1 /*- 2 * Copyright (c) 2001-2002 Packet Design, LLC. 3 * All rights reserved. 4 * 5 * Subject to the following obligations and disclaimer of warranty, 6 * use and redistribution of this software, in source or object code 7 * forms, with or without modifications are expressly permitted by 8 * Packet Design; provided, however, that: 9 * 10 * (i) Any and all reproductions of the source or object code 11 * must include the copyright notice above and the following 12 * disclaimer of warranties; and 13 * (ii) No rights are granted, in any manner or form, to use 14 * Packet Design trademarks, including the mark "PACKET DESIGN" 15 * on advertising, endorsements, or otherwise except as such 16 * appears in the above copyright notice or in the software. 17 * 18 * THIS SOFTWARE IS BEING PROVIDED BY PACKET DESIGN "AS IS", AND 19 * TO THE MAXIMUM EXTENT PERMITTED BY LAW, PACKET DESIGN MAKES NO 20 * REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING 21 * THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED 22 * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, 23 * OR NON-INFRINGEMENT. PACKET DESIGN DOES NOT WARRANT, GUARANTEE, 24 * OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS 25 * OF THE USE OF THIS SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY, 26 * RELIABILITY OR OTHERWISE. IN NO EVENT SHALL PACKET DESIGN BE 27 * LIABLE FOR ANY DAMAGES RESULTING FROM OR ARISING OUT OF ANY USE 28 * OF THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY DIRECT, 29 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL 30 * DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOSS OF 31 * USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY THEORY OF 32 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 34 * THE USE OF THIS SOFTWARE, EVEN IF PACKET DESIGN IS ADVISED OF 35 * THE POSSIBILITY OF SUCH DAMAGE. 36 * 37 * Author: Archie Cobbs <archie@freebsd.org> 38 * 39 * $FreeBSD$ 40 */ 41 42 /* 43 * L2TP netgraph node type. 44 * 45 * This node type implements the lower layer of the 46 * L2TP protocol as specified in RFC 2661. 47 */ 48 49 #include <sys/param.h> 50 #include <sys/systm.h> 51 #include <sys/kernel.h> 52 #include <sys/time.h> 53 #include <sys/conf.h> 54 #include <sys/mbuf.h> 55 #include <sys/malloc.h> 56 #include <sys/errno.h> 57 #include <sys/libkern.h> 58 59 #include <netgraph/ng_message.h> 60 #include <netgraph/netgraph.h> 61 #include <netgraph/ng_parse.h> 62 #include <netgraph/ng_l2tp.h> 63 64 #ifdef NG_SEPARATE_MALLOC 65 static MALLOC_DEFINE(M_NETGRAPH_L2TP, "netgraph_l2tp", "netgraph l2tp node"); 66 #else 67 #define M_NETGRAPH_L2TP M_NETGRAPH 68 #endif 69 70 /* L2TP header format (first 2 bytes only) */ 71 #define L2TP_HDR_CTRL 0x8000 /* control packet */ 72 #define L2TP_HDR_LEN 0x4000 /* has length field */ 73 #define L2TP_HDR_SEQ 0x0800 /* has ns, nr fields */ 74 #define L2TP_HDR_OFF 0x0200 /* has offset field */ 75 #define L2TP_HDR_PRIO 0x0100 /* give priority */ 76 #define L2TP_HDR_VERS_MASK 0x000f /* version field mask */ 77 #define L2TP_HDR_VERSION 0x0002 /* version field */ 78 79 /* Bits that must be zero or one in first two bytes of header */ 80 #define L2TP_CTRL_0BITS 0x030d /* ctrl: must be 0 */ 81 #define L2TP_CTRL_1BITS 0xc802 /* ctrl: must be 1 */ 82 #define L2TP_DATA_0BITS 0x800d /* data: must be 0 */ 83 #define L2TP_DATA_1BITS 0x0002 /* data: must be 1 */ 84 85 /* Standard xmit ctrl and data header bits */ 86 #define L2TP_CTRL_HDR (L2TP_HDR_CTRL | L2TP_HDR_LEN \ 87 | L2TP_HDR_SEQ | L2TP_HDR_VERSION) 88 #define L2TP_DATA_HDR (L2TP_HDR_VERSION) /* optional: len, seq */ 89 90 /* Some hard coded values */ 91 #define L2TP_MAX_XWIN 128 /* my max xmit window */ 92 #define L2TP_MAX_REXMIT 5 /* default max rexmit */ 93 #define L2TP_MAX_REXMIT_TO 30 /* default rexmit to */ 94 #define L2TP_DELAYED_ACK ((hz + 19) / 20) /* delayed ack: 50 ms */ 95 96 /* Default data sequence number configuration for new sessions */ 97 #define L2TP_CONTROL_DSEQ 1 /* we are the lns */ 98 #define L2TP_ENABLE_DSEQ 1 /* enable data seq # */ 99 100 /* Compare sequence numbers using circular math */ 101 #define L2TP_SEQ_DIFF(x, y) ((int16_t)((x) - (y))) 102 103 #define SESSHASHSIZE 0x0020 104 #define SESSHASH(x) (((x) ^ ((x) >> 8)) & (SESSHASHSIZE - 1)) 105 106 /* Hook private data (data session hooks only) */ 107 struct ng_l2tp_hook_private { 108 struct ng_l2tp_sess_config conf; /* hook/session config */ 109 struct ng_l2tp_session_stats stats; /* per sessions statistics */ 110 hook_p hook; /* hook reference */ 111 u_int16_t ns; /* data ns sequence number */ 112 u_int16_t nr; /* data nr sequence number */ 113 LIST_ENTRY(ng_l2tp_hook_private) sessions; 114 }; 115 typedef struct ng_l2tp_hook_private *hookpriv_p; 116 117 /* 118 * Sequence number state 119 * 120 * Invariants: 121 * - If cwnd < ssth, we're doing slow start, otherwise congestion avoidance 122 * - The number of unacknowledged xmit packets is (ns - rack) <= seq->wmax 123 * - The first (ns - rack) mbuf's in xwin[] array are copies of these 124 * unacknowledged packets; the remainder of xwin[] consists first of 125 * zero or more further untransmitted packets in the transmit queue 126 * - We try to keep the peer's receive window as full as possible. 