1 /* $OpenBSD: if_pppoe.c,v 1.57 2016/06/14 20:44:43 sthen Exp $ */ 2 /* $NetBSD: if_pppoe.c,v 1.51 2003/11/28 08:56:48 keihan Exp $ */ 3 4 /* 5 * Copyright (c) 2002 The NetBSD Foundation, Inc. 6 * All rights reserved. 7 * 8 * This code is derived from software contributed to The NetBSD Foundation 9 * by Martin Husemann <martin@NetBSD.org>. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 24 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include "pppoe.h" 34 #include "bpfilter.h" 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/kernel.h> 39 #include <sys/types.h> 40 #include <sys/timeout.h> 41 #include <sys/malloc.h> 42 #include <sys/mbuf.h> 43 #include <sys/socket.h> 44 #include <sys/syslog.h> 45 #include <sys/ioctl.h> 46 #include <net/if.h> 47 #include <net/if_var.h> 48 #include <net/if_types.h> 49 #include <net/if_sppp.h> 50 #include <net/if_pppoe.h> 51 #include <net/netisr.h> 52 #include <netinet/in.h> 53 #include <netinet/if_ether.h> 54 55 #if NBPFILTER > 0 56 #include <net/bpf.h> 57 #endif 58 59 #undef PPPOE_DEBUG /* XXX - remove this or make it an option */ 60 61 #define PPPOEDEBUG(a) ((sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) ? printf a : 0) 62 63 struct pppoehdr { 64 u_int8_t vertype; 65 u_int8_t code; 66 u_int16_t session; 67 u_int16_t plen; 68 } __packed; 69 70 struct pppoetag { 71 u_int16_t tag; 72 u_int16_t len; 73 } __packed; 74 75 #define PPPOE_HEADERLEN sizeof(struct pppoehdr) 76 #define PPPOE_OVERHEAD (PPPOE_HEADERLEN + 2) 77 #define PPPOE_VERTYPE 0x11 /* VER=1, TYPE = 1 */ 78 79 #define PPPOE_TAG_EOL 0x0000 /* end of list */ 80 #define PPPOE_TAG_SNAME 0x0101 /* service name */ 81 #define PPPOE_TAG_ACNAME 0x0102 /* access concentrator name */ 82 #define PPPOE_TAG_HUNIQUE 0x0103 /* host unique */ 83 #define PPPOE_TAG_ACCOOKIE 0x0104 /* AC cookie */ 84 #define PPPOE_TAG_VENDOR 0x0105 /* vendor specific */ 85 #define PPPOE_TAG_RELAYSID 0x0110 /* relay session id */ 86 #define PPPOE_TAG_MAX_PAYLOAD 0x0120 /* RFC 4638 max payload */ 87 #define PPPOE_TAG_SNAME_ERR 0x0201 /* service name error */ 88 #define PPPOE_TAG_ACSYS_ERR 0x0202 /* AC system error */ 89 #define PPPOE_TAG_GENERIC_ERR 0x0203 /* generic error */ 90 91 #define PPPOE_CODE_PADI 0x09 /* Active Discovery Initiation */ 92 #define PPPOE_CODE_PADO 0x07 /* Active Discovery Offer */ 93 #define PPPOE_CODE_PADR 0x19 /* Active Discovery Request */ 94 #define PPPOE_CODE_PADS 0x65 /* Active Discovery Session confirmation */ 95 #define PPPOE_CODE_PADT 0xA7 /* Active Discovery Terminate */ 96 97 /* two byte PPP protocol discriminator, then IP data */ 98 #define PPPOE_MTU (ETHERMTU - PPPOE_OVERHEAD) 99 #define PPPOE_MAXMTU PP_MAX_MRU 100 101 /* Add a 16 bit unsigned value to a buffer pointed to by PTR */ 102 #define PPPOE_ADD_16(PTR, VAL) \ 103 *(PTR)++ = (VAL) / 256; \ 104 *(PTR)++ = (VAL) % 256 105 106 /* Add a complete PPPoE header to the buffer pointed to by PTR */ 107 #define PPPOE_ADD_HEADER(PTR, CODE, SESS, LEN) \ 108 *(PTR)++ = PPPOE_VERTYPE; \ 109 *(PTR)++ = (CODE); \ 110 PPPOE_ADD_16(PTR, SESS); \ 111 PPPOE_ADD_16(PTR, LEN) 112 113 #define PPPOE_DISC_TIMEOUT (hz*5) /* base for quick timeout calculation */ 114 #define PPPOE_SLOW_RETRY (hz*60) /* persistent retry interval */ 115 #define PPPOE_DISC_MAXPADI 4 /* retry PADI four times (quickly) */ 116 #define PPPOE_DISC_MAXPADR 2 /* retry PADR twice */ 117 118 struct pppoe_softc { 119 struct sppp sc_sppp; /* contains a struct ifnet as first element */ 120 LIST_ENTRY(pppoe_softc) sc_list; 121 unsigned int sc_eth_ifidx; 122 123 int sc_state; /* discovery phase or session connected */ 124 struct ether_addr sc_dest; /* hardware address of concentrator */ 125 u_int16_t sc_session; /* PPPoE session id */ 126 127 char *sc_service_name; /* if != NULL: requested name of service */ 128 char *sc_concentrator_name; /* if != NULL: requested concentrator id */ 129 u_int8_t *sc_ac_cookie; /* content of AC cookie we must echo back */ 130 size_t sc_ac_cookie_len; /* length of cookie data */ 131 u_int8_t *sc_relay_sid; /* content of relay SID we must echo back */ 132 size_t sc_relay_sid_len; /* length of relay SID data */ 133 u_int32_t sc_unique; /* our unique id */ 134 struct timeout sc_timeout; /* timeout while not in session state */ 135 int sc_padi_retried; /* number of PADI retries already done */ 136 int sc_padr_retried; /* number of PADR retries already done */ 137 138 struct timeval sc_session_time; /* time the session was established */ 139 }; 140 141 /* incoming traffic will be queued here */ 142 struct niqueue pppoediscinq = NIQUEUE_INITIALIZER(IFQ_MAXLEN, NETISR_PPPOE); 143 struct niqueue pppoeinq = NIQUEUE_INITIALIZER(IFQ_MAXLEN, NETISR_PPPOE); 144 145 /* input routines */ 146 static void pppoe_disc_input(struct mbuf *); 147 static void pppoe_dispatch_disc_pkt(struct mbuf *, int); 148 static void pppoe_data_input(struct mbuf *); 149 150 /* management routines */ 151 void pppoeattach(int); 