1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * PPPoE Client-mode "chat" utility for use with Solaris PPP 4.0.
23  *
24  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
25  * Use is subject to license terms.
26  */
27 
28 #include <stdio.h>
29 #include <stdlib.h>
30 #include <unistd.h>
31 #include <ctype.h>
32 #include <strings.h>
33 #include <fcntl.h>
34 #include <errno.h>
35 #include <signal.h>
36 #include <stropts.h>
37 #include <netdb.h>
38 #include <sys/types.h>
39 #include <sys/socket.h>
40 #include <net/if.h>
41 #include <netinet/in.h>
42 #include <netinet/if_ether.h>
43 
44 #include <net/sppptun.h>
45 #include <net/pppoe.h>
46 
47 #include "common.h"
48 #include "logging.h"
49 
50 /*
51  * This value, currently set to the characters "POE1," is used to
52  * distinguish among control messages from multiple lower streams
53  * under /dev/sppp.  This feature is needed to support PPP translation
54  * (LAC-like behavior), but isn't currently used.
55  */
56 #define	PPPOE_DISCRIM	0x504F4531
57 
58 /* milliseconds between retries */
59 #define	PADI_RESTART_TIME	500
60 #define	PADR_RESTART_TIME	2000
61 
62 /* default inquiry mode timer in milliseconds. */
63 #define	PADI_INQUIRY_DWELL	3000
64 
65 /* maximum timer value in milliseconds */
66 #define	RESTART_LIMIT	5000
67 
68 char *myname;		/* copy of argv[0] for error messages */
69 static int verbose;	/* -v flag given */
70 static int onlyflag;	/* keyword "only" at end of command line */
71 static char *service = "";	/* saved service name from command line */
72 
73 static int pado_wait_time = 0;	/* see main() */
74 static int pads_wait_time = PADR_RESTART_TIME;
75 
76 static int tunfd;	/* open connection to sppptun driver */
77 
78 static struct timeval tvstart;	/* time of last PADI/PADR transmission */
79 
80 struct server_filter {
81 	struct server_filter *sf_next;	/* Next filter in list */
82 	struct ether_addr sf_mac;	/* Ethernet address */
83 	struct ether_addr sf_mask;	/* Mask (0 or 0xFF in each byte) */
84 	const char *sf_name;		/* String for AC-Name compare */
85 	boolean_t sf_hasmac;		/* Set if string could be MAC */
86 	boolean_t sf_isexcept;		/* Ignore server if matching */
87 };
88 
89 /* List of filters defined on command line. */
90 static struct server_filter *sfhead, *sftail;
91 
92 /*
93  * PPPoE Client State Machine
94  */
95 
96 /* Client events */
97 #define	PCSME_CLOSE	0	/* User close */
98 #define	PCSME_OPEN	1	/* User open */
99 #define	PCSME_TOP	2	/* Timeout+ (counter non-zero) */
100 #define	PCSME_TOM	3	/* Timeout- (counter zero) */
101 #define	PCSME_RPADT	4	/* Receive PADT (unexpected here) */
102 #define	PCSME_RPADOP	5	/* Receive desired PADO */
103 #define	PCSME_RPADO	6	/* Receive ordinary PADO */
104 #define	PCSME_RPADS	7	/* Receive PADS */
105 #define	PCSME_RPADSN	8	/* Receive bad (errored) PADS */
106 #define	PCSME__MAX	9
107 
108 /* Client states */
109 #define	PCSMS_DEAD	0	/* Initial state */
110 #define	PCSMS_INITSENT	1	/* PADI sent */
111 #define	PCSMS_OFFRRCVD	2	/* PADO received */
112 #define	PCSMS_REQSENT	3	/* PADR sent */
113 #define	PCSMS_CONVERS	4	/* Conversational */
114 #define	PCSMS__MAX	5
115 
116 /* Client actions */
117 #define	PCSMA_NONE	0	/* Do nothing */
118 #define	PCSMA_FAIL	1	/* Unrecoverable error */
119 #define	PCSMA_SPADI	2	/* Send PADI */
120 #define	PCSMA_ADD	3	/* Add ordinary server to list */
121 #define	PCSMA_SPADR	4	/* Send PADR to top server */
122 #define	PCSMA_SPADRP	5	/* Send PADR to this server (make top) */
123 #define	PCSMA_SPADRN	6	/* Send PADR to next (or terminate) */
124 #define	PCSMA_OPEN	7	/* Start PPP */
125 #define	PCSMA__MAX	8
126 
127 static uint8_t client_next_state[PCSMS__MAX][PCSME__MAX] = {
128 /* 0 PCSMS_DEAD Initial state */
129 	{
130 		PCSMS_DEAD,	/* PCSME_CLOSE  User close */
131 		PCSMS_INITSENT,	/* PCSME_OPEN   User open */
132 		PCSMS_DEAD,	/* PCSME_TOP    Timeout+ */
133 		PCSMS_DEAD,	/* PCSME_TOM    Timeout- */
134 		PCSMS_DEAD,	/* PCSME_RPADT  Receive PADT */
135 		PCSMS_DEAD,	/* PCSME_RPADOP Receive desired PADO */
136 		PCSMS_DEAD,	/* PCSME_RPADO  Receive ordinary PADO */
137 		PCSMS_DEAD,	/* PCSME_RPADS  Receive PADS */
138 		PCSMS_DEAD,	/* PCSME_RPADSN Receive bad PADS */
139 	},
140 /* 1 PCSMS_INITSENT PADI sent */
141 	{
142 		PCSMS_DEAD,	/* PCSME_CLOSE  User close */
143 		PCSMS_INITSENT,	/* PCSME_OPEN   User open */
144 		PCSMS_INITSENT,	/* PCSME_TOP    Timeout+ */
145 		PCSMS_DEAD,	/* PCSME_TOM    Timeout- */
146 		PCSMS_DEAD,	/* PCSME_RPADT  Receive PADT */
147 		PCSMS_REQSENT,	/* PCSME_RPADOP Receive desired PADO */
148 		PCSMS_OFFRRCVD,	/* PCSME_RPADO  Receive ordinary PADO */
149 		PCSMS_INITSENT,	/* PCSME_RPADS  Receive PADS */
150 		PCSMS_INITSENT,	/* PCSME_RPADSN Receive bad PADS */
151 	},
152 /* 2 PCSMS_OFFRRCVD PADO received */
153 	{
154 		PCSMS_DEAD,	/* PCSME_CLOSE  User close */
155 		PCSMS_INITSENT,	/* PCSME_OPEN   User open */
156 		PCSMS_REQSENT,	/* PCSME_TOP    Timeout+ */
157 		PCSMS_REQSENT,	/* PCSME_TOM    Timeout- */
158 		PCSMS_DEAD,	/* PCSME_RPADT  Receive PADT */
159 		PCSMS_REQSENT,	/* PCSME_RPADOP Receive desired PADO */
160 		PCSMS_OFFRRCVD,	/* PCSME_RPADO  Receive ordinary PADO */
161 		PCSMS_OFFRRCVD,	/* PCSME_RPADS  Receive PADS */
162 		PCSMS_OFFRRCVD,	/* PCSME_RPADSN Receive bad PADS */
163 	},
164 /* 3 PCSMS_REQSENT  PADR sent */
165 	{
166 		PCSMS_DEAD,	/* PCSME_CLOSE  User close */
167 		PCSMS_INITSENT,	/* PCSME_OPEN   User open */
168 		PCSMS_REQSENT,	/* PCSME_TOP    Timeout+ */
169 		PCSMS_REQSENT,	/* PCSME_TOM    Timeout- */
170 		PCSMS_DEAD,	/* PCSME_RPADT  Receive PADT */
171 		PCSMS_REQSENT,	/* PCSME_RPADOP Receive desired PADO */
172 		PCSMS_REQSENT,	/* PCSME_RPADO  Receive ordinary PADO */
173 		PCSMS_CONVERS,	/* PCSME_RPADS  Receive PADS */
174 		PCSMS_REQSENT,	/* PCSME_RPADSN Receive bad PADS */
175 	},
176 /* 4 PCSMS_CONVERS  Conversational */
177 	{
178 		PCSMS_DEAD,	/* PCSME_CLOSE  User close */
179 		PCSMS_INITSENT,	/* PCSME_OPEN   User open */
180 		PCSMS_CONVERS,	/* PCSME_TOP    Timeout+ */
181 		PCSMS_CONVERS,	/* PCSME_TOM    Timeout- */
182 		PCSMS_DEAD,	/* PCSME_RPADT  Receive PADT */
183 		PCSMS_CONVERS,	/* PCSME_RPADOP Receive desired PADO */
184 		PCSMS_CONVERS,	/* PCSME_RPADO  Receive ordinary PADO */
185 		PCSMS_CONVERS,	/* PCSME_RPADS  Receive PADS */
