5 * Copyright (c) 1996-1999 Whistle Communications, Inc.
8 * Subject to the following obligations and disclaimer of warranty, use and
9 * redistribution of this software, in source or object code forms, with or
10 * without modifications are expressly permitted by Whistle Communications;
11 * provided, however, that:
12 * 1. Any and all reproductions of the source or object code must include the
13 * copyright notice above and the following disclaimer of warranties; and
14 * 2. No rights are granted, in any manner or form, to use Whistle
15 * Communications, Inc. trademarks, including the mark "WHISTLE
16 * COMMUNICATIONS" on advertising, endorsements, or otherwise except as
17 * such appears in the above copyright notice or in the software.
19 * THIS SOFTWARE IS BEING PROVIDED BY WHISTLE COMMUNICATIONS "AS IS", AND
20 * TO THE MAXIMUM EXTENT PERMITTED BY LAW, WHISTLE COMMUNICATIONS MAKES NO
21 * REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING THIS SOFTWARE,
22 * INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED WARRANTIES OF
23 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
24 * WHISTLE COMMUNICATIONS DOES NOT WARRANT, GUARANTEE, OR MAKE ANY
25 * REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS OF THE USE OF THIS
26 * SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY, RELIABILITY OR OTHERWISE.
27 * IN NO EVENT SHALL WHISTLE COMMUNICATIONS BE LIABLE FOR ANY DAMAGES
28 * RESULTING FROM OR ARISING OUT OF ANY USE OF THIS SOFTWARE, INCLUDING
29 * WITHOUT LIMITATION, ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
30 * PUNITIVE, OR CONSEQUENTIAL DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR
31 * SERVICES, LOSS OF USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY
32 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34 * THIS SOFTWARE, EVEN IF WHISTLE COMMUNICATIONS IS ADVISED OF THE POSSIBILITY
37 * Author: Julian Elischer <julian@freebsd.org>
39 * $FreeBSD: src/sys/netgraph/ng_pppoe.c,v 1.23.2.17 2002/07/02 22:17:18 archie Exp $
40 * $Whistle: ng_pppoe.c,v 1.10 1999/11/01 09:24:52 julian Exp $
43 #define AAA kprintf("pppoe: %s\n", __func__ );
44 #define BBB kprintf("-%d-", __LINE__ );
50 #include <sys/param.h>
51 #include <sys/systm.h>
52 #include <sys/kernel.h>
54 #include <sys/malloc.h>
55 #include <sys/errno.h>
56 #include <sys/sysctl.h>
57 #include <sys/syslog.h>
58 #include <sys/thread2.h>
59 #include <net/ethernet.h>
61 #include <netgraph/ng_message.h>
62 #include <netgraph/netgraph.h>
65 #define SIGNOFF "session closed"
68 * This section contains the netgraph method declarations for the
69 * pppoe node. These methods define the netgraph pppoe 'type'.
72 static ng_constructor_t ng_pppoe_constructor
;
73 static ng_rcvmsg_t ng_pppoe_rcvmsg
;
74 static ng_shutdown_t ng_pppoe_rmnode
;
75 static ng_newhook_t ng_pppoe_newhook
;
76 static ng_connect_t ng_pppoe_connect
;
77 static ng_rcvdata_t ng_pppoe_rcvdata
;
78 static ng_disconnect_t ng_pppoe_disconnect
;
80 /* Netgraph node type descriptor */
81 static struct ng_type typestruct
= {
96 NETGRAPH_INIT(pppoe
, &typestruct
);
99 * States for the session state machine.
100 * These have no meaning if there is no hook attached yet.
103 PPPOE_SNONE
=0, /* [both] Initial state */
104 PPPOE_LISTENING
, /* [Daemon] Listening for discover initiation pkt */
105 PPPOE_SINIT
, /* [Client] Sent discovery initiation */
106 PPPOE_PRIMED
, /* [Server] Awaiting PADI from daemon */
107 PPPOE_SOFFER
, /* [Server] Sent offer message (got PADI)*/
108 PPPOE_SREQ
, /* [Client] Sent a Request */
109 PPPOE_NEWCONNECTED
, /* [Server] Connection established, No data received */
110 PPPOE_CONNECTED
, /* [Both] Connection established, Data received */
111 PPPOE_DEAD
/* [Both] */
114 #define NUMTAGS 20 /* number of tags we are set up to work with */
117 * Information we store for each hook on each node for negotiating the
118 * session. The mbuf and cluster are freed once negotiation has completed.
119 * The whole negotiation block is then discarded.
123 struct mbuf
*m
; /* holds cluster with last sent packet */
124 union packet
*pkt
; /* points within the above cluster */
125 struct callout timeout_ch
;
126 u_int timeout
; /* 0,1,2,4,8,16 etc. seconds */
128 const struct pppoe_tag
*tags
[NUMTAGS
];
132 struct datatag service
;
133 struct datatag ac_name
;
135 typedef struct sess_neg
*negp
;
138 * Session information that is needed after connection.
