root/net/if_pppoe.c

DEFINITIONS

1. pppoeattach
2. pppoe_clone_create
3. pppoe_clone_destroy
4. pppoe_find_softc_by_session
5. pppoe_find_softc_by_hunique
6. pppoeintr
7. pppoe_dispatch_disc_pkt
8. pppoe_disc_input
9. pppoe_data_input
10. pppoe_output
11. pppoe_ioctl
12. pppoe_get_mbuf
13. pppoe_send_padi
14. pppoe_timeout
15. pppoe_connect
16. pppoe_disconnect
17. pppoe_abort_connect
18. pppoe_send_padr
19. pppoe_send_padt
20. pppoe_send_pado
21. pppoe_send_pads
22. pppoe_tls
23. pppoe_tlf
24. pppoe_start

    1 /* $OpenBSD: if_pppoe.c,v 1.12 2007/05/28 06:31:01 mcbride Exp $ */
    2 /* $NetBSD: if_pppoe.c,v 1.51 2003/11/28 08:56:48 keihan Exp $ */
    4 /*
    5  * Copyright (c) 2002 The NetBSD Foundation, Inc.
    6  * All rights reserved.
    7  *
    8  * This code is derived from software contributed to The NetBSD Foundation
    9  * by Martin Husemann <martin@NetBSD.org>.
   10  *
   11  * Redistribution and use in source and binary forms, with or without
   12  * modification, are permitted provided that the following conditions
   13  * are met:
   14  * 1. Redistributions of source code must retain the above copyright
   15  *    notice, this list of conditions and the following disclaimer.
   16  * 2. Redistributions in binary form must reproduce the above copyright
   17  *    notice, this list of conditions and the following disclaimer in the
   18  *    documentation and/or other materials provided with the distribution.
   19  * 3. All advertising materials mentioning features or use of this software
   20  *    must display the following acknowledgement:
   21  *        This product includes software developed by the NetBSD
   22  *        Foundation, Inc. and its contributors.
   23  * 4. Neither the name of The NetBSD Foundation nor the names of its
   24  *    contributors may be used to endorse or promote products derived
   25  *    from this software without specific prior written permission.
   26  *
   27  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
   28  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
   29  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
   30  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
   31  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
   32  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
   33  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
   34  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
   35  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
   36  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
   37  * POSSIBILITY OF SUCH DAMAGE.
   38  */
   40 #include <sys/cdefs.h>
   41 /*
   42 __KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.51 2003/11/28 08:56:48 keihan Exp $");
   43 */
   45 #include "pppoe.h"
   46 #include "bpfilter.h"
   48 #include <sys/param.h>
   49 #include <sys/systm.h>
   50 #include <sys/kernel.h>
   51 #include <sys/types.h>
   52 #include <sys/timeout.h>
   53 #include <sys/malloc.h>
   54 #include <sys/mbuf.h>
   55 #include <sys/socket.h>
   56 #include <sys/syslog.h>
   57 #include <sys/proc.h>
   58 #include <sys/ioctl.h>
   59 #include <net/if.h>
   60 #include <net/if_types.h>
   61 #include <net/if_sppp.h>
   62 #include <net/if_pppoe.h>
   63 #include <net/netisr.h>
   64 #include <netinet/in.h>
   65 #include <netinet/if_ether.h>
   67 /* for arc4random() */
   68 #include <dev/rndvar.h>
   70 #if NBPFILTER > 0
   71 #include <net/bpf.h>
   72 #endif
   74 #undef PPPOE_DEBUG      /* XXX - remove this or make it an option */
   76 #define PPPOEDEBUG(a)   ((sc->sc_sppp.pp_if.if_flags & IFF_DEBUG) ? printf a : 0)
   78 struct pppoehdr {
u_int8_t vertype;
u_int8_t code;
u_int16_t session;
u_int16_t plen;
   83 } __packed;
   85 struct pppoetag {
u_int16_t tag;
u_int16_t len;
   88 } __packed;
   90 #define PPPOE_HEADERLEN         sizeof(struct pppoehdr)
   91 #define PPPOE_VERTYPE           0x11            /* VER=1, TYPE = 1 */
   93 #define PPPOE_TAG_EOL           0x0000          /* end of list */
   94 #define PPPOE_TAG_SNAME         0x0101          /* service name */
   95 #define PPPOE_TAG_ACNAME        0x0102          /* access concentrator name */
   96 #define PPPOE_TAG_HUNIQUE       0x0103          /* host unique */
   97 #define PPPOE_TAG_ACCOOKIE      0x0104          /* AC cookie */
   98 #define PPPOE_TAG_VENDOR        0x0105          /* vendor specific */
   99 #define PPPOE_TAG_RELAYSID      0x0110          /* relay session id */
  100 #define PPPOE_TAG_SNAME_ERR     0x0201          /* service name error */
  101 #define PPPOE_TAG_ACSYS_ERR     0x0202          /* AC system error */
  102 #define PPPOE_TAG_GENERIC_ERR   0x0203          /* gerneric error */
  104 #define PPPOE_CODE_PADI         0x09            /* Active Discovery Initiation */
  105 #define PPPOE_CODE_PADO         0x07            /* Active Discovery Offer */
  106 #define PPPOE_CODE_PADR         0x19            /* Active Discovery Request */
  107 #define PPPOE_CODE_PADS         0x65            /* Active Discovery Session confirmation */
  108 #define PPPOE_CODE_PADT         0xA7            /* Active Discovery Terminate */
  110 /* two byte PPP protocol discriminator, then IP data */
  111 #define PPPOE_MAXMTU    (ETHERMTU - PPPOE_HEADERLEN - 2)
  113 /* Add a 16 bit unsigned value to a buffer pointed to by PTR */
  114 #define PPPOE_ADD_16(PTR, VAL)                  \
  115                 *(PTR)++ = (VAL) / 256;         \
  116                 *(PTR)++ = (VAL) % 256
  118 /* Add a complete PPPoE header to the buffer pointed to by PTR */
  119 #define PPPOE_ADD_HEADER(PTR, CODE, SESS, LEN)  \
  120                 *(PTR)++ = PPPOE_VERTYPE;       \
  121                 *(PTR)++ = (CODE);              \
PPPOE_ADD_16(PTR, SESS);        \
PPPOE_ADD_16(PTR, LEN)
  125 #define PPPOE_DISC_TIMEOUT      (hz*5)  /* base for quick timeout calculation */
  126 #define PPPOE_SLOW_RETRY        (hz*60) /* persistent retry interval */
  127 #define PPPOE_DISC_MAXPADI      4       /* retry PADI four times (quickly) */
  128 #define PPPOE_DISC_MAXPADR      2       /* retry PADR twice */