186 		PCSMS_CONVERS,	/* PCSME_RPADSN Receive bad PADS */
187 	},
188 };
189 
190 static uint8_t client_action[PCSMS__MAX][PCSME__MAX] = {
191 /* 0 PCSMS_DEAD Initial state */
192 	{
193 		PCSMA_NONE,	/* PCSME_CLOSE  User close */
194 		PCSMA_SPADI,	/* PCSME_OPEN   User open */
195 		PCSMA_NONE,	/* PCSME_TOP    Timeout+ */
196 		PCSMA_NONE,	/* PCSME_TOM    Timeout- */
197 		PCSMA_NONE,	/* PCSME_RPADT  Receive PADT */
198 		PCSMA_NONE,	/* PCSME_RPADOP Receive desired PADO */
199 		PCSMA_NONE,	/* PCSME_RPADO  Receive ordinary PADO */
200 		PCSMA_NONE,	/* PCSME_RPADS  Receive PADS */
201 		PCSMA_NONE,	/* PCSME_RPADSN Receive bad PADS */
202 	},
203 /* 1 PCSMS_INITSENT PADI sent */
204 	{
205 		PCSMA_FAIL,	/* PCSME_CLOSE  User close */
206 		PCSMA_SPADI,	/* PCSME_OPEN   User open */
207 		PCSMA_SPADI,	/* PCSME_TOP    Timeout+ */
208 		PCSMA_FAIL,	/* PCSME_TOM    Timeout- */
209 		PCSMA_FAIL,	/* PCSME_RPADT  Receive PADT */
210 		PCSMA_SPADRP,	/* PCSME_RPADOP Receive desired PADO */
211 		PCSMA_ADD,	/* PCSME_RPADO  Receive ordinary PADO */
212 		PCSMA_NONE,	/* PCSME_RPADS  Receive PADS */
213 		PCSMA_NONE,	/* PCSME_RPADSN Receive bad PADS */
214 	},
215 /* 2 PCSMS_OFFRRCVD PADO received */
216 	{
217 		PCSMA_FAIL,	/* PCSME_CLOSE  User close */
218 		PCSMA_SPADI,	/* PCSME_OPEN   User open */
219 		PCSMA_SPADR,	/* PCSME_TOP    Timeout+ */
220 		PCSMA_SPADR,	/* PCSME_TOM    Timeout- */
221 		PCSMA_FAIL,	/* PCSME_RPADT  Receive PADT */
222 		PCSMA_SPADRP,	/* PCSME_RPADOP Receive desired PADO */
223 		PCSMA_ADD,	/* PCSME_RPADO  Receive ordinary PADO */
224 		PCSMA_NONE,	/* PCSME_RPADS  Receive PADS */
225 		PCSMA_NONE,	/* PCSME_RPADSN Receive bad PADS */
226 	},
227 /* 3 PCSMS_REQSENT  PADR sent */
228 	{
229 		PCSMA_FAIL,	/* PCSME_CLOSE  User close */
230 		PCSMA_SPADI,	/* PCSME_OPEN   User open */
231 		PCSMA_SPADR,	/* PCSME_TOP    Timeout+ */
232 		PCSMA_SPADRN,	/* PCSME_TOM    Timeout- */
233 		PCSMA_FAIL,	/* PCSME_RPADT  Receive PADT */
234 		PCSMA_ADD,	/* PCSME_RPADOP Receive desired PADO */
235 		PCSMA_ADD,	/* PCSME_RPADO  Receive ordinary PADO */
236 		PCSMA_OPEN,	/* PCSME_RPADS  Receive PADS */
237 		PCSMA_SPADRN,	/* PCSME_RPADSN Receive bad PADS */
238 	},
239 /* 4 PCSMS_CONVERS  Conversational */
240 	{
241 		PCSMA_FAIL,	/* PCSME_CLOSE  User close */
242 		PCSMA_SPADI,	/* PCSME_OPEN   User open */
243 		PCSMA_FAIL,	/* PCSME_TOP    Timeout+ */
244 		PCSMA_FAIL,	/* PCSME_TOM    Timeout- */
245 		PCSMA_FAIL,	/* PCSME_RPADT  Receive PADT */
246 		PCSMA_NONE,	/* PCSME_RPADOP Receive desired PADO */
247 		PCSMA_NONE,	/* PCSME_RPADO  Receive ordinary PADO */
248 		PCSMA_NONE,	/* PCSME_RPADS  Receive PADS */
249 		PCSMA_NONE,	/* PCSME_RPADSN Receive bad PADS */
250 	},
251 };
252 
253 /*
254  * PPPoE Message structure -- holds data from a received PPPoE
255  * message.  These are copied and saved when queuing offers from
256  * possible servers.
257  */
258 typedef struct poesm_s {
259 	struct poesm_s	*poemsg_next;	/* Next message in list */
260 	const poep_t	*poemsg_data;	/* Pointer to PPPoE packet */
261 	int		poemsg_len;	/* Length of packet */
262 	ppptun_atype	poemsg_sender;	/* Address of sender */
263 	const char	*poemsg_iname;	/* Name of input interface */
264 } poemsg_t;
265 
266 /*
267  * PPPoE State Machine structure -- holds state of PPPoE negotiation;
268  * currently, there's exactly one of these per pppoec instance.
269  */
270 typedef struct {
271 	int		poesm_state;		/* PCSMS_* */
272 	int		poesm_timer;		/* Milliseconds to next TO */
273 	int		poesm_count;		/* Retry countdown */
274 	int		poesm_interval;		/* Reload value */
275 	uint32_t	poesm_sequence;		/* Sequence for PADR */
276 
277 	poemsg_t	*poesm_firstoff;	/* Queue of valid offers; */
278 	poemsg_t	*poesm_lastoff;		/* first is best offer */
279 	poemsg_t	*poesm_tried;		/* Tried and failed offers */
280 
281 	int		poesm_localid;		/* Local session ID (driver) */
282 } poesm_t;
283 
284 /*
285  * Convert an internal PPPoE event code number into a printable
286  * string.
287  */
288 static const char *
poe_event(int event)289 poe_event(int event)
290 {
291 	static const char *poeevent[PCSME__MAX] = {
292 		"Close", "Open", "TO+", "TO-", "rPADT",
293 		"rPADO+", "rPADO", "rPADS", "rPADS-"
294 	};
295 
296 	if (event < 0 || event >= PCSME__MAX) {
297 		return ("?");
298 	}
299 	return (poeevent[event]);
300 }
301 
302 /*
303  * Convert an internal PPPoE state number into a printable string.
304  */
305 static const char *
poe_state(int state)306 poe_state(int state)
307 {
308 	static const char *poestate[PCSMS__MAX] = {
309 		"Dead", "InitSent", "OffrRcvd", "ReqSent", "Convers",
310 	};
311 
312 	if (state < 0 || state >= PCSMS__MAX) {
313 		return ("?");
314 	}
315 	return (poestate[state]);
316 }
317 
318 /*
319  * Convert an internal PPPoE action number into a printable string.
320  */
321 static const char *
poe_action(int act)322 poe_action(int act)
323 {
324 	static const char *poeaction[PCSMA__MAX] = {
325 		"None", "Fail", "SendPADI", "Add", "SendPADR",
326 		"SendPADR+", "SendPADR-", "Open"
327 	};
328 
329 	if (act < 0 || act >= PCSMA__MAX) {
330 		return ("?");
331 	}
332 	return (poeaction[act]);
333 }
334 
335 /*
336  * This calls mygetmsg (which discards partial messages as needed) and
337  * logs errors as appropriate.
338  */
339 static int
pppoec_getmsg(int fd,struct strbuf * ctrl,struct strbuf * data,int * flags)340 pppoec_getmsg(int fd, struct strbuf *ctrl, struct strbuf *data, int *flags)
341 {
342 	int retv;
343 
344 	for (;;) {
345 		retv = mygetmsg(fd, ctrl, data, flags);
346 		if (retv == 0)
347 			break;
348 		if (retv < 0) {
349 			if (errno == EINTR)
350 				continue;
351 			logstrerror("getmsg");
352 			break;
353 		}
354 		if (verbose) {
355 			if (!(retv & (MORECTL | MOREDATA)))
356 				logerr("%s: discard: "
357 				    "unexpected status %d\n", myname, retv);
358 			else
359 				logerr("%s: discard: "
360 				    "truncated %s%smessage\n", myname,
361 				    retv & MORECTL ? "control " : "",
362 				    retv & MOREDATA ? "data " : "");
363 		}
364 	}
365 	return (retv);
366 }
367 
368 /*
369  * Connect the control path to the lower stream of interest.  This
370  * must be called after opening the tunnel driver in order to
371  * establish the interface to be used for signaling.  Returns local
372  * session ID number.