142 u_int16_t Session_ID
;
144 char creator
[NG_NODESIZ
]; /* who to notify */
145 struct pppoe_full_hdr pkt_hdr
; /* used when connected */
146 negp neg
; /* used when negotiating */
147 /*struct sess_con *hash_next;*/ /* not yet used */
149 typedef struct sess_con
*sessp
;
152 * Information we store for each node
155 node_p node
; /* back pointer to node */
156 hook_p ethernet_hook
;
158 u_int packets_in
; /* packets in from ethernet */
159 u_int packets_out
; /* packets out towards ethernet */
161 /*struct sess_con *buckets[HASH_SIZE];*/ /* not yet used */
163 typedef struct PPPOE
*priv_p
;
165 struct ether_header eh_prototype
=
166 {{0xff,0xff,0xff,0xff,0xff,0xff},
167 {0x00,0x00,0x00,0x00,0x00,0x00},
168 ETHERTYPE_PPPOE_DISC
};
170 #define PPPOE_KEEPSTANDARD -1 /* never switch to nonstandard mode */
171 #define PPPOE_STANDARD 0 /* try standard mode (dangerous!) */
172 #define PPPOE_NONSTANDARD 1 /* just be in nonstandard mode */
173 static int pppoe_mode
= PPPOE_KEEPSTANDARD
;
176 ngpppoe_set_ethertype(SYSCTL_HANDLER_ARGS
)
182 error
= sysctl_handle_int(oidp
, &val
, sizeof(int), req
);
183 if (error
!= 0 || req
->newptr
== NULL
)
186 case PPPOE_NONSTANDARD
:
187 pppoe_mode
= PPPOE_NONSTANDARD
;
188 eh_prototype
.ether_type
= ETHERTYPE_PPPOE_STUPID_DISC
;
191 pppoe_mode
= PPPOE_STANDARD
;
192 eh_prototype
.ether_type
= ETHERTYPE_PPPOE_DISC
;
194 case PPPOE_KEEPSTANDARD
:
195 pppoe_mode
= PPPOE_KEEPSTANDARD
;
196 eh_prototype
.ether_type
= ETHERTYPE_PPPOE_DISC
;
204 SYSCTL_PROC(_net_graph
, OID_AUTO
, nonstandard_pppoe
, CTLTYPE_INT
| CTLFLAG_RW
,
205 0, sizeof(int), ngpppoe_set_ethertype
, "I", "nonstandard ethertype");
208 char bytes
[sizeof(void *)];
212 #define LEAVE(x) do { error = x; goto quit; } while(0)
213 static void pppoe_start(sessp sp
);
214 static void sendpacket(sessp sp
);
215 static void pppoe_ticker(void *arg
);
216 static const struct pppoe_tag
*scan_tags(sessp sp
,
217 const struct pppoe_hdr
* ph
);
218 static int pppoe_send_event(sessp sp
, enum cmd cmdid
);
220 /*************************************************************************
221 * Some basic utilities from the Linux version with author's permission.*
222 * Author: Michal Ostrowski <mostrows@styx.uwaterloo.ca> *
223 ************************************************************************/
226 * Generate a new session id
227 * XXX find out the FreeBSD locking scheme.
230 get_new_sid(node_p node
)
232 static int pppoe_sid
= 10;
236 priv_p privp
= node
->private;
242 * Spec says 0xFFFF is reserved.
243 * Also don't use 0x0000
250 /* Check it isn't already in use */
251 LIST_FOREACH(hook
, &node
->hooks
, hooks
) {
252 /* don't check special hooks */
253 if ((hook
->private == &privp
->debug_hook
)
254 || (hook
->private == &privp
->ethernet_hook
))
257 if (sp
->Session_ID
== val
)
266 * Return the location where the next tag can be put
268 static __inline
const struct pppoe_tag
*
269 next_tag(const struct pppoe_hdr
* ph
)
271 return (const struct pppoe_tag
*)(((const char*)&ph
->tag
[0])
272 + ntohs(ph
->length
));
276 * Look for a tag of a specific type
277 * Don't trust any length the other end says.
278 * but assume we already sanity checked ph->length.
280 static const struct pppoe_tag
*
281 get_tag(const struct pppoe_hdr
* ph
, u_int16_t idx
)
283 const char *const end
= (const char *)next_tag(ph
);
285 const struct pppoe_tag
*pt
= &ph
->tag
[0];
287 * Keep processing tags while a tag header will still fit.
290 while((const char*)(pt
+ 1) <= end
) {
292 * If the tag data would go past the end of the packet, abort.
294 ptn
= (((const char *)(pt
+ 1)) + ntohs(pt
->tag_len
));
298 if(pt
->tag_type
== idx
)
301 pt
= (const struct pppoe_tag
*)ptn
;
306 /**************************************************************************
307 * inlines to initialise or add tags to a session's tag list,
308 **************************************************************************/
310 * Initialise the session's tag list
316 if(sp
->neg
== NULL
) {
317 kprintf("pppoe: asked to init NULL neg pointer\n");
320 sp
->neg
->numtags
= 0;
324 insert_tag(sessp sp
, const struct pppoe_tag
*tp
)
330 if((neg
= sp
->neg
) == NULL
) {
331 kprintf("pppoe: asked to use NULL neg pointer\n");
334 if ((i
= neg
->numtags
++) < NUMTAGS
) {
337 kprintf("pppoe: asked to add too many tags to packet\n");
343 * Make up a packet, using the tags filled out for the session.
345 * Assume that the actual pppoe header and ethernet header
346 * are filled out externally to this routine.
347 * Also assume that neg->wh points to the correct
348 * location at the front of the buffer space.
351 make_packet(sessp sp
) {
352 struct pppoe_full_hdr
*wh
= &sp
->neg
->pkt
->pkt_header
;
353 const struct pppoe_tag
**tag
;
357 u_int16_t length
= 0;
360 if ((sp
->neg
== NULL
) || (sp
->neg
->m
== NULL
)) {
361 kprintf("pppoe: make_packet called from wrong state\n");
363 dp
= (char *)wh
->ph
.tag
;
364 for (count
= 0, tag
= sp
->neg
->tags
;
365 ((count
< sp
->neg
->numtags
) && (count
< NUMTAGS
));
367 tlen
= ntohs((*tag
)->tag_len
) + sizeof(**tag
);
368 if ((length
+ tlen
) > (ETHER_MAX_LEN
- 4 - sizeof(*wh
))) {
369 kprintf("pppoe: tags too long\n");
370 sp
->neg
->numtags
= count
;
371 break; /* XXX chop off what's too long */
373 bcopy(*tag
, dp
, tlen
);
377 wh
->ph
.length
= htons(length
);
378 sp
->neg
->m
->m_len
= length
+ sizeof(*wh
);
379 sp
->neg
->m
->m_pkthdr
.len
= length
+ sizeof(*wh
);
382 /**************************************************************************
383 * Routine to match a service offered *
384 **************************************************************************/
386 * Find a hook that has a service string that matches that
387 * we are seeking. for now use a simple string.
388 * In the future we may need something like regexp().
389 * for testing allow a null string to match 1st found and a null service
390 * to match all requests. Also make '*' do the same.