  130 #ifdef PPPOE_SERVER
  131 #define IFF_PASSIVE     IFF_LINK0       /* wait passively for connection */
  132 #endif
  134 struct pppoe_softc {
  135         struct sppp sc_sppp;            /* contains a struct ifnet as first element */
LIST_ENTRY(pppoe_softc) sc_list;
  137         struct ifnet *sc_eth_if;        /* ethernet interface we are using */
  139         int sc_state;                   /* discovery phase or session connected */
  140         struct ether_addr sc_dest;      /* hardware address of concentrator */
u_int16_t sc_session;           /* PPPoE session id */
  143         char *sc_service_name;          /* if != NULL: requested name of service */
  144         char *sc_concentrator_name;     /* if != NULL: requested concentrator id */
u_int8_t *sc_ac_cookie;         /* content of AC cookie we must echo back */
size_t sc_ac_cookie_len;        /* length of cookie data */
  147 #ifdef PPPOE_SERVER
u_int8_t *sc_hunique;           /* content of host unique we must echo back */
size_t sc_hunique_len;          /* length of host unique */
  150 #endif
u_int32_t sc_unique;            /* our unique id */
  152         struct timeout sc_timeout;      /* timeout while not in session state */
  153         int sc_padi_retried;            /* number of PADI retries already done */
  154         int sc_padr_retried;            /* number of PADR retries already done */
  156         struct timeval sc_session_time; /* time the session was established */
  157 };
  159 /* incoming traffic will be queued here */
  160 struct ifqueue ppoediscinq = { NULL };
  161 struct ifqueue ppoeinq = { NULL };
  163 extern int sppp_ioctl(struct ifnet *, unsigned long, void *);
  165 /* input routines */
  166 static void pppoe_disc_input(struct mbuf *);
  167 static void pppoe_dispatch_disc_pkt(struct mbuf *, int);
  168 static void pppoe_data_input(struct mbuf *);
  170 /* management routines */
  171 void pppoeattach(int);
  172 static int  pppoe_connect(struct pppoe_softc *);
  173 static int  pppoe_disconnect(struct pppoe_softc *);
  174 static void pppoe_abort_connect(struct pppoe_softc *);
  175 static int  pppoe_ioctl(struct ifnet *, unsigned long, caddr_t);
  176 static void pppoe_tls(struct sppp *);
  177 static void pppoe_tlf(struct sppp *);
  178 static void pppoe_start(struct ifnet *);
  180 /* internal timeout handling */
  181 static void pppoe_timeout(void *);
  183 /* sending actual protocol controll packets */
  184 static int pppoe_send_padi(struct pppoe_softc *);
  185 static int pppoe_send_padr(struct pppoe_softc *);
  186 #ifdef PPPOE_SERVER
  187 static int pppoe_send_pado(struct pppoe_softc *);
  188 static int pppoe_send_pads(struct pppoe_softc *);
  189 #endif
  190 static int pppoe_send_padt(struct ifnet *, u_int, const u_int8_t *);
  192 /* raw output */
  193 static int pppoe_output(struct pppoe_softc *, struct mbuf *);
  195 /* internal helper functions */
  196 static struct pppoe_softc *pppoe_find_softc_by_session(u_int, struct ifnet *);
  197 static struct pppoe_softc *pppoe_find_softc_by_hunique(u_int8_t *, size_t, struct ifnet *);
  198 static struct mbuf        *pppoe_get_mbuf(size_t len);
LIST_HEAD(pppoe_softc_head, pppoe_softc) pppoe_softc_list;
  202 /* interface cloning */
  203 int pppoe_clone_create(struct if_clone *, int);
  204 int pppoe_clone_destroy(struct ifnet *);
  206 struct if_clone pppoe_cloner =
IF_CLONE_INITIALIZER("pppoe", pppoe_clone_create, pppoe_clone_destroy);
  210 /* ARGSUSED */
  211 void
pppoeattach(int count)
  213 {
LIST_INIT(&pppoe_softc_list);
if_clone_attach(&pppoe_cloner);
ppoediscinq.ifq_maxlen = IFQ_MAXLEN;
ppoeinq.ifq_maxlen = IFQ_MAXLEN;
  219 }
  221 /* Create a new interface. */
  222 int
  223 pppoe_clone_create(struct if_clone *ifc, int unit)
  224 {
  225         struct pppoe_softc *sc;
  226         int s;
MALLOC(sc, struct pppoe_softc *, sizeof(*sc), M_DEVBUF, M_WAITOK);
  229         if (sc == NULL)
  230                 return (ENOMEM);
bzero(sc, sizeof(struct pppoe_softc));
sc->sc_unique = arc4random();
snprintf(sc->sc_sppp.pp_if.if_xname, 
  236                  sizeof(sc->sc_sppp.pp_if.if_xname), 
  237                  "pppoe%d", unit);
sc->sc_sppp.pp_if.if_softc = sc;
sc->sc_sppp.pp_if.if_mtu = PPPOE_MAXMTU;
sc->sc_sppp.pp_if.if_flags = IFF_SIMPLEX | IFF_POINTOPOINT | IFF_MULTICAST;
sc->sc_sppp.pp_if.if_type = IFT_PPP;
sc->sc_sppp.pp_if.if_hdrlen = sizeof(struct ether_header) + PPPOE_HEADERLEN;
sc->sc_sppp.pp_flags |= PP_KEEPALIVE |          /* use LCP keepalive */
PP_NOFRAMING;           /* no serial encapsulation */
sc->sc_sppp.pp_framebytes = PPPOE_HEADERLEN;    /* framing added to ppp packets */
sc->sc_sppp.pp_if.if_ioctl = pppoe_ioctl;
sc->sc_sppp.pp_if.if_start = pppoe_start;
sc->sc_sppp.pp_tls = pppoe_tls;
sc->sc_sppp.pp_tlf = pppoe_tlf;
IFQ_SET_MAXLEN(&sc->sc_sppp.pp_if.if_snd, IFQ_MAXLEN);
IFQ_SET_READY(&sc->sc_sppp.pp_if.if_snd);
  253         /* changed to real address later */
memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest));
  256         /* init timer for interface watchdog */
timeout_set(&sc->sc_timeout, pppoe_timeout, sc);
if_attach(&sc->sc_sppp.pp_if);
if_alloc_sadl(&sc->sc_sppp.pp_if);
sppp_attach(&sc->sc_sppp.pp_if);
  262 #if NBPFILTER > 0
bpfattach(&sc->sc_sppp.pp_if.if_bpf, &sc->sc_sppp.pp_if, DLT_PPP_ETHER, 0);
  264 #endif
s = splnet();
LIST_INSERT_HEAD(&pppoe_softc_list, sc, sc_list);
splx(s);
  270         return (0);
  271 }
  273 /* Destroy a given interface. */
  274 int
  275 pppoe_clone_destroy(struct ifnet *ifp)
  276 {
  277         struct pppoe_softc *sc = ifp->if_softc;
  278         int s;
s = splnet();
LIST_REMOVE(sc, sc_list);
timeout_del(&sc->sc_timeout);
splx(s);
sppp_detach(&sc->sc_sppp.pp_if);
if_detach(ifp);
  288         if (sc->sc_concentrator_name)
free(sc->sc_concentrator_name, M_DEVBUF);
  290         if (sc->sc_service_name)
free(sc->sc_service_name, M_DEVBUF);
  292         if (sc->sc_ac_cookie)
free(sc->sc_ac_cookie, M_DEVBUF);
free(sc, M_DEVBUF);
  297         return (0);
  298 }
  300 /*
  301  * Find the interface handling the specified session.