127 * Therefore, (i < cwnd && xwin[i] != NULL) implies (ns - rack) > i. 128 * - rack_timer is running iff (ns - rack) > 0 (unack'd xmit'd pkts) 129 * - If xack != nr, there are unacknowledged recv packet(s) (delayed ack) 130 * - xack_timer is running iff xack != nr (unack'd rec'd pkts) 131 */ 132 struct l2tp_seq { 133 u_int16_t ns; /* next xmit seq we send */ 134 u_int16_t nr; /* next recv seq we expect */ 135 u_int16_t inproc; /* packet is in processing */ 136 u_int16_t rack; /* last 'nr' we rec'd */ 137 u_int16_t xack; /* last 'nr' we sent */ 138 u_int16_t wmax; /* peer's max recv window */ 139 u_int16_t cwnd; /* current congestion window */ 140 u_int16_t ssth; /* slow start threshold */ 141 u_int16_t acks; /* # consecutive acks rec'd */ 142 u_int16_t rexmits; /* # retransmits sent */ 143 struct callout rack_timer; /* retransmit timer */ 144 struct callout xack_timer; /* delayed ack timer */ 145 struct mbuf *xwin[L2TP_MAX_XWIN]; /* transmit window */ 146 struct mtx mtx; /* seq mutex */ 147 }; 148 149 /* Node private data */ 150 struct ng_l2tp_private { 151 node_p node; /* back pointer to node */ 152 hook_p ctrl; /* hook to upper layers */ 153 hook_p lower; /* hook to lower layers */ 154 struct ng_l2tp_config conf; /* node configuration */ 155 struct ng_l2tp_stats stats; /* node statistics */ 156 struct l2tp_seq seq; /* ctrl sequence number state */ 157 ng_ID_t ftarget; /* failure message target */ 158 LIST_HEAD(, ng_l2tp_hook_private) sesshash[SESSHASHSIZE]; 159 }; 160 typedef struct ng_l2tp_private *priv_p; 161 162 /* Netgraph node methods */ 163 static ng_constructor_t ng_l2tp_constructor; 164 static ng_rcvmsg_t ng_l2tp_rcvmsg; 165 static ng_shutdown_t ng_l2tp_shutdown; 166 static ng_newhook_t ng_l2tp_newhook; 167 static ng_rcvdata_t ng_l2tp_rcvdata; 168 static ng_rcvdata_t ng_l2tp_rcvdata_lower; 169 static ng_rcvdata_t ng_l2tp_rcvdata_ctrl; 170 static ng_disconnect_t ng_l2tp_disconnect; 171 172 /* Internal functions */ 173 static int ng_l2tp_xmit_ctrl(priv_p priv, struct mbuf *m, u_int16_t ns); 174 175 static void ng_l2tp_seq_init(priv_p priv); 176 static int ng_l2tp_seq_set(priv_p priv, 177 const struct ng_l2tp_seq_config *conf); 178 static int ng_l2tp_seq_adjust(priv_p priv, 179 const struct ng_l2tp_config *conf); 180 static void ng_l2tp_seq_reset(priv_p priv); 181 static void ng_l2tp_seq_failure(priv_p priv); 182 static void ng_l2tp_seq_recv_nr(priv_p priv, u_int16_t nr); 183 static void ng_l2tp_seq_xack_timeout(node_p node, hook_p hook, 184 void *arg1, int arg2); 185 static void ng_l2tp_seq_rack_timeout(node_p node, hook_p hook, 186 void *arg1, int arg2); 187 188 static hookpriv_p ng_l2tp_find_session(priv_p privp, u_int16_t sid); 189 static ng_fn_eachhook ng_l2tp_reset_session; 190 191 #ifdef INVARIANTS 192 static void ng_l2tp_seq_check(struct l2tp_seq *seq); 193 #endif 194 195 /* Parse type for struct ng_l2tp_seq_config. */ 196 static const struct ng_parse_struct_field 197 ng_l2tp_seq_config_fields[] = NG_L2TP_SEQ_CONFIG_TYPE_INFO; 198 static const struct ng_parse_type ng_l2tp_seq_config_type = { 199 &ng_parse_struct_type, 200 &ng_l2tp_seq_config_fields 201 }; 202 203 /* Parse type for struct ng_l2tp_config */ 204 static const struct ng_parse_struct_field 205 ng_l2tp_config_type_fields[] = NG_L2TP_CONFIG_TYPE_INFO; 206 static const struct ng_parse_type ng_l2tp_config_type = { 207 &ng_parse_struct_type, 208 &ng_l2tp_config_type_fields, 209 }; 210 211 /* Parse type for struct ng_l2tp_sess_config */ 212 static const struct ng_parse_struct_field 213 ng_l2tp_sess_config_type_fields[] = NG_L2TP_SESS_CONFIG_TYPE_INFO; 214 static const struct ng_parse_type ng_l2tp_sess_config_type = { 215 &ng_parse_struct_type, 216 &ng_l2tp_sess_config_type_fields, 217 }; 218 219 /* Parse type for struct ng_l2tp_stats */ 220 static const struct ng_parse_struct_field 221 ng_l2tp_stats_type_fields[] = NG_L2TP_STATS_TYPE_INFO; 222 static const struct ng_parse_type ng_l2tp_stats_type = { 223 &ng_parse_struct_type, 224 &ng_l2tp_stats_type_fields 225 }; 226 227 /* Parse type for struct ng_l2tp_session_stats. */ 228 static const struct ng_parse_struct_field 229 ng_l2tp_session_stats_type_fields[] = NG_L2TP_SESSION_STATS_TYPE_INFO; 230 static const struct ng_parse_type ng_l2tp_session_stats_type = { 231 &ng_parse_struct_type, 232 &ng_l2tp_session_stats_type_fields 233 }; 234 235 /* List of commands and how to convert arguments to/from ASCII */ 236 static const struct ng_cmdlist ng_l2tp_cmdlist[] = { 237 { 238 NGM_L2TP_COOKIE, 239 NGM_L2TP_SET_CONFIG, 240 "setconfig", 241 &ng_l2tp_config_type, 242 NULL 243 }, 244 { 245 NGM_L2TP_COOKIE, 246 NGM_L2TP_GET_CONFIG, 247 "getconfig", 248 NULL, 249 &ng_l2tp_config_type 250 }, 251 { 252 NGM_L2TP_COOKIE, 253 NGM_L2TP_SET_SESS_CONFIG, 254 "setsessconfig", 255 &ng_l2tp_sess_config_type, 256 NULL 257 }, 258 { 259 NGM_L2TP_COOKIE, 260 NGM_L2TP_GET_SESS_CONFIG, 261 "getsessconfig", 262 &ng_parse_hint16_type, 263 &ng_l2tp_sess_config_type 264 }, 265 { 266 NGM_L2TP_COOKIE, 267 NGM_L2TP_GET_STATS, 268 "getstats", 269 NULL, 270 &ng_l2tp_stats_type 271 }, 272 { 273 NGM_L2TP_COOKIE, 274 NGM_L2TP_CLR_STATS, 275 "clrstats", 276 NULL, 277 NULL 278 }, 279 { 280 NGM_L2TP_COOKIE, 281 NGM_L2TP_GETCLR_STATS, 282 "getclrstats", 283 NULL, 284 &ng_l2tp_stats_type 285 }, 286 { 287 NGM_L2TP_COOKIE, 288 NGM_L2TP_GET_SESSION_STATS, 289 "getsessstats", 290 &ng_parse_int16_type, 291 &ng_l2tp_session_stats_type 292 }, 293 { 294 NGM_L2TP_COOKIE, 295 NGM_L2TP_CLR_SESSION_STATS, 296 "clrsessstats", 297 &ng_parse_int16_type, 298 NULL 299 }, 300 { 301 NGM_L2TP_COOKIE, 302 NGM_L2TP_GETCLR_SESSION_STATS, 303 "getclrsessstats", 304 &ng_parse_int16_type, 305 &ng_l2tp_session_stats_type 306 }, 307 { 308 NGM_L2TP_COOKIE, 309 NGM_L2TP_ACK_FAILURE, 310 "ackfailure", 311 NULL, 312 NULL 313 }, 314 { 315 NGM_L2TP_COOKIE, 316 NGM_L2TP_SET_SEQ, 317 "setsequence", 318 &ng_l2tp_seq_config_type, 319 NULL 320 }, 321 { 0 } 322 }; 323 324 /* Node type descriptor */ 325 static struct ng_type ng_l2tp_typestruct = { 326 .version = NG_ABI_VERSION, 327 .name = NG_L2TP_NODE_TYPE, 328 .constructor = ng_l2tp_constructor, 329 .rcvmsg = ng_l2tp_rcvmsg, 