1 /* $OpenBSD: if_pppoe.c,v 1.84 2024/06/26 01:40:49 jsg Exp $ */ 2 /* $NetBSD: if_pppoe.c,v 1.51 2003/11/28 08:56:48 keihan Exp $ */ 3 4 /* 5 * Copyright (c) 2002 The NetBSD Foundation, Inc. 6 * All rights reserved. 7 * 8 * This code is derived from software contributed to The NetBSD Foundation 9 * by Martin Husemann <martin@NetBSD.org>. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 24 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include "pppoe.h" 34 #include "bpfilter.h" 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/kernel.h> 39 #include <sys/timeout.h> 40 #include <sys/malloc.h> 41 #include <sys/mbuf.h> 42 #include <sys/socket.h> 43 #include <sys/syslog.h> 44 #include <sys/ioctl.h> 45 #include <net/if.h> 46 #include <net/if_var.h> 47 #include <net/if_types.h> 48 #include <net/if_sppp.h> 49 #include <net/if_pppoe.h> 50 #include <net/netisr.h> 51 #include <netinet/in.h> 52 #include <netinet/if_ether.h> 53 54 #if NBPFILTER > 0 55 #include <net/bpf.h> 56 #endif 57 58 #undef PPPOE_DEBUG /* XXX - remove this or make it an option */ 59 60 #define PPPOEDEBUG(a) ((sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) ? printf a : 0) 61 62 struct pppoehdr { 63 u_int8_t vertype; 64 u_int8_t code; 65 u_int16_t session; 66 u_int16_t plen; 67 } __packed; 68 69 struct pppoetag { 70 u_int16_t tag; 71 u_int16_t len; 72 } __packed; 73 74 #define PPPOE_HEADERLEN sizeof(struct pppoehdr) 75 #define PPPOE_OVERHEAD (PPPOE_HEADERLEN + 2) 76 #define PPPOE_VERTYPE 0x11 /* VER=1, TYPE = 1 */ 77 78 #define PPPOE_TAG_EOL 0x0000 /* end of list */ 79 #define PPPOE_TAG_SNAME 0x0101 /* service name */ 80 #define PPPOE_TAG_ACNAME 0x0102 /* access concentrator name */ 81 #define PPPOE_TAG_HUNIQUE 0x0103 /* host unique */ 82 #define PPPOE_TAG_ACCOOKIE 0x0104 /* AC cookie */ 83 #define PPPOE_TAG_VENDOR 0x0105 /* vendor specific */ 84 #define PPPOE_TAG_RELAYSID 0x0110 /* relay session id */ 85 #define PPPOE_TAG_MAX_PAYLOAD 0x0120 /* RFC 4638 max payload */ 86 #define PPPOE_TAG_SNAME_ERR 0x0201 /* service name error */ 87 #define PPPOE_TAG_ACSYS_ERR 0x0202 /* AC system error */ 88 #define PPPOE_TAG_GENERIC_ERR 0x0203 /* generic error */ 89 90 #define PPPOE_CODE_PADI 0x09 /* Active Discovery Initiation */ 91 #define PPPOE_CODE_PADO 0x07 /* Active Discovery Offer */ 92 #define PPPOE_CODE_PADR 0x19 /* Active Discovery Request */ 93 #define PPPOE_CODE_PADS 0x65 /* Active Discovery Session confirmation */ 94 #define PPPOE_CODE_PADT 0xA7 /* Active Discovery Terminate */ 95 96 /* two byte PPP protocol discriminator, then IP data */ 97 #define PPPOE_MTU (ETHERMTU - PPPOE_OVERHEAD) 98 #define PPPOE_MAXMTU PP_MAX_MRU 99 100 /* Add a 16 bit unsigned value to a buffer pointed to by PTR */ 101 #define PPPOE_ADD_16(PTR, VAL) \ 102 *(PTR)++ = (VAL) / 256; \ 103 *(PTR)++ = (VAL) % 256 104 105 /* Add a complete PPPoE header to the buffer pointed to by PTR */ 106 #define PPPOE_ADD_HEADER(PTR, CODE, SESS, LEN) \ 107 *(PTR)++ = PPPOE_VERTYPE; \ 108 *(PTR)++ = (CODE); \ 109 PPPOE_ADD_16(PTR, SESS); \ 110 PPPOE_ADD_16(PTR, LEN) 111 112 #define PPPOE_DISC_TIMEOUT 5 /* base for quick timeout calculation (seconds) */ 113 #define PPPOE_SLOW_RETRY 60 /* persistent retry interval (seconds) */ 114 #define PPPOE_DISC_MAXPADI 4 /* retry PADI four times (quickly) */ 115 #define PPPOE_DISC_MAXPADR 2 /* retry PADR twice */ 116 117 /* 118 * Locks used to protect struct members and global data 119 * I immutable after creation 120 * K kernel lock 121 */ 122 123 struct pppoe_softc { 124 struct sppp sc_sppp; /* contains a struct ifnet as first element */ 125 LIST_ENTRY(pppoe_softc) sc_list;/* [K] */ 126 unsigned int sc_eth_ifidx; /* [K] */ 127 128 int sc_state; /* [K] discovery phase or session connected */ 129 struct ether_addr sc_dest; /* [K] hardware address of concentrator */ 130 u_int16_t sc_session; /* [K] PPPoE session id */ 131 132 char *sc_service_name; /* [K] if != NULL: requested name of service */ 133 char *sc_concentrator_name; /* [K] if != NULL: requested concentrator id */ 134 u_int8_t *sc_ac_cookie; /* [K] content of AC cookie we must echo back */ 135 size_t sc_ac_cookie_len; /* [K] length of cookie data */ 136 u_int8_t *sc_relay_sid; /* [K] content of relay SID we must echo back */ 137 size_t sc_relay_sid_len; /* [K] length of relay SID data */ 138 u_int32_t sc_unique; /* [I] our unique id */ 139 struct timeout sc_timeout; /* [K] timeout while not in session state */ 140 int sc_padi_retried; /* [K] number of PADI retries already done */ 141 int sc_padr_retried; /* [K] number of PADR retries already done */ 142 143 struct timeval sc_session_time; /* [K] time the session was established */ 144 }; 145 146 /* input routines */ 147 void pppoe_disc_input(struct mbuf *); 148 void pppoe_data_input(struct mbuf *); 149 static void pppoe_dispatch_disc_pkt(struct mbuf *); 150 151 /* management routines */ 152 void pppoeattach(int); 153 static int pppoe_connect(struct pppoe_softc *); 154 static int pppoe_disconnect(struct pppoe_softc *); 155 static void pppoe_abort_connect(struct pppoe_softc *); 156 static int pppoe_ioctl(struct ifnet *, unsigned long, caddr_t); 157 static void pppoe_tls(struct sppp *); 158 static void pppoe_tlf(struct sppp *); 159 static void pppoe_start(struct ifnet *); 160 161 /* internal timeout handling */ 162 static void pppoe_timeout(void *); 163 164 /* sending actual protocol control packets */ 165 static int pppoe_send_padi(struct pppoe_softc *); 166 static int pppoe_send_padr(struct pppoe_softc *); 167 static int pppoe_send_padt(unsigned int, u_int, const u_int8_t *, u_int8_t); 168 169 /* raw output */ 170 static int pppoe_output(struct pppoe_softc *, struct mbuf *); 171 172 /* internal helper functions */ 173 static struct pppoe_softc *pppoe_find_softc_by_session(u_int, u_int); 174 static struct pppoe_softc *pppoe_find_softc_by_hunique(u_int8_t *, size_t, u_int); 175 static struct mbuf *pppoe_get_mbuf(size_t len); 176 177 LIST_HEAD(pppoe_softc_head, pppoe_softc) pppoe_softc_list; 178 179 /* interface cloning */ 180 int pppoe_clone_create(struct if_clone *, int); 181 int pppoe_clone_destroy(struct ifnet *); 182 183 struct if_clone pppoe_cloner = 184 IF_CLONE_INITIALIZER("pppoe", pppoe_clone_create, pppoe_clone_destroy); 185 186 struct mbuf_queue pppoediscinq = MBUF_QUEUE_INITIALIZER( 187 IFQ_MAXLEN, IPL_SOFTNET); 188 struct mbuf_queue pppoeinq = MBUF_QUEUE_INITIALIZER( 189 IFQ_MAXLEN, IPL_SOFTNET); 190 191 void 192 pppoeintr(void) 193 { 194 struct mbuf_list ml; 195 struct mbuf *m; 196 197 NET_ASSERT_LOCKED(); 198 199 mq_delist(&pppoediscinq, &ml); 200 while ((m = ml_dequeue(&ml)) != NULL) 201 pppoe_disc_input(m); 202 203 mq_delist(&pppoeinq, &ml); 204 while ((m = ml_dequeue(&ml)) != NULL) 205 pppoe_data_input(m); 206 } 207 208 void 209 pppoeattach(int count) 210 { 211 LIST_INIT(&pppoe_softc_list); 212 if_clone_attach(&pppoe_cloner); 213 } 214 215 /* Create a new interface. */ 216 int 217 pppoe_clone_create(struct if_clone *ifc, int unit) 218 { 219 struct pppoe_softc *sc, *tmpsc; 220 u_int32_t unique; 221 222 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 223 snprintf(sc->sc_sppp.pp_if.if_xname, 224 sizeof(sc->sc_sppp.pp_if.if_xname), 225 "pppoe%d", unit); 226 sc->sc_sppp.pp_if.if_softc = sc; 227 sc->sc_sppp.pp_if.if_mtu = PPPOE_MTU; 228 sc->sc_sppp.pp_if.if_flags = IFF_SIMPLEX | IFF_POINTOPOINT | IFF_MULTICAST; 229 sc->sc_sppp.pp_if.if_type = IFT_PPP; 230 sc->sc_sppp.pp_if.if_hdrlen = sizeof(struct ether_header) + PPPOE_HEADERLEN; 231 sc->sc_sppp.pp_flags |= PP_KEEPALIVE; /* use LCP keepalive */ 232 sc->sc_sppp.pp_framebytes = PPPOE_HEADERLEN; /* framing added to ppp packets */ 233 sc->sc_sppp.pp_if.if_ioctl = pppoe_ioctl; 234 sc->sc_sppp.pp_if.if_start = pppoe_start; 235 sc->sc_sppp.pp_if.if_rtrequest = p2p_rtrequest; 236 sc->sc_sppp.pp_if.if_xflags = IFXF_CLONED; 237 sc->sc_sppp.pp_tls = pppoe_tls; 238 sc->sc_sppp.pp_tlf = pppoe_tlf; 239 240 /* changed to real address later */ 241 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 242 243 /* init timer for interface watchdog */ 244 timeout_set_proc(&sc->sc_timeout, pppoe_timeout, sc); 245 246 if_attach(&sc->sc_sppp.pp_if); 247 if_alloc_sadl(&sc->sc_sppp.pp_if); 248 sppp_attach(&sc->sc_sppp.pp_if); 249 #if NBPFILTER > 0 250 bpfattach(&sc->sc_sppp.pp_if.if_bpf, &sc->sc_sppp.pp_if, DLT_PPP_ETHER, 0); 251 #endif 252 253 NET_LOCK(); 254 retry: 255 unique = arc4random(); 256 LIST_FOREACH(tmpsc, &pppoe_softc_list, sc_list) 257 if (tmpsc->sc_unique == unique) 258 goto retry; 259 sc->sc_unique = unique; 260 LIST_INSERT_HEAD(&pppoe_softc_list, sc, sc_list); 261 NET_UNLOCK(); 262 263 return (0); 264 } 265 266 /* Destroy a given interface. */ 267 int 268 pppoe_clone_destroy(struct ifnet *ifp) 269 { 270 struct pppoe_softc *sc = ifp->if_softc; 271 272 NET_LOCK(); 273 LIST_REMOVE(sc, sc_list); 274 NET_UNLOCK(); 275 276 timeout_del(&sc->sc_timeout); 277 278 sppp_detach(&sc->sc_sppp.pp_if); 279 if_detach(ifp); 280 281 if (sc->sc_concentrator_name) 282 free(sc->sc_concentrator_name, M_DEVBUF, 283 strlen(sc->sc_concentrator_name) + 1); 284 if (sc->sc_service_name) 285 free(sc->sc_service_name, M_DEVBUF, 286 strlen(sc->sc_service_name) + 1); 287 if (sc->sc_ac_cookie) 288 free(sc->sc_ac_cookie, M_DEVBUF, sc->sc_ac_cookie_len); 289 if (sc->sc_relay_sid) 290 free(sc->sc_relay_sid, M_DEVBUF, sc->sc_relay_sid_len); 291 292 free(sc, M_DEVBUF, sizeof(*sc)); 293 294 return (0); 295 } 296 297 /* 298 * Find the interface handling the specified session. 299 * Note: O(number of sessions open), this is a client-side only, mean 300 * and lean implementation, so number of open sessions typically should 301 * be 1. 302 */ 303 static struct pppoe_softc * 304 pppoe_find_softc_by_session(u_int session, u_int ifidx) 305 { 306 struct pppoe_softc *sc; 307 308 if (session == 0) 309 return (NULL); 310 311 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) { 312 if (sc->sc_state == PPPOE_STATE_SESSION 313 && sc->sc_session == session 314 && sc->sc_eth_ifidx == ifidx) { 315 return (sc); 316 } 317 } 318 return (NULL); 319 } 320 321 /* 322 * Check host unique token passed and return appropriate softc pointer, 323 * or NULL if token is bogus. 