ng_pppoe.c revision 161034
199112Sobrien/* 299112Sobrien * ng_pppoe.c 385739Sgreen */ 485739Sgreen 585739Sgreen/*- 685739Sgreen * Copyright (c) 1996-1999 Whistle Communications, Inc. 785739Sgreen * All rights reserved. 885739Sgreen * 985739Sgreen * Subject to the following obligations and disclaimer of warranty, use and 1085739Sgreen * redistribution of this software, in source or object code forms, with or 11129657Sstefanf * without modifications are expressly permitted by Whistle Communications; 1285739Sgreen * provided, however, that: 1385739Sgreen * 1. Any and all reproductions of the source or object code must include the 1485739Sgreen * copyright notice above and the following disclaimer of warranties; and 1585739Sgreen * 2. No rights are granted, in any manner or form, to use Whistle 1685739Sgreen * Communications, Inc. trademarks, including the mark "WHISTLE 1785739Sgreen * COMMUNICATIONS" on advertising, endorsements, or otherwise except as 1885739Sgreen * such appears in the above copyright notice or in the software. 19246783Scharnier * 2085739Sgreen * THIS SOFTWARE IS BEING PROVIDED BY WHISTLE COMMUNICATIONS "AS IS", AND 2185739Sgreen * TO THE MAXIMUM EXTENT PERMITTED BY LAW, WHISTLE COMMUNICATIONS MAKES NO 2285739Sgreen * REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING THIS SOFTWARE, 2385739Sgreen * INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED WARRANTIES OF 2485739Sgreen * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. 2585739Sgreen * WHISTLE COMMUNICATIONS DOES NOT WARRANT, GUARANTEE, OR MAKE ANY 2685739Sgreen * REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS OF THE USE OF THIS 2785739Sgreen * SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY, RELIABILITY OR OTHERWISE. 2885739Sgreen * IN NO EVENT SHALL WHISTLE COMMUNICATIONS BE LIABLE FOR ANY DAMAGES 2985739Sgreen * RESULTING FROM OR ARISING OUT OF ANY USE OF THIS SOFTWARE, INCLUDING 3085739Sgreen * WITHOUT LIMITATION, ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, 3185739Sgreen * PUNITIVE, OR CONSEQUENTIAL DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR 3285739Sgreen * SERVICES, LOSS OF USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY 3385739Sgreen * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 3485739Sgreen * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 3585739Sgreen * THIS SOFTWARE, EVEN IF WHISTLE COMMUNICATIONS IS ADVISED OF THE POSSIBILITY 3685739Sgreen * OF SUCH DAMAGE. 3785739Sgreen * 3885739Sgreen * Author: Julian Elischer <julian@freebsd.org> 3985739Sgreen * 4085739Sgreen * $FreeBSD: head/sys/netgraph/ng_pppoe.c 161034 2006-08-07 08:05:10Z glebius $ 4185739Sgreen * $Whistle: ng_pppoe.c,v 1.10 1999/11/01 09:24:52 julian Exp $ 4285739Sgreen */ 4385739Sgreen 4485739Sgreen#include <sys/param.h> 4585739Sgreen#include <sys/systm.h> 4685739Sgreen#include <sys/kernel.h> 4785739Sgreen#include <sys/ktr.h> 4885739Sgreen#include <sys/mbuf.h> 4985739Sgreen#include <sys/malloc.h> 5085739Sgreen#include <sys/errno.h> 5185739Sgreen#include <sys/syslog.h> 5285739Sgreen#include <net/ethernet.h> 5385739Sgreen 5485739Sgreen#include <netgraph/ng_message.h> 5585739Sgreen#include <netgraph/netgraph.h> 5685739Sgreen#include <netgraph/ng_parse.h> 5785739Sgreen#include <netgraph/ng_pppoe.h> 5885739Sgreen 5985739Sgreen#ifdef NG_SEPARATE_MALLOC 6085739SgreenMALLOC_DEFINE(M_NETGRAPH_PPPOE, "netgraph_pppoe", "netgraph pppoe node"); 6185739Sgreen#else 6285739Sgreen#define M_NETGRAPH_PPPOE M_NETGRAPH 63136175Sgreen#endif 6485739Sgreen 65#define SIGNOFF "session closed" 66#define OFFSETOF(s, e) ((char *)&((s *)0)->e - (char *)((s *)0)) 67 68/* 69 * This section contains the netgraph method declarations for the 70 * pppoe node. These methods define the netgraph pppoe 'type'. 71 */ 72 73static ng_constructor_t ng_pppoe_constructor; 74static ng_rcvmsg_t ng_pppoe_rcvmsg; 75static ng_shutdown_t ng_pppoe_shutdown; 76static ng_newhook_t ng_pppoe_newhook; 77static ng_rcvdata_t ng_pppoe_rcvdata; 78static ng_disconnect_t ng_pppoe_disconnect; 79 80/* Parse type for struct ngpppoe_init_data */ 81static const struct ng_parse_struct_field ngpppoe_init_data_type_fields[] 82 = NG_PPPOE_INIT_DATA_TYPE_INFO; 83static const struct ng_parse_type ngpppoe_init_data_state_type = { 84 &ng_parse_struct_type, 85 &ngpppoe_init_data_type_fields 86}; 87 88/* Parse type for struct ngpppoe_sts */ 89static const struct ng_parse_struct_field ng_pppoe_sts_type_fields[] 90 = NG_PPPOE_STS_TYPE_INFO; 91static const struct ng_parse_type ng_pppoe_sts_state_type = { 92 &ng_parse_struct_type, 93 &ng_pppoe_sts_type_fields 94}; 95 96/* List of commands and how to convert arguments to/from ASCII */ 97static const struct ng_cmdlist ng_pppoe_cmds[] = { 98 { 99 NGM_PPPOE_COOKIE, 100 NGM_PPPOE_CONNECT, 101 "pppoe_connect", 102 &ngpppoe_init_data_state_type, 103 NULL 104 }, 105 { 106 NGM_PPPOE_COOKIE, 107 NGM_PPPOE_LISTEN, 108 "pppoe_listen", 109 &ngpppoe_init_data_state_type, 110 NULL 111 }, 112 { 113 NGM_PPPOE_COOKIE, 114 NGM_PPPOE_OFFER, 115 "pppoe_offer", 116 &ngpppoe_init_data_state_type, 117 NULL 118 }, 119 { 120 NGM_PPPOE_COOKIE, 121 NGM_PPPOE_SERVICE, 122 "pppoe_service", 123 &ngpppoe_init_data_state_type, 124 NULL 125 }, 126 { 127 NGM_PPPOE_COOKIE, 128 NGM_PPPOE_SUCCESS, 129 "pppoe_success", 130 &ng_pppoe_sts_state_type, 131 NULL 132 }, 133 { 134 NGM_PPPOE_COOKIE, 135 NGM_PPPOE_FAIL, 136 "pppoe_fail", 137 &ng_pppoe_sts_state_type, 138 NULL 139 }, 140 { 141 NGM_PPPOE_COOKIE, 142 NGM_PPPOE_CLOSE, 143 "pppoe_close", 144 &ng_pppoe_sts_state_type, 145 NULL 146 }, 147 { 148 NGM_PPPOE_COOKIE, 149 NGM_PPPOE_SETMODE, 150 "pppoe_setmode", 151 &ng_parse_string_type, 152 NULL 153 }, 154 { 155 NGM_PPPOE_COOKIE, 156 NGM_PPPOE_GETMODE, 157 "pppoe_getmode", 158 NULL, 159 &ng_parse_string_type 160 }, 161 { 0 } 162}; 163 164/* Netgraph node type descriptor */ 165static struct ng_type typestruct = { 166 .version = NG_ABI_VERSION, 167 .name = NG_PPPOE_NODE_TYPE, 168 .constructor = ng_pppoe_constructor, 169 .rcvmsg = ng_pppoe_rcvmsg, 170 .shutdown = ng_pppoe_shutdown, 171 .newhook = ng_pppoe_newhook, 172 .rcvdata = ng_pppoe_rcvdata, 173 .disconnect = ng_pppoe_disconnect, 174 .cmdlist = ng_pppoe_cmds, 175}; 176NETGRAPH_INIT(pppoe, &typestruct); 177 178/* 179 * States for the session state machine. 180 * These have no meaning if there is no hook attached yet. 181 */ 182enum state { 183 PPPOE_SNONE=0, /* [both] Initial state */ 184 PPPOE_LISTENING, /* [Daemon] Listening for discover initiation pkt */ 185 PPPOE_SINIT, /* [Client] Sent discovery initiation */ 186 PPPOE_PRIMED, /* [Server] Awaiting PADI from daemon */ 187 PPPOE_SOFFER, /* [Server] Sent offer message (got PADI)*/ 188 PPPOE_SREQ, /* [Client] Sent a Request */ 189 PPPOE_NEWCONNECTED, /* [Server] Connection established, No data received */ 190 PPPOE_CONNECTED, /* [Both] Connection established, Data received */ 191 PPPOE_DEAD /* [Both] */ 192}; 193 194#define NUMTAGS 20 /* number of tags we are set up to work with */ 195 196/* 197 * Information we store for each hook on each node for negotiating the 198 * session. The mbuf and cluster are freed once negotiation has completed. 