2 * Copyright (c) 2001-2002 Packet Design, LLC.
5 * Subject to the following obligations and disclaimer of warranty,
6 * use and redistribution of this software, in source or object code
7 * forms, with or without modifications are expressly permitted by
8 * Packet Design; provided, however, that:
10 * (i) Any and all reproductions of the source or object code
11 * must include the copyright notice above and the following
12 * disclaimer of warranties; and
13 * (ii) No rights are granted, in any manner or form, to use
14 * Packet Design trademarks, including the mark "PACKET DESIGN"
15 * on advertising, endorsements, or otherwise except as such
16 * appears in the above copyright notice or in the software.
18 * THIS SOFTWARE IS BEING PROVIDED BY PACKET DESIGN "AS IS", AND
19 * TO THE MAXIMUM EXTENT PERMITTED BY LAW, PACKET DESIGN MAKES NO
20 * REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING
21 * THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED
22 * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
23 * OR NON-INFRINGEMENT. PACKET DESIGN DOES NOT WARRANT, GUARANTEE,
24 * OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS
25 * OF THE USE OF THIS SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY,
26 * RELIABILITY OR OTHERWISE. IN NO EVENT SHALL PACKET DESIGN BE
27 * LIABLE FOR ANY DAMAGES RESULTING FROM OR ARISING OUT OF ANY USE
28 * OF THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY DIRECT,
29 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL
30 * DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOSS OF
31 * USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY THEORY OF
32 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
34 * THE USE OF THIS SOFTWARE, EVEN IF PACKET DESIGN IS ADVISED OF
35 * THE POSSIBILITY OF SUCH DAMAGE.
37 * Author: Archie Cobbs <archie@freebsd.org>
43 * L2TP netgraph node type.
45 * This node type implements the lower layer of the
46 * L2TP protocol as specified in RFC 2661.
49 #include <sys/param.h>
50 #include <sys/systm.h>
51 #include <sys/kernel.h>
55 #include <sys/malloc.h>
56 #include <sys/errno.h>
57 #include <sys/libkern.h>
59 #include <netgraph/ng_message.h>
60 #include <netgraph/netgraph.h>
61 #include <netgraph/ng_parse.h>
62 #include <netgraph/ng_l2tp.h>
64 #ifdef NG_SEPARATE_MALLOC
65 static MALLOC_DEFINE(M_NETGRAPH_L2TP, "netgraph_l2tp", "netgraph l2tp node");
67 #define M_NETGRAPH_L2TP M_NETGRAPH
70 /* L2TP header format (first 2 bytes only) */
71 #define L2TP_HDR_CTRL 0x8000 /* control packet */
72 #define L2TP_HDR_LEN 0x4000 /* has length field */
73 #define L2TP_HDR_SEQ 0x0800 /* has ns, nr fields */
74 #define L2TP_HDR_OFF 0x0200 /* has offset field */
75 #define L2TP_HDR_PRIO 0x0100 /* give priority */
76 #define L2TP_HDR_VERS_MASK 0x000f /* version field mask */
77 #define L2TP_HDR_VERSION 0x0002 /* version field */
79 /* Bits that must be zero or one in first two bytes of header */
80 #define L2TP_CTRL_0BITS 0x030d /* ctrl: must be 0 */
81 #define L2TP_CTRL_1BITS 0xc802 /* ctrl: must be 1 */
82 #define L2TP_DATA_0BITS 0x800d /* data: must be 0 */
83 #define L2TP_DATA_1BITS 0x0002 /* data: must be 1 */
85 /* Standard xmit ctrl and data header bits */
86 #define L2TP_CTRL_HDR (L2TP_HDR_CTRL | L2TP_HDR_LEN \
87 | L2TP_HDR_SEQ | L2TP_HDR_VERSION)
88 #define L2TP_DATA_HDR (L2TP_HDR_VERSION) /* optional: len, seq */
90 /* Some hard coded values */
91 #define L2TP_MAX_XWIN 128 /* my max xmit window */
92 #define L2TP_MAX_REXMIT 5 /* default max rexmit */
93 #define L2TP_MAX_REXMIT_TO 30 /* default rexmit to */
94 #define L2TP_DELAYED_ACK ((hz + 19) / 20) /* delayed ack: 50 ms */
96 /* Default data sequence number configuration for new sessions */
97 #define L2TP_CONTROL_DSEQ 1 /* we are the lns */
98 #define L2TP_ENABLE_DSEQ 1 /* enable data seq # */
100 /* Compare sequence numbers using circular math */
101 #define L2TP_SEQ_DIFF(x, y) ((int)((int16_t)(x) - (int16_t)(y)))
103 #define SESSHASHSIZE 0x0020
104 #define SESSHASH(x) (((x) ^ ((x) >> 8)) & (SESSHASHSIZE - 1))
106 /* Hook private data (data session hooks only) */
107 struct ng_l2tp_hook_private {
108 struct ng_l2tp_sess_config conf; /* hook/session config */
109 struct ng_l2tp_session_stats stats; /* per sessions statistics */
110 hook_p hook; /* hook reference */
111 u_int16_t ns; /* data ns sequence number */
112 u_int16_t nr; /* data nr sequence number */
113 LIST_ENTRY(ng_l2tp_hook_private) sessions;
115 typedef struct ng_l2tp_hook_private *hookpriv_p;
118 * Sequence number state
121 * - If cwnd < ssth, we're doing slow start, otherwise congestion avoidance
122 * - The number of unacknowledged xmit packets is (ns - rack) <= seq->wmax
123 * - The first (ns - rack) mbuf's in xwin[] array are copies of these
124 * unacknowledged packets; the remainder of xwin[] consists first of
125 * zero or more further untransmitted packets in the transmit queue
126 * - We try to keep the peer's receive window as full as possible.
127 * Therefore, (i < cwnd && xwin[i] != NULL) implies (ns - rack) > i.