152 static int pppoe_connect(struct pppoe_softc *); 153 static int pppoe_disconnect(struct pppoe_softc *); 154 static void pppoe_abort_connect(struct pppoe_softc *); 155 static int pppoe_ioctl(struct ifnet *, unsigned long, caddr_t); 156 static void pppoe_tls(struct sppp *); 157 static void pppoe_tlf(struct sppp *); 158 static void pppoe_start(struct ifnet *); 159 160 /* internal timeout handling */ 161 static void pppoe_timeout(void *); 162 163 /* sending actual protocol control packets */ 164 static int pppoe_send_padi(struct pppoe_softc *); 165 static int pppoe_send_padr(struct pppoe_softc *); 166 static int pppoe_send_padt(unsigned int, u_int, const u_int8_t *, u_int8_t); 167 168 /* raw output */ 169 static int pppoe_output(struct pppoe_softc *, struct mbuf *); 170 171 /* internal helper functions */ 172 static struct pppoe_softc *pppoe_find_softc_by_session(u_int, u_int); 173 static struct pppoe_softc *pppoe_find_softc_by_hunique(u_int8_t *, size_t, u_int); 174 static struct mbuf *pppoe_get_mbuf(size_t len); 175 176 LIST_HEAD(pppoe_softc_head, pppoe_softc) pppoe_softc_list; 177 178 /* interface cloning */ 179 int pppoe_clone_create(struct if_clone *, int); 180 int pppoe_clone_destroy(struct ifnet *); 181 182 struct if_clone pppoe_cloner = 183 IF_CLONE_INITIALIZER("pppoe", pppoe_clone_create, pppoe_clone_destroy); 184 185 186 void 187 pppoeattach(int count) 188 { 189 LIST_INIT(&pppoe_softc_list); 190 if_clone_attach(&pppoe_cloner); 191 } 192 193 /* Create a new interface. */ 194 int 195 pppoe_clone_create(struct if_clone *ifc, int unit) 196 { 197 struct pppoe_softc *sc, *tmpsc; 198 u_int32_t unique; 199 int s; 200 201 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_CANFAIL|M_ZERO); 202 if (sc == NULL) 203 return (ENOMEM); 204 205 snprintf(sc->sc_sppp.pp_if.if_xname, 206 sizeof(sc->sc_sppp.pp_if.if_xname), 207 "pppoe%d", unit); 208 sc->sc_sppp.pp_if.if_softc = sc; 209 sc->sc_sppp.pp_if.if_mtu = PPPOE_MTU; 210 sc->sc_sppp.pp_if.if_flags = IFF_SIMPLEX | IFF_POINTOPOINT | IFF_MULTICAST; 211 sc->sc_sppp.pp_if.if_type = IFT_PPP; 212 sc->sc_sppp.pp_if.if_hdrlen = sizeof(struct ether_header) + PPPOE_HEADERLEN; 213 sc->sc_sppp.pp_flags |= PP_KEEPALIVE; /* use LCP keepalive */ 214 sc->sc_sppp.pp_framebytes = PPPOE_HEADERLEN; /* framing added to ppp packets */ 215 sc->sc_sppp.pp_if.if_ioctl = pppoe_ioctl; 216 sc->sc_sppp.pp_if.if_start = pppoe_start; 217 sc->sc_sppp.pp_if.if_rtrequest = p2p_rtrequest; 218 sc->sc_sppp.pp_tls = pppoe_tls; 219 sc->sc_sppp.pp_tlf = pppoe_tlf; 220 IFQ_SET_MAXLEN(&sc->sc_sppp.pp_if.if_snd, IFQ_MAXLEN); 221 222 /* changed to real address later */ 223 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 224 225 /* init timer for interface watchdog */ 226 timeout_set(&sc->sc_timeout, pppoe_timeout, sc); 227 228 if_attach(&sc->sc_sppp.pp_if); 229 if_alloc_sadl(&sc->sc_sppp.pp_if); 230 sppp_attach(&sc->sc_sppp.pp_if); 231 #if NBPFILTER > 0 232 bpfattach(&sc->sc_sppp.pp_if.if_bpf, &sc->sc_sppp.pp_if, DLT_PPP_ETHER, 0); 233 #endif 234 235 s = splnet(); 236 retry: 237 unique = arc4random(); 238 LIST_FOREACH(tmpsc, &pppoe_softc_list, sc_list) 239 if (tmpsc->sc_unique == unique) 240 goto retry; 241 sc->sc_unique = unique; 242 LIST_INSERT_HEAD(&pppoe_softc_list, sc, sc_list); 243 splx(s); 244 245 return (0); 246 } 247 248 /* Destroy a given interface. */ 249 int 250 pppoe_clone_destroy(struct ifnet *ifp) 251 { 252 struct pppoe_softc *sc = ifp->if_softc; 253 int s; 254 255 s = splnet(); 256 LIST_REMOVE(sc, sc_list); 257 timeout_del(&sc->sc_timeout); 258 splx(s); 259 260 sppp_detach(&sc->sc_sppp.pp_if); 261 if_detach(ifp); 262 263 if (sc->sc_concentrator_name) 264 free(sc->sc_concentrator_name, M_DEVBUF, 0); 265 if (sc->sc_service_name) 266 free(sc->sc_service_name, M_DEVBUF, 0); 267 if (sc->sc_ac_cookie) 268 free(sc->sc_ac_cookie, M_DEVBUF, 0); 269 if (sc->sc_relay_sid) 270 free(sc->sc_relay_sid, M_DEVBUF, 0); 271 272 free(sc, M_DEVBUF, 0); 273 274 return (0); 275 } 276 277 /* 278 * Find the interface handling the specified session. 279 * Note: O(number of sessions open), this is a client-side only, mean 280 * and lean implementation, so number of open sessions typically should 281 * be 1. 282 */ 283 static struct pppoe_softc * 284 pppoe_find_softc_by_session(u_int session, u_int ifidx) 285 { 286 struct pppoe_softc *sc; 287 288 if (session == 0) 289 return (NULL); 290 291 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) { 292 if (sc->sc_state == PPPOE_STATE_SESSION 293 && sc->sc_session == session 294 && sc->sc_eth_ifidx == ifidx) { 295 return (sc); 296 } 297 } 298 return (NULL); 299 } 300 301 /* 302 * Check host unique token passed and return appropriate softc pointer, 303 * or NULL if token is bogus. 