199 * The whole negotiation block is then discarded. 200 */ 201 202struct sess_neg { 203 struct mbuf *m; /* holds cluster with last sent packet */ 204 union packet *pkt; /* points within the above cluster */ 205 struct callout handle; /* see timeout(9) */ 206 u_int timeout; /* 0,1,2,4,8,16 etc. seconds */ 207 u_int numtags; 208 const struct pppoe_tag *tags[NUMTAGS]; 209 u_int service_len; 210 u_int ac_name_len; 211 212 struct datatag service; 213 struct datatag ac_name; 214}; 215typedef struct sess_neg *negp; 216 217/* 218 * Session information that is needed after connection. 219 */ 220struct sess_con { 221 hook_p hook; 222 uint16_t Session_ID; 223 enum state state; 224 ng_ID_t creator; /* who to notify */ 225 struct pppoe_full_hdr pkt_hdr; /* used when connected */ 226 negp neg; /* used when negotiating */ 227}; 228typedef struct sess_con *sessp; 229 230#define NG_PPPOE_SESSION_NODE(sp) NG_HOOK_NODE(sp->hook) 231 232static const struct ether_header eh_standard = 233 {{0xff,0xff,0xff,0xff,0xff,0xff}, 234 {0x00,0x00,0x00,0x00,0x00,0x00}, 235 ETHERTYPE_PPPOE_DISC}; 236 237static const struct ether_header eh_3Com = 238 {{0xff,0xff,0xff,0xff,0xff,0xff}, 239 {0x00,0x00,0x00,0x00,0x00,0x00}, 240 ETHERTYPE_PPPOE_3COM_DISC}; 241 242/* 243 * Information we store for each node 244 */ 245struct PPPoE { 246 node_p node; /* back pointer to node */ 247 hook_p ethernet_hook; 248 hook_p debug_hook; 249 u_int packets_in; /* packets in from ethernet */ 250 u_int packets_out; /* packets out towards ethernet */ 251 uint32_t flags; 252#define COMPAT_3COM 0x00000001 253#define COMPAT_DLINK 0x00000002 254 const struct ether_header *eh; /* standard PPPoE or 3Com? */ 255}; 256typedef struct PPPoE *priv_p; 257 258union uniq { 259 char bytes[sizeof(void *)]; 260 void *pointer; 261}; 262 263#define LEAVE(x) do { error = x; goto quit; } while(0) 264static void pppoe_start(sessp sp); 265static void ng_pppoe_sendpacket(sessp sp); 266static void pppoe_ticker(node_p node, hook_p hook, void *arg1, int arg2); 267static const struct pppoe_tag *scan_tags(sessp sp, 268 const struct pppoe_hdr* ph); 269static int pppoe_send_event(sessp sp, enum cmd cmdid); 270 271/************************************************************************* 272 * Some basic utilities from the Linux version with author's permission.* 273 * Author: Michal Ostrowski <mostrows@styx.uwaterloo.ca> * 274 ************************************************************************/ 275 276/* 277 * Generate a new session id 278 * XXX find out the FreeBSD locking scheme. 279 */ 280static uint16_t 281get_new_sid(node_p node) 282{ 283 priv_p privp = NG_NODE_PRIVATE(node); 284 static int pppoe_sid = 10; 285 sessp sp; 286 hook_p hook; 287 uint16_t val; 288 289restart: 290 val = pppoe_sid++; 291 /* 292 * Spec says 0xFFFF is reserved. 293 * Also don't use 0x0000 294 */ 295 if (val == 0xffff) { 296 pppoe_sid = 20; 297 goto restart; 298 } 299 300 /* Check it isn't already in use. */ 301 LIST_FOREACH(hook, &node->nd_hooks, hk_hooks) { 302 /* Don't check special hooks. */ 303 if ((NG_HOOK_PRIVATE(hook) == &privp->debug_hook) 304 || (NG_HOOK_PRIVATE(hook) == &privp->ethernet_hook)) 305 continue; 306 sp = NG_HOOK_PRIVATE(hook); 307 if (sp->Session_ID == val) 308 goto restart; 309 } 310 311 CTR2(KTR_NET, "%20s: new sid %d", __func__, val); 312 313 return (val); 314} 315 316 317/* 318 * Return the location where the next tag can be put 319 */ 320static __inline const struct pppoe_tag* 321next_tag(const struct pppoe_hdr* ph) 322{ 323 return (const struct pppoe_tag*)(((const char*)&ph->tag[0]) 324 + ntohs(ph->length)); 325} 326 327/* 328 * Look for a tag of a specific type. 329 * Don't trust any length the other end says, 330 * but assume we already sanity checked ph->length. 331 */ 332static const struct pppoe_tag* 333get_tag(const struct pppoe_hdr* ph, uint16_t idx) 334{ 335 const char *const end = (const char *)next_tag(ph); 336 const struct pppoe_tag *pt = &ph->tag[0]; 337 const char *ptn; 338 339 /* 340 * Keep processing tags while a tag header will still fit. 341 */ 342 while((const char*)(pt + 1) <= end) { 343 /* 344 * If the tag data would go past the end of the packet, abort. 345 */ 346 ptn = (((const char *)(pt + 1)) + ntohs(pt->tag_len)); 347 if (ptn > end) { 348 CTR2(KTR_NET, "%20s: invalid length for tag %d", 349 __func__, idx); 350 return (NULL); 351 } 352 if (pt->tag_type == idx) { 353 CTR2(KTR_NET, "%20s: found tag %d", __func__, idx); 354 return (pt); 355 } 356 357 pt = (const struct pppoe_tag*)ptn; 358 } 359 360 CTR2(KTR_NET, "%20s: not found tag %d", __func__, idx); 361 return (NULL); 362} 363 364/************************************************************************** 365 * Inlines to initialise or add tags to a session's tag list. 366 **************************************************************************/ 367/* 368 * Initialise the session's tag list. 369 */ 370static void 371init_tags(sessp sp) 372{ 373 KASSERT(sp->neg != NULL, ("%s: no neg", __func__)); 374 sp->neg->numtags = 0; 375} 376 377static void 378insert_tag(sessp sp, const struct pppoe_tag *tp) 379{ 380 negp neg = sp->neg; 381 int i; 382 383 KASSERT(neg != NULL, ("%s: no neg", __func__)); 384 if ((i = neg->numtags++) < NUMTAGS) { 385 neg->tags[i] = tp; 386 } else { 387 log(LOG_NOTICE, "ng_pppoe: asked to add too many tags to " 388 "packet\n"); 389 neg->numtags--; 390 } 391} 392 393/* 394 * Make up a packet, using the tags filled out for the session. 395 * 396 * Assume that the actual pppoe header and ethernet header 397 * are filled out externally to this routine. 398 * Also assume that neg->wh points to the correct 399 * location at the front of the buffer space. 400 */ 401static void 402make_packet(sessp sp) { 403 struct pppoe_full_hdr *wh = &sp->neg->pkt->pkt_header; 404 const struct pppoe_tag **tag; 405 char *dp; 406 int count; 407 int tlen; 408 uint16_t length = 0; 409 410 KASSERT((sp->neg != NULL) && (sp->neg->m != NULL), 411 ("%s: called from wrong state", __func__)); 412 CTR2(KTR_NET, "%20s: called %d", __func__, sp->Session_ID); 413 414 dp = (char *)wh->ph.tag; 415 for (count = 0, tag = sp->neg->tags; 416 ((count < sp->neg->numtags) && (count < NUMTAGS)); 417 tag++, count++) { 418 tlen = ntohs((*tag)->tag_len) + sizeof(**tag); 419 if ((length + tlen) > (ETHER_MAX_LEN - 4 - sizeof(*wh))) { 420 log(LOG_NOTICE, "ng_pppoe: tags too long\n"); 421 sp->neg->numtags = count; 422 break; /* XXX chop off what's too long */ 423 } 424 bcopy(*tag, (char *)dp, tlen); 425 length += tlen; 426 dp += tlen; 427 } 428 wh->ph.length = htons(length); 429 sp->neg->m->m_len = length + sizeof(*wh); 430 sp->neg->m->m_pkthdr.len = length + sizeof(*wh); 431} 432 433/************************************************************************** 434 * Routines to match a service. * 435 **************************************************************************/ 436 437/* 438 * Find a hook that has a service string that matches that 439 * we are seeking. For now use a simple string. 