  302  * Note: O(number of sessions open), this is a client-side only, mean
  303  * and lean implementation, so number of open sessions typically should
  304  * be 1.
  305  */
  306 static struct pppoe_softc *
pppoe_find_softc_by_session(u_int session, struct ifnet *rcvif)
  308 {
  309         struct pppoe_softc *sc;
  311         if (session == 0)
  312                 return (NULL);
LIST_FOREACH(sc, &pppoe_softc_list, sc_list) {
  315                 if (sc->sc_state == PPPOE_STATE_SESSION
  316                     && sc->sc_session == session) {
  317                         if (sc->sc_eth_if == rcvif)
  318                                 return (sc);
  319                         else
  320                                 return (NULL);
  321                 }
  322         }
  323         return (NULL);
  324 }
  326 /* 
  327  * Check host unique token passed and return appropriate softc pointer,
  328  * or NULL if token is bogus.
  329  */
  330 static struct pppoe_softc *
pppoe_find_softc_by_hunique(u_int8_t *token, size_t len, struct ifnet *rcvif)
  332 {
  333         struct pppoe_softc *sc;
u_int32_t hunique;
  336         if (LIST_EMPTY(&pppoe_softc_list))
  337                 return (NULL);
  339         if (len != sizeof(hunique))
  340                 return (NULL);
memcpy(&hunique, token, len);
LIST_FOREACH(sc, &pppoe_softc_list, sc_list)
  344                 if (sc->sc_unique == hunique)
  345                         break;
  347         if (sc == NULL) {
printf("pppoe: alien host unique tag, no session found\n");
  349                 return (NULL);
  350         }
  352         /* should be safe to access *sc now */
  353         if (sc->sc_state < PPPOE_STATE_PADI_SENT || sc->sc_state >= PPPOE_STATE_SESSION) {
printf("%s: host unique tag found, but it belongs to a connection in state %d\n",
sc->sc_sppp.pp_if.if_xname, sc->sc_state);
  356                 return (NULL);
  357         }
  358         if (sc->sc_eth_if != rcvif) {
printf("%s: wrong interface, not accepting host unique\n",
sc->sc_sppp.pp_if.if_xname);
  361                 return (NULL);
  362         }
  363         return (sc);
  364 }
  366 /* Interface interrupt handler routine. */
  367 void
pppoeintr(void)
  369 {
  370         struct pppoe_softc *sc;
  371         struct mbuf *m;
splassert(IPL_SOFTNET);
LIST_FOREACH(sc, &pppoe_softc_list, sc_list) {
  376                 while (ppoediscinq.ifq_head) {
MBUFLOCK(IF_DEQUEUE(&ppoediscinq, m););
  378                         if (m == NULL)
  379                                 break;
pppoe_disc_input(m);
  381                 }
  383                 while (ppoeinq.ifq_head) {
MBUFLOCK(IF_DEQUEUE(&ppoeinq, m););
  385                         if (m == NULL)
  386                                 break;
pppoe_data_input(m);
  388                 }
  389         }
  390 }
  392 /* Analyze and handle a single received packet while not in session state. */
  393 static void pppoe_dispatch_disc_pkt(struct mbuf *m, int off)
  394 {
  395         struct pppoe_softc *sc;
  396         struct pppoehdr *ph;
  397         struct pppoetag *pt;
  398         struct mbuf *n;
  399         struct ether_header *eh;
  400         const char *err_msg, *devname;
size_t ac_cookie_len;
  402         int noff, err, errortag;
u_int16_t tag, len;
u_int16_t session, plen;
u_int8_t *ac_cookie;
  406 #ifdef PPPOE_SERVER
u_int8_t *hunique;
size_t hunique_len;
  409 #endif
err_msg = NULL;
devname = "pppoe";
errortag = 0;
  415         if (m->m_len < sizeof(*eh)) {
m = m_pullup(m, sizeof(*eh));
  417                 if (m == NULL)
  418                         goto done;
  419         }
eh = mtod(m, struct ether_header *);
off += sizeof(*eh);
ac_cookie = NULL;
ac_cookie_len = 0;
  425 #ifdef PPPOE_SERVER
hunique = NULL;
hunique_len = 0;
  428 #endif
session = 0;
  431         if (m->m_pkthdr.len - off <= PPPOE_HEADERLEN) {
printf("pppoe: packet too short: %d\n", m->m_pkthdr.len);
  433                 goto done;
  434         }
n = m_pulldown(m, off, sizeof(*ph), &noff);
  437         if (n == NULL) {
printf("pppoe: could not get PPPoE header\n");
m = NULL;
  440                 goto done;
  441         }
ph = (struct pppoehdr *)(mtod(n, caddr_t) + noff);
  443         if (ph->vertype != PPPOE_VERTYPE) {
printf("pppoe: unknown version/type packet: 0x%x\n",
ph->vertype);
  446                 goto done;
  447         }
session = ntohs(ph->session);
plen = ntohs(ph->plen);
off += sizeof(*ph);
  452         if (plen + off > m->m_pkthdr.len) {
printf("pppoe: packet content does not fit: data available = %d, packet size = %u\n",
m->m_pkthdr.len - off, plen);
  455                 goto done;
  456         }
  458         /* ignore trailing garbage */
m_adj(m, off + plen - m->m_pkthdr.len);
tag = 0;
len = 0;
sc = NULL;
  464         while (off + sizeof(*pt) <= m->m_pkthdr.len) {
n = m_pulldown(m, off, sizeof(*pt), &noff);
  466                 if (n == NULL) {
printf("%s: parse error\n", devname);
m = NULL;
  469                         goto done;
  470                 }
pt = (struct pppoetag *)(mtod(n, caddr_t) + noff);
tag = ntohs(pt->tag);
len = ntohs(pt->len);
  474                 if (off + len > m->m_pkthdr.len) {
printf("%s: tag 0x%x len 0x%x is too long\n",
devname, tag, len);
  477                         goto done;
  478                 }
  479                 switch (tag) {
  480                 case PPPOE_TAG_EOL:
  481                         goto breakbreak;
  482                 case PPPOE_TAG_SNAME:
  483                         break;  /* ignored */
  484                 case PPPOE_TAG_ACNAME:
  485                         break;  /* ignored */
  486                 case PPPOE_TAG_HUNIQUE:
  487                         if (sc != NULL)
  488                                 break;
n = m_pulldown(m, off + sizeof(*pt), len, &noff);
  490                         if (n == NULL) {
m = NULL;
err_msg = "TAG HUNIQUE ERROR";
  493                                 break;
  494                         }
  495 #ifdef PPPOE_SERVER
hunique = mtod(n, caddr_t) + noff;
hunique_len = len;
  498 #endif
sc = pppoe_find_softc_by_hunique(mtod(n, caddr_t) + noff,
len, m->m_pkthdr.rcvif);
  501                         if (sc != NULL)
devname = sc->sc_sppp.pp_if.if_xname;
  503                         break;
  504                 case PPPOE_TAG_ACCOOKIE:
  505                         if (ac_cookie == NULL) {
n = m_pulldown(m, off + sizeof(*pt), len,
  507                                     &noff);
  508                                 if (n == NULL) {
err_msg = "TAG ACCOOKIE ERROR";
m = NULL;
  511                                         break;
  512                                 }
ac_cookie = mtod(n, caddr_t) + noff;
ac_cookie_len = len;
  515                         }
  516                         break;
  517                 case PPPOE_TAG_SNAME_ERR:
err_msg = "SERVICE NAME ERROR";
errortag = 1;
  520                         break;
  521                 case PPPOE_TAG_ACSYS_ERR:
err_msg = "AC SYSTEM ERROR";
errortag = 1;
  524                         break;
  525                 case PPPOE_TAG_GENERIC_ERR:
err_msg = "GENERIC ERROR";
errortag = 1;
  528                         break;
  529                 }
  530                 if (err_msg) {
log(LOG_INFO, "%s: %s: ", devname, err_msg);
  532                         if (errortag && len) {
n = m_pulldown(m, off + sizeof(*pt), len,
  534                                     &noff);
  535                                 if (n) {
u_int8_t *et = mtod(n, caddr_t) + noff;
  537                                         while (len--)
addlog("%c", *et++);
  539                                 }
  540                         }
addlog("\n");
  542                         goto done;
  543                 }
off += sizeof(*pt) + len;
  545         }
breakbreak:
  547         switch (ph->code) {
  548         case PPPOE_CODE_PADI:
  549 #ifdef PPPOE_SERVER
  550                 /*
  551                  * Got service name, concentrator name, and/or host unique.