373  */
374 static int
set_control(const char * dname)375 set_control(const char *dname)
376 {
377 	struct ppptun_peer ptp;
378 	union ppptun_name ptn;
379 
380 	/* Fetch the local session ID first. */
381 	(void) memset(&ptp, '\0', sizeof (ptp));
382 	ptp.ptp_style = PTS_PPPOE;
383 	if (strioctl(tunfd, PPPTUN_SPEER, &ptp, sizeof (ptp), sizeof (ptp)) <
384 	    0) {
385 		logstrerror("PPPTUN_SPEER");
386 		exit(1);
387 	}
388 
389 	/* Connect to lower stream. */
390 	(void) snprintf(ptn.ptn_name, sizeof (ptn.ptn_name), "%s:pppoed",
391 	    dname);
392 	if (strioctl(tunfd, PPPTUN_SCTL, &ptn, sizeof (ptn), 0) < 0) {
393 		logerr("%s: PPPTUN_SCTL %s: %s\n", myname,
394 		    ptn.ptn_name, mystrerror(errno));
395 		exit(1);
396 	}
397 	return (ptp.ptp_lsessid);
398 }
399 
400 /*
401  * Check if standard input is actually a viable connection to the
402  * tunnel driver.  This is the normal mode of operation with pppd; the
403  * tunnel driver is opened by pppd as the tty and pppoec is exec'd as
404  * the connect script.
405  */
406 static void
check_stdin(void)407 check_stdin(void)
408 {
409 	struct ppptun_info pti;
410 	union ppptun_name ptn;
411 
412 	if (strioctl(0, PPPTUN_GDATA, &ptn, 0, sizeof (ptn)) < 0) {
413 		if (errno == EINVAL)
414 			logerr("%s: PPPoE operation requires "
415 			    "the use of a tunneling device\n", myname);
416 		else
417 			logstrerror("PPPTUN_GDATA");
418 		exit(1);
419 	}
420 	if (ptn.ptn_name[0] != '\0') {
421 		if (strioctl(0, PPPTUN_GINFO, &pti, 0, sizeof (pti)) < 0) {
422 			logstrerror("PPPTUN_GINFO");
423 			exit(1);
424 		}
425 		if (pti.pti_style != PTS_PPPOE) {
426 			logerr("%s: Cannot connect to server "
427 			    "using PPPoE; stream already set to style %d\n",
428 			    myname, pti.pti_style);
429 			exit(1);
430 		}
431 		if (verbose)
432 			logerr("%s: Warning:  PPPoE data link "
433 			    "already connected\n", myname);
434 		exit(0);
435 	}
436 	/* Standard input is the tunnel driver; use it. */
437 	tunfd = 0;
438 }
439 
440 /*
441  * Write a summary of a PPPoE message to the given file.  This is used
442  * for logging and to display received offers in the inquiry (-i) mode.
443  */
444 static void
display_pppoe(FILE * out,const poep_t * poep,int plen,const ppptun_atype * pap)445 display_pppoe(FILE *out, const poep_t *poep, int plen, const ppptun_atype *pap)
446 {
447 	int ttyp;
448 	int tlen;
449 	const uint8_t *tagp;
450 	const uint8_t *dp;
451 	const char *str;
452 	poer_t poer;
453 	uint32_t mask;
454 
455 	if (out == stderr)
456 		logerr(" ");	/* Give us a timestamp */
457 	/* Print name of sender. */
458 	(void) fprintf(out, "%-16s ", ehost(pap));
459 
460 	/* Loop through tags and print each. */
461 	tagp = (const uint8_t *)(poep + 1);
462 	while (poe_tagcheck(poep, plen, tagp)) {
463 		ttyp = POET_GET_TYPE(tagp);
464 		if (ttyp == POETT_END)
465 			break;
466 		tlen = POET_GET_LENG(tagp);
467 		dp = POET_DATA(tagp);
468 		str = NULL;
469 		switch (ttyp) {
470 		case POETT_SERVICE:	/* Service-Name */
471 			str = "Svc";
472 			break;
473 		case POETT_ACCESS:	/* AC-Name */
474 			str = "Name";
475 			break;
476 		case POETT_UNIQ:	/* Host-Uniq */
477 			str = "Uniq";
478 			break;
479 		case POETT_COOKIE:	/* AC-Cookie */
480 			str = "Cookie";
481 			break;
482 		case POETT_VENDOR:	/* Vendor-Specific */
483 			break;
484 		case POETT_RELAY:	/* Relay-Session-Id */
485 			str = "Relay";
486 			break;
487 		case POETT_NAMERR:	/* Service-Name-Error */
488 			str = "SvcNameErr";
489 			break;
490 		case POETT_SYSERR:	/* AC-System-Error */
491 			str = "SysErr";
492 			break;
493 		case POETT_GENERR:	/* Generic-Error */
494 			str = "GenErr";
495 			break;
496 		case POETT_MULTI:	/* Multicast-Capable */
497 			break;
498 		case POETT_HURL:	/* Host-URL */
499 			str = "URL";
500 			break;
501 		case POETT_MOTM:	/* Message-Of-The-Minute */
502 			str = "Mesg";
503 			break;
504 		case POETT_RTEADD:	/* IP-Route-Add */
505 			break;
506 		}
507 		switch (ttyp) {
508 		case POETT_NAMERR:	/* Service-Name-Error */
509 		case POETT_SYSERR:	/* AC-System-Error */
510 			if (tlen > 0 && *dp == '\0')
511 				tlen = 0;
512 			/* FALLTHROUGH */
513 		case POETT_SERVICE:	/* Service-Name */
514 		case POETT_ACCESS:	/* AC-Name */
515 		case POETT_GENERR:	/* Generic-Error */
516 		case POETT_MOTM:	/* Message-Of-The-Minute */
517 		case POETT_HURL:	/* Host-URL */
518 			(void) fprintf(out, "%s:\"%.*s\" ", str, tlen, dp);
519 			break;
520 		case POETT_UNIQ:	/* Host-Uniq */
521 		case POETT_COOKIE:	/* AC-Cookie */
522 		case POETT_RELAY:	/* Relay-Session-Id */
523 			(void) fprintf(out, "%s:", str);
524 			while (--tlen >= 0)
525 				(void) fprintf(out, "%02X", *dp++);
526 			(void) putc(' ', out);
527 			break;
528 		case POETT_VENDOR:	/* Vendor-Specific */
529 			(void) fputs("Vendor:", out);
530 			if (tlen >= 4) {
531 				if (*dp++ != 0) {
532 					(void) fprintf(out, "(%02X?)", dp[-1]);
533 				}
534 				(void) fprintf(out, "%x-%x-%x:", dp[0], dp[1],
535 				    dp[2]);
536 				tlen -= 4;
537 				dp += 3;
538 			}
539 			while (--tlen >= 0)
540 				(void) fprintf(out, "%02X", *dp++);
541 			(void) putc(' ', out);
542 			break;
543 		case POETT_MULTI:	/* Multicast-Capable */
544 			(void) fprintf(out, "Multi:%d ", *dp);
545 			break;
546 		case POETT_RTEADD:	/* IP-Route-Add */
547 			if (tlen != sizeof (poer)) {
548 				(void) fprintf(out, "RTE%d? ", tlen);
549 				break;
550 			}
551 			(void) memcpy(&poer, dp, sizeof (poer));
552 			(void) fputs("RTE:", out);
553 			if (poer.poer_dest_network == 0)
554 				(void) fputs("default", out);
555 			else
556 				(void) fputs(ihost(poer.poer_dest_network),
557 				    out);
558 			mask = ntohl(poer.poer_subnet_mask);
559 			if (mask != 0 && mask != (uint32_t)~0) {
560 				if ((~mask & (~mask + 1)) == 0)
561 					(void) fprintf(out, "/%d",
562 					    sizeof (struct in_addr) * NBBY +
563 					    1 - ffs(mask));
564 				else
565 					(void) fprintf(out, "/%s",
566 					    ihost(poer.poer_subnet_mask));
567 			}
568 			(void) fprintf(out, ",%s,%u ",
569 			    ihost(poer.poer_gateway), ntohl(poer.poer_metric));
570 			break;
571 		default:
572 			(void) fprintf(out, "%s:%d ", poe_tagname(ttyp), tlen);
573 			break;
574 		}
575 		tagp = POET_NEXT(tagp);
576 	}
577 	(void) putc('\n', out);
578 }
579 
580 /*
581  * Transmit a PPPoE message to the indicated destination.  Used for
582  * PADI and PADR messages.