440 * In the future we may need something like regexp(). 441 * 442 * Null string is a wildcard (ANY service), according to RFC2516. 443 * And historical FreeBSD wildcard is also "*". 444 */ 445 446static hook_p 447pppoe_match_svc(node_p node, const struct pppoe_tag *tag) 448{ 449 priv_p privp = NG_NODE_PRIVATE(node); 450 hook_p hook; 451 452 LIST_FOREACH(hook, &node->nd_hooks, hk_hooks) { 453 sessp sp = NG_HOOK_PRIVATE(hook); 454 negp neg; 455 456 /* Skip any hook that is debug or ethernet. */ 457 if ((NG_HOOK_PRIVATE(hook) == &privp->debug_hook) || 458 (NG_HOOK_PRIVATE(hook) == &privp->ethernet_hook)) 459 continue; 460 461 /* Skip any sessions which are not in LISTEN mode. */ 462 if (sp->state != PPPOE_LISTENING) 463 continue; 464 465 neg = sp->neg; 466 467 /* Empty Service-Name matches any service. */ 468 if (neg->service_len == 0) 469 break; 470 471 /* Special case for a blank or "*" service name (wildcard). */ 472 if (neg->service_len == 1 && neg->service.data[0] == '*') 473 break; 474 475 /* If the lengths don't match, that aint it. */ 476 if (neg->service_len != ntohs(tag->tag_len)) 477 continue; 478 479 if (strncmp(tag->tag_data, neg->service.data, 480 ntohs(tag->tag_len)) == 0) 481 break; 482 } 483 CTR3(KTR_NET, "%20s: matched %p for %s", __func__, hook, tag->tag_data); 484 485 return (hook); 486} 487 488/* 489 * Broadcast the PADI packet in m0 to all listening hooks. 490 * This routine is called when a PADI with empty Service-Name 491 * tag is received. Client should receive PADOs with all 492 * available services. 493 */ 494static int 495pppoe_broadcast_padi(node_p node, struct mbuf *m0) 496{ 497 priv_p privp = NG_NODE_PRIVATE(node); 498 hook_p hook; 499 int error = 0; 500 501 LIST_FOREACH(hook, &node->nd_hooks, hk_hooks) { 502 sessp sp = NG_HOOK_PRIVATE(hook); 503 struct mbuf *m; 504 505 /* 506 * Go through all listening hooks and 507 * broadcast the PADI packet up there 508 */ 509 if ((NG_HOOK_PRIVATE(hook) == &privp->debug_hook) || 510 (NG_HOOK_PRIVATE(hook) == &privp->ethernet_hook)) 511 continue; 512 513 if (sp->state != PPPOE_LISTENING) 514 continue; 515 516 m = m_dup(m0, M_DONTWAIT); 517 if (m == NULL) 518 return (ENOMEM); 519 NG_SEND_DATA_ONLY(error, hook, m); 520 if (error) 521 return (error); 522 } 523 524 return (0); 525} 526 527/* 528 * Find a hook, which name equals to given service. 529 */ 530static hook_p 531pppoe_find_svc(node_p node, const char *svc_name, int svc_len) 532{ 533 priv_p privp = NG_NODE_PRIVATE(node); 534 hook_p hook; 535 536 LIST_FOREACH(hook, &node->nd_hooks, hk_hooks) { 537 sessp sp = NG_HOOK_PRIVATE(hook); 538 negp neg; 539 540 /* Skip any hook that is debug or ethernet. */ 541 if ((NG_HOOK_PRIVATE(hook) == &privp->debug_hook) || 542 (NG_HOOK_PRIVATE(hook) == &privp->ethernet_hook)) 543 continue; 544 545 /* Skip any sessions which are not in LISTEN mode. */ 546 if (sp->state != PPPOE_LISTENING) 547 continue; 548 549 neg = sp->neg; 550 551 if (neg->service_len == svc_len && 552 strncmp(svc_name, neg->service.data, svc_len == 0)) 553 return (hook); 554 } 555 556 return (NULL); 557} 558 559/************************************************************************** 560 * Routine to find a particular session that matches an incoming packet. * 561 **************************************************************************/ 562static hook_p 563pppoe_findsession(node_p node, const struct pppoe_full_hdr *wh) 564{ 565 priv_p privp = NG_NODE_PRIVATE(node); 566 sessp sp = NULL; 567 hook_p hook = NULL; 568 uint16_t session = ntohs(wh->ph.sid); 569 570 /* 571 * Find matching peer/session combination. 572 */ 573 LIST_FOREACH(hook, &node->nd_hooks, hk_hooks) { 574 /* don't check special hooks */ 575 if ((NG_HOOK_PRIVATE(hook) == &privp->debug_hook) 576 || (NG_HOOK_PRIVATE(hook) == &privp->ethernet_hook)) { 577 continue; 578 } 579 sp = NG_HOOK_PRIVATE(hook); 580 if ( ( (sp->state == PPPOE_CONNECTED) 581 || (sp->state == PPPOE_NEWCONNECTED) ) 582 && (sp->Session_ID == session) 583 && (bcmp(sp->pkt_hdr.eh.ether_dhost, 584 wh->eh.ether_shost, 585 ETHER_ADDR_LEN)) == 0) { 586 break; 587 } 588 } 589 CTR3(KTR_NET, "%20s: matched %p for %d", __func__, hook, session); 590 591 return (hook); 592} 593 594static hook_p 595pppoe_finduniq(node_p node, const struct pppoe_tag *tag) 596{ 597 priv_p privp = NG_NODE_PRIVATE(node); 598 hook_p hook = NULL; 599 union uniq uniq; 600 601 bcopy(tag->tag_data, uniq.bytes, sizeof(void *)); 602 /* Cycle through all known hooks. */ 603 LIST_FOREACH(hook, &node->nd_hooks, hk_hooks) { 604 /* Don't check special hooks. */ 605 if ((NG_HOOK_PRIVATE(hook) == &privp->debug_hook) 606 || (NG_HOOK_PRIVATE(hook) == &privp->ethernet_hook)) 607 continue; 608 if (uniq.pointer == NG_HOOK_PRIVATE(hook)) 609 break; 610 } 611 CTR3(KTR_NET, "%20s: matched %p for %p", __func__, hook, uniq.pointer); 612 613 return (hook); 614} 615 616/************************************************************************** 617 * Start of Netgraph entrypoints. * 618 **************************************************************************/ 619 620/* 621 * Allocate the private data structure and link it with node. 622 */ 623static int 624ng_pppoe_constructor(node_p node) 625{ 626 priv_p privp; 627 628 /* Initialize private descriptor. */ 629 privp = malloc(sizeof(*privp), M_NETGRAPH_PPPOE, M_NOWAIT | M_ZERO); 630 if (privp == NULL) 631 return (ENOMEM); 632 633 /* Link structs together; this counts as our one reference to *node. */ 634 NG_NODE_SET_PRIVATE(node, privp); 635 privp->node = node; 636 637 /* Initialize to standard mode. */ 638 privp->eh = &eh_standard; 639 640 CTR3(KTR_NET, "%20s: created node [%x] (%p)", 641 __func__, node->nd_ID, node); 642 643 return (0); 644} 645 646/* 647 * Give our ok for a hook to be added... 648 * point the hook's private info to the hook structure. 649 * 650 * The following hook names are special: 651 * "ethernet": the hook that should be connected to a NIC. 652 * "debug": copies of data sent out here (when I write the code). 653 * All other hook names need only be unique. (the framework checks this). 654 */ 655static int 656ng_pppoe_newhook(node_p node, hook_p hook, const char *name) 657{ 658 const priv_p privp = NG_NODE_PRIVATE(node); 659 sessp sp; 660 661 if (strcmp(name, NG_PPPOE_HOOK_ETHERNET) == 0) { 662 privp->ethernet_hook = hook; 663 NG_HOOK_SET_PRIVATE(hook, &privp->ethernet_hook); 664 } else if (strcmp(name, NG_PPPOE_HOOK_DEBUG) == 0) { 665 privp->debug_hook = hook; 666 NG_HOOK_SET_PRIVATE(hook, &privp->debug_hook); 667 } else { 668 /* 669 * Any other unique name is OK. 670 * The infrastructure has already checked that it's unique, 671 * so just allocate it and hook it in. 672 */ 673 sp = malloc(sizeof(*sp), M_NETGRAPH_PPPOE, M_NOWAIT | M_ZERO); 674 if (sp == NULL) 675 return (ENOMEM); 676 677 NG_HOOK_SET_PRIVATE(hook, sp); 678 sp->hook = hook; 679 } 680 CTR5(KTR_NET, "%20s: node [%x] (%p) connected hook %s (%p)", 681 __func__, node->nd_ID, node, name, hook); 682 683 return(0); 684} 685 686/* 687 * Get a netgraph control message. 