304 */ 305 static struct pppoe_softc * 306 pppoe_find_softc_by_hunique(u_int8_t *token, size_t len, u_int ifidx) 307 { 308 struct pppoe_softc *sc; 309 u_int32_t hunique; 310 311 if (LIST_EMPTY(&pppoe_softc_list)) 312 return (NULL); 313 314 if (len != sizeof(hunique)) 315 return (NULL); 316 memcpy(&hunique, token, len); 317 318 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) 319 if (sc->sc_unique == hunique) 320 break; 321 322 if (sc == NULL) { 323 printf("pppoe: alien host unique tag, no session found\n"); 324 return (NULL); 325 } 326 327 /* should be safe to access *sc now */ 328 if (sc->sc_state < PPPOE_STATE_PADI_SENT || sc->sc_state >= PPPOE_STATE_SESSION) { 329 printf("%s: host unique tag found, but it belongs to a connection in state %d\n", 330 sc->sc_sppp.pp_if.if_xname, sc->sc_state); 331 return (NULL); 332 } 333 if (sc->sc_eth_ifidx != ifidx) { 334 printf("%s: wrong interface, not accepting host unique\n", 335 sc->sc_sppp.pp_if.if_xname); 336 return (NULL); 337 } 338 return (sc); 339 } 340 341 /* Interface interrupt handler routine. */ 342 void 343 pppoeintr(void) 344 { 345 struct mbuf *m; 346 347 splsoftassert(IPL_SOFTNET); 348 349 while ((m = niq_dequeue(&pppoediscinq)) != NULL) 350 pppoe_disc_input(m); 351 352 while ((m = niq_dequeue(&pppoeinq)) != NULL) 353 pppoe_data_input(m); 354 } 355 356 /* Analyze and handle a single received packet while not in session state. */ 357 static void pppoe_dispatch_disc_pkt(struct mbuf *m, int off) 358 { 359 struct pppoe_softc *sc; 360 struct pppoehdr *ph; 361 struct pppoetag *pt; 362 struct mbuf *n; 363 struct ether_header *eh; 364 const char *err_msg, *devname; 365 size_t ac_cookie_len; 366 size_t relay_sid_len; 367 int noff, err, errortag; 368 u_int16_t *max_payload; 369 u_int16_t tag, len; 370 u_int16_t session, plen; 371 u_int8_t *ac_cookie; 372 u_int8_t *relay_sid; 373 u_int8_t code; 374 375 err_msg = NULL; 376 devname = "pppoe"; 377 errortag = 0; 378 379 if (m->m_len < sizeof(*eh)) { 380 m = m_pullup(m, sizeof(*eh)); 381 if (m == NULL) 382 goto done; 383 } 384 eh = mtod(m, struct ether_header *); 385 off += sizeof(*eh); 386 387 ac_cookie = NULL; 388 ac_cookie_len = 0; 389 relay_sid = NULL; 390 relay_sid_len = 0; 391 max_payload = NULL; 392 393 session = 0; 394 if (m->m_pkthdr.len - off <= PPPOE_HEADERLEN) { 395 printf("pppoe: packet too short: %d\n", m->m_pkthdr.len); 396 goto done; 397 } 398 399 n = m_pulldown(m, off, sizeof(*ph), &noff); 400 if (n == NULL) { 401 printf("pppoe: could not get PPPoE header\n"); 402 m = NULL; 403 goto done; 404 } 405 ph = (struct pppoehdr *)(mtod(n, caddr_t) + noff); 406 if (ph->vertype != PPPOE_VERTYPE) { 407 printf("pppoe: unknown version/type packet: 0x%x\n", 408 ph->vertype); 409 goto done; 410 } 411 412 session = ntohs(ph->session); 413 plen = ntohs(ph->plen); 414 code = ph->code; 415 off += sizeof(*ph); 416 if (plen + off > m->m_pkthdr.len) { 417 printf("pppoe: packet content does not fit: data available = %d, packet size = %u\n", 418 m->m_pkthdr.len - off, plen); 419 goto done; 420 } 421 422 /* ignore trailing garbage */ 423 m_adj(m, off + plen - m->m_pkthdr.len); 424 425 tag = 0; 426 len = 0; 427 sc = NULL; 428 while (off + sizeof(*pt) <= m->m_pkthdr.len) { 429 n = m_pulldown(m, off, sizeof(*pt), &noff); 430 if (n == NULL) { 431 printf("%s: parse error\n", devname); 432 m = NULL; 433 goto done; 434 } 435 pt = (struct pppoetag *)(mtod(n, caddr_t) + noff); 436 tag = ntohs(pt->tag); 437 len = ntohs(pt->len); 438 off += sizeof(*pt); 439 if (off + len > m->m_pkthdr.len) { 440 printf("%s: tag 0x%x len 0x%x is too long\n", 441 devname, tag, len); 442 goto done; 443 } 444 switch (tag) { 445 case PPPOE_TAG_EOL: 446 goto breakbreak; 447 case PPPOE_TAG_SNAME: 448 break; /* ignored */ 449 case PPPOE_TAG_ACNAME: 450 break; /* ignored */ 451 case PPPOE_TAG_HUNIQUE: 452 if (sc != NULL) 453 break; 454 n = m_pulldown(m, off, len, &noff); 455 if (n == NULL) { 456 m = NULL; 457 err_msg = "TAG HUNIQUE ERROR"; 458 break; 459 } 460 sc = pppoe_find_softc_by_hunique(mtod(n, caddr_t) + noff, 461 len, m->m_pkthdr.ph_ifidx); 462 if (sc != NULL) 463 devname = sc->sc_sppp.pp_if.if_xname; 464 break; 465 case PPPOE_TAG_ACCOOKIE: 466 if (ac_cookie == NULL) { 467 n = m_pulldown(m, off, len, 468 &noff); 469 if (n == NULL) { 470 err_msg = "TAG ACCOOKIE ERROR"; 471 m = NULL; 472 break; 473 } 474 ac_cookie = mtod(n, caddr_t) + noff; 475 ac_cookie_len = len; 476 } 477 break; 478 case PPPOE_TAG_RELAYSID: 479 if (relay_sid == NULL) { 480 n = m_pulldown(m, off, len, 481 &noff); 482 if (n == NULL) { 483 err_msg = "TAG RELAYSID ERROR"; 484 m = NULL; 485 break; 486 } 487 relay_sid = mtod(n, caddr_t) + noff; 488 relay_sid_len = len; 489 } 490 break; 491 case PPPOE_TAG_MAX_PAYLOAD: 492 if (max_payload == NULL) { 493 n = m_pulldown(m, off, len, 494 &noff); 495 if (n == NULL || len != 2) { 496 err_msg = "TAG MAX_PAYLOAD ERROR"; 497 m = NULL; 498 break; 499 } 500 max_payload = (u_int16_t *)(mtod(n, caddr_t) + noff); 501 } 502 break; 503 case PPPOE_TAG_SNAME_ERR: 504 err_msg = "SERVICE NAME ERROR"; 505 errortag = 1; 506 break; 507 case PPPOE_TAG_ACSYS_ERR: 508 err_msg = "AC SYSTEM ERROR"; 509 errortag = 1; 510 break; 511 case PPPOE_TAG_GENERIC_ERR: 512 err_msg = "GENERIC ERROR"; 513 errortag = 1; 514 break; 515 } 516 if (err_msg) { 517 log(LOG_INFO, "%s: %s: ", devname, err_msg); 518 if (errortag && len) { 519 n = m_pulldown(m, off, len, 520 &noff); 521 if (n) { 522 u_int8_t *et = mtod(n, caddr_t) + noff; 523 while (len--) 524 addlog("%c", *et++); 525 } 526 } 527 addlog("\n"); 528 goto done; 529 } 530 off += len; 531 } 532 breakbreak: 533 switch (code) { 534 case PPPOE_CODE_PADI: 535 case PPPOE_CODE_PADR: 536 /* ignore, we are no access concentrator */ 537 goto done; 538 case PPPOE_CODE_PADO: 539 if (sc == NULL) { 540 /* be quiet if there is not a single pppoe instance */ 541 if (!LIST_EMPTY(&pppoe_softc_list)) 542 printf("pppoe: received PADO but could not find request for it\n"); 543 goto done; 544 } 545 if (sc->sc_state != PPPOE_STATE_PADI_SENT) { 546 printf("%s: received unexpected PADO\n", 547 sc->sc_sppp.pp_if.if_xname); 548 goto done; 549 } 550 if (ac_cookie) { 551 if (sc->sc_ac_cookie) 552 free(sc->sc_ac_cookie, M_DEVBUF, 0); 553 sc->sc_ac_cookie = malloc(ac_cookie_len, M_DEVBUF, 554 M_DONTWAIT); 555 if (sc->sc_ac_cookie == NULL) 556 goto done; 557 sc->sc_ac_cookie_len = ac_cookie_len; 558 memcpy(sc->sc_ac_cookie, ac_cookie, ac_cookie_len); 559 } 560 if (relay_sid) { 561 if (sc->sc_relay_sid) 562 free(sc->sc_relay_sid, M_DEVBUF, 0); 563 sc->sc_relay_sid = malloc(relay_sid_len, M_DEVBUF, 564 M_DONTWAIT); 565 if (sc->sc_relay_sid == NULL) 566 goto done; 567 sc->sc_relay_sid_len = relay_sid_len; 568 memcpy(sc->sc_relay_sid, relay_sid, relay_sid_len); 569 } 570 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU && 571 (max_payload == NULL || 572 ntohs(*max_payload) != sc->sc_sppp.pp_if.if_mtu)) { 573 printf("%s: No valid PPP-Max-Payload tag received in PADO\n", 574 sc->sc_sppp.pp_if.if_xname); 575 sc->sc_sppp.pp_if.if_mtu = PPPOE_MTU; 576 } 577 578 memcpy(&sc->sc_dest, eh->ether_shost, sizeof(sc->sc_dest)); 579 sc->sc_padr_retried = 0; 580 sc->sc_state = PPPOE_STATE_PADR_SENT; 581 if ((err = pppoe_send_padr(sc)) != 0) { 582 PPPOEDEBUG(("%s: failed to send PADR, error=%d\n", 583 sc->sc_sppp.pp_if.if_xname, err)); 584 } 585 timeout_add(&sc->sc_timeout, 586 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried)); 587 588 break; 589 case PPPOE_CODE_PADS: 590 if (sc == NULL) 591 goto done; 592 593 sc->sc_session = session; 594 timeout_del(&sc->sc_timeout); 595 PPPOEDEBUG(("%s: session 0x%x connected\n", 596 sc->sc_sppp.pp_if.if_xname, session)); 597 sc->sc_state = PPPOE_STATE_SESSION; 598 microtime(&sc->sc_session_time); 599 sc->sc_sppp.pp_up(&sc->sc_sppp); /* notify upper layers */ 600 601 break; 602 case PPPOE_CODE_PADT: 603 if (sc == NULL) 604 goto done; 605 606 /* stop timer (we might be about to transmit a PADT ourself) */ 607 timeout_del(&sc->sc_timeout); 608 PPPOEDEBUG(("%s: session 0x%x terminated, received PADT\n", 609 sc->sc_sppp.pp_if.if_xname, session)); 610 611 /* clean up softc */ 612 sc->sc_state = PPPOE_STATE_INITIAL; 613 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 614 if (sc->sc_ac_cookie) { 615 free(sc->sc_ac_cookie, M_DEVBUF, 0); 616 sc->sc_ac_cookie = NULL; 617 } 618 if (sc->sc_relay_sid) { 619 free(sc->sc_relay_sid, M_DEVBUF, 0); 620 sc->sc_relay_sid = NULL; 621 } 622 sc->sc_ac_cookie_len = 0; 623 sc->sc_relay_sid_len = 0; 624 sc->sc_session = 0; 625 sc->sc_session_time.tv_sec = 0; 626 sc->sc_session_time.tv_usec = 0; 627 sc->sc_sppp.pp_down(&sc->sc_sppp); /* signal upper layer */ 628 629 break; 630 default: 631 printf("%s: unknown code (0x%04x) session = 0x%04x\n", 632 sc ? sc->sc_sppp.pp_if.if_xname : "pppoe", 633 code, session); 634 break; 635 } 636 637 done: 638 m_freem(m); 639 } 640 641 /* Input function for discovery packets. */ 642 static void 643 pppoe_disc_input(struct mbuf *m) 644 { 645 /* avoid error messages if there is not a single pppoe instance */ 646 if (!LIST_EMPTY(&pppoe_softc_list)) { 647 KASSERT(m->m_flags & M_PKTHDR); 648 pppoe_dispatch_disc_pkt(m, 0); 649 } else 650 m_freem(m); 651 } 652 653 /* Input function for data packets */ 654 static void 655 pppoe_data_input(struct mbuf *m) 656 { 657 struct pppoe_softc *sc; 658 struct pppoehdr *ph; 659 u_int16_t session, plen; 660 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 661 u_int8_t shost[ETHER_ADDR_LEN]; 662 #endif 663 if (LIST_EMPTY(&pppoe_softc_list)) 664 goto drop; 665 666 KASSERT(m->m_flags & M_PKTHDR); 667 668 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 669 memcpy(shost, mtod(m, struct ether_header*)->ether_shost, ETHER_ADDR_LEN); 670 #endif 671 m_adj(m, sizeof(struct ether_header)); 672 if (m->m_pkthdr.len <= PPPOE_HEADERLEN) { 673 printf("pppoe (data): dropping too short packet: %d bytes\n", 674 m->m_pkthdr.len); 675 goto drop; 676 } 677 if (m->m_len < sizeof(*ph)) { 678 m = m_pullup(m, sizeof(*ph)); 679 if (m == NULL) { 680 printf("pppoe (data): could not