324 */ 325 static struct pppoe_softc * 326 pppoe_find_softc_by_hunique(u_int8_t *token, size_t len, u_int ifidx) 327 { 328 struct pppoe_softc *sc; 329 u_int32_t hunique; 330 331 if (LIST_EMPTY(&pppoe_softc_list)) 332 return (NULL); 333 334 if (len != sizeof(hunique)) 335 return (NULL); 336 memcpy(&hunique, token, len); 337 338 LIST_FOREACH(sc, &pppoe_softc_list, sc_list) 339 if (sc->sc_unique == hunique) 340 break; 341 342 if (sc == NULL) { 343 printf("pppoe: alien host unique tag, no session found\n"); 344 return (NULL); 345 } 346 347 /* should be safe to access *sc now */ 348 if (sc->sc_state < PPPOE_STATE_PADI_SENT || sc->sc_state >= PPPOE_STATE_SESSION) { 349 printf("%s: host unique tag found, but it belongs to a connection in state %d\n", 350 sc->sc_sppp.pp_if.if_xname, sc->sc_state); 351 return (NULL); 352 } 353 if (sc->sc_eth_ifidx != ifidx) { 354 printf("%s: wrong interface, not accepting host unique\n", 355 sc->sc_sppp.pp_if.if_xname); 356 return (NULL); 357 } 358 return (sc); 359 } 360 361 /* Analyze and handle a single received packet while not in session state. */ 362 static void 363 pppoe_dispatch_disc_pkt(struct mbuf *m) 364 { 365 struct pppoe_softc *sc; 366 struct pppoehdr *ph; 367 struct pppoetag *pt; 368 struct mbuf *n; 369 struct ether_header *eh; 370 const char *err_msg, *devname; 371 size_t ac_cookie_len; 372 size_t relay_sid_len; 373 int off, noff, err, errortag, max_payloadtag; 374 u_int16_t max_payload; 375 u_int16_t tag, len; 376 u_int16_t session, plen; 377 u_int8_t *ac_cookie; 378 u_int8_t *relay_sid; 379 u_int8_t code; 380 381 err_msg = NULL; 382 devname = "pppoe"; 383 off = 0; 384 errortag = 0; 385 max_payloadtag = 0; 386 387 if (m->m_len < sizeof(*eh)) { 388 m = m_pullup(m, sizeof(*eh)); 389 if (m == NULL) 390 goto done; 391 } 392 eh = mtod(m, struct ether_header *); 393 off += sizeof(*eh); 394 395 ac_cookie = NULL; 396 ac_cookie_len = 0; 397 relay_sid = NULL; 398 relay_sid_len = 0; 399 max_payload = 0; 400 401 session = 0; 402 if (m->m_pkthdr.len - off <= PPPOE_HEADERLEN) { 403 printf("pppoe: packet too short: %d\n", m->m_pkthdr.len); 404 goto done; 405 } 406 407 n = m_pulldown(m, off, sizeof(*ph), &noff); 408 if (n == NULL) { 409 printf("pppoe: could not get PPPoE header\n"); 410 m = NULL; 411 goto done; 412 } 413 ph = (struct pppoehdr *)(mtod(n, caddr_t) + noff); 414 if (ph->vertype != PPPOE_VERTYPE) { 415 printf("pppoe: unknown version/type packet: 0x%x\n", 416 ph->vertype); 417 goto done; 418 } 419 420 session = ntohs(ph->session); 421 plen = ntohs(ph->plen); 422 code = ph->code; 423 off += sizeof(*ph); 424 if (plen + off > m->m_pkthdr.len) { 425 printf("pppoe: packet content does not fit: data available = %d, packet size = %u\n", 426 m->m_pkthdr.len - off, plen); 427 goto done; 428 } 429 430 /* ignore trailing garbage */ 431 m_adj(m, off + plen - m->m_pkthdr.len); 432 433 tag = 0; 434 len = 0; 435 sc = NULL; 436 while (off + sizeof(*pt) <= m->m_pkthdr.len) { 437 n = m_pulldown(m, off, sizeof(*pt), &noff); 438 if (n == NULL) { 439 printf("%s: parse error\n", devname); 440 m = NULL; 441 goto done; 442 } 443 pt = (struct pppoetag *)(mtod(n, caddr_t) + noff); 444 tag = ntohs(pt->tag); 445 len = ntohs(pt->len); 446 off += sizeof(*pt); 447 if (off + len > m->m_pkthdr.len) { 448 printf("%s: tag 0x%x len 0x%x is too long\n", 449 devname, tag, len); 450 goto done; 451 } 452 switch (tag) { 453 case PPPOE_TAG_EOL: 454 goto breakbreak; 455 case PPPOE_TAG_SNAME: 456 break; /* ignored */ 457 case PPPOE_TAG_ACNAME: 458 break; /* ignored */ 459 case PPPOE_TAG_HUNIQUE: 460 if (sc != NULL) 461 break; 462 n = m_pulldown(m, off, len, &noff); 463 if (n == NULL) { 464 m = NULL; 465 err_msg = "TAG HUNIQUE ERROR"; 466 break; 467 } 468 sc = pppoe_find_softc_by_hunique(mtod(n, caddr_t) + noff, 469 len, m->m_pkthdr.ph_ifidx); 470 if (sc != NULL) 471 devname = sc->sc_sppp.pp_if.if_xname; 472 break; 473 case PPPOE_TAG_ACCOOKIE: 474 if (ac_cookie == NULL) { 475 n = m_pulldown(m, off, len, 476 &noff); 477 if (n == NULL) { 478 err_msg = "TAG ACCOOKIE ERROR"; 479 m = NULL; 480 break; 481 } 482 ac_cookie = mtod(n, caddr_t) + noff; 483 ac_cookie_len = len; 484 } 485 break; 486 case PPPOE_TAG_RELAYSID: 487 if (relay_sid == NULL) { 488 n = m_pulldown(m, off, len, 489 &noff); 490 if (n == NULL) { 491 err_msg = "TAG RELAYSID ERROR"; 492 m = NULL; 493 break; 494 } 495 relay_sid = mtod(n, caddr_t) + noff; 496 relay_sid_len = len; 497 } 498 break; 499 case PPPOE_TAG_MAX_PAYLOAD: 500 if (!max_payloadtag) { 501 n = m_pulldown(m, off, len, 502 &noff); 503 if (n == NULL || len != sizeof(max_payload)) { 504 err_msg = "TAG MAX_PAYLOAD ERROR"; 505 m = NULL; 506 break; 507 } 508 memcpy(&max_payload, mtod(n, caddr_t) + noff, 509 sizeof(max_payload)); 510 max_payloadtag = 1; 511 } 512 break; 513 case PPPOE_TAG_SNAME_ERR: 514 err_msg = "SERVICE NAME ERROR"; 515 errortag = 1; 516 break; 517 case PPPOE_TAG_ACSYS_ERR: 518 err_msg = "AC SYSTEM ERROR"; 519 errortag = 1; 520 break; 521 case PPPOE_TAG_GENERIC_ERR: 522 