688 * Check it is one we understand. If needed, send a response. 689 * We sometimes save the address for an async action later. 690 * Always free the message. 691 */ 692static int 693ng_pppoe_rcvmsg(node_p node, item_p item, hook_p lasthook) 694{ 695 priv_p privp = NG_NODE_PRIVATE(node); 696 struct ngpppoe_init_data *ourmsg = NULL; 697 struct ng_mesg *resp = NULL; 698 int error = 0; 699 hook_p hook = NULL; 700 sessp sp = NULL; 701 negp neg = NULL; 702 struct ng_mesg *msg; 703 704 NGI_GET_MSG(item, msg); 705 CTR5(KTR_NET, "%20s: node [%x] (%p) got message %d with cookie %d", 706 __func__, node->nd_ID, node, msg->header.cmd, 707 msg->header.typecookie); 708 709 /* Deal with message according to cookie and command. */ 710 switch (msg->header.typecookie) { 711 case NGM_PPPOE_COOKIE: 712 switch (msg->header.cmd) { 713 case NGM_PPPOE_CONNECT: 714 case NGM_PPPOE_LISTEN: 715 case NGM_PPPOE_OFFER: 716 case NGM_PPPOE_SERVICE: 717 ourmsg = (struct ngpppoe_init_data *)msg->data; 718 if (msg->header.arglen < sizeof(*ourmsg)) { 719 log(LOG_ERR, "ng_pppoe[%x]: init data too " 720 "small\n", node->nd_ID); 721 LEAVE(EMSGSIZE); 722 } 723 if (msg->header.arglen - sizeof(*ourmsg) > 724 PPPOE_SERVICE_NAME_SIZE) { 725 log(LOG_ERR, "ng_pppoe[%x]: service name " 726 "too big\n", node->nd_ID); 727 LEAVE(EMSGSIZE); 728 } 729 if (msg->header.arglen - sizeof(*ourmsg) < 730 ourmsg->data_len) { 731 log(LOG_ERR, "ng_pppoe[%x]: init data has bad " 732 "length, %d should be %zd\n", node->nd_ID, 733 ourmsg->data_len, 734 msg->header.arglen - sizeof (*ourmsg)); 735 LEAVE(EMSGSIZE); 736 } 737 738 /* Make sure strcmp will terminate safely. */ 739 ourmsg->hook[sizeof(ourmsg->hook) - 1] = '\0'; 740 741 /* Cycle through all known hooks. */ 742 LIST_FOREACH(hook, &node->nd_hooks, hk_hooks) { 743 if (NG_HOOK_NAME(hook) && 744 strcmp(NG_HOOK_NAME(hook), ourmsg->hook) == 745 0) 746 break; 747 } 748 if (hook == NULL) 749 LEAVE(ENOENT); 750 751 if ((NG_HOOK_PRIVATE(hook) == &privp->debug_hook) || 752 (NG_HOOK_PRIVATE(hook) == &privp->ethernet_hook)) 753 LEAVE(EINVAL); 754 755 sp = NG_HOOK_PRIVATE(hook); 756 757 if (msg->header.cmd == NGM_PPPOE_LISTEN) { 758 /* 759 * Ensure we aren't already listening for this 760 * service. 761 */ 762 if (pppoe_find_svc(node, ourmsg->data, 763 ourmsg->data_len) != NULL) 764 LEAVE(EEXIST); 765 } 766 767 /* 768 * PPPOE_SERVICE advertisments are set up 769 * on sessions that are in PRIMED state. 770 */ 771 if (msg->header.cmd == NGM_PPPOE_SERVICE) 772 break; 773 774 if (sp->state != PPPOE_SNONE) { 775 log(LOG_NOTICE, "ng_pppoe[%x]: Session already " 776 "active\n", node->nd_ID); 777 LEAVE(EISCONN); 778 } 779 780 /* 781 * Set up prototype header. 782 */ 783 neg = malloc(sizeof(*neg), M_NETGRAPH_PPPOE, 784 M_NOWAIT | M_ZERO); 785 786 if (neg == NULL) 787 LEAVE(ENOMEM); 788 789 neg->m = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR); 790 if (neg->m == NULL) { 791 free(neg, M_NETGRAPH_PPPOE); 792 LEAVE(ENOBUFS); 793 } 794 neg->m->m_pkthdr.rcvif = NULL; 795 sp->neg = neg; 796 ng_callout_init(&neg->handle); 797 neg->m->m_len = sizeof(struct pppoe_full_hdr); 798 neg->pkt = mtod(neg->m, union packet*); 799 memcpy((void *)&neg->pkt->pkt_header.eh, 800 (const void *)privp->eh, 801 sizeof(struct ether_header)); 802 neg->pkt->pkt_header.ph.ver = 0x1; 803 neg->pkt->pkt_header.ph.type = 0x1; 804 neg->pkt->pkt_header.ph.sid = 0x0000; 805 neg->timeout = 0; 806 807 sp->creator = NGI_RETADDR(item); 808 } 809 switch (msg->header.cmd) { 810 case NGM_PPPOE_GET_STATUS: 811 { 812 struct ngpppoestat *stats; 813 814 NG_MKRESPONSE(resp, msg, sizeof(*stats), M_NOWAIT); 815 if (!resp) 816 LEAVE(ENOMEM); 817 818 stats = (struct ngpppoestat *) resp->data; 819 stats->packets_in = privp->packets_in; 820 stats->packets_out = privp->packets_out; 821 break; 822 } 823 case NGM_PPPOE_CONNECT: 824 /* 825 * Check the hook exists and is Uninitialised. 826 * Send a PADI request, and start the timeout logic. 827 * Store the originator of this message so we can send 828 * a success of fail message to them later. 829 * Move the session to SINIT. 830 * Set up the session to the correct state and 831 * start it. 832 */ 833 neg->service.hdr.tag_type = PTT_SRV_NAME; 834 neg->service.hdr.tag_len = 835 htons((uint16_t)ourmsg->data_len); 836 if (ourmsg->data_len) 837 bcopy(ourmsg->data, neg->service.data, 838 ourmsg->data_len); 839 neg->service_len = ourmsg->data_len; 840 pppoe_start(sp); 841 break; 842 case NGM_PPPOE_LISTEN: 843 /* 844 * Check the hook exists and is Uninitialised. 845 * Install the service matching string. 846 * Store the originator of this message so we can send 847 * a success of fail message to them later. 848 * Move the hook to 'LISTENING' 849 */ 850 neg->service.hdr.tag_type = PTT_SRV_NAME; 851 neg->service.hdr.tag_len = 852 htons((uint16_t)ourmsg->data_len); 853 854 if (ourmsg->data_len) 855 bcopy(ourmsg->data, neg->service.data, 856 ourmsg->data_len); 857 neg->service_len = ourmsg->data_len; 858 neg->pkt->pkt_header.ph.code = PADT_CODE; 859 /* 860 * Wait for PADI packet coming from Ethernet. 861 */ 862 sp->state = PPPOE_LISTENING; 863 break; 864 case NGM_PPPOE_OFFER: 865 /* 866 * Check the hook exists and is Uninitialised. 867 * Store the originator of this message so we can send 868 * a success of fail message to them later. 869 * Store the AC-Name given and go to PRIMED. 870 */ 871 neg->ac_name.hdr.tag_type = PTT_AC_NAME; 872 neg->ac_name.hdr.tag_len = 873 htons((uint16_t)ourmsg->data_len); 874 if (ourmsg->data_len) 875 bcopy(ourmsg->data, neg->ac_name.data, 876 ourmsg->data_len); 877 neg->ac_name_len = ourmsg->data_len; 878 neg->pkt->pkt_header.ph.code = PADO_CODE; 879 /* 880 * Wait for PADI packet coming from hook. 881 */ 882 sp->state = PPPOE_PRIMED; 883 break; 884 case NGM_PPPOE_SERVICE: 885 /* 886 * Check the session is primed. 887 * for now just allow ONE service to be advertised. 888 * If you do it twice you just overwrite. 