1 /* 2 * sppp.c - Solaris STREAMS PPP multiplexing pseudo-driver 3 * 4 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 5 * Use is subject to license terms. 6 * 7 * Permission to use, copy, modify, and distribute this software and its 8 * documentation is hereby granted, provided that the above copyright 9 * notice appears in all copies. 10 * 11 * SUN MAKES NO REPRESENTATION OR WARRANTIES ABOUT THE SUITABILITY OF 12 * THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED 13 * TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 14 * PARTICULAR PURPOSE, OR NON-INFRINGEMENT. SUN SHALL NOT BE LIABLE FOR 15 * ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR 16 * DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES 17 * 18 * Copyright (c) 1994 The Australian National University. 19 * All rights reserved. 20 * 21 * Permission to use, copy, modify, and distribute this software and its 22 * documentation is hereby granted, provided that the above copyright 23 * notice appears in all copies. This software is provided without any 24 * warranty, express or implied. The Australian National University 25 * makes no representations about the suitability of this software for 26 * any purpose. 27 * 28 * IN NO EVENT SHALL THE AUSTRALIAN NATIONAL UNIVERSITY BE LIABLE TO ANY 29 * PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES 30 * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF 31 * THE AUSTRALIAN NATIONAL UNIVERSITY HAS BEEN ADVISED OF THE POSSIBILITY 32 * OF SUCH DAMAGE. 33 * 34 * THE AUSTRALIAN NATIONAL UNIVERSITY SPECIFICALLY DISCLAIMS ANY WARRANTIES, 35 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY 36 * AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS 37 * ON AN "AS IS" BASIS, AND THE AUSTRALIAN NATIONAL UNIVERSITY HAS NO 38 * OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, 39 * OR MODIFICATIONS. 40 * 41 * This driver is derived from the original SVR4 STREAMS PPP driver 42 * originally written by Paul Mackerras <paul.mackerras@cs.anu.edu.au>. 43 * 44 * Adi Masputra <adi.masputra@sun.com> rewrote and restructured the code 45 * for improved performance and scalability. 46 */ 47 48 #pragma ident "%Z%%M% %I% %E% SMI" 49 #define RCSID "$Id: sppp.c,v 1.0 2000/05/08 01:10:12 masputra Exp $" 50 51 #include <sys/types.h> 52 #include <sys/debug.h> 53 #include <sys/param.h> 54 #include <sys/stat.h> 55 #include <sys/stream.h> 56 #include <sys/stropts.h> 57 #include <sys/sysmacros.h> 58 #include <sys/errno.h> 59 #include <sys/time.h> 60 #include <sys/cmn_err.h> 61 #include <sys/kmem.h> 62 #include <sys/conf.h> 63 #include <sys/dlpi.h> 64 #include <sys/ddi.h> 65 #include <sys/kstat.h> 66 #include <sys/strsun.h> 67 #include <sys/ethernet.h> 68 #include <sys/policy.h> 69 #include <net/ppp_defs.h> 70 #include <net/pppio.h> 71 #include "sppp.h" 72 #include "s_common.h" 73 74 /* 75 * This is used to tag official Solaris sources. Please do not define 76 * "INTERNAL_BUILD" when building this software outside of Sun Microsystems. 77 */ 78 #ifdef INTERNAL_BUILD 79 /* MODINFO is limited to 32 characters. */ 80 const char sppp_module_description[] = "PPP 4.0 mux"; 81 #else /* INTERNAL_BUILD */ 82 const char sppp_module_description[] = "ANU PPP mux $Revision: 1.0$"; 83 84 /* LINTED */ 85 static const char buildtime[] = "Built " __DATE__ " at " __TIME__ 86 #ifdef DEBUG 87 " DEBUG" 88 #endif 89 "\n"; 90 #endif /* INTERNAL_BUILD */ 91 92 static void sppp_inner_ioctl(queue_t *, mblk_t *); 93 static void sppp_outer_ioctl(queue_t *, mblk_t *); 94 static queue_t *sppp_send(queue_t *, mblk_t **, spppstr_t *); 95 static queue_t *sppp_recv(queue_t *, mblk_t **, spppstr_t *); 96 static void sppp_recv_nondata(queue_t *, mblk_t *, spppstr_t *); 97 static queue_t *sppp_outpkt(queue_t *, mblk_t **, int, spppstr_t *); 98 static spppstr_t *sppp_inpkt(queue_t *, mblk_t *, spppstr_t *); 99 static int sppp_kstat_update(kstat_t *, int); 100 static void sppp_release_pkts(sppa_t *, uint16_t); 101 102 /* 103 * sps_list contains the list of active per-stream instance state structures 104 * ordered on the minor device number (see sppp.h for details). All streams 105 * opened to this driver are threaded together in this list. 106 */ 107 static spppstr_t *sps_list = NULL; 108 /* 109 * ppa_list contains the list of active per-attachment instance state 110 * structures ordered on the ppa id number (see sppp.h for details). All of 111 * the ppa structures created once per PPPIO_NEWPPA ioctl are threaded together 112 * in this list. There is exactly one ppa structure for a given PPP interface, 113 * and multiple sps streams (upper streams) may share a ppa by performing 114 * an attachment explicitly (PPPIO_ATTACH) or implicitly (DL_ATTACH_REQ). 115 */ 116 static sppa_t *ppa_list = NULL; 117 118 static const char *kstats_names[] = { SPPP_KSTATS_NAMES }; 119 static const char *kstats64_names[] = { SPPP_KSTATS64_NAMES }; 120 121 /* 122 * map proto (which is an IANA defined ppp network protocol) to 123 * a bit position indicated by NP_* in ppa_npflag 124 */ 125 static uint32_t 126 sppp_ppp2np(uint16_t proto) 127 { 128 switch (proto) { 129 case PPP_IP: 130 return (NP_IP); 131 case PPP_IPV6: 132 return (NP_IPV6); 133 default: 134 return (0); 135 } 136 } 137 138 /* 139 * sppp_open() 140 * 141 * MT-Perimeters: 142 * exclusive inner, exclusive outer. 143 * 144 * Description: 145 * Common open procedure for module. 146 */ 147 /* ARGSUSED */ 148 int 149 sppp_open(queue_t *q, dev_t *devp, int oflag, int sflag, cred_t *credp) 150 { 151 spppstr_t *sps; 152 spppstr_t **nextmn; 153 minor_t mn; 154 155 ASSERT(q != NULL && devp != NULL); 156 ASSERT(sflag != MODOPEN); 157 158 if (q->q_ptr != NULL) { 159 return (0); /* already open */ 160 } 161 if (sflag != CLONEOPEN) { 162 return (OPENFAIL); 163 } 164 /* 165 * The sps list is sorted using the minor number as the key. The 166 * following code walks the list to find the lowest valued minor 167 * number available to be used. 168 */ 169 mn = 0; 170 for (nextmn = &sps_list; (sps = *nextmn) != NULL; 171 nextmn = &sps->sps_nextmn) { 172 if (sps->sps_mn_id != mn) { 173 break; 174 } 175 ++mn; 176 } 177 sps = (spppstr_t *)kmem_zalloc(sizeof (spppstr_t), KM_SLEEP); 178 ASSERT(sps != NULL); /* KM_SLEEP must never return NULL */ 179 sps->sps_nextmn = *nextmn; /* insert stream in global list */ 180 *nextmn = sps; 181 sps->sps_mn_id = mn; /* save minor id for this stream */ 182 sps->sps_rq = q; /* save read queue pointer */ 183 sps->sps_sap = -1; /* no sap bound to stream */ 184 sps->sps_dlstate = DL_UNATTACHED; /* dlpi state is unattached */ 185 sps->sps_npmode = NPMODE_DROP; /* drop all packets initially */ 186 q->q_ptr = WR(q)->q_ptr = (caddr_t)sps; 187 /* 188 * We explicitly disable the automatic queue scheduling for the 189 * write-side to obtain complete control over queuing during transmit. 190 * Packets will be queued at the upper write queue and the service 191 * routine will not be called until it gets scheduled by having the 192 * lower write service routine call the qenable(WR(uq)) for all streams 193 * attached to the same ppa instance. 194 */ 195 noenable(WR(q)); 196 *devp = makedevice(getmajor(*devp), mn); 197 qprocson(q); 198 return (0); 199 } 200 201 /* 202 * Free storage used by a PPA. This is not called until the last PPA 203 * user closes his connection or reattaches to a different PPA. 204 */ 205 static void 206 sppp_free_ppa(sppa_t *ppa) 207 { 208 sppa_t **nextppa; 209 210 ASSERT(ppa->ppa_refcnt == 1); 211 if (ppa->ppa_kstats != NULL) { 212 kstat_delete(ppa->ppa_kstats); 213 ppa->ppa_kstats = NULL; 214 } 215 mutex_destroy(&ppa->ppa_sta_lock); 216 mutex_destroy(&ppa->ppa_npmutex); 217 rw_destroy(&ppa->ppa_sib_lock); 218 nextppa = &ppa_list; 219 while (*nextppa != NULL) { 220 if (*nextppa == ppa) { 221 *nextppa = ppa->ppa_nextppa; 222 break; 223 } 224 nextppa = &(*nextppa)->ppa_nextppa; 225 } 226 kmem_free(ppa, sizeof (*ppa)); 227 } 228 229 /* 230 * Create a new PPA. Caller must be exclusive on outer perimeter. 231 */ 232 sppa_t * 233 sppp_create_ppa(uint32_t ppa_id) 234 { 235 sppa_t *ppa; 236 sppa_t *curppa; 237 sppa_t **availppa; 238 char unit[32]; /* Unit name */ 239 const char **cpp; 240 kstat_t *ksp; 241 kstat_named_t *knt; 242 243 /* 244 * NOTE: unit *must* be named for the driver 245 * name plus the ppa number so that netstat 246 * can find the statistics. 