1 /* 2 * sppp.c - Solaris STREAMS PPP multiplexing pseudo-driver 3 * 4 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 5 * Use is subject to license terms. 6 * 7 * Permission to use, copy, modify, and distribute this software and its 8 * documentation is hereby granted, provided that the above copyright 9 * notice appears in all copies. 10 * 11 * SUN MAKES NO REPRESENTATION OR WARRANTIES ABOUT THE SUITABILITY OF 12 * THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED 13 * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 14 * PARTICULAR PURPOSE, OR NON-INFRINGEMENT. SUN SHALL NOT BE LIABLE FOR 15 * ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR 16 * DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES 17 * 18 * Copyright (c) 1994 The Australian National University. 19 * All rights reserved. 20 * 21 * Permission to use, copy, modify, and distribute this software and its 22 * documentation is hereby granted, provided that the above copyright 23 * notice appears in all copies. This software is provided without any 24 * warranty, express or implied. The Australian National University 25 * makes no representations about the suitability of this software for 26 * any purpose. 27 * 28 * IN NO EVENT SHALL THE AUSTRALIAN NATIONAL UNIVERSITY BE LIABLE TO ANY 29 * PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES 30 * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF 31 * THE AUSTRALIAN NATIONAL UNIVERSITY HAS BEEN ADVISED OF THE POSSIBILITY 32 * OF SUCH DAMAGE. 33 * 34 * THE AUSTRALIAN NATIONAL UNIVERSITY SPECIFICALLY DISCLAIMS ANY WARRANTIES, 35 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY 36 * AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS 37 * ON AN "AS IS" BASIS, AND THE AUSTRALIAN NATIONAL UNIVERSITY HAS NO 38 * OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, 39 * OR MODIFICATIONS. 40 * 41 * This driver is derived from the original SVR4 STREAMS PPP driver 42 * originally written by Paul Mackerras <paul.mackerras@cs.anu.edu.au>. 43 * 44 * Adi Masputra <adi.masputra@sun.com> rewrote and restructured the code 45 * for improved performance and scalability. 46 */ 47 48 #define RCSID "$Id: sppp.c,v 1.0 2000/05/08 01:10:12 masputra Exp $" 49 50 #include <sys/types.h> 51 #include <sys/debug.h> 52 #include <sys/param.h> 53 #include <sys/stat.h> 54 #include <sys/stream.h> 55 #include <sys/stropts.h> 56 #include <sys/sysmacros.h> 57 #include <sys/errno.h> 58 #include <sys/time.h> 59 #include <sys/cmn_err.h> 60 #include <sys/kmem.h> 61 #include <sys/conf.h> 62 #include <sys/dlpi.h> 63 #include <sys/ddi.h> 64 #include <sys/kstat.h> 65 #include <sys/strsun.h> 66 #include <sys/ethernet.h> 67 #include <sys/policy.h> 68 #include <net/ppp_defs.h> 69 #include <net/pppio.h> 70 #include "sppp.h" 71 #include "s_common.h" 72 73 /* 74 * This is used to tag official Solaris sources. Please do not define 75 * "INTERNAL_BUILD" when building this software outside of Sun Microsystems. 76 */ 77 #ifdef INTERNAL_BUILD 78 /* MODINFO is limited to 32 characters. */ 79 const char sppp_module_description[] = "PPP 4.0 mux"; 80 #else /* INTERNAL_BUILD */ 81 const char sppp_module_description[] = "ANU PPP mux $Revision: 1.0$"; 82 83 /* LINTED */ 84 static const char buildtime[] = "Built " __DATE__ " at " __TIME__ 85 #ifdef DEBUG 86 " DEBUG" 87 #endif 88 "\n"; 89 #endif /* INTERNAL_BUILD */ 90 91 static void sppp_inner_ioctl(queue_t *, mblk_t *); 92 static void sppp_outer_ioctl(queue_t *, mblk_t *); 93 static queue_t *sppp_send(queue_t *, mblk_t **, spppstr_t *); 94 static queue_t *sppp_recv(queue_t *, mblk_t **, spppstr_t *); 95 static void sppp_recv_nondata(queue_t *, mblk_t *, spppstr_t *); 96 static queue_t *sppp_outpkt(queue_t *, mblk_t **, int, spppstr_t *); 97 static spppstr_t *sppp_inpkt(queue_t *, mblk_t *, spppstr_t *); 98 static int sppp_kstat_update(kstat_t *, int); 99 static void sppp_release_pkts(sppa_t *, uint16_t); 100 101 /* 102 * sps_list contains the list of active per-stream instance state structures 103 * ordered on the minor device number (see sppp.h for details). All streams 104 * opened to this driver are threaded together in this list. 105 */ 106 static spppstr_t *sps_list = NULL; 107 /* 108 * ppa_list contains the list of active per-attachment instance state 109 * structures ordered on the ppa id number (see sppp.h for details). All of 110 * the ppa structures created once per PPPIO_NEWPPA ioctl are threaded together 111 * in this list. There is exactly one ppa structure for a given PPP interface, 112 * and multiple sps streams (upper streams) may share a ppa by performing 113 * an attachment explicitly (PPPIO_ATTACH) or implicitly (DL_ATTACH_REQ). 114 */ 115 static sppa_t *ppa_list = NULL; 116 117 static const char *kstats_names[] = { SPPP_KSTATS_NAMES }; 118 static const char *kstats64_names[] = { SPPP_KSTATS64_NAMES }; 119 120 /* 121 * map proto (which is an IANA defined ppp network protocol) to 122 * a bit position indicated by NP_* in ppa_npflag 123 */ 124 static uint32_t 125 sppp_ppp2np(uint16_t proto) 126 { 127 switch (proto) { 128 case PPP_IP: 129 return (NP_IP); 130 case PPP_IPV6: 131 return (NP_IPV6); 132 default: 133 return (0); 134 } 135 } 136 137 /* 138 * sppp_open() 139 * 140 * MT-Perimeters: 141 * exclusive inner, exclusive outer. 142 * 143 * Description: 144 * Common open procedure for module. 145 */ 146 /* ARGSUSED */ 147 int 148 sppp_open(queue_t *q, dev_t *devp, int oflag, int sflag, cred_t *credp) 149 { 150 spppstr_t *sps; 151 spppstr_t **nextmn; 152 minor_t mn; 153 154 ASSERT(q != NULL && devp != NULL); 155 ASSERT(sflag != MODOPEN); 156 157 if (q->q_ptr != NULL) { 158 return (0); /* already open */ 159 } 160 if (sflag != CLONEOPEN) { 161 return (OPENFAIL); 162 } 163 /* 164 * The sps list is sorted using the minor number as the key. The 165 * following code walks the list to find the lowest valued minor 166 * number available to be used. 167 */ 168 mn = 0; 169 for (nextmn = &sps_list; (sps = *nextmn) != NULL; 170 nextmn = &sps->sps_nextmn) { 171 if (sps->sps_mn_id != mn) { 172 break; 173 } 174 ++mn; 175 } 176 sps = (spppstr_t *)kmem_zalloc(sizeof (spppstr_t), KM_SLEEP); 177 ASSERT(sps != NULL); /* KM_SLEEP must never return NULL */ 178 sps->sps_nextmn = *nextmn; /* insert stream in global list */ 179 *nextmn = sps; 180 sps->sps_mn_id = mn; /* save minor id for this stream */ 181 sps->sps_rq = q; /* save read queue pointer */ 182 sps->sps_sap = -1; /* no sap bound to stream */ 183 sps->sps_dlstate = DL_UNATTACHED; /* dlpi state is unattached */ 184 sps->sps_npmode = NPMODE_DROP; /* drop all packets initially */ 185 q->q_ptr = WR(q)->q_ptr = (caddr_t)sps; 186 /* 187 * We explicitly disable the automatic queue scheduling for the 188 * write-side to obtain complete control over queuing during transmit. 189 * Packets will be queued at the upper write queue and the service 190 * routine will not be called until it gets scheduled by having the 191 * lower write service routine call the qenable(WR(uq)) for all streams 192 * attached to the same ppa instance. 193 */ 194 noenable(WR(q)); 195 *devp = makedevice(getmajor(*devp), mn); 196 qprocson(q); 197 return (0); 198 } 199 200 /* 201 * Free storage used by a PPA. This is not called until the last PPA 202 * user closes his connection or reattaches to a different PPA. 203 */ 204 static void 205 sppp_free_ppa(sppa_t *ppa) 206 { 207 sppa_t **nextppa; 208 209 ASSERT(ppa->ppa_refcnt == 1); 210 if (ppa->ppa_kstats != NULL) { 211 kstat_delete(ppa->ppa_kstats); 212 ppa->ppa_kstats = NULL; 213 } 214 mutex_destroy(&ppa->ppa_sta_lock); 215 mutex_destroy(&ppa->ppa_npmutex); 216 rw_destroy(&ppa->ppa_sib_lock); 217 nextppa = &ppa_list; 218 while (*nextppa != NULL) { 219 if (*nextppa == ppa) { 220 *nextppa = ppa->ppa_nextppa; 221 break; 222 } 223 nextppa = &(*nextppa)->ppa_nextppa; 224 } 225 kmem_free(ppa, sizeof (*ppa)); 226 } 227 228 /* 229 * Create a new PPA. Caller must be exclusive on outer perimeter. 230 */ 231 sppa_t * 232 sppp_create_ppa(uint32_t ppa_id) 233 { 234 sppa_t *ppa; 235 sppa_t *curppa; 236 sppa_t **availppa; 237 char unit[32]; /* Unit name */ 238 const char **cpp; 239 kstat_t *ksp; 240 kstat_named_t *knt; 241 242 /* 243 * NOTE: unit *must* be named for the driver 244 * name plus the ppa number so that netstat 245 * can find the statistics. 246 */ 247 (void) sprintf(unit, "%s" "%d", PPP_DRV_NAME, ppa_id); 248 /* 249 * Make sure we can allocate a buffer to 250 * contain the ppa to be sent upstream, as 251 * well as the actual ppa structure and its 252 * associated kstat structure. 