  552                  * Ignore if we have no interfaces with IFF_PASSIVE|IFF_UP.
  553                  */
  554                 if (LIST_EMPTY(&pppoe_softc_list))
  555                         goto done;
LIST_FOREACH(sc, &pppoe_softc_list, sc_list) {
  558                         if (!(sc->sc_sppp.pp_if.if_flags & IFF_UP))
  559                                 continue;
  560                         if (!(sc->sc_sppp.pp_if.if_flags & IFF_PASSIVE))
  561                                 continue;
  562                         if (sc->sc_state == PPPOE_STATE_INITIAL)
  563                                 break;
  564                 }
  565                 if (sc == NULL) {
  566 #ifdef PPPOE_DEBUG
printf("pppoe: free passive interface is not found\n");
  568 #endif
  569                         goto done;
  570                 }
  571                 if (hunique) {
  572                         if (sc->sc_hunique)
free(sc->sc_hunique, M_DEVBUF);
sc->sc_hunique = malloc(hunique_len, M_DEVBUF,
M_DONTWAIT);
  576                         if (sc->sc_hunique == NULL)
  577                                 goto done;
sc->sc_hunique_len = hunique_len;
memcpy(sc->sc_hunique, hunique, hunique_len);
  580                 }
memcpy(&sc->sc_dest, eh->ether_shost, sizeof(sc->sc_dest));
sc->sc_state = PPPOE_STATE_PADO_SENT;
pppoe_send_pado(sc);
  586                 break;
  587 #endif /* PPPOE_SERVER */
  588         case PPPOE_CODE_PADR:
  589 #ifdef PPPOE_SERVER
  590                 /*
  591                  * Get sc from ac_cookie if IFF_PASSIVE.
  592                  */
  593                 if (ac_cookie == NULL) {
  594                         /* be quiet if there is not a single pppoe instance */
printf("pppoe: received PADR but not includes ac_cookie\n");
  596                         goto done;
  597                 }
sc = pppoe_find_softc_by_hunique(ac_cookie,
ac_cookie_len,
m->m_pkthdr.rcvif);
  602                 if (sc == NULL) {
  603                         /* be quiet if there is not a single pppoe instance */
  604                         if (!LIST_EMPTY(&pppoe_softc_list))
printf("pppoe: received PADR but could not find request for it\n");
  606                         goto done;
  607                 }
  608                 if (sc->sc_state != PPPOE_STATE_PADO_SENT) {
printf("%s: received unexpected PADR\n",
sc->sc_sppp.pp_if.if_xname);
  611                         goto done;
  612                 }
  613                 if (hunique) {
  614                         if (sc->sc_hunique)
free(sc->sc_hunique, M_DEVBUF);
sc->sc_hunique = malloc(hunique_len, M_DEVBUF,
M_DONTWAIT);
  618                         if (sc->sc_hunique == NULL)
  619                                 goto done;
sc->sc_hunique_len = hunique_len;
memcpy(sc->sc_hunique, hunique, hunique_len);
  622                 }
pppoe_send_pads(sc);
sc->sc_state = PPPOE_STATE_SESSION;
sc->sc_sppp.pp_up(&sc->sc_sppp);
  628                 break;
  629 #else
  630                 /* ignore, we are no access concentrator */
  631                 goto done;
  632 #endif /* PPPOE_SERVER */
  633         case PPPOE_CODE_PADO:
  634                 if (sc == NULL) {
  635                         /* be quiet if there is not a single pppoe instance */
  636                         if (!LIST_EMPTY(&pppoe_softc_list))
printf("pppoe: received PADO but could not find request for it\n");
  638                         goto done;
  639                 }
  640                 if (sc->sc_state != PPPOE_STATE_PADI_SENT) {
printf("%s: received unexpected PADO\n",
sc->sc_sppp.pp_if.if_xname);
  643                         goto done;
  644                 }
  645                 if (ac_cookie) {
  646                         if (sc->sc_ac_cookie)
free(sc->sc_ac_cookie, M_DEVBUF);
sc->sc_ac_cookie = malloc(ac_cookie_len, M_DEVBUF,
M_DONTWAIT);
  650                         if (sc->sc_ac_cookie == NULL)
  651                                 goto done;
sc->sc_ac_cookie_len = ac_cookie_len;
memcpy(sc->sc_ac_cookie, ac_cookie, ac_cookie_len);
  654                 }
memcpy(&sc->sc_dest, eh->ether_shost, sizeof(sc->sc_dest));
timeout_del(&sc->sc_timeout);
sc->sc_padr_retried = 0;
sc->sc_state = PPPOE_STATE_PADR_SENT;
  660                 if ((err = pppoe_send_padr(sc)) != 0) {
PPPOEDEBUG(("%s: failed to send PADR, error=%d\n",
sc->sc_sppp.pp_if.if_xname, err));
  663                 }
timeout_add(&sc->sc_timeout,
PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried));
  667                 break;
  668         case PPPOE_CODE_PADS:
  669                 if (sc == NULL)
  670                         goto done;
sc->sc_session = session;
timeout_del(&sc->sc_timeout);
PPPOEDEBUG(("%s: session 0x%x connected\n",
sc->sc_sppp.pp_if.if_xname, session));
sc->sc_state = PPPOE_STATE_SESSION;
microtime(&sc->sc_session_time);
sc->sc_sppp.pp_up(&sc->sc_sppp);        /* notify upper layers */
  680                 break;
  681         case PPPOE_CODE_PADT:
  682                 if (sc == NULL)
  683                         goto done;
  685                 /* stop timer (we might be about to transmit a PADT ourself) */
timeout_del(&sc->sc_timeout);
PPPOEDEBUG(("%s: session 0x%x terminated, received PADT\n",
sc->sc_sppp.pp_if.if_xname, session));
  690                 /* clean up softc */
sc->sc_state = PPPOE_STATE_INITIAL;
memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest));
  693                 if (sc->sc_ac_cookie) {
free(sc->sc_ac_cookie, M_DEVBUF);
sc->sc_ac_cookie = NULL;
  696                 }
sc->sc_ac_cookie_len = 0;
sc->sc_session = 0;
sc->sc_session_time.tv_sec = 0;
sc->sc_session_time.tv_usec = 0;
sc->sc_sppp.pp_down(&sc->sc_sppp);      /* signal upper layer */ 
  703                 break;
  704         default:
printf("%s: unknown code (0x%04x) session = 0x%04x\n",
sc ? sc->sc_sppp.pp_if.if_xname : "pppoe",
ph->code, session);
  708                 break;
  709         }
done:
m_freem(m);
  713 }
  715 /* Input function for discovery packets. */
  716 static void
pppoe_disc_input(struct mbuf *m)
  718 {
  719         /* avoid error messages if there is not a single pppoe instance */
  720         if (!LIST_EMPTY(&pppoe_softc_list)) {
KASSERT(m->m_flags & M_PKTHDR);
pppoe_dispatch_disc_pkt(m, 0);
  723         } else
m_freem(m);
  725 }
  727 /* Input function for data packets */
  728 static void
pppoe_data_input(struct mbuf *m)
  730 {
  731         struct pppoe_softc *sc;
  732         struct pppoehdr *ph;
u_int16_t session, plen;
  734 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS
u_int8_t shost[ETHER_ADDR_LEN];
  736 #endif
KASSERT(m->m_flags & M_PKTHDR);
  740 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS
memcpy(shost, mtod(m, struct ether_header*)->ether_shost, ETHER_ADDR_LEN);
  742 #endif
m_adj(m, sizeof(struct ether_header));
  744         if (m->m_pkthdr.len <= PPPOE_HEADERLEN) {
printf("pppoe (data): dropping too short packet: %d bytes\n",
m->m_pkthdr.len);
  747                 goto drop;
  748         }
  749         if (m->m_len < sizeof(*ph)) {
m = m_pullup(m, sizeof(*ph));
  751                 if (m == NULL) {
printf("pppoe (data): could not get PPPoE header\n");
  753                         return;
  754                 }
  755         }
ph = mtod(m, struct pppoehdr *);
  757         if (ph->vertype != PPPOE_VERTYPE) {
printf("pppoe (data): unknown version/type packet: 0x%x\n",
ph->vertype);
  760                 goto drop;
  761         }
  762         if (ph->code != 0)
  763                 goto drop;
session = ntohs(ph->session);
sc = pppoe_find_softc_by_session(session, m->m_pkthdr.rcvif);
  767         if (sc == NULL) {
  768 #ifdef PPPOE_TERM_UNKNOWN_SESSIONS
printf("pppoe (data): input for unknown session 0x%x, sending PADT\n",
session);
pppoe_send_padt(m->m_pkthdr.rcvif, session, shost);
  772 #endif
  773                 goto drop;
  774         }
plen = ntohs(ph->plen);
  778 #if NBPFILTER > 0
  779         if(sc->sc_sppp.pp_if.if_bpf)
bpf_mtap(sc->sc_sppp.pp_if.if_bpf, m, BPF_DIRECTION_IN);
  781 #endif
m_adj(m, PPPOE_HEADERLEN);
  785 #ifdef PPPOE_DEBUG
  786         {
  787                 struct mbuf *p;
printf("%s: pkthdr.len=%d, pppoe.len=%d",
sc->sc_sppp.pp_if.if_xname,
m->m_pkthdr.len, plen);
p = m;
  793                 while (p) {
printf(" l=%d", p->m_len);
p = p->m_next;
  796                 }
printf("\n");
  798         }
  799 #endif
  801         if (m->m_pkthdr.len < plen)
  802                 goto drop;
  804         /* fix incoming interface pointer (not the raw ethernet interface anymore) */
m->m_pkthdr.rcvif = &sc->sc_sppp.pp_if;
  807         /* pass packet up and account for it */
sc->sc_sppp.pp_if.if_ipackets++;
sppp_input(&sc->sc_sppp.pp_if, m);
  810         return;
drop:
m_freem(m);
  814 }
  816 static int
pppoe_output(struct pppoe_softc *sc, struct mbuf *m)
  818 {
  819         struct sockaddr dst;
  820         struct ether_header *eh;
u_int16_t etype;
  823         if (sc->sc_eth_if == NULL) {
m_freem(m);
  825                 return (EIO);
  826         }
  828         if ((sc->sc_eth_if->if_flags & (IFF_UP|IFF_RUNNING))
  829             != (IFF_UP|IFF_RUNNING)) {
m_freem(m);
  831                 return (ENETDOWN);
  832         }
memset(&dst, 0, sizeof dst);
dst.sa_family = AF_UNSPEC;
eh = (struct ether_header*)&dst.sa_data;
etype = sc->sc_state == PPPOE_STATE_SESSION ? ETHERTYPE_PPPOE : ETHERTYPE_PPPOEDISC;
eh->ether_type = htons(etype);
memcpy(&eh->ether_dhost, &sc->sc_dest, sizeof sc->sc_dest);
PPPOEDEBUG(("%s (%x) state=%d, session=0x%x output -> %s, len=%d\n",
sc->sc_sppp.pp_if.if_xname, etype,
sc->sc_state, sc->sc_session,
ether_sprintf((unsigned char *)&sc->sc_dest), m->m_pkthdr.len));
m->m_flags &= ~(M_BCAST|M_MCAST);
sc->sc_sppp.pp_if.if_opackets++;
  848         return (sc->sc_eth_if->if_output(sc->sc_eth_if, m, &dst, NULL));
  849 }
  851 /* The ioctl routine. */
  852 static int
pppoe_ioctl(struct ifnet *ifp, unsigned long cmd, caddr_t data)
  854 {
  855         struct proc *p = curproc;       /* XXX */
  856         struct pppoe_softc *sc = (struct pppoe_softc *)ifp;
  857         int error = 0;
  859         switch (cmd) {
  860         case PPPOESETPARMS:
  861         {
  862                 struct pppoediscparms *parms = (struct pppoediscparms *)data;
  863                 int len;
  865                 if ((error = suser(p, p->p_acflag)) != 0)
  866                         return (error);
  867                 if (parms->eth_ifname[0] != '\0') {
sc->sc_eth_if = ifunit(parms->eth_ifname);
  869                         if (sc->sc_eth_if == NULL)
  870                                 return (ENXIO);
  871                 }
  873                 if (sc->sc_concentrator_name)
free(sc->sc_concentrator_name, M_DEVBUF);
sc->sc_concentrator_name = NULL;
len = strlen(parms->ac_name);
  878                 if (len > 0 && len < sizeof(parms->ac_name)) {
  879                         char *p = malloc(len + 1, M_DEVBUF, M_WAITOK);
  880                         if (p == NULL)
  881                                 return (ENOMEM);
strlcpy(p, parms->ac_name, len + 1);
sc->sc_concentrator_name = p;
  884                 }
  886                 if (sc->sc_service_name)
free(sc->sc_service_name, M_DEVBUF);
sc->sc_service_name = NULL;
len = strlen(parms->service_name);
  891                 if (len > 0 && len < sizeof(parms->service_name)) {
  892                         char *p = malloc(len + 1, M_DEVBUF, M_WAITOK);
  893                         if (p == NULL)
  894                                 return (ENOMEM);
strlcpy(p, parms->service_name, len + 1);
sc->sc_service_name = p;
  897                 }
  898                 return (0);
  899         }
  900         break;
  901         case PPPOEGETPARMS:
  902         {
  903                 struct pppoediscparms *parms = (struct pppoediscparms *)data;