128 * - rack_timer is running iff (ns - rack) > 0 (unack'd xmit'd pkts)
129 * - If xack != nr, there are unacknowledged recv packet(s) (delayed ack)
130 * - xack_timer is running iff xack != nr (unack'd rec'd pkts)
133 u_int16_t ns; /* next xmit seq we send */
134 u_int16_t nr; /* next recv seq we expect */
135 u_int16_t inproc; /* packet is in processing */
136 u_int16_t rack; /* last 'nr' we rec'd */
137 u_int16_t xack; /* last 'nr' we sent */
138 u_int16_t wmax; /* peer's max recv window */
139 u_int16_t cwnd; /* current congestion window */
140 u_int16_t ssth; /* slow start threshold */
141 u_int16_t acks; /* # consecutive acks rec'd */
142 u_int16_t rexmits; /* # retransmits sent */
143 struct callout rack_timer; /* retransmit timer */
144 struct callout xack_timer; /* delayed ack timer */
145 struct mbuf *xwin[L2TP_MAX_XWIN]; /* transmit window */
146 struct mtx mtx; /* seq mutex */
149 /* Node private data */
150 struct ng_l2tp_private {
151 node_p node; /* back pointer to node */
152 hook_p ctrl; /* hook to upper layers */
153 hook_p lower; /* hook to lower layers */
154 struct ng_l2tp_config conf; /* node configuration */
155 struct ng_l2tp_stats stats; /* node statistics */
156 struct l2tp_seq seq; /* ctrl sequence number state */
157 ng_ID_t ftarget; /* failure message target */
158 LIST_HEAD(, ng_l2tp_hook_private) sesshash[SESSHASHSIZE];
160 typedef struct ng_l2tp_private *priv_p;
162 /* Netgraph node methods */
163 static ng_constructor_t ng_l2tp_constructor;
164 static ng_rcvmsg_t ng_l2tp_rcvmsg;
165 static ng_shutdown_t ng_l2tp_shutdown;
166 static ng_newhook_t ng_l2tp_newhook;
167 static ng_rcvdata_t ng_l2tp_rcvdata;
168 static ng_rcvdata_t ng_l2tp_rcvdata_lower;
169 static ng_rcvdata_t ng_l2tp_rcvdata_ctrl;
170 static ng_disconnect_t ng_l2tp_disconnect;
172 /* Internal functions */
173 static int ng_l2tp_xmit_ctrl(priv_p priv, struct mbuf *m, u_int16_t ns);
175 static void ng_l2tp_seq_init(priv_p priv);
176 static int ng_l2tp_seq_set(priv_p priv,
177 const struct ng_l2tp_seq_config *conf);
178 static int ng_l2tp_seq_adjust(priv_p priv,
179 const struct ng_l2tp_config *conf);
180 static void ng_l2tp_seq_reset(priv_p priv);
181 static void ng_l2tp_seq_failure(priv_p priv);
182 static void ng_l2tp_seq_recv_nr(priv_p priv, u_int16_t nr);
183 static void ng_l2tp_seq_xack_timeout(node_p node, hook_p hook,
184 void *arg1, int arg2);
185 static void ng_l2tp_seq_rack_timeout(node_p node, hook_p hook,
186 void *arg1, int arg2);
188 static hookpriv_p ng_l2tp_find_session(priv_p privp, u_int16_t sid);
189 static ng_fn_eachhook ng_l2tp_reset_session;
192 static void ng_l2tp_seq_check(struct l2tp_seq *seq);
195 /* Parse type for struct ng_l2tp_seq_config. */
196 static const struct ng_parse_struct_field
197 ng_l2tp_seq_config_fields[] = NG_L2TP_SEQ_CONFIG_TYPE_INFO;
198 static const struct ng_parse_type ng_l2tp_seq_config_type = {
199 &ng_parse_struct_type,
200 &ng_l2tp_seq_config_fields
203 /* Parse type for struct ng_l2tp_config */
204 static const struct ng_parse_struct_field
205 ng_l2tp_config_type_fields[] = NG_L2TP_CONFIG_TYPE_INFO;
206 static const struct ng_parse_type ng_l2tp_config_type = {
207 &ng_parse_struct_type,
208 &ng_l2tp_config_type_fields,
211 /* Parse type for struct ng_l2tp_sess_config */
212 static const struct ng_parse_struct_field
213 ng_l2tp_sess_config_type_fields[] = NG_L2TP_SESS_CONFIG_TYPE_INFO;
214 static const struct ng_parse_type ng_l2tp_sess_config_type = {
215 &ng_parse_struct_type,
216 &ng_l2tp_sess_config_type_fields,
219 /* Parse type for struct ng_l2tp_stats */
220 static const struct ng_parse_struct_field
221 ng_l2tp_stats_type_fields[] = NG_L2TP_STATS_TYPE_INFO;
222 static const struct ng_parse_type ng_l2tp_stats_type = {
223 &ng_parse_struct_type,
224 &ng_l2tp_stats_type_fields
227 /* Parse type for struct ng_l2tp_session_stats. */
228 static const struct ng_parse_struct_field
229 ng_l2tp_session_stats_type_fields[] = NG_L2TP_SESSION_STATS_TYPE_INFO;
230 static const struct ng_parse_type ng_l2tp_session_stats_type = {
231 &ng_parse_struct_type,
232 &ng_l2tp_session_stats_type_fields