253 */ 254 ppa = (sppa_t *)kmem_zalloc(sizeof (sppa_t), 255 KM_NOSLEEP); 256 ksp = kstat_create(PPP_DRV_NAME, ppa_id, unit, "net", KSTAT_TYPE_NAMED, 257 sizeof (sppp_kstats_t) / sizeof (kstat_named_t), 0); 258 259 if (ppa == NULL || ksp == NULL) { 260 if (ppa != NULL) { 261 kmem_free(ppa, sizeof (sppa_t)); 262 } 263 if (ksp != NULL) { 264 kstat_delete(ksp); 265 } 266 return (NULL); 267 } 268 ppa->ppa_kstats = ksp; /* chain kstat structure */ 269 ppa->ppa_ppa_id = ppa_id; /* record ppa id */ 270 ppa->ppa_mtu = PPP_MAXMTU; /* 65535-(PPP_HDRLEN+PPP_FCSLEN) */ 271 ppa->ppa_mru = PPP_MAXMRU; /* 65000 */ 272 273 mutex_init(&ppa->ppa_sta_lock, NULL, MUTEX_DRIVER, NULL); 274 mutex_init(&ppa->ppa_npmutex, NULL, MUTEX_DRIVER, NULL); 275 rw_init(&ppa->ppa_sib_lock, NULL, RW_DRIVER, NULL); 276 277 /* 278 * Prepare and install kstat counters. Note that for netstat 279 * -i to work, there needs to be "ipackets", "opackets", 280 * "ierrors", and "oerrors" kstat named variables. 281 */ 282 knt = (kstat_named_t *)ksp->ks_data; 283 for (cpp = kstats_names; cpp < kstats_names + Dim(kstats_names); 284 cpp++) { 285 kstat_named_init(knt, *cpp, KSTAT_DATA_UINT32); 286 knt++; 287 } 288 for (cpp = kstats64_names; cpp < kstats64_names + Dim(kstats64_names); 289 cpp++) { 290 kstat_named_init(knt, *cpp, KSTAT_DATA_UINT64); 291 knt++; 292 } 293 ksp->ks_update = sppp_kstat_update; 294 ksp->ks_private = (void *)ppa; 295 kstat_install(ksp); 296 297 /* link to the next ppa and insert into global list */ 298 availppa = &ppa_list; 299 while ((curppa = *availppa) != NULL) { 300 if (ppa_id < curppa->ppa_ppa_id) 301 break; 302 availppa = &curppa->ppa_nextppa; 303 } 304 ppa->ppa_nextppa = *availppa; 305 *availppa = ppa; 306 return (ppa); 307 } 308 309 /* 310 * sppp_close() 311 * 312 * MT-Perimeters: 313 * exclusive inner, exclusive outer. 314 * 315 * Description: 316 * Common close procedure for module. 317 */ 318 int 319 sppp_close(queue_t *q) 320 { 321 spppstr_t *sps; 322 spppstr_t **nextmn; 323 spppstr_t *sib; 324 sppa_t *ppa; 325 mblk_t *mp; 326 327 ASSERT(q != NULL && q->q_ptr != NULL); 328 sps = (spppstr_t *)q->q_ptr; 329 qprocsoff(q); 330 331 ppa = sps->sps_ppa; 332 if (ppa == NULL) { 333 ASSERT(!IS_SPS_CONTROL(sps)); 334 goto close_unattached; 335 } 336 if (IS_SPS_CONTROL(sps)) { 337 uint32_t cnt = 0; 338 339 ASSERT(ppa != NULL); 340 ASSERT(ppa->ppa_ctl == sps); 341 ppa->ppa_ctl = NULL; 342 /* 343 * STREAMS framework always issues I_UNLINK prior to close, 344 * since we only allow I_LINK under the control stream. 345 * A given ppa structure has at most one lower stream pointed 346 * by the ppa_lower_wq field, because we only allow a single 347 * linkage (I_LINK) to be done on the control stream. 348 */ 349 ASSERT(ppa->ppa_lower_wq == NULL); 350 /* 351 * Walk through all of sibling streams attached to this ppa, 352 * and remove all references to this ppa. We have exclusive 353 * access for the entire driver here, so there's no need 354 * to hold ppa_sib_lock. 355 */ 356 cnt++; 357 sib = ppa->ppa_streams; 358 while (sib != NULL) { 359 ASSERT(ppa == sib->sps_ppa); 360 sib->sps_npmode = NPMODE_DROP; 361 sib->sps_flags &= ~(SPS_PIOATTACH | SPS_CACHED); 362 /* 363 * There should be a preallocated hangup 364 * message here. Fetch it and send it up to 365 * the stream head. This will cause IP to 366 * mark the interface as "down." 367 */ 368 if ((mp = sib->sps_hangup) != NULL) { 369 sib->sps_hangup = NULL; 370 /* 371 * M_HANGUP works with IP, but snoop 372 * is lame and requires M_ERROR. Send 373 * up a clean error code instead. 374 * 375 * XXX if snoop is fixed, fix this, too. 376 */ 377 MTYPE(mp) = M_ERROR; 378 *mp->b_wptr++ = ENXIO; 379 putnext(sib->sps_rq, mp); 380 } 381 qenable(WR(sib->sps_rq)); 382 cnt++; 383 sib = sib->sps_nextsib; 384 } 385 ASSERT(ppa->ppa_refcnt == cnt); 386 } else { 387 ASSERT(ppa->ppa_streams != NULL); 388 ASSERT(ppa->ppa_ctl != sps); 389 mp = NULL; 390 if (sps->sps_sap == PPP_IP) { 391 ppa->ppa_ip_cache = NULL; 392 mp = create_lsmsg(PPP_LINKSTAT_IPV4_UNBOUND); 393 } else if (sps->sps_sap == PPP_IPV6) { 394 ppa->ppa_ip6_cache = NULL; 395 mp = create_lsmsg(PPP_LINKSTAT_IPV6_UNBOUND); 396 } 397 /* Tell the daemon the bad news. */ 398 if (mp != NULL && ppa->ppa_ctl != NULL && 399 (sps->sps_npmode == NPMODE_PASS || 400 sps->sps_npmode == NPMODE_QUEUE)) { 401 putnext(ppa->ppa_ctl->sps_rq, mp); 402 } else { 403 freemsg(mp); 404 } 405 /* 406 * Walk through all of sibling streams attached to the 407 * same ppa, and remove this stream from the sibling 408 * streams list. We have exclusive access for the 409 * entire driver here, so there's no need to hold 410 * ppa_sib_lock. 411 */ 412 sib = ppa->ppa_streams; 413 if (sib == sps) { 414 ppa->ppa_streams = sps->sps_nextsib; 415 } else { 416 while (sib->sps_nextsib != NULL) { 417 if (sib->sps_nextsib == sps) { 418 sib->sps_nextsib = sps->sps_nextsib; 419 break; 420 } 421 sib = sib->sps_nextsib; 422 } 423 } 424 sps->sps_nextsib = NULL; 425 freemsg(sps->sps_hangup); 426 sps->sps_hangup = NULL; 427 /* 428 * Check if this is a promiscous stream. If the SPS_PROMISC bit 429 * is still set, it means that the stream is closed without 430 * ever having issued DL_DETACH_REQ or DL_PROMISCOFF_REQ. 431 * In this case, we simply decrement the promiscous counter, 432 * and it's safe to do it without holding ppa_sib_lock since 433 * we're exclusive (inner and outer) at this point. 434 */ 435 if (IS_SPS_PROMISC(sps)) { 436 ASSERT(ppa->ppa_promicnt > 0); 437 ppa->ppa_promicnt--; 438 } 439 } 440 /* If we're the only one left, then delete now. */ 441 if (ppa->ppa_refcnt <= 1) 442 sppp_free_ppa(ppa); 443 else 444 ppa->ppa_refcnt--; 445 close_unattached: 446 q->q_ptr = WR(q)->q_ptr = NULL; 447 for (nextmn = &sps_list; *nextmn != NULL; 448 nextmn = &(*nextmn)->sps_nextmn) { 449 if (*nextmn == sps) { 450 *nextmn = sps->sps_nextmn; 451 break; 452 } 453 } 454 kmem_free(sps, sizeof (spppstr_t)); 455 return (0); 456 } 457 458 static void 459 sppp_ioctl(struct queue *q, mblk_t *mp) 460 { 461 spppstr_t *sps; 462 spppstr_t *nextsib; 463 sppa_t *ppa; 464 struct iocblk *iop; 465 mblk_t *nmp; 466 enum NPmode npmode; 467 struct ppp_idle *pip; 468 struct ppp_stats64 *psp; 469 struct ppp_comp_stats *pcsp; 470 hrtime_t hrtime; 471 int sap; 472 int count = 0; 473 int error = EINVAL; 474 475 sps = (spppstr_t *)q->q_ptr; 476 ppa = sps->sps_ppa; 477 478 iop = (struct iocblk *)mp->b_rptr; 479 switch (iop->ioc_cmd) { 480 case PPPIO_NPMODE: 481 if (!IS_SPS_CONTROL(sps)) { 482 break; /* return EINVAL */ 483 } else if (iop->ioc_count != 2 * sizeof (uint32_t) || 484 (mp->b_cont == NULL)) { 485 error = EPROTO; 486 break; 487 } 488 ASSERT(ppa != NULL); 489 ASSERT(mp->b_cont->b_rptr != NULL); 490 ASSERT(sps->sps_npmode == NPMODE_PASS); 491 sap = ((uint32_t *)mp->b_cont->b_rptr)[0]; 492 npmode = (enum NPmode)((uint32_t *)mp->b_cont->b_rptr)[1]; 493 /* 494 * Walk the sibling streams which belong to the same 495 * ppa, and try to find a stream with matching sap 496 * number. 497 */ 498 rw_enter(&ppa->ppa_sib_lock, RW_WRITER); 499 for (nextsib = ppa->ppa_streams; nextsib != NULL; 500 nextsib = nextsib->sps_nextsib) { 501 if (nextsib->sps_sap == sap) { 502 break; /* found it */ 503 } 504 } 505 if (nextsib == NULL) { 506 rw_exit(&ppa->ppa_sib_lock); 507 break; /* return EINVAL */ 508 } else { 509 nextsib->sps_npmode = npmode; 510 if ((nextsib->sps_npmode != NPMODE_QUEUE) && 511 (WR(nextsib->sps_rq)->q_first != NULL)) { 512 qenable(WR(nextsib->sps_rq)); 513 } 514 } 515 rw_exit(&ppa->ppa_sib_lock); 516 error = 0; /* return success */ 517 break; 518 case PPPIO_GIDLE: 519 if (ppa == NULL) { 520 ASSERT(!IS_SPS_CONTROL(sps)); 521 error = ENOLINK; 522 break; 523 } else if (!IS_PPA_TIMESTAMP(ppa)) { 524 break; /* return EINVAL */ 525 } 526 if ((nmp = allocb(sizeof (struct ppp_idle), 527 BPRI_MED)) == NULL) { 528 mutex_enter(&ppa->ppa_sta_lock); 529 ppa->ppa_allocbfail++; 530 mutex_exit(&ppa->ppa_sta_lock); 531 error = ENOSR; 532 break; 533 } 534 if (mp->b_cont != NULL) { 535 freemsg(mp->b_cont); 536 } 537 mp->b_cont = nmp; 538 pip = (struct ppp_idle *)nmp->b_wptr; 539 nmp->b_wptr += sizeof (struct ppp_idle); 540 /* 541 * Get current timestamp and subtract the tx and rx 542 * timestamps to get the actual idle time to be 543 * returned. 544 */ 545 hrtime = gethrtime(); 546 pip->xmit_idle = (hrtime - ppa->ppa_lasttx) / 1000000000ul; 547 pip->recv_idle = (hrtime - ppa->ppa_lastrx) / 1000000000ul; 548 count = msgsize(nmp); 549 error = 0; 550 break; /* return success (error is 0) */ 551 case PPPIO_GTYPE: 552 nmp = allocb(sizeof (uint32_t), BPRI_MED); 553 if (nmp == NULL) { 554 error = ENOSR; 555 break; 556 } 557 if (mp->b_cont != NULL) { 558 freemsg(mp->b_cont); 559 } 560 mp->b_cont = nmp; 561 /* 562 * Let the requestor know that we are the PPP 563 * multiplexer (PPPTYP_MUX). 