393 #define NG_MATCH_EXACT 1
394 #define NG_MATCH_ANY 2
397 pppoe_match_svc(node_p node
, const char *svc_name
, int svc_len
, int match
)
401 priv_p privp
= node
->private;
402 hook_p allhook
= NULL
;
406 LIST_FOREACH(hook
, &node
->hooks
, hooks
) {
408 /* skip any hook that is debug or ethernet */
409 if ((hook
->private == &privp
->debug_hook
)
410 || (hook
->private == &privp
->ethernet_hook
))
414 /* Skip any sessions which are not in LISTEN mode. */
415 if ( sp
->state
!= PPPOE_LISTENING
)
420 /* Special case for a blank or "*" service name (wildcard) */
421 if (match
== NG_MATCH_ANY
&& neg
->service_len
== 1 &&
422 neg
->service
.data
[0] == '*') {
427 /* If the lengths don't match, that aint it. */
428 if (neg
->service_len
!= svc_len
)
431 /* An exact match? */
435 if (strncmp(svc_name
, neg
->service
.data
, svc_len
) == 0)
438 return (hook
? hook
: allhook
);
440 /**************************************************************************
441 * Routine to find a particular session that matches an incoming packet *
442 **************************************************************************/
444 pppoe_findsession(node_p node
, const struct pppoe_full_hdr
*wh
)
448 priv_p privp
= node
->private;
449 u_int16_t session
= ntohs(wh
->ph
.sid
);
452 * find matching peer/session combination.
455 LIST_FOREACH(hook
, &node
->hooks
, hooks
) {
456 /* don't check special hooks */
457 if ((hook
->private == &privp
->debug_hook
)
458 || (hook
->private == &privp
->ethernet_hook
)) {
462 if ( ( (sp
->state
== PPPOE_CONNECTED
)
463 || (sp
->state
== PPPOE_NEWCONNECTED
) )
464 && (sp
->Session_ID
== session
)
465 && (bcmp(sp
->pkt_hdr
.eh
.ether_dhost
,
467 ETHER_ADDR_LEN
)) == 0) {
475 pppoe_finduniq(node_p node
, const struct pppoe_tag
*tag
)
478 priv_p privp
= node
->private;
482 bcopy(tag
->tag_data
, uniq
.bytes
, sizeof(void *));
483 /* cycle through all known hooks */
484 LIST_FOREACH(hook
, &node
->hooks
, hooks
) {
485 /* don't check special hooks */
486 if ((hook
->private == &privp
->debug_hook
)
487 || (hook
->private == &privp
->ethernet_hook
))
489 if (uniq
.pointer
== hook
->private)
495 /**************************************************************************
496 * start of Netgraph entrypoints *
497 **************************************************************************/
500 * Allocate the private data structure and the generic node
501 * and link them together.
503 * ng_make_node_common() returns with a generic node struct
504 * with a single reference for us.. we transfer it to the
505 * private structure.. when we free the private struct we must
506 * unref the node so it gets freed too.
509 ng_pppoe_constructor(node_p
*nodep
)
515 /* Initialize private descriptor */
516 privdata
= kmalloc(sizeof(*privdata
), M_NETGRAPH
, M_NOWAIT
| M_ZERO
);
517 if (privdata
== NULL
)
520 /* Call the 'generic' (ie, superclass) node constructor */
521 if ((error
= ng_make_node_common(&typestruct
, nodep
))) {
522 kfree(privdata
, M_NETGRAPH
);
526 /* Link structs together; this counts as our one reference to *nodep */
527 (*nodep
)->private = privdata
;
528 privdata
->node
= *nodep
;
533 * Give our ok for a hook to be added...
534 * point the hook's private info to the hook structure.
536 * The following hook names are special:
537 * Ethernet: the hook that should be connected to a NIC.
538 * debug: copies of data sent out here (when I write the code).
539 * All other hook names need only be unique. (the framework checks this).
542 ng_pppoe_newhook(node_p node
, hook_p hook
, const char *name
)
544 const priv_p privp
= node
->private;
548 if (strcmp(name
, NG_PPPOE_HOOK_ETHERNET
) == 0) {
549 privp
->ethernet_hook
= hook
;
550 hook
->private = &privp
->ethernet_hook
;
551 } else if (strcmp(name
, NG_PPPOE_HOOK_DEBUG
) == 0) {
552 privp
->debug_hook
= hook
;
553 hook
->private = &privp
->debug_hook
;
556 * Any other unique name is OK.
557 * The infrastructure has already checked that it's unique,
558 * so just allocate it and hook it in.
560 sp
= kmalloc(sizeof(*sp
), M_NETGRAPH
, M_NOWAIT
| M_ZERO
);
571 * Get a netgraph control message.
572 * Check it is one we understand. If needed, send a response.
573 * We sometimes save the address for an async action later.
574 * Always free the message.
577 ng_pppoe_rcvmsg(node_p node
,
578 struct ng_mesg
*msg
, const char *retaddr
, struct ng_mesg
**rptr
)
580 priv_p privp
= node
->private;
581 struct ngpppoe_init_data
*ourmsg
= NULL
;
582 struct ng_mesg
*resp
= NULL
;
589 /* Deal with message according to cookie and command */
590 switch (msg
->header
.typecookie
) {
591 case NGM_PPPOE_COOKIE
:
592 switch (msg
->header
.cmd
) {
593 case NGM_PPPOE_CONNECT
:
594 case NGM_PPPOE_LISTEN
:
595 case NGM_PPPOE_OFFER
:
596 case NGM_PPPOE_SERVICE
:
597 ourmsg
= (struct ngpppoe_init_data
*)msg
->data
;
598 if (( sizeof(*ourmsg
) > msg
->header
.arglen
)
599 || ((sizeof(*ourmsg
) + ourmsg
->data_len
)
600 > msg
->header
.arglen
)) {
601 kprintf("pppoe_rcvmsg: bad arg size");
604 if (ourmsg
->data_len
> PPPOE_SERVICE_NAME_SIZE
) {
605 kprintf("pppoe: init data too long (%d)\n",
609 /* make sure strcmp will terminate safely */
610 ourmsg
->hook
[sizeof(ourmsg
->hook
) - 1] = '\0';
612 /* cycle through all known hooks */
613 LIST_FOREACH(hook
, &node
->hooks
, hooks
) {
615 && strcmp(hook
->name
, ourmsg
->hook
) == 0)
621 if ((hook
->private == &privp
->debug_hook
)
622 || (hook
->private == &privp
->ethernet_hook
)) {
627 if (msg
->header
.cmd
== NGM_PPPOE_LISTEN
) {
629 * Ensure we aren't already listening for this
632 if (pppoe_match_svc(node
, ourmsg
->data
,
633 ourmsg
->data_len
, NG_MATCH_EXACT
) != NULL
) {
639 * PPPOE_SERVICE advertisments are set up
640 * on sessions that are in PRIMED state.