get PPPoE header\n"); 681 return; 682 } 683 } 684 ph = mtod(m, struct pppoehdr *); 685 if (ph->vertype != PPPOE_VERTYPE) { 686 printf("pppoe (data): unknown version/type packet: 0x%x\n", 687 ph->vertype); 688 goto drop; 689 } 690 if (ph->code != 0) 691 goto drop; 692 693 session = ntohs(ph->session); 694 sc = pppoe_find_softc_by_session(session, m->m_pkthdr.ph_ifidx); 695 if (sc == NULL) { 696 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 697 printf("pppoe (data): input for unknown session 0x%x, sending PADT\n", 698 session); 699 pppoe_send_padt(m->m_pkthdr.ph_ifidx, session, shost, 0); 700 #endif 701 goto drop; 702 } 703 704 plen = ntohs(ph->plen); 705 706 #if NBPFILTER > 0 707 if(sc->sc_sppp.pp_if.if_bpf) 708 bpf_mtap(sc->sc_sppp.pp_if.if_bpf, m, BPF_DIRECTION_IN); 709 #endif 710 711 m_adj(m, PPPOE_HEADERLEN); 712 713 #ifdef PPPOE_DEBUG 714 { 715 struct mbuf *p; 716 717 printf("%s: pkthdr.len=%d, pppoe.len=%d", 718 sc->sc_sppp.pp_if.if_xname, 719 m->m_pkthdr.len, plen); 720 p = m; 721 while (p) { 722 printf(" l=%d", p->m_len); 723 p = p->m_next; 724 } 725 printf("\n"); 726 } 727 #endif 728 729 if (m->m_pkthdr.len < plen) 730 goto drop; 731 732 /* fix incoming interface pointer (not the raw ethernet interface anymore) */ 733 m->m_pkthdr.ph_ifidx = sc->sc_sppp.pp_if.if_index; 734 735 /* pass packet up and account for it */ 736 sc->sc_sppp.pp_if.if_ipackets++; 737 sppp_input(&sc->sc_sppp.pp_if, m); 738 return; 739 740 drop: 741 m_freem(m); 742 } 743 744 static int 745 pppoe_output(struct pppoe_softc *sc, struct mbuf *m) 746 { 747 struct sockaddr dst; 748 struct ether_header *eh; 749 struct ifnet *eth_if; 750 u_int16_t etype; 751 int ret; 752 753 if ((eth_if = if_get(sc->sc_eth_ifidx)) == NULL) { 754 m_freem(m); 755 return (EIO); 756 } 757 758 if ((eth_if->if_flags & (IFF_UP|IFF_RUNNING)) 759 != (IFF_UP|IFF_RUNNING)) { 760 if_put(eth_if); 761 m_freem(m); 762 return (ENETDOWN); 763 } 764 765 memset(&dst, 0, sizeof dst); 766 dst.sa_family = AF_UNSPEC; 767 eh = (struct ether_header*)&dst.sa_data; 768 etype = sc->sc_state == PPPOE_STATE_SESSION ? ETHERTYPE_PPPOE : ETHERTYPE_PPPOEDISC; 769 eh->ether_type = htons(etype); 770 memcpy(&eh->ether_dhost, &sc->sc_dest, sizeof sc->sc_dest); 771 772 PPPOEDEBUG(("%s (%x) state=%d, session=0x%x output -> %s, len=%d\n", 773 sc->sc_sppp.pp_if.if_xname, etype, 774 sc->sc_state, sc->sc_session, 775 ether_sprintf((unsigned char *)&sc->sc_dest), m->m_pkthdr.len)); 776 777 m->m_flags &= ~(M_BCAST|M_MCAST); 778 /* encapsulated packet is forced into rdomain of physical interface */ 779 m->m_pkthdr.ph_rtableid = eth_if->if_rdomain; 780 781 sc->sc_sppp.pp_if.if_opackets++; 782 ret = eth_if->if_output(eth_if, m, &dst, NULL); 783 if_put(eth_if); 784 785 return (ret); 786 } 787 788 /* The ioctl routine. */ 789 static int 790 pppoe_ioctl(struct ifnet *ifp, unsigned long cmd, caddr_t data) 791 { 792 struct proc *p = curproc; /* XXX */ 793 struct pppoe_softc *sc = (struct pppoe_softc *)ifp; 794 struct ifnet *eth_if; 795 int s, error = 0; 796 797 switch (cmd) { 798 case PPPOESETPARMS: 799 { 800 struct pppoediscparms *parms = (struct pppoediscparms *)data; 801 int len; 802 803 if ((error = suser(p, 0)) != 0) 804 return (error); 805 if (parms->eth_ifname[0] != '\0') { 806 struct ifnet *eth_if; 807 808 eth_if = ifunit(parms->eth_ifname); 809 if (eth_if == NULL || eth_if->if_type != IFT_ETHER) { 810 sc->sc_eth_ifidx = 0; 811 return (ENXIO); 812 } 813 814 if (sc->sc_sppp.pp_if.if_mtu > 815 eth_if->if_mtu - PPPOE_OVERHEAD) { 816 sc->sc_sppp.pp_if.if_mtu = eth_if->if_mtu - 817 PPPOE_OVERHEAD; 818 } 819 sc->sc_eth_ifidx = eth_if->if_index; 820 } 821 822 if (sc->sc_concentrator_name) 823 free(sc->sc_concentrator_name, M_DEVBUF, 0); 824 sc->sc_concentrator_name = NULL; 825 826 len = strlen(parms->ac_name); 827 if (len > 0 && len < sizeof(parms->ac_name)) { 828 char *p = malloc(len + 1, M_DEVBUF, M_WAITOK|M_CANFAIL); 829 if (p == NULL) 830 return (ENOMEM); 831 strlcpy(p, parms->ac_name, len + 1); 832 sc->sc_concentrator_name = p; 833 } 834 835 if (sc->sc_service_name) 836 free(sc->sc_service_name, M_DEVBUF, 0); 837 sc->sc_service_name = NULL; 838 839 len = strlen(parms->service_name); 840 if (len > 0 && len < sizeof(parms->service_name)) { 841 char *p = malloc(len + 1, M_DEVBUF, M_WAITOK|M_CANFAIL); 842 if (p == NULL) 843 return (ENOMEM); 844 strlcpy(p, parms->service_name, len + 1); 845 sc->sc_service_name = p; 846 } 847 return (0); 848 } 849 break; 850 case PPPOEGETPARMS: 851 { 852 struct pppoediscparms *parms = (struct pppoediscparms *)data; 853 854 if ((eth_if = if_get(sc->sc_eth_ifidx)) != NULL) { 855 strlcpy(parms->eth_ifname, eth_if->if_xname, 856 IFNAMSIZ); 857 if_put(eth_if); 858 } else 859 parms->eth_ifname[0] = '\0'; 860 861 if (sc->sc_concentrator_name) 862 strlcpy(parms->ac_name, sc->sc_concentrator_name, 863 sizeof(parms->ac_name)); 864 else 865 parms->ac_name[0] = '\0'; 866 867 if (sc->sc_service_name) 