564 */ 565 *(uint32_t *)nmp->b_wptr = PPPTYP_MUX; 566 nmp->b_wptr += sizeof (uint32_t); 567 count = msgsize(nmp); 568 error = 0; /* return success */ 569 break; 570 case PPPIO_GETSTAT64: 571 if (ppa == NULL) { 572 break; /* return EINVAL */ 573 } else if ((ppa->ppa_lower_wq != NULL) && 574 !IS_PPA_LASTMOD(ppa)) { 575 mutex_enter(&ppa->ppa_sta_lock); 576 /* 577 * We match sps_ioc_id on the M_IOC{ACK,NAK}, 578 * so if the response hasn't come back yet, 579 * new ioctls must be queued instead. 580 */ 581 if (IS_SPS_IOCQ(sps)) { 582 mutex_exit(&ppa->ppa_sta_lock); 583 if (!putq(q, mp)) { 584 error = EAGAIN; 585 break; 586 } 587 return; 588 } else { 589 ppa->ppa_ioctlsfwd++; 590 /* 591 * Record the ioctl CMD & ID - this will be 592 * used to check the ACK or NAK responses 593 * coming from below. 594 */ 595 sps->sps_ioc_id = iop->ioc_id; 596 sps->sps_flags |= SPS_IOCQ; 597 mutex_exit(&ppa->ppa_sta_lock); 598 } 599 putnext(ppa->ppa_lower_wq, mp); 600 return; /* don't ack or nak the request */ 601 } 602 nmp = allocb(sizeof (*psp), BPRI_MED); 603 if (nmp == NULL) { 604 mutex_enter(&ppa->ppa_sta_lock); 605 ppa->ppa_allocbfail++; 606 mutex_exit(&ppa->ppa_sta_lock); 607 error = ENOSR; 608 break; 609 } 610 if (mp->b_cont != NULL) { 611 freemsg(mp->b_cont); 612 } 613 mp->b_cont = nmp; 614 psp = (struct ppp_stats64 *)nmp->b_wptr; 615 /* 616 * Copy the contents of ppp_stats64 structure for this 617 * ppa and return them to the caller. 618 */ 619 mutex_enter(&ppa->ppa_sta_lock); 620 bcopy(&ppa->ppa_stats, psp, sizeof (*psp)); 621 mutex_exit(&ppa->ppa_sta_lock); 622 nmp->b_wptr += sizeof (*psp); 623 count = sizeof (*psp); 624 error = 0; /* return success */ 625 break; 626 case PPPIO_GETCSTAT: 627 if (ppa == NULL) { 628 break; /* return EINVAL */ 629 } else if ((ppa->ppa_lower_wq != NULL) && 630 !IS_PPA_LASTMOD(ppa)) { 631 mutex_enter(&ppa->ppa_sta_lock); 632 /* 633 * See comments in PPPIO_GETSTAT64 case 634 * in sppp_ioctl(). 635 */ 636 if (IS_SPS_IOCQ(sps)) { 637 mutex_exit(&ppa->ppa_sta_lock); 638 if (!putq(q, mp)) { 639 error = EAGAIN; 640 break; 641 } 642 return; 643 } else { 644 ppa->ppa_ioctlsfwd++; 645 /* 646 * Record the ioctl CMD & ID - this will be 647 * used to check the ACK or NAK responses 648 * coming from below. 649 */ 650 sps->sps_ioc_id = iop->ioc_id; 651 sps->sps_flags |= SPS_IOCQ; 652 mutex_exit(&ppa->ppa_sta_lock); 653 } 654 putnext(ppa->ppa_lower_wq, mp); 655 return; /* don't ack or nak the request */ 656 } 657 nmp = allocb(sizeof (struct ppp_comp_stats), BPRI_MED); 658 if (nmp == NULL) { 659 mutex_enter(&ppa->ppa_sta_lock); 660 ppa->ppa_allocbfail++; 661 mutex_exit(&ppa->ppa_sta_lock); 662 error = ENOSR; 663 break; 664 } 665 if (mp->b_cont != NULL) { 666 freemsg(mp->b_cont); 667 } 668 mp->b_cont = nmp; 669 pcsp = (struct ppp_comp_stats *)nmp->b_wptr; 670 nmp->b_wptr += sizeof (struct ppp_comp_stats); 671 bzero((caddr_t)pcsp, sizeof (struct ppp_comp_stats)); 672 count = msgsize(nmp); 673 error = 0; /* return success */ 674 break; 675 } 676 677 if (error == 0) { 678 /* Success; tell the user. */ 679 miocack(q, mp, count, 0); 680 } else { 681 /* Failure; send error back upstream. */ 682 miocnak(q, mp, 0, error); 683 } 684 } 685 686 /* 687 * sppp_uwput() 688 * 689 * MT-Perimeters: 690 * shared inner, shared outer. 691 * 692 * Description: 693 * Upper write-side put procedure. Messages from above arrive here. 694 */ 695 void 696 sppp_uwput(queue_t *q, mblk_t *mp) 697 { 698 queue_t *nextq; 699 spppstr_t *sps; 700 sppa_t *ppa; 701 struct iocblk *iop; 702 int error; 703 704 ASSERT(q != NULL && q->q_ptr != NULL); 705 ASSERT(mp != NULL && mp->b_rptr != NULL); 706 sps = (spppstr_t *)q->q_ptr; 707 ppa = sps->sps_ppa; 708 709 switch (MTYPE(mp)) { 710 case M_PCPROTO: 711 case M_PROTO: 712 if (IS_SPS_CONTROL(sps)) { 713 ASSERT(ppa != NULL); 714 /* 715 * Intentionally change this to a high priority 716 * message so it doesn't get queued up. M_PROTO is 717 * specifically used for signalling between pppd and its 718 * kernel-level component(s), such as ppptun, so we 719 * make sure that it doesn't get queued up behind 720 * data messages. 721 */ 722 MTYPE(mp) = M_PCPROTO; 723 if ((ppa->ppa_lower_wq != NULL) && 724 canputnext(ppa->ppa_lower_wq)) { 725 mutex_enter(&ppa->ppa_sta_lock); 726 ppa->ppa_mctlsfwd++; 727 mutex_exit(&ppa->ppa_sta_lock); 728 putnext(ppa->ppa_lower_wq, mp); 729 } else { 730 mutex_enter(&ppa->ppa_sta_lock); 731 ppa->ppa_mctlsfwderr++; 732 mutex_exit(&ppa->ppa_sta_lock); 733 freemsg(mp); 734 } 735 } else { 736 (void) sppp_mproto(q, mp, sps); 737 return; 738 } 739 break; 740 case M_DATA: 741 if ((nextq = sppp_send(q, &mp, sps)) != NULL) 742 putnext(nextq, mp); 743 break; 744 case M_IOCTL: 745 error = EINVAL; 746 iop = (struct iocblk *)mp->b_rptr; 747 switch (iop->ioc_cmd) { 748 case DLIOCRAW: 749 case DL_IOC_HDR_INFO: 750 case PPPIO_ATTACH: 751 case PPPIO_DEBUG: 752 case PPPIO_DETACH: 753 case PPPIO_LASTMOD: 754 case PPPIO_MRU: 755 case PPPIO_MTU: 756 case PPPIO_USETIMESTAMP: 757 case PPPIO_BLOCKNP: 758 case PPPIO_UNBLOCKNP: 759 qwriter(q, mp, sppp_inner_ioctl, PERIM_INNER); 760 return; 761 case I_LINK: 762 case I_UNLINK: 763 case PPPIO_NEWPPA: 764 qwriter(q, mp, sppp_outer_ioctl, PERIM_OUTER); 765 return; 766 case PPPIO_NPMODE: 767 case PPPIO_GIDLE: 768 case PPPIO_GTYPE: 769 case PPPIO_GETSTAT64: 770 case PPPIO_GETCSTAT: 771 /* 772 * These require additional auto variables to 773 * handle, so (for optimization reasons) 774 * they're moved off to a separate function. 775 */ 776 sppp_ioctl(q, mp); 777 return; 778 case PPPIO_GETSTAT: 779 break; /* 32 bit interface gone */ 780 default: 781 if (iop->ioc_cr == NULL || 782 secpolicy_net_config(iop->ioc_cr, B_FALSE) != 0) { 783 error = EPERM; 784 break; 785 } else if ((ppa == NULL) || 786 (ppa->ppa_lower_wq == NULL)) { 787 break; /* return EINVAL */ 788 } 789 mutex_enter(&ppa->ppa_sta_lock); 790 /* 791 * See comments in PPPIO_GETSTAT64 case 792 * in sppp_ioctl(). 793 */ 794 if (IS_SPS_IOCQ(sps)) { 795 mutex_exit(&ppa->ppa_sta_lock); 796 if (!putq(q, mp)) { 797 error = EAGAIN; 798 break; 799 } 800 return; 801 } else { 802 ppa->ppa_ioctlsfwd++; 803 /* 804 * Record the ioctl CMD & ID - 805 * this will be used to check the 806 * ACK or NAK responses coming from below. 807 */ 808 sps->sps_ioc_id = iop->ioc_id; 809 sps->sps_flags |= SPS_IOCQ; 810 mutex_exit(&ppa->ppa_sta_lock); 811 } 812 putnext(ppa->ppa_lower_wq, mp); 813 return; /* don't ack or nak the request */ 814 } 815 /* Failure; send error back upstream. */ 816 miocnak(q, mp, 0, error); 817 break; 818 case M_FLUSH: 819 if (*mp->b_rptr & FLUSHW) { 820 flushq(q, FLUSHDATA); 821 } 822 if (*mp->b_rptr & FLUSHR) { 823 *mp->b_rptr &= ~FLUSHW; 824 qreply(q, mp); 825 } else { 826 freemsg(mp); 827 } 828 break; 829 default: 830 freemsg(mp); 831 break; 832 } 833 } 834 835 /* 836 * sppp_uwsrv() 837 * 838 * MT-Perimeters: 839 * exclusive inner, shared outer. 840 * 841 * Description: 842 * Upper write-side service procedure. Note that this procedure does 843 * not get called when a message is placed on our write-side queue, since 844 * automatic queue scheduling has been turned off by noenable() when 845 * the queue was opened. We do this on purpose, as we explicitly control 846 * the write-side queue. Therefore, this procedure gets called when 847 * the lower write service procedure qenable() the upper write stream queue. 848 */ 849 void 850 sppp_uwsrv(queue_t *q) 851 { 852 spppstr_t *sps; 853 sppa_t *ppa; 854 mblk_t *mp; 855 queue_t *nextq; 856 struct iocblk *iop; 857 858 ASSERT(q != NULL && q->q_ptr != NULL); 859 sps = (spppstr_t *)q->q_ptr; 860 861 while ((mp = getq(q)) != NULL) { 862 if (MTYPE(mp) == M_IOCTL) { 863 ppa = sps->sps_ppa; 864 if ((ppa == NULL) || (ppa->ppa_lower_wq == NULL)) { 865 miocnak(q, mp, 0, EINVAL); 866 continue; 867 } 868 869 iop = (struct iocblk *)mp->b_rptr; 870 mutex_enter(&ppa->ppa_sta_lock); 871 /* 872 * See comments in PPPIO_GETSTAT64 case 873 * in sppp_ioctl(). 874 */ 875 if (IS_SPS_IOCQ(sps)) { 876 mutex_exit(&ppa->ppa_sta_lock); 877 if (putbq(q, mp) == 0) 878 miocnak(q, mp, 0, EAGAIN); 879 break; 880 } else { 881 ppa->ppa_ioctlsfwd++; 882 sps->sps_ioc_id = iop->ioc_id; 883 sps->sps_flags |= SPS_IOCQ; 884 mutex_exit(&ppa->ppa_sta_lock); 885 putnext(ppa->ppa_lower_wq, mp); 886 } 887 } else if ((nextq = 888 sppp_outpkt(q, &mp, msgdsize(mp), sps)) == NULL) { 889 if (mp != NULL) { 890 if (putbq(q, mp) == 0) 891 freemsg(mp); 892 break; 893 } 894 } else { 895 putnext(nextq, mp); 896 } 897 } 898 } 899 900 void 901 sppp_remove_ppa(spppstr_t *sps) 902 { 903 spppstr_t *nextsib; 904 sppa_t *ppa = sps->sps_ppa; 905 906 rw_enter(&ppa->ppa_sib_lock, RW_WRITER); 907 if (ppa->ppa_refcnt <= 1) { 908 rw_exit(&ppa->ppa_sib_lock); 909 sppp_free_ppa(ppa); 910 } else { 911 nextsib = ppa->ppa_streams; 912 if (nextsib == sps) { 913 ppa->ppa_streams = sps->sps_nextsib; 914 } else { 915 while (nextsib->sps_nextsib != NULL) { 916 if (nextsib->sps_nextsib == sps) { 917 nextsib->sps_nextsib = 918 sps->sps_nextsib; 919 break; 920 } 921 nextsib = nextsib->sps_nextsib; 922 } 923 } 924 ppa->ppa_refcnt--; 925 /* 926 * And if this stream was marked as promiscuous 927 * (SPS_PROMISC), then we need to update the 928 * promiscuous streams count. This should only happen 929 * when DL_DETACH_REQ is issued prior to marking the 930 * stream as non-promiscuous, through 931 * DL_PROMISCOFF_REQ request. 