235 /* List of commands and how to convert arguments to/from ASCII */
236 static const struct ng_cmdlist ng_l2tp_cmdlist[] = {
241 &ng_l2tp_config_type,
253 NGM_L2TP_SET_SESS_CONFIG,
255 &ng_l2tp_sess_config_type,
260 NGM_L2TP_GET_SESS_CONFIG,
262 &ng_parse_hint16_type,
263 &ng_l2tp_sess_config_type
281 NGM_L2TP_GETCLR_STATS,
288 NGM_L2TP_GET_SESSION_STATS,
290 &ng_parse_int16_type,
291 &ng_l2tp_session_stats_type
295 NGM_L2TP_CLR_SESSION_STATS,
297 &ng_parse_int16_type,
302 NGM_L2TP_GETCLR_SESSION_STATS,
304 &ng_parse_int16_type,
305 &ng_l2tp_session_stats_type
309 NGM_L2TP_ACK_FAILURE,
318 &ng_l2tp_seq_config_type,
324 /* Node type descriptor */
325 static struct ng_type ng_l2tp_typestruct = {
326 .version = NG_ABI_VERSION,
327 .name = NG_L2TP_NODE_TYPE,
328 .constructor = ng_l2tp_constructor,
329 .rcvmsg = ng_l2tp_rcvmsg,
330 .shutdown = ng_l2tp_shutdown,
331 .newhook = ng_l2tp_newhook,
332 .rcvdata = ng_l2tp_rcvdata,
333 .disconnect = ng_l2tp_disconnect,
334 .cmdlist = ng_l2tp_cmdlist,
336 NETGRAPH_INIT(l2tp, &ng_l2tp_typestruct);
338 /* Sequence number state sanity checking */
340 #define L2TP_SEQ_CHECK(seq) ng_l2tp_seq_check(seq)
342 #define L2TP_SEQ_CHECK(x) do { } while (0)
345 /* Whether to use m_copypacket() or m_dup() */
346 #define L2TP_COPY_MBUF m_copypacket
348 #define ERROUT(x) do { error = (x); goto done; } while (0)
350 /************************************************************************
352 ************************************************************************/
355 * Node type constructor
358 ng_l2tp_constructor(node_p node)
363 /* Allocate private structure */
364 priv = malloc(sizeof(*priv), M_NETGRAPH_L2TP, M_WAITOK | M_ZERO);
365 NG_NODE_SET_PRIVATE(node, priv);
368 /* Apply a semi-reasonable default configuration */
369 priv->conf.peer_win = 1;
370 priv->conf.rexmit_max = L2TP_MAX_REXMIT;
371 priv->conf.rexmit_max_to = L2TP_MAX_REXMIT_TO;
373 /* Initialize sequence number state */
374 ng_l2tp_seq_init(priv);
376 for (i = 0; i < SESSHASHSIZE; i++)
377 LIST_INIT(&priv->sesshash[i]);
384 * Give our OK for a hook to be added.
387 ng_l2tp_newhook(node_p node, hook_p hook, const char *name)
389 const priv_p priv = NG_NODE_PRIVATE(node);
391 /* Check hook name */
392 if (strcmp(name, NG_L2TP_HOOK_CTRL) == 0) {
393 if (priv->ctrl != NULL)
396 NG_HOOK_SET_RCVDATA(hook, ng_l2tp_rcvdata_ctrl);
397 } else if (strcmp(name, NG_L2TP_HOOK_LOWER) == 0) {
398 if (priv->lower != NULL)
401 NG_HOOK_SET_RCVDATA(hook, ng_l2tp_rcvdata_lower);
403 static const char hexdig[16] = "0123456789abcdef";
404 u_int16_t session_id;
411 /* Parse hook name to get session ID */
412 if (strncmp(name, NG_L2TP_HOOK_SESSION_P,
413 sizeof(NG_L2TP_HOOK_SESSION_P) - 1) != 0)
415 hex = name + sizeof(NG_L2TP_HOOK_SESSION_P) - 1;
416 for (session_id = i = 0; i < 4; i++) {
417 for (j = 0; j < 16 && hex[i] != hexdig[j]; j++);
420 session_id = (session_id << 4) | j;
425 /* Create hook private structure */
426 hpriv = malloc(sizeof(*hpriv),
427 M_NETGRAPH_L2TP, M_NOWAIT | M_ZERO);
430 hpriv->conf.session_id = session_id;
431 hpriv->conf.control_dseq = L2TP_CONTROL_DSEQ;
432 hpriv->conf.enable_dseq = L2TP_ENABLE_DSEQ;
434 NG_HOOK_SET_PRIVATE(hook, hpriv);
435 hash = SESSHASH(hpriv->conf.session_id);
436 LIST_INSERT_HEAD(&priv->sesshash[hash], hpriv, sessions);
444 * Receive a control message.
447 ng_l2tp_rcvmsg(node_p node, item_p item, hook_p lasthook)
449 const priv_p priv = NG_NODE_PRIVATE(node);
450 struct ng_mesg *resp = NULL;
454 NGI_GET_MSG(item, msg);
455 switch (msg->header.typecookie) {
456 case NGM_L2TP_COOKIE:
457 switch (msg->header.cmd) {
458 case NGM_L2TP_SET_CONFIG:
460 struct ng_l2tp_config *const conf =
461 (struct ng_l2tp_config *)msg->data;
463 /* Check for invalid or illegal config */
464 if (msg->header.arglen != sizeof(*conf)) {
468 conf->enabled = !!conf->enabled;
469 conf->match_id = !!conf->match_id;
470 if (priv->conf.enabled
471 && ((priv->conf.tunnel_id != 0
472 && conf->tunnel_id != priv->conf.tunnel_id)
473 || ((priv->conf.peer_id != 0
474 && conf->peer_id != priv->conf.peer_id)))) {
479 /* Save calling node as failure target */