330 .shutdown = ng_l2tp_shutdown, 331 .newhook = ng_l2tp_newhook, 332 .rcvdata = ng_l2tp_rcvdata, 333 .disconnect = ng_l2tp_disconnect, 334 .cmdlist = ng_l2tp_cmdlist, 335 }; 336 NETGRAPH_INIT(l2tp, &ng_l2tp_typestruct); 337 338 /* Sequence number state sanity checking */ 339 #ifdef INVARIANTS 340 #define L2TP_SEQ_CHECK(seq) ng_l2tp_seq_check(seq) 341 #else 342 #define L2TP_SEQ_CHECK(x) do { } while (0) 343 #endif 344 345 /* Whether to use m_copypacket() or m_dup() */ 346 #define L2TP_COPY_MBUF m_copypacket 347 348 #define ERROUT(x) do { error = (x); goto done; } while (0) 349 350 /************************************************************************ 351 NETGRAPH NODE STUFF 352 ************************************************************************/ 353 354 /* 355 * Node type constructor 356 */ 357 static int 358 ng_l2tp_constructor(node_p node) 359 { 360 priv_p priv; 361 int i; 362 363 /* Allocate private structure */ 364 priv = malloc(sizeof(*priv), M_NETGRAPH_L2TP, M_WAITOK | M_ZERO); 365 NG_NODE_SET_PRIVATE(node, priv); 366 priv->node = node; 367 368 /* Apply a semi-reasonable default configuration */ 369 priv->conf.peer_win = 1; 370 priv->conf.rexmit_max = L2TP_MAX_REXMIT; 371 priv->conf.rexmit_max_to = L2TP_MAX_REXMIT_TO; 372 373 /* Initialize sequence number state */ 374 ng_l2tp_seq_init(priv); 375 376 for (i = 0; i < SESSHASHSIZE; i++) 377 LIST_INIT(&priv->sesshash[i]); 378 379 /* Done */ 380 return (0); 381 } 382 383 /* 384 * Give our OK for a hook to be added. 385 */ 386 static int 387 ng_l2tp_newhook(node_p node, hook_p hook, const char *name) 388 { 389 const priv_p priv = NG_NODE_PRIVATE(node); 390 391 /* Check hook name */ 392 if (strcmp(name, NG_L2TP_HOOK_CTRL) == 0) { 393 if (priv->ctrl != NULL) 394 return (EISCONN); 395 priv->ctrl = hook; 396 NG_HOOK_SET_RCVDATA(hook, ng_l2tp_rcvdata_ctrl); 397 } else if (strcmp(name, NG_L2TP_HOOK_LOWER) == 0) { 398 if (priv->lower != NULL) 399 return (EISCONN); 400 priv->lower = hook; 401 NG_HOOK_SET_RCVDATA(hook, ng_l2tp_rcvdata_lower); 402 } else { 403 static const char hexdig[16] = "0123456789abcdef"; 404 u_int16_t session_id; 405 hookpriv_p hpriv; 406 uint16_t hash; 407 const char *hex; 408 int i; 409 int j; 410 411 /* Parse hook name to get session ID */ 412 if (strncmp(name, NG_L2TP_HOOK_SESSION_P, 413 sizeof(NG_L2TP_HOOK_SESSION_P) - 1) != 0) 414 return (EINVAL); 415 hex = name + sizeof(NG_L2TP_HOOK_SESSION_P) - 1; 416 for (session_id = i = 0; i < 4; i++) { 417 for (j = 0; j < 16 && hex[i] != hexdig[j]; j++); 418 if (j == 16) 419 return (EINVAL); 420 session_id = (session_id << 4) | j; 421 } 422 if (hex[i] != '\0') 423 return (EINVAL); 424 425 /* Create hook private structure */ 426 hpriv = malloc(sizeof(*hpriv), 427 M_NETGRAPH_L2TP, M_NOWAIT | M_ZERO); 428 if (hpriv == NULL) 429 return (ENOMEM); 430 hpriv->conf.session_id = session_id; 431 hpriv->conf.control_dseq = L2TP_CONTROL_DSEQ; 432 hpriv->conf.enable_dseq = L2TP_ENABLE_DSEQ; 433 hpriv->hook = hook; 434 NG_HOOK_SET_PRIVATE(hook, hpriv); 435 hash = SESSHASH(hpriv->conf.session_id); 436 LIST_INSERT_HEAD(&priv->sesshash[hash], hpriv, sessions); 437 } 438 439 /* Done */ 440 return (0); 441 } 442 443 /* 444 * Receive a control message. 445 */ 446 static int 447 ng_l2tp_rcvmsg(node_p node, item_p item, hook_p lasthook) 448 { 449 const priv_p priv = NG_NODE_PRIVATE(node); 450 struct ng_mesg *resp = NULL; 451 struct ng_mesg *msg; 452 int error = 0; 453 454 NGI_GET_MSG(item, msg); 455 switch (msg->header.typecookie) { 456 case NGM_L2TP_COOKIE: 457 switch (msg->header.cmd) { 458 case NGM_L2TP_SET_CONFIG: 459 { 460 struct ng_l2tp_config *const conf = 461 (struct ng_l2tp_config *)msg->data; 462 463 /* Check for invalid or illegal config */ 464 if (msg->header.arglen != sizeof(*conf)) { 465 error = EINVAL; 466 break; 467 } 468 conf->enabled = !!conf->enabled; 469 conf->match_id = !!conf->match_id; 470 if (priv->conf.enabled 471 && ((priv->conf.tunnel_id != 0 472 && conf->tunnel_id != priv->conf.tunnel_id) 473 || ((priv->conf.peer_id != 0 474 && conf->peer_id != priv->conf.peer_id)))) { 475 error = EBUSY; 476 break; 477 } 478 479 /* Save calling node as failure target */ 480 priv->ftarget = NGI_RETADDR(item); 481 482 /* Adjust sequence number state */ 483 if ((error = ng_l2tp_seq_adjust(priv, conf)) != 0) 484 break; 485 486 /* Update node's config */ 487 priv->conf = *conf; 488 break; 489 } 490 case NGM_L2TP_GET_CONFIG: 491 { 492 struct ng_l2tp_config *conf; 493 494 NG_MKRESPONSE(resp, msg, sizeof(*conf), M_NOWAIT); 495 if (resp == NULL) { 496 error = ENOMEM; 497 break; 498 } 499 conf = (struct ng_l2tp_config *)resp->data; 500 *conf = priv->conf; 501 break; 502 } 503 case NGM_L2TP_SET_SESS_CONFIG: 504 { 505 struct ng_l2tp_sess_config *const conf = 506 (struct ng_l2tp_sess_config *)msg->data; 507 hookpriv_p hpriv; 508 509 /* Check for invalid or illegal config. */ 510 if (msg->header.arglen != sizeof(*conf)) { 511 error = EINVAL; 512 break; 513 } 514 515 /* Find matching hook */ 516 hpriv = ng_l2tp_find_session(priv, conf->session_id); 517 if (hpriv == NULL) { 518 error = ENOENT; 519 break; 520 } 521 522 /* Update hook's config */ 523 hpriv->conf = *conf; 524 break; 525 } 526 case NGM_L2TP_GET_SESS_CONFIG: 527 { 528 struct ng_l2tp_sess_config *conf; 529 u_int16_t session_id; 530 hookpriv_p hpriv; 531 532 /* Get session ID */ 533 if (msg->header.arglen != sizeof(session_id)) { 534 error = EINVAL; 535 break; 536 } 537 memcpy(&session_id, msg->data, 2); 538 539 /* Find matching hook */ 540 hpriv = ng_l2tp_find_session(priv, session_id); 541 if (hpriv == NULL) { 542 error = ENOENT; 543 break; 544 } 545 546 /* Send response */ 547 