889 */ 890 if (sp->state != PPPOE_PRIMED) { 891 log(LOG_NOTICE, "ng_pppoe[%x]: session not " 892 "primed\n", node->nd_ID); 893 LEAVE(EISCONN); 894 } 895 neg = sp->neg; 896 neg->service.hdr.tag_type = PTT_SRV_NAME; 897 neg->service.hdr.tag_len = 898 htons((uint16_t)ourmsg->data_len); 899 900 if (ourmsg->data_len) 901 bcopy(ourmsg->data, neg->service.data, 902 ourmsg->data_len); 903 neg->service_len = ourmsg->data_len; 904 break; 905 case NGM_PPPOE_SETMODE: 906 { 907 char *s; 908 size_t len; 909 910 if (msg->header.arglen == 0) 911 LEAVE(EINVAL); 912 913 s = (char *)msg->data; 914 len = msg->header.arglen - 1; 915 916 /* Search for matching mode string. */ 917 if (len == strlen(NG_PPPOE_STANDARD) && 918 (strncmp(NG_PPPOE_STANDARD, s, len) == 0)) { 919 privp->flags = 0; 920 privp->eh = &eh_standard; 921 break; 922 } 923 if (len == strlen(NG_PPPOE_3COM) && 924 (strncmp(NG_PPPOE_3COM, s, len) == 0)) { 925 privp->flags |= COMPAT_3COM; 926 privp->eh = &eh_3Com; 927 break; 928 } 929 if (len == strlen(NG_PPPOE_DLINK) && 930 (strncmp(NG_PPPOE_DLINK, s, len) == 0)) { 931 privp->flags |= COMPAT_DLINK; 932 break; 933 } 934 error = EINVAL; 935 break; 936 } 937 case NGM_PPPOE_GETMODE: 938 { 939 char *s; 940 size_t len = 0; 941 942 if (privp->flags == 0) 943 len += strlen(NG_PPPOE_STANDARD) + 1; 944 if (privp->flags & COMPAT_3COM) 945 len += strlen(NG_PPPOE_3COM) + 1; 946 if (privp->flags & COMPAT_DLINK) 947 len += strlen(NG_PPPOE_DLINK) + 1; 948 949 NG_MKRESPONSE(resp, msg, len, M_NOWAIT); 950 if (resp == NULL) 951 LEAVE(ENOMEM); 952 953 s = (char *)resp->data; 954 if (privp->flags == 0) { 955 len = strlen(NG_PPPOE_STANDARD); 956 strlcpy(s, NG_PPPOE_STANDARD, len + 1); 957 break; 958 } 959 if (privp->flags & COMPAT_3COM) { 960 len = strlen(NG_PPPOE_3COM); 961 strlcpy(s, NG_PPPOE_3COM, len + 1); 962 s += len; 963 } 964 if (privp->flags & COMPAT_DLINK) { 965 if (s != resp->data) 966 *s++ = '|'; 967 len = strlen(NG_PPPOE_DLINK); 968 strlcpy(s, NG_PPPOE_DLINK, len + 1); 969 } 970 break; 971 } 972 default: 973 LEAVE(EINVAL); 974 } 975 break; 976 default: 977 LEAVE(EINVAL); 978 } 979 980 /* Take care of synchronous response, if any. */ 981quit: 982 CTR2(KTR_NET, "%20s: returning %d", __func__, error); 983 NG_RESPOND_MSG(error, node, item, resp); 984 /* Free the message and return. */ 985 NG_FREE_MSG(msg); 986 return(error); 987} 988 989/* 990 * Start a client into the first state. A separate function because 991 * it can be needed if the negotiation times out. 992 */ 993static void 994pppoe_start(sessp sp) 995{ 996 priv_p privp = NG_NODE_PRIVATE(NG_PPPOE_SESSION_NODE(sp)); 997 struct { 998 struct pppoe_tag hdr; 999 union uniq data; 1000 } __packed uniqtag; 1001 1002 /* 1003 * Kick the state machine into starting up. 1004 */ 1005 CTR2(KTR_NET, "%20s: called %d", __func__, sp->Session_ID); 1006 sp->state = PPPOE_SINIT; 1007 /* 1008 * Reset the packet header to broadcast. Since we are 1009 * in a client 1010 * mode use configured ethertype. 1011 */ 1012 memcpy((void *)&sp->neg->pkt->pkt_header.eh, 1013 (const void *)privp->eh, sizeof(struct ether_header)); 1014 sp->neg->pkt->pkt_header.ph.code = PADI_CODE; 1015 uniqtag.hdr.tag_type = PTT_HOST_UNIQ; 1016 uniqtag.hdr.tag_len = htons((u_int16_t)sizeof(uniqtag.data)); 1017 uniqtag.data.pointer = sp; 1018 init_tags(sp); 1019 insert_tag(sp, &uniqtag.hdr); 1020 insert_tag(sp, &sp->neg->service.hdr); 1021 make_packet(sp); 1022 ng_pppoe_sendpacket(sp); 1023} 1024 1025static int 1026send_acname(sessp sp, const struct pppoe_tag *tag) 1027{ 1028 int error, tlen; 1029 struct ng_mesg *msg; 1030 struct ngpppoe_sts *sts; 1031 1032 CTR2(KTR_NET, "%20s: called %d", __func__, sp->Session_ID); 1033 1034 NG_MKMESSAGE(msg, NGM_PPPOE_COOKIE, NGM_PPPOE_ACNAME, 1035 sizeof(struct ngpppoe_sts), M_NOWAIT); 1036 if (msg == NULL) 1037 return (ENOMEM); 1038 1039 sts = (struct ngpppoe_sts *)msg->data; 1040 tlen = min(NG_HOOKSIZ - 1, ntohs(tag->tag_len)); 1041 strncpy(sts->hook, tag->tag_data, tlen); 1042 sts->hook[tlen] = '\0'; 1043 NG_SEND_MSG_ID(error, NG_HOOK_NODE(sp->hook), msg, sp->creator, 0); 1044 1045 return (error); 1046} 1047 1048static int 1049send_sessionid(sessp sp) 1050{ 1051 int error; 1052 struct ng_mesg *msg; 1053 1054 CTR2(KTR_NET, "%20s: called %d", __func__, sp->Session_ID); 1055 1056 NG_MKMESSAGE(msg, NGM_PPPOE_COOKIE, NGM_PPPOE_SESSIONID, 1057 sizeof(uint16_t), M_NOWAIT); 1058 if (msg == NULL) 1059 return (ENOMEM); 1060 1061 *(uint16_t *)msg->data = sp->Session_ID; 1062 NG_SEND_MSG_ID(error, NG_HOOK_NODE(sp->hook), msg, sp->creator, 0); 1063 1064 return (error); 1065} 1066 1067/* 1068 * Receive data, and do something with it. 1069 * The caller will never free m, so if we use up this data 1070 * or abort we must free it. 1071 */ 1072static int 1073ng_pppoe_rcvdata(hook_p hook, item_p item) 1074{ 1075 node_p node = NG_HOOK_NODE(hook); 1076 const priv_p privp = NG_NODE_PRIVATE(node); 1077 sessp sp = NG_HOOK_PRIVATE(hook); 1078 const struct pppoe_tag *utag = NULL, *tag = NULL; 1079 const struct pppoe_full_hdr *wh; 1080 const struct pppoe_hdr *ph; 1081 negp neg = NULL; 1082 struct mbuf *m; 1083 hook_p sendhook; 1084 int error = 0; 1085 uint16_t session; 1086 uint16_t length; 1087 uint8_t code; 1088 struct { 1089 struct pppoe_tag hdr; 1090 union uniq data; 1091 } __packed uniqtag; 1092 1093 CTR6(KTR_NET, "%20s: node [%x] (%p) received %p on \"%s\" (%p)", 1094 __func__, node->nd_ID, node, item, hook->hk_name, hook); 1095 1096 NGI_GET_M(item, m); 1097 if (NG_HOOK_PRIVATE(hook) == &privp->debug_hook) { 1098 /* 1099 * Data from the debug hook gets sent without modification 1100 * straight to the ethernet. 1101 */ 1102 NG_FWD_ITEM_HOOK( error, item, privp->ethernet_hook); 1103 privp->packets_out++; 1104 } else if (NG_HOOK_PRIVATE(hook) == &privp->ethernet_hook) { 1105 /* 1106 * Incoming data. 1107 * Dig out various fields from the packet. 1108 * Use them to decide where to send it. 1109 */ 1110 1111 privp->packets_in++; 1112 if( m->m_len < sizeof(*wh)) { 1113 m = m_pullup(m, sizeof(*wh)); /* Checks length */ 1114 if (m == NULL) { 1115 log(LOG_NOTICE, "ng_pppoe[%x]: couldn't " 1116 "m_pullup(wh)\n", node->nd_ID); 1117 LEAVE(ENOBUFS); 1118 } 1119 } 1120 wh = mtod(m, struct pppoe_full_hdr *); 1121 length = ntohs(wh->ph.length); 1122 switch(wh->eh.ether_type) { 1123 case ETHERTYPE_PPPOE_3COM_DISC: /* fall through */ 1124 case ETHERTYPE_PPPOE_DISC: 1125 /* 1126 * We need to try to make sure that the tag area 1127 * is contiguous, or we could wander off the end 1128 * of a buffer and make a mess. 1129 * (Linux wouldn't have this problem). 1130 */ 1131 if (m->m_pkthdr.len <= MHLEN) { 1132 if( m->m_len < m->m_pkthdr.len) { 1133 m = m_pullup(m, m->m_pkthdr.len); 1134 if (m == NULL) { 1135 log(LOG_NOTICE, "ng_pppoe[%x]: " 1136 "couldn't " 1137 "m_pullup(pkthdr)\n", 1138 node->nd_ID); 1139 LEAVE(ENOBUFS); 1140 } 1141 } 1142 } 1143 if (m->m_len != m->m_pkthdr.len) { 1144 /* 1145 * It's not all in one piece. 1146 * We need to do extra work. 1147 * Put it into a cluster. 1148 */ 1149 struct mbuf *n; 1150 n = m_dup(m, M_DONTWAIT); 1151 m_freem(m); 1152 m = n; 1153 if (m) { 1154 /* just check we got a cluster */ 1155 if (m->m_len != m->m_pkthdr.len) { 1156 m_freem(m); 1157 m = NULL; 1158 } 1159 } 1160 if (m == NULL) { 1161 log(LOG_NOTICE, "ng_pppoe[%x]: packet " 1162 "fragmented\n", node->nd_ID); 1163 LEAVE(EMSGSIZE); 1164 } 1165 } 1166 wh = mtod(m, struct pppoe_full_hdr *); 1167 length = ntohs(wh->ph.length); 1168 ph = &wh->ph; 1169 session = ntohs(wh->ph.sid); 1170 code = wh->ph.code; 1171 1172 switch(code) { 1173 case PADI_CODE: 1174 /* 1175 * We are a server: 1176 * Look for a hook with the required service 1177 * and send the ENTIRE packet up there. 