480 priv->ftarget = NGI_RETADDR(item);
482 /* Adjust sequence number state */
483 if ((error = ng_l2tp_seq_adjust(priv, conf)) != 0)
486 /* Update node's config */
490 case NGM_L2TP_GET_CONFIG:
492 struct ng_l2tp_config *conf;
494 NG_MKRESPONSE(resp, msg, sizeof(*conf), M_NOWAIT);
499 conf = (struct ng_l2tp_config *)resp->data;
503 case NGM_L2TP_SET_SESS_CONFIG:
505 struct ng_l2tp_sess_config *const conf =
506 (struct ng_l2tp_sess_config *)msg->data;
509 /* Check for invalid or illegal config. */
510 if (msg->header.arglen != sizeof(*conf)) {
515 /* Find matching hook */
516 hpriv = ng_l2tp_find_session(priv, conf->session_id);
522 /* Update hook's config */
526 case NGM_L2TP_GET_SESS_CONFIG:
528 struct ng_l2tp_sess_config *conf;
529 u_int16_t session_id;
533 if (msg->header.arglen != sizeof(session_id)) {
537 memcpy(&session_id, msg->data, 2);
539 /* Find matching hook */
540 hpriv = ng_l2tp_find_session(priv, session_id);
547 NG_MKRESPONSE(resp, msg, sizeof(hpriv->conf), M_NOWAIT);
552 conf = (struct ng_l2tp_sess_config *)resp->data;
556 case NGM_L2TP_GET_STATS:
557 case NGM_L2TP_CLR_STATS:
558 case NGM_L2TP_GETCLR_STATS:
560 if (msg->header.cmd != NGM_L2TP_CLR_STATS) {
561 NG_MKRESPONSE(resp, msg,
562 sizeof(priv->stats), M_NOWAIT);
568 &priv->stats, sizeof(priv->stats));
570 if (msg->header.cmd != NGM_L2TP_GET_STATS)
571 memset(&priv->stats, 0, sizeof(priv->stats));
574 case NGM_L2TP_GET_SESSION_STATS:
575 case NGM_L2TP_CLR_SESSION_STATS:
576 case NGM_L2TP_GETCLR_SESSION_STATS:
581 /* Get session ID. */
582 if (msg->header.arglen != sizeof(session_id)) {
586 bcopy(msg->data, &session_id, sizeof(uint16_t));
588 /* Find matching hook. */
589 hpriv = ng_l2tp_find_session(priv, session_id);
595 if (msg->header.cmd != NGM_L2TP_CLR_SESSION_STATS) {
596 NG_MKRESPONSE(resp, msg,
597 sizeof(hpriv->stats), M_NOWAIT);
602 bcopy(&hpriv->stats, resp->data,
603 sizeof(hpriv->stats));
605 if (msg->header.cmd != NGM_L2TP_GET_SESSION_STATS)
606 bzero(&hpriv->stats, sizeof(hpriv->stats));
609 case NGM_L2TP_SET_SEQ:
611 struct ng_l2tp_seq_config *const conf =
612 (struct ng_l2tp_seq_config *)msg->data;
614 /* Check for invalid or illegal seq config. */
615 if (msg->header.arglen != sizeof(*conf)) {
619 conf->ns = htons(conf->ns);
620 conf->nr = htons(conf->nr);
621 conf->rack = htons(conf->rack);
622 conf->xack = htons(conf->xack);
624 /* Set sequence numbers. */
625 error = ng_l2tp_seq_set(priv, conf);
639 NG_RESPOND_MSG(error, node, item, resp);
648 ng_l2tp_shutdown(node_p node)
650 const priv_p priv = NG_NODE_PRIVATE(node);
651 struct l2tp_seq *const seq = &priv->seq;
656 /* Reset sequence number state */
657 ng_l2tp_seq_reset(priv);
659 /* Free private data if neither timer is running */
660 ng_uncallout(&seq->rack_timer, node);
661 ng_uncallout(&seq->xack_timer, node);
663 mtx_destroy(&seq->mtx);
665 free(priv, M_NETGRAPH_L2TP);
676 ng_l2tp_disconnect(hook_p hook)
678 const node_p node = NG_HOOK_NODE(hook);
679 const priv_p priv = NG_NODE_PRIVATE(node);
681 /* Zero out hook pointer */
682 if (hook == priv->ctrl)
684 else if (hook == priv->lower)
687 const hookpriv_p hpriv = NG_HOOK_PRIVATE(hook);
688 LIST_REMOVE(hpriv, sessions);
689 free(hpriv, M_NETGRAPH_L2TP);
690 NG_HOOK_SET_PRIVATE(hook, NULL);
693 /* Go away if no longer connected to anything */
694 if (NG_NODE_NUMHOOKS(node) == 0 && NG_NODE_IS_VALID(node))
695 ng_rmnode_self(node);
699 /*************************************************************************
701 *************************************************************************/
704 * Find the hook with a given session ID.
707 ng_l2tp_find_session(priv_p privp, u_int16_t sid)
709 uint16_t hash = SESSHASH(sid);
710 hookpriv_p hpriv = NULL;
712 LIST_FOREACH(hpriv, &privp->sesshash[hash], sessions) {
713 if (hpriv->conf.session_id == sid)
721 * Reset a hook's session state.
724 ng_l2tp_reset_session(hook_p hook, void *arg)
726 const hookpriv_p hpriv = NG_HOOK_PRIVATE(hook);
729 hpriv->conf.control_dseq = 0;
730 hpriv->conf.enable_dseq = 0;
731 bzero(&hpriv->stats, sizeof(struct ng_l2tp_session_stats));
739 * Handle an incoming frame from below.