932 */ 933 if (IS_SPS_PROMISC(sps)) { 934 ASSERT(ppa->ppa_promicnt > 0); 935 ppa->ppa_promicnt--; 936 } 937 rw_exit(&ppa->ppa_sib_lock); 938 } 939 sps->sps_nextsib = NULL; 940 sps->sps_ppa = NULL; 941 freemsg(sps->sps_hangup); 942 sps->sps_hangup = NULL; 943 } 944 945 sppa_t * 946 sppp_find_ppa(uint32_t ppa_id) 947 { 948 sppa_t *ppa; 949 950 for (ppa = ppa_list; ppa != NULL; ppa = ppa->ppa_nextppa) { 951 if (ppa->ppa_ppa_id == ppa_id) { 952 break; /* found the ppa */ 953 } 954 } 955 return (ppa); 956 } 957 958 /* 959 * sppp_inner_ioctl() 960 * 961 * MT-Perimeters: 962 * exclusive inner, shared outer 963 * 964 * Description: 965 * Called by sppp_uwput as a result of receiving ioctls which require 966 * an exclusive access at the inner perimeter. 967 */ 968 static void 969 sppp_inner_ioctl(queue_t *q, mblk_t *mp) 970 { 971 spppstr_t *sps; 972 sppa_t *ppa; 973 struct iocblk *iop; 974 mblk_t *nmp; 975 int error = EINVAL; 976 int count = 0; 977 int dbgcmd; 978 int mru, mtu; 979 uint32_t ppa_id; 980 hrtime_t hrtime; 981 uint16_t proto; 982 983 ASSERT(q != NULL && q->q_ptr != NULL); 984 ASSERT(mp != NULL && mp->b_rptr != NULL); 985 986 sps = (spppstr_t *)q->q_ptr; 987 ppa = sps->sps_ppa; 988 iop = (struct iocblk *)mp->b_rptr; 989 switch (iop->ioc_cmd) { 990 case DLIOCRAW: 991 if (IS_SPS_CONTROL(sps)) { 992 break; /* return EINVAL */ 993 } 994 sps->sps_flags |= SPS_RAWDATA; 995 error = 0; /* return success */ 996 break; 997 case DL_IOC_HDR_INFO: 998 if (IS_SPS_CONTROL(sps)) { 999 break; /* return EINVAL */ 1000 } else if ((mp->b_cont == NULL) || 1001 *((t_uscalar_t *)mp->b_cont->b_rptr) != DL_UNITDATA_REQ || 1002 (MBLKL(mp->b_cont) < (sizeof (dl_unitdata_req_t) + 1003 SPPP_ADDRL))) { 1004 error = EPROTO; 1005 break; 1006 } else if (ppa == NULL) { 1007 error = ENOLINK; 1008 break; 1009 } 1010 if ((nmp = allocb(PPP_HDRLEN, BPRI_MED)) == NULL) { 1011 mutex_enter(&ppa->ppa_sta_lock); 1012 ppa->ppa_allocbfail++; 1013 mutex_exit(&ppa->ppa_sta_lock); 1014 error = ENOMEM; 1015 break; 1016 } 1017 *(uchar_t *)nmp->b_wptr++ = PPP_ALLSTATIONS; 1018 *(uchar_t *)nmp->b_wptr++ = PPP_UI; 1019 *(uchar_t *)nmp->b_wptr++ = sps->sps_sap >> 8; 1020 *(uchar_t *)nmp->b_wptr++ = sps->sps_sap & 0xff; 1021 ASSERT(MBLKL(nmp) == PPP_HDRLEN); 1022 1023 linkb(mp, nmp); 1024 sps->sps_flags |= SPS_FASTPATH; 1025 error = 0; /* return success */ 1026 count = msgsize(nmp); 1027 break; 1028 case PPPIO_ATTACH: 1029 if (IS_SPS_CONTROL(sps) || IS_SPS_PIOATTACH(sps) || 1030 (sps->sps_dlstate != DL_UNATTACHED) || 1031 (iop->ioc_count != sizeof (uint32_t))) { 1032 break; /* return EINVAL */ 1033 } else if (mp->b_cont == NULL) { 1034 error = EPROTO; 1035 break; 1036 } 1037 ASSERT(mp->b_cont->b_rptr != NULL); 1038 /* If there's something here, it's detached. */ 1039 if (ppa != NULL) { 1040 sppp_remove_ppa(sps); 1041 } 1042 ppa_id = *(uint32_t *)mp->b_cont->b_rptr; 1043 ppa = sppp_find_ppa(ppa_id); 1044 /* 1045 * If we can't find it, then it's either because the requestor 1046 * has supplied a wrong ppa_id to be attached to, or because 1047 * the control stream for the specified ppa_id has been closed 1048 * before we get here. 1049 */ 1050 if (ppa == NULL) { 1051 error = ENOENT; 1052 break; 1053 } 1054 /* 1055 * Preallocate the hangup message so that we're always 1056 * able to send this upstream in the event of a 1057 * catastrophic failure. 1058 */ 1059 if ((sps->sps_hangup = allocb(1, BPRI_MED)) == NULL) { 1060 error = ENOSR; 1061 break; 1062 } 1063 /* 1064 * There are two ways to attach a stream to a ppa: one is 1065 * through DLPI (DL_ATTACH_REQ) and the other is through 1066 * PPPIO_ATTACH. This is why we need to distinguish whether or 1067 * not a stream was allocated via PPPIO_ATTACH, so that we can 1068 * properly detach it when we receive PPPIO_DETACH ioctl 1069 * request. 1070 */ 1071 sps->sps_flags |= SPS_PIOATTACH; 1072 sps->sps_ppa = ppa; 1073 /* 1074 * Add this stream to the head of the list of sibling streams 1075 * which belong to the same ppa as specified. 1076 */ 1077 rw_enter(&ppa->ppa_sib_lock, RW_WRITER); 1078 ppa->ppa_refcnt++; 1079 sps->sps_nextsib = ppa->ppa_streams; 1080 ppa->ppa_streams = sps; 1081 rw_exit(&ppa->ppa_sib_lock); 1082 error = 0; /* return success */ 1083 break; 1084 case PPPIO_BLOCKNP: 1085 case PPPIO_UNBLOCKNP: 1086 if (iop->ioc_cr == NULL || 1087 secpolicy_net_config(iop->ioc_cr, B_FALSE) != 0) { 1088 error = EPERM; 1089 break; 1090 } 1091 error = miocpullup(mp, sizeof (uint16_t)); 1092 if (error != 0) 1093 break; 1094 ASSERT(mp->b_cont->b_rptr != NULL); 1095 proto = *(uint16_t *)mp->b_cont->b_rptr; 1096 if (iop->ioc_cmd == PPPIO_BLOCKNP) { 1097 uint32_t npflagpos = sppp_ppp2np(proto); 1098 /* 1099 * Mark proto as blocked in ppa_npflag until the 1100 * corresponding queues for proto have been plumbed. 1101 */ 1102 if (npflagpos != 0) { 1103 mutex_enter(&ppa->ppa_npmutex); 1104 ppa->ppa_npflag |= (1 << npflagpos); 1105 mutex_exit(&ppa->ppa_npmutex); 1106 } else { 1107 error = EINVAL; 1108 } 1109 } else { 1110 /* 1111 * reset ppa_npflag and release proto 1112 * packets that were being held in control queue. 1113 */ 1114 sppp_release_pkts(ppa, proto); 1115 } 1116 break; 1117 case PPPIO_DEBUG: 1118 if (iop->ioc_cr == NULL || 1119 secpolicy_net_config(iop->ioc_cr, B_FALSE) != 0) { 1120 error = EPERM; 1121 break; 1122 } else if (iop->ioc_count != sizeof (uint32_t)) { 1123 break; /* return EINVAL */ 1124 } else if (mp->b_cont == NULL) { 1125 error = EPROTO; 1126 break; 1127 } 1128 ASSERT(mp->b_cont->b_rptr != NULL); 1129 dbgcmd = *(uint32_t *)mp->b_cont->b_rptr; 1130 /* 1131 * We accept PPPDBG_LOG + PPPDBG_DRIVER value as an indication 1132 * that SPS_KDEBUG needs to be enabled for this upper stream. 1133 */ 1134 if (dbgcmd == PPPDBG_LOG + PPPDBG_DRIVER) { 1135 sps->sps_flags |= SPS_KDEBUG; 1136 error = 0; /* return success */ 1137 break; 1138 } 1139 /* 1140 * Otherwise, for any other values, we send them down only if 1141 * there is an attachment and if the attachment has something 1142 * linked underneath it. 1143 */ 1144 if ((ppa == NULL) || (ppa->ppa_lower_wq == NULL)) { 1145 error = ENOLINK; 1146 break; 1147 } 1148 mutex_enter(&ppa->ppa_sta_lock); 1149 /* 1150 * See comments in PPPIO_GETSTAT64 case 1151 * in sppp_ioctl(). 1152 */ 1153 if (IS_SPS_IOCQ(sps)) { 1154 mutex_exit(&ppa->ppa_sta_lock); 1155 if (!putq(q, mp)) { 1156 error = EAGAIN; 1157 break; 1158 } 1159 return; 1160 } else { 1161 ppa->ppa_ioctlsfwd++; 1162 /* 1163 * Record the ioctl CMD & ID - 1164 * this will be used to check the 1165 * ACK or NAK responses coming from below. 1166 */ 1167 sps->sps_ioc_id = iop->ioc_id; 1168 sps->sps_flags |= SPS_IOCQ; 1169 mutex_exit(&ppa->ppa_sta_lock); 1170 } 1171 putnext(ppa->ppa_lower_wq, mp); 1172 return; /* don't ack or nak the request */ 1173 case PPPIO_DETACH: 1174 if (!IS_SPS_PIOATTACH(sps)) { 1175 break; /* return EINVAL */ 1176 } 1177 /* 1178 * The SPS_PIOATTACH flag set on the stream tells us that 1179 * the ppa field is still valid. In the event that the control 1180 * stream be closed prior to this stream's detachment, the 1181 * SPS_PIOATTACH flag would have been cleared from this stream 1182 * during close; in that case we won't get here. 1183 */ 1184 ASSERT(ppa != NULL); 1185 ASSERT(ppa->ppa_ctl != sps); 1186 ASSERT(sps->sps_dlstate == DL_UNATTACHED); 1187 1188 /* 1189 * We don't actually detach anything until the stream is 1190 * closed or reattached. 1191 */ 1192 1193 sps->sps_flags &= ~SPS_PIOATTACH; 1194 error = 0; /* return success */ 1195 break; 1196 case PPPIO_LASTMOD: 1197 if (!IS_SPS_CONTROL(sps)) { 1198 break; /* return EINVAL */ 1199 } 1200 ASSERT(ppa != NULL); 1201 ppa->ppa_flags |= PPA_LASTMOD; 1202 error = 0; /* return success */ 1203 break; 1204 case PPPIO_MRU: 1205 if (!IS_SPS_CONTROL(sps) || 1206 (iop->ioc_count != sizeof (uint32_t))) { 1207 break; /* return EINVAL */ 1208 } else if (mp->b_cont == NULL) { 1209 error = EPROTO; 1210 break; 1211 } 1212 ASSERT(ppa != NULL); 1213 ASSERT(mp->b_cont->b_rptr != NULL); 1214 mru = *(uint32_t *)mp->b_cont->b_rptr; 1215 if ((mru <= 0) || (mru > PPP_MAXMRU)) { 1216 error = EPROTO; 1217 break; 1218 } 1219 if (mru < PPP_MRU) { 1220 mru = PPP_MRU; 1221 } 1222 ppa->ppa_mru = (uint16_t)mru; 1223 /* 1224 * If there's something beneath this driver for the ppa, then 1225 * inform it (or them) of the MRU size. Only do this is we 1226 * are not the last PPP module on the stream. 