NG_MKRESPONSE(resp, msg, sizeof(hpriv->conf), M_NOWAIT); 548 if (resp == NULL) { 549 error = ENOMEM; 550 break; 551 } 552 conf = (struct ng_l2tp_sess_config *)resp->data; 553 *conf = hpriv->conf; 554 break; 555 } 556 case NGM_L2TP_GET_STATS: 557 case NGM_L2TP_CLR_STATS: 558 case NGM_L2TP_GETCLR_STATS: 559 { 560 if (msg->header.cmd != NGM_L2TP_CLR_STATS) { 561 NG_MKRESPONSE(resp, msg, 562 sizeof(priv->stats), M_NOWAIT); 563 if (resp == NULL) { 564 error = ENOMEM; 565 break; 566 } 567 memcpy(resp->data, 568 &priv->stats, sizeof(priv->stats)); 569 } 570 if (msg->header.cmd != NGM_L2TP_GET_STATS) 571 memset(&priv->stats, 0, sizeof(priv->stats)); 572 break; 573 } 574 case NGM_L2TP_GET_SESSION_STATS: 575 case NGM_L2TP_CLR_SESSION_STATS: 576 case NGM_L2TP_GETCLR_SESSION_STATS: 577 { 578 uint16_t session_id; 579 hookpriv_p hpriv; 580 581 /* Get session ID. */ 582 if (msg->header.arglen != sizeof(session_id)) { 583 error = EINVAL; 584 break; 585 } 586 bcopy(msg->data, &session_id, sizeof(uint16_t)); 587 588 /* Find matching hook. */ 589 hpriv = ng_l2tp_find_session(priv, session_id); 590 if (hpriv == NULL) { 591 error = ENOENT; 592 break; 593 } 594 595 if (msg->header.cmd != NGM_L2TP_CLR_SESSION_STATS) { 596 NG_MKRESPONSE(resp, msg, 597 sizeof(hpriv->stats), M_NOWAIT); 598 if (resp == NULL) { 599 error = ENOMEM; 600 break; 601 } 602 bcopy(&hpriv->stats, resp->data, 603 sizeof(hpriv->stats)); 604 } 605 if (msg->header.cmd != NGM_L2TP_GET_SESSION_STATS) 606 bzero(&hpriv->stats, sizeof(hpriv->stats)); 607 break; 608 } 609 case NGM_L2TP_SET_SEQ: 610 { 611 struct ng_l2tp_seq_config *const conf = 612 (struct ng_l2tp_seq_config *)msg->data; 613 614 /* Check for invalid or illegal seq config. */ 615 if (msg->header.arglen != sizeof(*conf)) { 616 error = EINVAL; 617 break; 618 } 619 conf->ns = htons(conf->ns); 620 conf->nr = htons(conf->nr); 621 conf->rack = htons(conf->rack); 622 conf->xack = htons(conf->xack); 623 624 /* Set sequence numbers. */ 625 error = ng_l2tp_seq_set(priv, conf); 626 break; 627 } 628 default: 629 error = EINVAL; 630 break; 631 } 632 break; 633 default: 634 error = EINVAL; 635 break; 636 } 637 638 /* Done */ 639 NG_RESPOND_MSG(error, node, item, resp); 640 NG_FREE_MSG(msg); 641 return (error); 642 } 643 644 /* 645 * Destroy node 646 */ 647 static int 648 ng_l2tp_shutdown(node_p node) 649 { 650 const priv_p priv = NG_NODE_PRIVATE(node); 651 struct l2tp_seq *const seq = &priv->seq; 652 653 /* Sanity check */ 654 L2TP_SEQ_CHECK(seq); 655 656 /* Reset sequence number state */ 657 ng_l2tp_seq_reset(priv); 658 659 /* Free private data if neither timer is running */ 660 ng_uncallout(&seq->rack_timer, node); 661 ng_uncallout(&seq->xack_timer, node); 662 663 mtx_destroy(&seq->mtx); 664 665 free(priv, M_NETGRAPH_L2TP); 666 667 /* Unref node */ 668 NG_NODE_UNREF(node); 669 return (0); 670 } 671 672 /* 673 * Hook disconnection 674 */ 675 static int 676 ng_l2tp_disconnect(hook_p hook) 677 { 678 const node_p node = NG_HOOK_NODE(hook); 679 const priv_p priv = NG_NODE_PRIVATE(node); 680 681 /* Zero out hook pointer */ 682 if (hook == priv->ctrl) 683 priv->ctrl = NULL; 684 else if (hook == priv->lower) 685 priv->lower = NULL; 686 else { 687 const hookpriv_p hpriv = NG_HOOK_PRIVATE(hook); 688 LIST_REMOVE(hpriv, sessions); 689 free(hpriv, M_NETGRAPH_L2TP); 690 NG_HOOK_SET_PRIVATE(hook, NULL); 691 } 692 693 /* Go away if no longer connected to anything */ 694 if (NG_NODE_NUMHOOKS(node) == 0 && NG_NODE_IS_VALID(node)) 695 ng_rmnode_self(node); 696 return (0); 697 } 698 699 /************************************************************************* 700 INTERNAL FUNCTIONS 701 *************************************************************************/ 702 703 /* 704 * Find the hook with a given session ID. 705 */ 706 static hookpriv_p 707 ng_l2tp_find_session(priv_p privp, u_int16_t sid) 708 { 709 uint16_t hash = SESSHASH(sid); 710 hookpriv_p hpriv = NULL; 711 712 LIST_FOREACH(hpriv, &privp->sesshash[hash], sessions) { 713 if (hpriv->conf.session_id == sid) 714 break; 715 } 716 717 return (hpriv); 718 } 719 720 /* 721 * Reset a hook's session state. 722 */ 723 static int 724 ng_l2tp_reset_session(hook_p hook, void *arg) 725 { 726 const hookpriv_p hpriv = NG_HOOK_PRIVATE(hook); 727 728 if (hpriv != NULL) { 729 hpriv->conf.control_dseq = 0; 730 hpriv->conf.enable_dseq = 0; 731 bzero(&hpriv->stats, sizeof(struct ng_l2tp_session_stats)); 732 hpriv->nr = 0; 733 hpriv->ns = 0; 734 } 735 return (-1); 736 } 737 738 /* 739 * Handle an incoming frame from below. 740 */ 741 static int 742 ng_l2tp_rcvdata_lower(hook_p h, item_p item) 743 { 744 static const u_int16_t req_bits[2][2] = { 745 { L2TP_DATA_0BITS, L2TP_DATA_1BITS }, 746 { L2TP_CTRL_0BITS, L2TP_CTRL_1BITS }, 747 }; 748 const node_p node = NG_HOOK_NODE(h); 749 const priv_p priv = NG_NODE_PRIVATE(node); 750 hookpriv_p hpriv = NULL; 751 hook_p hook = NULL; 752 struct mbuf *m; 753 u_int16_t tid, sid; 754 u_int16_t hdr; 755 u_int16_t ns, nr; 756 int is_ctrl; 757 int error; 758 int len, plen; 759 760 /* Sanity check */ 761 L2TP_SEQ_CHECK(&priv->seq); 762 763 /* If not configured, reject */ 764 if (!priv->conf.enabled) { 765 NG_FREE_ITEM(item); 766 ERROUT(ENXIO); 767 } 768 769 /* Grab mbuf */ 770 NGI_GET_M(item, m); 771 772 /* Remember full packet length; needed for per session accounting. */ 773 plen = m->m_pkthdr.len; 774 775 /* Update stats */ 776 priv->stats.recvPackets++; 777 priv->stats.recvOctets += plen; 778 779 /* Get initial header */ 780 if (m->m_pkthdr.len < 6) { 781 priv->stats.recvRunts++; 782 NG_FREE_ITEM(item); 783 NG_FREE_M(m); 784 ERROUT(EINVAL); 785 } 786 if (m->m_len < 2 && (m = m_pullup(m, 2)) == NULL) { 787 priv->stats.memoryFailures++; 788 