1178 * It should come back to a new hook in 1179 * PRIMED state. Look there for further 1180 * processing. 1181 */ 1182 tag = get_tag(ph, PTT_SRV_NAME); 1183 if (tag == NULL) { 1184 CTR1(KTR_NET, 1185 "%20s: PADI w/o Service-Name", 1186 __func__); 1187 LEAVE(ENETUNREACH); 1188 } 1189 1190 /* 1191 * First, try to match Service-Name 1192 * against our listening hooks. If 1193 * no success and we are in D-Link 1194 * compat mode and Service-Name is 1195 * empty, then we broadcast the PADI 1196 * to all listening hooks. 1197 */ 1198 sendhook = pppoe_match_svc(node, tag); 1199 if (sendhook != NULL) 1200 NG_FWD_NEW_DATA(error, item, 1201 sendhook, m); 1202 else if (privp->flags & COMPAT_DLINK && 1203 ntohs(tag->tag_len) == 0) 1204 error = pppoe_broadcast_padi(node, m); 1205 else 1206 error = ENETUNREACH; 1207 break; 1208 case PADO_CODE: 1209 /* 1210 * We are a client: 1211 * Use the host_uniq tag to find the 1212 * hook this is in response to. 1213 * Received #2, now send #3 1214 * For now simply accept the first we receive. 1215 */ 1216 utag = get_tag(ph, PTT_HOST_UNIQ); 1217 if ((utag == NULL) 1218 || (ntohs(utag->tag_len) != sizeof(sp))) { 1219 log(LOG_NOTICE, "ng_pppoe[%x]: no host " 1220 "unique field\n", node->nd_ID); 1221 LEAVE(ENETUNREACH); 1222 } 1223 1224 sendhook = pppoe_finduniq(node, utag); 1225 if (sendhook == NULL) { 1226 log(LOG_NOTICE, "ng_pppoe[%x]: no " 1227 "matching session\n", node->nd_ID); 1228 LEAVE(ENETUNREACH); 1229 } 1230 1231 /* 1232 * Check the session is in the right state. 1233 * It needs to be in PPPOE_SINIT. 1234 */ 1235 sp = NG_HOOK_PRIVATE(sendhook); 1236 if (sp->state != PPPOE_SINIT) { 1237 log(LOG_NOTICE, "ng_pppoe[%x]: session " 1238 "in wrong state\n", node->nd_ID); 1239 LEAVE(ENETUNREACH); 1240 } 1241 neg = sp->neg; 1242 ng_uncallout(&neg->handle, node); 1243 1244 /* 1245 * This is the first time we hear 1246 * from the server, so note it's 1247 * unicast address, replacing the 1248 * broadcast address . 1249 */ 1250 bcopy(wh->eh.ether_shost, 1251 neg->pkt->pkt_header.eh.ether_dhost, 1252 ETHER_ADDR_LEN); 1253 neg->timeout = 0; 1254 neg->pkt->pkt_header.ph.code = PADR_CODE; 1255 init_tags(sp); 1256 insert_tag(sp, utag); /* Host Unique */ 1257 if ((tag = get_tag(ph, PTT_AC_COOKIE))) 1258 insert_tag(sp, tag); /* return cookie */ 1259 if ((tag = get_tag(ph, PTT_AC_NAME))) { 1260 insert_tag(sp, tag); /* return it */ 1261 send_acname(sp, tag); 1262 } 1263 insert_tag(sp, &neg->service.hdr); /* Service */ 1264 scan_tags(sp, ph); 1265 make_packet(sp); 1266 sp->state = PPPOE_SREQ; 1267 ng_pppoe_sendpacket(sp); 1268 break; 1269 case PADR_CODE: 1270 1271 /* 1272 * We are a server: 1273 * Use the ac_cookie tag to find the 1274 * hook this is in response to. 1275 */ 1276 utag = get_tag(ph, PTT_AC_COOKIE); 1277 if ((utag == NULL) 1278 || (ntohs(utag->tag_len) != sizeof(sp))) { 1279 LEAVE(ENETUNREACH); 1280 } 1281 1282 sendhook = pppoe_finduniq(node, utag); 1283 if (sendhook == NULL) { 1284 LEAVE(ENETUNREACH); 1285 } 1286 1287 /* 1288 * Check the session is in the right state. 1289 * It needs to be in PPPOE_SOFFER 1290 * or PPPOE_NEWCONNECTED. If the latter, 1291 * then this is a retry by the client. 1292 * so be nice, and resend. 1293 */ 1294 sp = NG_HOOK_PRIVATE(sendhook); 1295 if (sp->state == PPPOE_NEWCONNECTED) { 1296 /* 1297 * Whoa! drop back to resend that 1298 * PADS packet. 1299 * We should still have a copy of it. 1300 */ 1301 sp->state = PPPOE_SOFFER; 1302 } 1303 if (sp->state != PPPOE_SOFFER) { 1304 LEAVE (ENETUNREACH); 1305 break; 1306 } 1307 neg = sp->neg; 1308 ng_uncallout(&neg->handle, node); 1309 neg->pkt->pkt_header.ph.code = PADS_CODE; 1310 if (sp->Session_ID == 0) 1311 neg->pkt->pkt_header.ph.sid = 1312 htons(sp->Session_ID 1313 = get_new_sid(node)); 1314 send_sessionid(sp); 1315 neg->timeout = 0; 1316 /* 1317 * start working out the tags to respond with. 1318 */ 1319 init_tags(sp); 1320 insert_tag(sp, &neg->ac_name.hdr); /* AC_NAME */ 1321 if ((tag = get_tag(ph, PTT_SRV_NAME))) 1322 insert_tag(sp, tag);/* return service */ 1323 if ((tag = get_tag(ph, PTT_HOST_UNIQ))) 1324 insert_tag(sp, tag); /* return it */ 1325 insert_tag(sp, utag); /* ac_cookie */ 1326 scan_tags(sp, ph); 1327 make_packet(sp); 1328 sp->state = PPPOE_NEWCONNECTED; 1329 ng_pppoe_sendpacket(sp); 1330 /* 1331 * Having sent the last Negotiation header, 1332 * Set up the stored packet header to 1333 * be correct for the actual session. 1334 * But keep the negotialtion stuff 1335 * around in case we need to resend this last 1336 * packet. We'll discard it when we move 1337 * from NEWCONNECTED to CONNECTED 1338 */ 1339 sp->pkt_hdr = neg->pkt->pkt_header; 1340 /* Configure ethertype depending on what 1341 * ethertype was used at discovery phase */ 1342 if (sp->pkt_hdr.eh.ether_type == 1343 ETHERTYPE_PPPOE_3COM_DISC) 1344 sp->pkt_hdr.eh.ether_type 1345 = ETHERTYPE_PPPOE_3COM_SESS; 1346 else 1347 sp->pkt_hdr.eh.ether_type 1348 = ETHERTYPE_PPPOE_SESS; 1349 sp->pkt_hdr.ph.code = 0; 1350 pppoe_send_event(sp, NGM_PPPOE_SUCCESS); 1351 break; 1352 case PADS_CODE: 1353 /* 1354 * We are a client: 1355 * Use the host_uniq tag to find the 1356 * hook this is in response to. 1357 * take the session ID and store it away. 1358 * Also make sure the pre-made header is 1359 * correct and set us into Session mode. 1360 */ 1361 utag = get_tag(ph, PTT_HOST_UNIQ); 1362 if ((utag == NULL) 1363 || (ntohs(utag->tag_len) != sizeof(sp))) { 1364 LEAVE (ENETUNREACH); 1365 break; 1366 } 1367 sendhook = pppoe_finduniq(node, utag); 1368 if (sendhook == NULL) { 1369 LEAVE(ENETUNREACH); 1370 } 1371 1372 /* 1373 * Check the session is in the right state. 1374 * It needs to be in PPPOE_SREQ. 1375 */ 1376 sp = NG_HOOK_PRIVATE(sendhook); 1377 if (sp->state != PPPOE_SREQ) { 1378 LEAVE(ENETUNREACH); 1379 } 1380 neg = sp->neg; 1381 ng_uncallout(&neg->handle, node); 1382 neg->pkt->pkt_header.ph.sid = wh->ph.sid; 1383 sp->Session_ID = ntohs(wh->ph.sid); 1384 send_sessionid(sp); 1385 neg->timeout = 0; 1386 sp->state = PPPOE_CONNECTED; 1387 /* 1388 * Now we have gone to Connected mode, 1389 * Free all resources needed for 1390 * negotiation. 1391 * Keep a copy of the header we will be using. 1392 */ 1393 sp->pkt_hdr = neg->pkt->pkt_header; 1394 if (privp->flags & COMPAT_3COM) 1395 sp->pkt_hdr.eh.ether_type 1396 = ETHERTYPE_PPPOE_3COM_SESS; 1397 else 1398 sp->pkt_hdr.eh.ether_type 1399 = ETHERTYPE_PPPOE_SESS; 1400 sp->pkt_hdr.ph.code = 0; 1401 m_freem(neg->m); 1402 free(sp->neg, M_NETGRAPH_PPPOE); 1403 sp->neg = NULL; 1404 pppoe_send_event(sp, NGM_PPPOE_SUCCESS); 1405 break; 1406 case PADT_CODE: 1407 /* 1408 * Send a 'close' message to the controlling 1409 * process (the one that set us up); 1410 * And then tear everything down. 1411 * 1412 * Find matching peer/session combination. 