1227 */ 1228 if (!IS_PPA_LASTMOD(ppa) && (ppa->ppa_lower_wq != NULL)) { 1229 (void) putctl4(ppa->ppa_lower_wq, M_CTL, PPPCTL_MRU, 1230 mru); 1231 } 1232 error = 0; /* return success */ 1233 break; 1234 case PPPIO_MTU: 1235 if (!IS_SPS_CONTROL(sps) || 1236 (iop->ioc_count != sizeof (uint32_t))) { 1237 break; /* return EINVAL */ 1238 } else if (mp->b_cont == NULL) { 1239 error = EPROTO; 1240 break; 1241 } 1242 ASSERT(ppa != NULL); 1243 ASSERT(mp->b_cont->b_rptr != NULL); 1244 mtu = *(uint32_t *)mp->b_cont->b_rptr; 1245 if ((mtu <= 0) || (mtu > PPP_MAXMTU)) { 1246 error = EPROTO; 1247 break; 1248 } 1249 ppa->ppa_mtu = (uint16_t)mtu; 1250 /* 1251 * If there's something beneath this driver for the ppa, then 1252 * inform it (or them) of the MTU size. Only do this if we 1253 * are not the last PPP module on the stream. 1254 */ 1255 if (!IS_PPA_LASTMOD(ppa) && (ppa->ppa_lower_wq != NULL)) { 1256 (void) putctl4(ppa->ppa_lower_wq, M_CTL, PPPCTL_MTU, 1257 mtu); 1258 } 1259 error = 0; /* return success */ 1260 break; 1261 case PPPIO_USETIMESTAMP: 1262 if (!IS_SPS_CONTROL(sps)) { 1263 break; /* return EINVAL */ 1264 } 1265 if (!IS_PPA_TIMESTAMP(ppa)) { 1266 hrtime = gethrtime(); 1267 ppa->ppa_lasttx = ppa->ppa_lastrx = hrtime; 1268 ppa->ppa_flags |= PPA_TIMESTAMP; 1269 } 1270 error = 0; 1271 break; 1272 } 1273 1274 if (error == 0) { 1275 /* Success; tell the user */ 1276 miocack(q, mp, count, 0); 1277 } else { 1278 /* Failure; send error back upstream */ 1279 miocnak(q, mp, 0, error); 1280 } 1281 } 1282 1283 /* 1284 * sppp_outer_ioctl() 1285 * 1286 * MT-Perimeters: 1287 * exclusive inner, exclusive outer 1288 * 1289 * Description: 1290 * Called by sppp_uwput as a result of receiving ioctls which require 1291 * an exclusive access at the outer perimeter. 1292 */ 1293 static void 1294 sppp_outer_ioctl(queue_t *q, mblk_t *mp) 1295 { 1296 spppstr_t *sps; 1297 spppstr_t *nextsib; 1298 queue_t *lwq; 1299 sppa_t *ppa; 1300 struct iocblk *iop; 1301 int error = EINVAL; 1302 int count = 0; 1303 uint32_t ppa_id; 1304 mblk_t *nmp; 1305 1306 ASSERT(q != NULL && q->q_ptr != NULL); 1307 ASSERT(mp != NULL && mp->b_rptr != NULL); 1308 1309 sps = (spppstr_t *)q->q_ptr; 1310 ppa = sps->sps_ppa; 1311 iop = (struct iocblk *)mp->b_rptr; 1312 switch (iop->ioc_cmd) { 1313 case I_LINK: 1314 if (!IS_SPS_CONTROL(sps)) { 1315 break; /* return EINVAL */ 1316 } else if (ppa->ppa_lower_wq != NULL) { 1317 error = EEXIST; 1318 break; 1319 } 1320 ASSERT(ppa->ppa_ctl != NULL); 1321 ASSERT(sps->sps_npmode == NPMODE_PASS); 1322 ASSERT(mp->b_cont != NULL && mp->b_cont->b_rptr != NULL); 1323 1324 lwq = ((struct linkblk *)mp->b_cont->b_rptr)->l_qbot; 1325 ASSERT(lwq != NULL); 1326 1327 ppa->ppa_lower_wq = lwq; 1328 lwq->q_ptr = RD(lwq)->q_ptr = (caddr_t)ppa; 1329 /* 1330 * Unblock upper network streams which now feed this lower 1331 * stream. We don't need to hold ppa_sib_lock here, since we 1332 * are writer at the outer perimeter. 1333 */ 1334 if (WR(sps->sps_rq)->q_first != NULL) 1335 qenable(WR(sps->sps_rq)); 1336 for (nextsib = ppa->ppa_streams; nextsib != NULL; 1337 nextsib = nextsib->sps_nextsib) { 1338 nextsib->sps_npmode = NPMODE_PASS; 1339 if (WR(nextsib->sps_rq)->q_first != NULL) { 1340 qenable(WR(nextsib->sps_rq)); 1341 } 1342 } 1343 /* 1344 * Send useful information down to the modules which are now 1345 * linked below this driver (for this particular ppa). Only 1346 * do this if we are not the last PPP module on the stream. 1347 */ 1348 if (!IS_PPA_LASTMOD(ppa)) { 1349 (void) putctl8(lwq, M_CTL, PPPCTL_UNIT, 1350 ppa->ppa_ppa_id); 1351 (void) putctl4(lwq, M_CTL, PPPCTL_MRU, ppa->ppa_mru); 1352 (void) putctl4(lwq, M_CTL, PPPCTL_MTU, ppa->ppa_mtu); 1353 } 1354 1355 if (IS_SPS_KDEBUG(sps)) { 1356 SPDEBUG(PPP_DRV_NAME 1357 "/%d: I_LINK lwq=0x%p sps=0x%p flags=0x%b ppa=0x%p " 1358 "flags=0x%b\n", sps->sps_mn_id, 1359 (void *)ppa->ppa_lower_wq, (void *)sps, 1360 sps->sps_flags, SPS_FLAGS_STR, 1361 (void *)ppa, ppa->ppa_flags, 1362 PPA_FLAGS_STR); 1363 } 1364 error = 0; /* return success */ 1365 break; 1366 case I_UNLINK: 1367 ASSERT(IS_SPS_CONTROL(sps)); 1368 ASSERT(ppa != NULL); 1369 lwq = ppa->ppa_lower_wq; 1370 ASSERT(mp->b_cont != NULL && mp->b_cont->b_rptr != NULL); 1371 ASSERT(lwq == ((struct linkblk *)mp->b_cont->b_rptr)->l_qbot); 1372 1373 if (IS_SPS_KDEBUG(sps)) { 1374 SPDEBUG(PPP_DRV_NAME 1375 "/%d: I_UNLINK lwq=0x%p sps=0x%p flags=0x%b " 1376 "ppa=0x%p flags=0x%b\n", sps->sps_mn_id, 1377 (void *)lwq, (void *)sps, sps->sps_flags, 1378 SPS_FLAGS_STR, (void *)ppa, ppa->ppa_flags, 1379 PPA_FLAGS_STR); 1380 } 1381 /* 1382 * While accessing the outer perimeter exclusively, we 1383 * disassociate our ppa's lower_wq from the lower stream linked 1384 * beneath us, and we also disassociate our control stream from 1385 * the q_ptr of the lower stream. 1386 */ 1387 lwq->q_ptr = RD(lwq)->q_ptr = NULL; 1388 ppa->ppa_lower_wq = NULL; 1389 /* 1390 * Unblock streams which now feed back up the control stream, 1391 * and acknowledge the request. We don't need to hold 1392 * ppa_sib_lock here, since we are writer at the outer 1393 * perimeter. 1394 */ 1395 if (WR(sps->sps_rq)->q_first != NULL) 1396 qenable(WR(sps->sps_rq)); 1397 for (nextsib = ppa->ppa_streams; nextsib != NULL; 1398 nextsib = nextsib->sps_nextsib) { 1399 if (WR(nextsib->sps_rq)->q_first != NULL) { 1400 qenable(WR(nextsib->sps_rq)); 1401 } 1402 } 1403 error = 0; /* return success */ 1404 break; 1405 case PPPIO_NEWPPA: 1406 /* 1407 * Do sanity check to ensure that we don't accept PPPIO_NEWPPA 1408 * on a stream which DLPI is used (since certain DLPI messages 1409 * will cause state transition reflected in sps_dlstate, 1410 * changing it from its default DL_UNATTACHED value). In other 1411 * words, we won't allow a network/snoop stream to become 1412 * a control stream. 1413 */ 1414 if (iop->ioc_cr == NULL || 1415 secpolicy_net_config(iop->ioc_cr, B_FALSE) != 0) { 1416 error = EPERM; 1417 break; 1418 } else if (IS_SPS_CONTROL(sps) || IS_SPS_PIOATTACH(sps) || 1419 (ppa != NULL) || (sps->sps_dlstate != DL_UNATTACHED)) { 1420 break; /* return EINVAL */ 1421 } 1422 /* Get requested unit number (if any) */ 1423 if (iop->ioc_count == sizeof (uint32_t) && mp->b_cont != NULL) 1424 ppa_id = *(uint32_t *)mp->b_cont->b_rptr; 1425 else 1426 ppa_id = 0; 1427 /* Get mblk to use for response message */ 1428 nmp = allocb(sizeof (uint32_t), BPRI_MED); 1429 if (nmp == NULL) { 1430 error = ENOSR; 1431 break; 1432 } 1433 if (mp->b_cont != NULL) { 1434 freemsg(mp->b_cont); 1435 } 1436 mp->b_cont = nmp; /* chain our response mblk */ 1437 /* 1438 * Walk the global ppa list and determine the lowest 1439 * available ppa_id number to be used. 1440 */ 1441 if (ppa_id == (uint32_t)-1) 1442 ppa_id = 0; 1443 for (ppa = ppa_list; ppa != NULL; ppa = ppa->ppa_nextppa) { 1444 if (ppa_id == (uint32_t)-2) { 1445 if (ppa->ppa_ctl == NULL) 1446 break; 1447 } else { 1448 if (ppa_id < ppa->ppa_ppa_id) 1449 break; 1450 if (ppa_id == ppa->ppa_ppa_id) 1451 ++ppa_id; 1452 } 1453 } 1454 if (ppa_id == (uint32_t)-2) { 1455 if (ppa == NULL) { 1456 error = ENXIO; 1457 break; 1458 } 1459 /* Clear timestamp and lastmod flags */ 1460 ppa->ppa_flags = 0; 1461 } else { 1462 ppa = sppp_create_ppa(ppa_id); 1463 if (ppa == NULL) { 1464 error = ENOMEM; 1465 break; 1466 } 1467 } 1468 1469 sps->sps_ppa = ppa; /* chain the ppa structure */ 1470 sps->sps_npmode = NPMODE_PASS; /* network packets may travel */ 1471 sps->sps_flags |= SPS_CONTROL; /* this is the control stream */ 1472 1473 ppa->ppa_refcnt++; /* new PPA reference */ 1474 ppa->ppa_ctl = sps; /* back ptr to upper stream */ 1475 /* 1476 * Return the newly created ppa_id to the requestor and 1477 * acnowledge the request. 1478 */ 1479 *(uint32_t *)nmp->b_wptr = ppa->ppa_ppa_id; 1480 nmp->b_wptr += sizeof (uint32_t); 1481 1482 if (IS_SPS_KDEBUG(sps)) { 1483 SPDEBUG(PPP_DRV_NAME 1484 "/%d: PPPIO_NEWPPA ppa_id=%d sps=0x%p flags=0x%b " 1485 "ppa=0x%p flags=0x%b\n", sps->sps_mn_id, ppa_id, 1486 (void *)sps, sps->sps_flags, SPS_FLAGS_STR, 1487 (void *)ppa, ppa->ppa_flags, 1488 PPA_FLAGS_STR); 1489 } 1490 count = msgsize(nmp); 1491 error = 0; 1492 break; 1493 } 1494 1495 if (error == 0) { 1496 /* Success; tell the user. */ 1497 miocack(q, mp, count, 0); 1498 } else { 1499 /* Failure; send error back upstream. */ 1500 miocnak(q, mp, 0, error); 1501 } 1502 } 1503 1504 /* 1505 * sppp_send() 1506 * 1507 * MT-Perimeters: 1508 * shared inner, shared outer. 