48#endif 49 50#ifdef IPX 51#include <netipx/ipx.h> 52#include <netipx/ipx_if.h> 53#endif 54 55#ifdef NS 56#include <netns/ns.h> 57#include <netns/ns_if.h> 58#endif 59 60#ifdef ISO 61#include <netiso/argo_debug.h> 62#include <netiso/iso.h> 63#include <netiso/iso_var.h> 64#include <netiso/iso_snpac.h> 65#endif 66 67#include <net/if_sppp.h> 68 69#define MAXALIVECNT 3 /* max. alive packets */ 70 71/* 72 * Interface flags that can be set in an ifconfig command. 73 * 74 * Setting link0 will make the link passive, i.e. it will be marked 75 * as being administrative openable, but won't be opened to begin 76 * with. Incoming calls will be answered, or subsequent calls with 77 * -link1 will cause the administrative open of the LCP layer. 78 * 79 * Setting link1 will cause the link to auto-dial only as packets 80 * arrive to be sent. 81 * 82 * Setting IFF_DEBUG will syslog the option negotiation and state 83 * transitions at level kern.debug. Note: all logs consistently look 84 * like 85 * 86 * <if-name><unit>: <proto-name> <additional info...> 87 * 88 * with <if-name><unit> being something like "bppp0", and <proto-name> 89 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 90 */ 91 92#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 93#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 94 95#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 96#define PPP_UI 0x03 /* Unnumbered Information */ 97#define PPP_IP 0x0021 /* Internet Protocol */ 98#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 99#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 100#define PPP_IPX 0x002b /* Novell IPX Protocol */ 101#define PPP_LCP 0xc021 /* Link Control Protocol */ 102#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 103#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 104#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 105 106#define CONF_REQ 1 /* PPP configure request */ 107#define CONF_ACK 2 /* PPP configure acknowledge */ 108#define CONF_NAK 3 /* PPP configure negative ack */ 109#define CONF_REJ 4 /* PPP configure reject */ 110#define TERM_REQ 5 /* PPP terminate request */ 111#define TERM_ACK 6 /* PPP terminate acknowledge */ 112#define CODE_REJ 7 /* PPP code reject */ 113#define PROTO_REJ 8 /* PPP protocol reject */ 114#define ECHO_REQ 9 /* PPP echo request */ 115#define ECHO_REPLY 10 /* PPP echo reply */ 116#define DISC_REQ 11 /* PPP discard request */ 117 118#define LCP_OPT_MRU 1 /* maximum receive unit */ 119#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 120#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 121#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 122#define LCP_OPT_MAGIC 5 /* magic number */ 123#define LCP_OPT_RESERVED 6 /* reserved */ 124#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 125#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 126 127#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 128#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 129#define IPCP_OPT_ADDRESS 3 /* local IP address */ 130 131#define PAP_REQ 1 /* PAP name/password request */ 132#define PAP_ACK 2 /* PAP acknowledge */ 133#define PAP_NAK 3 /* PAP fail */ 134 135#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 136#define CHAP_RESPONSE 2 /* CHAP challenge response */ 137#define CHAP_SUCCESS 3 /* CHAP response ok */ 138#define CHAP_FAILURE 4 /* CHAP response failed */ 139 140#define CHAP_MD5 5 /* hash algorithm - MD5 */ 141 142#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 143#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 144#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 145#define CISCO_ADDR_REQ 0 /* Cisco address request */ 146#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 147#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 148 149/* states are named and numbered according to RFC 1661 */ 150#define STATE_INITIAL 0 151#define STATE_STARTING 1 152#define STATE_CLOSED 2 153#define STATE_STOPPED 3 154#define STATE_CLOSING 4 155#define STATE_STOPPING 5 156#define STATE_REQ_SENT 6 157#define STATE_ACK_RCVD 7 158#define STATE_ACK_SENT 8 159#define STATE_OPENED 9 160 161struct ppp_header { 162 u_char address; 163 u_char control; 164 u_short protocol; 165}; 166#define PPP_HEADER_LEN sizeof (struct ppp_header) 167 168struct lcp_header { 169 u_char type; 170 u_char ident; 171 u_short len; 172}; 173#define LCP_HEADER_LEN sizeof (struct lcp_header) 174 175struct cisco_packet { 176 u_long type; 177 u_long par1; 178 u_long par2; 179 u_short rel; 180 u_short time0; 181 u_short time1; 182}; 183#define CISCO_PACKET_LEN 18 184 185/* 186 * We follow the spelling and capitalization of RFC 1661 here, to make 187 * it easier comparing with the standard. Please refer to this RFC in 188 * case you can't make sense out of these abbreviation; it will also 189 * explain the semantics related to the various events and actions. 190 */ 191struct cp { 192 u_short proto; /* PPP control protocol number */ 193 u_char protoidx; /* index into state table in struct sppp */ 194 u_char flags; 195#define CP_LCP 0x01 /* this is the LCP */ 196#define CP_AUTH 0x02 /* this is an authentication protocol */ 197#define CP_NCP 0x04 /* this is a NCP */ 198#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 199 const char *name; /* name of this control protocol */ 200 /* event handlers */ 201 void (*Up)(struct sppp *sp); 202 void (*Down)(struct sppp *sp); 203 void (*Open)(struct sppp *sp); 204 void (*Close)(struct sppp *sp); 205 void (*TO)(void *sp); 206 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 207 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 208 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 209 /* actions */ 210 void (*tlu)(struct sppp *sp); 211 void (*tld)(struct sppp *sp); 212 void (*tls)(struct sppp *sp); 213 void (*tlf)(struct sppp *sp); 214 void (*scr)(struct sppp *sp); 215}; 216 217static struct sppp *spppq; 218static struct callout_handle keepalive_ch; 219 220/* 221 * The following disgusting hack gets around the problem that IP TOS 222 * can't be set yet. We want to put "interactive" traffic on a high 223 * priority queue. To decide if traffic is interactive, we check that 224 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 225 * 226 * XXX is this really still necessary? - joerg - 227 */ 228static u_short interactive_ports[8] = { 229 0, 513, 0, 0, 230 0, 21, 0, 23, 231}; 232#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 233 234/* almost every function needs these */ 235#define STDDCL \ 236 struct ifnet *ifp = &sp->pp_if; \ 237 int debug = ifp->if_flags & IFF_DEBUG 238 239static int sppp_output(struct ifnet *ifp, struct mbuf *m, 240 struct sockaddr *dst, struct rtentry *rt); 241 242static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 243static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 244 245static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 246 struct mbuf *m); 247static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 248 u_char ident, u_short len, void *data); 249static void sppp_cp_timeout(void *arg); 250static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 251 int newstate); 252static void sppp_auth_send(const struct cp *cp, 253 struct sppp *sp, u_char type, u_char id, 254 ...); 255 256static void sppp_up_event(const struct cp *cp, struct sppp *sp); 257static void sppp_down_event(const struct cp *cp, struct sppp *sp); 258static void sppp_open_event(const struct cp *cp, struct sppp *sp); 259static void sppp_close_event(const struct cp *cp, struct sppp *sp); 260static void sppp_to_event(const struct cp *cp, struct sppp *sp); 261 262static void sppp_null(struct sppp *sp); 263 264static void sppp_lcp_init(struct sppp *sp); 265static void sppp_lcp_up(struct sppp *sp); 266static void sppp_lcp_down(struct sppp *sp); 267static void sppp_lcp_open(struct sppp *sp); 268static void sppp_lcp_close(struct sppp *sp); 269static void sppp_lcp_TO(void *sp); 270static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 271static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 272static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 273static void sppp_lcp_tlu(struct sppp *sp); 274static void sppp_lcp_tld(struct sppp *sp); 275static void sppp_lcp_tls(struct sppp *sp); 276static void sppp_lcp_tlf(struct sppp *sp); 277static void sppp_lcp_scr(struct sppp *sp); 278static void sppp_lcp_check_and_close(struct sppp *sp); 279static int sppp_ncp_check(struct sppp *sp); 280 281static void sppp_ipcp_init(struct sppp *sp); 282static void sppp_ipcp_up(struct sppp *sp); 283static void sppp_ipcp_down(struct sppp *sp); 284static void sppp_ipcp_open(struct sppp *sp); 285static void sppp_ipcp_close(struct sppp *sp); 286static void sppp_ipcp_TO(void *sp); 287static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 288static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 289static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 290static void sppp_ipcp_tlu(struct sppp *sp); 291static void sppp_ipcp_tld(struct sppp *sp); 292static void sppp_ipcp_tls(struct sppp *sp); 293static void sppp_ipcp_tlf(struct sppp *sp); 294static void sppp_ipcp_scr(struct sppp *sp); 295 296static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 297static void sppp_pap_init(struct sppp *sp); 298static void sppp_pap_open(struct sppp *sp); 299static void sppp_pap_close(struct sppp *sp); 300static void sppp_pap_TO(void *sp); 301static void sppp_pap_my_TO(void *sp); 302static void sppp_pap_tlu(struct sppp *sp); 303static void sppp_pap_tld(struct sppp *sp); 304static void sppp_pap_scr(struct sppp *sp); 305 306static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 307static void sppp_chap_init(struct sppp *sp); 308static void sppp_chap_open(struct sppp *sp); 309static void sppp_chap_close(struct sppp *sp); 310static void sppp_chap_TO(void *sp); 311static void sppp_chap_tlu(struct sppp *sp); 312static void sppp_chap_tld(struct sppp *sp); 313static void sppp_chap_scr(struct sppp *sp); 314 315static const char *sppp_auth_type_name(u_short proto, u_char type); 316static const char *sppp_cp_type_name(u_char type); 317static const char *sppp_dotted_quad(u_long addr); 318static const char *sppp_ipcp_opt_name(u_char opt); 319static const char *sppp_lcp_opt_name(u_char opt); 320static const char *sppp_phase_name(enum ppp_phase phase); 321static const char *sppp_proto_name(u_short proto); 322static const char *sppp_state_name(int state); 323static int sppp_params(struct sppp *sp, int cmd, void *data); 324static int sppp_strnlen(u_char *p, int max); 325static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 326 u_long *srcmask); 327static void sppp_keepalive(void *dummy); 328static void sppp_phase_network(struct sppp *sp); 329static void sppp_print_bytes(const u_char *p, u_short len); 330static void sppp_print_string(const char *p, u_short len); 331static void sppp_qflush(struct ifqueue *ifq); 332static void sppp_set_ip_addr(struct sppp *sp, u_long src); 333 334/* our control protocol descriptors */ 335const struct cp lcp = { 336 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 337 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 338 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 339 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 340 sppp_lcp_scr 341}; 342 343const struct cp ipcp = { 344 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp", 345 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 346 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 347 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 348 sppp_ipcp_scr 349}; 350 351const struct cp pap = { 352 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 353 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 354 sppp_pap_TO, 0, 0, 0, 355 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 356 sppp_pap_scr 357}; 358 359const struct cp chap = { 360 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 361 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 362 sppp_chap_TO, 0, 0, 0, 363 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 364 sppp_chap_scr 365}; 366 367const struct cp *cps[IDX_COUNT] = { 368 &lcp, /* IDX_LCP */ 369 &ipcp, /* IDX_IPCP */ 370 &pap, /* IDX_PAP */ 371 &chap, /* IDX_CHAP */ 372}; 373 374 375/* 376 * Exported functions, comprising our interface to the lower layer. 