We must enter NET_EPOCH before calling ether_output_frame(). Several of the
functions it calls (pfil_run_hooks, if_transmit) expect to be running in the
NET_EPOCH.
While here remove an unneeded EPOCH entry (which wasn't wide enough to cover
BRIDGE_INPUT).
PR: 248958
Reviewed by: glebius, bz (previous version), melifaro (previous version)
Tested by: manu
Differential Revision: https://reviews.freebsd.org/D26226
A few ISP filter PADI requests based on such tag,
to force the use of their own routers.
The custom Host-Uniq tag is passed in the NGM_PPPOE_CONNECT
control message, so it can be used with FreeBSD ppp(8)
and mpd without any other change.
Add support to send and receive PADM messages,
HURL and MOTM, often used by service providers to provide
ACS information and other configuration settings
to the user CPE.
Submitted by: ale
Approved by: mav (mentor)
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D9270
Clang disallows structs with variable length arrays to be nested inside
other structs, because this is in violation with ISO C99. Even though we
can keep bugging the LLVM folks about this issue, we'd better just fix
our code to not do this. This code seems to be the only code in the
entire source tree that does this.
I haven't tested this patch by using the kernel modules in question, but
Diane Bruce and I have compared disassembled versions of these kernel
modules. We would have expected them to be exactly the same, but due to
randomness in the register allocator and reordering of instructions,
there were some minor differences.
Approved by: julian
argument. It allows ppp, mpd or any other node consumer to request
connection to specified access concentrator.
Proposed by: Alexander A. Burylov <burylov@mail.ru>
simplifies code and should speedup pppoe_findsession() function which is
called for every incoming packet.
Approved by: re (kensmith), glebius (mentor)
- Store the Ethernet header in node softc.
- Initialize header with dst addr and ethertype in node
constructor method.
- In node connect method send NGM_ETHER_GET_ENADDR message
downwards.
- If received reply from ng_ether(4) store the src addr
in softc.
- Add NGM_PPPOE_SETENDADDR message that allows user to
override the address with whatever he/she wants.
- Print node ID, where possible.
- Prepend log messages with function name, or at least with "ng_pppoe".
Reviewed by: julian
Tested by: Joao Barros <joao.barros gmail.com>
by NGM_PPPOE_SETMODE message. When D-Link compat mode is on, we will
broadcast PADI with empty Service-Name to all listening hooks.
o Rewrite the compatibility options. Before we had two modes - standard
and non-standard (aka 3Com). Now we have standard mode and two compat
flags, that can be combined.
o Be consistent and do s/STUPID/3COM/g. I don't say that 3Com mode isn't
stupid, just want to make code easier to read.
PPPoE AC, servicing a specific Service-Name, when client sends a PADI
with an empty Service-Name. Should it reply with all available service
names or should it be silent? Our implementation had chosen the latter,
while some other had chosen the former (they say Linux and Cisco). Now
some PPPoE clients appear, that rely on the assumption that AC will
send all names in a PADO reply to a PADI with wildcard Service-Name.
These clients can't connect to FreeBSD AC.
I have requested comments from authors of RFC2516 via email, but
received no reply.
This change makes FreeBSD AC compatible with D-Link DI-614+ and
D-Link DI-624+ SOHO routers, and probably others.
Big thanks to D-Link's Russian office, namely Victor Platov, for
assistance and support in investigation and testing of this change.
Details:
o Split pppoe_match_svc() into three different functions serving
different purposes:
- pppoe_match_svc() - match non-empty Service-Name tag from PADI
against all available hooks in listening state.
- pppoe_find_svc() - check that given Service-Name is not yet
registered.
- pppoe_broadcast_padi() - send a copy of PADI packet with empty
Service-Name tag to all listening hooks.
o For NGM_PPPOE_LISTEN message use pppoe_find_svc().
o In ng_pppoe_rcvdata() in a PADI case use pppoe_match_svc() for
a non-empty Service-Name tag, and pppoe_broadcast_padi() in
either case.
A side effect from the above changes is that now pppoed(8) and mpd
will reply to a empty Service-Name PADI sending a PADO with two
Service-Name tags - an empty one and correct one. This is not fatal,
and will be corrected in pppoed(8) and mpd later. No need to update
node interface version.
Supported by: D-Link
PPPoE modes. The interface was declared obsoleted before 5.3-RELEASE.
When running as access concentrator ng_pppoe(4) supports both modes
simultanously. When running as client mode can be swicthed in ppp(8)
configuration.
Approved by: re (scottl)
clients simultaneously. When node is client its mode is configured
with a control message.
sysctl net.graph.nonstandard_pppoe is deprecated but kept for
backward compatibility for some time.
Approved by: julian
which means "always stay in the standard mode of PPPoE operation
regardless of any junk floating around."
As the referenced PR stated clearly, the old default setting of 0
was extremely dangerous because it opened a possibility for a
spurious frame not only to put down a single PPPoE node running
FreeBSD, but to plague *every* FreeBSD node in a PPPoE network in
such a way that those nodes would keep poisoning each other until
rebooted simultaneously.
PR: kern/47920
Reviewed by: Gleb Smirnoff <glebius <at> cell.sick.ru>
MFC after: 1 week
nonstandard. They differ in the values of certain fields in
the PPPoE frame. Previously, ng_pppoe would start in standard
mode, yet switch to nonstandard one upon reception of a single
nonstandard frame. After having done so, ng_pppoe would be unable
to interact with standard PPPoE peers. Thus, a DoS condition
existed that could be triggered by a buggy peer or malicious party.
Since few people have expressed their displeasure WRT this problem,
the default operation of ng_pppoe is left untouched for now. However,
a new value for the sysctl net.graph.nonstandard_pppoe is introduced,
-1, which will force ng_pppoe stay in standard mode regardless of any
bogus frames floating around.
PR: kern/47920
Submitted by: Gleb Smirnoff <glebius <at> cell.sick.ru>
MFC after: 1 week