583  */
584 static int
send_pppoe(const poep_t * poep,const char * msgname,const ppptun_atype * destaddr)585 send_pppoe(const poep_t *poep, const char *msgname,
586     const ppptun_atype *destaddr)
587 {
588 	struct strbuf ctrl;
589 	struct strbuf data;
590 	struct ppptun_control *ptc;
591 
592 	/* Set up the control data expected by the driver. */
593 	ptc = (struct ppptun_control *)pkt_octl;
594 	(void) memset(ptc, '\0', sizeof (*ptc));
595 	ptc->ptc_discrim = PPPOE_DISCRIM;
596 	ptc->ptc_action = PTCA_CONTROL;
597 	ptc->ptc_address = *destaddr;
598 	ctrl.len = sizeof (*ptc);
599 	ctrl.buf = (caddr_t)ptc;
600 	data.len = poe_length(poep) + sizeof (*poep);
601 	data.buf = (caddr_t)poep;
602 	if (verbose)
603 		logerr("%s: Sending %s to %s: %d bytes\n",
604 		    myname, msgname, ehost(destaddr), data.len);
605 	if (putmsg(tunfd, &ctrl, &data, 0) < 0) {
606 		logstrerror("putmsg");
607 		return (-1);
608 	}
609 	return (0);
610 }
611 
612 /*
613  * Create and transmit a PPPoE Active Discovery Initiation packet.
614  * This is broadcasted to all hosts on the LAN.
615  */
616 static int
send_padi(int localid)617 send_padi(int localid)
618 {
619 	poep_t *poep;
620 	ppptun_atype destaddr;
621 
622 	poep = poe_mkheader(pkt_output, POECODE_PADI, 0);
623 	(void) poe_add_str(poep, POETT_SERVICE, service);
624 	(void) poe_add_long(poep, POETT_UNIQ, localid);
625 	(void) memset(&destaddr, '\0', sizeof (destaddr));
626 	(void) memcpy(destaddr.pta_pppoe.ptma_mac, ether_bcast,
627 	    sizeof (destaddr.pta_pppoe.ptma_mac));
628 	return (send_pppoe(poep, "PADI", &destaddr));
629 }
630 
631 /*
632  * This is used by the procedure below -- when the alarm goes off,
633  * just exit.  (This was once a dummy procedure and used the EINTR
634  * side-effect to terminate the loop, but that's not reliable, since
635  * the EINTR could be caught and ignored by the calls to standard
636  * output.)
637  */
638 /* ARGSUSED */
639 static void
alarm_hand(int dummy)640 alarm_hand(int dummy)
641 {
642 	exit(0);
643 }
644 
645 /*
646  * Send out a single PADI and listen for servers.  This implements the
647  * "inquiry" (-i) mode.
648  */
649 static void
find_all_servers(int localid)650 find_all_servers(int localid)
651 {
652 	struct strbuf ctrl;
653 	struct strbuf data;
654 	poep_t *poep;
655 	int flags;
656 	struct sigaction act;
657 	struct ppptun_control *ptc;
658 
659 	/* Set a default 3-second timer */
660 	(void) memset(&act, '\0', sizeof (act));
661 	act.sa_handler = alarm_hand;
662 	(void) sigaction(SIGALRM, &act, NULL);
663 	(void) alarm((pado_wait_time + 999) / 1000);
664 
665 	/* Broadcast a single request. */
666 	if (send_padi(localid) != 0)
667 		return;
668 
669 	/* Loop over responses and print them. */
670 	for (;;) {
671 		ctrl.maxlen = PKT_OCTL_LEN;
672 		ctrl.buf = (caddr_t)pkt_octl;
673 		data.maxlen = PKT_INPUT_LEN;
674 		data.buf = (caddr_t)pkt_input;
675 		flags = 0;
676 
677 		if (pppoec_getmsg(tunfd, &ctrl, &data, &flags) < 0)
678 			break;
679 
680 		/* Ignore unwanted responses from the driver. */
681 		if (ctrl.len != sizeof (*ptc)) {
682 			if (verbose)
683 				logerr("%s: unexpected %d byte"
684 				    " control message from driver.\n", myname,
685 				    ctrl.len);
686 			continue;
687 		}
688 		ptc = (struct ppptun_control *)pkt_octl;
689 		poep = (poep_t *)pkt_input;
690 
691 		/* If it's an offer, then print it out. */
692 		if (poe_code(poep) == POECODE_PADO) {
693 			display_pppoe(stdout, poep, data.len,
694 			    &ptc->ptc_address);
695 		}
696 	}
697 }
698 
699 /*
700  * Parse a server filter from the command line.  The passed-in string
701  * must be allocated and unchanged, since a pointer to it is saved in
702  * the filter data structure.  The string is also parsed for a MAC
703  * address, if possible.
704  */
705 static void
parse_filter(const char * str,int exceptflag)706 parse_filter(const char *str, int exceptflag)
707 {
708 	struct server_filter *sfnew;
709 	const char *cp;
710 	const char *wordstart;
711 	const char *wordend;
712 	int len;
713 	char hbuf[MAXHOSTNAMELEN];
714 	uchar_t *ucp;
715 	uchar_t *mcp;
716 
717 	/* Allocate the new filter structure. */
718 	sfnew = (struct server_filter *)calloc(1, sizeof (*sfnew));
719 	if (sfnew == NULL) {
720 		logstrerror("filter allocation");
721 		exit(1);
722 	}
723 
724 	/* Save the string for AC-Name comparison. */
725 	sfnew->sf_name = str;
726 
727 	sfnew->sf_isexcept = exceptflag == 0 ? 0 : 1;
728 
729 	/* Extract just one word. */
730 	cp = str;
731 	while (isspace(*cp))
732 		cp++;
733 	wordstart = cp;
734 	while (*cp != '\0' && !isspace(*cp))
735 		cp++;
736 	wordend = cp;
737 	if ((len = wordend - wordstart) >= sizeof (hbuf))
738 		len = sizeof (hbuf) - 1;
739 	(void) strlcpy(hbuf, wordstart, len);
740 	hbuf[len] = '\0';
741 
742 	/* Try to translate this as an Ethernet host or address. */
743 	mcp = sfnew->sf_mask.ether_addr_octet;
744 	if (ether_hostton(hbuf, &sfnew->sf_mac) == 0) {
745 		mcp[0] = mcp[1] = mcp[2] = mcp[3] = mcp[4] = mcp[5] = 0xFF;
746 		sfnew->sf_hasmac = 1;
747 	} else {
748 		ucp = sfnew->sf_mac.ether_addr_octet;
749 		len = wordend - wordstart;
750 		cp = wordstart;
751 		while (cp < wordend) {
752 			if (ucp >= sfnew->sf_mac.ether_addr_octet +
753 			    sizeof (sfnew->sf_mac))
754 				break;
755 			if (*cp == '*') {
756 				*mcp++ = *ucp++ = 0;
757 				cp++;
758 			} else {
759 				if (!isxdigit(*cp))
760 					break;
761 				*ucp = hexdecode(*cp++);
762 				if (cp < wordend && isxdigit(*cp)) {
763 					*ucp = (*ucp << 4) |
764 					    hexdecode(*cp++);
765 				}
766 				ucp++;
767 				*mcp++ = 0xFF;
768 			}
769 			if (cp < wordend) {
770 				if (*cp != ':' || cp + 1 == wordend)
771 					break;
772 				cp++;
773 			}
774 		}
775 		if (cp >= wordend)
776 			sfnew->sf_hasmac = 1;
777 		else if (verbose)
778 			logerr("%s: treating '%.*s' as server "
779 			    "name only, not MAC address\n", myname, len,
780 			    wordstart);
781 	}
782 
783 	/* Add to end of list. */
784 	if (sftail == NULL)
785 		sfhead = sfnew;
786 	else
787 		sftail->sf_next = sfnew;
788 	sftail = sfnew;
789 }
790 
791 /*
792  * Create a copy of a given PPPoE message.  This is used for enqueuing
793  * received PADO (offers) from possible servers.
794  */
795 static poemsg_t *
save_message(const poemsg_t * pmsg)796 save_message(const poemsg_t *pmsg)
797 {
798 	poemsg_t *newmsg;
799 	char *cp;
800 
801 	newmsg = (poemsg_t *)malloc(sizeof (*pmsg) + pmsg->poemsg_len +
802 	    strlen(pmsg->poemsg_iname) + 1);
803 	if (newmsg != NULL) {
804 		newmsg->poemsg_next = NULL;
805 		newmsg->poemsg_data = (const poep_t *)(newmsg + 1);
806 		(void) memcpy(newmsg + 1, pmsg->poemsg_data, pmsg->poemsg_len);
807 		newmsg->poemsg_len = pmsg->poemsg_len;
808 		cp = (char *)newmsg->poemsg_data + pmsg->poemsg_len;
809 		newmsg->poemsg_iname = (const char *)cp;
810 		(void) strcpy(cp, pmsg->poemsg_iname);
811 		(void) memcpy(&newmsg->poemsg_sender, &pmsg->poemsg_sender,
812 		    sizeof (newmsg->poemsg_sender));
813 	}
814 	return (newmsg);
815 }
816 
817 /*
818  * Create and send a PPPoE Active Discovery Request (PADR) message to
819  * the sender of the given PADO.  Some tags -- Service-Name,
820  * AC-Cookie, and Relay-Session-Id -- must be copied from PADO to
821  * PADR.  Others are not.  The Service-Name must be selected from the
822  * offered services in the PADO based on the user's requested service
823  * name.  If the server offered "wildcard" service, then we ask for
824  * this only if we can't find the user's requested service.