377 */ 378 379/* 380 * Process the received packet. 381 */ 382void 383sppp_input(struct ifnet *ifp, struct mbuf *m) 384{ 385 struct ppp_header *h; 386 struct ifqueue *inq = 0; 387 int s; 388 struct sppp *sp = (struct sppp *)ifp; 389 int debug = ifp->if_flags & IFF_DEBUG; 390 391 if (ifp->if_flags & IFF_UP) 392 /* Count received bytes, add FCS and one flag */ 393 ifp->if_ibytes += m->m_pkthdr.len + 3; 394 395 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 396 /* Too small packet, drop it. */ 397 if (debug) 398 log(LOG_DEBUG, 399 "%s%d: input packet is too small, %d bytes\n", 400 ifp->if_name, ifp->if_unit, m->m_pkthdr.len); 401 drop: 402 ++ifp->if_ierrors; 403 ++ifp->if_iqdrops; 404 m_freem (m); 405 return; 406 } 407 408 /* Get PPP header. */ 409 h = mtod (m, struct ppp_header*); 410 m_adj (m, PPP_HEADER_LEN); 411 412 switch (h->address) { 413 case PPP_ALLSTATIONS: 414 if (h->control != PPP_UI) 415 goto invalid; 416 if (sp->pp_flags & PP_CISCO) { 417 if (debug) 418 log(LOG_DEBUG, 419 "%s%d: PPP packet in Cisco mode " 420 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 421 ifp->if_name, ifp->if_unit, 422 h->address, h->control, ntohs(h->protocol)); 423 goto drop; 424 } 425 switch (ntohs (h->protocol)) { 426 default: 427 if (sp->state[IDX_LCP] == STATE_OPENED) 428 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 429 ++sp->pp_seq, m->m_pkthdr.len + 2, 430 &h->protocol); 431 if (debug) 432 log(LOG_DEBUG, 433 "%s%d: invalid input protocol " 434 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 435 ifp->if_name, ifp->if_unit, 436 h->address, h->control, ntohs(h->protocol)); 437 ++ifp->if_noproto; 438 goto drop; 439 case PPP_LCP: 440 sppp_cp_input(&lcp, sp, m); 441 m_freem (m); 442 return; 443 case PPP_PAP: 444 if (sp->pp_phase >= PHASE_AUTHENTICATE) 445 sppp_pap_input(sp, m); 446 m_freem (m); 447 return; 448 case PPP_CHAP: 449 if (sp->pp_phase >= PHASE_AUTHENTICATE) 450 sppp_chap_input(sp, m); 451 m_freem (m); 452 return; 453#ifdef INET 454 case PPP_IPCP: 455 if (sp->pp_phase == PHASE_NETWORK) 456 sppp_cp_input(&ipcp, sp, m); 457 m_freem (m); 458 return; 459 case PPP_IP: 460 if (sp->state[IDX_IPCP] == STATE_OPENED) { 461 schednetisr (NETISR_IP); 462 inq = &ipintrq; 463 } 464 break; 465#endif 466#ifdef IPX 467 case PPP_IPX: 468 /* IPX IPXCP not implemented yet */ 469 if (sp->pp_phase == PHASE_NETWORK) { 470 schednetisr (NETISR_IPX); 471 inq = &ipxintrq; 472 } 473 break; 474#endif 475#ifdef NS 476 case PPP_XNS: 477 /* XNS IDPCP not implemented yet */ 478 if (sp->pp_phase == PHASE_NETWORK) { 479 schednetisr (NETISR_NS); 480 inq = &nsintrq; 481 } 482 break; 483#endif 484#ifdef ISO 485 case PPP_ISO: 486 /* OSI NLCP not implemented yet */ 487 if (sp->pp_phase == PHASE_NETWORK) { 488 schednetisr (NETISR_ISO); 489 inq = &clnlintrq; 490 } 491 break; 492#endif 493 } 494 break; 495 case CISCO_MULTICAST: 496 case CISCO_UNICAST: 497 /* Don't check the control field here (RFC 1547). */ 498 if (! (sp->pp_flags & PP_CISCO)) { 499 if (debug) 500 log(LOG_DEBUG, 501 "%s%d: Cisco packet in PPP mode " 502 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 503 ifp->if_name, ifp->if_unit, 504 h->address, h->control, ntohs(h->protocol)); 505 goto drop; 506 } 507 switch (ntohs (h->protocol)) { 508 default: 509 ++ifp->if_noproto; 510 goto invalid; 511 case CISCO_KEEPALIVE: 512 sppp_cisco_input ((struct sppp*) ifp, m); 513 m_freem (m); 514 return; 515#ifdef INET 516 case ETHERTYPE_IP: 517 schednetisr (NETISR_IP); 518 inq = &ipintrq; 519 break; 520#endif 521#ifdef IPX 522 case ETHERTYPE_IPX: 523 schednetisr (NETISR_IPX); 524 inq = &ipxintrq; 525 break; 526#endif 527#ifdef NS 528 case ETHERTYPE_NS: 529 schednetisr (NETISR_NS); 530 inq = &nsintrq; 531 break; 532#endif 533 } 534 break; 535 default: /* Invalid PPP packet. */ 536 invalid: 537 if (debug) 538 log(LOG_DEBUG, 539 "%s%d: invalid input packet " 540 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 541 ifp->if_name, ifp->if_unit, 542 h->address, h->control, ntohs(h->protocol)); 543 goto drop; 544 } 545 546 if (! (ifp->if_flags & IFF_UP) || ! inq) 547 goto drop; 548 549 /* Check queue. */ 550 s = splimp(); 551 if (IF_QFULL (inq)) { 552 /* Queue overflow. */ 553 IF_DROP(inq); 554 splx(s); 555 if (debug) 556 log(LOG_DEBUG, "%s%d: protocol queue overflow\n", 557 ifp->if_name, ifp->if_unit); 558 goto drop; 559 } 560 IF_ENQUEUE(inq, m); 561 splx(s); 562} 563 564/* 565 * Enqueue transmit packet. 566 */ 567static int 568sppp_output(struct ifnet *ifp, struct mbuf *m, 569 struct sockaddr *dst, struct rtentry *rt) 570{ 571 struct sppp *sp = (struct sppp*) ifp; 572 struct ppp_header *h; 573 struct ifqueue *ifq; 574 int s, rv = 0; 575 576 s = splimp(); 577 578 if ((ifp->if_flags & IFF_UP) == 0 || 579 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 580 m_freem (m); 581 splx (s); 582 return (ENETDOWN); 583 } 584 585 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 586 /* 587 * Interface is not yet running, but auto-dial. Need 588 * to start LCP for it. 589 */ 590 ifp->if_flags |= IFF_RUNNING; 591 splx(s); 592 lcp.Open(sp); 593 s = splimp(); 594 } 595 596 ifq = &ifp->if_snd; 597#ifdef INET 598 /* 599 * Put low delay, telnet, rlogin and ftp control packets 600 * in front of the queue. 601 */ 602 if (dst->sa_family == AF_INET) { 603 struct ip *ip = mtod (m, struct ip*); 604 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 605 606 if (! IF_QFULL (&sp->pp_fastq) && 607 ((ip->ip_tos & IPTOS_LOWDELAY) || 608 ip->ip_p == IPPROTO_TCP && 609 m->m_len >= sizeof (struct ip) + sizeof (struct tcphdr) && 610 (INTERACTIVE (ntohs (tcp->th_sport)) || 611 INTERACTIVE (ntohs (tcp->th_dport))))) 612 ifq = &sp->pp_fastq; 613 } 614#endif 615 616 /* 617 * Prepend general data packet PPP header. For now, IP only. 618 */ 619 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 620 if (! m) { 621 if (ifp->if_flags & IFF_DEBUG) 622 log(LOG_DEBUG, "%s%d: no memory for transmit header\n", 623 ifp->if_name, ifp->if_unit); 624 ++ifp->if_oerrors; 625 splx (s); 626 return (ENOBUFS); 627 } 628 h = mtod (m, struct ppp_header*); 629 if (sp->pp_flags & PP_CISCO) { 630 h->address = CISCO_UNICAST; /* unicast address */ 631 h->control = 0; 632 } else { 633 h->address = PPP_ALLSTATIONS; /* broadcast address */ 634 h->control = PPP_UI; /* Unnumbered Info */ 635 } 636 637 switch (dst->sa_family) { 638#ifdef INET 639 case AF_INET: /* Internet Protocol */ 640 if (sp->pp_flags & PP_CISCO) 641 h->protocol = htons (ETHERTYPE_IP); 642 else { 643 /* 644 * Don't choke with an ENETDOWN early. It's 645 * possible that we just started dialing out, 646 * so don't drop the packet immediately. If 647 * we notice that we run out of buffer space 648 * below, we will however remember that we are 649 * not ready to carry IP packets, and return 650 * ENETDOWN, as opposed to ENOBUFS. 651 */ 652 h->protocol = htons(PPP_IP); 653 if (sp->state[IDX_IPCP] != STATE_OPENED) 654 rv = ENETDOWN; 655 } 656 break; 657#endif 658#ifdef NS 659 case AF_NS: /* Xerox NS Protocol */ 660 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 661 ETHERTYPE_NS : PPP_XNS); 662 break; 663#endif 664#ifdef IPX 665 case AF_IPX: /* Novell IPX Protocol */ 666 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 667 ETHERTYPE_IPX : PPP_IPX); 668 break; 669#endif 670#ifdef ISO 671 case AF_ISO: /* ISO OSI Protocol */ 672 if (sp->pp_flags & PP_CISCO) 673 goto nosupport; 674 h->protocol = htons (PPP_ISO); 675 break; 676nosupport: 677#endif 678 default: 679 m_freem (m); 680 ++ifp->if_oerrors; 681 splx (s); 682 return (EAFNOSUPPORT); 683 } 684 685 /* 686 * Queue message on interface, and start output if interface 687 * not yet active. 688 */ 689 if (IF_QFULL (ifq)) { 690 IF_DROP (&ifp->if_snd); 691 m_freem (m); 692 ++ifp->if_oerrors; 693 splx (s); 694 return (rv? rv: ENOBUFS); 695 } 696 IF_ENQUEUE (ifq, m); 697 if (! (ifp->if_flags & IFF_OACTIVE)) 698 (*ifp->if_start) (ifp); 699 700 /* 701 * Count output packets and bytes. 702 * The packet length includes header, FCS and 1 flag, 703 * according to RFC 1333. 704 */ 705 ifp->if_obytes += m->m_pkthdr.len + 3; 706 splx (s); 707 return (0); 708} 709 710void 711sppp_attach(struct ifnet *ifp) 712{ 713 struct sppp *sp = (struct sppp*) ifp; 714 715 /* Initialize keepalive handler. */ 716 if (! spppq) 717 keepalive_ch = timeout(sppp_keepalive, 0, hz * 10); 718 719 /* Insert new entry into the keepalive list. */ 720 sp->pp_next = spppq; 721 spppq = sp; 722 723 sp->pp_if.if_type = IFT_PPP; 724 sp->pp_if.if_output = sppp_output; 725 sp->pp_fastq.ifq_maxlen = 32; 726 sp->pp_cpq.ifq_maxlen = 20; 727 sp->pp_loopcnt = 0; 728 sp->pp_alivecnt = 0; 729 sp->pp_seq = 0; 730 sp->pp_rseq = 0; 731 sp->pp_phase = PHASE_DEAD; 732 sp->pp_up = lcp.Up; 733 sp->pp_down = lcp.Down; 734 735 sppp_lcp_init(sp); 736 sppp_ipcp_init(sp); 737 sppp_pap_init(sp); 738 sppp_chap_init(sp); 739} 740 741void 742sppp_detach(struct ifnet *ifp) 743{ 744 struct sppp **q, *p, *sp = (struct sppp*) ifp; 745 int i; 746 747 /* Remove the entry from the keepalive list. */ 748 for (q = &spppq; (p = *q); q = &p->pp_next) 749 if (p == sp) { 750 *q = p->pp_next; 751 break; 752 } 753 754 /* Stop keepalive handler. */ 755 if (! spppq) 756 untimeout(sppp_keepalive, 0, keepalive_ch); 757 758 for (i = 0; i < IDX_COUNT; i++) 759 untimeout((cps[i])->TO, (void *)sp, sp->ch[i]); 760 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 761} 762 763/* 764 * Flush the interface output queue. 765 */ 766void 767sppp_flush(struct ifnet *ifp) 768{ 769 struct sppp *sp = (struct sppp*) ifp; 770 771 sppp_qflush (&sp->pp_if.if_snd); 772 sppp_qflush (&sp->pp_fastq); 773 sppp_qflush (&sp->pp_cpq); 774} 775 776/* 777 * Check if the output queue is empty. 778 */ 779int 780sppp_isempty(struct ifnet *ifp) 781{ 782 struct sppp *sp = (struct sppp*) ifp; 783 int empty, s; 784 785 s = splimp(); 786 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 787 !sp->pp_if.if_snd.ifq_head; 788 splx(s); 789 return (empty); 790} 791 792/* 793 * Get next packet to send. 794 */ 795struct mbuf * 796sppp_dequeue(struct ifnet *ifp) 797{ 798 struct sppp *sp = (struct sppp*) ifp; 799 struct mbuf *m; 800 int s; 801 802 s = splimp(); 803 /* 804 * Process only the control protocol queue until we have at 805 * least one NCP open. 806 * 807 * Do always serve all three queues in Cisco mode. 808 */ 809 IF_DEQUEUE(&sp->pp_cpq, m); 810 if (m == NULL && 811 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) { 812 IF_DEQUEUE(&sp->pp_fastq, m); 813 if (m == NULL) 814 IF_DEQUEUE (&sp->pp_if.if_snd, m); 815 } 816 splx(s); 817 return m; 818} 819 820/* 821 * Pick the next packet, do not remove it from the queue. 822 */ 823struct mbuf * 824sppp_pick(struct ifnet *ifp) 825{ 826 struct sppp *sp = (struct sppp*)ifp; 827 struct mbuf *m; 828 int s; 829 830 s= splimp (); 831 832 m = sp->pp_cpq.ifq_head; 833 if (m == NULL && 834 (sp->pp_phase == PHASE_NETWORK || 835 (sp->pp_flags & PP_CISCO) != 0)) 836 if ((m = sp->pp_fastq.ifq_head) == NULL) 837 m = sp->pp_if.if_snd.ifq_head; 838 splx (s); 839 return (m); 840} 841 842/* 843 * Process an ioctl request. Called on low priority level. 844 */ 845int 846sppp_ioctl(struct ifnet *ifp, int cmd, void *data) 847{ 848 struct ifreq *ifr = (struct ifreq*) data; 849 struct sppp *sp = (struct sppp*) ifp; 850 int s, rv, going_up, going_down, newmode; 851 852 s = splimp(); 853 rv = 0; 854 switch (cmd) { 855 case SIOCAIFADDR: 856 case SIOCSIFDSTADDR: 857 break; 858 859 case SIOCSIFADDR: 860 if_up(ifp); 861 /* fall through... */ 862 863 case SIOCSIFFLAGS: 864 going_up = ifp->if_flags & IFF_UP && 865 (ifp->if_flags & IFF_RUNNING) == 0; 866 going_down = (ifp->if_flags & IFF_UP) == 0 && 867 ifp->if_flags & IFF_RUNNING; 868 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 869 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 870 /* sanity */ 871 newmode = IFF_PASSIVE; 872 ifp->if_flags &= ~IFF_AUTO; 873 } 874 875 if (going_up || going_down) 876 lcp.Close(sp); 877 if (going_up && newmode == 0) { 878 /* neither auto-dial nor passive */ 879 ifp->if_flags |= IFF_RUNNING; 880 if (!