err_msg = "GENERIC ERROR"; 523 errortag = 1; 524 break; 525 } 526 if (err_msg) { 527 log(LOG_INFO, "%s: %s: ", devname, err_msg); 528 if (errortag && len) { 529 n = m_pulldown(m, off, len, 530 &noff); 531 if (n == NULL) { 532 m = NULL; 533 } else { 534 u_int8_t *et = mtod(n, caddr_t) + noff; 535 while (len--) 536 addlog("%c", *et++); 537 } 538 } 539 addlog("\n"); 540 goto done; 541 } 542 off += len; 543 } 544 breakbreak: 545 switch (code) { 546 case PPPOE_CODE_PADI: 547 case PPPOE_CODE_PADR: 548 /* ignore, we are no access concentrator */ 549 goto done; 550 case PPPOE_CODE_PADO: 551 if (sc == NULL) { 552 /* be quiet if there is not a single pppoe instance */ 553 if (!LIST_EMPTY(&pppoe_softc_list)) 554 printf("pppoe: received PADO but could not find request for it\n"); 555 goto done; 556 } 557 if (sc->sc_state != PPPOE_STATE_PADI_SENT) { 558 printf("%s: received unexpected PADO\n", 559 sc->sc_sppp.pp_if.if_xname); 560 goto done; 561 } 562 if (ac_cookie) { 563 if (sc->sc_ac_cookie) 564 free(sc->sc_ac_cookie, M_DEVBUF, 565 sc->sc_ac_cookie_len); 566 sc->sc_ac_cookie = malloc(ac_cookie_len, M_DEVBUF, 567 M_DONTWAIT); 568 if (sc->sc_ac_cookie == NULL) { 569 sc->sc_ac_cookie_len = 0; 570 goto done; 571 } 572 sc->sc_ac_cookie_len = ac_cookie_len; 573 memcpy(sc->sc_ac_cookie, ac_cookie, ac_cookie_len); 574 } else if (sc->sc_ac_cookie) { 575 free(sc->sc_ac_cookie, M_DEVBUF, sc->sc_ac_cookie_len); 576 sc->sc_ac_cookie = NULL; 577 sc->sc_ac_cookie_len = 0; 578 } 579 if (relay_sid) { 580 if (sc->sc_relay_sid) 581 free(sc->sc_relay_sid, M_DEVBUF, 582 sc->sc_relay_sid_len); 583 sc->sc_relay_sid = malloc(relay_sid_len, M_DEVBUF, 584 M_DONTWAIT); 585 if (sc->sc_relay_sid == NULL) { 586 sc->sc_relay_sid_len = 0; 587 goto done; 588 } 589 sc->sc_relay_sid_len = relay_sid_len; 590 memcpy(sc->sc_relay_sid, relay_sid, relay_sid_len); 591 } else if (sc->sc_relay_sid) { 592 free(sc->sc_relay_sid, M_DEVBUF, sc->sc_relay_sid_len); 593 sc->sc_relay_sid = NULL; 594 sc->sc_relay_sid_len = 0; 595 } 596 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU && 597 (!max_payloadtag || 598 ntohs(max_payload) != sc->sc_sppp.pp_if.if_mtu)) { 599 printf("%s: No valid PPP-Max-Payload tag received in PADO\n", 600 sc->sc_sppp.pp_if.if_xname); 601 sc->sc_sppp.pp_if.if_mtu = PPPOE_MTU; 602 } 603 604 memcpy(&sc->sc_dest, eh->ether_shost, sizeof(sc->sc_dest)); 605 sc->sc_padr_retried = 0; 606 sc->sc_state = PPPOE_STATE_PADR_SENT; 607 if ((err = pppoe_send_padr(sc)) != 0) { 608 PPPOEDEBUG(("%s: failed to send PADR, error=%d\n", 609 sc->sc_sppp.pp_if.if_xname, err)); 610 } 611 timeout_add_sec(&sc->sc_timeout, 612 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried)); 613 614 break; 615 case PPPOE_CODE_PADS: 616 if (sc == NULL) 617 goto done; 618 619 sc->sc_session = session; 620 timeout_del(&sc->sc_timeout); 621 PPPOEDEBUG(("%s: session 0x%x connected\n", 622 sc->sc_sppp.pp_if.if_xname, session)); 623 sc->sc_state = PPPOE_STATE_SESSION; 624 getmicrouptime(&sc->sc_session_time); 625 sc->sc_sppp.pp_up(&sc->sc_sppp); /* notify upper layers */ 626 627 break; 628 case PPPOE_CODE_PADT: 629 if (sc == NULL) 630 goto done; 631 632 /* stop timer (we might be about to transmit a PADT ourself) */ 633 timeout_del(&sc->sc_timeout); 634 PPPOEDEBUG(("%s: session 0x%x terminated, received PADT\n", 635 sc->sc_sppp.pp_if.if_xname, session)); 636 637 /* clean up softc */ 638 sc->sc_state = PPPOE_STATE_INITIAL; 639 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 640 if (sc->sc_ac_cookie) { 641 free(sc->sc_ac_cookie, M_DEVBUF, 642 sc->sc_ac_cookie_len); 643 sc->sc_ac_cookie = NULL; 644 } 645 if (sc->sc_relay_sid) { 646 free(sc->sc_relay_sid, M_DEVBUF, sc->sc_relay_sid_len); 647 sc->sc_relay_sid = NULL; 648 } 649 sc->sc_ac_cookie_len = 0; 650 sc->sc_relay_sid_len = 0; 651 sc->sc_session = 0; 652 sc->sc_session_time.tv_sec = 0; 653 sc->sc_session_time.tv_usec = 0; 654 sc->sc_sppp.pp_down(&sc->sc_sppp); /* signal upper layer */ 655 656 break; 657 default: 658 printf("%s: unknown code (0x%04x) session = 0x%04x\n", 659 sc ? sc->sc_sppp.pp_if.if_xname : "pppoe", 660 code, session); 661 break; 662 } 663 664 done: 665 m_freem(m); 666 } 667 668 /* Input function for discovery packets. */ 669 void 670 pppoe_disc_input(struct mbuf *m) 671 { 672 /* avoid error messages if there is not a single pppoe instance */ 673 if (!LIST_EMPTY(&pppoe_softc_list)) { 674 KASSERT(m->m_flags & M_PKTHDR); 675 pppoe_dispatch_disc_pkt(m); 676 } else 677 m_freem(m); 678 } 679 680 /* Input function for data packets */ 681 void 682 pppoe_data_input(struct mbuf *m) 683 { 684 struct pppoe_softc *sc; 685 struct pppoehdr *ph; 686 u_int16_t session, plen; 687 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 688 u_int8_t shost[ETHER_ADDR_LEN]; 689 #endif 690 if (LIST_EMPTY(&pppoe_softc_list)) 691 goto drop; 692 693 KASSERT(m->m_flags & M_PKTHDR); 694 695 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 696 memcpy(shost, mtod(m, struct ether_header*)->ether_shost, ETHER_ADDR_LEN); 697 #endif 698 m_adj(m, sizeof(struct ether_header)); 