642 if (msg
->header
.cmd
== NGM_PPPOE_SERVICE
) {
645 if (sp
->state
!= PPPOE_SNONE
) {
646 kprintf("pppoe: Session already active\n");
651 * set up prototype header
653 neg
= kmalloc(sizeof(*neg
), M_NETGRAPH
,
657 kprintf("pppoe: Session out of memory\n");
660 MGETHDR(neg
->m
, MB_DONTWAIT
, MT_DATA
);
662 kprintf("pppoe: Session out of mbufs\n");
663 kfree(neg
, M_NETGRAPH
);
666 neg
->m
->m_pkthdr
.rcvif
= NULL
;
667 MCLGET(neg
->m
, MB_DONTWAIT
);
668 if ((neg
->m
->m_flags
& M_EXT
) == 0) {
669 kprintf("pppoe: Session out of mcls\n");
671 kfree(neg
, M_NETGRAPH
);
675 callout_init(&neg
->timeout_ch
);
676 neg
->m
->m_len
= sizeof(struct pppoe_full_hdr
);
677 neg
->pkt
= mtod(neg
->m
, union packet
*);
678 neg
->pkt
->pkt_header
.eh
= eh_prototype
;
679 neg
->pkt
->pkt_header
.ph
.ver
= 0x1;
680 neg
->pkt
->pkt_header
.ph
.type
= 0x1;
681 neg
->pkt
->pkt_header
.ph
.sid
= 0x0000;
684 strlcpy(sp
->creator
, retaddr
, NG_NODESIZ
);
686 switch (msg
->header
.cmd
) {
687 case NGM_PPPOE_GET_STATUS
:
689 struct ngpppoestat
*stats
;
691 NG_MKRESPONSE(resp
, msg
, sizeof(*stats
), M_NOWAIT
);
695 stats
= (struct ngpppoestat
*) resp
->data
;
696 stats
->packets_in
= privp
->packets_in
;
697 stats
->packets_out
= privp
->packets_out
;
700 case NGM_PPPOE_CONNECT
:
702 * Check the hook exists and is Uninitialised.
703 * Send a PADI request, and start the timeout logic.
704 * Store the originator of this message so we can send
705 * a success of fail message to them later.
706 * Move the session to SINIT
707 * Set up the session to the correct state and
710 neg
->service
.hdr
.tag_type
= PTT_SRV_NAME
;
711 neg
->service
.hdr
.tag_len
=
712 htons((u_int16_t
)ourmsg
->data_len
);
713 if (ourmsg
->data_len
) {
715 neg
->service
.data
, ourmsg
->data_len
);
717 neg
->service_len
= ourmsg
->data_len
;
720 case NGM_PPPOE_LISTEN
:
722 * Check the hook exists and is Uninitialised.
723 * Install the service matching string.
724 * Store the originator of this message so we can send
725 * a success of fail message to them later.
726 * Move the hook to 'LISTENING'
728 neg
->service
.hdr
.tag_type
= PTT_SRV_NAME
;
729 neg
->service
.hdr
.tag_len
=
730 htons((u_int16_t
)ourmsg
->data_len
);
732 if (ourmsg
->data_len
) {
734 neg
->service
.data
, ourmsg
->data_len
);
736 neg
->service_len
= ourmsg
->data_len
;
737 neg
->pkt
->pkt_header
.ph
.code
= PADT_CODE
;
739 * wait for PADI packet coming from ethernet
741 sp
->state
= PPPOE_LISTENING
;
743 case NGM_PPPOE_OFFER
:
745 * Check the hook exists and is Uninitialised.
746 * Store the originator of this message so we can send
747 * a success of fail message to them later.
748 * Store the AC-Name given and go to PRIMED.
750 neg
->ac_name
.hdr
.tag_type
= PTT_AC_NAME
;
751 neg
->ac_name
.hdr
.tag_len
=
752 htons((u_int16_t
)ourmsg
->data_len
);
753 if (ourmsg
->data_len
) {
755 neg
->ac_name
.data
, ourmsg
->data_len
);
757 neg
->ac_name_len
= ourmsg
->data_len
;
758 neg
->pkt
->pkt_header
.ph
.code
= PADO_CODE
;
760 * Wait for PADI packet coming from hook
762 sp
->state
= PPPOE_PRIMED
;
764 case NGM_PPPOE_SERVICE
:
766 * Check the session is primed.
767 * for now just allow ONE service to be advertised.
768 * If you do it twice you just overwrite.
770 if (sp
->state
!= PPPOE_PRIMED
) {
771 kprintf("pppoe: Session not primed\n");
775 neg
->service
.hdr
.tag_type
= PTT_SRV_NAME
;
776 neg
->service
.hdr
.tag_len
=
777 htons((u_int16_t
)ourmsg
->data_len
);
779 if (ourmsg
->data_len
)
780 bcopy(ourmsg
->data
, neg
->service
.data
,
782 neg
->service_len
= ourmsg
->data_len
;
792 /* Take care of synchronous response, if any */
796 kfree(resp
, M_NETGRAPH
);
798 /* Free the message and return */
800 kfree(msg
, M_NETGRAPH
);
805 * Start a client into the first state. A separate function because
806 * it can be needed if the negotiation times out.