(sp->pp_flags & PP_CISCO)) 881 lcp.Open(sp); 882 } else if (going_down) { 883 sppp_flush(ifp); 884 ifp->if_flags &= ~IFF_RUNNING; 885 } 886 887 break; 888 889#ifdef SIOCSIFMTU 890#ifndef ifr_mtu 891#define ifr_mtu ifr_metric 892#endif 893 case SIOCSIFMTU: 894 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 895 return (EINVAL); 896 ifp->if_mtu = ifr->ifr_mtu; 897 break; 898#endif 899#ifdef SLIOCSETMTU 900 case SLIOCSETMTU: 901 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 902 return (EINVAL); 903 ifp->if_mtu = *(short*)data; 904 break; 905#endif 906#ifdef SIOCGIFMTU 907 case SIOCGIFMTU: 908 ifr->ifr_mtu = ifp->if_mtu; 909 break; 910#endif 911#ifdef SLIOCGETMTU 912 case SLIOCGETMTU: 913 *(short*)data = ifp->if_mtu; 914 break; 915#endif 916 case SIOCADDMULTI: 917 case SIOCDELMULTI: 918 break; 919 920 case SIOCGIFGENERIC: 921 case SIOCSIFGENERIC: 922 rv = sppp_params(sp, cmd, data); 923 break; 924 925 default: 926 rv = ENOTTY; 927 } 928 splx(s); 929 return rv; 930} 931 932 933/* 934 * Cisco framing implementation. 935 */ 936 937/* 938 * Handle incoming Cisco keepalive protocol packets. 939 */ 940static void 941sppp_cisco_input(struct sppp *sp, struct mbuf *m) 942{ 943 STDDCL; 944 struct cisco_packet *h; 945 u_long me, mymask; 946 947 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 948 if (debug) 949 log(LOG_DEBUG, 950 "%s%d: cisco invalid packet length: %d bytes\n", 951 ifp->if_name, ifp->if_unit, m->m_pkthdr.len); 952 return; 953 } 954 h = mtod (m, struct cisco_packet*); 955 if (debug) 956 log(LOG_DEBUG, 957 "%s%d: cisco input: %d bytes " 958 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 959 ifp->if_name, ifp->if_unit, m->m_pkthdr.len, 960 ntohl (h->type), h->par1, h->par2, h->rel, 961 h->time0, h->time1); 962 switch (ntohl (h->type)) { 963 default: 964 if (debug) 965 addlog("%s%d: cisco unknown packet type: 0x%lx\n", 966 ifp->if_name, ifp->if_unit, ntohl (h->type)); 967 break; 968 case CISCO_ADDR_REPLY: 969 /* Reply on address request, ignore */ 970 break; 971 case CISCO_KEEPALIVE_REQ: 972 sp->pp_alivecnt = 0; 973 sp->pp_rseq = ntohl (h->par1); 974 if (sp->pp_seq == sp->pp_rseq) { 975 /* Local and remote sequence numbers are equal. 976 * Probably, the line is in loopback mode. */ 977 if (sp->pp_loopcnt >= MAXALIVECNT) { 978 printf ("%s%d: loopback\n", 979 ifp->if_name, ifp->if_unit); 980 sp->pp_loopcnt = 0; 981 if (ifp->if_flags & IFF_UP) { 982 if_down (ifp); 983 sppp_qflush (&sp->pp_cpq); 984 } 985 } 986 ++sp->pp_loopcnt; 987 988 /* Generate new local sequence number */ 989 sp->pp_seq ^= time.tv_sec ^ time.tv_usec; 990 break; 991 } 992 sp->pp_loopcnt = 0; 993 if (! (ifp->if_flags & IFF_UP) && 994 (ifp->if_flags & IFF_RUNNING)) { 995 if_up(ifp); 996 printf ("%s%d: up\n", ifp->if_name, ifp->if_unit); 997 } 998 break; 999 case CISCO_ADDR_REQ: 1000 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1001 if (me != 0L) 1002 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1003 break; 1004 } 1005} 1006 1007/* 1008 * Send Cisco keepalive packet. 1009 */ 1010static void 1011sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1012{ 1013 STDDCL; 1014 struct ppp_header *h; 1015 struct cisco_packet *ch; 1016 struct mbuf *m; 1017 u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1018 1019 MGETHDR (m, M_DONTWAIT, MT_DATA); 1020 if (! m) 1021 return; 1022 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1023 m->m_pkthdr.rcvif = 0; 1024 1025 h = mtod (m, struct ppp_header*); 1026 h->address = CISCO_MULTICAST; 1027 h->control = 0; 1028 h->protocol = htons (CISCO_KEEPALIVE); 1029 1030 ch = (struct cisco_packet*) (h + 1); 1031 ch->type = htonl (type); 1032 ch->par1 = htonl (par1); 1033 ch->par2 = htonl (par2); 1034 ch->rel = -1; 1035 ch->time0 = htons ((u_short) (t >> 16)); 1036 ch->time1 = htons ((u_short) t); 1037 1038 if (debug) 1039 log(LOG_DEBUG, 1040 "%s%d: cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1041 ifp->if_name, ifp->if_unit, ntohl (ch->type), ch->par1, 1042 ch->par2, ch->rel, ch->time0, ch->time1); 1043 1044 if (IF_QFULL (&sp->pp_cpq)) { 1045 IF_DROP (&sp->pp_fastq); 1046 IF_DROP (&ifp->if_snd); 1047 m_freem (m); 1048 } else 1049 IF_ENQUEUE (&sp->pp_cpq, m); 1050 if (! (ifp->if_flags & IFF_OACTIVE)) 1051 (*ifp->if_start) (ifp); 1052 ifp->if_obytes += m->m_pkthdr.len + 3; 1053} 1054 1055/* 1056 * PPP protocol implementation. 1057 */ 1058 1059/* 1060 * Send PPP control protocol packet. 1061 */ 1062static void 1063sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1064 u_char ident, u_short len, void *data) 1065{ 1066 STDDCL; 1067 struct ppp_header *h; 1068 struct lcp_header *lh; 1069 struct mbuf *m; 1070 1071 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1072 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1073 MGETHDR (m, M_DONTWAIT, MT_DATA); 1074 if (! m) 1075 return; 1076 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1077 m->m_pkthdr.rcvif = 0; 1078 1079 h = mtod (m, struct ppp_header*); 1080 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1081 h->control = PPP_UI; /* Unnumbered Info */ 1082 h->protocol = htons (proto); /* Link Control Protocol */ 1083 1084 lh = (struct lcp_header*) (h + 1); 1085 lh->type = type; 1086 lh->ident = ident; 1087 lh->len = htons (LCP_HEADER_LEN + len); 1088 if (len) 1089 bcopy (data, lh+1, len); 1090 1091 if (debug) { 1092 log(LOG_DEBUG, "%s%d: %s output <%s id=0x%x len=%d", 1093 ifp->if_name, ifp->if_unit, 1094 sppp_proto_name(proto), 1095 sppp_cp_type_name (lh->type), lh->ident, 1096 ntohs (lh->len)); 1097 if (len) 1098 sppp_print_bytes ((u_char*) (lh+1), len); 1099 addlog(">\n"); 1100 } 1101 if (IF_QFULL (&sp->pp_cpq)) { 1102 IF_DROP (&sp->pp_fastq); 1103 IF_DROP (&ifp->if_snd); 1104 m_freem (m); 1105 ++ifp->if_oerrors; 1106 } else 1107 IF_ENQUEUE (&sp->pp_cpq, m); 1108 if (! (ifp->if_flags & IFF_OACTIVE)) 1109 (*ifp->if_start) (ifp); 1110 ifp->if_obytes += m->m_pkthdr.len + 3; 1111} 1112 1113/* 1114 * Handle incoming PPP control protocol packets. 1115 */ 1116static void 1117sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1118{ 1119 STDDCL; 1120 struct lcp_header *h; 1121 int len = m->m_pkthdr.len; 1122 int rv; 1123 u_char *p; 1124 1125 if (len < 4) { 1126 if (debug) 1127 log(LOG_DEBUG, 1128 "%s%d: %s invalid packet length: %d bytes\n", 1129 ifp->if_name, ifp->if_unit, cp->name, len); 1130 return; 1131 } 1132 h = mtod (m, struct lcp_header*); 1133 if (debug) { 1134 log(LOG_DEBUG, 1135 "%s%d: %s input(%s): <%s id=0x%x len=%d", 1136 ifp->if_name, ifp->if_unit, cp->name, 1137 sppp_state_name(sp->state[cp->protoidx]), 1138 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1139 if (len > 4) 1140 sppp_print_bytes ((u_char*) (h+1), len-4); 1141 addlog(">\n"); 1142 } 1143 if (len > ntohs (h->len)) 1144 len = ntohs (h->len); 1145 p = (u_char *)(h + 1); 1146 switch (h->type) { 1147 case CONF_REQ: 1148 if (len < 4) { 1149 if (debug) 1150 addlog("%s%d: %s invalid conf-req length %d\n", 1151 ifp->if_name, ifp->if_unit, cp->name, 1152 len); 1153 ++ifp->if_ierrors; 1154 break; 1155 } 1156 /* handle states where RCR doesn't get a SCA/SCN */ 1157 switch (sp->state[cp->protoidx]) { 1158 case STATE_CLOSING: 1159 case STATE_STOPPING: 1160 return; 1161 case STATE_CLOSED: 1162 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1163 0, 0); 1164 return; 1165 } 1166 rv = (cp->RCR)(sp, h, len); 1167 switch (sp->state[cp->protoidx]) { 1168 case STATE_OPENED: 1169 (cp->tld)(sp); 1170 (cp->scr)(sp); 1171 /* fall through... */ 1172 case STATE_ACK_SENT: 1173 case STATE_REQ_SENT: 1174 sppp_cp_change_state(cp, sp, rv? 1175 STATE_ACK_SENT: STATE_REQ_SENT); 1176 break; 1177 case STATE_STOPPED: 1178 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1179 (cp->scr)(sp); 1180 sppp_cp_change_state(cp, sp, rv? 1181 STATE_ACK_SENT: STATE_REQ_SENT); 1182 break; 1183 case STATE_ACK_RCVD: 1184 if (rv) { 1185 sppp_cp_change_state(cp, sp, STATE_OPENED); 1186 if (debug) 1187 log(LOG_DEBUG, "%s%d: %s tlu\n", 1188 ifp->if_name, ifp->if_unit, 1189 cp->name); 1190 (cp->tlu)(sp); 1191 } else 1192 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1193 break; 1194 default: 1195 printf("%s%d: %s illegal %s in state %s\n", 1196 ifp->if_name, ifp->if_unit, cp->name, 1197 sppp_cp_type_name(h->type), 1198 sppp_state_name(sp->state[cp->protoidx])); 1199 ++ifp->if_ierrors; 1200 } 1201 break; 1202 case CONF_ACK: 1203 if (h->ident != sp->confid[cp->protoidx]) { 1204 if (debug) 1205 addlog("%s%d: %s id mismatch 0x%x != 0x%x\n", 1206 ifp->if_name, ifp->if_unit, cp->name, 1207 h->ident, sp->confid[cp->protoidx]); 1208 ++ifp->if_ierrors; 1209 break; 1210 } 1211 switch (sp->state[cp->protoidx]) { 1212 case STATE_CLOSED: 1213 case STATE_STOPPED: 1214 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1215 break; 1216 case STATE_CLOSING: 1217 case STATE_STOPPING: 1218 break; 1219 case STATE_REQ_SENT: 1220 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1221 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1222 break; 1223 case STATE_OPENED: 1224 (cp->tld)(sp); 1225 /* fall through */ 1226 case STATE_ACK_RCVD: 1227 (cp->scr)(sp); 1228 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1229 break; 1230 case STATE_ACK_SENT: 1231 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1232 sppp_cp_change_state(cp, sp, STATE_OPENED); 1233 if (debug) 1234 log(LOG_DEBUG, "%s%d: %s tlu\n", 1235 ifp->if_name, ifp->if_unit, cp->name); 1236 (cp->tlu)(sp); 1237 break; 1238 default: 1239 printf("%s%d: %s illegal %s in state %s\n", 1240 ifp->if_name, ifp->if_unit, cp->name, 1241 sppp_cp_type_name(h->type), 1242 sppp_state_name(sp->state[cp->protoidx])); 1243 ++ifp->if_ierrors; 1244 } 1245 break; 1246 case CONF_NAK: 1247 case CONF_REJ: 1248 if (h->ident != sp->confid[cp->protoidx]) { 1249 if (debug) 1250 addlog("%s%d: %s id mismatch 0x%x != 0x%x\n", 1251 ifp->if_name, ifp->if_unit, cp->name, 1252 h->ident, sp->confid[cp->protoidx]); 1253 ++ifp->if_ierrors; 1254 break; 1255 } 1256 if (h->type == CONF_NAK) 1257 (cp->RCN_nak)(sp, h, len); 1258 else /* CONF_REJ */ 1259 (cp->RCN_rej)(sp, h, len); 1260 1261 switch (sp->state[cp->protoidx]) { 1262 case STATE_CLOSED: 1263 case STATE_STOPPED: 1264 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1265 break; 1266 case STATE_REQ_SENT: 1267 case STATE_ACK_SENT: 1268 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1269 (cp->scr)(sp); 1270 break; 1271 case STATE_OPENED: 1272 (cp->tld)(sp); 1273 /* fall through */ 1274 case STATE_ACK_RCVD: 1275 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1276 (cp->scr)(sp); 1277 break; 1278 case STATE_CLOSING: 1279 case STATE_STOPPING: 1280 break; 1281 default: 1282 printf("%s%d: %s illegal %s in state %s\n", 1283 ifp->if_name, ifp->if_unit, cp->name, 1284 sppp_cp_type_name(h->type), 1285 sppp_state_name(sp->state[cp->protoidx])); 1286 ++ifp->if_ierrors; 1287 } 1288 break; 1289 1290 case TERM_REQ: 1291 switch (sp->state[cp->protoidx]) { 1292 case STATE_ACK_RCVD: 1293 case STATE_ACK_SENT: 1294 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1295 /* fall through */ 1296 case STATE_CLOSED: 1297 case STATE_STOPPED: 1298 case STATE_CLOSING: 1299 case STATE_STOPPING: 1300 case STATE_REQ_SENT: 1301 sta: 1302 /* Send Terminate-Ack packet. */ 1303 if (debug) 1304 log(LOG_DEBUG, "%s%d: %s send terminate-ack\n", 1305 ifp->if_name, ifp->if_unit, cp->name); 1306 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1307 break; 1308 case STATE_OPENED: 1309 (cp->tld)(sp); 1310 sp->rst_counter[cp->protoidx] = 0; 1311 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1312 goto sta; 1313 break; 1314 default: 1315 printf("%s%d: %s illegal %s in state %s\n", 1316 ifp->if_name, ifp->if_unit, cp->name, 1317 sppp_cp_type_name(h->type), 1318 sppp_state_name(sp->state[cp->protoidx])); 1319 ++ifp->if_ierrors; 1320 } 1321 break; 1322 case TERM_ACK: 1323 switch (sp->state[cp->protoidx]) { 1324 case STATE_CLOSED: 1325 case STATE_STOPPED: 1326 case STATE_REQ_SENT: 1327 case STATE_ACK_SENT: 1328 break; 1329 case STATE_CLOSING: 