247 */ 248 (void) sprintf(unit, "%s" "%d", PPP_DRV_NAME, ppa_id); 249 /* 250 * Make sure we can allocate a buffer to 251 * contain the ppa to be sent upstream, as 252 * well as the actual ppa structure and its 253 * associated kstat structure. 254 */ 255 ppa = (sppa_t *)kmem_zalloc(sizeof (sppa_t), 256 KM_NOSLEEP); 257 ksp = kstat_create(PPP_DRV_NAME, ppa_id, unit, "net", KSTAT_TYPE_NAMED, 258 sizeof (sppp_kstats_t) / sizeof (kstat_named_t), 0); 259 260 if (ppa == NULL || ksp == NULL) { 261 if (ppa != NULL) { 262 kmem_free(ppa, sizeof (sppa_t)); 263 } 264 if (ksp != NULL) { 265 kstat_delete(ksp); 266 } 267 return (NULL); 268 } 269 ppa->ppa_kstats = ksp; /* chain kstat structure */ 270 ppa->ppa_ppa_id = ppa_id; /* record ppa id */ 271 ppa->ppa_mtu = PPP_MAXMTU; /* 65535-(PPP_HDRLEN+PPP_FCSLEN) */ 272 ppa->ppa_mru = PPP_MAXMRU; /* 65000 */ 273 274 mutex_init(&ppa->ppa_sta_lock, NULL, MUTEX_DRIVER, NULL); 275 mutex_init(&ppa->ppa_npmutex, NULL, MUTEX_DRIVER, NULL); 276 rw_init(&ppa->ppa_sib_lock, NULL, RW_DRIVER, NULL); 277 278 /* 279 * Prepare and install kstat counters. Note that for netstat 280 * -i to work, there needs to be "ipackets", "opackets", 281 * "ierrors", and "oerrors" kstat named variables. 282 */ 283 knt = (kstat_named_t *)ksp->ks_data; 284 for (cpp = kstats_names; cpp < kstats_names + Dim(kstats_names); 285 cpp++) { 286 kstat_named_init(knt, *cpp, KSTAT_DATA_UINT32); 287 knt++; 288 } 289 for (cpp = kstats64_names; cpp < kstats64_names + Dim(kstats64_names); 290 cpp++) { 291 kstat_named_init(knt, *cpp, KSTAT_DATA_UINT64); 292 knt++; 293 } 294 ksp->ks_update = sppp_kstat_update; 295 ksp->ks_private = (void *)ppa; 296 kstat_install(ksp); 297 298 /* link to the next ppa and insert into global list */ 299 availppa = &ppa_list; 300 while ((curppa = *availppa) != NULL) { 301 if (ppa_id < curppa->ppa_ppa_id) 302 break; 303 availppa = &curppa->ppa_nextppa; 304 } 305 ppa->ppa_nextppa = *availppa; 306 *availppa = ppa; 307 return (ppa); 308 } 309 310 /* 311 * sppp_close() 312 * 313 * MT-Perimeters: 314 * exclusive inner, exclusive outer. 315 * 316 * Description: 317 * Common close procedure for module. 318 */ 319 int 320 sppp_close(queue_t *q) 321 { 322 spppstr_t *sps; 323 spppstr_t **nextmn; 324 spppstr_t *sib; 325 sppa_t *ppa; 326 mblk_t *mp; 327 328 ASSERT(q != NULL && q->q_ptr != NULL); 329 sps = (spppstr_t *)q->q_ptr; 330 qprocsoff(q); 331 332 ppa = sps->sps_ppa; 333 if (ppa == NULL) { 334 ASSERT(!IS_SPS_CONTROL(sps)); 335 goto close_unattached; 336 } 337 if (IS_SPS_CONTROL(sps)) { 338 uint32_t cnt = 0; 339 340 ASSERT(ppa != NULL); 341 ASSERT(ppa->ppa_ctl == sps); 342 ppa->ppa_ctl = NULL; 343 /* 344 * STREAMS framework always issues I_UNLINK prior to close, 345 * since we only allow I_LINK under the control stream. 346 * A given ppa structure has at most one lower stream pointed 347 * by the ppa_lower_wq field, because we only allow a single 348 * linkage (I_LINK) to be done on the control stream. 349 */ 350 ASSERT(ppa->ppa_lower_wq == NULL); 351 /* 352 * Walk through all of sibling streams attached to this ppa, 353 * and remove all references to this ppa. We have exclusive 354 * access for the entire driver here, so there's no need 355 * to hold ppa_sib_lock. 356 */ 357 cnt++; 358 sib = ppa->ppa_streams; 359 while (sib != NULL) { 360 ASSERT(ppa == sib->sps_ppa); 361 sib->sps_npmode = NPMODE_DROP; 362 sib->sps_flags &= ~(SPS_PIOATTACH | SPS_CACHED); 363 /* 364 * There should be a preallocated hangup 365 * message here. Fetch it and send it up to 366 * the stream head. This will cause IP to 367 * mark the interface as "down." 368 */ 369 if ((mp = sib->sps_hangup) != NULL) { 370 sib->sps_hangup = NULL; 371 /* 372 * M_HANGUP works with IP, but snoop 373 * is lame and requires M_ERROR. Send 374 * up a clean error code instead. 375 * 376 * XXX if snoop is fixed, fix this, too. 377 */ 378 MTYPE(mp) = M_ERROR; 379 *mp->b_wptr++ = ENXIO; 380 putnext(sib->sps_rq, mp); 381 } 382 qenable(WR(sib->sps_rq)); 383 cnt++; 384 sib = sib->sps_nextsib; 385 } 386 ASSERT(ppa->ppa_refcnt == cnt); 387 } else { 388 ASSERT(ppa->ppa_streams != NULL); 389 ASSERT(ppa->ppa_ctl != sps); 390 mp = NULL; 391 if (sps->sps_sap == PPP_IP) { 392 ppa->ppa_ip_cache = NULL; 393 mp = create_lsmsg(PPP_LINKSTAT_IPV4_UNBOUND); 394 } else if (sps->sps_sap == PPP_IPV6) { 395 ppa->ppa_ip6_cache = NULL; 396 mp = create_lsmsg(PPP_LINKSTAT_IPV6_UNBOUND); 397 } 398 /* Tell the daemon the bad news. */ 399 if (mp != NULL && ppa->ppa_ctl != NULL && 400 (sps->sps_npmode == NPMODE_PASS || 401 sps->sps_npmode == NPMODE_QUEUE)) { 402 putnext(ppa->ppa_ctl->sps_rq, mp); 403 } else { 404 freemsg(mp); 405 } 406 /* 407 * Walk through all of sibling streams attached to the 408 * same ppa, and remove this stream from the sibling 409 * streams list. We have exclusive access for the 410 * entire driver here, so there's no need to hold 411 * ppa_sib_lock. 412 */ 413 sib = ppa->ppa_streams; 414 if (sib == sps) { 415 ppa->ppa_streams = sps->sps_nextsib; 416 } else { 417 while (sib->sps_nextsib != NULL) { 418 if (sib->sps_nextsib == sps) { 419 sib->sps_nextsib = sps->sps_nextsib; 420 break; 421 } 422 sib = sib->sps_nextsib; 423 } 424 } 425 sps->sps_nextsib = NULL; 426 freemsg(sps->sps_hangup); 427 sps->sps_hangup = NULL; 428 /* 429 * Check if this is a promiscous stream. If the SPS_PROMISC bit 430 * is still set, it means that the stream is closed without 431 * ever having issued DL_DETACH_REQ or DL_PROMISCOFF_REQ. 432 * In this case, we simply decrement the promiscous counter, 433 * and it's safe to do it without holding ppa_sib_lock since 434 * we're exclusive (inner and outer) at this point. 435 */ 436 if (IS_SPS_PROMISC(sps)) { 437 ASSERT(ppa->ppa_promicnt > 0); 438 ppa->ppa_promicnt--; 439 } 440 } 441 /* If we're the only one left, then delete now. */ 442 if (ppa->ppa_refcnt <= 1) 443 sppp_free_ppa(ppa); 444 else 445 ppa->ppa_refcnt--; 446 close_unattached: 447 q->q_ptr = WR(q)->q_ptr = NULL; 448 for (nextmn = &sps_list; *nextmn != NULL; 449 nextmn = &(*nextmn)->sps_nextmn) { 450 if (*nextmn == sps) { 451 *nextmn = sps->sps_nextmn; 452 break; 453 } 454 } 455 kmem_free(sps, sizeof (spppstr_t)); 456 return (0); 457 } 458 459 static void 460 sppp_ioctl(struct queue *q, mblk_t *mp) 461 { 462 spppstr_t *sps; 463 spppstr_t *nextsib; 464 sppa_t *ppa; 465 struct iocblk *iop; 466 mblk_t *nmp; 467 enum NPmode npmode; 468 struct ppp_idle *pip; 469 struct ppp_stats64 *psp; 470 struct ppp_comp_stats *pcsp; 471 hrtime_t hrtime; 472 int sap; 473 int count = 0; 474 int error = EINVAL; 475 476 sps = (spppstr_t *)q->q_ptr; 477 ppa = sps->sps_ppa; 478 479 iop = (struct iocblk *)mp->b_rptr; 480 switch (iop->ioc_cmd) { 481 case PPPIO_NPMODE: 482 if (!IS_SPS_CONTROL(sps)) { 483 break; /* return EINVAL */ 484 } else if (iop->ioc_count != 2 * sizeof (uint32_t) || 485 (mp->b_cont == NULL)) { 486 error = EPROTO; 487 break; 488 } 489 ASSERT(ppa != NULL); 490 ASSERT(mp->b_cont->b_rptr != NULL); 491 ASSERT(sps->sps_npmode == NPMODE_PASS); 492 sap = ((uint32_t *)mp->b_cont->b_rptr)[0]; 493 npmode = (enum NPmode)((uint32_t *)mp->b_cont->b_rptr)[1]; 494 /* 495 * Walk the sibling streams which belong to the same 496 * ppa, and try to find a stream with matching sap 497 * number. 498 */ 499 rw_enter(&ppa->ppa_sib_lock, RW_WRITER); 500 for (nextsib = ppa->ppa_streams; nextsib != NULL; 501 nextsib = nextsib->sps_nextsib) { 502 if (nextsib->sps_sap == sap) { 503 break; /* found it */ 504 } 505 } 506 if (nextsib == NULL) { 507 rw_exit(&ppa->ppa_sib_lock); 508 break; /* return EINVAL */ 509 } else { 510 nextsib->sps_npmode = npmode; 511 if ((nextsib->sps_npmode != NPMODE_QUEUE) && 512 (WR(nextsib->sps_rq)->q_first != NULL)) { 513 qenable(WR(nextsib->sps_rq)); 514 } 515 } 516 rw_exit(&ppa->ppa_sib_lock); 517 error = 0; /* return success */ 518 break; 519 case PPPIO_GIDLE: 520 if (ppa == NULL) { 521 ASSERT(!IS_SPS_CONTROL(sps)); 522 error = ENOLINK; 523 break; 524 } else if (!IS_PPA_TIMESTAMP(ppa)) { 525 break; /* return EINVAL */ 526 } 527 if ((nmp = allocb(sizeof (struct ppp_idle), 528 BPRI_MED)) == NULL) { 529 mutex_enter(&ppa->ppa_sta_lock); 530 ppa->ppa_allocbfail++; 531 mutex_exit(&ppa->ppa_sta_lock); 532 error = ENOSR; 533 break; 534 } 535 if (mp->b_cont != NULL) { 536 freemsg(mp->b_cont); 537 } 538 mp->b_cont = nmp; 539 pip = (struct ppp_idle *)nmp->b_wptr; 540 nmp->b_wptr += sizeof (struct ppp_idle); 541 /* 542 * Get current timestamp and subtract the tx and rx 543 * timestamps to get the actual idle time to be 544 * returned. 