809 pppoe_start(sessp sp
)
812 struct pppoe_tag hdr
;
814 } __attribute ((packed
)) uniqtag
;
817 * kick the state machine into starting up
820 sp
->state
= PPPOE_SINIT
;
821 /* reset the packet header to broadcast */
822 sp
->neg
->pkt
->pkt_header
.eh
= eh_prototype
;
823 sp
->neg
->pkt
->pkt_header
.ph
.code
= PADI_CODE
;
824 uniqtag
.hdr
.tag_type
= PTT_HOST_UNIQ
;
825 uniqtag
.hdr
.tag_len
= htons((u_int16_t
)sizeof(uniqtag
.data
));
826 uniqtag
.data
.pointer
= sp
;
828 insert_tag(sp
, &uniqtag
.hdr
);
829 insert_tag(sp
, &sp
->neg
->service
.hdr
);
835 send_acname(sessp sp
, const struct pppoe_tag
*tag
)
839 struct ngpppoe_sts
*sts
;
841 NG_MKMESSAGE(msg
, NGM_PPPOE_COOKIE
, NGM_PPPOE_ACNAME
,
842 sizeof(struct ngpppoe_sts
), M_NOWAIT
);
846 sts
= (struct ngpppoe_sts
*)msg
->data
;
847 tlen
= min(NG_HOOKSIZ
- 1, ntohs(tag
->tag_len
));
848 strncpy(sts
->hook
, tag
->tag_data
, tlen
);
849 sts
->hook
[tlen
] = '\0';
850 error
= ng_send_msg(sp
->hook
->node
, msg
, sp
->creator
, NULL
);
856 send_sessionid(sessp sp
)
861 NG_MKMESSAGE(msg
, NGM_PPPOE_COOKIE
, NGM_PPPOE_SESSIONID
,
862 sizeof(u_int16_t
), M_NOWAIT
);
866 *(u_int16_t
*)msg
->data
= sp
->Session_ID
;
867 error
= ng_send_msg(sp
->hook
->node
, msg
, sp
->creator
, NULL
);
873 * Receive data, and do something with it.
874 * The caller will never free m or meta, so
875 * if we use up this data or abort we must free BOTH of these.
878 ng_pppoe_rcvdata(hook_p hook
, struct mbuf
*m
, meta_p meta
)
880 node_p node
= hook
->node
;
881 const priv_p privp
= node
->private;
882 sessp sp
= hook
->private;
883 const struct pppoe_full_hdr
*wh
;
884 const struct pppoe_hdr
*ph
;
888 const struct pppoe_tag
*utag
= NULL
, *tag
= NULL
;
891 struct pppoe_tag hdr
;
893 } __attribute ((packed
)) uniqtag
;
897 if (hook
->private == &privp
->debug_hook
) {
899 * Data from the debug hook gets sent without modification
900 * straight to the ethernet.
902 NG_SEND_DATA( error
, privp
->ethernet_hook
, m
, meta
);
903 privp
->packets_out
++;
904 } else if (hook
->private == &privp
->ethernet_hook
) {
907 * Dig out various fields from the packet.
908 * use them to decide where to send it.
912 if( m
->m_len
< sizeof(*wh
)) {
913 m
= m_pullup(m
, sizeof(*wh
)); /* Checks length */
915 kprintf("couldn't m_pullup\n");
919 wh
= mtod(m
, struct pppoe_full_hdr
*);
921 length
= ntohs(wh
->ph
.length
);
923 switch(wh
->eh
.ether_type
) {
924 case ETHERTYPE_PPPOE_STUPID_DISC
:
925 if (pppoe_mode
== PPPOE_STANDARD
) {
926 pppoe_mode
= PPPOE_NONSTANDARD
;
927 eh_prototype
.ether_type
=
928 ETHERTYPE_PPPOE_STUPID_DISC
;
930 "Switched to nonstandard PPPoE mode due to "
933 wh
->eh
.ether_shost
, ":");
934 } else if (pppoe_mode
== PPPOE_KEEPSTANDARD
)
936 "Ignored nonstandard PPPoE packet "
939 wh
->eh
.ether_shost
, ":");
941 case ETHERTYPE_PPPOE_DISC
:
943 * We need to try to make sure that the tag area
944 * is contiguous, or we could wander off the end
945 * of a buffer and make a mess.
946 * (Linux wouldn't have this problem).
948 /*XXX fix this mess */
950 if (m
->m_pkthdr
.len
<= MHLEN
) {
951 if( m
->m_len
< m
->m_pkthdr
.len
) {
952 m
= m_pullup(m
, m
->m_pkthdr
.len
);
954 kprintf("couldn't m_pullup\n");
959 if (m
->m_len
!= m
->m_pkthdr
.len
) {
961 * It's not all in one piece.
962 * We need to do extra work.
964 kprintf("packet fragmented\n");
972 * Look for a hook with the required service
973 * and send the ENTIRE packet up there.
974 * It should come back to a new hook in
975 * PRIMED state. Look there for further
978 tag
= get_tag(ph
, PTT_SRV_NAME
);
980 kprintf("no service tag\n");
983 sendhook
= pppoe_match_svc(hook
->node
,
984 tag
->tag_data
, ntohs(tag
->tag_len
),
987 NG_SEND_DATA(error
, sendhook
, m
, meta
);
995 * Use the host_uniq tag to find the
996 * hook this is in response to.
997 * Received #2, now send #3
998 * For now simply accept the first we receive.
1000 utag
= get_tag(ph
, PTT_HOST_UNIQ
);
1002 || (ntohs(utag
->tag_len
) != sizeof(sp
))) {
1003 kprintf("no host unique field\n");
1007 sendhook
= pppoe_finduniq(node
, utag
);
1008 if (sendhook
== NULL
) {
1009 kprintf("no matching session\n");
1014 * Check the session is in the right state.
1015 * It needs to be in PPPOE_SINIT.
1017 sp
= sendhook
->private;
1018 if (sp
->state
!= PPPOE_SINIT
) {
1019 kprintf("session in wrong state\n");
1023 callout_stop(&neg
->timeout_ch
);
1026 * This is the first time we hear
1027 * from the server, so note it's
1028 * unicast address, replacing the
1029 * broadcast address .
1031 bcopy(wh
->eh
.ether_shost
,
1032 neg
->pkt
->pkt_header
.eh
.ether_dhost
,
1035 neg
->pkt
->pkt_header
.ph
.code
= PADR_CODE
;
1037 insert_tag(sp
, utag
); /* Host Unique */
1038 if ((tag
= get_tag(ph
, PTT_AC_COOKIE
)))
1039 insert_tag(sp
, tag
); /* return cookie */
1040 if ((tag
= get_tag(ph
, PTT_AC_NAME
))) {
1041 insert_tag(sp
, tag
); /* return it */
1042 send_acname(sp
, tag
);
1044 insert_tag(sp
, &neg
->service
.hdr
); /* Service */
1047 sp
->state
= PPPOE_SREQ
;
1054 * Use the ac_cookie tag to find the
1055 * hook this is in response to.