1330 (cp->tlf)(sp); 1331 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1332 break; 1333 case STATE_STOPPING: 1334 (cp->tlf)(sp); 1335 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1336 break; 1337 case STATE_ACK_RCVD: 1338 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1339 break; 1340 case STATE_OPENED: 1341 (cp->tld)(sp); 1342 (cp->scr)(sp); 1343 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1344 break; 1345 default: 1346 printf("%s%d: %s illegal %s in state %s\n", 1347 ifp->if_name, ifp->if_unit, cp->name, 1348 sppp_cp_type_name(h->type), 1349 sppp_state_name(sp->state[cp->protoidx])); 1350 ++ifp->if_ierrors; 1351 } 1352 break; 1353 case CODE_REJ: 1354 case PROTO_REJ: 1355 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1356 log(LOG_INFO, 1357 "%s%d: %s: ignoring RXJ (%s) for proto 0x%x, " 1358 "danger will robinson\n", 1359 ifp->if_name, ifp->if_unit, cp->name, 1360 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1361 switch (sp->state[cp->protoidx]) { 1362 case STATE_CLOSED: 1363 case STATE_STOPPED: 1364 case STATE_REQ_SENT: 1365 case STATE_ACK_SENT: 1366 case STATE_CLOSING: 1367 case STATE_STOPPING: 1368 case STATE_OPENED: 1369 break; 1370 case STATE_ACK_RCVD: 1371 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1372 break; 1373 default: 1374 printf("%s%d: %s illegal %s in state %s\n", 1375 ifp->if_name, ifp->if_unit, cp->name, 1376 sppp_cp_type_name(h->type), 1377 sppp_state_name(sp->state[cp->protoidx])); 1378 ++ifp->if_ierrors; 1379 } 1380 break; 1381 case DISC_REQ: 1382 if (cp->proto != PPP_LCP) 1383 goto illegal; 1384 /* Discard the packet. */ 1385 break; 1386 case ECHO_REQ: 1387 if (cp->proto != PPP_LCP) 1388 goto illegal; 1389 if (sp->state[cp->protoidx] != STATE_OPENED) { 1390 if (debug) 1391 addlog("%s%d: lcp echo req but lcp closed\n", 1392 ifp->if_name, ifp->if_unit); 1393 ++ifp->if_ierrors; 1394 break; 1395 } 1396 if (len < 8) { 1397 if (debug) 1398 addlog("%s%d: invalid lcp echo request " 1399 "packet length: %d bytes\n", 1400 ifp->if_name, ifp->if_unit, len); 1401 break; 1402 } 1403 if (ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1404 /* Line loopback mode detected. */ 1405 printf("%s%d: loopback\n", ifp->if_name, ifp->if_unit); 1406 if_down (ifp); 1407 sppp_qflush (&sp->pp_cpq); 1408 1409 /* Shut down the PPP link. */ 1410 /* XXX */ 1411 lcp.Down(sp); 1412 lcp.Up(sp); 1413 break; 1414 } 1415 *(long*)(h+1) = htonl (sp->lcp.magic); 1416 if (debug) 1417 addlog("%s%d: got lcp echo req, sending echo rep\n", 1418 ifp->if_name, ifp->if_unit); 1419 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1420 break; 1421 case ECHO_REPLY: 1422 if (cp->proto != PPP_LCP) 1423 goto illegal; 1424 if (h->ident != sp->lcp.echoid) { 1425 ++ifp->if_ierrors; 1426 break; 1427 } 1428 if (len < 8) { 1429 if (debug) 1430 addlog("%s%d: lcp invalid echo reply " 1431 "packet length: %d bytes\n", 1432 ifp->if_name, ifp->if_unit, len); 1433 break; 1434 } 1435 if (debug) 1436 addlog("%s%d: lcp got echo rep\n", 1437 ifp->if_name, ifp->if_unit); 1438 if (ntohl (*(long*)(h+1)) != sp->lcp.magic) 1439 sp->pp_alivecnt = 0; 1440 break; 1441 default: 1442 /* Unknown packet type -- send Code-Reject packet. */ 1443 illegal: 1444 if (debug) 1445 addlog("%s%d: %c send code-rej for 0x%x\n", 1446 ifp->if_name, ifp->if_unit, cp->name, h->type); 1447 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq, 1448 m->m_pkthdr.len, h); 1449 ++ifp->if_ierrors; 1450 } 1451} 1452 1453 1454/* 1455 * The generic part of all Up/Down/Open/Close/TO event handlers. 1456 * Basically, the state transition handling in the automaton. 1457 */ 1458static void 1459sppp_up_event(const struct cp *cp, struct sppp *sp) 1460{ 1461 STDDCL; 1462 1463 if (debug) 1464 log(LOG_DEBUG, "%s%d: %s up(%s)\n", 1465 ifp->if_name, ifp->if_unit, cp->name, 1466 sppp_state_name(sp->state[cp->protoidx])); 1467 1468 switch (sp->state[cp->protoidx]) { 1469 case STATE_INITIAL: 1470 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1471 break; 1472 case STATE_STARTING: 1473 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1474 (cp->scr)(sp); 1475 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1476 break; 1477 default: 1478 printf("%s%d: %s illegal up in state %s\n", 1479 ifp->if_name, ifp->if_unit, cp->name, 1480 sppp_state_name(sp->state[cp->protoidx])); 1481 } 1482} 1483 1484static void 1485sppp_down_event(const struct cp *cp, struct sppp *sp) 1486{ 1487 STDDCL; 1488 1489 if (debug) 1490 log(LOG_DEBUG, "%s%d: %s down(%s)\n", 1491 ifp->if_name, ifp->if_unit, cp->name, 1492 sppp_state_name(sp->state[cp->protoidx])); 1493 1494 switch (sp->state[cp->protoidx]) { 1495 case STATE_CLOSED: 1496 case STATE_CLOSING: 1497 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1498 break; 1499 case STATE_STOPPED: 1500 (cp->tls)(sp); 1501 /* fall through */ 1502 case STATE_STOPPING: 1503 case STATE_REQ_SENT: 1504 case STATE_ACK_RCVD: 1505 case STATE_ACK_SENT: 1506 sppp_cp_change_state(cp, sp, STATE_STARTING); 1507 break; 1508 case STATE_OPENED: 1509 (cp->tld)(sp); 1510 sppp_cp_change_state(cp, sp, STATE_STARTING); 1511 break; 1512 default: 1513 printf("%s%d: %s illegal down in state %s\n", 1514 ifp->if_name, ifp->if_unit, cp->name, 1515 sppp_state_name(sp->state[cp->protoidx])); 1516 } 1517} 1518 1519 1520static void 1521sppp_open_event(const struct cp *cp, struct sppp *sp) 1522{ 1523 STDDCL; 1524 1525 if (debug) 1526 log(LOG_DEBUG, "%s%d: %s open(%s)\n", 1527 ifp->if_name, ifp->if_unit, cp->name, 1528 sppp_state_name(sp->state[cp->protoidx])); 1529 1530 switch (sp->state[cp->protoidx]) { 1531 case STATE_INITIAL: 1532 (cp->tls)(sp); 1533 sppp_cp_change_state(cp, sp, STATE_STARTING); 1534 break; 1535 case STATE_STARTING: 1536 break; 1537 case STATE_CLOSED: 1538 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1539 (cp->scr)(sp); 1540 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1541 break; 1542 case STATE_STOPPED: 1543 case STATE_STOPPING: 1544 case STATE_REQ_SENT: 1545 case STATE_ACK_RCVD: 1546 case STATE_ACK_SENT: 1547 case STATE_OPENED: 1548 break; 1549 case STATE_CLOSING: 1550 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1551 break; 1552 } 1553} 1554 1555 1556static void 1557sppp_close_event(const struct cp *cp, struct sppp *sp) 1558{ 1559 STDDCL; 1560 1561 if (debug) 1562 log(LOG_DEBUG, "%s%d: %s close(%s)\n", 1563 ifp->if_name, ifp->if_unit, cp->name, 1564 sppp_state_name(sp->state[cp->protoidx])); 1565 1566 switch (sp->state[cp->protoidx]) { 1567 case STATE_INITIAL: 1568 case STATE_CLOSED: 1569 case STATE_CLOSING: 1570 break; 1571 case STATE_STARTING: 1572 (cp->tlf)(sp); 1573 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1574 break; 1575 case STATE_STOPPED: 1576 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1577 break; 1578 case STATE_STOPPING: 1579 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1580 break; 1581 case STATE_OPENED: 1582 (cp->tld)(sp); 1583 /* fall through */ 1584 case STATE_REQ_SENT: 1585 case STATE_ACK_RCVD: 1586 case STATE_ACK_SENT: 1587 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1588 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1589 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1590 break; 1591 } 1592} 1593 1594static void 1595sppp_to_event(const struct cp *cp, struct sppp *sp) 1596{ 1597 STDDCL; 1598 int s; 1599 1600 s = splimp(); 1601 if (debug) 1602 log(LOG_DEBUG, "%s%d: %s TO(%s) rst_counter = %d\n", 1603 ifp->if_name, ifp->if_unit, cp->name, 1604 sppp_state_name(sp->state[cp->protoidx]), 1605 sp->rst_counter[cp->protoidx]); 1606 1607 if (--sp->rst_counter[cp->protoidx] < 0) 1608 /* TO- event */ 1609 switch (sp->state[cp->protoidx]) { 1610 case STATE_CLOSING: 1611 (cp->tlf)(sp); 1612 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1613 break; 1614 case STATE_STOPPING: 1615 (cp->tlf)(sp); 1616 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1617 break; 1618 case STATE_REQ_SENT: 1619 case STATE_ACK_RCVD: 1620 case STATE_ACK_SENT: 1621 (cp->tlf)(sp); 1622 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1623 break; 1624 } 1625 else 1626 /* TO+ event */ 1627 switch (sp->state[cp->protoidx]) { 1628 case STATE_CLOSING: 1629 case STATE_STOPPING: 1630 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 1631 0, 0); 1632 sp->ch[cp->protoidx] = timeout(cp->TO, (void *)sp, 1633 sp->lcp.timeout); 1634 break; 1635 case STATE_REQ_SENT: 1636 case STATE_ACK_RCVD: 1637 (cp->scr)(sp); 1638 /* sppp_cp_change_state() will restart the timer */ 1639 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1640 break; 1641 case STATE_ACK_SENT: 1642 (cp->scr)(sp); 1643 sp->ch[cp->protoidx] = timeout(cp->TO, (void *)sp, 1644 sp->lcp.timeout); 1645 break; 1646 } 1647 1648 splx(s); 1649} 1650 1651/* 1652 * Change the state of a control protocol in the state automaton. 1653 * Takes care of starting/stopping the restart timer. 1654 */ 1655void 1656sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1657{ 1658 sp->state[cp->protoidx] = newstate; 1659 1660 untimeout(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 1661 switch (newstate) { 1662 case STATE_INITIAL: 1663 case STATE_STARTING: 1664 case STATE_CLOSED: 1665 case STATE_STOPPED: 1666 case STATE_OPENED: 1667 break; 1668 case STATE_CLOSING: 1669 case STATE_STOPPING: 1670 case STATE_REQ_SENT: 1671 case STATE_ACK_RCVD: 1672 case STATE_ACK_SENT: 1673 sp->ch[cp->protoidx] = timeout(cp->TO, (void *)sp, 1674 sp->lcp.timeout); 1675 break; 1676 } 1677} 1678/* 1679 *--------------------------------------------------------------------------* 1680 * * 1681 * The LCP implementation. * 1682 * * 1683 *--------------------------------------------------------------------------* 1684 */ 1685static void 1686sppp_lcp_init(struct sppp *sp) 1687{ 1688 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1689 sp->lcp.magic = 0; 1690 sp->state[IDX_LCP] = STATE_INITIAL; 1691 sp->fail_counter[IDX_LCP] = 0; 1692 sp->lcp.protos = 0; 1693 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 1694 1695 /* 1696 * Initialize counters and timeout values. Note that we don't 1697 * use the 3 seconds suggested in RFC 1661 since we are likely 1698 * running on a fast link. XXX We should probably implement 1699 * the exponential backoff option. Note that these values are 1700 * relevant for all control protocols, not just LCP only. 1701 */ 1702 sp->lcp.timeout = 1 * hz; 1703 sp->lcp.max_terminate = 2; 1704 sp->lcp.max_configure = 10; 1705 sp->lcp.max_failure = 10; 1706 callout_handle_init(&sp->ch[IDX_LCP]); 1707} 1708 1709static void 1710sppp_lcp_up(struct sppp *sp) 1711{ 1712 STDDCL; 1713 1714 /* 1715 * If this interface is passive or dial-on-demand, and we are 1716 * still in Initial state, it means we've got an incoming 1717 * call. Activate the interface. 1718 */ 1719 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 1720 if (debug) 1721 log(LOG_DEBUG, 1722 "%s%d: Up event", ifp->if_name, ifp->if_unit); 1723 ifp->if_flags |= IFF_RUNNING; 1724 if (sp->state[IDX_LCP] == STATE_INITIAL) { 1725 if (debug) 1726 addlog("(incoming call)\n"); 1727 sp->pp_flags |= PP_CALLIN; 1728 lcp.Open(sp); 1729 } else if (debug) 1730 addlog("\n"); 1731 } 1732 1733 sppp_up_event(&lcp, sp); 1734} 1735 1736static void 1737sppp_lcp_down(struct sppp *sp) 1738{ 1739 STDDCL; 1740 1741 sppp_down_event(&lcp, sp); 1742 1743 /* 1744 * If this is neither a dial-on-demand nor a passive 1745 * interface, simulate an ``ifconfig down'' action, so the 1746 * administrator can force a redial by another ``ifconfig 1747 * up''. XXX For leased line operation, should we immediately 1748 * try to reopen the connection here? 1749 */ 1750 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 1751 log(LOG_INFO, 1752 "%s%d: Down event (carrier loss), taking interface down.