825  *
826  * Returns 1 if we can't send a valid PADR in response to the given
827  * PADO.  The offer should be ignored and the next one tried.
828  */
829 static int
send_padr(poesm_t * psm,const poemsg_t * pado)830 send_padr(poesm_t *psm, const poemsg_t *pado)
831 {
832 	poep_t *poep;
833 	boolean_t haswild;
834 	boolean_t hassvc;
835 	const uint8_t *tagp;
836 	int ttyp;
837 	int tlen;
838 
839 	/*
840 	 * Increment sequence number for PADR so that we don't mistake
841 	 * old replies for valid ones if the server is very slow.
842 	 */
843 	psm->poesm_sequence++;
844 
845 	poep = poe_mkheader(pkt_output, POECODE_PADR, 0);
846 	(void) poe_two_longs(poep, POETT_UNIQ, psm->poesm_localid,
847 	    psm->poesm_sequence);
848 
849 	haswild = B_FALSE;
850 	hassvc = B_FALSE;
851 	tagp = (const uint8_t *)(pado->poemsg_data + 1);
852 	while (poe_tagcheck(pado->poemsg_data, pado->poemsg_len, tagp)) {
853 		ttyp = POET_GET_TYPE(tagp);
854 		if (ttyp == POETT_END)
855 			break;
856 		tlen = POET_GET_LENG(tagp);
857 		switch (ttyp) {
858 		case POETT_SERVICE:	/* Service-Name */
859 			/* Allow only one */
860 			if (hassvc)
861 				break;
862 			if (tlen == 0) {
863 				haswild = B_TRUE;
864 				break;
865 			}
866 			if (service[0] == '\0' ||
867 			    (tlen == strlen(service) &&
868 			    memcmp(service, POET_DATA(tagp), tlen) == 0)) {
869 				(void) poe_tag_copy(poep, tagp);
870 				hassvc = B_TRUE;
871 			}
872 			break;
873 		/* Ones we should discard */
874 		case POETT_ACCESS:	/* AC-Name */
875 		case POETT_UNIQ:	/* Host-Uniq */
876 		case POETT_NAMERR:	/* Service-Name-Error */
877 		case POETT_SYSERR:	/* AC-System-Error */
878 		case POETT_GENERR:	/* Generic-Error */
879 		case POETT_HURL:	/* Host-URL */
880 		case POETT_MOTM:	/* Message-Of-The-Minute */
881 		case POETT_RTEADD:	/* IP-Route-Add */
882 		case POETT_VENDOR:	/* Vendor-Specific */
883 		case POETT_MULTI:	/* Multicast-Capable */
884 		default:		/* Anything else we don't understand */
885 			break;
886 		/* Ones we should copy */
887 		case POETT_COOKIE:	/* AC-Cookie */
888 		case POETT_RELAY:	/* Relay-Session-Id */
889 			(void) poe_tag_copy(poep, tagp);
890 			break;
891 		}
892 		tagp = POET_NEXT(tagp);
893 	}
894 	if (!hassvc) {
895 		if (haswild && service[0] == '\0')
896 			(void) poe_add_str(poep, POETT_SERVICE, "");
897 		else
898 			return (1);
899 	}
900 
901 	return (send_pppoe(poep, "PADR", &pado->poemsg_sender));
902 }
903 
904 /*
905  * ********************************************************************
906  * act_* functions implement the actions driven by the state machine
907  * tables.  See "action_table" below.
908  *
909  * All action routines must return the next state value.
910  * ********************************************************************
911  */
912 
913 /* ARGSUSED */
914 static int
act_none(poesm_t * psm,poemsg_t * pmsg,int event,int nextst)915 act_none(poesm_t *psm, poemsg_t *pmsg, int event, int nextst)
916 {
917 	return (nextst);
918 }
919 
920 /* ARGSUSED */
921 static int
act_fail(poesm_t * psm,poemsg_t * pmsg,int event,int nextst)922 act_fail(poesm_t *psm, poemsg_t *pmsg, int event, int nextst)
923 {
924 	if (verbose)
925 		logerr("%s: unrecoverable error\n", myname);
926 	return (PCSMS_DEAD);
927 }
928 
929 /* ARGSUSED */
930 static int
act_spadi(poesm_t * psm,poemsg_t * pmsg,int event,int nextst)931 act_spadi(poesm_t *psm, poemsg_t *pmsg, int event, int nextst)
932 {
933 	if (send_padi(psm->poesm_localid) != 0)
934 		return (PCSMS_DEAD);
935 	/*
936 	 * If this is the first time, then initialize the retry count
937 	 * and interval.
938 	 */
939 	if (psm->poesm_state == PCSMS_DEAD) {
940 		psm->poesm_count = 3;
941 		psm->poesm_interval = pado_wait_time;
942 	} else {
943 		if ((psm->poesm_interval <<= 1) > RESTART_LIMIT)
944 			psm->poesm_interval = RESTART_LIMIT;
945 	}
946 	psm->poesm_timer = psm->poesm_interval;
947 	(void) gettimeofday(&tvstart, NULL);
948 	return (nextst);
949 }
950 
951 /* ARGSUSED */
952 static int
act_add(poesm_t * psm,poemsg_t * pmsg,int event,int nextst)953 act_add(poesm_t *psm, poemsg_t *pmsg, int event, int nextst)
954 {
955 	pmsg = save_message(pmsg);
956 	if (pmsg != NULL) {
957 		if (psm->poesm_lastoff == NULL)
958 			psm->poesm_firstoff = pmsg;
959 		else
960 			psm->poesm_lastoff->poemsg_next = pmsg;
961 		psm->poesm_lastoff = pmsg;
962 	}
963 	return (nextst);
964 }
965 
966 /* ARGSUSED */
967 static int
act_spadr(poesm_t * psm,poemsg_t * pmsg,int event,int nextst)968 act_spadr(poesm_t *psm, poemsg_t *pmsg, int event, int nextst)
969 {
970 	poemsg_t *msgp;
971 	int retv;
972 
973 	for (;;) {
974 		if ((msgp = psm->poesm_firstoff) == NULL)
975 			return (PCSMS_DEAD);
976 		retv = send_padr(psm, msgp);
977 		if (retv < 0)
978 			return (PCSMS_DEAD);
979 		if (retv == 0)
980 			break;
981 		/* Can't send this request; try looking at next offer. */
982 		psm->poesm_firstoff = msgp->poemsg_next;
983 		msgp->poemsg_next = psm->poesm_tried;
984 		psm->poesm_tried = msgp;
985 	}
986 	if (psm->poesm_state != PCSMS_REQSENT) {
987 		psm->poesm_count = 3;
988 		psm->poesm_interval = pads_wait_time;
989 	} else {
990 		if ((psm->poesm_interval <<= 1) > RESTART_LIMIT)
991 			psm->poesm_interval = RESTART_LIMIT;
992 	}
993 	psm->poesm_timer = psm->poesm_interval;
994 	(void) gettimeofday(&tvstart, NULL);
995 	return (nextst);
996 }
997 
998 /* ARGSUSED */
999 static int
act_spadrp(poesm_t * psm,poemsg_t * pmsg,int event,int nextst)1000 act_spadrp(poesm_t *psm, poemsg_t *pmsg, int event, int nextst)
1001 {
1002 	int retv;
1003 
1004 	retv = send_padr(psm, pmsg);
1005 	if (retv < 0)
1006 		return (PCSMS_DEAD);
1007 	pmsg = save_message(pmsg);
1008 	if (retv > 0) {
1009 		/*
1010 		 * Cannot use this one; mark as tried and continue as
1011 		 * if we never saw it.
1012 		 */
1013 		pmsg->poemsg_next = psm->poesm_tried;
1014 		psm->poesm_tried = pmsg;
1015 		return (psm->poesm_state);
1016 	}
1017 	pmsg->poemsg_next = psm->poesm_firstoff;
1018 	psm->poesm_firstoff = pmsg;
1019 	if (psm->poesm_lastoff == NULL)
1020 		psm->poesm_lastoff = pmsg;
1021 	psm->poesm_count = 3;
1022 	psm->poesm_timer = psm->poesm_interval = pads_wait_time;
1023 	(void) gettimeofday(&tvstart, NULL);
1024 	return (nextst);
1025 }
1026 
1027 /* ARGSUSED */
1028 static int
act_spadrn(poesm_t * psm,poemsg_t * pmsg,int event,int nextst)1029 act_spadrn(poesm_t *psm, poemsg_t *pmsg, int event, int nextst)
1030 {
1031 	poemsg_t *msgp;
1032 	int retv;
1033 
1034 	if ((msgp = psm->poesm_firstoff) == NULL)
1035 		return (PCSMS_DEAD);
1036 	do {
1037 		psm->poesm_firstoff = msgp->poemsg_next;
1038 		msgp->poemsg_next = psm->poesm_tried;
1039 		psm->poesm_tried = msgp;
1040 		if ((msgp = psm->poesm_firstoff) == NULL)
1041 			return (PCSMS_DEAD);
1042 		retv = send_padr(psm, msgp);
1043 		if (retv < 0)
1044 			return (PCSMS_DEAD);
1045 	} while (retv != 0);
1046 	psm->poesm_count = 3;
1047 	psm->poesm_timer = psm->poesm_interval = pads_wait_time;
1048 	(void) gettimeofday(&tvstart, NULL);
1049 	return (nextst);
1050 }
1051 
1052 /*
1053  * For safety -- remove end of line from strings passed back to pppd.