1057 utag
= get_tag(ph
, PTT_AC_COOKIE
);
1059 || (ntohs(utag
->tag_len
) != sizeof(sp
))) {
1063 sendhook
= pppoe_finduniq(node
, utag
);
1064 if (sendhook
== NULL
) {
1069 * Check the session is in the right state.
1070 * It needs to be in PPPOE_SOFFER
1071 * or PPPOE_NEWCONNECTED. If the latter,
1072 * then this is a retry by the client.
1073 * so be nice, and resend.
1075 sp
= sendhook
->private;
1076 if (sp
->state
== PPPOE_NEWCONNECTED
) {
1078 * Whoa! drop back to resend that
1080 * We should still have a copy of it.
1082 sp
->state
= PPPOE_SOFFER
;
1084 if (sp
->state
!= PPPOE_SOFFER
) {
1085 LEAVE (ENETUNREACH
);
1089 callout_stop(&neg
->timeout_ch
);
1090 neg
->pkt
->pkt_header
.ph
.code
= PADS_CODE
;
1091 if (sp
->Session_ID
== 0)
1092 neg
->pkt
->pkt_header
.ph
.sid
=
1093 htons(sp
->Session_ID
1094 = get_new_sid(node
));
1098 * start working out the tags to respond with.
1101 insert_tag(sp
, &neg
->ac_name
.hdr
); /* AC_NAME */
1102 if ((tag
= get_tag(ph
, PTT_SRV_NAME
)))
1103 insert_tag(sp
, tag
);/* return service */
1104 if ((tag
= get_tag(ph
, PTT_HOST_UNIQ
)))
1105 insert_tag(sp
, tag
); /* return it */
1106 insert_tag(sp
, utag
); /* ac_cookie */
1109 sp
->state
= PPPOE_NEWCONNECTED
;
1112 * Having sent the last Negotiation header,
1113 * Set up the stored packet header to
1114 * be correct for the actual session.
1115 * But keep the negotialtion stuff
1116 * around in case we need to resend this last
1117 * packet. We'll discard it when we move
1118 * from NEWCONNECTED to CONNECTED
1120 sp
->pkt_hdr
= neg
->pkt
->pkt_header
;
1121 if (pppoe_mode
== PPPOE_NONSTANDARD
)
1122 sp
->pkt_hdr
.eh
.ether_type
1123 = ETHERTYPE_PPPOE_STUPID_SESS
;
1125 sp
->pkt_hdr
.eh
.ether_type
1126 = ETHERTYPE_PPPOE_SESS
;
1127 sp
->pkt_hdr
.ph
.code
= 0;
1128 pppoe_send_event(sp
, NGM_PPPOE_SUCCESS
);
1133 * Use the host_uniq tag to find the
1134 * hook this is in response to.
1135 * take the session ID and store it away.
1136 * Also make sure the pre-made header is
1137 * correct and set us into Session mode.
1139 utag
= get_tag(ph
, PTT_HOST_UNIQ
);
1141 || (ntohs(utag
->tag_len
) != sizeof(sp
))) {
1142 LEAVE (ENETUNREACH
);
1145 sendhook
= pppoe_finduniq(node
, utag
);
1146 if (sendhook
== NULL
) {
1151 * Check the session is in the right state.
1152 * It needs to be in PPPOE_SREQ.
1154 sp
= sendhook
->private;
1155 if (sp
->state
!= PPPOE_SREQ
) {
1159 callout_stop(&neg
->timeout_ch
);
1160 neg
->pkt
->pkt_header
.ph
.sid
= wh
->ph
.sid
;
1161 sp
->Session_ID
= ntohs(wh
->ph
.sid
);
1164 sp
->state
= PPPOE_CONNECTED
;
1166 * Now we have gone to Connected mode,
1167 * Free all resources needed for
1169 * Keep a copy of the header we will be using.
1171 sp
->pkt_hdr
= neg
->pkt
->pkt_header
;
1172 if (pppoe_mode
== PPPOE_NONSTANDARD
)
1173 sp
->pkt_hdr
.eh
.ether_type
1174 = ETHERTYPE_PPPOE_STUPID_SESS
;
1176 sp
->pkt_hdr
.eh
.ether_type
1177 = ETHERTYPE_PPPOE_SESS
;
1178 sp
->pkt_hdr
.ph
.code
= 0;
1180 kfree(sp
->neg
, M_NETGRAPH
);
1182 pppoe_send_event(sp
, NGM_PPPOE_SUCCESS
);
1186 * Send a 'close' message to the controlling
1187 * process (the one that set us up);
1188 * And then tear everything down.
1190 * Find matching peer/session combination.
1192 sendhook
= pppoe_findsession(node
, wh
);
1193 NG_FREE_DATA(m
, meta
); /* no longer needed */
1194 if (sendhook
== NULL
) {
1197 /* send message to creator */
1200 ng_destroy_hook(sendhook
);
1204 LEAVE(EPFNOSUPPORT
);
1207 case ETHERTYPE_PPPOE_STUPID_SESS
:
1208 case ETHERTYPE_PPPOE_SESS
:
1210 * find matching peer/session combination.
1212 sendhook
= pppoe_findsession(node
, wh
);
1213 if (sendhook
== NULL
) {
1214 LEAVE (ENETUNREACH
);
1217 sp
= sendhook
->private;
1218 m_adj(m
, sizeof(*wh
));
1219 if (m
->m_pkthdr
.len
< length
) {
1220 /* Packet too short, dump it */
1224 /* Also need to trim excess at the end */
1225 if (m
->m_pkthdr
.len
> length
) {
1226 m_adj(m
, -((int)(m
->m_pkthdr
.len
- length
)));
1228 if ( sp
->state
!= PPPOE_CONNECTED
) {
1229 if (sp
->state
== PPPOE_NEWCONNECTED
) {
1230 sp
->state
= PPPOE_CONNECTED
;
1232 * Now we have gone to Connected mode,
1233 * Free all resources needed for
1234 * negotiation. Be paranoid about
1235 * whether there may be a timeout.
1237 m_freem(sp
->neg
->m
);
1238 callout_stop(&sp
->neg
->timeout_ch
);
1239 kfree(sp
->neg
, M_NETGRAPH
);
1242 LEAVE (ENETUNREACH
);
1246 NG_SEND_DATA( error
, sendhook
, m
, meta
);
1249 LEAVE(EPFNOSUPPORT
);
1253 * Not ethernet or debug hook..
