sc_relay_sid_len; /* [N] length of relay SID data */ 138 u_int32_t sc_unique; /* [I] our unique id */ 139 struct timeout sc_timeout; /* [N] timeout while not in session state */ 140 int sc_padi_retried; /* [N] number of PADI retries already done */ 141 int sc_padr_retried; /* [N] number of PADR retries already done */ 142 143 struct timeval sc_session_time; /* [N] time the session was established */ 144 }; 145 146 /* input routines */ 147 static void pppoe_dispatch_disc_pkt(struct mbuf *); 148 149 /* management routines */ 150 void pppoeattach(int); 151 static int pppoe_connect(struct pppoe_softc *); 152 static int pppoe_disconnect(struct pppoe_softc *); 153 static void pppoe_abort_connect(struct pppoe_softc *); 154 static int pppoe_ioctl(struct ifnet *, unsigned long, caddr_t); 155 static void pppoe_tls(struct sppp *); 156 static void pppoe_tlf(struct sppp *); 157 static void pppoe_start(struct ifnet *); 158 159 /* internal timeout handling */ 160 static void pppoe_timeout(void *); 161 162 /* sending actual protocol control packets */ 163 static int pppoe_send_padi(struct pppoe_softc *); 164 static int pppoe_send_padr(struct pppoe_softc *); 165 static int pppoe_send_padt(unsigned int, u_int, const u_int8_t *, u_int8_t); 166 167 /* raw output */ 168 static int pppoe_output(struct pppoe_softc *, struct mbuf *); 169 170 /* internal helper functions */ 171 static struct pppoe_softc *pppoe_find_softc_by_session(u_int, u_int); 172 static struct pppoe_softc *pppoe_find_softc_by_hunique(u_int8_t *, size_t, u_int); 173 static struct mbuf *pppoe_get_mbuf(size_t len); 174 175 LIST_HEAD(pppoe_softc_head, pppoe_softc) pppoe_softc_list; 176 177 /* interface cloning */ 178 int pppoe_clone_create(struct if_clone *, int); 179 int pppoe_clone_destroy(struct ifnet *); 180 181 struct if_clone pppoe_cloner = 182 IF_CLONE_INITIALIZER("pppoe", pppoe_clone_create, pppoe_clone_destroy); 183 184 185 void 186 pppoeattach(int count) 187 { 188 LIST_INIT(&pppoe_softc_list); 189 if_clone_attach(&pppoe_cloner); 190 } 191 192 /* Create a new interface. */ 193 int 194 pppoe_clone_create(struct if_clone *ifc, int unit) 195 { 196 struct pppoe_softc *sc, *tmpsc; 197 u_int32_t unique; 198 199 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 200 snprintf(sc->sc_sppp.pp_if.if_xname, 201 sizeof(sc->sc_sppp.pp_if.if_xname), 202 "pppoe%d", unit); 203 sc->sc_sppp.pp_if.if_softc = sc; 204 sc->sc_sppp.pp_if.if_mtu = PPPOE_MTU; 205 sc->sc_sppp.pp_if.if_flags = IFF_SIMPLEX | IFF_POINTOPOINT | IFF_MULTICAST; 206 sc->sc_sppp.pp_if.if_type = IFT_PPP; 207 sc->sc_sppp.pp_if.if_hdrlen = sizeof(struct ether_header) + PPPOE_HEADERLEN; 208 sc->sc_sppp.pp_flags |= PP_KEEPALIVE; /* use LCP keepalive */ 209 sc->sc_sppp.pp_framebytes = PPPOE_HEADERLEN; /* framing added to ppp packets */ 210 sc->sc_sppp.pp_if.if_ioctl = pppoe_ioctl; 211 sc->sc_sppp.pp_if.if_start = pppoe_start; 212 sc->sc_sppp.pp_if.if_rtrequest = p2p_rtrequest; 213 sc->sc_sppp.pp_if.if_xflags = IFXF_CLONED; 214 sc->sc_sppp.pp_tls = pppoe_tls; 215 sc->sc_sppp.pp_tlf = pppoe_tlf; 216 217 /* changed to real address later */ 218 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 219 220 /* init timer for interface watchdog */ 221 timeout_set_proc(&sc->sc_timeout, pppoe_timeout, sc); 222 223 if_attach(&sc->sc_sppp.pp_if); 224 if_alloc_sadl(&sc->sc_sppp.pp_if); 225 sppp_attach(&sc->sc_sppp.pp_if); 226 #if NBPFILTER > 0 227 bpfattach(&sc->sc_sppp.pp_if.if_bpf, &sc->sc_sppp.pp_if, DLT_PPP_ETHER, 0); 228 #endif 229 230 NET_LOCK(); 231 retry: 232 unique = arc4random(); 233 LIST_FOREACH(tmpsc, &pppoe_softc_list, sc_list) 234 if (tmpsc->sc_unique == unique) 235 goto retry; 236 sc->sc_unique = unique; 237 LIST_INSERT_HEAD(&pppoe_softc_list, sc, sc_list); 238 NET_UNLOCK(); 239 240 return (0); 241 } 242 243 /* Destroy a given interface. */ 244 int 245 pppoe_clone_destroy(struct ifnet *ifp) 246 { 247 struct pppoe_softc *sc = ifp->if_softc; 248 249 NET_LOCK(); 250 LIST_REMOVE(sc, sc_list); 251 NET_UNLOCK(); 252 253 timeout_del(&sc->sc_timeout); 254 255 sppp_detach(&sc->sc_sppp.pp_if); 256 if_detach(ifp); 257 258 if (sc->sc_concentrator_name) 259 free(sc->sc_concentrator_name, M_DEVBUF, 260 strlen(sc->sc_concentrator_name) + 1); 261 if (sc->sc_service_name) 262 free(sc->sc_service_name, M_DEVBUF, 263 strlen(sc->sc_service_name) + 1); 264 if (sc->sc_ac_cookie) 265 free(sc->sc_ac_cookie, M_DEVBUF, sc->sc_ac_cookie_len); 266 if (sc->sc_relay_sid) 267 free(sc->sc_relay_sid, M_DEVBUF, sc->sc_relay_sid_len); 268 269 free(sc, M_DEVBUF, sizeof(*sc)); 270 271 return (0); 272 } 273 274 /* 275 * Find the interface handling the specified session. 