699 if (m->m_pkthdr.len <= PPPOE_HEADERLEN) { 700 printf("pppoe (data): dropping too short packet: %d bytes\n", 701 m->m_pkthdr.len); 702 goto drop; 703 } 704 if (m->m_len < sizeof(*ph)) { 705 m = m_pullup(m, sizeof(*ph)); 706 if (m == NULL) { 707 printf("pppoe (data): could not get PPPoE header\n"); 708 return; 709 } 710 } 711 ph = mtod(m, struct pppoehdr *); 712 if (ph->vertype != PPPOE_VERTYPE) { 713 printf("pppoe (data): unknown version/type packet: 0x%x\n", 714 ph->vertype); 715 goto drop; 716 } 717 if (ph->code != 0) 718 goto drop; 719 720 session = ntohs(ph->session); 721 sc = pppoe_find_softc_by_session(session, m->m_pkthdr.ph_ifidx); 722 if (sc == NULL) { 723 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS 724 printf("pppoe (data): input for unknown session 0x%x, sending PADT\n", 725 session); 726 pppoe_send_padt(m->m_pkthdr.ph_ifidx, session, shost, 0); 727 #endif 728 goto drop; 729 } 730 731 plen = ntohs(ph->plen); 732 733 #if NBPFILTER > 0 734 if(sc->sc_sppp.pp_if.if_bpf) 735 bpf_mtap(sc->sc_sppp.pp_if.if_bpf, m, BPF_DIRECTION_IN); 736 #endif 737 738 m_adj(m, PPPOE_HEADERLEN); 739 740 #ifdef PPPOE_DEBUG 741 { 742 struct mbuf *p; 743 744 printf("%s: pkthdr.len=%d, pppoe.len=%d", 745 sc->sc_sppp.pp_if.if_xname, 746 m->m_pkthdr.len, plen); 747 p = m; 748 while (p) { 749 printf(" l=%d", p->m_len); 750 p = p->m_next; 751 } 752 printf("\n"); 753 } 754 #endif 755 756 if (m->m_pkthdr.len < plen) 757 goto drop; 758 759 /* fix incoming interface pointer (not the raw ethernet interface anymore) */ 760 m->m_pkthdr.ph_ifidx = sc->sc_sppp.pp_if.if_index; 761 762 /* pass packet up and account for it */ 763 sc->sc_sppp.pp_if.if_ipackets++; 764 sppp_input(&sc->sc_sppp.pp_if, m); 765 return; 766 767 drop: 768 m_freem(m); 769 } 770 771 static int 772 pppoe_output(struct pppoe_softc *sc, struct mbuf *m) 773 { 774 struct sockaddr dst; 775 struct ether_header *eh; 776 struct ifnet *eth_if; 777 u_int16_t etype; 778 int ret; 779 780 if ((eth_if = if_get(sc->sc_eth_ifidx)) == NULL) { 781 m_freem(m); 782 return (EIO); 783 } 784 785 if ((eth_if->if_flags & (IFF_UP|IFF_RUNNING)) 786 != (IFF_UP|IFF_RUNNING)) { 787 if_put(eth_if); 788 m_freem(m); 789 return (ENETDOWN); 790 } 791 792 memset(&dst, 0, sizeof dst); 793 dst.sa_family = AF_UNSPEC; 794 eh = (struct ether_header*)&dst.sa_data; 795 etype = sc->sc_state == PPPOE_STATE_SESSION ? ETHERTYPE_PPPOE : ETHERTYPE_PPPOEDISC; 796 eh->ether_type = htons(etype); 797 memcpy(&eh->ether_dhost, &sc->sc_dest, sizeof sc->sc_dest); 798 799 PPPOEDEBUG(("%s (%x) state=%d, session=0x%x output -> %s, len=%d\n", 800 sc->sc_sppp.pp_if.if_xname, etype, 801 sc->sc_state, sc->sc_session, 802 ether_sprintf((unsigned char *)&sc->sc_dest), m->m_pkthdr.len)); 803 804 m->m_flags &= ~(M_BCAST|M_MCAST); 805 /* encapsulated packet is forced into rdomain of physical interface */ 806 m->m_pkthdr.ph_rtableid = eth_if->if_rdomain; 807 808 ret = eth_if->if_output(eth_if, m, &dst, NULL); 809 if_put(eth_if); 810 811 return (ret); 812 } 813 814 /* The ioctl routine. */ 815 static int 816 pppoe_ioctl(struct ifnet *ifp, unsigned long cmd, caddr_t data) 817 { 818 struct proc *p = curproc; /* XXX */ 819 struct pppoe_softc *sc = (struct pppoe_softc *)ifp; 820 struct ifnet *eth_if; 821 int error = 0; 822 823 switch (cmd) { 824 case PPPOESETPARMS: 825 { 826 struct pppoediscparms *parms = (struct pppoediscparms *)data; 827 int len; 828 829 if ((error = suser(p)) != 0) 830 return (error); 831 if (parms->eth_ifname[0] != '\0') { 832 struct ifnet *eth_if; 833 834 eth_if = if_unit(parms->eth_ifname); 835 if (eth_if == NULL || eth_if->if_type != IFT_ETHER) { 836 if_put(eth_if); 837 sc->sc_eth_ifidx = 0; 838 return (ENXIO); 839 } 840 841 if (sc->sc_sppp.pp_if.if_mtu > 842 eth_if->if_mtu - PPPOE_OVERHEAD) { 843 sc->sc_sppp.pp_if.if_mtu = eth_if->if_mtu - 844 PPPOE_OVERHEAD; 845 } 846 sc->sc_eth_ifidx = eth_if->if_index; 847 if_put(eth_if); 848 } 849 850 if (sc->sc_concentrator_name) 851 free(sc->sc_concentrator_name, M_DEVBUF, 852 strlen(sc->sc_concentrator_name) + 1); 853 sc->sc_concentrator_name = NULL; 854 855 len = strlen(parms->ac_name); 856 if (len > 0 && len < sizeof(parms->ac_name)) { 857 char *p = malloc(len + 1, M_DEVBUF, M_WAITOK|M_CANFAIL); 858 if (p == NULL) 859 return (ENOMEM); 860 strlcpy(p, parms->ac_name, len + 1); 861 sc->sc_concentrator_name = p; 862 } 863 864 if (sc->sc_service_name) 865 free(sc->sc_service_name, M_DEVBUF, 866 strlen(sc->sc_service_name) + 1); 867 sc->sc_service_name = NULL; 868 869 len = strlen(parms->service_name); 870 if (len > 0 && len < sizeof(parms->service_name)) { 871 char *p = malloc(len + 1, M_DEVBUF, M_WAITOK|M_CANFAIL); 872 if (p == NULL) 873 return (ENOMEM); 874 strlcpy(p, parms->service_name, len + 1); 875 sc->sc_service_name = p; 876 } 877 return (0); 878 } 879 break; 880 case PPPOEGETPARMS: 881 { 882 struct pppoediscparms *parms = (struct pppoediscparms *)data; 883 884 if ((eth_if = if_get(sc->sc_eth_ifidx)) != NULL) { 885 strlcpy(parms->eth_ifname, eth_if->if_xname, 886 IFNAMSIZ); 887 if_put(eth_if); 888 } else 889 parms->eth_ifname[0] = '\0'; 890 891 if (sc->sc_concentrator_name) 892 strlcpy(parms->ac_name, sc->sc_concentrator_name, 893 sizeof(parms->ac_name)); 894 else 895 parms->ac_name[0] = '\0'; 896 897 if (sc->sc_service_name) 898 strlcpy(parms->service_name, sc->sc_service_name, 899 sizeof(parms->service_name)); 900 else 901 parms->service_name[0] = '\0'; 902 903 return (0); 904 } 905 break; 906 case PPPOEGETSESSION: 907 { 908 struct pppoeconnectionstate *state = 909 (struct pppoeconnectionstate *)data; 910 state->state = sc->sc_state; 911 state->session_id = sc->sc_session; 912 state->padi_retry_no = sc->sc_padi_retried; 913 state->padr_retry_no = sc->sc_padr_retried; 914 state->session_time.tv_sec = sc->sc_session_time.tv_sec; 915 state->session_time.tv_usec = sc->sc_session_time.tv_usec; 916 return (0); 917 } 918 break; 919 case SIOCSIFFLAGS: 920 { 921 struct ifreq *ifr = (struct ifreq *)data; 922 /* 923 * Prevent running re-establishment timers overriding 924 * administrators choice. 925 */ 926 if ((ifr->ifr_flags & IFF_UP) == 0 927 && sc->sc_state >= PPPOE_STATE_PADI_SENT 928 && sc->sc_state < PPPOE_STATE_SESSION) { 929 timeout_del(&sc->sc_timeout); 930 sc->sc_state = PPPOE_STATE_INITIAL; 931 sc->sc_padi_retried = 0; 932 sc->sc_padr_retried = 0; 933 memcpy(&sc->sc_dest, etherbroadcastaddr, 934 sizeof(sc->sc_dest)); 935 } 936 return (sppp_ioctl(ifp, cmd, data)); 937 } 938 case SIOCSIFMTU: 939 { 940 struct ifreq *ifr = (struct ifreq *)data; 941 942 eth_if = if_get(sc->sc_eth_ifidx); 943 944 if (ifr->ifr_mtu > MIN(PPPOE_MAXMTU, 945 (eth_if == NULL ? PPPOE_MAXMTU : 946 (eth_if->if_mtu - PPPOE_OVERHEAD)))) 947 error = EINVAL; 948 else 949 error = 0; 950 951 if_put(eth_if); 952 953 if (error != 0) 954 return (error); 955 956 return (sppp_ioctl(ifp, cmd, data)); 957 } 958 default: 959 error = sppp_ioctl(ifp, cmd, data); 960 if (error == ENETRESET) { 961 error = 0; 962 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 963 (IFF_UP | IFF_RUNNING)) { 964 if_down(ifp); 965 if (sc->sc_state >= PPPOE_STATE_PADI_SENT && 966 sc->sc_state < PPPOE_STATE_SESSION) { 967 timeout_del(&sc->sc_timeout); 968 sc->sc_state = PPPOE_STATE_INITIAL; 969 sc->sc_padi_retried = 0; 970 sc->sc_padr_retried = 0; 971 memcpy(&sc->sc_dest, 972 etherbroadcastaddr, 973 sizeof(sc->sc_dest)); 974 } 975 error = sppp_ioctl(ifp, SIOCSIFFLAGS, NULL); 976 if (error) 977 return (error); 978 if_up(ifp); 979 return (sppp_ioctl(ifp, SIOCSIFFLAGS, NULL)); 980 } 981 } 982 return (error); 983 } 984 return (0); 985 } 986 987 /* 988 * Allocate a mbuf/cluster with space to store the given data length 989 * of payload, leaving space for prepending an ethernet header 990 * in front. 991 */ 992 static struct mbuf * 993 pppoe_get_mbuf(size_t len) 994 { 995 struct mbuf *m; 996 997 if (len + sizeof(struct ether_header) > MCLBYTES) 998 return NULL; 999 1000 MGETHDR(m, M_DONTWAIT, MT_DATA); 1001 if (m == NULL) 1002 return (NULL); 1003 if (len + sizeof(struct ether_header) > MHLEN) { 1004 MCLGET(m, M_DONTWAIT); 1005 if ((m->m_flags & M_EXT) == 0) { 1006 m_free(m); 1007 return (NULL); 1008 } 1009 } 1010 m->m_data += sizeof(struct ether_header); 1011 m->m_len = len; 1012 m->m_pkthdr.len = len; 1013 m->m_pkthdr.ph_ifidx = 0; 1014 1015 return (m); 1016 } 1017 1018 /* Send PADI. */ 1019 static int 1020 pppoe_send_padi(struct pppoe_softc *sc) 1021 { 1022 struct mbuf *m0; 1023 int len, l1 = 0, l2 = 0; /* XXX: gcc */ 1024 u_int8_t *p; 1025 1026 if (sc->sc_state > PPPOE_STATE_PADI_SENT) 1027 panic("pppoe_send_padi in state %d", sc->sc_state); 1028 1029 /* calculate length of frame (excluding ethernet header + pppoe header) */ 1030 len = 2 + 2 + 2 + 2 + sizeof(sc->sc_unique); /* service name tag is required, host unique is sent too */ 1031 if (sc->sc_service_name != NULL) { 1032 l1 = strlen(sc->sc_service_name); 1033 len += l1; 1034 } 1035 if (sc->sc_concentrator_name != NULL) { 1036 l2 = strlen(sc->sc_concentrator_name); 1037 len += 2 + 2 + l2; 1038 } 1039 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU) 1040 len += 2 + 2 + 2; 1041 1042 /* allocate a buffer */ 1043 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); /* header len + payload len */ 1044 if (m0 == NULL) 1045 return (ENOBUFS); 1046 m0->m_pkthdr.pf.prio = sc->sc_sppp.pp_if.if_llprio; 1047 1048 /* fill in pkt */ 1049 p = mtod(m0, u_int8_t *); 1050 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADI, 0, len); 1051 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1052 if (sc->sc_service_name != NULL) { 1053 PPPOE_ADD_16(p, l1); 1054 memcpy(p, sc->sc_service_name, l1); 1055 p += l1; 1056 } else { 1057 PPPOE_ADD_16(p, 0); 1058 } 1059 if (sc->sc_concentrator_name != NULL) { 1060 PPPOE_ADD_16(p, PPPOE_TAG_ACNAME); 1061 PPPOE_ADD_16(p, l2); 1062 memcpy(p, sc->sc_concentrator_name, l2); 1063 p += l2; 1064 } 1065 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1066 PPPOE_ADD_16(p, sizeof(sc->sc_unique)); 1067 memcpy(p, &sc->sc_unique, sizeof(sc->sc_unique)); 1068 p += sizeof(sc->sc_unique); 1069 1070 