1509 * 1510 * Description: 1511 * Called by sppp_uwput to handle M_DATA message type. Returns 1512 * queue_t for putnext, or NULL to mean that the packet was 1513 * handled internally. 1514 */ 1515 static queue_t * 1516 sppp_send(queue_t *q, mblk_t **mpp, spppstr_t *sps) 1517 { 1518 mblk_t *mp; 1519 sppa_t *ppa; 1520 int is_promisc; 1521 int msize; 1522 int error = 0; 1523 queue_t *nextq; 1524 1525 ASSERT(mpp != NULL); 1526 mp = *mpp; 1527 ASSERT(q != NULL && q->q_ptr != NULL); 1528 ASSERT(mp != NULL && mp->b_rptr != NULL); 1529 ASSERT(sps != NULL); 1530 ASSERT(q->q_ptr == sps); 1531 /* 1532 * We only let M_DATA through if the sender is either the control 1533 * stream (for PPP control packets) or one of the network streams 1534 * (for IP packets) in IP fastpath mode. If this stream is not attached 1535 * to any ppas, then discard data coming down through this stream. 1536 */ 1537 ppa = sps->sps_ppa; 1538 if (ppa == NULL) { 1539 ASSERT(!IS_SPS_CONTROL(sps)); 1540 error = ENOLINK; 1541 } else if (!IS_SPS_CONTROL(sps) && !IS_SPS_FASTPATH(sps)) { 1542 error = EPROTO; 1543 } 1544 if (error != 0) { 1545 merror(q, mp, error); 1546 return (NULL); 1547 } 1548 msize = msgdsize(mp); 1549 if (msize > (ppa->ppa_mtu + PPP_HDRLEN)) { 1550 /* Log, and send it anyway */ 1551 mutex_enter(&ppa->ppa_sta_lock); 1552 ppa->ppa_otoolongs++; 1553 mutex_exit(&ppa->ppa_sta_lock); 1554 } else if (msize < PPP_HDRLEN) { 1555 /* 1556 * Log, and send it anyway. We log it because we get things 1557 * in M_DATA form here, which tells us that the sender is 1558 * either IP in fastpath transmission mode, or pppd. In both 1559 * cases, they are currently expected to send the 4-bytes 1560 * PPP header in front of any possible payloads. 1561 */ 1562 mutex_enter(&ppa->ppa_sta_lock); 1563 ppa->ppa_orunts++; 1564 mutex_exit(&ppa->ppa_sta_lock); 1565 } 1566 1567 if (IS_SPS_KDEBUG(sps)) { 1568 SPDEBUG(PPP_DRV_NAME 1569 "/%d: M_DATA send (%d bytes) sps=0x%p flags=0x%b " 1570 "ppa=0x%p flags=0x%b\n", sps->sps_mn_id, msize, 1571 (void *)sps, sps->sps_flags, SPS_FLAGS_STR, 1572 (void *)ppa, ppa->ppa_flags, PPA_FLAGS_STR); 1573 } 1574 /* 1575 * Should there be any promiscuous stream(s), send the data up 1576 * for each promiscuous stream that we recognize. Make sure that 1577 * for fastpath, we skip the PPP header in the M_DATA mblk. We skip 1578 * the control stream as we obviously never allow the control stream 1579 * to become promiscous and bind to PPP_ALLSAP. 1580 */ 1581 rw_enter(&ppa->ppa_sib_lock, RW_READER); 1582 is_promisc = sps->sps_ppa->ppa_promicnt; 1583 if (is_promisc) { 1584 ASSERT(ppa->ppa_streams != NULL); 1585 sppp_dlprsendup(ppa->ppa_streams, mp, sps->sps_sap, B_TRUE); 1586 } 1587 rw_exit(&ppa->ppa_sib_lock); 1588 /* 1589 * Only time-stamp the packet with hrtime if the upper stream 1590 * is configured to do so. PPP control (negotiation) messages 1591 * are never considered link activity; only data is activity. 1592 */ 1593 if (!IS_SPS_CONTROL(sps) && IS_PPA_TIMESTAMP(ppa)) { 1594 ppa->ppa_lasttx = gethrtime(); 1595 } 1596 /* 1597 * If there's already a message in the write-side service queue, 1598 * then queue this message there as well, otherwise, try to send 1599 * it down to the module immediately below us. 1600 */ 1601 if (q->q_first != NULL || 1602 (nextq = sppp_outpkt(q, mpp, msize, sps)) == NULL) { 1603 mp = *mpp; 1604 if (mp != NULL && putq(q, mp) == 0) { 1605 mutex_enter(&ppa->ppa_sta_lock); 1606 ppa->ppa_oqdropped++; 1607 mutex_exit(&ppa->ppa_sta_lock); 1608 freemsg(mp); 1609 } 1610 return (NULL); 1611 } 1612 return (nextq); 1613 } 1614 1615 /* 1616 * sppp_outpkt() 1617 * 1618 * MT-Perimeters: 1619 * shared inner, shared outer (if called from sppp_wput, sppp_dlunitdatareq). 1620 * exclusive inner, shared outer (if called from sppp_wsrv). 1621 * 1622 * Description: 1623 * Called from 1) sppp_uwput when processing a M_DATA fastpath message, 1624 * or 2) sppp_uwsrv when processing the upper write-side service queue. 1625 * For both cases, it prepares to send the data to the module below 1626 * this driver if there is a lower stream linked underneath. If none, then 1627 * the data will be sent upstream via the control channel to pppd. 1628 * 1629 * Returns: 1630 * Non-NULL queue_t if message should be sent now, otherwise 1631 * if *mpp == NULL, then message was freed, otherwise put *mpp 1632 * (back) on the queue. (Does not do putq/putbq, since it's 1633 * called both from srv and put procedures.) 1634 */ 1635 static queue_t * 1636 sppp_outpkt(queue_t *q, mblk_t **mpp, int msize, spppstr_t *sps) 1637 { 1638 mblk_t *mp; 1639 sppa_t *ppa; 1640 enum NPmode npmode; 1641 mblk_t *mpnew; 1642 1643 ASSERT(mpp != NULL); 1644 mp = *mpp; 1645 ASSERT(q != NULL && q->q_ptr != NULL); 1646 ASSERT(mp != NULL && mp->b_rptr != NULL); 1647 ASSERT(sps != NULL); 1648 1649 ppa = sps->sps_ppa; 1650 npmode = sps->sps_npmode; 1651 1652 if (npmode == NPMODE_QUEUE) { 1653 ASSERT(!IS_SPS_CONTROL(sps)); 1654 return (NULL); /* queue it for later */ 1655 } else if (ppa == NULL || ppa->ppa_ctl == NULL || 1656 npmode == NPMODE_DROP || npmode == NPMODE_ERROR) { 1657 /* 1658 * This can not be the control stream, as it must always have 1659 * a valid ppa, and its npmode must always be NPMODE_PASS. 1660 */ 1661 ASSERT(!IS_SPS_CONTROL(sps)); 1662 if (npmode == NPMODE_DROP) { 1663 freemsg(mp); 1664 } else { 1665 /* 1666 * If we no longer have the control stream, or if the 1667 * mode is set to NPMODE_ERROR, then we need to tell IP 1668 * that the interface need to be marked as down. In 1669 * other words, we tell IP to be quiescent. 1670 */ 1671 merror(q, mp, EPROTO); 1672 } 1673 *mpp = NULL; 1674 return (NULL); /* don't queue it */ 1675 } 1676 /* 1677 * Do we have a driver stream linked underneath ? If not, we need to 1678 * notify pppd that the link needs to be brought up and configure 1679 * this upper stream to drop subsequent outgoing packets. This is 1680 * for demand-dialing, in which case pppd has done the IP plumbing 1681 * but hasn't linked the driver stream underneath us. Therefore, when 1682 * a packet is sent down the IP interface, a notification message 1683 * will be sent up the control stream to pppd in order for it to 1684 * establish the physical link. The driver stream is then expected 1685 * to be linked underneath after physical link establishment is done. 1686 */ 1687 if (ppa->ppa_lower_wq == NULL) { 1688 ASSERT(ppa->ppa_ctl != NULL); 1689 ASSERT(ppa->ppa_ctl->sps_rq != NULL); 1690 1691 *mpp = NULL; 1692 mpnew = create_lsmsg(PPP_LINKSTAT_NEEDUP); 1693 if (mpnew == NULL) { 1694 freemsg(mp); 1695 mutex_enter(&ppa->ppa_sta_lock); 1696 ppa->ppa_allocbfail++; 1697 mutex_exit(&ppa->ppa_sta_lock); 1698 return (NULL); /* don't queue it */ 1699 } 1700 /* Include the data in the message for logging. */ 1701 mpnew->b_cont = mp; 1702 mutex_enter(&ppa->ppa_sta_lock); 1703 ppa->ppa_lsneedup++; 1704 mutex_exit(&ppa->ppa_sta_lock); 1705 /* 1706 * We need to set the mode to NPMODE_DROP, but should only 1707 * do so when this stream is not the control stream. 1708 */ 1709 if (!IS_SPS_CONTROL(sps)) { 1710 sps->sps_npmode = NPMODE_DROP; 1711 } 1712 putnext(ppa->ppa_ctl->sps_rq, mpnew); 1713 return (NULL); /* don't queue it */ 1714 } 1715 /* 1716 * If so, then try to send it down. The lower queue is only ever 1717 * detached while holding an exclusive lock on the whole driver, 1718 * so we can be confident that the lower queue is still there. 1719 */ 1720 if (bcanputnext(ppa->ppa_lower_wq, mp->b_band)) { 1721 mutex_enter(&ppa->ppa_sta_lock); 1722 ppa->ppa_stats.p.ppp_opackets++; 1723 if (IS_SPS_CONTROL(sps)) { 1724 ppa->ppa_opkt_ctl++; 1725 } 1726 ppa->ppa_stats.p.ppp_obytes += msize; 1727 mutex_exit(&ppa->ppa_sta_lock); 1728 return (ppa->ppa_lower_wq); /* don't queue it */ 1729 } 1730 return (NULL); /* queue it for later */ 1731 } 1732 1733 /* 1734 * sppp_lwsrv() 1735 * 1736 * MT-Perimeters: 1737 * exclusive inner, shared outer. 1738 * 1739 * Description: 1740 * Lower write-side service procedure. No messages are ever placed on 1741 * the write queue here, this just back-enables all upper write side 1742 * service procedures. 1743 */ 1744 void 1745 sppp_lwsrv(queue_t *q) 1746 { 1747 sppa_t *ppa; 1748 spppstr_t *nextsib; 1749 1750 ASSERT(q != NULL && q->q_ptr != NULL); 1751 ppa = (sppa_t *)q->q_ptr; 1752 ASSERT(ppa != NULL); 1753 1754 rw_enter(&ppa->ppa_sib_lock, RW_READER); 1755 if ((nextsib = ppa->ppa_ctl) != NULL && 1756 WR(nextsib->sps_rq)->q_first != NULL) 1757 qenable(WR(nextsib->sps_rq)); 1758 for (nextsib = ppa->ppa_streams; nextsib != NULL; 1759 nextsib = nextsib->sps_nextsib) { 1760 if (WR(nextsib->sps_rq)->q_first != NULL) { 1761 qenable(WR(nextsib->sps_rq)); 1762 } 1763 } 1764 rw_exit(&ppa->ppa_sib_lock); 1765 } 1766 1767 /* 1768 * sppp_lrput() 1769 * 1770 * MT-Perimeters: 1771 * shared inner, shared outer. 