276 * Note: O(number of sessions open), this is a client-side only, mean 277 * and lean implementation, so number of open sessions typically should 278 * be 1. 279 */ 280 static struct pppoe_softc * 281 pppoe_find_softc_by_session(u_int session, u_int ifidx) 282 { 283 struct pppoe_softc *sc; 284 285 if (session == 0) 286 return (NULL); 287 288 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) { 289 if (sc->sc_state == PPPOE_STATE_SESSION 290 && sc->sc_session == session 291 && sc->sc_eth_ifidx == ifidx) { 292 return (sc); 293 } 294 } 295 return (NULL); 296 } 297 298 /* 299 * Check host unique token passed and return appropriate softc pointer, 300 * or NULL if token is bogus. 301 */ 302 static struct pppoe_softc * 303 pppoe_find_softc_by_hunique(u_int8_t *token, size_t len, u_int ifidx) 304 { 305 struct pppoe_softc *sc; 306 u_int32_t hunique; 307 308 if (LIST_EMPTY(&pppoe_softc_list)) 309 return (NULL); 310 311 if (len != sizeof(hunique)) 312 return (NULL); 313 memcpy(&hunique, token, len); 314 315 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) 316 if (sc->sc_unique == hunique) 317 break; 318 319 if (sc == NULL) { 320 printf("pppoe: alien host unique tag, no session found\n"); 321 return (NULL); 322 } 323 324 /* should be safe to access *sc now */ 325 if (sc->sc_state < PPPOE_STATE_PADI_SENT || sc->sc_state >= PPPOE_STATE_SESSION) { 326 printf("%s: host unique tag found, but it belongs to a connection in state %d\n", 327 sc->sc_sppp.pp_if.if_xname, sc->sc_state); 328 return (NULL); 329 } 330 if (sc->sc_eth_ifidx != ifidx) { 331 printf("%s: wrong interface, not accepting host unique\n", 332 sc->sc_sppp.pp_if.if_xname); 333 return (NULL); 334 } 335 return (sc); 336 } 337 338 /* Analyze and handle a single received packet while not in session state. */ 339 static void 340 pppoe_dispatch_disc_pkt(struct mbuf *m) 341 { 342 struct pppoe_softc *sc; 343 struct pppoehdr *ph; 344 struct pppoetag *pt; 345 struct mbuf *n; 346 struct ether_header *eh; 347 const char *err_msg, *devname; 348 size_t ac_cookie_len; 349 size_t relay_sid_len; 350 int off, noff, err, errortag, max_payloadtag; 351 u_int16_t max_payload; 352 u_int16_t tag, len; 353 u_int16_t session, plen; 354 u_int8_t *ac_cookie; 355 u_int8_t *relay_sid; 356 u_int8_t code; 357 358 err_msg = NULL; 359 devname = "pppoe"; 360 off = 0; 361 errortag = 0; 362 max_payloadtag = 0; 363 364 if (m->m_len < sizeof(*eh)) { 365 m = m_pullup(m, sizeof(*eh)); 366 if (m == NULL) 367 goto done; 368 } 369 eh = mtod(m, struct ether_header *); 370 off += sizeof(*eh); 371 372 ac_cookie = NULL; 373 ac_cookie_len = 0; 374 relay_sid = NULL; 375 relay_sid_len = 0; 376 max_payload = 0; 377 378 session = 0; 379 if (m->m_pkthdr.len - off <= PPPOE_HEADERLEN) { 380 printf("pppoe: packet too short: %d\n", m->m_pkthdr.len); 381 goto done; 382 } 383 384 n = m_pulldown(m, off, sizeof(*ph), &noff); 385 if (n == NULL) { 386 printf("pppoe: could not get PPPoE header\n"); 387 m = NULL; 388 goto done; 389 } 390 ph = (struct pppoehdr *)(mtod(n, caddr_t) + noff); 391 if (ph->vertype != PPPOE_VERTYPE) { 392 printf("pppoe: unknown version/type packet: 0x%x\n", 393 ph->vertype); 394 goto done; 395 } 396 397 session = ntohs(ph->session); 398 plen = ntohs(ph->plen); 399 code = ph->code; 400 off += sizeof(*ph); 401 if (plen + off > m->m_pkthdr.len) { 402 printf("pppoe: packet content does not fit: data available = %d, packet size = %u\n", 403 m->m_pkthdr.len - off, plen); 404 goto done; 405 } 406 407 /* ignore trailing garbage */ 408 m_adj(m, off + plen - m->m_pkthdr.len); 409 410 tag = 0; 411 len = 0; 412 sc = NULL; 413 while (off + sizeof(*pt) <= m->m_pkthdr.len) { 414 n = m_pulldown(m, off, sizeof(*pt), &noff); 415 if (n == NULL) { 416 printf("%s: parse error\n", devname); 417 m = NULL; 418 goto done; 419 } 420 pt = (struct pppoetag *)(mtod(n, caddr_t) + noff); 421 tag = ntohs(pt->tag); 422 len = ntohs(pt->len); 423 off += sizeof(*pt); 424 if (off + len > m->m_pkthdr.len) { 425 printf("%s: tag 0x%x len 0x%x is too long\n", 426 devname, tag, len); 427 goto done; 428 } 429 switch (tag) { 430 case PPPOE_TAG_EOL: 431 goto breakbreak; 432 case