\n", 1753 ifp->if_name, ifp->if_unit); 1754 if_down(ifp); 1755 } else { 1756 if (debug) 1757 log(LOG_DEBUG, 1758 "%s%d: Down event (carrier loss)\n", 1759 ifp->if_name, ifp->if_unit); 1760 } 1761 sp->pp_flags &= ~PP_CALLIN; 1762 if (sp->state[IDX_LCP] != STATE_INITIAL) 1763 lcp.Close(sp); 1764 ifp->if_flags &= ~IFF_RUNNING; 1765} 1766 1767static void 1768sppp_lcp_open(struct sppp *sp) 1769{ 1770 /* 1771 * If we are authenticator, negotiate LCP_AUTH 1772 */ 1773 if (sp->hisauth.proto != 0) 1774 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 1775 else 1776 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1777 sp->pp_flags &= ~PP_NEEDAUTH; 1778 sppp_open_event(&lcp, sp); 1779} 1780 1781static void 1782sppp_lcp_close(struct sppp *sp) 1783{ 1784 sppp_close_event(&lcp, sp); 1785} 1786 1787static void 1788sppp_lcp_TO(void *cookie) 1789{ 1790 sppp_to_event(&lcp, (struct sppp *)cookie); 1791} 1792 1793/* 1794 * Analyze a configure request. Return true if it was agreeable, and 1795 * caused action sca, false if it has been rejected or nak'ed, and 1796 * caused action scn. (The return value is used to make the state 1797 * transition decision in the state automaton.) 1798 */ 1799static int 1800sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 1801{ 1802 STDDCL; 1803 u_char *buf, *r, *p; 1804 int origlen, rlen; 1805 u_long nmagic; 1806 u_short authproto; 1807 1808 len -= 4; 1809 origlen = len; 1810 buf = r = malloc (len, M_TEMP, M_NOWAIT); 1811 if (! buf) 1812 return (0); 1813 1814 if (debug) 1815 log(LOG_DEBUG, "%s%d: lcp parse opts: ", 1816 ifp->if_name, ifp->if_unit); 1817 1818 /* pass 1: check for things that need to be rejected */ 1819 p = (void*) (h+1); 1820 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 1821 if (debug) 1822 addlog(" %s ", sppp_lcp_opt_name(*p)); 1823 switch (*p) { 1824 case LCP_OPT_MAGIC: 1825 /* Magic number. */ 1826 /* fall through, both are same length */ 1827 case LCP_OPT_ASYNC_MAP: 1828 /* Async control character map. */ 1829 if (len >= 6 || p[1] == 6) 1830 continue; 1831 if (debug) 1832 addlog("[invalid] "); 1833 break; 1834 case LCP_OPT_MRU: 1835 /* Maximum receive unit. */ 1836 if (len >= 4 && p[1] == 4) 1837 continue; 1838 if (debug) 1839 addlog("[invalid] "); 1840 break; 1841 case LCP_OPT_AUTH_PROTO: 1842 if (len < 4) { 1843 if (debug) 1844 addlog("[invalid] "); 1845 break; 1846 } 1847 authproto = (p[2] << 8) + p[3]; 1848 if (authproto == PPP_CHAP && p[1] != 5) { 1849 if (debug) 1850 addlog("[invalid chap len] "); 1851 break; 1852 } 1853 if (sp->myauth.proto == 0) { 1854 /* we are not configured to do auth */ 1855 if (debug) 1856 addlog("[not configured] "); 1857 break; 1858 } 1859 /* 1860 * Remote want us to authenticate, remember this, 1861 * so we stay in PHASE_AUTHENTICATE after LCP got 1862 * up. 1863 */ 1864 sp->pp_flags |= PP_NEEDAUTH; 1865 continue; 1866 default: 1867 /* Others not supported. */ 1868 if (debug) 1869 addlog("[rej] "); 1870 break; 1871 } 1872 /* Add the option to rejected list. */ 1873 bcopy (p, r, p[1]); 1874 r += p[1]; 1875 rlen += p[1]; 1876 } 1877 if (rlen) { 1878 if (debug) 1879 addlog(" send conf-rej\n"); 1880 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 1881 return 0; 1882 } else if (debug) 1883 addlog("\n"); 1884 1885 /* 1886 * pass 2: check for option values that are unacceptable and 1887 * thus require to be nak'ed. 1888 */ 1889 if (debug) 1890 log(LOG_DEBUG, "%s%d: lcp parse opt values: ", 1891 ifp->if_name, ifp->if_unit); 1892 1893 p = (void*) (h+1); 1894 len = origlen; 1895 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 1896 if (debug) 1897 addlog(" %s ", sppp_lcp_opt_name(*p)); 1898 switch (*p) { 1899 case LCP_OPT_MAGIC: 1900 /* Magic number -- extract. */ 1901 nmagic = (u_long)p[2] << 24 | 1902 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 1903 if (nmagic != sp->lcp.magic) { 1904 if (debug) 1905 addlog("0x%x ", nmagic); 1906 continue; 1907 } 1908 /* 1909 * Local and remote magics equal -- loopback? 1910 */ 1911 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 1912 printf ("%s%d: loopback\n", 1913 ifp->if_name, ifp->if_unit); 1914 sp->pp_loopcnt = 0; 1915 if (ifp->if_flags & IFF_UP) { 1916 if_down(ifp); 1917 sppp_qflush(&sp->pp_cpq); 1918 /* XXX ? */ 1919 lcp.Down(sp); 1920 lcp.Up(sp); 1921 } 1922 } else if (debug) 1923 addlog("[glitch] "); 1924 ++sp->pp_loopcnt; 1925 /* 1926 * We negate our magic here, and NAK it. If 1927 * we see it later in an NAK packet, we 1928 * suggest a new one. 1929 */ 1930 nmagic = ~sp->lcp.magic; 1931 /* Gonna NAK it. */ 1932 p[2] = nmagic >> 24; 1933 p[3] = nmagic >> 16; 1934 p[4] = nmagic >> 8; 1935 p[5] = nmagic; 1936 break; 1937 1938 case LCP_OPT_ASYNC_MAP: 1939 /* Async control character map -- check to be zero. */ 1940 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 1941 if (debug) 1942 addlog("[empty] "); 1943 continue; 1944 } 1945 if (debug) 1946 addlog("[non-empty] "); 1947 /* suggest a zero one */ 1948 p[2] = p[3] = p[4] = p[5] = 0; 1949 break; 1950 1951 case LCP_OPT_MRU: 1952 /* 1953 * Maximum receive unit. Always agreeable, 1954 * but ignored by now. 1955 */ 1956 sp->lcp.their_mru = p[2] * 256 + p[3]; 1957 if (debug) 1958 addlog("%d ", sp->lcp.their_mru); 1959 continue; 1960 1961 case LCP_OPT_AUTH_PROTO: 1962 authproto = (p[2] << 8) + p[3]; 1963 if (sp->myauth.proto != authproto) { 1964 /* not agreed, nak */ 1965 if (debug) 1966 addlog("[mine %s != his %s] ", 1967 sppp_proto_name(sp->hisauth.proto), 1968 sppp_proto_name(authproto)); 1969 p[2] = sp->myauth.proto >> 8; 1970 p[3] = sp->myauth.proto; 1971 break; 1972 } 1973 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 1974 if (debug) 1975 addlog("[chap not MD5] "); 1976 p[4] == CHAP_MD5; 1977 break; 1978 } 1979 continue; 1980 } 1981 /* Add the option to nak'ed list. */ 1982 bcopy (p, r, p[1]); 1983 r += p[1]; 1984 rlen += p[1]; 1985 } 1986 if (rlen) { 1987 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 1988 if (debug) 1989 addlog(" max_failure (%d) exceeded, " 1990 "send conf-rej\n", 1991 sp->lcp.max_failure); 1992 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 1993 } else { 1994 if (debug) 1995 addlog(" send conf-nak\n"); 1996 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 1997 } 1998 return 0; 1999 } else { 2000 if (debug) 2001 addlog(" send conf-ack\n"); 2002 sp->fail_counter[IDX_LCP] = 0; 2003 sp->pp_loopcnt = 0; 2004 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2005 h->ident, origlen, h+1); 2006 } 2007 2008 free (buf, M_TEMP); 2009 return (rlen == 0); 2010} 2011 2012/* 2013 * Analyze the LCP Configure-Reject option list, and adjust our 2014 * negotiation. 2015 */ 2016static void 2017sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2018{ 2019 STDDCL; 2020 u_char *buf, *p; 2021 2022 len -= 4; 2023 buf = malloc (len, M_TEMP, M_NOWAIT); 2024 if (!buf) 2025 return; 2026 2027 if (debug) 2028 log(LOG_DEBUG, "%s%d: lcp rej opts: ", 2029 ifp->if_name, ifp->if_unit); 2030 2031 p = (void*) (h+1); 2032 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2033 if (debug) 2034 addlog(" %s ", sppp_lcp_opt_name(*p)); 2035 switch (*p) { 2036 case LCP_OPT_MAGIC: 2037 /* Magic number -- can't use it, use 0 */ 2038 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2039 sp->lcp.magic = 0; 2040 break; 2041 case LCP_OPT_MRU: 2042 /* 2043 * Should not be rejected anyway, since we only 2044 * negotiate a MRU if explicitly requested by 2045 * peer. 2046 */ 2047 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2048 break; 2049 case LCP_OPT_AUTH_PROTO: 2050 /* 2051 * Peer doesn't want to authenticate himself, 2052 * deny unless this is a dialout call, and 2053 * AUTHFLAG_NOCALLOUT is set. 2054 */ 2055 if ((sp->pp_flags & PP_CALLIN) == 0 && 2056 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2057 if (debug) 2058 addlog("[don't insist on auth " 2059 "for callout]"); 2060 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2061 break; 2062 } 2063 if (debug) 2064 addlog("[access denied]\n"); 2065 lcp.Close(sp); 2066 break; 2067 } 2068 } 2069 if (debug) 2070 addlog("\n"); 2071 free (buf, M_TEMP); 2072 return; 2073} 2074 2075/* 2076 * Analyze the LCP Configure-NAK option list, and adjust our 2077 * negotiation. 2078 */ 2079static void 2080sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2081{ 2082 STDDCL; 2083 u_char *buf, *p; 2084 u_long magic; 2085 2086 len -= 4; 2087 buf = malloc (len, M_TEMP, M_NOWAIT); 2088 if (!buf) 2089 return; 2090 2091 if (debug) 2092 log(LOG_DEBUG, "%s%d: lcp nak opts: ", 2093 ifp->if_name, ifp->if_unit); 2094 2095 p = (void*) (h+1); 2096 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2097 if (debug) 2098 addlog(" %s ", sppp_lcp_opt_name(*p)); 2099 switch (*p) { 2100 case LCP_OPT_MAGIC: 2101 /* Magic number -- renegotiate */ 2102 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2103 len >= 6 && p[1] == 6) { 2104 magic = (u_long)p[2] << 24 | 2105 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2106 /* 2107 * If the remote magic is our negated one, 2108 * this looks like a loopback problem. 2109 * Suggest a new magic to make sure. 2110 */ 2111 if (magic == ~sp->lcp.magic) { 2112 if (debug) 2113 addlog("magic glitch "); 2114 sp->lcp.magic += time.tv_sec + time.tv_usec; 2115 } else { 2116 sp->lcp.magic = magic; 2117 if (debug) 2118 addlog("%d "); 2119 } 2120 } 2121 break; 2122 case LCP_OPT_MRU: 2123 /* 2124 * Peer wants to advise us to negotiate an MRU. 2125 * Agree on it if it's reasonable, or use 2126 * default otherwise. 2127 */ 2128 if (len >= 4 && p[1] == 4) { 2129 u_int mru = p[2] * 256 + p[3]; 2130 if (debug) 2131 addlog("%d ", mru); 2132 if (mru < PP_MTU || mru > PP_MAX_MRU) 2133 mru = PP_MTU; 2134 sp->lcp.mru = mru; 2135 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2136 } 2137 break; 2138 case LCP_OPT_AUTH_PROTO: 2139 /* 2140 * Peer doesn't like our authentication method, 2141 * deny. 2142 */ 2143 if (debug) 2144 addlog("[access denied]\n"); 2145 lcp.Close(sp); 2146 break; 2147 } 2148 } 2149 if (debug) 2150 addlog("\n"); 2151 free (buf, M_TEMP); 2152 return; 2153} 2154 2155static void 2156sppp_lcp_tlu(struct sppp *sp) 2157{ 2158 STDDCL; 2159 int i; 2160 u_long mask; 2161 2162 /* XXX ? */ 2163 if (! (ifp->if_flags & IFF_UP) && 2164 (ifp->if_flags & IFF_RUNNING)) { 2165 /* Coming out of loopback mode. */ 2166 if_up(ifp); 2167 printf ("%s%d: up\n", ifp->if_name, ifp->if_unit); 2168 } 2169 2170 for (i = 0; i < IDX_COUNT; i++) 2171 if ((cps[i])->flags & CP_QUAL) 2172 (cps[i])->Open(sp); 2173 2174 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2175 (sp->pp_flags & PP_NEEDAUTH) != 0) 2176 sp->pp_phase = PHASE_AUTHENTICATE; 2177 else 2178 sp->pp_phase = PHASE_NETWORK; 2179 2180 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit, 2181 sppp_phase_name(sp->pp_phase)); 2182 2183 /* 2184 * Open all authentication protocols. This is even required 2185 * if we already proceeded to network phase, since it might be 2186 * that remote wants us to authenticate, so we might have to 2187 * send a PAP request. Undesired authentication protocols 2188 * don't do anything when they get an Open event. 