742 ng_l2tp_rcvdata_lower(hook_p h, item_p item)
744 static const u_int16_t req_bits[2][2] = {
745 { L2TP_DATA_0BITS, L2TP_DATA_1BITS },
746 { L2TP_CTRL_0BITS, L2TP_CTRL_1BITS },
748 const node_p node = NG_HOOK_NODE(h);
749 const priv_p priv = NG_NODE_PRIVATE(node);
750 hookpriv_p hpriv = NULL;
761 L2TP_SEQ_CHECK(&priv->seq);
763 /* If not configured, reject */
764 if (!priv->conf.enabled) {
772 /* Remember full packet length; needed for per session accounting. */
773 plen = m->m_pkthdr.len;
776 priv->stats.recvPackets++;
777 priv->stats.recvOctets += plen;
779 /* Get initial header */
780 if (m->m_pkthdr.len < 6) {
781 priv->stats.recvRunts++;
786 if (m->m_len < 2 && (m = m_pullup(m, 2)) == NULL) {
787 priv->stats.memoryFailures++;
791 hdr = (mtod(m, uint8_t *)[0] << 8) + mtod(m, uint8_t *)[1];
794 /* Check required header bits and minimum length */
795 is_ctrl = (hdr & L2TP_HDR_CTRL) != 0;
796 if ((hdr & req_bits[is_ctrl][0]) != 0
797 || (~hdr & req_bits[is_ctrl][1]) != 0) {
798 priv->stats.recvInvalid++;
803 if (m->m_pkthdr.len < 4 /* tunnel, session id */
804 + (2 * ((hdr & L2TP_HDR_LEN) != 0)) /* length field */
805 + (4 * ((hdr & L2TP_HDR_SEQ) != 0)) /* seq # fields */
806 + (2 * ((hdr & L2TP_HDR_OFF) != 0))) { /* offset field */
807 priv->stats.recvRunts++;
813 /* Get and validate length field if present */
814 if ((hdr & L2TP_HDR_LEN) != 0) {
815 if (m->m_len < 2 && (m = m_pullup(m, 2)) == NULL) {
816 priv->stats.memoryFailures++;
820 len = (mtod(m, uint8_t *)[0] << 8) + mtod(m, uint8_t *)[1] - 4;
822 if (len < 0 || len > m->m_pkthdr.len) {
823 priv->stats.recvInvalid++;
828 if (len < m->m_pkthdr.len) /* trim extra bytes */
829 m_adj(m, -(m->m_pkthdr.len - len));
832 /* Get tunnel ID and session ID */
833 if (m->m_len < 4 && (m = m_pullup(m, 4)) == NULL) {
834 priv->stats.memoryFailures++;
838 tid = (mtod(m, u_int8_t *)[0] << 8) + mtod(m, u_int8_t *)[1];
839 sid = (mtod(m, u_int8_t *)[2] << 8) + mtod(m, u_int8_t *)[3];
842 /* Check tunnel ID */
843 if (tid != priv->conf.tunnel_id &&
844 (priv->conf.match_id || tid != 0)) {
845 priv->stats.recvWrongTunnel++;
848 ERROUT(EADDRNOTAVAIL);
851 /* Check session ID (for data packets only) */
852 if ((hdr & L2TP_HDR_CTRL) == 0) {
853 hpriv = ng_l2tp_find_session(priv, sid);
855 priv->stats.recvUnknownSID++;
863 /* Get Ns, Nr fields if present */
864 if ((hdr & L2TP_HDR_SEQ) != 0) {
865 if (m->m_len < 4 && (m = m_pullup(m, 4)) == NULL) {
866 priv->stats.memoryFailures++;
870 ns = (mtod(m, u_int8_t *)[0] << 8) + mtod(m, u_int8_t *)[1];
871 nr = (mtod(m, u_int8_t *)[2] << 8) + mtod(m, u_int8_t *)[3];
876 /* Strip offset padding if present */
877 if ((hdr & L2TP_HDR_OFF) != 0) {
880 /* Get length of offset padding */
881 if (m->m_len < 2 && (m = m_pullup(m, 2)) == NULL) {
882 priv->stats.memoryFailures++;
886 offset = (mtod(m, u_int8_t *)[0] << 8) + mtod(m, u_int8_t *)[1];
888 /* Trim offset padding */
889 if ((2+offset) > m->m_pkthdr.len) {
890 priv->stats.recvInvalid++;
898 /* Handle control packets */
899 if ((hdr & L2TP_HDR_CTRL) != 0) {
900 struct l2tp_seq *const seq = &priv->seq;
902 /* Handle receive ack sequence number Nr */
903 ng_l2tp_seq_recv_nr(priv, nr);
905 /* Discard ZLB packets */
906 if (m->m_pkthdr.len == 0) {
907 priv->stats.recvZLBs++;
915 * If not what we expect or we are busy, drop packet and
916 * send an immediate ZLB ack.
918 if (ns != seq->nr || seq->inproc) {
919 if (L2TP_SEQ_DIFF(ns, seq->nr) <= 0)
920 priv->stats.recvDuplicates++;
922 priv->stats.recvOutOfOrder++;
923 mtx_unlock(&seq->mtx);
924 ng_l2tp_xmit_ctrl(priv, NULL, seq->ns);
930 * Until we deliver this packet we can't receive next one as
931 * we have no information for sending ack.
934 mtx_unlock(&seq->mtx);
936 /* Prepend session ID to packet. */
937 M_PREPEND(m, 2, M_DONTWAIT);
940 priv->stats.memoryFailures++;
944 mtod(m, u_int8_t *)[0] = sid >> 8;
945 mtod(m, u_int8_t *)[1] = sid & 0xff;
947 /* Deliver packet to upper layers */
948 NG_FWD_NEW_DATA(error, item, priv->ctrl, m);
951 /* Ready to process next packet. */
954 /* If packet was successfully delivered send ack. */
956 /* Update recv sequence number */
958 /* Start receive ack timer, if not already running */
959 if (!callout_active(&seq->xack_timer)) {
960 ng_callout(&seq->xack_timer, priv->node, NULL,
961 L2TP_DELAYED_ACK, ng_l2tp_seq_xack_timeout,
965 mtx_unlock(&seq->mtx);
970 /* Per session packet, account it. */
971 hpriv->stats.recvPackets++;
972 hpriv->stats.recvOctets += plen;
974 /* Follow peer's lead in data sequencing, if configured to do so */
975 if (!hpriv->conf.control_dseq)
976 hpriv->conf.enable_dseq = ((hdr & L2TP_HDR_SEQ) != 0);
978 /* Handle data sequence numbers if present and enabled */
979 if ((hdr & L2TP_HDR_SEQ) != 0) {
980 if (hpriv->conf.enable_dseq
981 && L2TP_SEQ_DIFF(ns, hpriv->nr) < 0) {
982 NG_FREE_ITEM(item); /* duplicate or out of order */
984 priv->stats.recvDataDrops++;
990 /* Drop empty data packets */
991 if (m->m_pkthdr.len == 0) {
998 NG_FWD_NEW_DATA(error, item, hook, m);
1001 L2TP_SEQ_CHECK(&priv->seq);
1006 * Handle an outgoing control frame.