NG_FREE_ITEM(item); 789 ERROUT(EINVAL); 790 } 791 hdr = (mtod(m, uint8_t *)[0] << 8) + mtod(m, uint8_t *)[1]; 792 m_adj(m, 2); 793 794 /* Check required header bits and minimum length */ 795 is_ctrl = (hdr & L2TP_HDR_CTRL) != 0; 796 if ((hdr & req_bits[is_ctrl][0]) != 0 797 || (~hdr & req_bits[is_ctrl][1]) != 0) { 798 priv->stats.recvInvalid++; 799 NG_FREE_ITEM(item); 800 NG_FREE_M(m); 801 ERROUT(EINVAL); 802 } 803 if (m->m_pkthdr.len < 4 /* tunnel, session id */ 804 + (2 * ((hdr & L2TP_HDR_LEN) != 0)) /* length field */ 805 + (4 * ((hdr & L2TP_HDR_SEQ) != 0)) /* seq # fields */ 806 + (2 * ((hdr & L2TP_HDR_OFF) != 0))) { /* offset field */ 807 priv->stats.recvRunts++; 808 NG_FREE_ITEM(item); 809 NG_FREE_M(m); 810 ERROUT(EINVAL); 811 } 812 813 /* Get and validate length field if present */ 814 if ((hdr & L2TP_HDR_LEN) != 0) { 815 if (m->m_len < 2 && (m = m_pullup(m, 2)) == NULL) { 816 priv->stats.memoryFailures++; 817 NG_FREE_ITEM(item); 818 ERROUT(EINVAL); 819 } 820 len = (mtod(m, uint8_t *)[0] << 8) + mtod(m, uint8_t *)[1] - 4; 821 m_adj(m, 2); 822 if (len < 0 || len > m->m_pkthdr.len) { 823 priv->stats.recvInvalid++; 824 NG_FREE_ITEM(item); 825 NG_FREE_M(m); 826 ERROUT(EINVAL); 827 } 828 if (len < m->m_pkthdr.len) /* trim extra bytes */ 829 m_adj(m, -(m->m_pkthdr.len - len)); 830 } 831 832 /* Get tunnel ID and session ID */ 833 if (m->m_len < 4 && (m = m_pullup(m, 4)) == NULL) { 834 priv->stats.memoryFailures++; 835 NG_FREE_ITEM(item); 836 ERROUT(EINVAL); 837 } 838 tid = (mtod(m, u_int8_t *)[0] << 8) + mtod(m, u_int8_t *)[1]; 839 sid = (mtod(m, u_int8_t *)[2] << 8) + mtod(m, u_int8_t *)[3]; 840 m_adj(m, 4); 841 842 /* Check tunnel ID */ 843 if (tid != priv->conf.tunnel_id && 844 (priv->conf.match_id || tid != 0)) { 845 priv->stats.recvWrongTunnel++; 846 NG_FREE_ITEM(item); 847 NG_FREE_M(m); 848 ERROUT(EADDRNOTAVAIL); 849 } 850 851 /* Check session ID (for data packets only) */ 852 if ((hdr & L2TP_HDR_CTRL) == 0) { 853 hpriv = ng_l2tp_find_session(priv, sid); 854 if (hpriv == NULL) { 855 priv->stats.recvUnknownSID++; 856 NG_FREE_ITEM(item); 857 NG_FREE_M(m); 858 ERROUT(ENOTCONN); 859 } 860 hook = hpriv->hook; 861 } 862 863 /* Get Ns, Nr fields if present */ 864 if ((hdr & L2TP_HDR_SEQ) != 0) { 865 if (m->m_len < 4 && (m = m_pullup(m, 4)) == NULL) { 866 priv->stats.memoryFailures++; 867 NG_FREE_ITEM(item); 868 ERROUT(EINVAL); 869 } 870 ns = (mtod(m, u_int8_t *)[0] << 8) + mtod(m, u_int8_t *)[1]; 871 nr = (mtod(m, u_int8_t *)[2] << 8) + mtod(m, u_int8_t *)[3]; 872 m_adj(m, 4); 873 } else 874 ns = nr = 0; 875 876 /* Strip offset padding if present */ 877 if ((hdr & L2TP_HDR_OFF) != 0) { 878 u_int16_t offset; 879 880 /* Get length of offset padding */ 881 if (m->m_len < 2 && (m = m_pullup(m, 2)) == NULL) { 882 priv->stats.memoryFailures++; 883 NG_FREE_ITEM(item); 884 ERROUT(EINVAL); 885 } 886 offset = (mtod(m, u_int8_t *)[0] << 8) + mtod(m, u_int8_t *)[1]; 887 888 /* Trim offset padding */ 889 if ((2+offset) > m->m_pkthdr.len) { 890 priv->stats.recvInvalid++; 891 NG_FREE_ITEM(item); 892 NG_FREE_M(m); 893 ERROUT(EINVAL); 894 } 895 m_adj(m, 2+offset); 896 } 897 898 /* Handle control packets */ 899 if ((hdr & L2TP_HDR_CTRL) != 0) { 900 struct l2tp_seq *const seq = &priv->seq; 901 902 /* Handle receive ack sequence number Nr */ 903 ng_l2tp_seq_recv_nr(priv, nr); 904 905 /* Discard ZLB packets */ 906 if (m->m_pkthdr.len == 0) { 907 priv->stats.recvZLBs++; 908 NG_FREE_ITEM(item); 909 NG_FREE_M(m); 910 ERROUT(0); 911 } 912 913 mtx_lock(&seq->mtx); 914 /* 915 * If not what we expect or we are busy, drop packet and 916 * send an immediate ZLB ack. 917 */ 918 if (ns != seq->nr || seq->inproc) { 919 if (L2TP_SEQ_DIFF(ns, seq->nr) <= 0) 920 priv->stats.recvDuplicates++; 921 else 922 priv->stats.recvOutOfOrder++; 923 mtx_unlock(&seq->mtx); 924 ng_l2tp_xmit_ctrl(priv, NULL, seq->ns); 925 NG_FREE_ITEM(item); 926 NG_FREE_M(m); 927 ERROUT(0); 928 } 929 /* 930 * Until we deliver this packet we can't receive next one as 931 * we have no information for sending ack. 932 */ 933 seq->inproc = 1; 934 mtx_unlock(&seq->mtx); 935 936 /* Prepend session ID to packet. */ 937 M_PREPEND(m, 2, M_NOWAIT); 938 if (m == NULL) { 939 seq->inproc = 0; 940 priv->stats.memoryFailures++; 941 NG_FREE_ITEM(item); 942 ERROUT(ENOBUFS); 943 } 944 mtod(m, u_int8_t *)[0] = sid >> 8; 945 mtod(m, u_int8_t *)[1] = sid & 0xff; 946 947 /* Deliver packet to upper layers */ 948 NG_FWD_NEW_DATA(error, item, priv->ctrl, m); 949 950 mtx_lock(&seq->mtx); 951 /* Ready to process next packet. */ 952 seq->inproc = 0; 953 954 /* If packet was successfully delivered send ack. */ 955 if (error == 0) { 956 /* Update recv sequence number */ 957 seq->nr++; 958 /* Start receive ack timer, if not already running */ 959 if (!callout_active(&seq->xack_timer)) { 960 ng_callout(&seq->xack_timer, priv->node, NULL, 961 L2TP_DELAYED_ACK, ng_l2tp_seq_xack_timeout, 962 NULL, 0); 963 } 964 } 965 mtx_unlock(&seq->mtx); 966 967 ERROUT(error); 968 } 969 970 /* Per session packet, account it. */ 971 hpriv->stats.recvPackets++; 972 hpriv->stats.recvOctets += plen; 973 974 /* Follow peer's lead in data sequencing, if configured to do so */ 975 if (!hpriv->conf.control_dseq) 976 hpriv->conf.enable_dseq = ((hdr & L2TP_HDR_SEQ) != 0); 977 978 /* Handle data sequence numbers if present and enabled */ 979 if ((hdr & L2TP_HDR_SEQ) != 0) { 980 if (hpriv->conf.enable_dseq 981 && L2TP_SEQ_DIFF(ns, hpriv->nr) < 0) { 982 NG_FREE_ITEM(item); /* duplicate or out of order */ 983 NG_FREE_M(m); 984 priv->stats.recvDataDrops++; 985 ERROUT(0); 986 } 987 hpriv->nr = ns + 1; 988 } 989 990 /* Drop empty data packets */ 991 if (m->m_pkthdr.len == 0) { 992 NG_FREE_ITEM(item); 993 NG_FREE_M(m); 994 ERROUT(0); 995 } 996 997 /* Deliver data */ 998 NG_FWD_NEW_DATA(error, item, hook, m); 999 done: 1000 /* Done */ 1001 L2TP_SEQ_CHECK(&priv->seq); 1002 return (error); 1003 } 1004 1005 /* 1006 * Handle an outgoing control frame. 