1054  */
1055 static void
remove_eol(char * str,size_t len)1056 remove_eol(char *str, size_t len)
1057 {
1058 	while (len > 0) {
1059 		if (*str == '\n')
1060 			*str = '$';
1061 		str++;
1062 		len--;
1063 	}
1064 }
1065 
1066 /* ARGSUSED */
1067 static int
act_open(poesm_t * psm,poemsg_t * pmsg,int event,int nextst)1068 act_open(poesm_t *psm, poemsg_t *pmsg, int event, int nextst)
1069 {
1070 	struct ppptun_peer ptp;
1071 	union ppptun_name ptn;
1072 	const char *cp;
1073 	FILE *fp;
1074 	const uint8_t *tagp, *vp;
1075 	int tlen, ttyp;
1076 	char *access;
1077 	uint32_t val;
1078 	size_t acc_len, serv_len;
1079 
1080 	/*
1081 	 * The server has now assigned its session ID for the data
1082 	 * (PPP) portion of this tunnel.  Send that ID down to the
1083 	 * driver.
1084 	 */
1085 	(void) memset(&ptp, '\0', sizeof (ptp));
1086 	ptp.ptp_lsessid = psm->poesm_localid;
1087 	ptp.ptp_rsessid = poe_session_id(pmsg->poemsg_data);
1088 	(void) memcpy(&ptp.ptp_address, &pmsg->poemsg_sender,
1089 	    sizeof (ptp.ptp_address));
1090 	ptp.ptp_style = PTS_PPPOE;
1091 	if (strioctl(tunfd, PPPTUN_SPEER, &ptp, sizeof (ptp), sizeof (ptp)) <
1092 	    0) {
1093 		logstrerror("PPPTUN_SPEER");
1094 		return (PCSMS_DEAD);
1095 	}
1096 
1097 	/*
1098 	 * Data communication is now possible on this session.
1099 	 * Connect the data portion to the correct lower stream.
1100 	 */
1101 	if ((cp = strchr(pmsg->poemsg_iname, ':')) == NULL)
1102 		cp = pmsg->poemsg_iname + strlen(pmsg->poemsg_iname);
1103 	(void) snprintf(ptn.ptn_name, sizeof (ptn.ptn_name), "%.*s:pppoe",
1104 	    cp - pmsg->poemsg_iname, pmsg->poemsg_iname);
1105 	if (strioctl(tunfd, PPPTUN_SDATA, &ptn, sizeof (ptn), 0) < 0) {
1106 		logerr("%s: PPPTUN_SDATA %s: %s\n",
1107 		    myname, ptn.ptn_name, mystrerror(errno));
1108 		return (PCSMS_DEAD);
1109 	}
1110 	if (verbose)
1111 		logerr("%s: Connection open; session %04X on "
1112 		    "%s\n", myname, ptp.ptp_rsessid, ptn.ptn_name);
1113 
1114 	/*
1115 	 * Walk through the PADS message to get the access server name
1116 	 * and the service.  If there are multiple instances of either
1117 	 * tag, then take the last access server and the first
1118 	 * non-null service.
1119 	 */
1120 	access = "";
1121 	acc_len = 0;
1122 	serv_len = strlen(service);
1123 	tagp = (const uint8_t *)(pmsg->poemsg_data + 1);
1124 	while (poe_tagcheck(pmsg->poemsg_data, pmsg->poemsg_len, tagp)) {
1125 		ttyp = POET_GET_TYPE(tagp);
1126 		if (ttyp == POETT_END)
1127 			break;
1128 		tlen = POET_GET_LENG(tagp);
1129 		if (ttyp == POETT_ACCESS) {
1130 			access = (char *)POET_DATA(tagp);
1131 			acc_len = tlen;
1132 		}
1133 		if (serv_len == 0 && ttyp == POETT_SERVICE && tlen != 0) {
1134 			service = (char *)POET_DATA(tagp);
1135 			serv_len = tlen;
1136 		}
1137 		tagp = POET_NEXT(tagp);
1138 	}
1139 
1140 	/*
1141 	 * Remove end of line to make sure that integrity of values
1142 	 * passed back to pppd can't be compromised by the PPPoE
1143 	 * server.
1144 	 */
1145 	remove_eol(service, serv_len);
1146 	remove_eol(access, acc_len);
1147 
1148 	/*
1149 	 * pppd has given us a pipe as fd 3, and we're expected to
1150 	 * write out the values of the following environment
1151 	 * variables:
1152 	 *	IF_AND_SERVICE
1153 	 *	SERVICE_NAME
1154 	 *	AC_NAME
1155 	 *	AC_MAC
1156 	 *	SESSION_ID
1157 	 *	VENDOR_SPECIFIC_1 ... N
1158 	 * See usr.bin/pppd/plugins/pppoe.c for more information.
1159 	 */
1160 	if ((fp = fdopen(3, "w")) != NULL) {
1161 		(void) fprintf(fp, "%.*s:%.*s\n",
1162 		    cp - pmsg->poemsg_iname, pmsg->poemsg_iname, serv_len,
1163 		    service);
1164 		(void) fprintf(fp, "%.*s\n", serv_len, service);
1165 		(void) fprintf(fp, "%.*s\n", acc_len, access);
1166 		(void) fprintf(fp, "%s\n", ehost(&pmsg->poemsg_sender));
1167 		(void) fprintf(fp, "%d\n", poe_session_id(pmsg->poemsg_data));
1168 		tagp = (const uint8_t *)(pmsg->poemsg_data + 1);
1169 		while (poe_tagcheck(pmsg->poemsg_data, pmsg->poemsg_len,
1170 		    tagp)) {
1171 			ttyp = POET_GET_TYPE(tagp);
1172 			if (ttyp == POETT_END)
1173 				break;
1174 			tlen = POET_GET_LENG(tagp);
1175 			if (ttyp == POETT_VENDOR && tlen >= 4) {
1176 				(void) memcpy(&val, POET_DATA(tagp), 4);
1177 				(void) fprintf(fp, "%08lX:",
1178 				    (unsigned long)ntohl(val));
1179 				tlen -= 4;
1180 				vp = POET_DATA(tagp) + 4;
1181 				while (--tlen >= 0)
1182 					(void) fprintf(fp, "%02X", *vp++);
1183 				(void) putc('\n', fp);
1184 			}
1185 			tagp = POET_NEXT(tagp);
1186 		}
1187 		(void) fclose(fp);
1188 	}
1189 
1190 	return (nextst);
1191 }
1192 
1193 static int (* const action_table[PCSMA__MAX])(poesm_t *psm, poemsg_t *pmsg,
1194     int event, int nextst) = {
1195 	    act_none, act_fail, act_spadi, act_add, act_spadr, act_spadrp,
1196 	    act_spadrn, act_open
1197 };
1198 
1199 /*
1200  * Dispatch an event and a corresponding message on a given state
1201  * machine.
1202  */
1203 static void
handle_event(poesm_t * psm,int event,poemsg_t * pmsg)1204 handle_event(poesm_t *psm, int event, poemsg_t *pmsg)
1205 {
1206 	int nextst;
1207 
1208 	if (verbose)
1209 		logerr("%s: PPPoE Event %s (%d) in state %s "
1210 		    "(%d): action %s (%d)\n", myname, poe_event(event), event,
1211 		    poe_state(psm->poesm_state), psm->poesm_state,
1212 		    poe_action(client_action[psm->poesm_state][event]),
1213 		    client_action[psm->poesm_state][event]);
1214 
1215 	nextst = (*action_table[client_action[psm->poesm_state][event]])(psm,
1216 	    pmsg, event, client_next_state[psm->poesm_state][event]);
1217 
1218 	if (verbose)
1219 		logerr("%s: PPPoE State change %s (%d) -> %s (%d)\n", myname,
1220 		    poe_state(psm->poesm_state), psm->poesm_state,
1221 		    poe_state(nextst), nextst);
1222 
1223 	psm->poesm_state = nextst;
1224 
1225 	/*
1226 	 * Life-altering states are handled here.  If we reach dead
1227 	 * state again after starting, then we failed.  If we reach
1228 	 * conversational state, then we're open.