PPPOE_TAG_SNAME: 433 break; /* ignored */ 434 case PPPOE_TAG_ACNAME: 435 break; /* ignored */ 436 case PPPOE_TAG_HUNIQUE: 437 if (sc != NULL) 438 break; 439 n = m_pulldown(m, off, len, &noff); 440 if (n == NULL) { 441 m = NULL; 442 err_msg = "TAG HUNIQUE ERROR"; 443 break; 444 } 445 sc = pppoe_find_softc_by_hunique(mtod(n, caddr_t) + noff, 446 len, m->m_pkthdr.ph_ifidx); 447 if (sc != NULL) 448 devname = sc->sc_sppp.pp_if.if_xname; 449 break; 450 case PPPOE_TAG_ACCOOKIE: 451 if (ac_cookie == NULL) { 452 n = m_pulldown(m, off, len, 453 &noff); 454 if (n == NULL) { 455 err_msg = "TAG ACCOOKIE ERROR"; 456 m = NULL; 457 break; 458 } 459 ac_cookie = mtod(n, caddr_t) + noff; 460 ac_cookie_len = len; 461 } 462 break; 463 case PPPOE_TAG_RELAYSID: 464 if (relay_sid == NULL) { 465 n = m_pulldown(m, off, len, 466 &noff); 467 if (n == NULL) { 468 err_msg = "TAG RELAYSID ERROR"; 469 m = NULL; 470 break; 471 } 472 relay_sid = mtod(n, caddr_t) + noff; 473 relay_sid_len = len; 474 } 475 break; 476 case PPPOE_TAG_MAX_PAYLOAD: 477 if (!max_payloadtag) { 478 n = m_pulldown(m, off, len, 479 &noff); 480 if (n == NULL || len != sizeof(max_payload)) { 481 err_msg = "TAG MAX_PAYLOAD ERROR"; 482 m = NULL; 483 break; 484 } 485 memcpy(&max_payload, mtod(n, caddr_t) + noff, 486 sizeof(max_payload)); 487 max_payloadtag = 1; 488 } 489 break; 490 case PPPOE_TAG_SNAME_ERR: 491 err_msg = "SERVICE NAME ERROR"; 492 errortag = 1; 493 break; 494 case PPPOE_TAG_ACSYS_ERR: 495 err_msg = "AC SYSTEM ERROR"; 496 errortag = 1; 497 break; 498 case PPPOE_TAG_GENERIC_ERR: 499 err_msg = "GENERIC ERROR"; 500 errortag = 1; 501 break; 502 } 503 if (err_msg) { 504 log(LOG_INFO, "%s: %s: ", devname, err_msg); 505 if (errortag && len) { 506 n = m_pulldown(m, off, len, 507 &noff); 508 if (n == NULL) { 509 m = NULL; 510 } else { 511 u_int8_t *et = mtod(n, caddr_t) + noff; 512 while (len--) 513 addlog("%c", *et++); 514 } 515 } 516 addlog("\n"); 517 goto done; 518 } 519 off += len; 520 } 521 breakbreak: 522 switch (code) { 523 case PPPOE_CODE_PADI: 524 case PPPOE_CODE_PADR: 525 /* ignore, we are no access concentrator */ 526 goto done; 527 case PPPOE_CODE_PADO: 528 if (sc == NULL) { 529 /* be quiet if there is not a single pppoe instance */ 530 if (!LIST_EMPTY(&pppoe_softc_list)) 531 printf("pppoe: received PADO but could not find request for it\n"); 532 goto done; 533 } 534 if (sc->sc_state != PPPOE_STATE_PADI_SENT) { 535 printf("%s: received unexpected PADO\n", 536 sc->sc_sppp.pp_if.if_xname); 537 goto done; 538 } 539 if (ac_cookie) { 540 if (sc->sc_ac_cookie) 541 free(sc->sc_ac_cookie, M_DEVBUF, 542 sc->sc_ac_cookie_len); 543 sc->sc_ac_cookie = malloc(ac_cookie_len, M_DEVBUF, 544 M_DONTWAIT); 545 if (sc->sc_ac_cookie == NULL) 546 goto done; 547 sc->sc_ac_cookie_len = ac_cookie_len; 548 memcpy(sc->sc_ac_cookie, ac_cookie, ac_cookie_len); 549 } 550 if (relay_sid) { 551 if (sc->sc_relay_sid) 552 free(sc->sc_relay_sid, M_DEVBUF, 553 sc->sc_relay_sid_len); 554 sc->sc_relay_sid = malloc(relay_sid_len, M_DEVBUF, 555 M_DONTWAIT); 556 if (sc->sc_relay_sid == NULL) 557 goto done; 558 sc->sc_relay_sid_len = relay_sid_len; 559 memcpy(sc->sc_relay_sid, relay_sid, relay_sid_len); 560 } 561 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU && 562 (!max_payloadtag || 563 ntohs(max_payload) != sc->sc_sppp.pp_if.if_mtu)) { 564 printf("%s: No valid PPP-Max-Payload tag received in PADO\n", 565 sc->sc_sppp.pp_if.if_xname); 566 sc->sc_sppp.pp_if.if_mtu = PPPOE_MTU; 567 } 568 569 memcpy(&sc->sc_dest, eh->ether_shost, sizeof(sc->sc_dest)); 570 sc->sc_padr_retried = 0; 571 sc->sc_state = PPPOE_STATE_PADR_SENT; 572 if ((err = pppoe_send_padr(sc)) != 0) { 573 PPPOEDEBUG(("%s: failed to send PADR, error=%d\n", 574 sc->sc_sppp.pp_if.if_xname, err)); 575 } 576 timeout_add_sec(&sc->sc_timeout, 577 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried)); 578 579 break; 580 case PPPOE_CODE_PADS: 581 if (sc == NULL) 582 goto done; 583 584 sc->sc_session = session; 585 timeout_del(&sc->sc_timeout); 586 PPPOEDEBUG(("%s: session 0x%x connected\n", 587 sc->sc_sppp.pp_if.if_xname, session)); 588 sc->sc_state = PPPOE_STATE_SESSION; 589 microtime(&sc->sc_session_time); 590 sc->sc_sppp.pp_up(&sc->sc_sppp); /* notify upper layers */ 591 592 break; 593 case PPPOE_CODE_PADT: 594 if (sc == NULL) 595 goto done; 596 597 /* stop timer (we might be about to transmit a PADT ourself) */ 598 