1772 * 1773 * Description: 1774 * Lower read-side put procedure. Messages from below get here. 1775 * Data messages are handled separately to limit stack usage 1776 * going into IP. 1777 * 1778 * Note that during I_UNLINK processing, it's possible for a downstream 1779 * message to enable upstream data (due to pass_wput() removing the 1780 * SQ_BLOCKED flag), and thus we must protect against a NULL sppa pointer. 1781 * In this case, the only thing above us is passthru, and we might as well 1782 * discard. 1783 */ 1784 void 1785 sppp_lrput(queue_t *q, mblk_t *mp) 1786 { 1787 sppa_t *ppa; 1788 spppstr_t *sps; 1789 1790 if ((ppa = q->q_ptr) == NULL) { 1791 freemsg(mp); 1792 return; 1793 } 1794 1795 sps = ppa->ppa_ctl; 1796 1797 if (MTYPE(mp) != M_DATA) { 1798 sppp_recv_nondata(q, mp, sps); 1799 } else if (sps == NULL) { 1800 freemsg(mp); 1801 } else if ((q = sppp_recv(q, &mp, sps)) != NULL) { 1802 putnext(q, mp); 1803 } 1804 } 1805 1806 /* 1807 * sppp_recv_nondata() 1808 * 1809 * MT-Perimeters: 1810 * shared inner, shared outer. 1811 * 1812 * Description: 1813 * All received non-data messages come through here. 1814 */ 1815 static void 1816 sppp_recv_nondata(queue_t *q, mblk_t *mp, spppstr_t *ctlsps) 1817 { 1818 sppa_t *ppa; 1819 spppstr_t *destsps; 1820 struct iocblk *iop; 1821 1822 ppa = (sppa_t *)q->q_ptr; 1823 ctlsps = ppa->ppa_ctl; 1824 1825 switch (MTYPE(mp)) { 1826 case M_CTL: 1827 mutex_enter(&ppa->ppa_sta_lock); 1828 if (*mp->b_rptr == PPPCTL_IERROR) { 1829 ppa->ppa_stats.p.ppp_ierrors++; 1830 ppa->ppa_ierr_low++; 1831 ppa->ppa_mctlsknown++; 1832 } else if (*mp->b_rptr == PPPCTL_OERROR) { 1833 ppa->ppa_stats.p.ppp_oerrors++; 1834 ppa->ppa_oerr_low++; 1835 ppa->ppa_mctlsknown++; 1836 } else { 1837 ppa->ppa_mctlsunknown++; 1838 } 1839 mutex_exit(&ppa->ppa_sta_lock); 1840 freemsg(mp); 1841 break; 1842 case M_IOCTL: 1843 miocnak(q, mp, 0, EINVAL); 1844 break; 1845 case M_IOCACK: 1846 case M_IOCNAK: 1847 iop = (struct iocblk *)mp->b_rptr; 1848 ASSERT(iop != NULL); 1849 /* 1850 * Attempt to match up the response with the stream that the 1851 * request came from. If ioc_id doesn't match the one that we 1852 * recorded, then discard this message. 1853 */ 1854 rw_enter(&ppa->ppa_sib_lock, RW_READER); 1855 if ((destsps = ctlsps) == NULL || 1856 destsps->sps_ioc_id != iop->ioc_id) { 1857 destsps = ppa->ppa_streams; 1858 while (destsps != NULL) { 1859 if (destsps->sps_ioc_id == iop->ioc_id) { 1860 break; /* found the upper stream */ 1861 } 1862 destsps = destsps->sps_nextsib; 1863 } 1864 } 1865 rw_exit(&ppa->ppa_sib_lock); 1866 if (destsps == NULL) { 1867 mutex_enter(&ppa->ppa_sta_lock); 1868 ppa->ppa_ioctlsfwderr++; 1869 mutex_exit(&ppa->ppa_sta_lock); 1870 freemsg(mp); 1871 break; 1872 } 1873 mutex_enter(&ppa->ppa_sta_lock); 1874 ppa->ppa_ioctlsfwdok++; 1875 1876 /* 1877 * Clear SPS_IOCQ and enable the lower write side queue, 1878 * this would allow the upper stream service routine 1879 * to start processing the queue for pending messages. 1880 * sppp_lwsrv -> sppp_uwsrv. 1881 */ 1882 destsps->sps_flags &= ~SPS_IOCQ; 1883 mutex_exit(&ppa->ppa_sta_lock); 1884 qenable(WR(destsps->sps_rq)); 1885 1886 putnext(destsps->sps_rq, mp); 1887 break; 1888 case M_HANGUP: 1889 /* 1890 * Free the original mblk_t. We don't really want to send 1891 * a M_HANGUP message upstream, so we need to translate this 1892 * message into something else. 1893 */ 1894 freemsg(mp); 1895 if (ctlsps == NULL) 1896 break; 1897 mp = create_lsmsg(PPP_LINKSTAT_HANGUP); 1898 if (mp == NULL) { 1899 mutex_enter(&ppa->ppa_sta_lock); 1900 ppa->ppa_allocbfail++; 1901 mutex_exit(&ppa->ppa_sta_lock); 1902 break; 1903 } 1904 mutex_enter(&ppa->ppa_sta_lock); 1905 ppa->ppa_lsdown++; 1906 mutex_exit(&ppa->ppa_sta_lock); 1907 putnext(ctlsps->sps_rq, mp); 1908 break; 1909 case M_FLUSH: 1910 if (*mp->b_rptr & FLUSHR) { 1911 flushq(q, FLUSHDATA); 1912 } 1913 if (*mp->b_rptr & FLUSHW) { 1914 *mp->b_rptr &= ~FLUSHR; 1915 qreply(q, mp); 1916 } else { 1917 freemsg(mp); 1918 } 1919 break; 1920 default: 1921 if (ctlsps != NULL && 1922 (queclass(mp) == QPCTL) || canputnext(ctlsps->sps_rq)) { 1923 putnext(ctlsps->sps_rq, mp); 1924 } else { 1925 mutex_enter(&ppa->ppa_sta_lock); 1926 ppa->ppa_iqdropped++; 1927 mutex_exit(&ppa->ppa_sta_lock); 1928 freemsg(mp); 1929 } 1930 break; 1931 } 1932 } 1933 1934 /* 1935 * sppp_recv() 1936 * 1937 * MT-Perimeters: 1938 * shared inner, shared outer. 1939 * 1940 * Description: 1941 * Receive function called by sppp_lrput. Finds appropriate 1942 * receive stream and does accounting. 1943 */ 1944 static queue_t * 1945 sppp_recv(queue_t *q, mblk_t **mpp, spppstr_t *ctlsps) 1946 { 1947 mblk_t *mp; 1948 int len; 1949 sppa_t *ppa; 1950 spppstr_t *destsps; 1951 mblk_t *zmp; 1952 uint32_t npflagpos; 1953 1954 ASSERT(mpp != NULL); 1955 mp = *mpp; 1956 ASSERT(q != NULL && q->q_ptr != NULL); 1957 ASSERT(mp != NULL && mp->b_rptr != NULL); 1958 ASSERT(ctlsps != NULL); 1959 ASSERT(IS_SPS_CONTROL(ctlsps)); 1960 ppa = ctlsps->sps_ppa; 1961 ASSERT(ppa != NULL && ppa->ppa_ctl != NULL); 1962 1963 len = msgdsize(mp); 1964 mutex_enter(&ppa->ppa_sta_lock); 1965 ppa->ppa_stats.p.ppp_ibytes += len; 1966 mutex_exit(&ppa->ppa_sta_lock); 1967 /* 1968 * If the entire data size of the mblk is less than the length of the 1969 * PPP header, then free it. We can't do much with such message anyway, 1970 * since we can't really determine what the PPP protocol type is. 1971 */ 1972 if (len < PPP_HDRLEN) { 1973 /* Log, and free it */ 1974 mutex_enter(&ppa->ppa_sta_lock); 1975 ppa->ppa_irunts++; 1976 mutex_exit(&ppa->ppa_sta_lock); 1977 freemsg(mp); 1978 return (NULL); 1979 } else if (len > (ppa->ppa_mru + PPP_HDRLEN)) { 1980 /* Log, and accept it anyway */ 1981 mutex_enter(&ppa->ppa_sta_lock); 1982 ppa->ppa_itoolongs++; 1983 mutex_exit(&ppa->ppa_sta_lock); 1984 } 1985 /* 1986 * We need at least be able to read the PPP protocol from the header, 1987 * so if the first message block is too small, then we concatenate the 1988 * rest of the following blocks into one message. 1989 */ 1990 if (MBLKL(mp) < PPP_HDRLEN) { 1991 zmp = msgpullup(mp, PPP_HDRLEN); 1992 freemsg(mp); 1993 mp = zmp; 1994 if (mp == NULL) { 1995 mutex_enter(&ppa->ppa_sta_lock); 1996 ppa->ppa_allocbfail++; 1997 mutex_exit(&ppa->ppa_sta_lock); 1998 return (NULL); 1999 } 2000 *mpp = mp; 2001 } 2002 /* 2003 * Hold this packet in the control-queue until 2004 * the matching network-layer upper stream for the PPP protocol (sap) 2005 * has not been plumbed and configured 2006 */ 2007 npflagpos = sppp_ppp2np(PPP_PROTOCOL(mp->b_rptr)); 2008 mutex_enter(&ppa->ppa_npmutex); 2009 if (npflagpos != 0 && (ppa->ppa_npflag & (1 << npflagpos))) { 2010 /* 2011 * proto is currently blocked; Hold up to 4 packets 2012 * in the kernel. 2013 */ 2014 if (ppa->ppa_holdpkts[npflagpos] > 3 || 2015 putq(ctlsps->sps_rq, mp) == 0) 2016 freemsg(mp); 2017 else 2018 ppa->ppa_holdpkts[npflagpos]++; 2019 mutex_exit(&ppa->ppa_npmutex); 2020 return (NULL); 2021 } 2022 mutex_exit(&ppa->ppa_npmutex); 2023 /* 2024 * Try to find a matching network-layer upper stream for the specified 2025 * PPP protocol (sap), and if none is found, send this frame up the 2026 * control stream. 2027 */ 2028 destsps = sppp_inpkt(q, mp, ctlsps); 2029 if (destsps == NULL) { 2030 mutex_enter(&ppa->ppa_sta_lock); 2031 ppa->ppa_ipkt_ctl++; 2032 mutex_exit(&ppa->ppa_sta_lock); 2033 if (canputnext(ctlsps->sps_rq)) { 2034 if (IS_SPS_KDEBUG(ctlsps)) { 2035 SPDEBUG(PPP_DRV_NAME 2036 "/%d: M_DATA recv (%d bytes) sps=0x%p " 2037 "flags=0x%b ppa=0x%p flags=0x%b\n", 2038 ctlsps->sps_mn_id, len, (void *)ctlsps, 2039 ctlsps->sps_flags, SPS_FLAGS_STR, 2040 (void *)ppa, ppa->ppa_flags, 2041 PPA_FLAGS_STR); 2042 } 2043 return (ctlsps->sps_rq); 2044 } else { 2045 mutex_enter(&ppa->ppa_sta_lock); 2046 ppa->ppa_iqdropped++; 2047 mutex_exit(&ppa->ppa_sta_lock); 2048 freemsg(mp); 2049 return (NULL); 2050 } 2051 } 2052 if (canputnext(destsps->sps_rq)) { 2053 if (IS_SPS_KDEBUG(destsps)) { 2054 SPDEBUG(PPP_DRV_NAME 2055 "/%d: M_DATA recv (%d bytes) sps=0x%p flags=0x%b " 2056 "ppa=0x%p flags=0x%b\n", destsps->sps_mn_id, len, 2057 (void *)destsps, destsps->sps_flags, 2058 SPS_FLAGS_STR, (void *)ppa, ppa->ppa_flags, 2059 PPA_FLAGS_STR); 2060 } 2061 /* 2062 * If fastpath is enabled on the network-layer stream, then 2063 * make sure we skip over the PPP header, otherwise, we wrap 2064 * the message in a DLPI message. 