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU) { 1071 PPPOE_ADD_16(p, PPPOE_TAG_MAX_PAYLOAD); 1072 PPPOE_ADD_16(p, 2); 1073 PPPOE_ADD_16(p, (u_int16_t)sc->sc_sppp.pp_if.if_mtu); 1074 } 1075 1076 #ifdef PPPOE_DEBUG 1077 if (p - mtod(m0, u_int8_t *) != len + PPPOE_HEADERLEN) 1078 panic("pppoe_send_padi: garbled output len, should be %ld, is %ld", 1079 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, u_int8_t *))); 1080 #endif 1081 1082 /* send pkt */ 1083 return (pppoe_output(sc, m0)); 1084 } 1085 1086 /* Watchdog function. */ 1087 static void 1088 pppoe_timeout(void *arg) 1089 { 1090 struct pppoe_softc *sc = (struct pppoe_softc *)arg; 1091 int x, retry_wait, err; 1092 1093 PPPOEDEBUG(("%s: timeout\n", sc->sc_sppp.pp_if.if_xname)); 1094 1095 NET_LOCK(); 1096 1097 switch (sc->sc_state) { 1098 case PPPOE_STATE_PADI_SENT: 1099 /* 1100 * We have two basic ways of retrying: 1101 * - Quick retry mode: try a few times in short sequence 1102 * - Slow retry mode: we already had a connection successfully 1103 * established and will try infinitely (without user 1104 * intervention) 1105 * We only enter slow retry mode if IFF_LINK1 (aka autodial) 1106 * is not set. 1107 */ 1108 1109 /* initialize for quick retry mode */ 1110 retry_wait = PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried); 1111 1112 x = splnet(); 1113 sc->sc_padi_retried++; 1114 if (sc->sc_padi_retried >= PPPOE_DISC_MAXPADI) { 1115 if ((sc->sc_sppp.pp_if.if_flags & IFF_LINK1) == 0) { 1116 /* slow retry mode */ 1117 retry_wait = PPPOE_SLOW_RETRY; 1118 } else { 1119 pppoe_abort_connect(sc); 1120 splx(x); 1121 break; 1122 } 1123 } 1124 if ((err = pppoe_send_padi(sc)) != 0) { 1125 sc->sc_padi_retried--; 1126 PPPOEDEBUG(("%s: failed to transmit PADI, error=%d\n", 1127 sc->sc_sppp.pp_if.if_xname, err)); 1128 } 1129 timeout_add_sec(&sc->sc_timeout, retry_wait); 1130 splx(x); 1131 1132 break; 1133 case PPPOE_STATE_PADR_SENT: 1134 x = splnet(); 1135 sc->sc_padr_retried++; 1136 if (sc->sc_padr_retried >= PPPOE_DISC_MAXPADR) { 1137 memcpy(&sc->sc_dest, etherbroadcastaddr, 1138 sizeof(sc->sc_dest)); 1139 sc->sc_state = PPPOE_STATE_PADI_SENT; 1140 sc->sc_padr_retried = 0; 1141 if ((err = pppoe_send_padi(sc)) != 0) { 1142 PPPOEDEBUG(("%s: failed to send PADI, error=%d\n", 1143 sc->sc_sppp.pp_if.if_xname, err)); 1144 } 1145 timeout_add_sec(&sc->sc_timeout, 1146 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried)); 1147 splx(x); 1148 break; 1149 } 1150 if ((err = pppoe_send_padr(sc)) != 0) { 1151 sc->sc_padr_retried--; 1152 PPPOEDEBUG(("%s: failed to send PADR, error=%d\n", 1153 sc->sc_sppp.pp_if.if_xname, err)); 1154 } 1155 timeout_add_sec(&sc->sc_timeout, 1156 PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried)); 1157 splx(x); 1158 1159 break; 1160 case PPPOE_STATE_CLOSING: 1161 pppoe_disconnect(sc); 1162 break; 1163 default: 1164 break; /* all done, work in peace */ 1165 } 1166 1167 NET_UNLOCK(); 1168 } 1169 1170 /* Start a connection (i.e. initiate discovery phase). */ 1171 static int 1172 pppoe_connect(struct pppoe_softc *sc) 1173 { 1174 int x, err; 1175 1176 if (sc->sc_state != PPPOE_STATE_INITIAL) 1177 return (EBUSY); 1178 1179 x = splnet(); 1180 1181 /* save state, in case we fail to send PADI */ 1182 sc->sc_state = PPPOE_STATE_PADI_SENT; 1183 sc->sc_padr_retried = 0; 1184 err = pppoe_send_padi(sc); 1185 if (err != 0) 1186 PPPOEDEBUG(("%s: failed to send PADI, error=%d\n", 1187 sc->sc_sppp.pp_if.if_xname, err)); 1188 1189 timeout_add_sec(&sc->sc_timeout, PPPOE_DISC_TIMEOUT); 1190 splx(x); 1191 1192 return (err); 1193 } 1194 1195 /* disconnect */ 1196 static int 1197 pppoe_disconnect(struct pppoe_softc *sc) 1198 { 1199 int err, x; 1200 1201 x = splnet(); 1202 1203 if (sc->sc_state < PPPOE_STATE_SESSION) 1204 err = EBUSY; 1205 else { 1206 PPPOEDEBUG(("%s: disconnecting\n", 1207 sc->sc_sppp.pp_if.if_xname)); 1208 err = pppoe_send_padt(sc->sc_eth_ifidx, 1209 sc->sc_session, (const u_int8_t *)&sc->sc_dest, 1210 sc->sc_sppp.pp_if.if_llprio); 1211 } 1212 1213 /* cleanup softc */ 1214 sc->sc_state = PPPOE_STATE_INITIAL; 1215 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1216 if (sc->sc_ac_cookie) { 1217 free(sc->sc_ac_cookie, M_DEVBUF, sc->sc_ac_cookie_len); 1218 sc->sc_ac_cookie = NULL; 1219 } 1220 sc->sc_ac_cookie_len = 0; 1221 if (sc->sc_relay_sid) { 1222 free(sc->sc_relay_sid, M_DEVBUF, sc->sc_relay_sid_len); 1223 sc->sc_relay_sid = NULL; 1224 } 1225 sc->sc_relay_sid_len = 0; 1226 sc->sc_session = 0; 1227 1228 /* notify upper layer */ 1229 sc->sc_sppp.pp_down(&sc->sc_sppp); 1230 1231 splx(x); 1232 1233 return (err); 1234 } 1235 1236 /* Connection attempt aborted. */ 1237 static void 1238 pppoe_abort_connect(struct pppoe_softc *sc) 1239 { 1240 printf("%s: could not establish connection\n", 1241 sc->sc_sppp.pp_if.if_xname); 1242 sc->sc_state = PPPOE_STATE_CLOSING; 1243 1244 /* notify upper layer */ 1245 sc->sc_sppp.pp_down(&sc->sc_sppp); 1246 1247 /* clear connection state */ 1248 memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest)); 1249 sc->sc_state = PPPOE_STATE_INITIAL; 1250 } 