545 */ 546 hrtime = gethrtime(); 547 pip->xmit_idle = (hrtime - ppa->ppa_lasttx) / 1000000000ul; 548 pip->recv_idle = (hrtime - ppa->ppa_lastrx) / 1000000000ul; 549 count = msgsize(nmp); 550 error = 0; 551 break; /* return success (error is 0) */ 552 case PPPIO_GTYPE: 553 nmp = allocb(sizeof (uint32_t), BPRI_MED); 554 if (nmp == NULL) { 555 error = ENOSR; 556 break; 557 } 558 if (mp->b_cont != NULL) { 559 freemsg(mp->b_cont); 560 } 561 mp->b_cont = nmp; 562 /* 563 * Let the requestor know that we are the PPP 564 * multiplexer (PPPTYP_MUX). 565 */ 566 *(uint32_t *)nmp->b_wptr = PPPTYP_MUX; 567 nmp->b_wptr += sizeof (uint32_t); 568 count = msgsize(nmp); 569 error = 0; /* return success */ 570 break; 571 case PPPIO_GETSTAT64: 572 if (ppa == NULL) { 573 break; /* return EINVAL */ 574 } else if ((ppa->ppa_lower_wq != NULL) && 575 !IS_PPA_LASTMOD(ppa)) { 576 mutex_enter(&ppa->ppa_sta_lock); 577 ppa->ppa_ioctlsfwd++; 578 mutex_exit(&ppa->ppa_sta_lock); 579 /* 580 * Record the ioctl CMD & ID - this will be 581 * used to check the ACK or NAK responses 582 * coming from below. 583 */ 584 sps->sps_ioc_id = iop->ioc_id; 585 putnext(ppa->ppa_lower_wq, mp); 586 return; /* don't ack or nak the request */ 587 } 588 nmp = allocb(sizeof (*psp), BPRI_MED); 589 if (nmp == NULL) { 590 mutex_enter(&ppa->ppa_sta_lock); 591 ppa->ppa_allocbfail++; 592 mutex_exit(&ppa->ppa_sta_lock); 593 error = ENOSR; 594 break; 595 } 596 if (mp->b_cont != NULL) { 597 freemsg(mp->b_cont); 598 } 599 mp->b_cont = nmp; 600 psp = (struct ppp_stats64 *)nmp->b_wptr; 601 /* 602 * Copy the contents of ppp_stats64 structure for this 603 * ppa and return them to the caller. 604 */ 605 mutex_enter(&ppa->ppa_sta_lock); 606 bcopy(&ppa->ppa_stats, psp, sizeof (*psp)); 607 mutex_exit(&ppa->ppa_sta_lock); 608 nmp->b_wptr += sizeof (*psp); 609 count = sizeof (*psp); 610 error = 0; /* return success */ 611 break; 612 case PPPIO_GETCSTAT: 613 if (ppa == NULL) { 614 break; /* return EINVAL */ 615 } else if ((ppa->ppa_lower_wq != NULL) && 616 !IS_PPA_LASTMOD(ppa)) { 617 mutex_enter(&ppa->ppa_sta_lock); 618 ppa->ppa_ioctlsfwd++; 619 mutex_exit(&ppa->ppa_sta_lock); 620 /* 621 * Record the ioctl CMD & ID - this will be 622 * used to check the ACK or NAK responses 623 * coming from below. 624 */ 625 sps->sps_ioc_id = iop->ioc_id; 626 putnext(ppa->ppa_lower_wq, mp); 627 return; /* don't ack or nak the request */ 628 } 629 nmp = allocb(sizeof (struct ppp_comp_stats), BPRI_MED); 630 if (nmp == NULL) { 631 mutex_enter(&ppa->ppa_sta_lock); 632 ppa->ppa_allocbfail++; 633 mutex_exit(&ppa->ppa_sta_lock); 634 error = ENOSR; 635 break; 636 } 637 if (mp->b_cont != NULL) { 638 freemsg(mp->b_cont); 639 } 640 mp->b_cont = nmp; 641 pcsp = (struct ppp_comp_stats *)nmp->b_wptr; 642 nmp->b_wptr += sizeof (struct ppp_comp_stats); 643 bzero((caddr_t)pcsp, sizeof (struct ppp_comp_stats)); 644 count = msgsize(nmp); 645 error = 0; /* return success */ 646 break; 647 } 648 649 if (error == 0) { 650 /* Success; tell the user. */ 651 miocack(q, mp, count, 0); 652 } else { 653 /* Failure; send error back upstream. */ 654 miocnak(q, mp, 0, error); 655 } 656 } 657 658 /* 659 * sppp_uwput() 660 * 661 * MT-Perimeters: 662 * shared inner, shared outer. 663 * 664 * Description: 665 * Upper write-side put procedure. Messages from above arrive here. 666 */ 667 void 668 sppp_uwput(queue_t *q, mblk_t *mp) 669 { 670 queue_t *nextq; 671 spppstr_t *sps; 672 sppa_t *ppa; 673 struct iocblk *iop; 674 int error; 675 676 ASSERT(q != NULL && q->q_ptr != NULL); 677 ASSERT(mp != NULL && mp->b_rptr != NULL); 678 sps = (spppstr_t *)q->q_ptr; 679 ppa = sps->sps_ppa; 680 681 switch (MTYPE(mp)) { 682 case M_PCPROTO: 683 case M_PROTO: 684 if (IS_SPS_CONTROL(sps)) { 685 ASSERT(ppa != NULL); 686 /* 687 * Intentionally change this to a high priority 688 * message so it doesn't get queued up. M_PROTO is 689 * specifically used for signalling between pppd and its 690 * kernel-level component(s), such as ppptun, so we 691 * make sure that it doesn't get queued up behind 692 * data messages. 693 */ 694 MTYPE(mp) = M_PCPROTO; 695 if ((ppa->ppa_lower_wq != NULL) && 696 canputnext(ppa->ppa_lower_wq)) { 697 mutex_enter(&ppa->ppa_sta_lock); 698 ppa->ppa_mctlsfwd++; 699 mutex_exit(&ppa->ppa_sta_lock); 700 putnext(ppa->ppa_lower_wq, mp); 701 } else { 702 mutex_enter(&ppa->ppa_sta_lock); 703 ppa->ppa_mctlsfwderr++; 704 mutex_exit(&ppa->ppa_sta_lock); 705 freemsg(mp); 706 } 707 } else { 708 (void) sppp_mproto(q, mp, sps); 709 return; 710 } 711 break; 712 case M_DATA: 713 if ((nextq = sppp_send(q, &mp, sps)) != NULL) 714 putnext(nextq, mp); 715 break; 716 case M_IOCTL: 717 error = EINVAL; 718 iop = (struct iocblk *)mp->b_rptr; 719 switch (iop->ioc_cmd) { 720 case DLIOCRAW: 721 case DL_IOC_HDR_INFO: 722 case PPPIO_ATTACH: 723 case PPPIO_DEBUG: 724 case PPPIO_DETACH: 725 case PPPIO_LASTMOD: 726 case PPPIO_MRU: 727 case PPPIO_MTU: 728 case PPPIO_USETIMESTAMP: 729 case PPPIO_BLOCKNP: 730 case PPPIO_UNBLOCKNP: 731 qwriter(q, mp, sppp_inner_ioctl, PERIM_INNER); 732 return; 733 case I_LINK: 734 case I_UNLINK: 735 case PPPIO_NEWPPA: 736 qwriter(q, mp, sppp_outer_ioctl, PERIM_OUTER); 737 return; 738 case PPPIO_NPMODE: 739 case PPPIO_GIDLE: 740 case PPPIO_GTYPE: 741 case PPPIO_GETSTAT64: 742 case PPPIO_GETCSTAT: 743 /* 744 * These require additional auto variables to 745 * handle, so (for optimization reasons) 746 * they're moved off to a separate function. 747 */ 748 sppp_ioctl(q, mp); 749 return; 750 case PPPIO_GETSTAT: 751 break; /* 32 bit interface gone */ 752 default: 753 if (iop->ioc_cr == NULL || 754 secpolicy_net_config(iop->ioc_cr, B_FALSE) != 0) { 755 error = EPERM; 756 break; 757 } else if ((ppa == NULL) || 758 (ppa->ppa_lower_wq == NULL)) { 759 break; /* return EINVAL */ 760 } 761 mutex_enter(&ppa->ppa_sta_lock); 762 ppa->ppa_ioctlsfwd++; 763 mutex_exit(&ppa->ppa_sta_lock); 764 /* 765 * Record the ioctl CMD & ID - this will be used to 766 * check the ACK or NAK responses coming from below. 767 */ 768 sps->sps_ioc_id = iop->ioc_id; 769 putnext(ppa->ppa_lower_wq, mp); 770 return; /* don't ack or nak the request */ 771 } 772 /* Failure; send error back upstream. */ 773 miocnak(q, mp, 0, error); 774 break; 775 case M_FLUSH: 776 if (*mp->b_rptr & FLUSHW) { 777 flushq(q, FLUSHDATA); 778 } 779 if (*mp->b_rptr & FLUSHR) { 780 *mp->b_rptr &= ~FLUSHW; 781 qreply(q, mp); 782 } else { 783 freemsg(mp); 784 } 785 break; 786 default: 787 freemsg(mp); 788 break; 789 } 790 } 791 792 /* 793 * sppp_uwsrv() 794 * 795 * MT-Perimeters: 796 * exclusive inner, shared outer. 797 * 798 * Description: 799 * Upper write-side service procedure. Note that this procedure does 800 * not get called when a message is placed on our write-side queue, since 801 * automatic queue scheduling has been turned off by noenable() when 802 * the queue was opened. We do this on purpose, as we explicitly control 803 * the write-side queue. Therefore, this procedure gets called when 804 * the lower write service procedure qenable() the upper write stream queue. 805 */ 806 void 807 sppp_uwsrv(queue_t *q) 808 { 809 spppstr_t *sps; 810 mblk_t *mp; 811 queue_t *nextq; 812 813 ASSERT(q != NULL && q->q_ptr != NULL); 814 sps = (spppstr_t *)q->q_ptr; 815 while ((mp = getq(q)) != NULL) { 816 if ((nextq = sppp_outpkt(q, &mp, msgdsize(mp), sps)) == NULL) { 817 if (mp != NULL) { 818 if (putbq(q, mp) == 0) 819 freemsg(mp); 820 break; 821 } 822 } else { 823 putnext(nextq, mp); 824 } 825 } 826 } 827 828 void 829 sppp_remove_ppa(spppstr_t *sps) 830 { 831 spppstr_t *nextsib; 832 sppa_t *ppa = sps->sps_ppa; 833 834 rw_enter(&ppa->ppa_sib_lock, RW_WRITER); 835 if (ppa->ppa_refcnt <= 1) { 836 rw_exit(&ppa->ppa_sib_lock); 837 sppp_free_ppa(ppa); 838 } else { 839 nextsib = ppa->ppa_streams; 840 if (nextsib == sps) { 841 ppa->ppa_streams = sps->sps_nextsib; 842 } else { 843 while (nextsib->sps_nextsib != NULL) { 844 if (nextsib->sps_nextsib == sps) { 845 nextsib->sps_nextsib = 846 sps->sps_nextsib; 847 break; 848 } 849 nextsib = nextsib->sps_nextsib; 850 } 851 } 852 ppa->ppa_refcnt--; 853 /* 854 * And if this stream was marked as promiscuous 855 * (SPS_PROMISC), then we need to update the 856 * promiscuous streams count. This should only happen 857 * when DL_DETACH_REQ is issued prior to marking the 858 * stream as non-promiscuous, through 859 * DL_PROMISCOFF_REQ request. 