1009 ng_l2tp_rcvdata_ctrl(hook_p hook, item_p item)
1011 const node_p node = NG_HOOK_NODE(hook);
1012 const priv_p priv = NG_NODE_PRIVATE(node);
1013 struct l2tp_seq *const seq = &priv->seq;
1020 L2TP_SEQ_CHECK(&priv->seq);
1022 /* If not configured, reject */
1023 if (!priv->conf.enabled) {
1028 /* Grab mbuf and discard other stuff XXX */
1032 /* Packet should have session ID prepended */
1033 if (m->m_pkthdr.len < 2) {
1034 priv->stats.xmitInvalid++;
1039 /* Check max length */
1040 if (m->m_pkthdr.len >= 0x10000 - 14) {
1041 priv->stats.xmitTooBig++;
1046 mtx_lock(&seq->mtx);
1048 /* Find next empty slot in transmit queue */
1049 for (i = 0; i < L2TP_MAX_XWIN && seq->xwin[i] != NULL; i++);
1050 if (i == L2TP_MAX_XWIN) {
1051 mtx_unlock(&seq->mtx);
1052 priv->stats.xmitDrops++;
1058 /* If peer's receive window is already full, nothing else to do */
1059 if (i >= seq->cwnd) {
1060 mtx_unlock(&seq->mtx);
1064 /* Start retransmit timer if not already running */
1065 if (!callout_active(&seq->rack_timer))
1066 ng_callout(&seq->rack_timer, node, NULL,
1067 hz, ng_l2tp_seq_rack_timeout, NULL, 0);
1071 mtx_unlock(&seq->mtx);
1074 if ((m = L2TP_COPY_MBUF(m, M_DONTWAIT)) == NULL) {
1075 priv->stats.memoryFailures++;
1079 /* Send packet and increment xmit sequence number */
1080 error = ng_l2tp_xmit_ctrl(priv, m, ns);
1083 L2TP_SEQ_CHECK(&priv->seq);
1088 * Handle an outgoing data frame.
1091 ng_l2tp_rcvdata(hook_p hook, item_p item)
1093 const priv_p priv = NG_NODE_PRIVATE(NG_HOOK_NODE(hook));
1094 const hookpriv_p hpriv = NG_HOOK_PRIVATE(hook);
1102 L2TP_SEQ_CHECK(&priv->seq);
1104 /* If not configured, reject */
1105 if (!priv->conf.enabled) {
1113 /* Check max length */
1114 if (m->m_pkthdr.len >= 0x10000 - 12) {
1115 priv->stats.xmitDataTooBig++;
1121 /* Prepend L2TP header */
1123 + (2 * (hpriv->conf.include_length != 0))
1124 + (4 * (hpriv->conf.enable_dseq != 0)),
1127 priv->stats.memoryFailures++;
1131 p = mtod(m, uint8_t *);
1132 hdr = L2TP_DATA_HDR;
1133 if (hpriv->conf.include_length) {
1134 hdr |= L2TP_HDR_LEN;
1135 p[i++] = m->m_pkthdr.len >> 8;
1136 p[i++] = m->m_pkthdr.len & 0xff;
1138 p[i++] = priv->conf.peer_id >> 8;
1139 p[i++] = priv->conf.peer_id & 0xff;
1140 p[i++] = hpriv->conf.peer_id >> 8;
1141 p[i++] = hpriv->conf.peer_id & 0xff;
1142 if (hpriv->conf.enable_dseq) {
1143 hdr |= L2TP_HDR_SEQ;
1144 p[i++] = hpriv->ns >> 8;
1145 p[i++] = hpriv->ns & 0xff;
1146 p[i++] = hpriv->nr >> 8;
1147 p[i++] = hpriv->nr & 0xff;
1153 /* Update per session stats. */
1154 hpriv->stats.xmitPackets++;
1155 hpriv->stats.xmitOctets += m->m_pkthdr.len;
1157 /* And the global one. */
1158 priv->stats.xmitPackets++;
1159 priv->stats.xmitOctets += m->m_pkthdr.len;
1162 NG_FWD_NEW_DATA(error, item, priv->lower, m);
1165 L2TP_SEQ_CHECK(&priv->seq);
1170 * Send a message to our controlling node that we've failed.
1173 ng_l2tp_seq_failure(priv_p priv)
1175 struct ng_mesg *msg;
1178 NG_MKMESSAGE(msg, NGM_L2TP_COOKIE, NGM_L2TP_ACK_FAILURE, 0, M_NOWAIT);
1181 NG_SEND_MSG_ID(error, priv->node, msg, priv->ftarget, 0);
1184 /************************************************************************
1185 SEQUENCE NUMBER HANDLING
1186 ************************************************************************/
1189 * Initialize sequence number state.
1192 ng_l2tp_seq_init(priv_p priv)
1194 struct l2tp_seq *const seq = &priv->seq;
1196 KASSERT(priv->conf.peer_win >= 1,
1197 ("%s: peer_win is zero", __func__));
1198 memset(seq, 0, sizeof(*seq));
1200 seq->wmax = priv->conf.peer_win;
1201 if (seq->wmax > L2TP_MAX_XWIN)
1202 seq->wmax = L2TP_MAX_XWIN;
1203 seq->ssth = seq->wmax;
1204 ng_callout_init(&seq->rack_timer);
1205 ng_callout_init(&seq->xack_timer);
1206 mtx_init(&seq->mtx, "ng_l2tp", NULL, MTX_DEF);
1207 L2TP_SEQ_CHECK(seq);
1211 * Set sequence number state as given from user.
1214 ng_l2tp_seq_set(priv_p priv, const struct ng_l2tp_seq_config *conf)
1216 struct l2tp_seq *const seq = &priv->seq;
1218 /* If node is enabled, deny update to sequence numbers. */
1219 if (priv->conf.enabled)
1222 /* We only can handle the simple cases. */
1223 if (conf->xack != conf->nr || conf->ns != conf->rack)
1226 /* Set ns,nr,rack,xack parameters. */
1229 seq->rack = conf->rack;
1230 seq->xack = conf->xack;
1236 * Adjust sequence number state accordingly after reconfiguration.