timeout_del(&sc->sc_timeout); 599 PPPOEDEBUG(("%s: session 0x%x terminated, received PADT\n", 600 sc->sc_sppp.pp_if.if_xname, session)); 601 602 /* clean up softc */ 603 sc->sc_state = PPPOE_STATE_INITIAL; 604 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 605 if (sc->sc_ac_cookie) { 606 free(sc->sc_ac_cookie, M_DEVBUF, 607 sc->sc_ac_cookie_len); 608 sc->sc_ac_cookie = NULL; 609 } 610 if (sc->sc_relay_sid) { 611 free(sc->sc_relay_sid, M_DEVBUF, sc->sc_relay_sid_len); 612 sc->sc_relay_sid = NULL; 613 } 614 sc->sc_ac_cookie_len = 0; 615 sc->sc_relay_sid_len = 0; 616 sc->sc_session = 0; 617 sc->sc_session_time.tv_sec = 0; 618 sc->sc_session_time.tv_usec = 0; 619 sc->sc_sppp.pp_down(&sc->sc_sppp); /* signal upper layer */ 620 621 break; 622 default: 623 printf("%s: unknown code (0x%04x) session = 0x%04x\n", 624 sc ? sc->sc_sppp.pp_if.if_xname : "pppoe", 625 code, session); 626 break; 627 } 628 629 done: 630 m_freem(m); 631 } 632 633 /* Input function for discovery packets. */ 634 void 635 pppoe_disc_input(struct mbuf *m) 636 { 637 /* avoid error messages if there is not a single pppoe instance */ 638 if (!LIST_EMPTY(&pppoe_softc_list)) { 639 KASSERT(m->m_flags & M_PKTHDR); 640 pppoe_dispatch_disc_pkt(m); 641 } else 642 m_freem(m); 643 } 644 645 /* Input function for data packets */ 646 void 647 pppoe_data_input(struct mbuf *m) 648 { 649 struct pppoe_softc *sc; 650 struct pppoehdr *ph; 651 u_int16_t session, plen; 652 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 653 u_int8_t shost[ETHER_ADDR_LEN]; 654 #endif 655 if (LIST_EMPTY(&pppoe_softc_list)) 656 goto drop; 657 658 KASSERT(m->m_flags & M_PKTHDR); 659 660 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 661 memcpy(shost, mtod(m, struct ether_header*)->ether_shost, ETHER_ADDR_LEN); 662 #endif 663 m_adj(m, sizeof(struct ether_header)); 664 if (m->m_pkthdr.len <= PPPOE_HEADERLEN) { 665 printf("pppoe (data): dropping too short packet: %d bytes\n", 666 m->m_pkthdr.len); 667 goto drop; 668 } 669 if (m->m_len < sizeof(*ph)) { 670 m = m_pullup(m, sizeof(*ph)); 671 if (m == NULL) { 672 printf("pppoe (data): could not get PPPoE header\n"); 673 return; 674 } 675 } 676 ph = mtod(m, struct pppoehdr *); 677 if (ph->vertype != PPPOE_VERTYPE) { 678 printf("pppoe (data): unknown version/type packet: 0x%x\n", 679 ph->vertype); 680 goto drop; 681 } 682 if (ph->code != 0) 683 goto drop; 684 685 session = ntohs(ph->session); 686 sc = pppoe_find_softc_by_session(session, m->m_pkthdr.ph_ifidx); 687 if (sc == NULL) { 688 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 689 printf("pppoe (data): input for unknown session 0x%x, sending PADT\n", 690 session); 691 pppoe_send_padt(m->m_pkthdr.ph_ifidx, session, shost, 0); 692 #endif 693 goto drop; 694 } 695 696 plen = ntohs(ph->plen); 697 698 #if NBPFILTER > 0 699 if(sc->sc_sppp.pp_if.if_bpf) 700 bpf_mtap(sc->sc_sppp.pp_if.if_bpf, m, BPF_DIRECTION_IN); 701 #endif 702 703 m_adj(m, PPPOE_HEADERLEN); 704 705 #ifdef PPPOE_DEBUG 706 { 707 struct mbuf *p; 708 709 printf("%s: pkthdr.len=%d, pppoe.len=%d", 710 sc->sc_sppp.pp_if.if_xname, 711 m->m_pkthdr.len, plen); 712 p = m; 713 while (p) { 714 printf(" l=%d", p->m_len); 715 p = p->m_next; 716 } 717 printf("\n"); 718 } 719 #endif 720 721 if (m->m_pkthdr.len < plen) 722 goto drop; 723 724 /* fix incoming interface pointer (not the raw ethernet interface anymore) */ 725 m->m_pkthdr.ph_ifidx = sc->sc_sppp.pp_if.if_index; 726 727 /* pass packet up and account for it */ 728 sc->sc_sppp.pp_if.if_ipackets++; 729 sppp_input(&sc->sc_sppp.pp_if, m); 730 return; 731 732 drop: 733 m_freem(m); 734 } 735 736 static int 737 pppoe_output(struct pppoe_softc *sc, struct mbuf *m) 738 { 739 struct sockaddr dst; 740 struct ether_header *eh; 741 struct ifnet *eth_if; 742 u_int16_t etype; 743 int ret; 744 745 if ((eth_if = if_get(sc->sc_eth_ifidx)) == NULL) { 746 m_freem(m); 747 return (EIO); 748 } 749 750 if ((eth_if->if_flags & (IFF_UP|IFF_RUNNING)) 751 != (IFF_UP|IFF_RUNNING)) { 752 if_put(eth_if); 753 m_freem(m); 754 return (ENETDOWN); 755 } 756 757 memset(&dst, 0, sizeof dst); 758 dst.sa_family = AF_UNSPEC; 759 eh = (struct ether_header*)&dst.sa_data; 760 etype = sc->sc_state == PPPOE_STATE_SESSION ? ETHERTYPE_PPPOE : ETHERTYPE_PPPOEDISC; 761 eh->ether_type = htons(etype); 762 memcpy(&eh->ether_dhost, &sc->sc_dest, sizeof sc->sc_dest); 763 764 PPPOEDEBUG(("%s (%x) state=%d, session=0x%x output -> %s, len=%d\n", 765 sc->sc_sppp.pp_if.if_xname, etype, 766 sc->sc_state, sc->sc_session, 767 ether_sprintf((unsigned char *)&sc->sc_dest), m->m_pkthdr.len)); 768 769 m->m_flags &= ~(M_BCAST|M_MCAST); 770 /* encapsulated packet is forced into rdomain of physical interface */ 771 m->m_pkthdr.ph_rtableid = eth_if->if_rdomain; 772 773 ret = eth_if->if_output(eth_if, m, &dst, NULL); 774 if_put(eth_if); 775 776 return (ret); 777 } 778 779 /* The ioctl routine. */ 780 static int 781 pppoe_ioctl(struct ifnet *ifp, unsigned long cmd, caddr_t data) 782 { 783 struct proc *p = curproc; /* XXX */ 784 struct pppoe_softc *sc = (struct pppoe_softc *)ifp; 785 struct ifnet *eth_if; 786 int error = 0; 787 788 switch (cmd) { 789 case PPPOESETPARMS: 790 { 791 struct pppoediscparms *parms = (struct pppoediscparms *)data; 792 int len; 793 794 if ((error = suser(p)) != 0) 795 return (error); 796 if (parms->eth_ifname[0] != '\0') { 797 struct ifnet *eth_if; 798 799 eth_if = if_unit(parms->eth_ifname); 800 if (eth_if == NULL || eth_if->if_type != IFT_ETHER) { 801 if_put(eth_if); 802 sc->sc_eth_ifidx = 0; 803 return (ENXIO); 804 } 805 806 if (sc->sc_sppp.pp_if.if_mtu > 807 eth_if->if_mtu - PPPOE_OVERHEAD) { 808 sc->sc_sppp.pp_if.if_mtu = eth_if->if_mtu - 809 PPPOE_OVERHEAD; 810 } 811 sc->sc_eth_ifidx = eth_if->if_index; 812 if_put(eth_if); 813 } 814 815 if (sc->sc_concentrator_name) 816 free(sc->sc_concentrator_name, M_DEVBUF, 817 strlen(sc->sc_concentrator_name) + 1); 818 sc->sc_concentrator_name = NULL; 819 820 len = strlen(parms->ac_name); 821 if (len > 0 && len < sizeof(parms->ac_name)) { 822 char *p = malloc(len + 1, M_DEVBUF, M_WAITOK|M_CANFAIL); 823 if (p == NULL) 824 return (ENOMEM); 825 strlcpy(p, parms->ac_name, len + 1); 826 sc->sc_concentrator_name = p; 827 } 828 829 if (sc->sc_service_name) 830 free(sc->sc_service_name, M_DEVBUF, 831 strlen(sc->sc_service_name) + 1); 832 sc->sc_service_name = NULL; 833 834 len = strlen(parms->service_name); 835 if (len > 0 && len < sizeof(parms->service_name)) { 836 char *p = malloc(len + 1, M_DEVBUF, M_WAITOK|M_CANFAIL); 837 if (p == NULL) 838 return (ENOMEM); 839 strlcpy(p, parms->service_name, len + 1); 840 sc->sc_service_name = p; 841 } 842 return (0); 843 } 844 break; 845 case PPPOEGETPARMS: 846 { 847 struct pppoediscparms *parms = (struct pppoediscparms *)data; 848 849 if ((eth_if = if_get(sc->sc_eth_ifidx)) != NULL) { 850 strlcpy(parms->eth_ifname, eth_if->if_xname, 851 IFNAMSIZ); 852 if_put(eth_if); 853 } else 854 parms->eth_ifname[0] = '\0'; 855 856 if (sc->sc_concentrator_name) 857 strlcpy(parms->ac_name, sc->sc_concentrator_name, 858 sizeof(parms->ac_name)); 859 else 860 parms->ac_name[0] = '\0'; 861 862 if (sc->sc_service_name) 863 strlcpy(parms->service_name, sc->sc_service_name, 864 sizeof(parms->service_name)); 865 else 866 parms->service_name[0] = '\0'; 867 868 return (0); 869 } 870 break; 871 case PPPOEGETSESSION: 872 { 873 struct pppoeconnectionstate *state = 874 (struct pppoeconnectionstate *)data; 875 state->state = sc->sc_state; 876 state->session_id = sc->sc_session; 877 state->padi_retry_no = sc->sc_padi_retried; 878 state->padr_retry_no = sc->sc_padr_retried; 879 state->session_time.tv_sec = sc->sc_session_time.tv_sec; 880 state->session_time.tv_usec = sc->sc_session_time.tv_usec; 881 return (0); 882 } 883 break; 884 case SIOCSIFFLAGS: 885 { 886 struct ifreq *ifr = (struct ifreq *)data; 887 /* 888 * Prevent running re-establishment timers overriding 889 * administrators choice. 890 */ 891 if ((ifr->ifr_flags & IFF_UP) == 0 892 && sc->sc_state >= PPPOE_STATE_PADI_SENT 893 && sc->sc_state < PPPOE_STATE_SESSION) { 894 timeout_del(&sc->sc_timeout); 895 sc->sc_state = PPPOE_STATE_INITIAL; 896 sc->sc_padi_retried = 0; 897 sc->sc_padr_retried = 0; 898 memcpy(&sc->sc_dest, etherbroadcastaddr, 899 sizeof(sc->sc_dest)); 900 } 901 return (sppp_ioctl(ifp, cmd, data)); 902 } 903 case SIOCSIFMTU: 904 { 905 struct ifreq *ifr = (struct ifreq *)data; 906 907 eth_if = if_get(sc->sc_eth_ifidx); 908 909 if (ifr->ifr_mtu > MIN(PPPOE_MAXMTU, 910 (eth_if == NULL ? PPPOE_MAXMTU : 911 (eth_if->if_mtu - PPPOE_OVERHEAD)))) 912 error = EINVAL; 913 else 914 error = 0; 915 916 if_put(eth_if); 917 918 return (sppp_ioctl(ifp, cmd, data)); 919 } 920 default: 921 error = sppp_ioctl(ifp, cmd, data); 922 if (error == ENETRESET) { 923 error = 0; 924 