860 */ 861 if (IS_SPS_PROMISC(sps)) { 862 ASSERT(ppa->ppa_promicnt > 0); 863 ppa->ppa_promicnt--; 864 } 865 rw_exit(&ppa->ppa_sib_lock); 866 } 867 sps->sps_nextsib = NULL; 868 sps->sps_ppa = NULL; 869 freemsg(sps->sps_hangup); 870 sps->sps_hangup = NULL; 871 } 872 873 sppa_t * 874 sppp_find_ppa(uint32_t ppa_id) 875 { 876 sppa_t *ppa; 877 878 for (ppa = ppa_list; ppa != NULL; ppa = ppa->ppa_nextppa) { 879 if (ppa->ppa_ppa_id == ppa_id) { 880 break; /* found the ppa */ 881 } 882 } 883 return (ppa); 884 } 885 886 /* 887 * sppp_inner_ioctl() 888 * 889 * MT-Perimeters: 890 * exclusive inner, shared outer 891 * 892 * Description: 893 * Called by sppp_uwput as a result of receiving ioctls which require 894 * an exclusive access at the inner perimeter. 895 */ 896 static void 897 sppp_inner_ioctl(queue_t *q, mblk_t *mp) 898 { 899 spppstr_t *sps; 900 sppa_t *ppa; 901 struct iocblk *iop; 902 mblk_t *nmp; 903 int error = EINVAL; 904 int count = 0; 905 int dbgcmd; 906 int mru, mtu; 907 uint32_t ppa_id; 908 hrtime_t hrtime; 909 uint16_t proto; 910 911 ASSERT(q != NULL && q->q_ptr != NULL); 912 ASSERT(mp != NULL && mp->b_rptr != NULL); 913 914 sps = (spppstr_t *)q->q_ptr; 915 ppa = sps->sps_ppa; 916 iop = (struct iocblk *)mp->b_rptr; 917 switch (iop->ioc_cmd) { 918 case DLIOCRAW: 919 if (IS_SPS_CONTROL(sps)) { 920 break; /* return EINVAL */ 921 } 922 sps->sps_flags |= SPS_RAWDATA; 923 error = 0; /* return success */ 924 break; 925 case DL_IOC_HDR_INFO: 926 if (IS_SPS_CONTROL(sps)) { 927 break; /* return EINVAL */ 928 } else if ((mp->b_cont == NULL) || 929 *((t_uscalar_t *)mp->b_cont->b_rptr) != DL_UNITDATA_REQ || 930 (MBLKL(mp->b_cont) < (sizeof (dl_unitdata_req_t) + 931 SPPP_ADDRL))) { 932 error = EPROTO; 933 break; 934 } else if (ppa == NULL) { 935 error = ENOLINK; 936 break; 937 } 938 if ((nmp = allocb(PPP_HDRLEN, BPRI_MED)) == NULL) { 939 mutex_enter(&ppa->ppa_sta_lock); 940 ppa->ppa_allocbfail++; 941 mutex_exit(&ppa->ppa_sta_lock); 942 error = ENOMEM; 943 break; 944 } 945 *(uchar_t *)nmp->b_wptr++ = PPP_ALLSTATIONS; 946 *(uchar_t *)nmp->b_wptr++ = PPP_UI; 947 *(uchar_t *)nmp->b_wptr++ = sps->sps_sap >> 8; 948 *(uchar_t *)nmp->b_wptr++ = sps->sps_sap & 0xff; 949 ASSERT(MBLKL(nmp) == PPP_HDRLEN); 950 951 linkb(mp, nmp); 952 sps->sps_flags |= SPS_FASTPATH; 953 error = 0; /* return success */ 954 count = msgsize(nmp); 955 break; 956 case PPPIO_ATTACH: 957 if (IS_SPS_CONTROL(sps) || IS_SPS_PIOATTACH(sps) || 958 (sps->sps_dlstate != DL_UNATTACHED) || 959 (iop->ioc_count != sizeof (uint32_t))) { 960 break; /* return EINVAL */ 961 } else if (mp->b_cont == NULL) { 962 error = EPROTO; 963 break; 964 } 965 ASSERT(mp->b_cont->b_rptr != NULL); 966 /* If there's something here, it's detached. */ 967 if (ppa != NULL) { 968 sppp_remove_ppa(sps); 969 } 970 ppa_id = *(uint32_t *)mp->b_cont->b_rptr; 971 ppa = sppp_find_ppa(ppa_id); 972 /* 973 * If we can't find it, then it's either because the requestor 974 * has supplied a wrong ppa_id to be attached to, or because 975 * the control stream for the specified ppa_id has been closed 976 * before we get here. 977 */ 978 if (ppa == NULL) { 979 error = ENOENT; 980 break; 981 } 982 /* 983 * Preallocate the hangup message so that we're always 984 * able to send this upstream in the event of a 985 * catastrophic failure. 986 */ 987 if ((sps->sps_hangup = allocb(1, BPRI_MED)) == NULL) { 988 error = ENOSR; 989 break; 990 } 991 /* 992 * There are two ways to attach a stream to a ppa: one is 993 * through DLPI (DL_ATTACH_REQ) and the other is through 994 * PPPIO_ATTACH. This is why we need to distinguish whether or 995 * not a stream was allocated via PPPIO_ATTACH, so that we can 996 * properly detach it when we receive PPPIO_DETACH ioctl 997 * request. 998 */ 999 sps->sps_flags |= SPS_PIOATTACH; 1000 sps->sps_ppa = ppa; 1001 /* 1002 * Add this stream to the head of the list of sibling streams 1003 * which belong to the same ppa as specified. 1004 */ 1005 rw_enter(&ppa->ppa_sib_lock, RW_WRITER); 1006 ppa->ppa_refcnt++; 1007 sps->sps_nextsib = ppa->ppa_streams; 1008 ppa->ppa_streams = sps; 1009 rw_exit(&ppa->ppa_sib_lock); 1010 error = 0; /* return success */ 1011 break; 1012 case PPPIO_BLOCKNP: 1013 case PPPIO_UNBLOCKNP: 1014 if (iop->ioc_cr == NULL || 1015 secpolicy_net_config(iop->ioc_cr, B_FALSE) != 0) { 1016 error = EPERM; 1017 break; 1018 } 1019 error = miocpullup(mp, sizeof (uint16_t)); 1020 if (error != 0) 1021 break; 1022 ASSERT(mp->b_cont->b_rptr != NULL); 1023 proto = *(uint16_t *)mp->b_cont->b_rptr; 1024 if (iop->ioc_cmd == PPPIO_BLOCKNP) { 1025 uint32_t npflagpos = sppp_ppp2np(proto); 1026 /* 1027 * Mark proto as blocked in ppa_npflag until the 1028 * corresponding queues for proto have been plumbed. 1029 */ 1030 if (npflagpos != 0) { 1031 mutex_enter(&ppa->ppa_npmutex); 1032 ppa->ppa_npflag |= (1 << npflagpos); 1033 mutex_exit(&ppa->ppa_npmutex); 1034 } else { 1035 error = EINVAL; 1036 } 1037 } else { 1038 /* 1039 * reset ppa_npflag and release proto 1040 * packets that were being held in control queue. 1041 */ 1042 sppp_release_pkts(ppa, proto); 1043 } 1044 break; 1045 case PPPIO_DEBUG: 1046 if (iop->ioc_cr == NULL || 1047 secpolicy_net_config(iop->ioc_cr, B_FALSE) != 0) { 1048 error = EPERM; 1049 break; 1050 } else if (iop->ioc_count != sizeof (uint32_t)) { 1051 break; /* return EINVAL */ 1052 } else if (mp->b_cont == NULL) { 1053 error = EPROTO; 1054 break; 1055 } 1056 ASSERT(mp->b_cont->b_rptr != NULL); 1057 dbgcmd = *(uint32_t *)mp->b_cont->b_rptr; 1058 /* 1059 * We accept PPPDBG_LOG + PPPDBG_DRIVER value as an indication 1060 * that SPS_KDEBUG needs to be enabled for this upper stream. 1061 */ 1062 if (dbgcmd == PPPDBG_LOG + PPPDBG_DRIVER) { 1063 sps->sps_flags |= SPS_KDEBUG; 1064 error = 0; /* return success */ 1065 break; 1066 } 1067 /* 1068 * Otherwise, for any other values, we send them down only if 1069 * there is an attachment and if the attachment has something 1070 * linked underneath it. 1071 */ 1072 if ((ppa == NULL) || (ppa->ppa_lower_wq == NULL)) { 1073 error = ENOLINK; 1074 break; 1075 } 1076 mutex_enter(&ppa->ppa_sta_lock); 1077 ppa->ppa_ioctlsfwd++; 1078 mutex_exit(&ppa->ppa_sta_lock); 1079 /* 1080 * Record the ioctl CMD & ID - this will be used to check the 1081 * ACK or NAK responses coming from below. 1082 */ 1083 sps->sps_ioc_id = iop->ioc_id; 1084 putnext(ppa->ppa_lower_wq, mp); 1085 return; /* don't ack or nak the request */ 1086 case PPPIO_DETACH: 1087 if (!IS_SPS_PIOATTACH(sps)) { 1088 break; /* return EINVAL */ 1089 } 1090 /* 1091 * The SPS_PIOATTACH flag set on the stream tells us that 1092 * the ppa field is still valid. In the event that the control 1093 * stream be closed prior to this stream's detachment, the 1094 * SPS_PIOATTACH flag would have been cleared from this stream 1095 * during close; in that case we won't get here. 1096 */ 1097 ASSERT(ppa != NULL); 1098 ASSERT(ppa->ppa_ctl != sps); 1099 ASSERT(sps->sps_dlstate == DL_UNATTACHED); 1100 1101 /* 1102 * We don't actually detach anything until the stream is 1103 * closed or reattached. 1104 */ 1105 1106 sps->sps_flags &= ~SPS_PIOATTACH; 1107 error = 0; /* return success */ 1108 break; 1109 case PPPIO_LASTMOD: 1110 if (!IS_SPS_CONTROL(sps)) { 1111 break; /* return EINVAL */ 1112 } 1113 ASSERT(ppa != NULL); 1114 ppa->ppa_flags |= PPA_LASTMOD; 1115 error = 0; /* return success */ 1116 break; 1117 case PPPIO_MRU: 1118 if (!IS_SPS_CONTROL(sps) || 1119 (iop->ioc_count != sizeof (uint32_t))) { 1120 break; /* return EINVAL */ 1121 } else if (mp->b_cont == NULL) { 1122 error = EPROTO; 1123 break; 1124 } 1125 ASSERT(ppa != NULL); 1126 ASSERT(mp->b_cont->b_rptr != NULL); 1127 mru = *(uint32_t *)mp->b_cont->b_rptr; 1128 if ((mru <= 0) || (mru > PPP_MAXMRU)) { 1129 error = EPROTO; 1130 break; 1131 } 1132 if (mru < PPP_MRU) { 1133 mru = PPP_MRU; 1134 } 1135 ppa->ppa_mru = (uint16_t)mru; 1136 /* 1137 * If there's something beneath this driver for the ppa, then 1138 * inform it (or them) of the MRU size. Only do this is we 1139 * are not the last PPP module on the stream. 1140 */ 1141 if (!IS_PPA_LASTMOD(ppa) && (ppa->ppa_lower_wq != NULL)) { 1142 (void) putctl4(ppa->ppa_lower_wq, M_CTL, PPPCTL_MRU, 1143 mru); 1144 } 1145 error = 0; /* return success */ 1146 break; 1147 case PPPIO_MTU: 1148 if (!IS_SPS_CONTROL(sps) || 1149 (iop->ioc_count != sizeof (uint32_t))) { 1150 break; /* return EINVAL */ 1151 } else if (mp->b_cont == NULL) { 1152 error = EPROTO; 1153 break; 1154 } 1155 ASSERT(ppa != NULL); 1156 ASSERT(mp->b_cont->b_rptr != NULL); 1157 mtu = *(uint32_t *)mp->b_cont->b_rptr; 1158 if ((mtu <= 0) || (mtu > PPP_MAXMTU)) { 1159 error = EPROTO; 1160 break; 1161 } 1162 ppa->ppa_mtu = (uint16_t)mtu; 1163 /* 1164 * If there's something beneath this driver for the ppa, then 1165 * inform it (or them) of the MTU size. Only do this if we 1166 * are not the last PPP module on the stream. 