1007 */ 1008 static int 1009 ng_l2tp_rcvdata_ctrl(hook_p hook, item_p item) 1010 { 1011 const node_p node = NG_HOOK_NODE(hook); 1012 const priv_p priv = NG_NODE_PRIVATE(node); 1013 struct l2tp_seq *const seq = &priv->seq; 1014 struct mbuf *m; 1015 int error; 1016 int i; 1017 u_int16_t ns; 1018 1019 /* Sanity check */ 1020 L2TP_SEQ_CHECK(&priv->seq); 1021 1022 /* If not configured, reject */ 1023 if (!priv->conf.enabled) { 1024 NG_FREE_ITEM(item); 1025 ERROUT(ENXIO); 1026 } 1027 1028 /* Grab mbuf and discard other stuff XXX */ 1029 NGI_GET_M(item, m); 1030 NG_FREE_ITEM(item); 1031 1032 /* Packet should have session ID prepended */ 1033 if (m->m_pkthdr.len < 2) { 1034 priv->stats.xmitInvalid++; 1035 m_freem(m); 1036 ERROUT(EINVAL); 1037 } 1038 1039 /* Check max length */ 1040 if (m->m_pkthdr.len >= 0x10000 - 14) { 1041 priv->stats.xmitTooBig++; 1042 m_freem(m); 1043 ERROUT(EOVERFLOW); 1044 } 1045 1046 mtx_lock(&seq->mtx); 1047 1048 /* Find next empty slot in transmit queue */ 1049 for (i = 0; i < L2TP_MAX_XWIN && seq->xwin[i] != NULL; i++); 1050 if (i == L2TP_MAX_XWIN) { 1051 mtx_unlock(&seq->mtx); 1052 priv->stats.xmitDrops++; 1053 m_freem(m); 1054 ERROUT(ENOBUFS); 1055 } 1056 seq->xwin[i] = m; 1057 1058 /* If peer's receive window is already full, nothing else to do */ 1059 if (i >= seq->cwnd) { 1060 mtx_unlock(&seq->mtx); 1061 ERROUT(0); 1062 } 1063 1064 /* Start retransmit timer if not already running */ 1065 if (!callout_active(&seq->rack_timer)) 1066 ng_callout(&seq->rack_timer, node, NULL, 1067 hz, ng_l2tp_seq_rack_timeout, NULL, 0); 1068 1069 ns = seq->ns++; 1070 1071 mtx_unlock(&seq->mtx); 1072 1073 /* Copy packet */ 1074 if ((m = L2TP_COPY_MBUF(m, M_NOWAIT)) == NULL) { 1075 priv->stats.memoryFailures++; 1076 ERROUT(ENOBUFS); 1077 } 1078 1079 /* Send packet and increment xmit sequence number */ 1080 error = ng_l2tp_xmit_ctrl(priv, m, ns); 1081 done: 1082 /* Done */ 1083 L2TP_SEQ_CHECK(&priv->seq); 1084 return (error); 1085 } 1086 1087 /* 1088 * Handle an outgoing data frame. 1089 */ 1090 static int 1091 ng_l2tp_rcvdata(hook_p hook, item_p item) 1092 { 1093 const priv_p priv = NG_NODE_PRIVATE(NG_HOOK_NODE(hook)); 1094 const hookpriv_p hpriv = NG_HOOK_PRIVATE(hook); 1095 struct mbuf *m; 1096 uint8_t *p; 1097 u_int16_t hdr; 1098 int error; 1099 int i = 2; 1100 1101 /* Sanity check */ 1102 L2TP_SEQ_CHECK(&priv->seq); 1103 1104 /* If not configured, reject */ 1105 if (!priv->conf.enabled) { 1106 NG_FREE_ITEM(item); 1107 ERROUT(ENXIO); 1108 } 1109 1110 /* Get mbuf */ 1111 NGI_GET_M(item, m); 1112 1113 /* Check max length */ 1114 if (m->m_pkthdr.len >= 0x10000 - 12) { 1115 priv->stats.xmitDataTooBig++; 1116 NG_FREE_ITEM(item); 1117 NG_FREE_M(m); 1118 ERROUT(EOVERFLOW); 1119 } 1120 1121 /* Prepend L2TP header */ 1122 M_PREPEND(m, 6 1123 + (2 * (hpriv->conf.include_length != 0)) 1124 + (4 * (hpriv->conf.enable_dseq != 0)), 1125 M_NOWAIT); 1126 if (m == NULL) { 1127 priv->stats.memoryFailures++; 1128 NG_FREE_ITEM(item); 1129 ERROUT(ENOBUFS); 1130 } 1131 p = mtod(m, uint8_t *); 1132 hdr = L2TP_DATA_HDR; 1133 if (hpriv->conf.include_length) { 1134 hdr |= L2TP_HDR_LEN; 1135 p[i++] = m->m_pkthdr.len >> 8; 1136 p[i++] = m->m_pkthdr.len & 0xff; 1137 } 1138 p[i++] = priv->conf.peer_id >> 8; 1139 p[i++] = priv->conf.peer_id & 0xff; 1140 p[i++] = hpriv->conf.peer_id >> 8; 1141 p[i++] = hpriv->conf.peer_id & 0xff; 1142 if (hpriv->conf.enable_dseq) { 1143 hdr |= L2TP_HDR_SEQ; 1144 p[i++] = hpriv->ns >> 8; 1145 p[i++] = hpriv->ns & 0xff; 1146 p[i++] = hpriv->nr >> 8; 1147 p[i++] = hpriv->nr & 0xff; 1148 hpriv->ns++; 1149 } 1150 p[0] = hdr >> 8; 1151 p[1] = hdr & 0xff; 1152 1153 /* Update per session stats. */ 1154 hpriv->stats.xmitPackets++; 1155 hpriv->stats.xmitOctets += m->m_pkthdr.len; 1156 1157 /* And the global one. */ 1158 priv->stats.xmitPackets++; 1159 priv->stats.xmitOctets += m->m_pkthdr.len; 1160 1161 /* Send packet */ 1162 NG_FWD_NEW_DATA(error, item, priv->lower, m); 1163 done: 1164 /* Done */ 1165 L2TP_SEQ_CHECK(&priv->seq); 1166 return (error); 1167 } 1168 1169 /* 1170 * Send a message to our controlling node that we've failed. 1171 */ 1172 static void 1173 ng_l2tp_seq_failure(priv_p priv) 1174 { 1175 struct ng_mesg *msg; 1176 int error; 1177 1178 NG_MKMESSAGE(msg, NGM_L2TP_COOKIE, NGM_L2TP_ACK_FAILURE, 0, M_NOWAIT); 1179 if (msg == NULL) 1180 return; 1181 NG_SEND_MSG_ID(error, priv->node, msg, priv->ftarget, 0); 1182 } 1183 1184 /************************************************************************ 1185 SEQUENCE NUMBER HANDLING 1186 ************************************************************************/ 1187 1188 /* 1189 * Initialize sequence number state. 1190 */ 1191 static void 1192 ng_l2tp_seq_init(priv_p priv) 1193 { 1194 struct l2tp_seq *const seq = &priv->seq; 1195 1196 KASSERT(priv->conf.peer_win >= 1, 1197 ("%s: peer_win is zero", __func__)); 1198 memset(seq, 0, sizeof(*seq)); 1199 seq->cwnd = 1; 1200 seq->wmax = priv->conf.peer_win; 1201 if (seq->wmax > L2TP_MAX_XWIN) 1202 seq->wmax = L2TP_MAX_XWIN; 1203 seq->ssth = seq->wmax; 1204 ng_callout_init(&seq->rack_timer); 1205 ng_callout_init(&seq->xack_timer); 1206 mtx_init(&seq->mtx, "ng_l2tp", NULL, MTX_DEF); 1207 L2TP_SEQ_CHECK(seq); 1208 } 1209 1210 /* 1211 * Set sequence number state as given from user. 1212 */ 1213 static int 1214 ng_l2tp_seq_set(priv_p priv, const struct ng_l2tp_seq_config *conf) 1215 { 1216 struct l2tp_seq *const seq = &priv->seq; 1217 1218 /* If node is enabled, deny update to sequence numbers. */ 1219 if (priv->conf.enabled) 1220 return (EBUSY); 1221 1222 /* We only can handle the simple cases. */ 1223 if (conf->xack != conf->nr || conf->ns != conf->rack) 1224 return (EINVAL); 1225 1226 /* Set ns,nr,rack,xack parameters. */ 1227 seq->ns = conf->ns; 1228 seq->nr = conf->nr; 1229 seq->rack = conf->rack; 1230 seq->xack = conf->xack; 1231 1232 return (0); 1233 } 1234 1235 /* 1236 * Adjust sequence number state accordingly after reconfiguration. 