2065 */ 2066 if (IS_SPS_FASTPATH(destsps)) { 2067 mp->b_rptr += PPP_HDRLEN; 2068 return (destsps->sps_rq); 2069 } else { 2070 spppstr_t *uqs = (spppstr_t *)destsps->sps_rq->q_ptr; 2071 ASSERT(uqs != NULL); 2072 mp->b_rptr += PPP_HDRLEN; 2073 mp = sppp_dladdud(uqs, mp, uqs->sps_sap, B_FALSE); 2074 if (mp != NULL) { 2075 *mpp = mp; 2076 return (destsps->sps_rq); 2077 } else { 2078 mutex_enter(&ppa->ppa_sta_lock); 2079 ppa->ppa_allocbfail++; 2080 mutex_exit(&ppa->ppa_sta_lock); 2081 /* mp already freed by sppp_dladdud */ 2082 return (NULL); 2083 } 2084 } 2085 } else { 2086 mutex_enter(&ppa->ppa_sta_lock); 2087 ppa->ppa_iqdropped++; 2088 mutex_exit(&ppa->ppa_sta_lock); 2089 freemsg(mp); 2090 return (NULL); 2091 } 2092 } 2093 2094 /* 2095 * sppp_inpkt() 2096 * 2097 * MT-Perimeters: 2098 * shared inner, shared outer. 2099 * 2100 * Description: 2101 * Find the destination upper stream for the received packet, called 2102 * from sppp_recv. 2103 * 2104 * Returns: 2105 * ptr to destination upper network stream, or NULL for control stream. 2106 */ 2107 /* ARGSUSED */ 2108 static spppstr_t * 2109 sppp_inpkt(queue_t *q, mblk_t *mp, spppstr_t *ctlsps) 2110 { 2111 spppstr_t *destsps = NULL; 2112 sppa_t *ppa; 2113 uint16_t proto; 2114 int is_promisc; 2115 2116 ASSERT(q != NULL && q->q_ptr != NULL); 2117 ASSERT(mp != NULL && mp->b_rptr != NULL); 2118 ASSERT(IS_SPS_CONTROL(ctlsps)); 2119 ppa = ctlsps->sps_ppa; 2120 ASSERT(ppa != NULL); 2121 /* 2122 * From RFC 1661 (Section 2): 2123 * 2124 * The Protocol field is one or two octets, and its value identifies 2125 * the datagram encapsulated in the Information field of the packet. 2126 * The field is transmitted and received most significant octet first. 2127 * 2128 * The structure of this field is consistent with the ISO 3309 2129 * extension mechanism for address fields. All Protocols MUST be odd; 2130 * the least significant bit of the least significant octet MUST equal 2131 * "1". Also, all Protocols MUST be assigned such that the least 2132 * significant bit of the most significant octet equals "0". Frames 2133 * received which don't comply with these rules MUST be treated as 2134 * having an unrecognized Protocol. 2135 * 2136 * Protocol field values in the "0***" to "3***" range identify the 2137 * network-layer protocol of specific packets, and values in the 2138 * "8***" to "b***" range identify packets belonging to the associated 2139 * Network Control Protocols (NCPs), if any. 2140 * 2141 * Protocol field values in the "4***" to "7***" range are used for 2142 * protocols with low volume traffic which have no associated NCP. 2143 * Protocol field values in the "c***" to "f***" range identify packets 2144 * as link-layer Control Protocols (such as LCP). 2145 */ 2146 proto = PPP_PROTOCOL(mp->b_rptr); 2147 mutex_enter(&ppa->ppa_sta_lock); 2148 ppa->ppa_stats.p.ppp_ipackets++; 2149 mutex_exit(&ppa->ppa_sta_lock); 2150 /* 2151 * We check if this is not a network-layer protocol, and if so, 2152 * then send this packet up the control stream. 2153 */ 2154 if (proto > 0x7fff) { 2155 goto inpkt_done; /* send it up the control stream */ 2156 } 2157 /* 2158 * Try to grab the destination upper stream from the network-layer 2159 * stream cache for this ppa for PPP_IP (0x0021) or PPP_IPV6 (0x0057) 2160 * protocol types. Otherwise, if the type is not known to the cache, 2161 * or if its sap can't be matched with any of the upper streams, then 2162 * send this packet up the control stream so that it can be rejected. 2163 */ 2164 if (proto == PPP_IP) { 2165 destsps = ppa->ppa_ip_cache; 2166 } else if (proto == PPP_IPV6) { 2167 destsps = ppa->ppa_ip6_cache; 2168 } 2169 /* 2170 * Toss this one away up the control stream if there's no matching sap; 2171 * this way the protocol can be rejected (destsps is NULL). 2172 */ 2173 2174 inpkt_done: 2175 /* 2176 * Only time-stamp the packet with hrtime if the upper stream 2177 * is configured to do so. PPP control (negotiation) messages 2178 * are never considered link activity; only data is activity. 2179 */ 2180 if (destsps != NULL && IS_PPA_TIMESTAMP(ppa)) { 2181 ppa->ppa_lastrx = gethrtime(); 2182 } 2183 /* 2184 * Should there be any promiscuous stream(s), send the data up for 2185 * each promiscuous stream that we recognize. We skip the control 2186 * stream as we obviously never allow the control stream to become 2187 * promiscous and bind to PPP_ALLSAP. 2188 */ 2189 rw_enter(&ppa->ppa_sib_lock, RW_READER); 2190 is_promisc = ppa->ppa_promicnt; 2191 if (is_promisc) { 2192 ASSERT(ppa->ppa_streams != NULL); 2193 sppp_dlprsendup(ppa->ppa_streams, mp, proto, B_TRUE); 2194 } 2195 rw_exit(&ppa->ppa_sib_lock); 2196 return (destsps); 2197 } 2198 2199 /* 2200 * sppp_kstat_update() 2201 * 2202 * Description: 2203 * Update per-ppa kstat interface statistics. 2204 */ 2205 static int 2206 sppp_kstat_update(kstat_t *ksp, int rw) 2207 { 2208 register sppa_t *ppa; 2209 register sppp_kstats_t *pppkp; 2210 register struct pppstat64 *sp; 2211 2212 if (rw == KSTAT_WRITE) { 2213 return (EACCES); 2214 } 2215 2216 ppa = (sppa_t *)ksp->ks_private; 2217 ASSERT(ppa != NULL); 2218 2219 pppkp = (sppp_kstats_t *)ksp->ks_data; 2220 sp = &ppa->ppa_stats.p; 2221 2222 mutex_enter(&ppa->ppa_sta_lock); 2223 pppkp->allocbfail.value.ui32 = ppa->ppa_allocbfail; 2224 pppkp->mctlsfwd.value.ui32 = ppa->ppa_mctlsfwd; 2225 pppkp->mctlsfwderr.value.ui32 = ppa->ppa_mctlsfwderr; 2226 pppkp->rbytes.value.ui32 = sp->ppp_ibytes; 2227 pppkp->rbytes64.value.ui64 = sp->ppp_ibytes; 2228 pppkp->ierrors.value.ui32 = sp->ppp_ierrors; 2229 pppkp->ierrors_lower.value.ui32 = ppa->ppa_ierr_low; 2230 pppkp->ioctlsfwd.value.ui32 = ppa->ppa_ioctlsfwd; 2231 pppkp->ioctlsfwdok.value.ui32 = ppa->ppa_ioctlsfwdok; 2232 pppkp->ioctlsfwderr.value.ui32 = ppa->ppa_ioctlsfwderr; 2233 pppkp->ipackets.value.ui32 = sp->ppp_ipackets; 2234 pppkp->ipackets64.value.ui64 = sp->ppp_ipackets; 2235 pppkp->ipackets_ctl.value.ui32 = ppa->ppa_ipkt_ctl; 2236 pppkp->iqdropped.value.ui32 = ppa->ppa_iqdropped; 2237 pppkp->irunts.value.ui32 = ppa->ppa_irunts; 2238 pppkp->itoolongs.value.ui32 = ppa->ppa_itoolongs; 2239 pppkp->lsneedup.value.ui32 = ppa->ppa_lsneedup; 2240 pppkp->lsdown.value.ui32 = ppa->ppa_lsdown; 2241 pppkp->mctlsknown.value.ui32 = ppa->ppa_mctlsknown; 2242 pppkp->mctlsunknown.value.ui32 = ppa->ppa_mctlsunknown; 2243 pppkp->obytes.value.ui32 = sp->ppp_obytes; 2244 pppkp->obytes64.value.ui64 = sp->ppp_obytes; 2245 pppkp->oerrors.value.ui32 = sp->ppp_oerrors; 2246 pppkp->oerrors_lower.value.ui32 = ppa->ppa_oerr_low; 2247 pppkp->opackets.value.ui32 = sp->ppp_opackets; 2248 pppkp->opackets64.value.ui64 = sp->ppp_opackets; 2249 pppkp->opackets_ctl.value.ui32 = ppa->ppa_opkt_ctl; 2250 pppkp->oqdropped.value.ui32 = ppa->ppa_oqdropped; 2251 pppkp->otoolongs.value.ui32 = ppa->ppa_otoolongs; 2252 pppkp->orunts.value.ui32 = ppa->ppa_orunts; 2253 mutex_exit(&ppa->ppa_sta_lock); 2254 2255 return (0); 2256 } 2257 2258 /* 2259 * Turn off proto in ppa_npflag to indicate that 2260 * the corresponding network protocol has been plumbed. 2261 * Release proto packets that were being held in the control 2262 * queue in anticipation of this event. 2263 */ 2264 static void 2265 sppp_release_pkts(sppa_t *ppa, uint16_t proto) 2266 { 2267 uint32_t npflagpos = sppp_ppp2np(proto); 2268 int count; 2269 mblk_t *mp; 2270 uint16_t mp_proto; 2271 queue_t *q; 2272 spppstr_t *destsps; 2273 2274 ASSERT(ppa != NULL); 2275 2276 if (npflagpos == 0 || (ppa->ppa_npflag & (1 << npflagpos)) == 0) 2277 return; 2278 2279 mutex_enter(&ppa->ppa_npmutex); 2280 ppa->ppa_npflag &= ~(1 << npflagpos); 2281 count = ppa->ppa_holdpkts[npflagpos]; 2282 ppa->ppa_holdpkts[npflagpos] = 0; 2283 mutex_exit(&ppa->ppa_npmutex); 2284 2285 q = ppa->ppa_ctl->sps_rq; 2286 2287 while (count > 0) { 2288 mp = getq(q); 2289 ASSERT(mp != NULL); 2290 2291 mp_proto = PPP_PROTOCOL(mp->b_rptr); 2292 if (mp_proto != proto) { 2293 (void) putq(q, mp); 2294 continue; 2295 } 2296 count--; 2297 destsps = NULL; 2298 if (mp_proto == PPP_IP) { 2299 destsps = ppa->ppa_ip_cache; 2300 } else if (mp_proto == PPP_IPV6) { 2301 destsps = ppa->ppa_ip6_cache; 2302 } 2303 ASSERT(destsps != NULL); 2304 2305 if (IS_SPS_FASTPATH(destsps)) { 2306 mp->b_rptr += PPP_HDRLEN; 2307 } else { 2308 spppstr_t *uqs = (spppstr_t *)destsps->sps_rq->q_ptr; 2309 ASSERT(uqs != NULL); 2310 mp->b_rptr += PPP_HDRLEN; 2311 mp = sppp_dladdud(uqs, mp, uqs->sps_sap, B_FALSE); 2312 if (mp == NULL) { 2313 mutex_enter(&ppa->ppa_sta_lock); 2314 ppa->ppa_allocbfail++; 2315 mutex_exit(&ppa->ppa_sta_lock); 2316 /* mp already freed by sppp_dladdud */ 2317 continue; 2318 } 2319 } 2320 2321 if (canputnext(destsps->sps_rq)) { 2322 putnext(destsps->sps_rq, mp); 2323 } else { 2324 mutex_enter(&ppa->ppa_sta_lock); 2325 ppa->ppa_iqdropped++; 2326 mutex_exit(&ppa->ppa_sta_lock); 2327 freemsg(mp); 2328 continue; 2329 } 2330 } 2331 } 2332