1167 */ 1168 if (!IS_PPA_LASTMOD(ppa) && (ppa->ppa_lower_wq != NULL)) { 1169 (void) putctl4(ppa->ppa_lower_wq, M_CTL, PPPCTL_MTU, 1170 mtu); 1171 } 1172 error = 0; /* return success */ 1173 break; 1174 case PPPIO_USETIMESTAMP: 1175 if (!IS_SPS_CONTROL(sps)) { 1176 break; /* return EINVAL */ 1177 } 1178 if (!IS_PPA_TIMESTAMP(ppa)) { 1179 hrtime = gethrtime(); 1180 ppa->ppa_lasttx = ppa->ppa_lastrx = hrtime; 1181 ppa->ppa_flags |= PPA_TIMESTAMP; 1182 } 1183 error = 0; 1184 break; 1185 } 1186 1187 if (error == 0) { 1188 /* Success; tell the user */ 1189 miocack(q, mp, count, 0); 1190 } else { 1191 /* Failure; send error back upstream */ 1192 miocnak(q, mp, 0, error); 1193 } 1194 } 1195 1196 /* 1197 * sppp_outer_ioctl() 1198 * 1199 * MT-Perimeters: 1200 * exclusive inner, exclusive outer 1201 * 1202 * Description: 1203 * Called by sppp_uwput as a result of receiving ioctls which require 1204 * an exclusive access at the outer perimeter. 1205 */ 1206 static void 1207 sppp_outer_ioctl(queue_t *q, mblk_t *mp) 1208 { 1209 spppstr_t *sps; 1210 spppstr_t *nextsib; 1211 queue_t *lwq; 1212 sppa_t *ppa; 1213 struct iocblk *iop; 1214 int error = EINVAL; 1215 int count = 0; 1216 uint32_t ppa_id; 1217 mblk_t *nmp; 1218 1219 ASSERT(q != NULL && q->q_ptr != NULL); 1220 ASSERT(mp != NULL && mp->b_rptr != NULL); 1221 1222 sps = (spppstr_t *)q->q_ptr; 1223 ppa = sps->sps_ppa; 1224 iop = (struct iocblk *)mp->b_rptr; 1225 switch (iop->ioc_cmd) { 1226 case I_LINK: 1227 if (!IS_SPS_CONTROL(sps)) { 1228 break; /* return EINVAL */ 1229 } else if (ppa->ppa_lower_wq != NULL) { 1230 error = EEXIST; 1231 break; 1232 } 1233 ASSERT(ppa->ppa_ctl != NULL); 1234 ASSERT(sps->sps_npmode == NPMODE_PASS); 1235 ASSERT(mp->b_cont != NULL && mp->b_cont->b_rptr != NULL); 1236 1237 lwq = ((struct linkblk *)mp->b_cont->b_rptr)->l_qbot; 1238 ASSERT(lwq != NULL); 1239 1240 ppa->ppa_lower_wq = lwq; 1241 lwq->q_ptr = RD(lwq)->q_ptr = (caddr_t)ppa; 1242 /* 1243 * Unblock upper network streams which now feed this lower 1244 * stream. We don't need to hold ppa_sib_lock here, since we 1245 * are writer at the outer perimeter. 1246 */ 1247 if (WR(sps->sps_rq)->q_first != NULL) 1248 qenable(WR(sps->sps_rq)); 1249 for (nextsib = ppa->ppa_streams; nextsib != NULL; 1250 nextsib = nextsib->sps_nextsib) { 1251 nextsib->sps_npmode = NPMODE_PASS; 1252 if (WR(nextsib->sps_rq)->q_first != NULL) { 1253 qenable(WR(nextsib->sps_rq)); 1254 } 1255 } 1256 /* 1257 * Send useful information down to the modules which are now 1258 * linked below this driver (for this particular ppa). Only 1259 * do this if we are not the last PPP module on the stream. 1260 */ 1261 if (!IS_PPA_LASTMOD(ppa)) { 1262 (void) putctl8(lwq, M_CTL, PPPCTL_UNIT, 1263 ppa->ppa_ppa_id); 1264 (void) putctl4(lwq, M_CTL, PPPCTL_MRU, ppa->ppa_mru); 1265 (void) putctl4(lwq, M_CTL, PPPCTL_MTU, ppa->ppa_mtu); 1266 } 1267 1268 if (IS_SPS_KDEBUG(sps)) { 1269 SPDEBUG(PPP_DRV_NAME 1270 "/%d: I_LINK lwq=0x%p sps=0x%p flags=0x%b ppa=0x%p " 1271 "flags=0x%b\n", sps->sps_mn_id, 1272 (void *)ppa->ppa_lower_wq, (void *)sps, 1273 sps->sps_flags, SPS_FLAGS_STR, 1274 (void *)ppa, ppa->ppa_flags, 1275 PPA_FLAGS_STR); 1276 } 1277 error = 0; /* return success */ 1278 break; 1279 case I_UNLINK: 1280 ASSERT(IS_SPS_CONTROL(sps)); 1281 ASSERT(ppa != NULL); 1282 lwq = ppa->ppa_lower_wq; 1283 ASSERT(mp->b_cont != NULL && mp->b_cont->b_rptr != NULL); 1284 ASSERT(lwq == ((struct linkblk *)mp->b_cont->b_rptr)->l_qbot); 1285 1286 if (IS_SPS_KDEBUG(sps)) { 1287 SPDEBUG(PPP_DRV_NAME 1288 "/%d: I_UNLINK lwq=0x%p sps=0x%p flags=0x%b " 1289 "ppa=0x%p flags=0x%b\n", sps->sps_mn_id, 1290 (void *)lwq, (void *)sps, sps->sps_flags, 1291 SPS_FLAGS_STR, (void *)ppa, ppa->ppa_flags, 1292 PPA_FLAGS_STR); 1293 } 1294 /* 1295 * While accessing the outer perimeter exclusively, we 1296 * disassociate our ppa's lower_wq from the lower stream linked 1297 * beneath us, and we also disassociate our control stream from 1298 * the q_ptr of the lower stream. 1299 */ 1300 lwq->q_ptr = RD(lwq)->q_ptr = NULL; 1301 ppa->ppa_lower_wq = NULL; 1302 /* 1303 * Unblock streams which now feed back up the control stream, 1304 * and acknowledge the request. We don't need to hold 1305 * ppa_sib_lock here, since we are writer at the outer 1306 * perimeter. 1307 */ 1308 if (WR(sps->sps_rq)->q_first != NULL) 1309 qenable(WR(sps->sps_rq)); 1310 for (nextsib = ppa->ppa_streams; nextsib != NULL; 1311 nextsib = nextsib->sps_nextsib) { 1312 if (WR(nextsib->sps_rq)->q_first != NULL) { 1313 qenable(WR(nextsib->sps_rq)); 1314 } 1315 } 1316 error = 0; /* return success */ 1317 break; 1318 case PPPIO_NEWPPA: 1319 /* 1320 * Do sanity check to ensure that we don't accept PPPIO_NEWPPA 1321 * on a stream which DLPI is used (since certain DLPI messages 1322 * will cause state transition reflected in sps_dlstate, 1323 * changing it from its default DL_UNATTACHED value). In other 1324 * words, we won't allow a network/snoop stream to become 1325 * a control stream. 1326 */ 1327 if (iop->ioc_cr == NULL || 1328 secpolicy_net_config(iop->ioc_cr, B_FALSE) != 0) { 1329 error = EPERM; 1330 break; 1331 } else if (IS_SPS_CONTROL(sps) || IS_SPS_PIOATTACH(sps) || 1332 (ppa != NULL) || (sps->sps_dlstate != DL_UNATTACHED)) { 1333 break; /* return EINVAL */ 1334 } 1335 /* Get requested unit number (if any) */ 1336 if (iop->ioc_count == sizeof (uint32_t) && mp->b_cont != NULL) 1337 ppa_id = *(uint32_t *)mp->b_cont->b_rptr; 1338 else 1339 ppa_id = 0; 1340 /* Get mblk to use for response message */ 1341 nmp = allocb(sizeof (uint32_t), BPRI_MED); 1342 if (nmp == NULL) { 1343 error = ENOSR; 1344 break; 1345 } 1346 if (mp->b_cont != NULL) { 1347 freemsg(mp->b_cont); 1348 } 1349 mp->b_cont = nmp; /* chain our response mblk */ 1350 /* 1351 * Walk the global ppa list and determine the lowest 1352 * available ppa_id number to be used. 1353 */ 1354 if (ppa_id == (uint32_t)-1) 1355 ppa_id = 0; 1356 for (ppa = ppa_list; ppa != NULL; ppa = ppa->ppa_nextppa) { 1357 if (ppa_id == (uint32_t)-2) { 1358 if (ppa->ppa_ctl == NULL) 1359 break; 1360 } else { 1361 if (ppa_id < ppa->ppa_ppa_id) 1362 break; 1363 if (ppa_id == ppa->ppa_ppa_id) 1364 ++ppa_id; 1365 } 1366 } 1367 if (ppa_id == (uint32_t)-2) { 1368 if (ppa == NULL) { 1369 error = ENXIO; 1370 break; 1371 } 1372 /* Clear timestamp and lastmod flags */ 1373 ppa->ppa_flags = 0; 1374 } else { 1375 ppa = sppp_create_ppa(ppa_id); 1376 if (ppa == NULL) { 1377 error = ENOMEM; 1378 break; 1379 } 1380 } 1381 1382 sps->sps_ppa = ppa; /* chain the ppa structure */ 1383 sps->sps_npmode = NPMODE_PASS; /* network packets may travel */ 1384 sps->sps_flags |= SPS_CONTROL; /* this is the control stream */ 1385 1386 ppa->ppa_refcnt++; /* new PPA reference */ 1387 ppa->ppa_ctl = sps; /* back ptr to upper stream */ 1388 /* 1389 * Return the newly created ppa_id to the requestor and 1390 * acnowledge the request. 1391 */ 1392 *(uint32_t *)nmp->b_wptr = ppa->ppa_ppa_id; 1393 nmp->b_wptr += sizeof (uint32_t); 1394 1395 if (IS_SPS_KDEBUG(sps)) { 1396 SPDEBUG(PPP_DRV_NAME 1397 "/%d: PPPIO_NEWPPA ppa_id=%d sps=0x%p flags=0x%b " 1398 "ppa=0x%p flags=0x%b\n", sps->sps_mn_id, ppa_id, 1399 (void *)sps, sps->sps_flags, SPS_FLAGS_STR, 1400 (void *)ppa, ppa->ppa_flags, 1401 PPA_FLAGS_STR); 1402 } 1403 count = msgsize(nmp); 1404 error = 0; 1405 break; 1406 } 1407 1408 if (error == 0) { 1409 /* Success; tell the user. */ 1410 miocack(q, mp, count, 0); 1411 } else { 1412 /* Failure; send error back upstream. */ 1413 miocnak(q, mp, 0, error); 1414 } 1415 } 1416 1417 /* 1418 * sppp_send() 1419 * 1420 * MT-Perimeters: 1421 * shared inner, shared outer. 1422 * 1423 * Description: 1424 * Called by sppp_uwput to handle M_DATA message type. Returns 1425 * queue_t for putnext, or NULL to mean that the packet was 1426 * handled internally. 