1237 */ 1238 static int 1239 ng_l2tp_seq_adjust(priv_p priv, const struct ng_l2tp_config *conf) 1240 { 1241 struct l2tp_seq *const seq = &priv->seq; 1242 u_int16_t new_wmax; 1243 1244 /* If disabling node, reset state sequence number */ 1245 if (!conf->enabled) { 1246 ng_l2tp_seq_reset(priv); 1247 return (0); 1248 } 1249 1250 /* Adjust peer's max recv window; it can only increase */ 1251 new_wmax = conf->peer_win; 1252 if (new_wmax > L2TP_MAX_XWIN) 1253 new_wmax = L2TP_MAX_XWIN; 1254 if (new_wmax == 0) 1255 return (EINVAL); 1256 if (new_wmax < seq->wmax) 1257 return (EBUSY); 1258 seq->wmax = new_wmax; 1259 1260 /* Done */ 1261 return (0); 1262 } 1263 1264 /* 1265 * Reset sequence number state. 1266 */ 1267 static void 1268 ng_l2tp_seq_reset(priv_p priv) 1269 { 1270 struct l2tp_seq *const seq = &priv->seq; 1271 hook_p hook; 1272 int i; 1273 1274 /* Sanity check */ 1275 L2TP_SEQ_CHECK(seq); 1276 1277 /* Stop timers */ 1278 ng_uncallout(&seq->rack_timer, priv->node); 1279 ng_uncallout(&seq->xack_timer, priv->node); 1280 1281 /* Free retransmit queue */ 1282 for (i = 0; i < L2TP_MAX_XWIN; i++) { 1283 if (seq->xwin[i] == NULL) 1284 break; 1285 m_freem(seq->xwin[i]); 1286 } 1287 1288 /* Reset session hooks' sequence number states */ 1289 NG_NODE_FOREACH_HOOK(priv->node, ng_l2tp_reset_session, NULL, hook); 1290 1291 /* Reset node's sequence number state */ 1292 seq->ns = 0; 1293 seq->nr = 0; 1294 seq->rack = 0; 1295 seq->xack = 0; 1296 seq->wmax = L2TP_MAX_XWIN; 1297 seq->cwnd = 1; 1298 seq->ssth = seq->wmax; 1299 seq->acks = 0; 1300 seq->rexmits = 0; 1301 bzero(seq->xwin, sizeof(seq->xwin)); 1302 1303 /* Done */ 1304 L2TP_SEQ_CHECK(seq); 1305 } 1306 1307 /* 1308 * Handle receipt of an acknowledgement value (Nr) from peer. 1309 */ 1310 static void 1311 ng_l2tp_seq_recv_nr(priv_p priv, u_int16_t nr) 1312 { 1313 struct l2tp_seq *const seq = &priv->seq; 1314 struct mbuf *xwin[L2TP_MAX_XWIN]; /* partial local copy */ 1315 int nack; 1316 int i, j; 1317 uint16_t ns; 1318 1319 mtx_lock(&seq->mtx); 1320 1321 /* Verify peer's ACK is in range */ 1322 if ((nack = L2TP_SEQ_DIFF(nr, seq->rack)) <= 0) { 1323 mtx_unlock(&seq->mtx); 1324 return; /* duplicate ack */ 1325 } 1326 if (L2TP_SEQ_DIFF(nr, seq->ns) > 0) { 1327 mtx_unlock(&seq->mtx); 1328 priv->stats.recvBadAcks++; /* ack for packet not sent */ 1329 return; 1330 } 1331 KASSERT(nack <= L2TP_MAX_XWIN, 1332 ("%s: nack=%d > %d", __func__, nack, L2TP_MAX_XWIN)); 1333 1334 /* Update receive ack stats */ 1335 seq->rack = nr; 1336 seq->rexmits = 0; 1337 1338 /* Free acknowledged packets and shift up packets in the xmit queue */ 1339 for (i = 0; i < nack; i++) 1340 m_freem(seq->xwin[i]); 1341 memmove(seq->xwin, seq->xwin + nack, 1342 (L2TP_MAX_XWIN - nack) * sizeof(*seq->xwin)); 1343 memset(seq->xwin + (L2TP_MAX_XWIN - nack), 0, 1344 nack * sizeof(*seq->xwin)); 1345 1346 /* 1347 * Do slow-start/congestion avoidance windowing algorithm described 1348 * in RFC 2661, Appendix A. Here we handle a multiple ACK as if each 1349 * ACK had arrived separately. 1350 */ 1351 if (seq->cwnd < seq->wmax) { 1352 /* Handle slow start phase */ 1353 if (seq->cwnd < seq->ssth) { 1354 seq->cwnd += nack; 1355 nack = 0; 1356 if (seq->cwnd > seq->ssth) { /* into cg.av. phase */ 1357 nack = seq->cwnd - seq->ssth; 1358 seq->cwnd = seq->ssth; 1359 } 1360 } 1361 1362 /* Handle congestion avoidance phase */ 1363 if (seq->cwnd >= seq->ssth) { 1364 seq->acks += nack; 1365 while (seq->acks >= seq->cwnd) { 1366 seq->acks -= seq->cwnd; 1367 if (seq->cwnd < seq->wmax) 1368 seq->cwnd++; 1369 } 1370 } 1371 } 1372 1373 /* Stop xmit timer */ 1374 if (callout_active(&seq->rack_timer)) 1375 ng_uncallout(&seq->rack_timer, priv->node); 1376 1377 /* If transmit queue is empty, we're done for now */ 1378 if (seq->xwin[0] == NULL) { 1379 mtx_unlock(&seq->mtx); 1380 return; 1381 } 1382 1383 /* Start restransmit timer again */ 1384 ng_callout(&seq->rack_timer, priv->node, NULL, 1385 hz, ng_l2tp_seq_rack_timeout, NULL, 0); 1386 1387 /* 1388 * Send more packets, trying to keep peer's receive window full. 1389 * Make copy of everything we need before lock release. 1390 */ 1391 ns = seq->ns; 1392 j = 0; 1393 while ((i = L2TP_SEQ_DIFF(seq->ns, seq->rack)) < seq->cwnd 1394 && seq->xwin[i] != NULL) { 1395 xwin[j++] = seq->xwin[i]; 1396 seq->ns++; 1397 } 1398 1399 mtx_unlock(&seq->mtx); 1400 1401 /* 1402 * Send prepared. 1403 * If there is a memory error, pretend packet was sent, as it 1404 * will get retransmitted later anyway. 