2189 */ 2190 for (i = 0; i < IDX_COUNT; i++) 2191 if ((cps[i])->flags & CP_AUTH) 2192 (cps[i])->Open(sp); 2193 2194 if (sp->pp_phase == PHASE_NETWORK) { 2195 /* Notify all NCPs. */ 2196 for (i = 0; i < IDX_COUNT; i++) 2197 if ((cps[i])->flags & CP_NCP) 2198 (cps[i])->Open(sp); 2199 } 2200 2201 /* Send Up events to all started protos. */ 2202 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2203 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2204 (cps[i])->Up(sp); 2205 2206 if (sp->pp_phase == PHASE_NETWORK) 2207 /* if no NCP is starting, close down */ 2208 sppp_lcp_check_and_close(sp); 2209} 2210 2211static void 2212sppp_lcp_tld(struct sppp *sp) 2213{ 2214 STDDCL; 2215 int i; 2216 u_long mask; 2217 2218 sp->pp_phase = PHASE_TERMINATE; 2219 2220 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit, 2221 sppp_phase_name(sp->pp_phase)); 2222 2223 /* 2224 * Take upper layers down. We send the Down event first and 2225 * the Close second to prevent the upper layers from sending 2226 * ``a flurry of terminate-request packets'', as the RFC 2227 * describes it. 2228 */ 2229 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2230 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2231 (cps[i])->Down(sp); 2232 (cps[i])->Close(sp); 2233 } 2234} 2235 2236static void 2237sppp_lcp_tls(struct sppp *sp) 2238{ 2239 STDDCL; 2240 2241 sp->pp_phase = PHASE_ESTABLISH; 2242 2243 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit, 2244 sppp_phase_name(sp->pp_phase)); 2245 2246 /* Notify lower layer if desired. */ 2247 if (sp->pp_tls) 2248 (sp->pp_tls)(sp); 2249} 2250 2251static void 2252sppp_lcp_tlf(struct sppp *sp) 2253{ 2254 STDDCL; 2255 2256 sp->pp_phase = PHASE_DEAD; 2257 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit, 2258 sppp_phase_name(sp->pp_phase)); 2259 2260 /* Notify lower layer if desired. */ 2261 if (sp->pp_tlf) 2262 (sp->pp_tlf)(sp); 2263} 2264 2265static void 2266sppp_lcp_scr(struct sppp *sp) 2267{ 2268 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2269 int i = 0; 2270 u_short authproto; 2271 2272 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2273 if (! sp->lcp.magic) 2274 sp->lcp.magic = time.tv_sec + time.tv_usec; 2275 opt[i++] = LCP_OPT_MAGIC; 2276 opt[i++] = 6; 2277 opt[i++] = sp->lcp.magic >> 24; 2278 opt[i++] = sp->lcp.magic >> 16; 2279 opt[i++] = sp->lcp.magic >> 8; 2280 opt[i++] = sp->lcp.magic; 2281 } 2282 2283 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2284 opt[i++] = LCP_OPT_MRU; 2285 opt[i++] = 4; 2286 opt[i++] = sp->lcp.mru >> 8; 2287 opt[i++] = sp->lcp.mru; 2288 } 2289 2290 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2291 authproto = sp->hisauth.proto; 2292 opt[i++] = LCP_OPT_AUTH_PROTO; 2293 opt[i++] = authproto == PPP_CHAP? 5: 4; 2294 opt[i++] = authproto >> 8; 2295 opt[i++] = authproto; 2296 if (authproto == PPP_CHAP) 2297 opt[i++] = CHAP_MD5; 2298 } 2299 2300 sp->confid[IDX_LCP] = ++sp->pp_seq; 2301 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2302} 2303 2304/* 2305 * Check the open NCPs, return true if at least one NCP is open. 2306 */ 2307static int 2308sppp_ncp_check(struct sppp *sp) 2309{ 2310 int i, mask; 2311 2312 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2313 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2314 return 1; 2315 return 0; 2316} 2317 2318/* 2319 * Re-check the open NCPs and see if we should terminate the link. 2320 * Called by the NCPs during their tlf action handling. 2321 */ 2322static void 2323sppp_lcp_check_and_close(struct sppp *sp) 2324{ 2325 2326 if (sp->pp_phase < PHASE_NETWORK) 2327 /* don't bother, we are already going down */ 2328 return; 2329 2330 if (sppp_ncp_check(sp)) 2331 return; 2332 2333 lcp.Close(sp); 2334} 2335/* 2336 *--------------------------------------------------------------------------* 2337 * * 2338 * The IPCP implementation. * 2339 * * 2340 *--------------------------------------------------------------------------* 2341 */ 2342 2343static void 2344sppp_ipcp_init(struct sppp *sp) 2345{ 2346 sp->ipcp.opts = 0; 2347 sp->ipcp.flags = 0; 2348 sp->state[IDX_IPCP] = STATE_INITIAL; 2349 sp->fail_counter[IDX_IPCP] = 0; 2350 callout_handle_init(&sp->ch[IDX_IPCP]); 2351} 2352 2353static void 2354sppp_ipcp_up(struct sppp *sp) 2355{ 2356 sppp_up_event(&ipcp, sp); 2357} 2358 2359static void 2360sppp_ipcp_down(struct sppp *sp) 2361{ 2362 sppp_down_event(&ipcp, sp); 2363} 2364 2365static void 2366sppp_ipcp_open(struct sppp *sp) 2367{ 2368 STDDCL; 2369 u_long myaddr, hisaddr; 2370 2371 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2372 /* 2373 * If we don't have his address, this probably means our 2374 * interface doesn't want to talk IP at all. (This could 2375 * be the case if somebody wants to speak only IPX, for 2376 * example.) Don't open IPCP in this case. 2377 */ 2378 if (hisaddr == 0L) { 2379 /* XXX this message should go away */ 2380 if (debug) 2381 log(LOG_DEBUG, "%s%d: ipcp_open(): no IP interface\n", 2382 ifp->if_name, ifp->if_unit); 2383 return; 2384 } 2385 2386 if (myaddr == 0L) { 2387 /* 2388 * I don't have an assigned address, so i need to 2389 * negotiate my address. 2390 */ 2391 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2392 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2393 } 2394 sppp_open_event(&ipcp, sp); 2395} 2396 2397static void 2398sppp_ipcp_close(struct sppp *sp) 2399{ 2400 sppp_close_event(&ipcp, sp); 2401 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2402 /* 2403 * My address was dynamic, clear it again. 2404 */ 2405 sppp_set_ip_addr(sp, 0L); 2406} 2407 2408static void 2409sppp_ipcp_TO(void *cookie) 2410{ 2411 sppp_to_event(&ipcp, (struct sppp *)cookie); 2412} 2413 2414/* 2415 * Analyze a configure request. Return true if it was agreeable, and 2416 * caused action sca, false if it has been rejected or nak'ed, and 2417 * caused action scn. (The return value is used to make the state 2418 * transition decision in the state automaton.) 2419 */ 2420static int 2421sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2422{ 2423 u_char *buf, *r, *p; 2424 struct ifnet *ifp = &sp->pp_if; 2425 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2426 u_long hisaddr, desiredaddr; 2427 2428 len -= 4; 2429 origlen = len; 2430 /* 2431 * Make sure to allocate a buf that can at least hold a 2432 * conf-nak with an `address' option. We might need it below. 2433 */ 2434 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2435 if (! buf) 2436 return (0); 2437 2438 /* pass 1: see if we can recognize them */ 2439 if (debug) 2440 log(LOG_DEBUG, "%s%d: ipcp parse opts: ", 2441 ifp->if_name, ifp->if_unit); 2442 p = (void*) (h+1); 2443 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2444 if (debug) 2445 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2446 switch (*p) { 2447#ifdef notyet 2448 case IPCP_OPT_COMPRESSION: 2449 if (len >= 6 && p[1] >= 6) { 2450 /* correctly formed compress option */ 2451 continue; 2452 } 2453 if (debug) 2454 addlog("[invalid] "); 2455 break; 2456#endif 2457 case IPCP_OPT_ADDRESS: 2458 if (len >= 6 && p[1] == 6) { 2459 /* correctly formed address option */ 2460 continue; 2461 } 2462 if (debug) 2463 addlog("[invalid] "); 2464 break; 2465 default: 2466 /* Others not supported. */ 2467 if (debug) 2468 addlog("[rej] "); 2469 break; 2470 } 2471 /* Add the option to rejected list. */ 2472 bcopy (p, r, p[1]); 2473 r += p[1]; 2474 rlen += p[1]; 2475 } 2476 if (rlen) { 2477 if (debug) 2478 addlog(" send conf-rej\n"); 2479 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2480 return 0; 2481 } else if (debug) 2482 addlog("\n"); 2483 2484 /* pass 2: parse option values */ 2485 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2486 if (debug) 2487 log(LOG_DEBUG, "%s%d: ipcp parse opt values: ", 2488 ifp->if_name, ifp->if_unit); 2489 p = (void*) (h+1); 2490 len = origlen; 2491 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2492 if (debug) 2493 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2494 switch (*p) { 2495#ifdef notyet 2496 case IPCP_OPT_COMPRESSION: 2497 continue; 2498#endif 2499 case IPCP_OPT_ADDRESS: 2500 desiredaddr = p[2] << 24 | p[3] << 16 | 2501 p[4] << 8 | p[5]; 2502 if (desiredaddr == hisaddr) { 2503 /* 2504 * Peer's address is same as our value, 2505 * this is agreeable. Gonna conf-ack 2506 * it. 2507 */ 2508 if (debug) 2509 addlog("%s [ack] ", 2510 sppp_dotted_quad(hisaddr)); 2511 /* record that we've seen it already */ 2512 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2513 continue; 2514 } 2515 /* 2516 * The address wasn't agreeable. This is either 2517 * he sent us 0.0.0.0, asking to assign him an 2518 * address, or he send us another address not 2519 * matching our value. Either case, we gonna 2520 * conf-nak it with our value. 2521 */ 2522 if (debug) { 2523 if (desiredaddr == 0) 2524 addlog("[addr requested] "); 2525 else 2526 addlog("%s [not agreed] ", 2527 sppp_dotted_quad(desiredaddr)); 2528 2529 p[2] = hisaddr >> 24; 2530 p[3] = hisaddr >> 16; 2531 p[4] = hisaddr >> 8; 2532 p[5] = hisaddr; 2533 } 2534 break; 2535 } 2536 /* Add the option to nak'ed list. */ 2537 bcopy (p, r, p[1]); 2538 r += p[1]; 2539 rlen += p[1]; 2540 } 2541 2542 /* 2543 * If we are about to conf-ack the request, but haven't seen 2544 * his address so far, gonna conf-nak it instead, with the 2545 * `address' option present and our idea of his address being 2546 * filled in there, to request negotiation of both addresses. 2547 * 2548 * XXX This can result in an endless req - nak loop if peer 2549 * doesn't want to send us his address. Q: What should we do 2550 * about it? XXX A: implement the max-failure counter. 2551 */ 2552 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) { 2553 buf[0] = IPCP_OPT_ADDRESS; 2554 buf[1] = 6; 2555 buf[2] = hisaddr >> 24; 2556 buf[3] = hisaddr >> 16; 2557 buf[4] = hisaddr >> 8; 2558 buf[5] = hisaddr; 2559 rlen = 6; 2560 if (debug) 2561 addlog("still need hisaddr "); 2562 } 2563 2564 if (rlen) { 2565 if (debug) 2566 addlog(" send conf-nak\n"); 2567 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2568 } else { 2569 if (debug) 2570 addlog(" send conf-ack\n"); 2571 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2572 h->ident, origlen, h+1); 2573 } 2574 2575 free (buf, M_TEMP); 2576 return (rlen == 0); 2577} 2578 2579/* 2580 * Analyze the IPCP Configure-Reject option list, and adjust our 2581 * negotiation. 2582 */ 2583static void 2584sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2585{ 2586 u_char *buf, *p; 2587 struct ifnet *ifp = &sp->pp_if; 2588 int debug = ifp->if_flags & IFF_DEBUG; 2589 2590 len -= 4; 2591 buf = malloc (len, M_TEMP, M_NOWAIT); 2592 if (!buf) 2593 return; 2594 2595 if (debug) 2596 log(LOG_DEBUG, "%s%d: ipcp rej opts: ", 2597 ifp->if_name, ifp->if_unit); 2598 2599 p = (void*) (h+1); 2600 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2601 if (debug) 2602 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2603 switch (*p) { 2604 case IPCP_OPT_ADDRESS: 2605 /* 2606 * Peer doesn't grok address option. This is 2607 * bad. XXX Should we better give up here? 2608 */ 2609 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 2610 break; 2611#ifdef notyet 2612 case IPCP_OPT_COMPRESS: 2613 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 2614 break; 2615#endif 2616 } 2617 } 2618 if (debug) 2619 addlog("\n"); 2620 free (buf, M_TEMP); 2621 return; 2622} 2623 2624/* 2625 * Analyze the IPCP Configure-NAK option list, and adjust our 2626 * negotiation. 2627 */ 2628static void 2629sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2630{ 2631 u_char *buf, *p; 2632 struct ifnet *ifp = &sp->pp_if; 2633 int debug = ifp->if_flags & IFF_DEBUG; 2634 u_long wantaddr; 2635 2636 len -= 4; 2637 buf = malloc (len, M_TEMP, M_NOWAIT); 2638 if (!buf) 2639 return; 2640 2641 if (debug) 2642 log(LOG_DEBUG, "%s%d: ipcp nak opts: ", 2643 ifp->if_name, ifp->if_unit); 2644 2645 p = (void*) (h+1); 2646 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2647 if (debug) 2648 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2649 switch (*p) { 2650 case IPCP_OPT_ADDRESS: 2651 /* 2652 * Peer doesn't like our local IP address. See 2653 * if we can do something for him. We'll drop 2654 * him our address then. 2655 */ 2656 if (len >= 6 && p[1] == 6) { 2657 wantaddr = p[2] << 24 | p[3] << 16 | 2658 p[4] << 8 | p[5]; 2659 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2660 if (debug) 2661 addlog("[wantaddr %s] ", 2662 sppp_dotted_quad(wantaddr)); 2663 /* 2664 * When doing dynamic address assignment, 2665 * we accept his offer. Otherwise, we 2666 * ignore it and thus continue to negotiate 2667 * our already existing value. 2668 */ 2669 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 2670 sppp_set_ip_addr(sp, wantaddr); 2671 if (debug) 2672 addlog("[agree] "); 2673 } 2674 } 2675 break; 2676#ifdef notyet 2677 case IPCP_OPT_COMPRESS: 2678 /* 2679 * Peer wants different compression parameters. 