1251 1252 /* Send a PADR packet */ 1253 static int 1254 pppoe_send_padr(struct pppoe_softc *sc) 1255 { 1256 struct mbuf *m0; 1257 u_int8_t *p; 1258 size_t len, l1 = 0; /* XXX: gcc */ 1259 1260 if (sc->sc_state != PPPOE_STATE_PADR_SENT) 1261 return (EIO); 1262 1263 len = 2 + 2 + 2 + 2 + sizeof(sc->sc_unique); /* service name, host unique */ 1264 if (sc->sc_service_name != NULL) { /* service name tag maybe empty */ 1265 l1 = strlen(sc->sc_service_name); 1266 len += l1; 1267 } 1268 if (sc->sc_ac_cookie_len > 0) 1269 len += 2 + 2 + sc->sc_ac_cookie_len; /* AC cookie */ 1270 if (sc->sc_relay_sid_len > 0) 1271 len += 2 + 2 + sc->sc_relay_sid_len; /* Relay SID */ 1272 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU) 1273 len += 2 + 2 + 2; 1274 1275 m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN); 1276 if (m0 == NULL) 1277 return (ENOBUFS); 1278 m0->m_pkthdr.pf.prio = sc->sc_sppp.pp_if.if_llprio; 1279 1280 p = mtod(m0, u_int8_t *); 1281 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADR, 0, len); 1282 PPPOE_ADD_16(p, PPPOE_TAG_SNAME); 1283 1284 if (sc->sc_service_name != NULL) { 1285 PPPOE_ADD_16(p, l1); 1286 memcpy(p, sc->sc_service_name, l1); 1287 p += l1; 1288 } else { 1289 PPPOE_ADD_16(p, 0); 1290 } 1291 if (sc->sc_ac_cookie_len > 0) { 1292 PPPOE_ADD_16(p, PPPOE_TAG_ACCOOKIE); 1293 PPPOE_ADD_16(p, sc->sc_ac_cookie_len); 1294 memcpy(p, sc->sc_ac_cookie, sc->sc_ac_cookie_len); 1295 p += sc->sc_ac_cookie_len; 1296 } 1297 if (sc->sc_relay_sid_len > 0) { 1298 PPPOE_ADD_16(p, PPPOE_TAG_RELAYSID); 1299 PPPOE_ADD_16(p, sc->sc_relay_sid_len); 1300 memcpy(p, sc->sc_relay_sid, sc->sc_relay_sid_len); 1301 p += sc->sc_relay_sid_len; 1302 } 1303 PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE); 1304 PPPOE_ADD_16(p, sizeof(sc->sc_unique)); 1305 memcpy(p, &sc->sc_unique, sizeof(sc->sc_unique)); 1306 p += sizeof(sc->sc_unique); 1307 1308 if (sc->sc_sppp.pp_if.if_mtu > PPPOE_MTU) { 1309 PPPOE_ADD_16(p, PPPOE_TAG_MAX_PAYLOAD); 1310 PPPOE_ADD_16(p, 2); 1311 PPPOE_ADD_16(p, (u_int16_t)sc->sc_sppp.pp_if.if_mtu); 1312 } 1313 1314 #ifdef PPPOE_DEBUG 1315 if (p - mtod(m0, u_int8_t *) != len + PPPOE_HEADERLEN) 1316 panic("pppoe_send_padr: garbled output len, should be %ld, is %ld", 1317 (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, u_int8_t *))); 1318 #endif 1319 1320 return (pppoe_output(sc, m0)); 1321 } 1322 1323 /* Send a PADT packet. */ 1324 static int 1325 pppoe_send_padt(unsigned int ifidx, u_int session, const u_int8_t *dest, u_int8_t prio) 1326 { 1327 struct ether_header *eh; 1328 struct sockaddr dst; 1329 struct ifnet *eth_if; 1330 struct mbuf *m0; 1331 u_int8_t *p; 1332 int ret; 1333 1334 if ((eth_if = if_get(ifidx)) == NULL) 1335 return (EINVAL); 1336 1337 m0 = pppoe_get_mbuf(PPPOE_HEADERLEN); 1338 if (m0 == NULL) { 1339 if_put(eth_if); 1340 return (ENOBUFS); 1341 } 1342 m0->m_pkthdr.pf.prio = prio; 1343 1344 p = mtod(m0, u_int8_t *); 1345 PPPOE_ADD_HEADER(p, PPPOE_CODE_PADT, session, 0); 1346 1347 memset(&dst, 0, sizeof(dst)); 1348 dst.sa_family = AF_UNSPEC; 1349 eh = (struct ether_header *)&dst.sa_data; 1350 eh->ether_type = htons(ETHERTYPE_PPPOEDISC); 1351 memcpy(&eh->ether_dhost, dest, ETHER_ADDR_LEN); 1352 1353 m0->m_flags &= ~(M_BCAST|M_MCAST); 1354 /* encapsulated packet is forced into rdomain of physical interface */ 1355 m0->m_pkthdr.ph_rtableid = eth_if->if_rdomain; 1356 1357 ret = eth_if->if_output(eth_if, m0, &dst, NULL); 1358 if_put(eth_if); 1359 1360 return (ret); 1361 } 1362 1363 1364 /* this-layer-start function */ 1365 static void 1366 pppoe_tls(struct sppp *sp) 1367 { 1368 struct pppoe_softc *sc = (void *)sp; 1369 1370 if (sc->sc_state != PPPOE_STATE_INITIAL) 1371 return; 1372 pppoe_connect(sc); 1373 } 1374 1375 /* this-layer-finish function */ 1376 static void 1377 pppoe_tlf(struct sppp *sp) 1378 { 1379 struct pppoe_softc *sc = (void *)sp; 1380 1381 if (sc->sc_state < PPPOE_STATE_SESSION) 1382 return; 1383 /* 1384 * Do not call pppoe_disconnect here, the upper layer state 1385 * machine gets confused by this. We must return from this 1386 * function and defer disconnecting to the timeout handler. 1387 */ 1388 sc->sc_state = PPPOE_STATE_CLOSING; 1389 timeout_add_msec(&sc->sc_timeout, 20); 1390 } 1391 1392 static void 1393 pppoe_start(struct ifnet *ifp) 1394 { 1395 struct pppoe_softc *sc = (void *)ifp; 1396 struct mbuf *m; 1397 size_t len; 1398 u_int8_t *p; 1399 1400 if (sppp_isempty(ifp)) 1401 return; 1402 1403 /* are we ready to process data yet? */ 1404 if (sc->sc_state < PPPOE_STATE_SESSION) { 1405 sppp_flush(&sc->sc_sppp.pp_if); 1406 return; 1407 } 1408 1409 while ((m = sppp_dequeue(ifp)) != NULL) { 1410 len = m->m_pkthdr.len; 1411 M_PREPEND(m, PPPOE_HEADERLEN, M_DONTWAIT); 1412 if (m == NULL) { 1413 ifp->if_oerrors++; 1414 continue; 1415 } 1416 p = mtod(m, u_int8_t *); 1417 PPPOE_ADD_HEADER(p, 0, sc->sc_session, len); 1418 1419 #if NBPFILTER > 0 1420 if(sc->sc_sppp.pp_if.if_bpf) 1421 bpf_mtap(sc->sc_sppp.pp_if.if_bpf, m, 1422 BPF_DIRECTION_OUT); 1423 #endif 1424 1425 pppoe_output(sc, m); 1426 } 1427 } 1428