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 925 (IFF_UP | IFF_RUNNING)) { 926 if_down(ifp); 927 if (sc->sc_state >= PPPOE_STATE_PADI_SENT && 928 sc->sc_state < PPPOE_STATE_SESSION) { 929 timeout_del(&sc->sc_timeout); 930 sc->sc_state = PPPOE_STATE_INITIAL; 931 sc->sc_padi_retried = 0; 932 sc->sc_padr_retried = 0; 933 memcpy(&sc->sc_dest, 934 etherbroadcastaddr, 935 sizeof(sc->sc_dest)); 936 } 937 error = sppp_ioctl(ifp, SIOCSIFFLAGS, NULL); 938 if (error) 939 return (error); 940 if_up(ifp); 941 return (sppp_ioctl(ifp, SIOCSIFFLAGS, NULL)); 942 } 943 } 944 return (error); 945 } 946 return (0); 947 } 948 949 /* 950 * Allocate a mbuf/cluster with space to store the given data length 951 * of payload, leaving space for prepending an ethernet header 952 * in front. 953 */ 954 static struct mbuf * 955 pppoe_get_mbuf(size_t len) 956 { 957 struct mbuf *m; 958 959 MGETHDR(m, M_DONTWAIT, MT_DATA); 960 if (m == NULL) 961 return (NULL); 962 if (len + sizeof(struct ether_header) > MHLEN) { 963 MCLGET(m, M_DONTWAIT); 964 if ((m->m_flags & M_EXT) == 0) { 965 m_free(m); 966 return (NULL); 967 } 968 } 969 m->m_data += sizeof(struct ether_header); 970 m->m_len = len; 971 m->m_pkthdr.len = len; 972 m->m_pkthdr.ph_ifidx = 0; 973 974 return (m); 975 } 976 977 /* Send PADI. */ 978 static int 979 pppoe_send_padi(struct pppoe_softc *sc) 980 { 981 struct mbuf *m0; 982 int len, l1 = 0, l2 = 0; /* XXX: gcc */ 983 u_int8_t *p; 984 985 if (sc->sc_state > PPPOE_STATE_PADI_SENT) 986 panic("pppoe_send_padi in state %d", sc->sc_state); 987 988 /* calculate length of frame (excluding ethernet header + pppoe header) */ 989 len = 2 + 2 + 2 + 2 + sizeof(sc->sc_unique); /* service name tag is required, host unique is sent too */ 990 if (sc->sc_service_name != NULL) { 991 l1 = strlen(sc->sc_service_name); 992 len += l1; 993 } 994 if (sc->sc_concentrator_name != NULL) { 995 l2 = strlen(sc->sc_concentrator_name); 996 len += 2 + 2 + l2; 997 } 998 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU) 999 len += 2 + 2 + 2; 1000 1001 /* allocate a buffer */ 1002 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); /* header len + payload len */ 1003 if (m0 == NULL) 1004 return (ENOBUFS); 1005 m0->m_pkthdr.pf.prio = sc->sc_sppp.pp_if.if_llprio; 1006 1007 /* fill in pkt */ 1008 p = mtod(m0, u_int8_t *); 1009 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADI, 0, len); 1010 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1011 if (sc->sc_service_name != NULL) { 1012 PPPOE_ADD_16(p, l1); 1013 memcpy(p, sc->sc_service_name, l1); 1014 p += l1; 1015 } else { 1016 PPPOE_ADD_16(p, 0); 1017 } 1018 if (sc->sc_concentrator_name != NULL) { 1019 PPPOE_ADD_16(p, PPPOE_TAG_ACNAME); 1020 PPPOE_ADD_16(p, l2); 1021 memcpy(p, sc->sc_concentrator_name, l2); 1022 p += l2; 1023 } 1024 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1025 PPPOE_ADD_16(p, sizeof(sc->sc_unique)); 1026 memcpy(p, &sc->sc_unique, sizeof(sc->sc_unique)); 1027 p += sizeof(sc->sc_unique); 1028 1029 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU) { 1030 PPPOE_ADD_16(p, PPPOE_TAG_MAX_PAYLOAD); 1031 PPPOE_ADD_16(p, 2); 1032 PPPOE_ADD_16(p, (u_int16_t)sc->sc_sppp.pp_if.if_mtu); 1033 } 1034 1035 #ifdef PPPOE_DEBUG 1036 if (p - mtod(m0, u_int8_t *) != len + PPPOE_HEADERLEN) 1037 panic("pppoe_send_padi: garbled output len, should be %ld, is %ld", 1038 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, u_int8_t *))); 1039 #endif 1040 1041 /* send pkt */ 1042 return (pppoe_output(sc, m0)); 1043 } 1044 1045 /* Watchdog function. */ 1046 static void 1047 pppoe_timeout(void *arg) 1048 { 1049 struct pppoe_softc *sc = (struct pppoe_softc *)arg; 1050 int x, retry_wait, err; 1051 1052 PPPOEDEBUG(("%s: timeout\n", sc->sc_sppp.pp_if.if_xname)); 1053 1054 NET_LOCK(); 1055 1056 switch (sc->sc_state) { 1057 case PPPOE_STATE_PADI_SENT: 1058 /* 1059 * We have two basic ways of retrying: 1060 * - Quick retry mode: try a few times in short sequence 1061 * - Slow retry mode: we already had a connection successfully 1062 * established and will try infinitely (without user 1063 * intervention) 1064 * We only enter slow retry mode if IFF_LINK1 (aka autodial) 1065 * is not set. 1066 */ 1067 1068 /* initialize for quick retry mode */ 1069 retry_wait = PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried); 1070 1071 x = splnet(); 1072 sc->sc_padi_retried++; 1073 if (sc->sc_padi_retried >= PPPOE_DISC_MAXPADI) { 1074 if ((sc->sc_sppp.pp_if.if_flags & IFF_LINK1) == 0) { 1075 /* slow retry mode */ 1076 retry_wait = PPPOE_SLOW_RETRY; 1077 } else { 1078 pppoe_abort_connect(sc); 1079 splx(x); 1080 break; 1081 } 1082 } 1083 if ((err = pppoe_send_padi(sc)) != 0) { 1084 sc->sc_padi_retried--; 1085 PPPOEDEBUG(("%s: failed to transmit PADI, error=%d\n", 1086 sc->sc_sppp.pp_if.if_xname, err)); 1087 } 1088 timeout_add_sec(&sc->sc_timeout, retry_wait); 1089 splx(x); 1090 1091 break; 1092 case PPPOE_STATE_PADR_SENT: 1093 x = splnet(); 1094 sc->sc_padr_retried++; 1095 if (sc->sc_padr_retried >= PPPOE_DISC_MAXPADR) { 1096 memcpy(&sc->sc_dest, etherbroadcastaddr, 1097 sizeof(sc->sc_dest)); 1098 sc->sc_state = PPPOE_STATE_PADI_SENT; 1099 sc->sc_padr_retried = 0; 1100 if ((err = pppoe_send_padi(sc)) != 0) { 1101 PPPOEDEBUG(("%s: failed to send PADI, error=%d\n", 1102 sc->sc_sppp.pp_if.if_xname, err)); 1103 } 1104 timeout_add_sec(&sc->sc_timeout, 1105 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried)); 1106 splx(x); 1107 break; 1108 } 1109 if ((err = pppoe_send_padr(sc)) != 0) { 1110 sc->sc_padr_retried--; 1111 PPPOEDEBUG(("%s: failed to send PADR, error=%d\n", 1112 sc->sc_sppp.pp_if.if_xname, err)); 1113 } 1114 timeout_add_sec(&sc->sc_timeout, 1115 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried)); 1116 splx(x); 1117 1118 break; 1119 case PPPOE_STATE_CLOSING: 1120 pppoe_disconnect(sc); 1121 break; 1122 default: 1123 break; /* all done, work in peace */ 1124 } 1125 1126 NET_UNLOCK(); 1127 } 1128 1129 /* Start a connection (i.e. initiate discovery phase). */ 1130 static int 1131 pppoe_connect(struct pppoe_softc *sc) 1132 { 1133 int x, err; 1134 1135 if (sc->sc_state != PPPOE_STATE_INITIAL) 1136 return (EBUSY); 1137 1138 x = splnet(); 1139 1140 /* save state, in case we fail to send PADI */ 1141 sc->sc_state = PPPOE_STATE_PADI_SENT; 1142 sc->sc_padr_retried = 0; 1143 err = pppoe_send_padi(sc); 1144 if (err != 0) 1145 PPPOEDEBUG(("%s: failed to send PADI, error=%d\n", 1146 sc->sc_sppp.pp_if.if_xname, err)); 1147 1148 timeout_add_sec(&sc->sc_timeout, PPPOE_DISC_TIMEOUT); 1149 splx(x); 1150 1151 return (err); 1152 } 1153 1154 /* disconnect */ 1155 static int 1156 pppoe_disconnect(struct pppoe_softc *sc) 1157 { 1158 int err, x; 1159 1160 x = splnet(); 1161 1162 if (sc->sc_state < PPPOE_STATE_SESSION) 1163 err = EBUSY; 1164 else { 1165 PPPOEDEBUG(("%s: disconnecting\n", 1166 sc->sc_sppp.pp_if.if_xname)); 1167 err = pppoe_send_padt(sc->sc_eth_ifidx, 1168 sc->sc_session, (const u_int8_t *)&sc->sc_dest, 1169 sc->sc_sppp.pp_if.if_llprio); 1170 } 1171 1172 /* cleanup softc */ 1173 sc->sc_state = PPPOE_STATE_INITIAL; 1174 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1175 if (sc->sc_ac_cookie) { 1176 free(sc->sc_ac_cookie, M_DEVBUF, sc->sc_ac_cookie_len); 1177 sc->sc_ac_cookie = NULL; 1178 } 1179 sc->sc_ac_cookie_len = 0; 1180 if (sc->sc_relay_sid) { 1181 free(sc->sc_relay_sid, M_DEVBUF, sc->sc_relay_sid_len); 1182 sc->sc_relay_sid = NULL; 1183 } 1184 sc->sc_relay_sid_len = 0; 1185 sc->sc_session = 0; 1186 1187 /* notify upper layer */ 1188 sc->sc_sppp.pp_down(&sc->sc_sppp); 1189 1190 splx(x); 1191 1192 return (err); 1193 } 1194 1195 /* Connection attempt aborted. */ 1196 static void 1197 pppoe_abort_connect(struct pppoe_softc *sc) 1198 { 1199 printf("%s: could not establish connection\n", 1200 sc->sc_sppp.pp_if.if_xname); 1201 sc->sc_state = PPPOE_STATE_CLOSING; 1202 1203 /* notify upper layer */ 1204 sc->sc_sppp.pp_down(&sc->sc_sppp); 1205 1206 /* clear connection state */ 1207 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1208 sc->sc_state = PPPOE_STATE_INITIAL; 1209 } 1210 1211 /* Send a PADR packet */ 1212 static int 1213 pppoe_send_padr(struct pppoe_softc *sc) 1214 { 1215 struct mbuf *m0; 1216 u_int8_t *p; 1217 size_t len, l1 = 0; /* XXX: gcc */ 1218 1219 if (sc->sc_state != PPPOE_STATE_PADR_SENT) 1220 return (EIO); 1221 1222 len = 2 + 2 + 2 + 2 + sizeof(sc->sc_unique); /* service name, host unique */ 1223 if (sc->sc_service_name != NULL) { /* service name tag maybe empty */ 1224 l1 = strlen(sc->sc_service_name); 1225 len += l1; 1226 } 1227 if (sc->sc_ac_cookie_len > 0) 1228 len += 2 + 2 + sc->sc_ac_cookie_len; /* AC cookie */ 1229 if (sc->sc_relay_sid_len > 0) 1230 len += 2 + 2 + sc->sc_relay_sid_len; /* Relay SID */ 1231 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU) 