1405 */ 1406 for (i = 0; i < j; i++) { 1407 struct mbuf *m; 1408 if ((m = L2TP_COPY_MBUF(xwin[i], M_NOWAIT)) == NULL) 1409 priv->stats.memoryFailures++; 1410 else 1411 ng_l2tp_xmit_ctrl(priv, m, ns); 1412 ns++; 1413 } 1414 } 1415 1416 /* 1417 * Handle an ack timeout. We have an outstanding ack that we 1418 * were hoping to piggy-back, but haven't, so send a ZLB. 1419 */ 1420 static void 1421 ng_l2tp_seq_xack_timeout(node_p node, hook_p hook, void *arg1, int arg2) 1422 { 1423 const priv_p priv = NG_NODE_PRIVATE(node); 1424 struct l2tp_seq *const seq = &priv->seq; 1425 1426 /* Make sure callout is still active before doing anything */ 1427 if (callout_pending(&seq->xack_timer) || 1428 (!callout_active(&seq->xack_timer))) 1429 return; 1430 1431 /* Sanity check */ 1432 L2TP_SEQ_CHECK(seq); 1433 1434 /* Send a ZLB */ 1435 ng_l2tp_xmit_ctrl(priv, NULL, seq->ns); 1436 1437 /* callout_deactivate() is not needed here 1438 as ng_uncallout() was called by ng_l2tp_xmit_ctrl() */ 1439 1440 /* Sanity check */ 1441 L2TP_SEQ_CHECK(seq); 1442 } 1443 1444 /* 1445 * Handle a transmit timeout. The peer has failed to respond 1446 * with an ack for our packet, so retransmit it. 1447 */ 1448 static void 1449 ng_l2tp_seq_rack_timeout(node_p node, hook_p hook, void *arg1, int arg2) 1450 { 1451 const priv_p priv = NG_NODE_PRIVATE(node); 1452 struct l2tp_seq *const seq = &priv->seq; 1453 struct mbuf *m; 1454 u_int delay; 1455 1456 /* Sanity check */ 1457 L2TP_SEQ_CHECK(seq); 1458 1459 mtx_lock(&seq->mtx); 1460 /* Make sure callout is still active before doing anything */ 1461 if (callout_pending(&seq->rack_timer) || 1462 !callout_active(&seq->rack_timer)) { 1463 mtx_unlock(&seq->mtx); 1464 return; 1465 } 1466 1467 priv->stats.xmitRetransmits++; 1468 1469 /* Have we reached the retransmit limit? If so, notify owner. */ 1470 if (seq->rexmits++ >= priv->conf.rexmit_max) 1471 ng_l2tp_seq_failure(priv); 1472 1473 /* Restart timer, this time with an increased delay */ 1474 delay = (seq->rexmits > 12) ? (1 << 12) : (1 << seq->rexmits); 1475 if (delay > priv->conf.rexmit_max_to) 1476 delay = priv->conf.rexmit_max_to; 1477 ng_callout(&seq->rack_timer, node, NULL, 1478 hz * delay, ng_l2tp_seq_rack_timeout, NULL, 0); 1479 1480 /* Do slow-start/congestion algorithm windowing algorithm */ 1481 seq->ns = seq->rack; 1482 seq->ssth = (seq->cwnd + 1) / 2; 1483 seq->cwnd = 1; 1484 seq->acks = 0; 1485 1486 /* Retransmit oldest unack'd packet */ 1487 m = L2TP_COPY_MBUF(seq->xwin[0], M_NOWAIT); 1488 mtx_unlock(&seq->mtx); 1489 if (m == NULL) 1490 priv->stats.memoryFailures++; 1491 else 1492 ng_l2tp_xmit_ctrl(priv, m, seq->ns++); 1493 1494 /* callout_deactivate() is not needed here 1495 as ng_callout() is getting called each time */ 1496 1497 /* Sanity check */ 1498 L2TP_SEQ_CHECK(seq); 1499 } 1500 1501 /* 1502 * Transmit a control stream packet, payload optional. 1503 * The transmit sequence number is not incremented. 1504 */ 1505 static int 1506 ng_l2tp_xmit_ctrl(priv_p priv, struct mbuf *m, u_int16_t ns) 1507 { 1508 struct l2tp_seq *const seq = &priv->seq; 1509 uint8_t *p; 1510 u_int16_t session_id = 0; 1511 int error; 1512 1513 mtx_lock(&seq->mtx); 1514 1515 /* Stop ack timer: we're sending an ack with this packet. 1516 Doing this before to keep state predictable after error. */ 1517 if (callout_active(&seq->xack_timer)) 1518 ng_uncallout(&seq->xack_timer, priv->node); 1519 1520 seq->xack = seq->nr; 1521 1522 mtx_unlock(&seq->mtx); 1523 1524 /* If no mbuf passed, send an empty packet (ZLB) */ 1525 if (m == NULL) { 1526 /* Create a new mbuf for ZLB packet */ 1527 MGETHDR(m, M_NOWAIT, MT_DATA); 1528 if (m == NULL) { 1529 priv->stats.memoryFailures++; 1530 return (ENOBUFS); 1531 } 1532 m->m_len = m->m_pkthdr.len = 12; 1533 m->m_pkthdr.rcvif = NULL; 1534 priv->stats.xmitZLBs++; 1535 } else { 1536 /* Strip off session ID */ 1537 if (m->m_len < 2 && (m = m_pullup(m, 2)) == NULL) { 1538 priv->stats.memoryFailures++; 1539 return (ENOBUFS); 1540 } 1541 session_id = (mtod(m, u_int8_t *)[0] << 8) + mtod(m, u_int8_t *)[1]; 1542 1543 /* Make room for L2TP header */ 1544 M_PREPEND(m, 10, M_NOWAIT); /* - 2 + 12 = 10 */ 1545 if (m == NULL) { 1546 priv->stats.memoryFailures++; 1547 return (ENOBUFS); 1548 } 1549 1550 /* 1551 * The below requires 12 contiguous bytes for the L2TP header 1552 * to be written into. 1553 */ 1554 m = m_pullup(m, 12); 1555 if (m == NULL) { 1556 priv->stats.memoryFailures++; 1557 return (ENOBUFS); 1558 } 1559 } 1560 1561 /* Fill in L2TP header */ 1562 p = mtod(m, u_int8_t *); 1563 p[0] = L2TP_CTRL_HDR >> 8; 1564 p[1] = L2TP_CTRL_HDR & 0xff; 1565 p[2] = m->m_pkthdr.len >> 8; 1566 p[3] = m->m_pkthdr.len & 0xff; 1567 p[4] = priv->conf.peer_id >> 8; 1568 p[5] = priv->conf.peer_id & 0xff; 1569 p[6] = session_id >> 8; 1570 p[7] = session_id & 0xff; 1571 p[8] = ns >> 8; 1572 p[9] = ns & 0xff; 1573 p[10] = seq->nr >> 8; 1574 p[11] = seq->nr & 0xff; 1575 1576 /* Update sequence number info and stats */ 1577 priv->stats.xmitPackets++; 1578 priv->stats.xmitOctets += m->m_pkthdr.len; 1579 1580 /* Send packet */ 1581 NG_SEND_DATA_ONLY(error, priv->lower, m); 1582 return (error); 1583 } 1584 1585 #ifdef INVARIANTS 1586 /* 1587 * Sanity check sequence number state. 1588 */ 1589 static void 1590 ng_l2tp_seq_check(struct l2tp_seq *seq) 1591 { 1592 int self_unack, peer_unack; 1593 int i; 1594 1595 #define CHECK(p) KASSERT((p), ("%s: not: %s", __func__, #p)) 1596 1597 mtx_lock(&seq->mtx); 1598 1599 self_unack = L2TP_SEQ_DIFF(seq->nr, seq->xack); 1600 peer_unack = L2TP_SEQ_DIFF(seq->ns, seq->rack); 1601 CHECK(seq->wmax <= L2TP_MAX_XWIN); 1602 CHECK(seq->cwnd >= 1); 1603 CHECK(seq->cwnd <= seq->wmax); 1604 CHECK(seq->ssth >= 1); 1605 CHECK(seq->ssth <= seq->wmax); 1606 if (seq->cwnd < seq->ssth) 1607 CHECK(seq->acks == 0); 1608 else 1609 CHECK(seq->acks <= seq->cwnd); 1610 CHECK(self_unack >= 0); 1611 CHECK(peer_unack >= 0); 1612 CHECK(peer_unack <= seq->wmax); 1613 CHECK((self_unack == 0) ^ callout_active(&seq->xack_timer)); 1614 CHECK((peer_unack == 0) ^ callout_active(&seq->rack_timer)); 1615 for (i = 0; i < peer_unack; i++) 1616 CHECK(seq->xwin[i] != NULL); 1617 for ( ; i < seq->cwnd; i++) /* verify peer's recv window full */ 1618 CHECK(seq->xwin[i] == NULL); 1619 1620 mtx_unlock(&seq->mtx); 1621 1622 #undef CHECK 1623 } 1624 #endif /* INVARIANTS */ 1625