1255 * The packet has come in on a normal hook.
1256 * We need to find out what kind of hook,
1257 * So we can decide how to handle it.
1258 * Check the hook's state.
1261 switch (sp
->state
) {
1262 case PPPOE_NEWCONNECTED
:
1263 case PPPOE_CONNECTED
: {
1264 static const u_char addrctrl
[] = { 0xff, 0x03 };
1265 struct pppoe_full_hdr
*wh
;
1268 * Remove PPP address and control fields, if any.
1269 * For example, ng_ppp(4) always sends LCP packets
1270 * with address and control fields as required by
1271 * generic PPP. PPPoE is an exception to the rule.
1273 if (m
->m_pkthdr
.len
>= 2) {
1274 if (m
->m_len
< 2 && !(m
= m_pullup(m
, 2)))
1276 if (bcmp(mtod(m
, u_char
*), addrctrl
, 2) == 0)
1280 * Bang in a pre-made header, and set the length up
1281 * to be correct. Then send it to the ethernet driver.
1282 * But first correct the length.
1284 sp
->pkt_hdr
.ph
.length
= htons((short)(m
->m_pkthdr
.len
));
1285 M_PREPEND(m
, sizeof(*wh
), MB_DONTWAIT
);
1289 wh
= mtod(m
, struct pppoe_full_hdr
*);
1290 bcopy(&sp
->pkt_hdr
, wh
, sizeof(*wh
));
1291 NG_SEND_DATA( error
, privp
->ethernet_hook
, m
, meta
);
1292 privp
->packets_out
++;
1297 * A PADI packet is being returned by the application
1298 * that has set up this hook. This indicates that it
1299 * wants us to offer service.
1302 if (m
->m_len
< sizeof(*wh
)) {
1303 m
= m_pullup(m
, sizeof(*wh
));
1308 wh
= mtod(m
, struct pppoe_full_hdr
*);
1310 length
= ntohs(wh
->ph
.length
);
1312 if ( code
!= PADI_CODE
) {
1315 callout_stop(&neg
->timeout_ch
);
1318 * This is the first time we hear
1319 * from the client, so note it's
1320 * unicast address, replacing the
1321 * broadcast address.
1323 bcopy(wh
->eh
.ether_shost
,
1324 neg
->pkt
->pkt_header
.eh
.ether_dhost
,
1326 sp
->state
= PPPOE_SOFFER
;
1328 neg
->pkt
->pkt_header
.ph
.code
= PADO_CODE
;
1331 * start working out the tags to respond with.
1333 uniqtag
.hdr
.tag_type
= PTT_AC_COOKIE
;
1334 uniqtag
.hdr
.tag_len
= htons((u_int16_t
)sizeof(sp
));
1335 uniqtag
.data
.pointer
= sp
;
1337 insert_tag(sp
, &neg
->ac_name
.hdr
); /* AC_NAME */
1338 if ((tag
= get_tag(ph
, PTT_SRV_NAME
)))
1339 insert_tag(sp
, tag
); /* return service */
1341 * If we have a NULL service request
1342 * and have an extra service defined in this hook,
1343 * then also add a tag for the extra service.
1344 * XXX this is a hack. eventually we should be able
1345 * to support advertising many services, not just one
1347 if (((tag
== NULL
) || (tag
->tag_len
== 0))
1348 && (neg
->service
.hdr
.tag_len
!= 0)) {
1349 insert_tag(sp
, &neg
->service
.hdr
); /* SERVICE */
1351 if ((tag
= get_tag(ph
, PTT_HOST_UNIQ
)))
1352 insert_tag(sp
, tag
); /* returned hostunique */
1353 insert_tag(sp
, &uniqtag
.hdr
);
1360 * Packets coming from the hook make no sense
1361 * to sessions in these states. Throw them away.
1367 case PPPOE_LISTENING
:
1374 NG_FREE_DATA(m
, meta
);
1379 * Do local shutdown processing..
1380 * If we are a persistant device, we might refuse to go away, and
1381 * we'd only remove our links and reset ourself.
1384 ng_pppoe_rmnode(node_p node
)
1386 const priv_p privdata
= node
->private;
1389 node
->flags
|= NG_INVALID
;
1392 node
->private = NULL
;
1393 ng_unref(privdata
->node
);
1394 kfree(privdata
, M_NETGRAPH
);
1399 * This is called once we've already connected a new hook to the other node.
1400 * It gives us a chance to balk at the last minute.
1403 ng_pppoe_connect(hook_p hook
)
1405 /* be really amiable and just say "YUP that's OK by me! " */
1410 * Hook disconnection
1412 * Clean up all dangling links and information about the session/hook.
1413 * For this type, removal of the last link destroys the node
1416 ng_pppoe_disconnect(hook_p hook
)
1418 node_p node
= hook
->node
;
1419 priv_p privp
= node
->private;
1424 hooks
= node
->numhooks
; /* this one already not counted */
1425 if (hook
->private == &privp
->debug_hook
) {
1426 privp
->debug_hook
= NULL
;
1427 } else if (hook
->private == &privp
->ethernet_hook
) {
1428 privp
->ethernet_hook
= NULL
;
1432 if (sp
->state
!= PPPOE_SNONE
) {
1433 pppoe_send_event(sp
, NGM_PPPOE_CLOSE
);
1436 * According to the spec, if we are connected,
1437 * we should send a DISC packet if we are shutting down
1440 if ((privp
->ethernet_hook
)
1441 && ((sp
->state
== PPPOE_CONNECTED
)
1442 || (sp
->state
== PPPOE_NEWCONNECTED
))) {
1444 struct pppoe_full_hdr
*wh
;
1445 struct pppoe_tag
*tag
;
1446 int msglen
= strlen(SIGNOFF
);
1450 /* revert the stored header to DISC/PADT mode */
1452 wh
->ph
.code
= PADT_CODE
;
1453 if (pppoe_mode
== PPPOE_NONSTANDARD
)
1454 wh
->eh
.ether_type
= ETHERTYPE_PPPOE_STUPID_DISC
;
1456 wh
->eh
.ether_type
= ETHERTYPE_PPPOE_DISC
;
1458 /* generate a packet of that type */
1459 MGETHDR(m
, MB_DONTWAIT
, MT_DATA
);
1461 kprintf("pppoe: Session out of mbufs\n");
1463 m
->m_pkthdr
.rcvif
= NULL
;
1464 m
->m_pkthdr
.len
= m
->m_len
= sizeof(*wh
);
1465 bcopy((caddr_t
)wh
, mtod(m
, caddr_t
),
1468 * Add a General error message and adjust
1471 wh
= mtod(m
, struct pppoe_full_hdr
*);
1473 tag
->tag_type
= PTT_GEN_ERR
;
1474 tag
->tag_len
= htons((u_int16_t
)msglen
);
1475 strncpy(tag
->tag_data
, SIGNOFF
, msglen
);
1476 m
->m_pkthdr
.len
= (m
->m_len
+= sizeof(*tag
) +
1478 wh
->ph
.length
= htons(sizeof(*tag
) + msglen
);
1479 NG_SEND_DATA(error
, privp
->ethernet_hook
, m
,
1484 * As long as we have somewhere to store the timeout handle,
1485 * we may have a timeout pending.. get rid of it.