1232 len += 2 + 2 + 2; 1233 1234 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); 1235 if (m0 == NULL) 1236 return (ENOBUFS); 1237 m0->m_pkthdr.pf.prio = sc->sc_sppp.pp_if.if_llprio; 1238 1239 p = mtod(m0, u_int8_t *); 1240 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADR, 0, len); 1241 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1242 1243 if (sc->sc_service_name != NULL) { 1244 PPPOE_ADD_16(p, l1); 1245 memcpy(p, sc->sc_service_name, l1); 1246 p += l1; 1247 } else { 1248 PPPOE_ADD_16(p, 0); 1249 } 1250 if (sc->sc_ac_cookie_len > 0) { 1251 PPPOE_ADD_16(p, PPPOE_TAG_ACCOOKIE); 1252 PPPOE_ADD_16(p, sc->sc_ac_cookie_len); 1253 memcpy(p, sc->sc_ac_cookie, sc->sc_ac_cookie_len); 1254 p += sc->sc_ac_cookie_len; 1255 } 1256 if (sc->sc_relay_sid_len > 0) { 1257 PPPOE_ADD_16(p, PPPOE_TAG_RELAYSID); 1258 PPPOE_ADD_16(p, sc->sc_relay_sid_len); 1259 memcpy(p, sc->sc_relay_sid, sc->sc_relay_sid_len); 1260 p += sc->sc_relay_sid_len; 1261 } 1262 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1263 PPPOE_ADD_16(p, sizeof(sc->sc_unique)); 1264 memcpy(p, &sc->sc_unique, sizeof(sc->sc_unique)); 1265 p += sizeof(sc->sc_unique); 1266 1267 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU) { 1268 PPPOE_ADD_16(p, PPPOE_TAG_MAX_PAYLOAD); 1269 PPPOE_ADD_16(p, 2); 1270 PPPOE_ADD_16(p, (u_int16_t)sc->sc_sppp.pp_if.if_mtu); 1271 } 1272 1273 #ifdef PPPOE_DEBUG 1274 if (p - mtod(m0, u_int8_t *) != len + PPPOE_HEADERLEN) 1275 panic("pppoe_send_padr: garbled output len, should be %ld, is %ld", 1276 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, u_int8_t *))); 1277 #endif 1278 1279 return (pppoe_output(sc, m0)); 1280 } 1281 1282 /* Send a PADT packet. */ 1283 static int 1284 pppoe_send_padt(unsigned int ifidx, u_int session, const u_int8_t *dest, u_int8_t prio) 1285 { 1286 struct ether_header *eh; 1287 struct sockaddr dst; 1288 struct ifnet *eth_if; 1289 struct mbuf *m0; 1290 u_int8_t *p; 1291 int ret; 1292 1293 if ((eth_if = if_get(ifidx)) == NULL) 1294 return (EINVAL); 1295 1296 m0 = pppoe_get_mbuf(PPPOE_HEADERLEN); 1297 if (m0 == NULL) { 1298 if_put(eth_if); 1299 return (ENOBUFS); 1300 } 1301 m0->m_pkthdr.pf.prio = prio; 1302 1303 p = mtod(m0, u_int8_t *); 1304 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADT, session, 0); 1305 1306 memset(&dst, 0, sizeof(dst)); 1307 dst.sa_family = AF_UNSPEC; 1308 eh = (struct ether_header *)&dst.sa_data; 1309 eh->ether_type = htons(ETHERTYPE_PPPOEDISC); 1310 memcpy(&eh->ether_dhost, dest, ETHER_ADDR_LEN); 1311 1312 m0->m_flags &= ~(M_BCAST|M_MCAST); 1313 /* encapsulated packet is forced into rdomain of physical interface */ 1314 m0->m_pkthdr.ph_rtableid = eth_if->if_rdomain; 1315 1316 ret = eth_if->if_output(eth_if, m0, &dst, NULL); 1317 if_put(eth_if); 1318 1319 return (ret); 1320 } 1321 1322 1323 /* this-layer-start function */ 1324 static void 1325 pppoe_tls(struct sppp *sp) 1326 { 1327 struct pppoe_softc *sc = (void *)sp; 1328 1329 if (sc->sc_state != PPPOE_STATE_INITIAL) 1330 return; 1331 pppoe_connect(sc); 1332 } 1333 1334 /* this-layer-finish function */ 1335 static void 1336 pppoe_tlf(struct sppp *sp) 1337 { 1338 struct pppoe_softc *sc = (void *)sp; 1339 1340 if (sc->sc_state < PPPOE_STATE_SESSION) 1341 return; 1342 /* 1343 * Do not call pppoe_disconnect here, the upper layer state 1344 * machine gets confused by this. We must return from this 1345 * function and defer disconnecting to the timeout handler. 1346 */ 1347 sc->sc_state = PPPOE_STATE_CLOSING; 1348 timeout_add_msec(&sc->sc_timeout, 20); 1349 } 1350 1351 static void 1352 pppoe_start(struct ifnet *ifp) 1353 { 1354 struct pppoe_softc *sc = (void *)ifp; 1355 struct mbuf *m; 1356 size_t len; 1357 u_int8_t *p; 1358 1359 if (sppp_isempty(ifp)) 1360 return; 1361 1362 /* are we ready to process data yet? */ 1363 if (sc->sc_state < PPPOE_STATE_SESSION) { 1364 sppp_flush(&sc->sc_sppp.pp_if); 1365 return; 1366 } 1367 1368 while ((m = sppp_dequeue(ifp)) != NULL) { 1369 len = m->m_pkthdr.len; 1370 M_PREPEND(m, PPPOE_HEADERLEN, M_DONTWAIT); 1371 if (m == NULL) { 1372 ifp->if_oerrors++; 1373 continue; 1374 } 1375 p = mtod(m, u_int8_t *); 1376 PPPOE_ADD_HEADER(p, 0, sc->sc_session, len); 1377 1378 #if NBPFILTER > 0 1379 if(sc->sc_sppp.pp_if.if_bpf) 1380 bpf_mtap(sc->sc_sppp.pp_if.if_bpf, m, 1381 BPF_DIRECTION_OUT); 1382 #endif 1383 1384 pppoe_output(sc, m); 1385 } 1386 } 1387