1427 */ 1428 static queue_t * 1429 sppp_send(queue_t *q, mblk_t **mpp, spppstr_t *sps) 1430 { 1431 mblk_t *mp; 1432 sppa_t *ppa; 1433 int is_promisc; 1434 int msize; 1435 int error = 0; 1436 queue_t *nextq; 1437 1438 ASSERT(mpp != NULL); 1439 mp = *mpp; 1440 ASSERT(q != NULL && q->q_ptr != NULL); 1441 ASSERT(mp != NULL && mp->b_rptr != NULL); 1442 ASSERT(sps != NULL); 1443 ASSERT(q->q_ptr == sps); 1444 /* 1445 * We only let M_DATA through if the sender is either the control 1446 * stream (for PPP control packets) or one of the network streams 1447 * (for IP packets) in IP fastpath mode. If this stream is not attached 1448 * to any ppas, then discard data coming down through this stream. 1449 */ 1450 ppa = sps->sps_ppa; 1451 if (ppa == NULL) { 1452 ASSERT(!IS_SPS_CONTROL(sps)); 1453 error = ENOLINK; 1454 } else if (!IS_SPS_CONTROL(sps) && !IS_SPS_FASTPATH(sps)) { 1455 error = EPROTO; 1456 } 1457 if (error != 0) { 1458 merror(q, mp, error); 1459 return (NULL); 1460 } 1461 msize = msgdsize(mp); 1462 if (msize > (ppa->ppa_mtu + PPP_HDRLEN)) { 1463 /* Log, and send it anyway */ 1464 mutex_enter(&ppa->ppa_sta_lock); 1465 ppa->ppa_otoolongs++; 1466 mutex_exit(&ppa->ppa_sta_lock); 1467 } else if (msize < PPP_HDRLEN) { 1468 /* 1469 * Log, and send it anyway. We log it because we get things 1470 * in M_DATA form here, which tells us that the sender is 1471 * either IP in fastpath transmission mode, or pppd. In both 1472 * cases, they are currently expected to send the 4-bytes 1473 * PPP header in front of any possible payloads. 1474 */ 1475 mutex_enter(&ppa->ppa_sta_lock); 1476 ppa->ppa_orunts++; 1477 mutex_exit(&ppa->ppa_sta_lock); 1478 } 1479 1480 if (IS_SPS_KDEBUG(sps)) { 1481 SPDEBUG(PPP_DRV_NAME 1482 "/%d: M_DATA send (%d bytes) sps=0x%p flags=0x%b " 1483 "ppa=0x%p flags=0x%b\n", sps->sps_mn_id, msize, 1484 (void *)sps, sps->sps_flags, SPS_FLAGS_STR, 1485 (void *)ppa, ppa->ppa_flags, PPA_FLAGS_STR); 1486 } 1487 /* 1488 * Should there be any promiscuous stream(s), send the data up 1489 * for each promiscuous stream that we recognize. Make sure that 1490 * for fastpath, we skip the PPP header in the M_DATA mblk. We skip 1491 * the control stream as we obviously never allow the control stream 1492 * to become promiscous and bind to PPP_ALLSAP. 1493 */ 1494 rw_enter(&ppa->ppa_sib_lock, RW_READER); 1495 is_promisc = sps->sps_ppa->ppa_promicnt; 1496 if (is_promisc) { 1497 ASSERT(ppa->ppa_streams != NULL); 1498 sppp_dlprsendup(ppa->ppa_streams, mp, sps->sps_sap, B_TRUE); 1499 } 1500 rw_exit(&ppa->ppa_sib_lock); 1501 /* 1502 * Only time-stamp the packet with hrtime if the upper stream 1503 * is configured to do so. PPP control (negotiation) messages 1504 * are never considered link activity; only data is activity. 1505 */ 1506 if (!IS_SPS_CONTROL(sps) && IS_PPA_TIMESTAMP(ppa)) { 1507 ppa->ppa_lasttx = gethrtime(); 1508 } 1509 /* 1510 * If there's already a message in the write-side service queue, 1511 * then queue this message there as well, otherwise, try to send 1512 * it down to the module immediately below us. 1513 */ 1514 if (q->q_first != NULL || 1515 (nextq = sppp_outpkt(q, mpp, msize, sps)) == NULL) { 1516 mp = *mpp; 1517 if (mp != NULL && putq(q, mp) == 0) { 1518 mutex_enter(&ppa->ppa_sta_lock); 1519 ppa->ppa_oqdropped++; 1520 mutex_exit(&ppa->ppa_sta_lock); 1521 freemsg(mp); 1522 } 1523 return (NULL); 1524 } 1525 return (nextq); 1526 } 1527 1528 /* 1529 * sppp_outpkt() 1530 * 1531 * MT-Perimeters: 1532 * shared inner, shared outer (if called from sppp_wput, sppp_dlunitdatareq). 1533 * exclusive inner, shared outer (if called from sppp_wsrv). 1534 * 1535 * Description: 1536 * Called from 1) sppp_uwput when processing a M_DATA fastpath message, 1537 * or 2) sppp_uwsrv when processing the upper write-side service queue. 1538 * For both cases, it prepares to send the data to the module below 1539 * this driver if there is a lower stream linked underneath. If none, then 1540 * the data will be sent upstream via the control channel to pppd. 1541 * 1542 * Returns: 1543 * Non-NULL queue_t if message should be sent now, otherwise 1544 * if *mpp == NULL, then message was freed, otherwise put *mpp 1545 * (back) on the queue. (Does not do putq/putbq, since it's 1546 * called both from srv and put procedures.) 1547 */ 1548 static queue_t * 1549 sppp_outpkt(queue_t *q, mblk_t **mpp, int msize, spppstr_t *sps) 1550 { 1551 mblk_t *mp; 1552 sppa_t *ppa; 1553 enum NPmode npmode; 1554 mblk_t *mpnew; 1555 1556 ASSERT(mpp != NULL); 1557 mp = *mpp; 1558 ASSERT(q != NULL && q->q_ptr != NULL); 1559 ASSERT(mp != NULL && mp->b_rptr != NULL); 1560 ASSERT(sps != NULL); 1561 1562 ppa = sps->sps_ppa; 1563 npmode = sps->sps_npmode; 1564 1565 if (npmode == NPMODE_QUEUE) { 1566 ASSERT(!IS_SPS_CONTROL(sps)); 1567 return (NULL); /* queue it for later */ 1568 } else if (ppa == NULL || ppa->ppa_ctl == NULL || 1569 npmode == NPMODE_DROP || npmode == NPMODE_ERROR) { 1570 /* 1571 * This can not be the control stream, as it must always have 1572 * a valid ppa, and its npmode must always be NPMODE_PASS. 1573 */ 1574 ASSERT(!IS_SPS_CONTROL(sps)); 1575 if (npmode == NPMODE_DROP) { 1576 freemsg(mp); 1577 } else { 1578 /* 1579 * If we no longer have the control stream, or if the 1580 * mode is set to NPMODE_ERROR, then we need to tell IP 1581 * that the interface need to be marked as down. In 1582 * other words, we tell IP to be quiescent. 1583 */ 1584 merror(q, mp, EPROTO); 1585 } 1586 *mpp = NULL; 1587 return (NULL); /* don't queue it */ 1588 } 1589 /* 1590 * Do we have a driver stream linked underneath ? If not, we need to 1591 * notify pppd that the link needs to be brought up and configure 1592 * this upper stream to drop subsequent outgoing packets. This is 1593 * for demand-dialing, in which case pppd has done the IP plumbing 1594 * but hasn't linked the driver stream underneath us. Therefore, when 1595 * a packet is sent down the IP interface, a notification message 1596 * will be sent up the control stream to pppd in order for it to 1597 * establish the physical link. The driver stream is then expected 1598 * to be linked underneath after physical link establishment is done. 1599 */ 1600 if (ppa->ppa_lower_wq == NULL) { 1601 ASSERT(ppa->ppa_ctl != NULL); 1602 ASSERT(ppa->ppa_ctl->sps_rq != NULL); 1603 1604 *mpp = NULL; 1605 mpnew = create_lsmsg(PPP_LINKSTAT_NEEDUP); 1606 if (mpnew == NULL) { 1607 freemsg(mp); 1608 mutex_enter(&ppa->ppa_sta_lock); 1609 ppa->ppa_allocbfail++; 1610 mutex_exit(&ppa->ppa_sta_lock); 1611 return (NULL); /* don't queue it */ 1612 } 1613 /* Include the data in the message for logging. */ 1614 mpnew->b_cont = mp; 1615 mutex_enter(&ppa->ppa_sta_lock); 1616 ppa->ppa_lsneedup++; 1617 mutex_exit(&ppa->ppa_sta_lock); 1618 /* 1619 * We need to set the mode to NPMODE_DROP, but should only 1620 * do so when this stream is not the control stream. 1621 */ 1622 if (!IS_SPS_CONTROL(sps)) { 1623 sps->sps_npmode = NPMODE_DROP; 1624 } 1625 putnext(ppa->ppa_ctl->sps_rq, mpnew); 1626 return (NULL); /* don't queue it */ 1627 } 1628 /* 1629 * If so, then try to send it down. The lower queue is only ever 1630 * detached while holding an exclusive lock on the whole driver, 1631 * so we can be confident that the lower queue is still there. 1632 */ 1633 if (bcanputnext(ppa->ppa_lower_wq, mp->b_band)) { 1634 mutex_enter(&ppa->ppa_sta_lock); 1635 ppa->ppa_stats.p.ppp_opackets++; 1636 if (IS_SPS_CONTROL(sps)) { 1637 ppa->ppa_opkt_ctl++; 1638 } 1639 ppa->ppa_stats.p.ppp_obytes += msize; 1640 mutex_exit(&ppa->ppa_sta_lock); 1641 return (ppa->ppa_lower_wq); /* don't queue it */ 1642 } 1643 return (NULL); /* queue it for later */ 1644 } 1645 1646 /* 1647 * sppp_lwsrv() 1648 * 1649 * MT-Perimeters: 1650 * exclusive inner, shared outer. 1651 * 1652 * Description: 1653 * Lower write-side service procedure. No messages are ever placed on 1654 * the write queue here, this just back-enables all upper write side 1655 * service procedures. 1656 */ 1657 void 1658 sppp_lwsrv(queue_t *q) 1659 { 1660 sppa_t *ppa; 1661 spppstr_t *nextsib; 1662 1663 ASSERT(q != NULL && q->q_ptr != NULL); 1664 ppa = (sppa_t *)q->q_ptr; 1665 ASSERT(ppa != NULL); 1666 1667 rw_enter(&ppa->ppa_sib_lock, RW_READER); 1668 if ((nextsib = ppa->ppa_ctl) != NULL && 1669 WR(nextsib->sps_rq)->q_first != NULL) 1670 qenable(WR(nextsib->sps_rq)); 1671 for (nextsib = ppa->ppa_streams; nextsib != NULL; 1672 nextsib = nextsib->sps_nextsib) { 1673 if (WR(nextsib->sps_rq)->q_first != NULL) { 1674 qenable(WR(nextsib->sps_rq)); 1675 } 1676 } 1677 rw_exit(&ppa->ppa_sib_lock); 1678 } 1679 1680 /* 1681 * sppp_lrput() 1682 * 1683 * MT-Perimeters: 1684 * shared inner, shared outer. 