2680 */ 2681 break; 2682#endif 2683 } 2684 } 2685 if (debug) 2686 addlog("\n"); 2687 free (buf, M_TEMP); 2688 return; 2689} 2690 2691static void 2692sppp_ipcp_tlu(struct sppp *sp) 2693{ 2694} 2695 2696static void 2697sppp_ipcp_tld(struct sppp *sp) 2698{ 2699} 2700 2701static void 2702sppp_ipcp_tls(struct sppp *sp) 2703{ 2704 /* indicate to LCP that it must stay alive */ 2705 sp->lcp.protos |= (1 << IDX_IPCP); 2706} 2707 2708static void 2709sppp_ipcp_tlf(struct sppp *sp) 2710{ 2711 /* we no longer need LCP */ 2712 sp->lcp.protos &= ~(1 << IDX_IPCP); 2713 sppp_lcp_check_and_close(sp); 2714} 2715 2716static void 2717sppp_ipcp_scr(struct sppp *sp) 2718{ 2719 char opt[6 /* compression */ + 6 /* address */]; 2720 u_long ouraddr; 2721 int i = 0; 2722 2723#ifdef notyet 2724 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 2725 opt[i++] = IPCP_OPT_COMPRESSION; 2726 opt[i++] = 6; 2727 opt[i++] = 0; /* VJ header compression */ 2728 opt[i++] = 0x2d; /* VJ header compression */ 2729 opt[i++] = max_slot_id; 2730 opt[i++] = comp_slot_id; 2731 } 2732#endif 2733 2734 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 2735 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 2736 opt[i++] = IPCP_OPT_ADDRESS; 2737 opt[i++] = 6; 2738 opt[i++] = ouraddr >> 24; 2739 opt[i++] = ouraddr >> 16; 2740 opt[i++] = ouraddr >> 8; 2741 opt[i++] = ouraddr; 2742 } 2743 2744 sp->confid[IDX_IPCP] = ++sp->pp_seq; 2745 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 2746} 2747 2748 2749/* 2750 *--------------------------------------------------------------------------* 2751 * * 2752 * The CHAP implementation. * 2753 * * 2754 *--------------------------------------------------------------------------* 2755 */ 2756 2757/* 2758 * The authentication protocols don't employ a full-fledged state machine as 2759 * the control protocols do, since they do have Open and Close events, but 2760 * not Up and Down, nor are they explicitly terminated. Also, use of the 2761 * authentication protocols may be different in both directions (this makes 2762 * sense, think of a machine that never accepts incoming calls but only 2763 * calls out, it doesn't require the called party to authenticate itself). 2764 * 2765 * Our state machine for the local authentication protocol (we are requesting 2766 * the peer to authenticate) looks like: 2767 * 2768 * RCA- 2769 * +--------------------------------------------+ 2770 * V scn,tld| 2771 * +--------+ Close +---------+ RCA+ 2772 * | |<----------------------------------| |------+ 2773 * +--->| Closed | TO* | Opened | sca | 2774 * | | |-----+ +-------| |<-----+ 2775 * | +--------+ irc | | +---------+ 2776 * | ^ | | ^ 2777 * | | | | | 2778 * | | | | | 2779 * | TO-| | | | 2780 * | |tld TO+ V | | 2781 * | | +------->+ | | 2782 * | | | | | | 2783 * | +--------+ V | | 2784 * | | |<----+<--------------------+ | 2785 * | | Req- | scr | 2786 * | | Sent | | 2787 * | | | | 2788 * | +--------+ | 2789 * | RCA- | | RCA+ | 2790 * +------+ +------------------------------------------+ 2791 * scn,tld sca,irc,ict,tlu 2792 * 2793 * 2794 * with: 2795 * 2796 * Open: LCP reached authentication phase 2797 * Close: LCP reached terminate phase 2798 * 2799 * RCA+: received reply (pap-req, chap-response), acceptable 2800 * RCN: received reply (pap-req, chap-response), not acceptable 2801 * TO+: timeout with restart counter >= 0 2802 * TO-: timeout with restart counter < 0 2803 * TO*: reschedule timeout for CHAP 2804 * 2805 * scr: send request packet (none for PAP, chap-challenge) 2806 * sca: send ack packet (pap-ack, chap-success) 2807 * scn: send nak packet (pap-nak, chap-failure) 2808 * ict: initialize re-challenge timer (CHAP only) 2809 * 2810 * tlu: this-layer-up, LCP reaches network phase 2811 * tld: this-layer-down, LCP enters terminate phase 2812 * 2813 * Note that in CHAP mode, after sending a new challenge, while the state 2814 * automaton falls back into Req-Sent state, it doesn't signal a tld 2815 * event to LCP, so LCP remains in network phase. Only after not getting 2816 * any response (or after getting an unacceptable response), CHAP closes, 2817 * causing LCP to enter terminate phase. 2818 * 2819 * With PAP, there is no initial request that can be sent. The peer is 2820 * expected to send one based on the successful negotiation of PAP as 2821 * the authentication protocol during the LCP option negotiation. 2822 * 2823 * Incoming authentication protocol requests (remote requests 2824 * authentication, we are peer) don't employ a state machine at all, 2825 * they are simply answered. Some peers [Ascend P50 firmware rev 2826 * 4.50] react allergically when sending IPCP requests while they are 2827 * still in authentication phase (thereby violating the standard that 2828 * demands that these NCP packets are to be discarded), so we keep 2829 * track of the peer demanding us to authenticate, and only proceed to 2830 * phase network once we've seen a positive acknowledge for the 2831 * authentication. 2832 */ 2833 2834/* 2835 * Handle incoming CHAP packets. 2836 */ 2837void 2838sppp_chap_input(struct sppp *sp, struct mbuf *m) 2839{ 2840 STDDCL; 2841 struct lcp_header *h; 2842 int len, x; 2843 u_char *value, *name, digest[AUTHKEYLEN], dsize; 2844 int value_len, name_len; 2845 MD5_CTX ctx; 2846 2847 len = m->m_pkthdr.len; 2848 if (len < 4) { 2849 if (debug) 2850 log(LOG_DEBUG, 2851 "%s%d: chap invalid packet length: %d bytes\n", 2852 ifp->if_name, ifp->if_unit, len); 2853 return; 2854 } 2855 h = mtod (m, struct lcp_header*); 2856 if (len > ntohs (h->len)) 2857 len = ntohs (h->len); 2858 2859 switch (h->type) { 2860 /* challenge, failure and success are his authproto */ 2861 case CHAP_CHALLENGE: 2862 value = 1 + (u_char*)(h+1); 2863 value_len = value[-1]; 2864 name = value + value_len; 2865 name_len = len - value_len - 5; 2866 if (name_len < 0) { 2867 if (debug) { 2868 log(LOG_DEBUG, 2869 "%s%d: chap corrupted challenge " 2870 "<%s id=0x%x len=%d", 2871 ifp->if_name, ifp->if_unit, 2872 sppp_auth_type_name(PPP_CHAP, h->type), 2873 h->ident, ntohs(h->len)); 2874 if (len > 4) 2875 sppp_print_bytes((u_char*) (h+1), len-4); 2876 addlog(">\n"); 2877 } 2878 break; 2879 } 2880 2881 if (debug) { 2882 log(LOG_DEBUG, 2883 "%s%d: chap input <%s id=0x%x len=%d name=", 2884 ifp->if_name, ifp->if_unit, 2885 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 2886 ntohs(h->len)); 2887 sppp_print_string((char*) name, name_len); 2888 addlog(" value-size=%d value=", value_len); 2889 sppp_print_bytes(value, value_len); 2890 addlog(">\n"); 2891 } 2892 2893 /* Compute reply value. */ 2894 MD5Init(&ctx); 2895 MD5Update(&ctx, &h->ident, 1); 2896 MD5Update(&ctx, sp->myauth.secret, 2897 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 2898 MD5Update(&ctx, value, value_len); 2899 MD5Final(digest, &ctx); 2900 dsize = sizeof digest; 2901 2902 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 2903 sizeof dsize, (const char *)&dsize, 2904 sizeof digest, digest, 2905 sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 2906 sp->myauth.name, 2907 0); 2908 break; 2909 2910 case CHAP_SUCCESS: 2911 if (debug) { 2912 log(LOG_DEBUG, "%s%d: chap success", 2913 ifp->if_name, ifp->if_unit); 2914 if (len > 4) { 2915 addlog(": "); 2916 sppp_print_string((char*)(h + 1), len - 4); 2917 } 2918 addlog("\n"); 2919 } 2920 x = splimp(); 2921 sp->pp_flags &= ~PP_NEEDAUTH; 2922 if (sp->myauth.proto == PPP_CHAP && 2923 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 2924 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 2925 /* 2926 * We are authenticator for CHAP but didn't 2927 * complete yet. Leave it to tlu to proceed 2928 * to network phase. 2929 */ 2930 splx(x); 2931 break; 2932 } 2933 splx(x); 2934 sppp_phase_network(sp); 2935 break; 2936 2937 case CHAP_FAILURE: 2938 if (debug) { 2939 log(LOG_INFO, "%s%d: chap failure", 2940 ifp->if_name, ifp->if_unit); 2941 if (len > 4) { 2942 addlog(": "); 2943 sppp_print_string((char*)(h + 1), len - 4); 2944 } 2945 addlog("\n"); 2946 } else 2947 log(LOG_INFO, "%s%d: chap failure\n", 2948 ifp->if_name, ifp->if_unit); 2949 /* await LCP shutdown by authenticator */ 2950 break; 2951 2952 /* response is my authproto */ 2953 case CHAP_RESPONSE: 2954 value = 1 + (u_char*)(h+1); 2955 value_len = value[-1]; 2956 name = value + value_len; 2957 name_len = len - value_len - 5; 2958 if (name_len < 0) { 2959 if (debug) { 2960 log(LOG_DEBUG, 2961 "%s%d: chap corrupted response " 2962 "<%s id=0x%x len=%d", 2963 ifp->if_name, ifp->if_unit, 2964 sppp_auth_type_name(PPP_CHAP, h->type), 2965 h->ident, ntohs(h->len)); 2966 if (len > 4) 2967 sppp_print_bytes((u_char*)(h+1), len-4); 2968 addlog(">\n"); 2969 } 2970 break; 2971 } 2972 if (h->ident != sp->confid[IDX_CHAP]) { 2973 if (debug) 2974 log(LOG_DEBUG, 2975 "%s%d: chap dropping response for old ID " 2976 "(got %d, expected %d)\n", 2977 h->ident, sp->confid[IDX_CHAP]); 2978 break; 2979 } 2980 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 2981 || bcmp(name, sp->hisauth.name, name_len) != 0) { 2982 log(LOG_INFO, "%s%d: chap response, his name ", 2983 ifp->if_name, ifp->if_unit); 2984 sppp_print_string(name, name_len); 2985 addlog(" != expected "); 2986 sppp_print_string(sp->hisauth.name, 2987 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 2988 addlog("\n"); 2989 } 2990 if (debug) { 2991 log(LOG_DEBUG, "%s%d: chap input(%s) " 2992 "<%s id=0x%x len=%d name=", 2993 ifp->if_name, ifp->if_unit, 2994 sppp_state_name(sp->state[IDX_CHAP]), 2995 sppp_auth_type_name(PPP_CHAP, h->type), 2996 h->ident, ntohs (h->len)); 2997 sppp_print_string((char*)name, name_len); 2998 addlog(" value-size=%d value=", value_len); 2999 sppp_print_bytes(value, value_len); 3000 addlog(">\n"); 3001 } 3002 if (value_len != AUTHKEYLEN) { 3003 if (debug) 3004 log(LOG_DEBUG, 3005 "%s%d: chap bad hash value length: " 3006 "%d bytes, should be %d\n", 3007 ifp->if_name, ifp->if_unit, value_len, 3008 AUTHKEYLEN); 3009 break; 3010 } 3011 3012 MD5Init(&ctx); 3013 MD5Update(&ctx, &h->ident, 1); 3014 MD5Update(&ctx, sp->hisauth.secret, 3015 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 3016 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 3017 MD5Final(digest, &ctx); 3018 3019#define FAILMSG "Failed..." 3020#define SUCCMSG "Welcome!" 3021 3022 if (value_len != sizeof digest || 3023 bcmp(digest, value, value_len) != 0) { 3024 /* action scn, tld */ 3025 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3026 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3027 0); 3028 chap.tld(sp); 3029 break; 3030 } 3031 /* action sca, perhaps tlu */ 3032 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3033 sp->state[IDX_CHAP] == STATE_OPENED) 3034 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3035 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3036 0); 3037 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3038 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3039 chap.tlu(sp); 3040 } 3041 break; 3042 3043 default: 3044 /* Unknown CHAP packet type -- ignore. */ 3045 if (debug) { 3046 log(LOG_DEBUG, "%s%d: chap unknown input(%s) " 3047 "<0x%x id=0x%xh len=%d", 3048 ifp->if_name, ifp->if_unit, 3049 sppp_state_name(sp->state[IDX_CHAP]), 3050 h->type, h->ident, ntohs(h->len)); 3051 if (len > 4) 3052 sppp_print_bytes((u_char*)(h+1), len-4); 3053 addlog(">\n"); 3054 } 3055 break; 3056 3057 } 3058} 3059 3060static void 3061sppp_chap_init(struct sppp *sp) 3062{ 3063 /* Chap doesn't have STATE_INITIAL at all. */ 3064 sp->state[IDX_CHAP] = STATE_CLOSED; 3065 sp->fail_counter[IDX_CHAP] = 0; 3066 callout_handle_init(&sp->ch[IDX_CHAP]); 3067} 3068 3069static void 3070sppp_chap_open(struct sppp *sp) 3071{ 3072 if (sp->myauth.proto == PPP_CHAP && 3073 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3074 /* we are authenticator for CHAP, start it */ 3075 chap.scr(sp); 3076 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3077 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3078 } 3079 /* nothing to be done if we are peer, await a challenge */ 3080} 3081 3082static void 3083sppp_chap_close(struct sppp *sp) 3084{ 3085 if (sp->state[IDX_CHAP] != STATE_CLOSED) 3086 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3087} 3088 3089static void 3090sppp_chap_TO(void *cookie) 3091{ 3092 struct sppp *sp = (struct sppp *)cookie; 3093 STDDCL; 3094 int s; 3095 3096 s = splimp(); 3097 if (debug) 3098 log(LOG_DEBUG, "%s%d: chap TO(%s) rst_counter = %d\n", 3099 ifp->if_name, ifp->if_unit, 3100 sppp_state_name(sp->state[IDX_CHAP]), 3101 sp->rst_counter[IDX_CHAP]); 3102 3103 if (--sp->rst_counter[IDX_CHAP] < 0) 3104 /* TO- event */ 3105 switch (sp->state[IDX_CHAP]) { 3106 case STATE_REQ_SENT: 3107 chap.tld(sp); 3108 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3109 break; 3110 } 3111 else 3112 /* TO+ (or TO*) event */ 3113 switch (sp->state[IDX_CHAP]) { 3114 case STATE_OPENED: 3115 /* TO* event */ 3116 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3117 /* fall through */ 3118 case STATE_REQ_SENT: 3119 chap.scr(sp); 3120 /* sppp_cp_change_state() will restart the timer */ 3121 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3122 break; 3123 } 3124 3125 splx(s); 3126} 3127 3128static void 3129sppp_chap_tlu(struct sppp *sp) 3130{ 3131 STDDCL; 3132 int i, x; 3133 3134 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3135 3136 /* 3137 * Some broken CHAP implementations (Conware CoNet, firmware 3138 * 4.0.?) don't want to re-authenticate their CHAP once the 3139 * initial challenge-response exchange has taken place. 