1413 */ 1414 sendhook = pppoe_findsession(node, wh); 1415 if (sendhook == NULL) { 1416 LEAVE(ENETUNREACH); 1417 } 1418 /* send message to creator */ 1419 /* close hook */ 1420 if (sendhook) { 1421 ng_rmhook_self(sendhook); 1422 } 1423 break; 1424 default: 1425 LEAVE(EPFNOSUPPORT); 1426 } 1427 break; 1428 case ETHERTYPE_PPPOE_3COM_SESS: 1429 case ETHERTYPE_PPPOE_SESS: 1430 /* 1431 * Find matching peer/session combination. 1432 */ 1433 sendhook = pppoe_findsession(node, wh); 1434 if (sendhook == NULL) { 1435 LEAVE (ENETUNREACH); 1436 break; 1437 } 1438 sp = NG_HOOK_PRIVATE(sendhook); 1439 m_adj(m, sizeof(*wh)); 1440 if (m->m_pkthdr.len < length) { 1441 /* Packet too short, dump it */ 1442 LEAVE(EMSGSIZE); 1443 } 1444 1445 /* Also need to trim excess at the end */ 1446 if (m->m_pkthdr.len > length) { 1447 m_adj(m, -((int)(m->m_pkthdr.len - length))); 1448 } 1449 if ( sp->state != PPPOE_CONNECTED) { 1450 if (sp->state == PPPOE_NEWCONNECTED) { 1451 sp->state = PPPOE_CONNECTED; 1452 /* 1453 * Now we have gone to Connected mode, 1454 * Free all resources needed for 1455 * negotiation. Be paranoid about 1456 * whether there may be a timeout. 1457 */ 1458 m_freem(sp->neg->m); 1459 ng_uncallout(&sp->neg->handle, node); 1460 free(sp->neg, M_NETGRAPH_PPPOE); 1461 sp->neg = NULL; 1462 } else { 1463 LEAVE (ENETUNREACH); 1464 break; 1465 } 1466 } 1467 NG_FWD_NEW_DATA( error, item, sendhook, m); 1468 break; 1469 default: 1470 LEAVE(EPFNOSUPPORT); 1471 } 1472 } else { 1473 /* 1474 * Not ethernet or debug hook.. 1475 * 1476 * The packet has come in on a normal hook. 1477 * We need to find out what kind of hook, 1478 * So we can decide how to handle it. 1479 * Check the hook's state. 1480 */ 1481 sp = NG_HOOK_PRIVATE(hook); 1482 switch (sp->state) { 1483 case PPPOE_NEWCONNECTED: 1484 case PPPOE_CONNECTED: { 1485 static const u_char addrctrl[] = { 0xff, 0x03 }; 1486 struct pppoe_full_hdr *wh; 1487 1488 /* 1489 * Remove PPP address and control fields, if any. 1490 * For example, ng_ppp(4) always sends LCP packets 1491 * with address and control fields as required by 1492 * generic PPP. PPPoE is an exception to the rule. 1493 */ 1494 if (m->m_pkthdr.len >= 2) { 1495 if (m->m_len < 2 && !(m = m_pullup(m, 2))) 1496 LEAVE(ENOBUFS); 1497 if (bcmp(mtod(m, u_char *), addrctrl, 2) == 0) 1498 m_adj(m, 2); 1499 } 1500 /* 1501 * Bang in a pre-made header, and set the length up 1502 * to be correct. Then send it to the ethernet driver. 1503 * But first correct the length. 1504 */ 1505 sp->pkt_hdr.ph.length = htons((short)(m->m_pkthdr.len)); 1506 M_PREPEND(m, sizeof(*wh), M_DONTWAIT); 1507 if (m == NULL) 1508 LEAVE(ENOBUFS); 1509 1510 wh = mtod(m, struct pppoe_full_hdr *); 1511 bcopy(&sp->pkt_hdr, wh, sizeof(*wh)); 1512 NG_FWD_NEW_DATA( error, item, privp->ethernet_hook, m); 1513 privp->packets_out++; 1514 break; 1515 } 1516 case PPPOE_PRIMED: 1517 /* 1518 * A PADI packet is being returned by the application 1519 * that has set up this hook. This indicates that it 1520 * wants us to offer service. 1521 */ 1522 neg = sp->neg; 1523 if (m->m_len < sizeof(*wh)) { 1524 m = m_pullup(m, sizeof(*wh)); 1525 if (m == NULL) 1526 LEAVE(ENOBUFS); 1527 } 1528 wh = mtod(m, struct pppoe_full_hdr *); 1529 ph = &wh->ph; 1530 session = ntohs(wh->ph.sid); 1531 length = ntohs(wh->ph.length); 1532 code = wh->ph.code; 1533 /* Use peers mode in session. */ 1534 neg->pkt->pkt_header.eh.ether_type = wh->eh.ether_type; 1535 if (code != PADI_CODE) 1536 LEAVE(EINVAL); 1537 ng_uncallout(&neg->handle, node); 1538 1539 /* 1540 * This is the first time we hear 1541 * from the client, so note it's 1542 * unicast address, replacing the 1543 * broadcast address. 1544 */ 1545 bcopy(wh->eh.ether_shost, 1546 neg->pkt->pkt_header.eh.ether_dhost, 1547 ETHER_ADDR_LEN); 1548 sp->state = PPPOE_SOFFER; 1549 neg->timeout = 0; 1550 neg->pkt->pkt_header.ph.code = PADO_CODE; 1551 1552 /* 1553 * Start working out the tags to respond with. 1554 */ 1555 uniqtag.hdr.tag_type = PTT_AC_COOKIE; 1556 uniqtag.hdr.tag_len = htons((u_int16_t)sizeof(sp)); 1557 uniqtag.data.pointer = sp; 1558 init_tags(sp); 1559 insert_tag(sp, &neg->ac_name.hdr); /* AC_NAME */ 1560 if ((tag = get_tag(ph, PTT_SRV_NAME))) 1561 insert_tag(sp, tag); /* return service */ 1562 /* 1563 * If we have a NULL service request 1564 * and have an extra service defined in this hook, 1565 * then also add a tag for the extra service. 1566 * XXX this is a hack. eventually we should be able 1567 * to support advertising many services, not just one 1568 */ 1569 if (((tag == NULL) || (tag->tag_len == 0)) && 1570 (neg->service.hdr.tag_len != 0)) { 1571 insert_tag(sp, &neg->service.hdr); /* SERVICE */ 1572 } 1573 if ((tag = get_tag(ph, PTT_HOST_UNIQ))) 1574 insert_tag(sp, tag); /* returned hostunique */ 1575 insert_tag(sp, &uniqtag.hdr); 1576 scan_tags(sp, ph); 1577 make_packet(sp); 1578 ng_pppoe_sendpacket(sp); 1579 break; 1580 1581 /* 1582 * Packets coming from the hook make no sense 1583 * to sessions in these states. Throw them away. 1584 */ 1585 case PPPOE_SINIT: 1586 case PPPOE_SREQ: 1587 case PPPOE_SOFFER: 1588 case PPPOE_SNONE: 1589 case PPPOE_LISTENING: 1590 case PPPOE_DEAD: 1591 default: 1592 LEAVE(ENETUNREACH); 1593 } 1594 } 1595quit: 1596 if (item) 1597 NG_FREE_ITEM(item); 1598 NG_FREE_M(m); 1599 return error; 1600} 1601 1602/* 1603 * Do local shutdown processing.. 1604 * If we are a persistant device, we might refuse to go away, and 1605 * we'd only remove our links and reset ourself. 1606 */ 1607static int 1608ng_pppoe_shutdown(node_p node) 1609{ 1610 const priv_p privdata = NG_NODE_PRIVATE(node); 1611 1612 NG_NODE_SET_PRIVATE(node, NULL); 1613 NG_NODE_UNREF(privdata->node); 1614 free(privdata, M_NETGRAPH_PPPOE); 1615 return (0); 1616} 1617 1618/* 1619 * Hook disconnection 1620 * 1621 * Clean up all dangling links and information about the session/hook. 1622 * For this type, removal of the last link destroys the node. 1623 */ 1624static int 1625ng_pppoe_disconnect(hook_p hook) 1626{ 1627 node_p node = NG_HOOK_NODE(hook); 1628 priv_p privp = NG_NODE_PRIVATE(node); 1629 sessp sp; 1630 int hooks; 1631 1632 hooks = NG_NODE_NUMHOOKS(node); /* This one already not counted. */ 1633 if (NG_HOOK_PRIVATE(hook) == &privp->debug_hook) { 1634 privp->debug_hook = NULL; 1635 } else if (NG_HOOK_PRIVATE(hook) == &privp->ethernet_hook) { 1636 privp->ethernet_hook = NULL; 1637 if (NG_NODE_IS_VALID(node)) 1638 ng_rmnode_self(node); 1639 } else { 1640 sp = NG_HOOK_PRIVATE(hook); 1641 if (sp->state != PPPOE_SNONE ) { 1642 pppoe_send_event(sp, NGM_PPPOE_CLOSE); 1643 } 1644 /* 1645 * According to the spec, if we are connected, 1646 * we should send a DISC packet if we are shutting down 1647 * a session. 