1685 * 1686 * Description: 1687 * Lower read-side put procedure. Messages from below get here. 1688 * Data messages are handled separately to limit stack usage 1689 * going into IP. 1690 * 1691 * Note that during I_UNLINK processing, it's possible for a downstream 1692 * message to enable upstream data (due to pass_wput() removing the 1693 * SQ_BLOCKED flag), and thus we must protect against a NULL sppa pointer. 1694 * In this case, the only thing above us is passthru, and we might as well 1695 * discard. 1696 */ 1697 void 1698 sppp_lrput(queue_t *q, mblk_t *mp) 1699 { 1700 sppa_t *ppa; 1701 spppstr_t *sps; 1702 1703 if ((ppa = q->q_ptr) == NULL) { 1704 freemsg(mp); 1705 return; 1706 } 1707 1708 sps = ppa->ppa_ctl; 1709 1710 if (MTYPE(mp) != M_DATA) { 1711 sppp_recv_nondata(q, mp, sps); 1712 } else if (sps == NULL) { 1713 freemsg(mp); 1714 } else if ((q = sppp_recv(q, &mp, sps)) != NULL) { 1715 putnext(q, mp); 1716 } 1717 } 1718 1719 /* 1720 * sppp_recv_nondata() 1721 * 1722 * MT-Perimeters: 1723 * shared inner, shared outer. 1724 * 1725 * Description: 1726 * All received non-data messages come through here. 1727 */ 1728 static void 1729 sppp_recv_nondata(queue_t *q, mblk_t *mp, spppstr_t *ctlsps) 1730 { 1731 sppa_t *ppa; 1732 spppstr_t *destsps; 1733 struct iocblk *iop; 1734 1735 ppa = (sppa_t *)q->q_ptr; 1736 ctlsps = ppa->ppa_ctl; 1737 1738 switch (MTYPE(mp)) { 1739 case M_CTL: 1740 mutex_enter(&ppa->ppa_sta_lock); 1741 if (*mp->b_rptr == PPPCTL_IERROR) { 1742 ppa->ppa_stats.p.ppp_ierrors++; 1743 ppa->ppa_ierr_low++; 1744 ppa->ppa_mctlsknown++; 1745 } else if (*mp->b_rptr == PPPCTL_OERROR) { 1746 ppa->ppa_stats.p.ppp_oerrors++; 1747 ppa->ppa_oerr_low++; 1748 ppa->ppa_mctlsknown++; 1749 } else { 1750 ppa->ppa_mctlsunknown++; 1751 } 1752 mutex_exit(&ppa->ppa_sta_lock); 1753 freemsg(mp); 1754 break; 1755 case M_IOCTL: 1756 miocnak(q, mp, 0, EINVAL); 1757 break; 1758 case M_IOCACK: 1759 case M_IOCNAK: 1760 iop = (struct iocblk *)mp->b_rptr; 1761 ASSERT(iop != NULL); 1762 /* 1763 * Attempt to match up the response with the stream that the 1764 * request came from. If ioc_id doesn't match the one that we 1765 * recorded, then discard this message. 1766 */ 1767 rw_enter(&ppa->ppa_sib_lock, RW_READER); 1768 if ((destsps = ctlsps) == NULL || 1769 destsps->sps_ioc_id != iop->ioc_id) { 1770 destsps = ppa->ppa_streams; 1771 while (destsps != NULL) { 1772 if (destsps->sps_ioc_id == iop->ioc_id) { 1773 break; /* found the upper stream */ 1774 } 1775 destsps = destsps->sps_nextsib; 1776 } 1777 } 1778 rw_exit(&ppa->ppa_sib_lock); 1779 if (destsps == NULL) { 1780 mutex_enter(&ppa->ppa_sta_lock); 1781 ppa->ppa_ioctlsfwderr++; 1782 mutex_exit(&ppa->ppa_sta_lock); 1783 freemsg(mp); 1784 break; 1785 } 1786 mutex_enter(&ppa->ppa_sta_lock); 1787 ppa->ppa_ioctlsfwdok++; 1788 mutex_exit(&ppa->ppa_sta_lock); 1789 putnext(destsps->sps_rq, mp); 1790 break; 1791 case M_HANGUP: 1792 /* 1793 * Free the original mblk_t. We don't really want to send 1794 * a M_HANGUP message upstream, so we need to translate this 1795 * message into something else. 1796 */ 1797 freemsg(mp); 1798 if (ctlsps == NULL) 1799 break; 1800 mp = create_lsmsg(PPP_LINKSTAT_HANGUP); 1801 if (mp == NULL) { 1802 mutex_enter(&ppa->ppa_sta_lock); 1803 ppa->ppa_allocbfail++; 1804 mutex_exit(&ppa->ppa_sta_lock); 1805 break; 1806 } 1807 mutex_enter(&ppa->ppa_sta_lock); 1808 ppa->ppa_lsdown++; 1809 mutex_exit(&ppa->ppa_sta_lock); 1810 putnext(ctlsps->sps_rq, mp); 1811 break; 1812 case M_FLUSH: 1813 if (*mp->b_rptr & FLUSHR) { 1814 flushq(q, FLUSHDATA); 1815 } 1816 if (*mp->b_rptr & FLUSHW) { 1817 *mp->b_rptr &= ~FLUSHR; 1818 qreply(q, mp); 1819 } else { 1820 freemsg(mp); 1821 } 1822 break; 1823 default: 1824 if (ctlsps != NULL && 1825 (queclass(mp) == QPCTL) || canputnext(ctlsps->sps_rq)) { 1826 putnext(ctlsps->sps_rq, mp); 1827 } else { 1828 mutex_enter(&ppa->ppa_sta_lock); 1829 ppa->ppa_iqdropped++; 1830 mutex_exit(&ppa->ppa_sta_lock); 1831 freemsg(mp); 1832 } 1833 break; 1834 } 1835 } 1836 1837 /* 1838 * sppp_recv() 1839 * 1840 * MT-Perimeters: 1841 * shared inner, shared outer. 1842 * 1843 * Description: 1844 * Receive function called by sppp_lrput. Finds appropriate 1845 * receive stream and does accounting. 1846 */ 1847 static queue_t * 1848 sppp_recv(queue_t *q, mblk_t **mpp, spppstr_t *ctlsps) 1849 { 1850 mblk_t *mp; 1851 int len; 1852 sppa_t *ppa; 1853 spppstr_t *destsps; 1854 mblk_t *zmp; 1855 uint32_t npflagpos; 1856 1857 ASSERT(mpp != NULL); 1858 mp = *mpp; 1859 ASSERT(q != NULL && q->q_ptr != NULL); 1860 ASSERT(mp != NULL && mp->b_rptr != NULL); 1861 ASSERT(ctlsps != NULL); 1862 ASSERT(IS_SPS_CONTROL(ctlsps)); 1863 ppa = ctlsps->sps_ppa; 1864 ASSERT(ppa != NULL && ppa->ppa_ctl != NULL); 1865 1866 len = msgdsize(mp); 1867 mutex_enter(&ppa->ppa_sta_lock); 1868 ppa->ppa_stats.p.ppp_ibytes += len; 1869 mutex_exit(&ppa->ppa_sta_lock); 1870 /* 1871 * If the entire data size of the mblk is less than the length of the 1872 * PPP header, then free it. We can't do much with such message anyway, 1873 * since we can't really determine what the PPP protocol type is. 1874 */ 1875 if (len < PPP_HDRLEN) { 1876 /* Log, and free it */ 1877 mutex_enter(&ppa->ppa_sta_lock); 1878 ppa->ppa_irunts++; 1879 mutex_exit(&ppa->ppa_sta_lock); 1880 freemsg(mp); 1881 return (NULL); 1882 } else if (len > (ppa->ppa_mru + PPP_HDRLEN)) { 1883 /* Log, and accept it anyway */ 1884 mutex_enter(&ppa->ppa_sta_lock); 1885 ppa->ppa_itoolongs++; 1886 mutex_exit(&ppa->ppa_sta_lock); 1887 } 1888 /* 1889 * We need at least be able to read the PPP protocol from the header, 1890 * so if the first message block is too small, then we concatenate the 1891 * rest of the following blocks into one message. 1892 */ 1893 if (MBLKL(mp) < PPP_HDRLEN) { 1894 zmp = msgpullup(mp, PPP_HDRLEN); 1895 freemsg(mp); 1896 mp = zmp; 1897 if (mp == NULL) { 1898 mutex_enter(&ppa->ppa_sta_lock); 1899 ppa->ppa_allocbfail++; 1900 mutex_exit(&ppa->ppa_sta_lock); 1901 return (NULL); 1902 } 1903 *mpp = mp; 1904 } 1905 /* 1906 * Hold this packet in the control-queue until 1907 * the matching network-layer upper stream for the PPP protocol (sap) 1908 * has not been plumbed and configured 1909 */ 1910 npflagpos = sppp_ppp2np(PPP_PROTOCOL(mp->b_rptr)); 1911 mutex_enter(&ppa->ppa_npmutex); 1912 if (npflagpos != 0 && (ppa->ppa_npflag & (1 << npflagpos))) { 1913 /* 1914 * proto is currently blocked; Hold up to 4 packets 1915 * in the kernel. 1916 */ 1917 if (ppa->ppa_holdpkts[npflagpos] > 3 || 1918 putq(ctlsps->sps_rq, mp) == 0) 1919 freemsg(mp); 1920 else 1921 ppa->ppa_holdpkts[npflagpos]++; 1922 mutex_exit(&ppa->ppa_npmutex); 1923 return (NULL); 1924 } 1925 mutex_exit(&ppa->ppa_npmutex); 1926 /* 1927 * Try to find a matching network-layer upper stream for the specified 1928 * PPP protocol (sap), and if none is found, send this frame up the 1929 * control stream. 1930 */ 1931 destsps = sppp_inpkt(q, mp, ctlsps); 1932 if (destsps == NULL) { 1933 mutex_enter(&ppa->ppa_sta_lock); 1934 ppa->ppa_ipkt_ctl++; 1935 mutex_exit(&ppa->ppa_sta_lock); 1936 if (canputnext(ctlsps->sps_rq)) { 1937 if (IS_SPS_KDEBUG(ctlsps)) { 1938 SPDEBUG(PPP_DRV_NAME 1939 "/%d: M_DATA recv (%d bytes) sps=0x%p " 1940 "flags=0x%b ppa=0x%p flags=0x%b\n", 1941 ctlsps->sps_mn_id, len, (void *)ctlsps, 1942 ctlsps->sps_flags, SPS_FLAGS_STR, 1943 (void *)ppa, ppa->ppa_flags, 1944 PPA_FLAGS_STR); 1945 } 1946 return (ctlsps->sps_rq); 1947 } else { 1948 mutex_enter(&ppa->ppa_sta_lock); 1949 ppa->ppa_iqdropped++; 1950 mutex_exit(&ppa->ppa_sta_lock); 1951 freemsg(mp); 1952 return (NULL); 1953 } 1954 } 1955 if (canputnext(destsps->sps_rq)) { 1956 if (IS_SPS_KDEBUG(destsps)) { 1957 SPDEBUG(PPP_DRV_NAME 1958 "/%d: M_DATA recv (%d bytes) sps=0x%p flags=0x%b " 1959 "ppa=0x%p flags=0x%b\n", destsps->sps_mn_id, len, 1960 (void *)destsps, destsps->sps_flags, 1961 SPS_FLAGS_STR, (void *)ppa, ppa->ppa_flags, 1962 PPA_FLAGS_STR); 1963 } 1964 /* 1965 * If fastpath is enabled on the network-layer stream, then 1966 * make sure we skip over the PPP header, otherwise, we wrap 1967 * the message in a DLPI message. 1968 */ 1969 if (IS_SPS_FASTPATH(destsps)) { 1970 mp->b_rptr += PPP_HDRLEN; 1971 return (destsps->sps_rq); 1972 } else { 1973 spppstr_t *uqs = (spppstr_t *)destsps->sps_rq->q_ptr; 1974 ASSERT(uqs != NULL); 1975 mp->b_rptr += PPP_HDRLEN; 1976 mp = sppp_dladdud(uqs, mp, uqs->sps_sap, B_FALSE); 1977 if (mp != NULL) { 1978 *mpp = mp; 1979 return (destsps->sps_rq); 1980 } else { 1981 mutex_enter(&ppa->ppa_sta_lock); 1982 ppa->ppa_allocbfail++; 1983 mutex_exit(&ppa->ppa_sta_lock); 1984 /* mp already freed by sppp_dladdud */ 1985 return (NULL); 1986 } 1987 } 1988 } else { 1989 mutex_enter(&ppa->ppa_sta_lock); 1990 ppa->ppa_iqdropped++; 1991 mutex_exit(&ppa->ppa_sta_lock); 1992 freemsg(mp); 1993 return (NULL); 1994 } 1995 } 1996 1997 /* 1998 * sppp_inpkt() 1999 * 2000 * MT-Perimeters: 2001 * shared inner, shared outer. 