1229 	 */
1230 	if (nextst == PCSMS_DEAD) {
1231 		if (verbose)
1232 			logerr("%s: action failed\n", myname);
1233 		exit(1);
1234 	}
1235 	if (nextst == PCSMS_CONVERS) {
1236 		if (verbose)
1237 			logerr("%s: connected\n", myname);
1238 		exit(0);
1239 	}
1240 }
1241 
1242 /*
1243  * Check for error message tags in the PPPoE packet.  We must ignore
1244  * offers that merely report errors, and need to log errors in any
1245  * case.
1246  */
1247 static int
error_check(poemsg_t * pmsg)1248 error_check(poemsg_t *pmsg)
1249 {
1250 	const uint8_t *tagp;
1251 	int ttyp;
1252 
1253 	tagp = (const uint8_t *)(pmsg->poemsg_data + 1);
1254 	while (poe_tagcheck(pmsg->poemsg_data, pmsg->poemsg_len, tagp)) {
1255 		ttyp = POET_GET_TYPE(tagp);
1256 		if (ttyp == POETT_END)
1257 			break;
1258 		if (ttyp == POETT_NAMERR || ttyp == POETT_SYSERR ||
1259 		    ttyp == POETT_GENERR) {
1260 			if (verbose)
1261 				display_pppoe(stderr, pmsg->poemsg_data,
1262 				    pmsg->poemsg_len, &pmsg->poemsg_sender);
1263 			return (-1);
1264 		}
1265 		tagp = POET_NEXT(tagp);
1266 	}
1267 	return (0);
1268 }
1269 
1270 /*
1271  * Extract sequence number, if any, from PADS message, so that we can
1272  * relate it to the PADR that we sent.
1273  */
1274 static uint32_t
get_sequence(const poemsg_t * pmsg)1275 get_sequence(const poemsg_t *pmsg)
1276 {
1277 	const uint8_t *tagp;
1278 	int ttyp;
1279 	uint32_t vals[2];
1280 
1281 	tagp = (const uint8_t *)(pmsg->poemsg_data + 1);
1282 	while (poe_tagcheck(pmsg->poemsg_data, pmsg->poemsg_len, tagp)) {
1283 		ttyp = POET_GET_TYPE(tagp);
1284 		if (ttyp == POETT_END)
1285 			break;
1286 		if (ttyp == POETT_UNIQ) {
1287 			if (POET_GET_LENG(tagp) < sizeof (vals))
1288 				break;
1289 			(void) memcpy(vals, POET_DATA(tagp), sizeof (vals));
1290 			return (ntohl(vals[1]));
1291 		}
1292 		tagp = POET_NEXT(tagp);
1293 	}
1294 	return (0);
1295 }
1296 
1297 /*
1298  * Server filter cases:
1299  *
1300  *	No filters -- all servers generate RPADO+ event; select the
1301  *	first responding server.
1302  *
1303  *	Only "except" filters -- matching servers are RPADO, others
1304  *	are RPADO+.
1305  *
1306  *	Mix of filters -- those matching "pass" are RPADO+, those
1307  *	matching "except" are RPADO, and all others are also RPADO.
1308  *
1309  * If the "only" keyword was given, then RPADO becomes -1; only RPADO+
1310  * events occur.
1311  */
1312 static int
use_server(poemsg_t * pado,const ppptun_atype * pap)1313 use_server(poemsg_t *pado, const ppptun_atype *pap)
1314 {
1315 	struct server_filter *sfp;
1316 	const uchar_t *sndp;
1317 	const uchar_t *macp;
1318 	const uchar_t *maskp;
1319 	int i;
1320 	int passmatched;
1321 	int tlen;
1322 	const uint8_t *tagp;
1323 	int ttyp;
1324 
1325 	/*
1326 	 * If no service mentioned in offer, then we can't use it.
1327 	 */
1328 	tagp = (const uint8_t *)(pado->poemsg_data + 1);
1329 	ttyp = POETT_END;
1330 	while (poe_tagcheck(pado->poemsg_data, pado->poemsg_len, tagp)) {
1331 		ttyp = POET_GET_TYPE(tagp);
1332 		if (ttyp == POETT_END)
1333 			break;
1334 		if (ttyp == POETT_SERVICE) {
1335 			/*
1336 			 * If the user has requested a specific service, then
1337 			 * this selection is exclusive.  We never use the
1338 			 * wildcard for this.
1339 			 */
1340 			tlen = POET_GET_LENG(tagp);
1341 			if (service[0] == '\0' || (strlen(service) == tlen &&
1342 			    memcmp(service, POET_DATA(tagp), tlen) == 0))
1343 				break;
1344 			/* just in case we run off the end */
1345 			ttyp = POETT_END;
1346 		}
1347 		tagp = POET_NEXT(tagp);
1348 	}
1349 	if (ttyp != POETT_SERVICE) {
1350 		if (verbose)
1351 			logerr("%s: Discard unusable offer from %s; service "
1352 			    "'%s' not seen\n", myname, ehost(pap), service);
1353 		return (-1);
1354 	}
1355 
1356 	passmatched = 0;
1357 	for (sfp = sfhead; sfp != NULL; sfp = sfp->sf_next) {
1358 		passmatched |= !sfp->sf_isexcept;
1359 		if (sfp->sf_hasmac) {
1360 			sndp = pado->poemsg_sender.pta_pppoe.ptma_mac;
1361 			macp = sfp->sf_mac.ether_addr_octet;
1362 			maskp = sfp->sf_mask.ether_addr_octet;
1363 			i = sizeof (pado->poemsg_sender.pta_pppoe.ptma_mac);
1364 			for (; i > 0; i--)
1365 				if (((*macp++ ^ *sndp++) & *maskp++) != 0)
1366 					break;
1367 			if (i <= 0)
1368 				break;
1369 		}
1370 	}
1371 
1372 	if (sfp == NULL) {
1373 		/*
1374 		 * No match encountered; if only exclude rules have
1375 		 * been seen, then accept this offer.
1376 		 */
1377 		if (!passmatched)
1378 			return (PCSME_RPADOP);
1379 	} else {
1380 		if (!sfp->sf_isexcept)
1381 			return (PCSME_RPADOP);
1382 	}
1383 	if (onlyflag) {
1384 		if (verbose)
1385 			logerr("%s: Discard unusable offer from %s; server not "
1386 			    "matched\n", myname, ehost(pap));
1387 		return (-1);
1388 	}
1389 	return (PCSME_RPADO);
1390 }
1391 
1392 /*
1393  * This is the normal event loop.  It initializes the state machine
1394  * and sends in an Open event to kick things off.  Then it drops into
1395  * a loop to dispatch events for the state machine.
1396  */
1397 static void
find_server(int localid)1398 find_server(int localid)
1399 {
1400 	poesm_t psm;
1401 	struct pollfd pfd[1];
1402 	struct timeval tv, tvnow;
1403 	int retv;
1404 	poemsg_t pmsg;
1405 	struct strbuf ctrl;
1406 	struct strbuf data;
1407 	poep_t *poep;
1408 	int flags;
1409 	uint32_t seqval;
1410 	struct ppptun_control *ptc;
1411 
1412 	(void) memset(&psm, '\0', sizeof (psm));
1413 
1414 	/*
1415 	 * Initialize the sequence number with something handy.  It
1416 	 * doesn't need to be absolutely unique, since the localid
1417 	 * value actually demultiplexes everything.  This just makes
1418 	 * the operation a little safer.