868 strlcpy(parms->service_name, sc->sc_service_name, 869 sizeof(parms->service_name)); 870 else 871 parms->service_name[0] = '\0'; 872 873 return (0); 874 } 875 break; 876 case PPPOEGETSESSION: 877 { 878 struct pppoeconnectionstate *state = 879 (struct pppoeconnectionstate *)data; 880 state->state = sc->sc_state; 881 state->session_id = sc->sc_session; 882 state->padi_retry_no = sc->sc_padi_retried; 883 state->padr_retry_no = sc->sc_padr_retried; 884 state->session_time.tv_sec = sc->sc_session_time.tv_sec; 885 state->session_time.tv_usec = sc->sc_session_time.tv_usec; 886 return (0); 887 } 888 break; 889 case SIOCSIFFLAGS: 890 { 891 struct ifreq *ifr = (struct ifreq *)data; 892 /* 893 * Prevent running re-establishment timers overriding 894 * administrators choice. 895 */ 896 if ((ifr->ifr_flags & IFF_UP) == 0 897 && sc->sc_state >= PPPOE_STATE_PADI_SENT 898 && sc->sc_state < PPPOE_STATE_SESSION) { 899 timeout_del(&sc->sc_timeout); 900 sc->sc_state = PPPOE_STATE_INITIAL; 901 sc->sc_padi_retried = 0; 902 sc->sc_padr_retried = 0; 903 memcpy(&sc->sc_dest, etherbroadcastaddr, 904 sizeof(sc->sc_dest)); 905 } 906 return (sppp_ioctl(ifp, cmd, data)); 907 } 908 case SIOCSIFMTU: 909 { 910 struct ifreq *ifr = (struct ifreq *)data; 911 912 eth_if = if_get(sc->sc_eth_ifidx); 913 914 if (ifr->ifr_mtu > MIN(PPPOE_MAXMTU, 915 (eth_if == NULL ? PPPOE_MAXMTU : 916 (eth_if->if_mtu - PPPOE_OVERHEAD)))) 917 error = EINVAL; 918 else 919 error = 0; 920 921 if_put(eth_if); 922 923 return (sppp_ioctl(ifp, cmd, data)); 924 } 925 default: 926 error = sppp_ioctl(ifp, cmd, data); 927 if (error == ENETRESET) { 928 error = 0; 929 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 930 (IFF_UP | IFF_RUNNING)) { 931 s = splnet(); 932 if_down(ifp); 933 splx(s); 934 if (sc->sc_state >= PPPOE_STATE_PADI_SENT && 935 sc->sc_state < PPPOE_STATE_SESSION) { 936 timeout_del(&sc->sc_timeout); 937 sc->sc_state = PPPOE_STATE_INITIAL; 938 sc->sc_padi_retried = 0; 939 sc->sc_padr_retried = 0; 940 memcpy(&sc->sc_dest, 941 etherbroadcastaddr, 942 sizeof(sc->sc_dest)); 943 } 944 error = sppp_ioctl(ifp, SIOCSIFFLAGS, NULL); 945 if (error) 946 return (error); 947 s = splnet(); 948 if_up(ifp); 949 splx(s); 950 return (sppp_ioctl(ifp, SIOCSIFFLAGS, NULL)); 951 } 952 } 953 return (error); 954 } 955 return (0); 956 } 957 958 /* 959 * Allocate a mbuf/cluster with space to store the given data length 960 * of payload, leaving space for prepending an ethernet header 961 * in front. 962 */ 963 static struct mbuf * 964 pppoe_get_mbuf(size_t len) 965 { 966 struct mbuf *m; 967 968 MGETHDR(m, M_DONTWAIT, MT_DATA); 969 if (m == NULL) 970 return (NULL); 971 if (len + sizeof(struct ether_header) > MHLEN) { 972 MCLGET(m, M_DONTWAIT); 973 if ((m->m_flags & M_EXT) == 0) { 974 m_free(m); 975 return (NULL); 976 } 977 } 978 m->m_data += sizeof(struct ether_header); 979 m->m_len = len; 980 m->m_pkthdr.len = len; 981 m->m_pkthdr.ph_ifidx = 0; 982 983 return (m); 984 } 985 986 /* Send PADI. */ 987 static int 988 pppoe_send_padi(struct pppoe_softc *sc) 989 { 990 struct mbuf *m0; 991 int len, l1 = 0, l2 = 0; /* XXX: gcc */ 992 u_int8_t *p; 993 994 if (sc->sc_state > PPPOE_STATE_PADI_SENT) 995 panic("pppoe_send_padi in state %d", sc->sc_state); 996 997 /* calculate length of frame (excluding ethernet header + pppoe header) */ 998 len = 2 + 2 + 2 + 2 + sizeof(sc->sc_unique); /* service name tag is required, host unique is sent too */ 999 if (sc->sc_service_name != NULL) { 1000 l1 = strlen(sc->sc_service_name); 1001 len += l1; 1002 } 1003 if (sc->sc_concentrator_name != NULL) { 1004 l2 = strlen(sc->sc_concentrator_name); 1005 len += 2 + 2 + l2; 1006 } 1007 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU) 1008 len += 2 + 2 + 2; 1009 1010 /* allocate a buffer */ 1011 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); /* header len + payload len */ 1012 if (m0 == NULL) 1013 return (ENOBUFS); 1014 m0->m_pkthdr.pf.prio = sc->sc_sppp.pp_if.if_llprio; 1015 1016 /* fill in pkt */ 1017 p = mtod(m0, u_int8_t *); 1018 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADI, 0, len); 1019 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1020 if (sc->sc_service_name != NULL) { 1021 PPPOE_ADD_16(p, l1); 1022 memcpy(p, sc->sc_service_name, l1); 1023 p += l1; 1024 } else { 1025 PPPOE_ADD_16(p, 0); 1026 } 1027 if (sc->sc_concentrator_name != NULL) { 1028 PPPOE_ADD_16(p, PPPOE_TAG_ACNAME); 1029 PPPOE_ADD_16(p, l2); 1030 memcpy(p, sc->sc_concentrator_name, l2); 1031 p += l2; 1032 } 1033 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1034 PPPOE_ADD_16(p, sizeof(sc->sc_unique)); 1035 memcpy(p, &sc->sc_unique, sizeof(sc->sc_unique)); 1036 p += sizeof(sc->sc_unique); 1037 1038 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU) { 1039 PPPOE_ADD_16(p, PPPOE_TAG_MAX_PAYLOAD); 1040 PPPOE_ADD_16(p, 2); 1041 PPPOE_ADD_16(p, (u_int16_t)sc->sc_sppp.pp_if.if_mtu); 1042 } 1043 1044 #ifdef PPPOE_DEBUG 