2002 * 2003 * Description: 2004 * Find the destination upper stream for the received packet, called 2005 * from sppp_recv. 2006 * 2007 * Returns: 2008 * ptr to destination upper network stream, or NULL for control stream. 2009 */ 2010 /* ARGSUSED */ 2011 static spppstr_t * 2012 sppp_inpkt(queue_t *q, mblk_t *mp, spppstr_t *ctlsps) 2013 { 2014 spppstr_t *destsps = NULL; 2015 sppa_t *ppa; 2016 uint16_t proto; 2017 int is_promisc; 2018 2019 ASSERT(q != NULL && q->q_ptr != NULL); 2020 ASSERT(mp != NULL && mp->b_rptr != NULL); 2021 ASSERT(IS_SPS_CONTROL(ctlsps)); 2022 ppa = ctlsps->sps_ppa; 2023 ASSERT(ppa != NULL); 2024 /* 2025 * From RFC 1661 (Section 2): 2026 * 2027 * The Protocol field is one or two octets, and its value identifies 2028 * the datagram encapsulated in the Information field of the packet. 2029 * The field is transmitted and received most significant octet first. 2030 * 2031 * The structure of this field is consistent with the ISO 3309 2032 * extension mechanism for address fields. All Protocols MUST be odd; 2033 * the least significant bit of the least significant octet MUST equal 2034 * "1". Also, all Protocols MUST be assigned such that the least 2035 * significant bit of the most significant octet equals "0". Frames 2036 * received which don't comply with these rules MUST be treated as 2037 * having an unrecognized Protocol. 2038 * 2039 * Protocol field values in the "0***" to "3***" range identify the 2040 * network-layer protocol of specific packets, and values in the 2041 * "8***" to "b***" range identify packets belonging to the associated 2042 * Network Control Protocols (NCPs), if any. 2043 * 2044 * Protocol field values in the "4***" to "7***" range are used for 2045 * protocols with low volume traffic which have no associated NCP. 2046 * Protocol field values in the "c***" to "f***" range identify packets 2047 * as link-layer Control Protocols (such as LCP). 2048 */ 2049 proto = PPP_PROTOCOL(mp->b_rptr); 2050 mutex_enter(&ppa->ppa_sta_lock); 2051 ppa->ppa_stats.p.ppp_ipackets++; 2052 mutex_exit(&ppa->ppa_sta_lock); 2053 /* 2054 * We check if this is not a network-layer protocol, and if so, 2055 * then send this packet up the control stream. 2056 */ 2057 if (proto > 0x7fff) { 2058 goto inpkt_done; /* send it up the control stream */ 2059 } 2060 /* 2061 * Try to grab the destination upper stream from the network-layer 2062 * stream cache for this ppa for PPP_IP (0x0021) or PPP_IPV6 (0x0057) 2063 * protocol types. Otherwise, if the type is not known to the cache, 2064 * or if its sap can't be matched with any of the upper streams, then 2065 * send this packet up the control stream so that it can be rejected. 2066 */ 2067 if (proto == PPP_IP) { 2068 destsps = ppa->ppa_ip_cache; 2069 } else if (proto == PPP_IPV6) { 2070 destsps = ppa->ppa_ip6_cache; 2071 } 2072 /* 2073 * Toss this one away up the control stream if there's no matching sap; 2074 * this way the protocol can be rejected (destsps is NULL). 2075 */ 2076 2077 inpkt_done: 2078 /* 2079 * Only time-stamp the packet with hrtime if the upper stream 2080 * is configured to do so. PPP control (negotiation) messages 2081 * are never considered link activity; only data is activity. 2082 */ 2083 if (destsps != NULL && IS_PPA_TIMESTAMP(ppa)) { 2084 ppa->ppa_lastrx = gethrtime(); 2085 } 2086 /* 2087 * Should there be any promiscuous stream(s), send the data up for 2088 * each promiscuous stream that we recognize. We skip the control 2089 * stream as we obviously never allow the control stream to become 2090 * promiscous and bind to PPP_ALLSAP. 2091 */ 2092 rw_enter(&ppa->ppa_sib_lock, RW_READER); 2093 is_promisc = ppa->ppa_promicnt; 2094 if (is_promisc) { 2095 ASSERT(ppa->ppa_streams != NULL); 2096 sppp_dlprsendup(ppa->ppa_streams, mp, proto, B_TRUE); 2097 } 2098 rw_exit(&ppa->ppa_sib_lock); 2099 return (destsps); 2100 } 2101 2102 /* 2103 * sppp_kstat_update() 2104 * 2105 * Description: 2106 * Update per-ppa kstat interface statistics. 2107 */ 2108 static int 2109 sppp_kstat_update(kstat_t *ksp, int rw) 2110 { 2111 register sppa_t *ppa; 2112 register sppp_kstats_t *pppkp; 2113 register struct pppstat64 *sp; 2114 2115 if (rw == KSTAT_WRITE) { 2116 return (EACCES); 2117 } 2118 2119 ppa = (sppa_t *)ksp->ks_private; 2120 ASSERT(ppa != NULL); 2121 2122 pppkp = (sppp_kstats_t *)ksp->ks_data; 2123 sp = &ppa->ppa_stats.p; 2124 2125 mutex_enter(&ppa->ppa_sta_lock); 2126 pppkp->allocbfail.value.ui32 = ppa->ppa_allocbfail; 2127 pppkp->mctlsfwd.value.ui32 = ppa->ppa_mctlsfwd; 2128 pppkp->mctlsfwderr.value.ui32 = ppa->ppa_mctlsfwderr; 2129 pppkp->rbytes.value.ui32 = sp->ppp_ibytes; 2130 pppkp->rbytes64.value.ui64 = sp->ppp_ibytes; 2131 pppkp->ierrors.value.ui32 = sp->ppp_ierrors; 2132 pppkp->ierrors_lower.value.ui32 = ppa->ppa_ierr_low; 2133 pppkp->ioctlsfwd.value.ui32 = ppa->ppa_ioctlsfwd; 2134 pppkp->ioctlsfwdok.value.ui32 = ppa->ppa_ioctlsfwdok; 2135 pppkp->ioctlsfwderr.value.ui32 = ppa->ppa_ioctlsfwderr; 2136 pppkp->ipackets.value.ui32 = sp->ppp_ipackets; 2137 pppkp->ipackets64.value.ui64 = sp->ppp_ipackets; 2138 pppkp->ipackets_ctl.value.ui32 = ppa->ppa_ipkt_ctl; 2139 pppkp->iqdropped.value.ui32 = ppa->ppa_iqdropped; 2140 pppkp->irunts.value.ui32 = ppa->ppa_irunts; 2141 pppkp->itoolongs.value.ui32 = ppa->ppa_itoolongs; 2142 pppkp->lsneedup.value.ui32 = ppa->ppa_lsneedup; 2143 pppkp->lsdown.value.ui32 = ppa->ppa_lsdown; 2144 pppkp->mctlsknown.value.ui32 = ppa->ppa_mctlsknown; 2145 pppkp->mctlsunknown.value.ui32 = ppa->ppa_mctlsunknown; 2146 pppkp->obytes.value.ui32 = sp->ppp_obytes; 2147 pppkp->obytes64.value.ui64 = sp->ppp_obytes; 2148 pppkp->oerrors.value.ui32 = sp->ppp_oerrors; 2149 pppkp->oerrors_lower.value.ui32 = ppa->ppa_oerr_low; 2150 pppkp->opackets.value.ui32 = sp->ppp_opackets; 2151 pppkp->opackets64.value.ui64 = sp->ppp_opackets; 2152 pppkp->opackets_ctl.value.ui32 = ppa->ppa_opkt_ctl; 2153 pppkp->oqdropped.value.ui32 = ppa->ppa_oqdropped; 2154 pppkp->otoolongs.value.ui32 = ppa->ppa_otoolongs; 2155 pppkp->orunts.value.ui32 = ppa->ppa_orunts; 2156 mutex_exit(&ppa->ppa_sta_lock); 2157 2158 return (0); 2159 } 2160 2161 /* 2162 * Turn off proto in ppa_npflag to indicate that 2163 * the corresponding network protocol has been plumbed. 2164 * Release proto packets that were being held in the control 2165 * queue in anticipation of this event. 2166 */ 2167 static void 2168 sppp_release_pkts(sppa_t *ppa, uint16_t proto) 2169 { 2170 uint32_t npflagpos = sppp_ppp2np(proto); 2171 int count; 2172 mblk_t *mp; 2173 uint16_t mp_proto; 2174 queue_t *q; 2175 spppstr_t *destsps; 2176 2177 ASSERT(ppa != NULL); 2178 2179 if (npflagpos == 0 || (ppa->ppa_npflag & (1 << npflagpos)) == 0) 2180 return; 2181 2182 mutex_enter(&ppa->ppa_npmutex); 2183 ppa->ppa_npflag &= ~(1 << npflagpos); 2184 count = ppa->ppa_holdpkts[npflagpos]; 2185 ppa->ppa_holdpkts[npflagpos] = 0; 2186 mutex_exit(&ppa->ppa_npmutex); 2187 2188 q = ppa->ppa_ctl->sps_rq; 2189 2190 while (count > 0) { 2191 mp = getq(q); 2192 ASSERT(mp != NULL); 2193 2194 mp_proto = PPP_PROTOCOL(mp->b_rptr); 2195 if (mp_proto != proto) { 2196 (void) putq(q, mp); 2197 continue; 2198 } 2199 count--; 2200 destsps = NULL; 2201 if (mp_proto == PPP_IP) { 2202 destsps = ppa->ppa_ip_cache; 2203 } else if (mp_proto == PPP_IPV6) { 2204 destsps = ppa->ppa_ip6_cache; 2205 } 2206 ASSERT(destsps != NULL); 2207 2208 if (IS_SPS_FASTPATH(destsps)) { 2209 mp->b_rptr += PPP_HDRLEN; 2210 } else { 2211 spppstr_t *uqs = (spppstr_t *)destsps->sps_rq->q_ptr; 2212 ASSERT(uqs != NULL); 2213 mp->b_rptr += PPP_HDRLEN; 2214 mp = sppp_dladdud(uqs, mp, uqs->sps_sap, B_FALSE); 2215 if (mp == NULL) { 2216 mutex_enter(&ppa->ppa_sta_lock); 2217 ppa->ppa_allocbfail++; 2218 mutex_exit(&ppa->ppa_sta_lock); 2219 /* mp already freed by sppp_dladdud */ 2220 continue; 2221 } 2222 } 2223 2224 if (canputnext(destsps->sps_rq)) { 2225 putnext(destsps->sps_rq, mp); 2226 } else { 2227 mutex_enter(&ppa->ppa_sta_lock); 2228 ppa->ppa_iqdropped++; 2229 mutex_exit(&ppa->ppa_sta_lock); 2230 freemsg(mp); 2231 continue; 2232 } 2233 } 2234 } 2235