1239 ng_l2tp_seq_adjust(priv_p priv, const struct ng_l2tp_config *conf)
1241 struct l2tp_seq *const seq = &priv->seq;
1244 /* If disabling node, reset state sequence number */
1245 if (!conf->enabled) {
1246 ng_l2tp_seq_reset(priv);
1250 /* Adjust peer's max recv window; it can only increase */
1251 new_wmax = conf->peer_win;
1252 if (new_wmax > L2TP_MAX_XWIN)
1253 new_wmax = L2TP_MAX_XWIN;
1256 if (new_wmax < seq->wmax)
1258 seq->wmax = new_wmax;
1265 * Reset sequence number state.
1268 ng_l2tp_seq_reset(priv_p priv)
1270 struct l2tp_seq *const seq = &priv->seq;
1275 L2TP_SEQ_CHECK(seq);
1278 ng_uncallout(&seq->rack_timer, priv->node);
1279 ng_uncallout(&seq->xack_timer, priv->node);
1281 /* Free retransmit queue */
1282 for (i = 0; i < L2TP_MAX_XWIN; i++) {
1283 if (seq->xwin[i] == NULL)
1285 m_freem(seq->xwin[i]);
1288 /* Reset session hooks' sequence number states */
1289 NG_NODE_FOREACH_HOOK(priv->node, ng_l2tp_reset_session, NULL, hook);
1291 /* Reset node's sequence number state */
1296 seq->wmax = L2TP_MAX_XWIN;
1298 seq->ssth = seq->wmax;
1301 bzero(seq->xwin, sizeof(seq->xwin));
1304 L2TP_SEQ_CHECK(seq);
1308 * Handle receipt of an acknowledgement value (Nr) from peer.
1311 ng_l2tp_seq_recv_nr(priv_p priv, u_int16_t nr)
1313 struct l2tp_seq *const seq = &priv->seq;
1314 struct mbuf *xwin[L2TP_MAX_XWIN]; /* partial local copy */
1319 mtx_lock(&seq->mtx);
1321 /* Verify peer's ACK is in range */
1322 if ((nack = L2TP_SEQ_DIFF(nr, seq->rack)) <= 0) {
1323 mtx_unlock(&seq->mtx);
1324 return; /* duplicate ack */
1326 if (L2TP_SEQ_DIFF(nr, seq->ns) > 0) {
1327 mtx_unlock(&seq->mtx);
1328 priv->stats.recvBadAcks++; /* ack for packet not sent */
1331 KASSERT(nack <= L2TP_MAX_XWIN,
1332 ("%s: nack=%d > %d", __func__, nack, L2TP_MAX_XWIN));
1334 /* Update receive ack stats */
1338 /* Free acknowledged packets and shift up packets in the xmit queue */
1339 for (i = 0; i < nack; i++)
1340 m_freem(seq->xwin[i]);
1341 memmove(seq->xwin, seq->xwin + nack,
1342 (L2TP_MAX_XWIN - nack) * sizeof(*seq->xwin));
1343 memset(seq->xwin + (L2TP_MAX_XWIN - nack), 0,
1344 nack * sizeof(*seq->xwin));
1347 * Do slow-start/congestion avoidance windowing algorithm described
1348 * in RFC 2661, Appendix A. Here we handle a multiple ACK as if each
1349 * ACK had arrived separately.
1351 if (seq->cwnd < seq->wmax) {
1353 /* Handle slow start phase */
1354 if (seq->cwnd < seq->ssth) {
1357 if (seq->cwnd > seq->ssth) { /* into cg.av. phase */
1358 nack = seq->cwnd - seq->ssth;
1359 seq->cwnd = seq->ssth;
1363 /* Handle congestion avoidance phase */
1364 if (seq->cwnd >= seq->ssth) {
1366 while (seq->acks >= seq->cwnd) {
1367 seq->acks -= seq->cwnd;
1368 if (seq->cwnd < seq->wmax)
1374 /* Stop xmit timer */
1375 if (callout_active(&seq->rack_timer))
1376 ng_uncallout(&seq->rack_timer, priv->node);
1378 /* If transmit queue is empty, we're done for now */
1379 if (seq->xwin[0] == NULL) {
1380 mtx_unlock(&seq->mtx);
1384 /* Start restransmit timer again */
1385 ng_callout(&seq->rack_timer, priv->node, NULL,
1386 hz, ng_l2tp_seq_rack_timeout, NULL, 0);
1389 * Send more packets, trying to keep peer's receive window full.
1390 * Make copy of everything we need before lock release.
1394 while ((i = L2TP_SEQ_DIFF(seq->ns, seq->rack)) < seq->cwnd
1395 && seq->xwin[i] != NULL) {
1396 xwin[j++] = seq->xwin[i];
1400 mtx_unlock(&seq->mtx);
1404 * If there is a memory error, pretend packet was sent, as it
1405 * will get retransmitted later anyway.
1407 for (i = 0; i < j; i++) {
1409 if ((m = L2TP_COPY_MBUF(xwin[i], M_DONTWAIT)) == NULL)
1410 priv->stats.memoryFailures++;
1412 ng_l2tp_xmit_ctrl(priv, m, ns);
1418 * Handle an ack timeout. We have an outstanding ack that we
1419 * were hoping to piggy-back, but haven't, so send a ZLB.
1422 ng_l2tp_seq_xack_timeout(node_p node, hook_p hook, void *arg1, int arg2)
1424 const priv_p priv = NG_NODE_PRIVATE(node);
1425 struct l2tp_seq *const seq = &priv->seq;
1427 /* Make sure callout is still active before doing anything */
1428 if (callout_pending(&seq->xack_timer) ||
1429 (!callout_active(&seq->xack_timer)))
1433 L2TP_SEQ_CHECK(seq);
1436 ng_l2tp_xmit_ctrl(priv, NULL, seq->ns);
1438 /* callout_deactivate() is not needed here
1439 as ng_uncallout() was called by ng_l2tp_xmit_ctrl() */
1442 L2TP_SEQ_CHECK(seq);
1446 * Handle a transmit timeout. The peer has failed to respond
1447 * with an ack for our packet, so retransmit it.