  905                 if (sc->sc_eth_if)
strlcpy(parms->eth_ifname, sc->sc_eth_if->if_xname,
IFNAMSIZ);
  908                 else
parms->eth_ifname[0] = '\0';
  911                 if (sc->sc_concentrator_name)
strlcpy(parms->ac_name, sc->sc_concentrator_name,
  913                             sizeof(parms->ac_name));
  914                 else
parms->ac_name[0] = '\0';
  917                 if (sc->sc_service_name)
strlcpy(parms->service_name, sc->sc_service_name,
  919                             sizeof(parms->service_name));
  920                 else
parms->service_name[0] = '\0';
  923                 return (0);
  924         }
  925         break;
  926         case PPPOEGETSESSION:
  927         {
  928                 struct pppoeconnectionstate *state =
  929                     (struct pppoeconnectionstate *)data;
state->state = sc->sc_state;
state->session_id = sc->sc_session;
state->padi_retry_no = sc->sc_padi_retried;
state->padr_retry_no = sc->sc_padr_retried;
state->session_time.tv_sec = sc->sc_session_time.tv_sec;
state->session_time.tv_usec = sc->sc_session_time.tv_usec;
  936                 return (0);
  937         }
  938         break;
  939         case SIOCSIFFLAGS:
  940         {
  941                 struct ifreq *ifr = (struct ifreq *)data;
  942                 /*
  943                  * Prevent running re-establishment timers overriding
  944                  * administrators choice.
  945                  */
  946                 if ((ifr->ifr_flags & IFF_UP) == 0
  947                      && sc->sc_state >= PPPOE_STATE_PADI_SENT
  948                      && sc->sc_state < PPPOE_STATE_SESSION) {
timeout_del(&sc->sc_timeout);
sc->sc_state = PPPOE_STATE_INITIAL;
sc->sc_padi_retried = 0;
sc->sc_padr_retried = 0;
memcpy(&sc->sc_dest, etherbroadcastaddr,
  954                             sizeof(sc->sc_dest));
  955                 }
  956                 return (sppp_ioctl(ifp, cmd, data));
  957         }
  958         case SIOCSIFMTU:
  959         {
  960                 struct ifreq *ifr = (struct ifreq *)data;
  962                 if (ifr->ifr_mtu > PPPOE_MAXMTU)
  963                         return (EINVAL);
  964                 return (sppp_ioctl(ifp, cmd, data));
  965         }
  966         default:
  967                 return (sppp_ioctl(ifp, cmd, data));
  968         }
  969         return (0);
  970 }
  972 /*
  973  * Allocate a mbuf/cluster with space to store the given data length
  974  * of payload, leaving space for prepending an ethernet header
  975  * in front. 
  976  */
  977 static struct mbuf *
pppoe_get_mbuf(size_t len)
  979 {
  980         struct mbuf *m;
MGETHDR(m, M_DONTWAIT, MT_DATA);
  983         if (m == NULL)
  984                 return (NULL);
  985         if (len + sizeof(struct ether_header) > MHLEN) {
MCLGET(m, M_DONTWAIT);
  987                 if ((m->m_flags & M_EXT) == 0) {
  988                         struct mbuf *n;
MFREE(m, n);
  991                         return (NULL);
  992                 }
  993         }
m->m_data += sizeof(struct ether_header);
m->m_len = len;
m->m_pkthdr.len = len;
m->m_pkthdr.rcvif = NULL;
  999         return (m);
 1000 }
 1002 /* Send PADI. */
 1003 static int
pppoe_send_padi(struct pppoe_softc *sc)
 1005 {
 1006         struct mbuf *m0;
 1007         int len, l1 = 0, l2 = 0; /* XXX: gcc */
u_int8_t *p;
 1010         if (sc->sc_state > PPPOE_STATE_PADI_SENT)
panic("pppoe_send_padi in state %d", sc->sc_state);
 1013         /* calculate length of frame (excluding ethernet header + pppoe header) */
len = 2 + 2 + 2 + 2 + sizeof(sc->sc_unique); /* service name tag is required, host unique is send too */
 1015         if (sc->sc_service_name != NULL) {
l1 = strlen(sc->sc_service_name);
len += l1;
 1018         }
 1019         if (sc->sc_concentrator_name != NULL) {
l2 = strlen(sc->sc_concentrator_name);
len += 2 + 2 + l2;
 1022         }
 1024         /* allocate a buffer */
m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN);     /* header len + payload len */
 1026         if (m0 == NULL)
 1027                 return (ENOBUFS);
 1029         /* fill in pkt */
p = mtod(m0, u_int8_t *);
PPPOE_ADD_HEADER(p, PPPOE_CODE_PADI, 0, len);
PPPOE_ADD_16(p, PPPOE_TAG_SNAME);
 1033         if (sc->sc_service_name != NULL) {
PPPOE_ADD_16(p, l1);
memcpy(p, sc->sc_service_name, l1);
p += l1;
 1037         } else {
PPPOE_ADD_16(p, 0);
 1039         }
 1040         if (sc->sc_concentrator_name != NULL) {
PPPOE_ADD_16(p, PPPOE_TAG_ACNAME);
PPPOE_ADD_16(p, l2);
memcpy(p, sc->sc_concentrator_name, l2);
p += l2;
 1045         }
PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE);
PPPOE_ADD_16(p, sizeof(sc->sc_unique));
memcpy(p, &sc->sc_unique, sizeof(sc->sc_unique));
 1050 #ifdef PPPOE_DEBUG
p += sizeof(sc->sc_unique);
 1052         if (p - mtod(m0, u_int8_t *) != len + PPPOE_HEADERLEN)
panic("pppoe_send_padi: garbled output len, should be %ld, is %ld",
 1054                     (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, u_int8_t *)));
 1055 #endif
 1057         /* send pkt */
 1058         return (pppoe_output(sc, m0));
 1059 }
 1061 /* Watchdog function. */
 1062 static void
pppoe_timeout(void *arg)
 1064 {
 1065         struct pppoe_softc *sc = (struct pppoe_softc *)arg;
 1066         int x, retry_wait, err;
PPPOEDEBUG(("%s: timeout\n", sc->sc_sppp.pp_if.if_xname));
 1070         switch (sc->sc_state) {
 1071         case PPPOE_STATE_PADI_SENT:
 1072                 /*
 1073                  * We have two basic ways of retrying:
 1074                  *  - Quick retry mode: try a few times in short sequence
 1075                  *  - Slow retry mode: we already had a connection successfully
 1076                  *    established and will try infinitely (without user
 1077                  *    intervention)
 1078                  * We only enter slow retry mode if IFF_LINK1 (aka autodial)
 1079                  * is not set.