1648 */ 1649 if ((privp->ethernet_hook) 1650 && ((sp->state == PPPOE_CONNECTED) 1651 || (sp->state == PPPOE_NEWCONNECTED))) { 1652 struct mbuf *m; 1653 struct pppoe_full_hdr *wh; 1654 struct pppoe_tag *tag; 1655 int msglen = strlen(SIGNOFF); 1656 int error = 0; 1657 1658 /* Revert the stored header to DISC/PADT mode. */ 1659 wh = &sp->pkt_hdr; 1660 wh->ph.code = PADT_CODE; 1661 /* 1662 * Configure ethertype depending on what was used 1663 * during sessions stage. 1664 */ 1665 if (sp->pkt_hdr.eh.ether_type == 1666 ETHERTYPE_PPPOE_3COM_SESS) 1667 wh->eh.ether_type = ETHERTYPE_PPPOE_3COM_DISC; 1668 else 1669 wh->eh.ether_type = ETHERTYPE_PPPOE_DISC; 1670 1671 /* Generate a packet of that type. */ 1672 MGETHDR(m, M_DONTWAIT, MT_DATA); 1673 if (m == NULL) 1674 log(LOG_NOTICE, "ng_pppoe[%x]: session out of " 1675 "mbufs\n", node->nd_ID); 1676 else { 1677 m->m_pkthdr.rcvif = NULL; 1678 m->m_pkthdr.len = m->m_len = sizeof(*wh); 1679 bcopy((caddr_t)wh, mtod(m, caddr_t), 1680 sizeof(*wh)); 1681 /* 1682 * Add a General error message and adjust 1683 * sizes. 1684 */ 1685 wh = mtod(m, struct pppoe_full_hdr *); 1686 tag = wh->ph.tag; 1687 tag->tag_type = PTT_GEN_ERR; 1688 tag->tag_len = htons((u_int16_t)msglen); 1689 strncpy(tag->tag_data, SIGNOFF, msglen); 1690 m->m_pkthdr.len = (m->m_len += sizeof(*tag) + 1691 msglen); 1692 wh->ph.length = htons(sizeof(*tag) + msglen); 1693 NG_SEND_DATA_ONLY(error, 1694 privp->ethernet_hook, m); 1695 } 1696 } 1697 /* 1698 * As long as we have somewhere to store the timeout handle, 1699 * we may have a timeout pending.. get rid of it. 1700 */ 1701 if (sp->neg) { 1702 ng_uncallout(&sp->neg->handle, node); 1703 if (sp->neg->m) 1704 m_freem(sp->neg->m); 1705 free(sp->neg, M_NETGRAPH_PPPOE); 1706 } 1707 free(sp, M_NETGRAPH_PPPOE); 1708 NG_HOOK_SET_PRIVATE(hook, NULL); 1709 1710 /* 1711 * Work out how many session hooks there are. 1712 * Node goes away on last session hook removal. 1713 */ 1714 if (privp->ethernet_hook) 1715 hooks -= 1; 1716 if (privp->debug_hook) 1717 hooks -= 1; 1718 } 1719 if ((NG_NODE_NUMHOOKS(node) == 0) && 1720 (NG_NODE_IS_VALID(node))) 1721 ng_rmnode_self(node); 1722 return (0); 1723} 1724 1725/* 1726 * Timeouts come here. 1727 */ 1728static void 1729pppoe_ticker(node_p node, hook_p hook, void *arg1, int arg2) 1730{ 1731 priv_p privp = NG_NODE_PRIVATE(NG_HOOK_NODE(hook)); 1732 sessp sp = NG_HOOK_PRIVATE(hook); 1733 negp neg = sp->neg; 1734 struct mbuf *m0 = NULL; 1735 int error = 0; 1736 1737 CTR6(KTR_NET, "%20s: node [%x] (%p) hook \"%s\" (%p) session %d", 1738 __func__, node->nd_ID, node, hook->hk_name, hook, sp->Session_ID); 1739 switch(sp->state) { 1740 /* 1741 * Resend the last packet, using an exponential backoff. 1742 * After a period of time, stop growing the backoff, 1743 * And either leave it, or revert to the start. 1744 */ 1745 case PPPOE_SINIT: 1746 case PPPOE_SREQ: 1747 /* Timeouts on these produce resends. */ 1748 m0 = m_copypacket(sp->neg->m, M_DONTWAIT); 1749 NG_SEND_DATA_ONLY( error, privp->ethernet_hook, m0); 1750 ng_callout(&neg->handle, node, hook, neg->timeout * hz, 1751 pppoe_ticker, NULL, 0); 1752 if ((neg->timeout <<= 1) > PPPOE_TIMEOUT_LIMIT) { 1753 if (sp->state == PPPOE_SREQ) { 1754 /* Revert to SINIT mode. */ 1755 pppoe_start(sp); 1756 } else { 1757 neg->timeout = PPPOE_TIMEOUT_LIMIT; 1758 } 1759 } 1760 break; 1761 case PPPOE_PRIMED: 1762 case PPPOE_SOFFER: 1763 /* A timeout on these says "give up" */ 1764 ng_rmhook_self(hook); 1765 break; 1766 default: 1767 /* Timeouts have no meaning in other states. */ 1768 log(LOG_NOTICE, "ng_pppoe[%x]: unexpected timeout\n", 1769 node->nd_ID); 1770 } 1771} 1772 1773 1774static void 1775ng_pppoe_sendpacket(sessp sp) 1776{ 1777 struct mbuf *m0 = NULL; 1778 hook_p hook = sp->hook; 1779 node_p node = NG_HOOK_NODE(hook); 1780 priv_p privp = NG_NODE_PRIVATE(node); 1781 negp neg = sp->neg; 1782 int error = 0; 1783 1784 CTR2(KTR_NET, "%20s: called %d", __func__, sp->Session_ID); 1785 switch(sp->state) { 1786 case PPPOE_LISTENING: 1787 case PPPOE_DEAD: 1788 case PPPOE_SNONE: 1789 case PPPOE_CONNECTED: 1790 log(LOG_NOTICE, "%s: unexpected state %d\n", 1791 __func__, sp->state); 1792 break; 1793 1794 case PPPOE_NEWCONNECTED: 1795 /* Send the PADS without a timeout - we're now connected. */ 1796 m0 = m_copypacket(sp->neg->m, M_DONTWAIT); 1797 NG_SEND_DATA_ONLY( error, privp->ethernet_hook, m0); 1798 break; 1799 1800 case PPPOE_PRIMED: 1801 /* No packet to send, but set up the timeout. */ 1802 ng_callout(&neg->handle, node, hook, PPPOE_OFFER_TIMEOUT * hz, 1803 pppoe_ticker, NULL, 0); 1804 break; 1805 1806 case PPPOE_SOFFER: 1807 /* 1808 * Send the offer but if they don't respond 1809 * in PPPOE_OFFER_TIMEOUT seconds, forget about it. 1810 */ 1811 m0 = m_copypacket(sp->neg->m, M_DONTWAIT); 1812 NG_SEND_DATA_ONLY( error, privp->ethernet_hook, m0); 1813 ng_callout(&neg->handle, node, hook, PPPOE_OFFER_TIMEOUT * hz, 1814 pppoe_ticker, NULL, 0); 1815 break; 1816 1817 case PPPOE_SINIT: 1818 case PPPOE_SREQ: 1819 m0 = m_copypacket(sp->neg->m, M_DONTWAIT); 1820 NG_SEND_DATA_ONLY( error, privp->ethernet_hook, m0); 1821 ng_callout(&neg->handle, node, hook, PPPOE_INITIAL_TIMEOUT * hz, 1822 pppoe_ticker, NULL, 0); 1823 neg->timeout = PPPOE_INITIAL_TIMEOUT * 2; 1824 break; 1825 1826 default: 1827 error = EINVAL; 1828 log(LOG_NOTICE, "%s: bad state %d\n", __func__, sp->state); 1829 } 1830} 1831 1832/* 1833 * Parse an incoming packet to see if any tags should be copied to the 1834 * output packet. Don't do any tags that have been handled in the main 1835 * state machine. 1836 */ 1837static const struct pppoe_tag* 1838scan_tags(sessp sp, const struct pppoe_hdr* ph) 1839{ 1840 const char *const end = (const char *)next_tag(ph); 1841 const char *ptn; 1842 const struct pppoe_tag *pt = &ph->tag[0]; 1843 1844 /* 1845 * Keep processing tags while a tag header will still fit. 1846 */ 1847 CTR2(KTR_NET, "%20s: called %d", __func__, sp->Session_ID); 1848 1849 while((const char*)(pt + 1) <= end) { 1850 /* 1851 * If the tag data would go past the end of the packet, abort. 1852 */ 1853 ptn = (((const char *)(pt + 1)) + ntohs(pt->tag_len)); 1854 if(ptn > end) 1855 return NULL; 1856 1857 switch (pt->tag_type) { 1858 case PTT_RELAY_SID: 1859 insert_tag(sp, pt); 1860 break; 1861 case PTT_EOL: 1862 return NULL; 1863 case PTT_SRV_NAME: 1864 case PTT_AC_NAME: 1865 case PTT_HOST_UNIQ: 1866 case PTT_AC_COOKIE: 1867 case PTT_VENDOR: 1868 case PTT_SRV_ERR: 1869 case PTT_SYS_ERR: 1870 case PTT_GEN_ERR: 1871 break; 1872 } 1873 pt = (const struct pppoe_tag*)ptn; 1874 } 1875 return NULL; 1876} 1877 1878static int 1879pppoe_send_event(sessp sp, enum cmd cmdid) 1880{ 1881 int error; 1882 struct ng_mesg *msg; 1883 struct ngpppoe_sts *sts; 1884 1885 CTR2(KTR_NET, "%20s: called %d", __func__, sp->Session_ID); 1886 1887 NG_MKMESSAGE(msg, NGM_PPPOE_COOKIE, cmdid, 1888 sizeof(struct ngpppoe_sts), M_NOWAIT); 1889 if (msg == NULL) 1890 return (ENOMEM); 1891 sts = (struct ngpppoe_sts *)msg->data; 1892 strncpy(sts->hook, NG_HOOK_NAME(sp->hook), NG_HOOKSIZ); 1893 NG_SEND_MSG_ID(error, NG_HOOK_NODE(sp->hook), msg, sp->creator, 0); 1894 return (error); 1895} 1896