1045 if (p - mtod(m0, u_int8_t *) != len + PPPOE_HEADERLEN) 1046 panic("pppoe_send_padi: garbled output len, should be %ld, is %ld", 1047 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, u_int8_t *))); 1048 #endif 1049 1050 /* send pkt */ 1051 return (pppoe_output(sc, m0)); 1052 } 1053 1054 /* Watchdog function. */ 1055 static void 1056 pppoe_timeout(void *arg) 1057 { 1058 struct pppoe_softc *sc = (struct pppoe_softc *)arg; 1059 int x, retry_wait, err; 1060 1061 PPPOEDEBUG(("%s: timeout\n", sc->sc_sppp.pp_if.if_xname)); 1062 1063 switch (sc->sc_state) { 1064 case PPPOE_STATE_PADI_SENT: 1065 /* 1066 * We have two basic ways of retrying: 1067 * - Quick retry mode: try a few times in short sequence 1068 * - Slow retry mode: we already had a connection successfully 1069 * established and will try infinitely (without user 1070 * intervention) 1071 * We only enter slow retry mode if IFF_LINK1 (aka autodial) 1072 * is not set. 1073 */ 1074 1075 /* initialize for quick retry mode */ 1076 retry_wait = PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried); 1077 1078 x = splnet(); 1079 sc->sc_padi_retried++; 1080 if (sc->sc_padi_retried >= PPPOE_DISC_MAXPADI) { 1081 if ((sc->sc_sppp.pp_if.if_flags & IFF_LINK1) == 0) { 1082 /* slow retry mode */ 1083 retry_wait = PPPOE_SLOW_RETRY; 1084 } else { 1085 pppoe_abort_connect(sc); 1086 splx(x); 1087 return; 1088 } 1089 } 1090 if ((err = pppoe_send_padi(sc)) != 0) { 1091 sc->sc_padi_retried--; 1092 PPPOEDEBUG(("%s: failed to transmit PADI, error=%d\n", 1093 sc->sc_sppp.pp_if.if_xname, err)); 1094 } 1095 timeout_add(&sc->sc_timeout, retry_wait); 1096 splx(x); 1097 1098 break; 1099 case PPPOE_STATE_PADR_SENT: 1100 x = splnet(); 1101 sc->sc_padr_retried++; 1102 if (sc->sc_padr_retried >= PPPOE_DISC_MAXPADR) { 1103 memcpy(&sc->sc_dest, etherbroadcastaddr, 1104 sizeof(sc->sc_dest)); 1105 sc->sc_state = PPPOE_STATE_PADI_SENT; 1106 sc->sc_padr_retried = 0; 1107 if ((err = pppoe_send_padi(sc)) != 0) { 1108 PPPOEDEBUG(("%s: failed to send PADI, error=%d\n", 1109 sc->sc_sppp.pp_if.if_xname, err)); 1110 } 1111 timeout_add(&sc->sc_timeout, 1112 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried)); 1113 splx(x); 1114 return; 1115 } 1116 if ((err = pppoe_send_padr(sc)) != 0) { 1117 sc->sc_padr_retried--; 1118 PPPOEDEBUG(("%s: failed to send PADR, error=%d\n", 1119 sc->sc_sppp.pp_if.if_xname, err)); 1120 } 1121 timeout_add(&sc->sc_timeout, 1122 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried)); 1123 splx(x); 1124 1125 break; 1126 case PPPOE_STATE_CLOSING: 1127 pppoe_disconnect(sc); 1128 break; 1129 default: 1130 return; /* all done, work in peace */ 1131 } 1132 } 1133 1134 /* Start a connection (i.e. initiate discovery phase). */ 1135 static int 1136 pppoe_connect(struct pppoe_softc *sc) 1137 { 1138 int x, err; 1139 1140 if (sc->sc_state != PPPOE_STATE_INITIAL) 1141 return (EBUSY); 1142 1143 x = splnet(); 1144 1145 /* save state, in case we fail to send PADI */ 1146 sc->sc_state = PPPOE_STATE_PADI_SENT; 1147 sc->sc_padr_retried = 0; 1148 err = pppoe_send_padi(sc); 1149 if (err != 0) 1150 PPPOEDEBUG(("%s: failed to send PADI, error=%d\n", 1151 sc->sc_sppp.pp_if.if_xname, err)); 1152 1153 timeout_add(&sc->sc_timeout, PPPOE_DISC_TIMEOUT); 1154 splx(x); 1155 1156 return (err); 1157 } 1158 1159 /* disconnect */ 1160 static int 1161 pppoe_disconnect(struct pppoe_softc *sc) 1162 { 1163 int err, x; 1164 1165 x = splnet(); 1166 1167 if (sc->sc_state < PPPOE_STATE_SESSION) 1168 err = EBUSY; 1169 else { 1170 PPPOEDEBUG(("%s: disconnecting\n", 1171 sc->sc_sppp.pp_if.if_xname)); 1172 err = pppoe_send_padt(sc->sc_eth_ifidx, 1173 sc->sc_session, (const u_int8_t *)&sc->sc_dest, 1174 sc->sc_sppp.pp_if.if_llprio); 1175 } 1176 1177 /* cleanup softc */ 1178 sc->sc_state = PPPOE_STATE_INITIAL; 1179 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1180 if (sc->sc_ac_cookie) { 1181 free(sc->sc_ac_cookie, M_DEVBUF, 0); 1182 sc->sc_ac_cookie = NULL; 1183 } 1184 sc->sc_ac_cookie_len = 0; 1185 if (sc->sc_relay_sid) { 1186 free(sc->sc_relay_sid, M_DEVBUF, 0); 1187 sc->sc_relay_sid = NULL; 1188 } 1189 sc->sc_relay_sid_len = 0; 1190 sc->sc_session = 0; 1191 1192 /* notify upper layer */ 1193 sc->sc_sppp.pp_down(&sc->sc_sppp); 1194 1195 splx(x); 1196 1197 return (err); 1198 } 1199 1200 /* Connection attempt aborted. */ 1201 static void 1202 pppoe_abort_connect(struct pppoe_softc *sc) 1203 { 1204 printf("%s: could not establish connection\n", 1205 sc->sc_sppp.pp_if.if_xname); 1206 sc->sc_state = PPPOE_STATE_CLOSING; 1207 1208 /* notify upper layer */ 1209 sc->sc_sppp.pp_down(&sc->sc_sppp); 1210 1211 /* clear connection state */ 1212 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1213 sc->sc_state = PPPOE_STATE_INITIAL; 1214 } 1215 1216 /* Send a PADR packet */ 1217 static int 1218 pppoe_send_padr(struct pppoe_softc *sc) 1219 { 1220 struct mbuf *m0; 1221 u_int8_t *p; 1222 size_t len, l1 = 0; /* XXX: gcc */ 1223 1224 if (sc->sc_state != PPPOE_STATE_PADR_SENT) 1225 return (EIO); 1226 1227 len = 2 + 2 + 2 + 2 + sizeof(sc->sc_unique); /* service name, host unique */ 1228 if (sc->sc_service_name != NULL) { /* service name tag maybe empty */ 1229 l1 = strlen(sc->sc_service_name); 1230 len += l1; 1231 } 1232 if (sc->sc_ac_cookie_len > 0) 1233 len += 2 + 2 + sc->sc_ac_cookie_len; /* AC cookie */ 1234 if (sc->sc_relay_sid_len > 0) 1235 len += 2 + 2 + sc->sc_relay_sid_len; /* Relay SID */ 1236 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU) 1237 len += 2 + 2 + 2; 1238 1239 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); 1240 if (m0 == NULL) 1241 return (ENOBUFS); 1242 m0->m_pkthdr.pf.prio = sc->sc_sppp.pp_if.if_llprio; 1243 1244 p = mtod(m0, u_int8_t *); 1245 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADR, 0, len); 1246 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1247 1248 if (sc->sc_service_name != NULL) { 1249 PPPOE_ADD_16(p, l1); 1250 memcpy(p, sc->sc_service_name, l1); 1251 p += l1; 1252 } else { 1253 PPPOE_ADD_16(p, 0); 1254 } 1255 if (sc->sc_ac_cookie_len > 0) { 1256 PPPOE_ADD_16(p, PPPOE_TAG_ACCOOKIE); 1257 PPPOE_ADD_16(p, sc->sc_ac_cookie_len); 1258 memcpy(p, sc->sc_ac_cookie, sc->sc_ac_cookie_len); 1259 p += sc->sc_ac_cookie_len; 1260 } 1261 if (sc->sc_relay_sid_len > 0) { 1262 PPPOE_ADD_16(p, PPPOE_TAG_RELAYSID); 1263 PPPOE_ADD_16(p, sc->sc_relay_sid_len); 1264 memcpy(p, sc->sc_relay_sid, sc->sc_relay_sid_len); 1265 p += sc->sc_relay_sid_len; 1266 } 1267 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1268 PPPOE_ADD_16(p, sizeof(sc->sc_unique)); 1269 memcpy(p, &sc->sc_unique, sizeof(sc->sc_unique)); 1270 p += sizeof(sc->sc_unique); 1271 1272 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU) { 1273 PPPOE_ADD_16(p, PPPOE_TAG_MAX_PAYLOAD); 1274 PPPOE_ADD_16(p, 2); 1275 PPPOE_ADD_16(p, (u_int16_t)sc->sc_sppp.pp_if.if_mtu); 1276 } 1277 1278 #ifdef PPPOE_DEBUG 1279 if (p - mtod(m0, u_int8_t *) != len + PPPOE_HEADERLEN) 1280 panic("pppoe_send_padr: garbled output len, should be %ld, is %ld", 1281 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, u_int8_t *))); 1282 #endif 1283 1284 return (pppoe_output(sc, m0)); 1285 } 1286 1287 /* Send a PADT packet. */ 1288 static int 1289 pppoe_send_padt(unsigned int ifidx, u_int session, const u_int8_t *dest, u_int8_t prio) 1290 { 1291 struct ether_header *eh; 1292 struct sockaddr dst; 1293 struct ifnet *eth_if; 1294 struct mbuf *m0; 1295 u_int8_t *p; 1296 int ret; 1297 1298 if ((eth_if = if_get(ifidx)) == NULL) 1299 return (EINVAL); 1300 1301 m0 = pppoe_get_mbuf(PPPOE_HEADERLEN); 1302 if (m0 == NULL) { 1303 if_put(eth_if); 1304 return (ENOBUFS); 1305 } 1306 m0->m_pkthdr.pf.prio = prio; 1307 1308 p = mtod(m0, u_int8_t *); 1309 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADT, session, 0); 1310 1311 memset(&dst, 0, sizeof(dst)); 1312 dst.sa_family = AF_UNSPEC; 1313 eh = (struct ether_header *)&dst.sa_data; 1314 eh->ether_type = htons(ETHERTYPE_PPPOEDISC); 1315 memcpy(&eh->ether_dhost, dest, ETHER_ADDR_LEN); 1316 1317 m0->m_flags &= ~(M_BCAST|M_MCAST); 1318 /* encapsulated packet is forced into rdomain of physical interface */ 1319 m0->m_pkthdr.ph_rtableid = eth_if->if_rdomain; 1320 1321 ret = eth_if->if_output(eth_if, m0, &dst, NULL); 1322 if_put(eth_if); 1323 1324 return (ret); 1325 } 1326 1327 1328 /* this-layer-start function */ 1329 static void 1330 pppoe_tls(struct sppp *sp) 1331 { 1332 struct pppoe_softc *sc = (void *)sp; 1333 1334 if (sc->sc_state != PPPOE_STATE_INITIAL) 1335 return; 1336 pppoe_connect(sc); 1337 } 1338 1339 /* this-layer-finish function */ 1340 static void 1341 pppoe_tlf(struct sppp *sp) 1342 { 1343 struct pppoe_softc *sc = (void *)sp; 1344 1345 if (sc->sc_state < PPPOE_STATE_SESSION) 1346 return; 1347 /* 1348 * Do not call pppoe_disconnect here, the upper layer state 1349 * machine gets confused by this. We must return from this 1350 * function and defer disconnecting to the timeout handler. 1351 */ 1352 sc->sc_state = PPPOE_STATE_CLOSING; 1353 timeout_add(&sc->sc_timeout, hz / 50); 1354 } 1355 1356 static void 1357 pppoe_start(struct ifnet *ifp) 1358 { 1359 struct pppoe_softc *sc = (void *)ifp; 1360 struct mbuf *m; 1361 size_t len; 1362 u_int8_t *p; 1363 1364 if (sppp_isempty(ifp)) 1365 return; 1366 1367 /* are we ready to process data yet? */ 1368 if (sc->sc_state < PPPOE_STATE_SESSION) { 1369 sppp_flush(&sc->sc_sppp.pp_if); 1370 return; 1371 } 1372 1373 while ((m = sppp_dequeue(ifp)) != NULL) { 1374 len = m->m_pkthdr.len; 1375 M_PREPEND(m, PPPOE_HEADERLEN, M_DONTWAIT); 1376 if (m == NULL) { 1377 ifp->if_oerrors++; 1378 continue; 1379 } 1380 p = mtod(m, u_int8_t *); 1381 PPPOE_ADD_HEADER(p, 0, sc->sc_session, len); 1382 1383 #if NBPFILTER > 0 1384 if(sc->sc_sppp.pp_if.if_bpf) 1385 bpf_mtap(sc->sc_sppp.pp_if.if_bpf, m, 1386 BPF_DIRECTION_OUT); 1387 #endif 1388 1389 pppoe_output(sc, m); 1390 } 1391 } 1392