1450 ng_l2tp_seq_rack_timeout(node_p node, hook_p hook, void *arg1, int arg2)
1452 const priv_p priv = NG_NODE_PRIVATE(node);
1453 struct l2tp_seq *const seq = &priv->seq;
1457 /* Make sure callout is still active before doing anything */
1458 if (callout_pending(&seq->rack_timer) ||
1459 (!callout_active(&seq->rack_timer)))
1463 L2TP_SEQ_CHECK(seq);
1465 priv->stats.xmitRetransmits++;
1467 /* Have we reached the retransmit limit? If so, notify owner. */
1468 if (seq->rexmits++ >= priv->conf.rexmit_max)
1469 ng_l2tp_seq_failure(priv);
1471 /* Restart timer, this time with an increased delay */
1472 delay = (seq->rexmits > 12) ? (1 << 12) : (1 << seq->rexmits);
1473 if (delay > priv->conf.rexmit_max_to)
1474 delay = priv->conf.rexmit_max_to;
1475 ng_callout(&seq->rack_timer, node, NULL,
1476 hz * delay, ng_l2tp_seq_rack_timeout, NULL, 0);
1478 /* Do slow-start/congestion algorithm windowing algorithm */
1479 seq->ns = seq->rack;
1480 seq->ssth = (seq->cwnd + 1) / 2;
1484 /* Retransmit oldest unack'd packet */
1485 if ((m = L2TP_COPY_MBUF(seq->xwin[0], M_DONTWAIT)) == NULL)
1486 priv->stats.memoryFailures++;
1488 ng_l2tp_xmit_ctrl(priv, m, seq->ns++);
1490 /* callout_deactivate() is not needed here
1491 as ng_callout() is getting called each time */
1494 L2TP_SEQ_CHECK(seq);
1498 * Transmit a control stream packet, payload optional.
1499 * The transmit sequence number is not incremented.
1502 ng_l2tp_xmit_ctrl(priv_p priv, struct mbuf *m, u_int16_t ns)
1504 struct l2tp_seq *const seq = &priv->seq;
1506 u_int16_t session_id = 0;
1509 mtx_lock(&seq->mtx);
1511 /* Stop ack timer: we're sending an ack with this packet.
1512 Doing this before to keep state predictable after error. */
1513 if (callout_active(&seq->xack_timer))
1514 ng_uncallout(&seq->xack_timer, priv->node);
1516 seq->xack = seq->nr;
1518 mtx_unlock(&seq->mtx);
1520 /* If no mbuf passed, send an empty packet (ZLB) */
1523 /* Create a new mbuf for ZLB packet */
1524 MGETHDR(m, M_DONTWAIT, MT_DATA);
1526 priv->stats.memoryFailures++;
1529 m->m_len = m->m_pkthdr.len = 12;
1530 m->m_pkthdr.rcvif = NULL;
1531 priv->stats.xmitZLBs++;
1534 /* Strip off session ID */
1535 if (m->m_len < 2 && (m = m_pullup(m, 2)) == NULL) {
1536 priv->stats.memoryFailures++;
1539 session_id = (mtod(m, u_int8_t *)[0] << 8) + mtod(m, u_int8_t *)[1];
1541 /* Make room for L2TP header */
1542 M_PREPEND(m, 10, M_DONTWAIT); /* - 2 + 12 = 10 */
1544 priv->stats.memoryFailures++;
1549 /* Fill in L2TP header */
1550 p = mtod(m, u_int8_t *);
1551 p[0] = L2TP_CTRL_HDR >> 8;
1552 p[1] = L2TP_CTRL_HDR & 0xff;
1553 p[2] = m->m_pkthdr.len >> 8;
1554 p[3] = m->m_pkthdr.len & 0xff;
1555 p[4] = priv->conf.peer_id >> 8;
1556 p[5] = priv->conf.peer_id & 0xff;
1557 p[6] = session_id >> 8;
1558 p[7] = session_id & 0xff;
1561 p[10] = seq->nr >> 8;
1562 p[11] = seq->nr & 0xff;
1564 /* Update sequence number info and stats */
1565 priv->stats.xmitPackets++;
1566 priv->stats.xmitOctets += m->m_pkthdr.len;
1569 NG_SEND_DATA_ONLY(error, priv->lower, m);
1575 * Sanity check sequence number state.
1578 ng_l2tp_seq_check(struct l2tp_seq *seq)
1580 int self_unack, peer_unack;
1583 #define CHECK(p) KASSERT((p), ("%s: not: %s", __func__, #p))
1585 mtx_lock(&seq->mtx);
1587 self_unack = L2TP_SEQ_DIFF(seq->nr, seq->xack);
1588 peer_unack = L2TP_SEQ_DIFF(seq->ns, seq->rack);
1589 CHECK(seq->wmax <= L2TP_MAX_XWIN);
1590 CHECK(seq->cwnd >= 1);
1591 CHECK(seq->cwnd <= seq->wmax);
1592 CHECK(seq->ssth >= 1);
1593 CHECK(seq->ssth <= seq->wmax);
1594 if (seq->cwnd < seq->ssth)
1595 CHECK(seq->acks == 0);
1597 CHECK(seq->acks <= seq->cwnd);
1598 CHECK(self_unack >= 0);
1599 CHECK(peer_unack >= 0);
1600 CHECK(peer_unack <= seq->wmax);
1601 CHECK((self_unack == 0) ^ callout_active(&seq->xack_timer));
1602 CHECK((peer_unack == 0) ^ callout_active(&seq->rack_timer));
1603 for (i = 0; i < peer_unack; i++)
1604 CHECK(seq->xwin[i] != NULL);
1605 for ( ; i < seq->cwnd; i++) /* verify peer's recv window full */
1606 CHECK(seq->xwin[i] == NULL);
1608 mtx_unlock(&seq->mtx);
1612 #endif /* INVARIANTS */
projects / FreeBSD / releng / 9.2.git / blob