 1080                  */
 1082                 /* initialize for quick retry mode */
retry_wait = PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried);
x = splnet();
sc->sc_padi_retried++;
 1087                 if (sc->sc_padi_retried >= PPPOE_DISC_MAXPADI) {
 1088                         if ((sc->sc_sppp.pp_if.if_flags & IFF_LINK1) == 0) {
 1089                                 /* slow retry mode */
retry_wait = PPPOE_SLOW_RETRY;
 1091                         } else {
pppoe_abort_connect(sc);
splx(x);
 1094                                 return;
 1095                         }
 1096                 }
 1097                 if ((err = pppoe_send_padi(sc)) != 0) {
sc->sc_padi_retried--;
PPPOEDEBUG(("%s: failed to transmit PADI, error=%d\n",
sc->sc_sppp.pp_if.if_xname, err));
 1101                 }
timeout_add(&sc->sc_timeout, retry_wait);
splx(x);
 1105                 break;
 1106         case PPPOE_STATE_PADR_SENT:
x = splnet();
sc->sc_padr_retried++;
 1109                 if (sc->sc_padr_retried >= PPPOE_DISC_MAXPADR) {
memcpy(&sc->sc_dest, etherbroadcastaddr,
 1111                             sizeof(sc->sc_dest));
sc->sc_state = PPPOE_STATE_PADI_SENT;
sc->sc_padr_retried = 0;
 1114                         if ((err = pppoe_send_padi(sc)) != 0) {
PPPOEDEBUG(("%s: failed to send PADI, error=%d\n",
sc->sc_sppp.pp_if.if_xname, err));
 1117                         }
timeout_add(&sc->sc_timeout,
PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried));
splx(x);
 1121                         return;
 1122                 }
 1123                 if ((err = pppoe_send_padr(sc)) != 0) {
sc->sc_padr_retried--;
PPPOEDEBUG(("%s: failed to send PADR, error=%d\n",
sc->sc_sppp.pp_if.if_xname, err));
 1127                 }
timeout_add(&sc->sc_timeout,
PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried));
splx(x);
 1132                 break;
 1133         case PPPOE_STATE_CLOSING:
pppoe_disconnect(sc);
 1135                 break;
 1136         default:
 1137                 return; /* all done, work in peace */
 1138         }
 1139 }
 1141 /* Start a connection (i.e. initiate discovery phase). */
 1142 static int
pppoe_connect(struct pppoe_softc *sc)
 1144 {
 1145         int x, err;
 1147         if (sc->sc_state != PPPOE_STATE_INITIAL)
 1148                 return (EBUSY);
 1150 #ifdef PPPOE_SERVER
 1151         /* wait for PADI if IFF_PASSIVE */
 1152         if ((sc->sc_sppp.pp_if.if_flags & IFF_PASSIVE))
 1153                 return (0);
 1154 #endif
x = splnet();
 1157         /* save state, in case we fail to send PADI */
sc->sc_state = PPPOE_STATE_PADI_SENT;
sc->sc_padr_retried = 0;
err = pppoe_send_padi(sc);
 1161         if (err != 0)
PPPOEDEBUG(("%s: failed to send PADI, error=%d\n",
sc->sc_sppp.pp_if.if_xname, err));
timeout_add(&sc->sc_timeout, PPPOE_DISC_TIMEOUT);
splx(x);
 1168         return (err);
 1169 }
 1171 /* disconnect */
 1172 static int
pppoe_disconnect(struct pppoe_softc *sc)
 1174 {
 1175         int err, x;
x = splnet();
 1179         if (sc->sc_state < PPPOE_STATE_SESSION)
err = EBUSY;
 1181         else {
PPPOEDEBUG(("%s: disconnecting\n",
sc->sc_sppp.pp_if.if_xname));
err = pppoe_send_padt(sc->sc_eth_if, sc->sc_session, (const u_int8_t *)&sc->sc_dest);
 1185         }
 1187         /* cleanup softc */
sc->sc_state = PPPOE_STATE_INITIAL;
memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest));
 1190         if (sc->sc_ac_cookie) {
free(sc->sc_ac_cookie, M_DEVBUF);
sc->sc_ac_cookie = NULL;
 1193         }
sc->sc_ac_cookie_len = 0;
 1195 #ifdef PPPOE_SERVER
 1196         if (sc->sc_hunique) {
free(sc->sc_hunique, M_DEVBUF);
sc->sc_hunique = NULL;
 1199         }
sc->sc_hunique_len = 0;
 1201 #endif
sc->sc_session = 0;
 1204         /* notify upper layer */
sc->sc_sppp.pp_down(&sc->sc_sppp);
splx(x);
 1209         return (err);
 1210 }
 1212 /* Connection attempt aborted. */
 1213 static void
pppoe_abort_connect(struct pppoe_softc *sc)
 1215 {
printf("%s: could not establish connection\n",
sc->sc_sppp.pp_if.if_xname);
sc->sc_state = PPPOE_STATE_CLOSING;
 1220         /* notify upper layer */
sc->sc_sppp.pp_down(&sc->sc_sppp);
 1223         /* clear connection state */
memcpy(&sc->sc_dest, etherbroadcastaddr, sizeof(sc->sc_dest));
sc->sc_state = PPPOE_STATE_INITIAL;
 1226 }
 1228 /* Send a PADR packet */
 1229 static int
pppoe_send_padr(struct pppoe_softc *sc)
 1231 {
 1232         struct mbuf *m0;
u_int8_t *p;
size_t len, l1 = 0; /* XXX: gcc */
 1236         if (sc->sc_state != PPPOE_STATE_PADR_SENT)
 1237                 return (EIO);
len = 2 + 2 + 2 + 2 + sizeof(sc->sc_unique);    /* service name, host unique */
 1240         if (sc->sc_service_name != NULL) {              /* service name tag maybe empty */
l1 = strlen(sc->sc_service_name);
len += l1;
 1243         }
 1244         if (sc->sc_ac_cookie_len > 0)
len += 2 + 2 + sc->sc_ac_cookie_len;    /* AC cookie */
m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN);
 1248         if (m0 == NULL)
 1249                 return (ENOBUFS);
p = mtod(m0, u_int8_t *);
PPPOE_ADD_HEADER(p, PPPOE_CODE_PADR, 0, len);
PPPOE_ADD_16(p, PPPOE_TAG_SNAME);
 1255         if (sc->sc_service_name != NULL) {
PPPOE_ADD_16(p, l1);
memcpy(p, sc->sc_service_name, l1);
p += l1;
 1259         } else {
PPPOE_ADD_16(p, 0);
 1261         }
 1262         if (sc->sc_ac_cookie_len > 0) {