1419 	 */
1420 	psm.poesm_sequence = getpid() << 16;
1421 	psm.poesm_localid = localid;
1422 
1423 	/* Start the state machine */
1424 	handle_event(&psm, PCSME_OPEN, NULL);
1425 
1426 	/* Enter event polling loop. */
1427 	pfd[0].fd = tunfd;
1428 	pfd[0].events = POLLIN;
1429 	for (;;) {
1430 		/* Wait for timeout or message */
1431 		retv = poll(pfd, 1, psm.poesm_timer > 0 ? psm.poesm_timer :
1432 		    INFTIM);
1433 		if (retv < 0) {
1434 			logstrerror("poll");
1435 			break;
1436 		}
1437 
1438 		/* Handle a timeout */
1439 		if (retv == 0) {
1440 			psm.poesm_timer = 0;
1441 			handle_event(&psm, --psm.poesm_count > 0 ? PCSME_TOP :
1442 			    PCSME_TOM, NULL);
1443 			continue;
1444 		}
1445 
1446 		/* Adjust the timer for the time we slept. */
1447 		if (psm.poesm_timer > 0) {
1448 			(void) gettimeofday(&tvnow, NULL);
1449 			tv = tvnow;
1450 			if ((tv.tv_sec -= tvstart.tv_sec) < 0) {
1451 				/* Darn */
1452 				tv.tv_sec = 1;
1453 				tv.tv_usec = 0;
1454 			} else if ((tv.tv_usec -= tvstart.tv_usec) < 0) {
1455 				tv.tv_usec += 1000000;
1456 				if (--tv.tv_sec < 0)
1457 					tv.tv_sec = 0;
1458 			}
1459 			psm.poesm_timer -= tv.tv_sec*1000 + tv.tv_usec/1000;
1460 			tvstart = tvnow;
1461 		}
1462 
1463 		/* Read in the message from the server. */
1464 		ctrl.maxlen = PKT_OCTL_LEN;
1465 		ctrl.buf = (caddr_t)pkt_octl;
1466 		data.maxlen = PKT_INPUT_LEN;
1467 		data.buf = (caddr_t)pkt_input;
1468 		flags = 0;
1469 
1470 		if (pppoec_getmsg(tunfd, &ctrl, &data, &flags) < 0)
1471 			break;
1472 
1473 		if (ctrl.len != sizeof (*ptc)) {
1474 			if (verbose)
1475 				logerr("%s: discard: ctrl len %d\n", myname,
1476 				    ctrl.len);
1477 			continue;
1478 		}
1479 		poep = (poep_t *)pkt_input;
1480 		(void) memset(&pmsg, '\0', sizeof (pmsg));
1481 		pmsg.poemsg_next = NULL;
1482 		pmsg.poemsg_data = poep;
1483 		pmsg.poemsg_len = data.len;
1484 		ptc = (struct ppptun_control *)pkt_octl;
1485 		if (ptc->ptc_action != PTCA_CONTROL) {
1486 			if (verbose)
1487 				logerr("%s: discard: unexpected action %d\n",
1488 				    myname, ptc->ptc_action);
1489 			continue;
1490 		}
1491 		pmsg.poemsg_iname = ptc->ptc_name;
1492 		if (verbose)
1493 			logerr("%s: Received %s from %s/%s\n",
1494 			    myname, poe_codename(poep->poep_code),
1495 			    ehost(&ptc->ptc_address), pmsg.poemsg_iname);
1496 		pmsg.poemsg_sender = ptc->ptc_address;
1497 
1498 		/* Check for messages from unexpected peers. */
1499 		if ((poep->poep_code == POECODE_PADT ||
1500 		    poep->poep_code == POECODE_PADS) &&
1501 		    (psm.poesm_firstoff == NULL ||
1502 		    memcmp(&psm.poesm_firstoff->poemsg_sender,
1503 		    &pmsg.poemsg_sender, sizeof (pmsg.poemsg_sender)) != 0)) {
1504 			if (verbose) {
1505 				logerr("%s: Unexpected peer %s", myname,
1506 				    ehost(&ptc->ptc_address));
1507 				logerr(" != %s\n",
1508 				    ehost(&psm.poesm_firstoff->poemsg_sender));
1509 			}
1510 			continue;
1511 		}
1512 
1513 		/* Eliminate stale PADS responses. */
1514 		if (poep->poep_code == POECODE_PADS) {
1515 			seqval = get_sequence(&pmsg);
1516 			if (seqval != psm.poesm_sequence) {
1517 				if (verbose) {
1518 					if (seqval == 0)
1519 						logerr(
1520 						    "%s: PADS has no sequence "
1521 						    "number.\n", myname);
1522 					else
1523 						logerr(
1524 						    "%s: PADS has sequence "
1525 						    "%08X instead of %08X.\n",
1526 						    myname, seqval,
1527 						    psm.poesm_sequence);
1528 				}
1529 				continue;
1530 			}
1531 		}
1532 
1533 		/* Dispatch message event. */
1534 		retv = error_check(&pmsg);
1535 		switch (poep->poep_code) {
1536 		case POECODE_PADT:
1537 			handle_event(&psm, PCSME_RPADT, &pmsg);
1538 			break;
1539 		case POECODE_PADS:
1540 			/*
1541 			 * Got a PPPoE Active Discovery Session-
1542 			 * confirmation message.  It's a PADS event if
1543 			 * everything's in order.  It's a PADS- event
1544 			 * if the message is merely reporting an
1545 			 * error.
1546 			 */
1547 			handle_event(&psm, retv != 0 ? PCSME_RPADSN :
1548 			    PCSME_RPADS, &pmsg);
1549 			break;
1550 		case POECODE_PADO:
1551 			/* Ignore offers that merely report errors. */
1552 			if (retv != 0)
1553 				break;
1554 			/* Ignore offers from servers we don't want. */
1555 			if ((retv = use_server(&pmsg, &ptc->ptc_address)) < 0)
1556 				break;
1557 			/* Dispatch either RPADO or RAPDO+ event. */
1558 			handle_event(&psm, retv, &pmsg);
1559 			break;
1560 
1561 		default:
1562 			if (verbose)
1563 				logerr("%s: Unexpected code %s (%d)\n", myname,
1564 				    poe_codename(poep->poep_code),
1565 				    poep->poep_code);
1566 			break;
1567 		}
1568 	}
1569 	exit(1);
1570 }
1571 
1572 static void
usage(void)1573 usage(void)
1574 {
1575 	logerr("Usage:\n"
1576 	    "\t%s [-os#] [-v] <dev> [<service> [<server> [only]]]\n\n"
1577 	    "    or\n\n"
1578 	    "\t%s [-o#] [-v] -i <dev>\n", myname, myname);
1579 	exit(1);
1580 }
1581 
1582 /*
1583  * In addition to the usual 0-2 file descriptors, pppd will leave fd 3
1584  * open on a pipe to receive the environment variables.  See
1585  * pppoe_device_pipe() in pppd/plugins/pppoe.c and device_pipe_hook in
1586  * pppd/main.c.
1587  */
1588 int
main(int argc,char ** argv)1589 main(int argc, char **argv)
1590 {
1591 	int inquiry_mode, exceptflag, arg, localid;
1592 	char *cp;
1593 
1594 	log_to_stderr(LOGLVL_DBG);
1595 
1596 	if ((myname = *argv) == NULL)
1597 		myname = "pppoec";
1598 
1599 	inquiry_mode = 0;
1600 	while ((arg = getopt(argc, argv, "io:s:v")) != EOF)
1601 		switch (arg) {
1602 		case 'i':
1603 			inquiry_mode++;
1604 			break;
1605 		case 'v':
1606 			verbose++;
1607 			break;
1608 		case 'o':
1609 			pado_wait_time = strtol(optarg, &cp, 0);
1610 			if (pado_wait_time <= 0 || *cp != '\0' ||
1611 			    cp == optarg) {
1612 				logerr("%s: illegal PADO wait time: %s\n",
1613 				    myname, optarg);
1614 				exit(1);
1615 			}
1616 			break;
1617 		case 's':
1618 			pads_wait_time = strtol(optarg, &cp, 0);
1619 			if (pads_wait_time <= 0 || *cp != '\0' ||
1620 			    cp == optarg) {
1621 				logerr("%s: illegal PADS wait time: %s\n",
1622 				    myname, optarg);
1623 				exit(1);
1624 			}
1625 			break;
1626 		case '?':
1627 			usage();
1628 		}
1629 
1630 	/* Handle inquiry mode. */
1631 	if (inquiry_mode) {
1632 		if (optind != argc-1)
1633 			usage();
1634 		if (pado_wait_time == 0)
1635 			pado_wait_time = PADI_INQUIRY_DWELL;
1636 
1637 		/* Invoked by user; open the tunnel driver myself. */
1638 		tunfd = open(tunnam, O_RDWR | O_NOCTTY);
1639 		if (tunfd == -1) {
1640 			logstrerror(tunnam);
1641 			exit(1);
1642 		}
1643 
1644 		/*
1645 		 * Set up the control stream for PPPoE negotiation
1646 		 * (set_control), then broadcast a query for all servers
1647 		 * and listen for replies (find_all_servers).
1648 		 */
1649 		find_all_servers(set_control(argv[optind]));
1650 		return (0);
1651 	}
1652 
1653 	if (pado_wait_time == 0)
1654 		pado_wait_time = PADI_RESTART_TIME;
1655 
1656 	if (optind >= argc)
1657 		usage();
1658 
1659 	/* Make sure we've got a usable tunnel driver on stdin. */
1660 	check_stdin();
1661 
1662 	/* Set up the control stream for PPPoE negotiation. */
1663 	localid = set_control(argv[optind++]);
1664 
1665 	/* Pick the service, if any. */
1666 	if (optind < argc)
1667 		service = argv[optind++];
1668 
1669 	/* Parse out the filters. */
1670 	if (optind < argc) {
1671 		if (strcasecmp(argv[argc - 1], "only") == 0) {
1672 			argc--;
1673 			onlyflag = 1;
1674 		}
1675 		exceptflag = 0;
1676 		for (; optind < argc; optind++) {
1677 			if (!exceptflag &&
1678 			    strcasecmp(argv[optind], "except") == 0) {
1679 				exceptflag = 1;
1680 			} else {
1681 				parse_filter(argv[optind], exceptflag);
1682 				exceptflag = 0;
1683 			}
1684 		}
1685 	}
1686 
1687 	/* Enter the main loop. */
1688 	find_server(localid);
1689 
1690 	return (0);
1691 }
1692