1488 callout_stop(&sp
->neg
->timeout_ch
);
1490 m_freem(sp
->neg
->m
);
1491 kfree(sp
->neg
, M_NETGRAPH
);
1493 kfree(sp
, M_NETGRAPH
);
1494 hook
->private = NULL
;
1495 /* work out how many session hooks there are */
1496 /* Node goes away on last session hook removal */
1497 if (privp
->ethernet_hook
) hooks
-= 1;
1498 if (privp
->debug_hook
) hooks
-= 1;
1500 if (node
->numhooks
== 0)
1506 * timeouts come here.
1509 pppoe_ticker(void *arg
)
1512 sessp sp
= hook
->private;
1515 struct mbuf
*m0
= NULL
;
1516 priv_p privp
= hook
->node
->private;
1517 meta_p dummy
= NULL
;
1523 * resend the last packet, using an exponential backoff.
1524 * After a period of time, stop growing the backoff,
1525 * and either leave it, or revert to the start.
1529 /* timeouts on these produce resends */
1530 m0
= m_copypacket(sp
->neg
->m
, MB_DONTWAIT
);
1531 NG_SEND_DATA( error
, privp
->ethernet_hook
, m0
, dummy
);
1532 callout_reset(&neg
->timeout_ch
, neg
->timeout
* hz
,
1533 pppoe_ticker
, hook
);
1534 if ((neg
->timeout
<<= 1) > PPPOE_TIMEOUT_LIMIT
) {
1535 if (sp
->state
== PPPOE_SREQ
) {
1536 /* revert to SINIT mode */
1539 neg
->timeout
= PPPOE_TIMEOUT_LIMIT
;
1545 /* a timeout on these says "give up" */
1546 ng_destroy_hook(hook
);
1549 /* timeouts have no meaning in other states */
1550 kprintf("pppoe: unexpected timeout\n");
1557 sendpacket(sessp sp
)
1560 struct mbuf
*m0
= NULL
;
1561 hook_p hook
= sp
->hook
;
1563 priv_p privp
= hook
->node
->private;
1564 meta_p dummy
= NULL
;
1568 case PPPOE_LISTENING
:
1571 case PPPOE_CONNECTED
:
1572 kprintf("pppoe: sendpacket: unexpected state\n");
1575 case PPPOE_NEWCONNECTED
:
1576 /* send the PADS without a timeout - we're now connected */
1577 m0
= m_copypacket(sp
->neg
->m
, MB_DONTWAIT
);
1578 NG_SEND_DATA( error
, privp
->ethernet_hook
, m0
, dummy
);
1582 /* No packet to send, but set up the timeout */
1583 callout_reset(&neg
->timeout_ch
, PPPOE_OFFER_TIMEOUT
* hz
,
1584 pppoe_ticker
, hook
);
1589 * send the offer but if they don't respond
1590 * in PPPOE_OFFER_TIMEOUT seconds, forget about it.
1592 m0
= m_copypacket(sp
->neg
->m
, MB_DONTWAIT
);
1593 NG_SEND_DATA( error
, privp
->ethernet_hook
, m0
, dummy
);
1594 callout_reset(&neg
->timeout_ch
, PPPOE_OFFER_TIMEOUT
* hz
,
1595 pppoe_ticker
, hook
);
1600 m0
= m_copypacket(sp
->neg
->m
, MB_DONTWAIT
);
1601 NG_SEND_DATA( error
, privp
->ethernet_hook
, m0
, dummy
);
1602 callout_reset(&neg
->timeout_ch
, PPPOE_INITIAL_TIMEOUT
* hz
,
1603 pppoe_ticker
, hook
);
1604 neg
->timeout
= PPPOE_INITIAL_TIMEOUT
* 2;
1609 kprintf("pppoe: timeout: bad state\n");
1611 /* return (error); */
1615 * Parse an incoming packet to see if any tags should be copied to the
1616 * output packet. Don't do any tags that have been handled in the main
1619 static const struct pppoe_tag
*
1620 scan_tags(sessp sp
, const struct pppoe_hdr
* ph
)
1622 const char *const end
= (const char *)next_tag(ph
);
1624 const struct pppoe_tag
*pt
= &ph
->tag
[0];
1626 * Keep processing tags while a tag header will still fit.
1629 while((const char*)(pt
+ 1) <= end
) {
1631 * If the tag data would go past the end of the packet, abort.
1633 ptn
= (((const char *)(pt
+ 1)) + ntohs(pt
->tag_len
));
1637 switch (pt
->tag_type
) {
1653 pt
= (const struct pppoe_tag
*)ptn
;
1659 pppoe_send_event(sessp sp
, enum cmd cmdid
)
1662 struct ng_mesg
*msg
;
1663 struct ngpppoe_sts
*sts
;
1666 NG_MKMESSAGE(msg
, NGM_PPPOE_COOKIE
, cmdid
,
1667 sizeof(struct ngpppoe_sts
), M_NOWAIT
);
1670 sts
= (struct ngpppoe_sts
*)msg
->data
;
1671 strlcpy(sts
->hook
, sp
->hook
->name
, NG_HOOKSIZ
);
1672 error
= ng_send_msg(sp
->hook
->node
, msg
, sp
->creator
, NULL
);