PPPOE_ADD_16(p, PPPOE_TAG_ACCOOKIE);
PPPOE_ADD_16(p, sc->sc_ac_cookie_len);
memcpy(p, sc->sc_ac_cookie, sc->sc_ac_cookie_len);
p += sc->sc_ac_cookie_len;
 1267         }
PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE);
PPPOE_ADD_16(p, sizeof(sc->sc_unique));
memcpy(p, &sc->sc_unique, sizeof(sc->sc_unique));
 1272 #ifdef PPPOE_DEBUG
p += sizeof(sc->sc_unique);
 1274         if (p - mtod(m0, u_int8_t *) != len + PPPOE_HEADERLEN)
panic("pppoe_send_padr: garbled output len, should be %ld, is %ld",
 1276                         (long)(len + PPPOE_HEADERLEN), (long)(p - mtod(m0, u_int8_t *)));
 1277 #endif
 1279         return (pppoe_output(sc, m0));
 1280 }
 1282 /* Send a PADT packet. */
 1283 static int
pppoe_send_padt(struct ifnet *outgoing_if, u_int session, const u_int8_t *dest)
 1285 {
 1286         struct ether_header *eh;
 1287         struct sockaddr dst;
 1288         struct mbuf *m0;
u_int8_t *p;
m0 = pppoe_get_mbuf(PPPOE_HEADERLEN);
 1292         if (m0 == NULL)
 1293                 return (ENOBUFS);
p = mtod(m0, u_int8_t *);
PPPOE_ADD_HEADER(p, PPPOE_CODE_PADT, session, 0);
memset(&dst, 0, sizeof(dst));
dst.sa_family = AF_UNSPEC;
eh = (struct ether_header *)&dst.sa_data;
eh->ether_type = htons(ETHERTYPE_PPPOEDISC);
memcpy(&eh->ether_dhost, dest, ETHER_ADDR_LEN);
m0->m_flags &= ~(M_BCAST|M_MCAST);
 1305         return (outgoing_if->if_output(outgoing_if, m0, &dst, NULL));
 1306 }
 1308 #ifdef PPPOE_SERVER
 1309 /* Send a PADO packet. */
 1310 static int
pppoe_send_pado(struct pppoe_softc *sc)
 1312 {
 1313         struct mbuf *m0;
size_t len;
u_int8_t *p;
 1317         if (sc->sc_state != PPPOE_STATE_PADO_SENT)
 1318                 return (EIO);
 1320         /* calc length */
len = 0;
 1322         /* include ac_cookie */
len += 2 + 2 + sizeof(sc->sc_unique);
 1324         /* include hunique */
len += 2 + 2 + sc->sc_hunique_len;
m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN);
 1328         if (m0 == NULL)
 1329                 return (ENOBUFS);
p = mtod(m0, u_int8_t *);
PPPOE_ADD_HEADER(p, PPPOE_CODE_PADO, 0, len);
PPPOE_ADD_16(p, PPPOE_TAG_ACCOOKIE);
PPPOE_ADD_16(p, sizeof(sc->sc_unique));
memcpy(p, &sc, sizeof(sc->sc_unique));
p += sizeof(sc->sc_unique);
PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE);
PPPOE_ADD_16(p, sc->sc_hunique_len);
memcpy(p, sc->sc_hunique, sc->sc_hunique_len);
 1341         return (pppoe_output(sc, m0));
 1342 }
 1344 /* Send a PADS packet. */
 1345 static int
pppoe_send_pads(struct pppoe_softc *sc)
 1347 {
 1348         struct mbuf *m0;
size_t len, l1;
u_int8_t *p;
 1352         if (sc->sc_state != PPPOE_STATE_PADO_SENT)
 1353                 return (EIO);
sc->sc_session = mono_time.tv_sec % 0xff + 1;
 1357         /* calc length */
len = 0;
 1359         /* include hunique */
len += 2 + 2 + 2 + 2 + sc->sc_hunique_len;      /* service name, host unique */
 1361         if (sc->sc_service_name != NULL) {              /* service name tag maybe empty */
l1 = strlen(sc->sc_service_name);
len += l1;
 1364         }
m0 = pppoe_get_mbuf(len + PPPOE_HEADERLEN);
 1367         if (m0 == NULL)
 1368                 return (ENOBUFS);
p = mtod(m0, u_int8_t *);
PPPOE_ADD_HEADER(p, PPPOE_CODE_PADS, sc->sc_session, len);
PPPOE_ADD_16(p, PPPOE_TAG_SNAME);
 1373         if (sc->sc_service_name != NULL) {
PPPOE_ADD_16(p, l1);
memcpy(p, sc->sc_service_name, l1);
p += l1;
 1377         } else {
PPPOE_ADD_16(p, 0);
 1379         }
PPPOE_ADD_16(p, PPPOE_TAG_HUNIQUE);
PPPOE_ADD_16(p, sc->sc_hunique_len);
memcpy(p, sc->sc_hunique, sc->sc_hunique_len);
 1384         return (pppoe_output(sc, m0));
 1385 }
 1386 #endif
 1388 /* this-layer-start function */
 1389 static void
pppoe_tls(struct sppp *sp)
 1391 {
 1392         struct pppoe_softc *sc = (void *)sp;
 1394         if (sc->sc_state != PPPOE_STATE_INITIAL)
 1395                 return;
pppoe_connect(sc);
 1397 }
 1399 /* this-layer-finish function */
 1400 static void
pppoe_tlf(struct sppp *sp)
 1402 {
 1403         struct pppoe_softc *sc = (void *)sp;
 1405         if (sc->sc_state < PPPOE_STATE_SESSION)
 1406                 return;
 1407         /*
 1408          * Do not call pppoe_disconnect here, the upper layer state
 1409          * machine gets confused by this. We must return from this
 1410          * function and defer disconnecting to the timeout handler.
 1411          */
sc->sc_state = PPPOE_STATE_CLOSING;
timeout_add(&sc->sc_timeout, hz / 50);
 1414 }
 1416 static void
pppoe_start(struct ifnet *ifp)
 1418 {
 1419         struct pppoe_softc *sc = (void *)ifp;
 1420         struct mbuf *m;
size_t len;
u_int8_t *p;
 1424         if (sppp_isempty(ifp))
 1425                 return;
 1427         /* are we ready to process data yet? */
 1428         if (sc->sc_state < PPPOE_STATE_SESSION) {
sppp_flush(&sc->sc_sppp.pp_if);
 1430                 return;
 1431         }
 1433         while ((m = sppp_dequeue(ifp)) != NULL) {
len = m->m_pkthdr.len;
M_PREPEND(m, PPPOE_HEADERLEN, M_DONTWAIT);
 1436                 if (m == NULL) {
ifp->if_oerrors++;
 1438                         continue;
 1439                 }
p = mtod(m, u_int8_t *);
PPPOE_ADD_HEADER(p, 0, sc->sc_session, len);
 1443 #if NBPFILTER > 0
 1444                 if(sc->sc_sppp.pp_if.if_bpf)
bpf_mtap(sc->sc_sppp.pp_if.if_bpf, m,
BPF_DIRECTION_OUT);
 1447 #endif
pppoe_output(sc, m);
 1450         }
 1451 }