3140 * Provide for an option to avoid rechallenges. 3141 */ 3142 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 3143 /* 3144 * Compute the re-challenge timeout. This will yield 3145 * a number between 300 and 810 seconds. 3146 */ 3147 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 3148 3149 sp->ch[IDX_CHAP] = timeout(chap.TO, (void *)sp, i * hz); 3150 } 3151 3152 if (debug) { 3153 log(LOG_DEBUG, 3154 "%s%d: chap %s, ", 3155 ifp->if_name, ifp->if_unit, 3156 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 3157 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 3158 addlog("next re-challenge in %d seconds\n", i); 3159 else 3160 addlog("re-challenging supressed\n"); 3161 } 3162 3163 x = splimp(); 3164 /* indicate to LCP that we need to be closed down */ 3165 sp->lcp.protos |= (1 << IDX_CHAP); 3166 3167 if (sp->pp_flags & PP_NEEDAUTH) { 3168 /* 3169 * Remote is authenticator, but his auth proto didn't 3170 * complete yet. Defer the transition to network 3171 * phase. 3172 */ 3173 splx(x); 3174 return; 3175 } 3176 splx(x); 3177 3178 /* 3179 * If we are already in phase network, we are done here. This 3180 * is the case if this is a dummy tlu event after a re-challenge. 3181 */ 3182 if (sp->pp_phase != PHASE_NETWORK) 3183 sppp_phase_network(sp); 3184} 3185 3186static void 3187sppp_chap_tld(struct sppp *sp) 3188{ 3189 STDDCL; 3190 3191 if (debug) 3192 log(LOG_DEBUG, "%s%d: chap tld\n", ifp->if_name, ifp->if_unit); 3193 untimeout(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 3194 sp->lcp.protos &= ~(1 << IDX_CHAP); 3195 3196 lcp.Close(sp); 3197} 3198 3199static void 3200sppp_chap_scr(struct sppp *sp) 3201{ 3202 struct timeval tv; 3203 u_long *ch, seed; 3204 u_char clen; 3205 3206 /* Compute random challenge. */ 3207 ch = (u_long *)sp->myauth.challenge; 3208 microtime(&tv); 3209 seed = tv.tv_sec ^ tv.tv_usec; 3210 ch[0] = seed ^ random(); 3211 ch[1] = seed ^ random(); 3212 ch[2] = seed ^ random(); 3213 ch[3] = seed ^ random(); 3214 clen = AUTHKEYLEN; 3215 3216 sp->confid[IDX_CHAP] = ++sp->pp_seq; 3217 3218 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 3219 sizeof clen, (const char *)&clen, 3220 AUTHKEYLEN, sp->myauth.challenge, 3221 sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3222 sp->myauth.name, 3223 0); 3224} 3225/* 3226 *--------------------------------------------------------------------------* 3227 * * 3228 * The PAP implementation. * 3229 * * 3230 *--------------------------------------------------------------------------* 3231 */ 3232/* 3233 * For PAP, we need to keep a little state also if we are the peer, not the 3234 * authenticator. This is since we don't get a request to authenticate, but 3235 * have to repeatedly authenticate ourself until we got a response (or the 3236 * retry counter is expired). 3237 */ 3238 3239/* 3240 * Handle incoming PAP packets. */ 3241static void 3242sppp_pap_input(struct sppp *sp, struct mbuf *m) 3243{ 3244 STDDCL; 3245 struct lcp_header *h; 3246 int len, x; 3247 u_char *name, *passwd, mlen; 3248 int name_len, passwd_len; 3249 3250 len = m->m_pkthdr.len; 3251 if (len < 5) { 3252 if (debug) 3253 log(LOG_DEBUG, 3254 "%s%d: pap invalid packet length: %d bytes\n", 3255 ifp->if_name, ifp->if_unit, len); 3256 return; 3257 } 3258 h = mtod (m, struct lcp_header*); 3259 if (len > ntohs (h->len)) 3260 len = ntohs (h->len); 3261 switch (h->type) { 3262 /* PAP request is my authproto */ 3263 case PAP_REQ: 3264 name = 1 + (u_char*)(h+1); 3265 name_len = name[-1]; 3266 passwd = name + name_len + 1; 3267 if (name_len > len - 6 || 3268 (passwd_len = passwd[-1]) > len - 6 - name_len) { 3269 if (debug) { 3270 log(LOG_DEBUG, "%s%d: pap corrupted input " 3271 "<%s id=0x%x len=%d", 3272 ifp->if_name, ifp->if_unit, 3273 sppp_auth_type_name(PPP_PAP, h->type), 3274 h->ident, ntohs(h->len)); 3275 if (len > 4) 3276 sppp_print_bytes((u_char*)(h+1), len-4); 3277 addlog(">\n"); 3278 } 3279 break; 3280 } 3281 if (debug) { 3282 log(LOG_DEBUG, "%s%d: pap input(%s) " 3283 "<%s id=0x%x len=%d name=", 3284 ifp->if_name, ifp->if_unit, 3285 sppp_state_name(sp->state[IDX_PAP]), 3286 sppp_auth_type_name(PPP_PAP, h->type), 3287 h->ident, ntohs(h->len)); 3288 sppp_print_string((char*)name, name_len); 3289 addlog(" passwd="); 3290 sppp_print_string((char*)passwd, passwd_len); 3291 addlog(">\n"); 3292 } 3293 if (name_len > AUTHNAMELEN || 3294 passwd_len > AUTHKEYLEN || 3295 bcmp(name, sp->hisauth.name, name_len) != 0 || 3296 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 3297 /* action scn, tld */ 3298 mlen = sizeof(FAILMSG) - 1; 3299 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 3300 sizeof mlen, (const char *)&mlen, 3301 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3302 0); 3303 pap.tld(sp); 3304 break; 3305 } 3306 /* action sca, perhaps tlu */ 3307 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 3308 sp->state[IDX_PAP] == STATE_OPENED) { 3309 mlen = sizeof(SUCCMSG) - 1; 3310 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 3311 sizeof mlen, (const char *)&mlen, 3312 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3313 0); 3314 } 3315 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 3316 sppp_cp_change_state(&pap, sp, STATE_OPENED); 3317 pap.tlu(sp); 3318 } 3319 break; 3320 3321 /* ack and nak are his authproto */ 3322 case PAP_ACK: 3323 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3324 if (debug) { 3325 log(LOG_DEBUG, "%s%d: pap success", 3326 ifp->if_name, ifp->if_unit); 3327 name_len = *((char *)h); 3328 if (len > 5 && name_len) { 3329 addlog(": "); 3330 sppp_print_string((char*)(h+1), name_len); 3331 } 3332 addlog("\n"); 3333 } 3334 x = splimp(); 3335 sp->pp_flags &= ~PP_NEEDAUTH; 3336 if (sp->myauth.proto == PPP_PAP && 3337 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3338 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 3339 /* 3340 * We are authenticator for PAP but didn't 3341 * complete yet. Leave it to tlu to proceed 3342 * to network phase. 3343 */ 3344 splx(x); 3345 break; 3346 } 3347 splx(x); 3348 sppp_phase_network(sp); 3349 break; 3350 3351 case PAP_NAK: 3352 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3353 if (debug) { 3354 log(LOG_INFO, "%s%d: pap failure", 3355 ifp->if_name, ifp->if_unit); 3356 name_len = *((char *)h); 3357 if (len > 5 && name_len) { 3358 addlog(": "); 3359 sppp_print_string((char*)(h+1), name_len); 3360 } 3361 addlog("\n"); 3362 } else 3363 log(LOG_INFO, "%s%d: pap failure\n", 3364 ifp->if_name, ifp->if_unit); 3365 /* await LCP shutdown by authenticator */ 3366 break; 3367 3368 default: 3369 /* Unknown PAP packet type -- ignore. */ 3370 if (debug) { 3371 log(LOG_DEBUG, "%s%d: pap corrupted input " 3372 "<0x%x id=0x%x len=%d", 3373 ifp->if_name, ifp->if_unit, 3374 h->type, h->ident, ntohs(h->len)); 3375 if (len > 4) 3376 sppp_print_bytes((u_char*)(h+1), len-4); 3377 addlog(">\n"); 3378 } 3379 break; 3380 3381 } 3382} 3383 3384static void 3385sppp_pap_init(struct sppp *sp) 3386{ 3387 /* PAP doesn't have STATE_INITIAL at all. */ 3388 sp->state[IDX_PAP] = STATE_CLOSED; 3389 sp->fail_counter[IDX_PAP] = 0; 3390 callout_handle_init(&sp->ch[IDX_PAP]); 3391 callout_handle_init(&sp->pap_my_to_ch); 3392} 3393 3394static void 3395sppp_pap_open(struct sppp *sp) 3396{ 3397 if (sp->hisauth.proto == PPP_PAP && 3398 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3399 /* we are authenticator for PAP, start our timer */ 3400 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3401 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3402 } 3403 if (sp->myauth.proto == PPP_PAP) { 3404 /* we are peer, send a request, and start a timer */ 3405 pap.scr(sp); 3406 sp->pap_my_to_ch = timeout(sppp_pap_my_TO, (void *)sp, 3407 sp->lcp.timeout); 3408 } 3409} 3410 3411static void 3412sppp_pap_close(struct sppp *sp) 3413{ 3414 if (sp->state[IDX_PAP] != STATE_CLOSED) 3415 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3416} 3417 3418/* 3419 * That's the timeout routine if we are authenticator. Since the 3420 * authenticator is basically passive in PAP, we can't do much here. 3421 */ 3422static void 3423sppp_pap_TO(void *cookie) 3424{ 3425 struct sppp *sp = (struct sppp *)cookie; 3426 STDDCL; 3427 int s; 3428 3429 s = splimp(); 3430 if (debug) 3431 log(LOG_DEBUG, "%s%d: pap TO(%s) rst_counter = %d\n", 3432 ifp->if_name, ifp->if_unit, 3433 sppp_state_name(sp->state[IDX_PAP]), 3434 sp->rst_counter[IDX_PAP]); 3435 3436 if (--sp->rst_counter[IDX_PAP] < 0) 3437 /* TO- event */ 3438 switch (sp->state[IDX_PAP]) { 3439 case STATE_REQ_SENT: 3440 pap.tld(sp); 3441 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3442 break; 3443 } 3444 else 3445 /* TO+ event, not very much we could do */ 3446 switch (sp->state[IDX_PAP]) { 3447 case STATE_REQ_SENT: 3448 /* sppp_cp_change_state() will restart the timer */ 3449 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3450 break; 3451 } 3452 3453 splx(s); 3454} 3455 3456/* 3457 * That's the timeout handler if we are peer. Since the peer is active, 3458 * we need to retransmit our PAP request since it is apparently lost. 3459 * XXX We should impose a max counter. 3460 */ 3461static void 3462sppp_pap_my_TO(void *cookie) 3463{ 3464 struct sppp *sp = (struct sppp *)cookie; 3465 STDDCL; 3466 3467 if (debug) 3468 log(LOG_DEBUG, "%s%d: pap peer TO\n", 3469 ifp->if_name, ifp->if_unit); 3470 3471 pap.scr(sp); 3472} 3473 3474static void 3475sppp_pap_tlu(struct sppp *sp) 3476{ 3477 STDDCL; 3478 int x; 3479 3480 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3481 3482 if (debug) 3483 log(LOG_DEBUG, "%s%d: %s tlu\n", 3484 ifp->if_name, ifp->if_unit, pap.name); 3485 3486 x = splimp(); 3487 /* indicate to LCP that we need to be closed down */ 3488 sp->lcp.protos |= (1 << IDX_PAP); 3489 3490 if (sp->pp_flags & PP_NEEDAUTH) { 3491 /* 3492 * Remote is authenticator, but his auth proto didn't 3493 * complete yet. Defer the transition to network 3494 * phase. 3495 */ 3496 splx(x); 3497 return; 3498 } 3499 splx(x); 3500 sppp_phase_network(sp); 3501} 3502 3503static void 3504sppp_pap_tld(struct sppp *sp) 3505{ 3506 STDDCL; 3507 3508 if (debug) 3509 log(LOG_DEBUG, "%s%d: pap tld\n", ifp->if_name, ifp->if_unit); 3510 untimeout(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 3511 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3512 sp->lcp.protos &= ~(1 << IDX_PAP); 3513 3514 lcp.Close(sp); 3515} 3516 3517static void 3518sppp_pap_scr(struct sppp *sp) 3519{ 3520 STDDCL; 3521 u_char idlen, pwdlen; 3522 3523 sp->confid[IDX_PAP] = ++sp->pp_seq; 3524 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 3525 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 3526 3527 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 3528 sizeof idlen, (const char *)&idlen, 3529 (unsigned)idlen, sp->myauth.name, 3530 sizeof pwdlen, (const char *)&pwdlen, 3531 (unsigned)pwdlen, sp->myauth.secret, 3532 0); 3533} 3534/* 3535 * Random miscellaneous functions. 3536 */ 3537 3538/* 3539 * Send a PAP or CHAP proto packet. 3540 * 3541 * Varadic function, each of the elements for the ellipsis is of type 3542 * ``unsigned mlen, const u_char *msg''. Processing will stop iff 3543 * mlen == 0. 3544 */ 3545 3546static void 3547sppp_auth_send(const struct cp *cp, struct sppp *sp, u_char type, u_char id, 3548 ...) 3549{ 3550 STDDCL; 3551 struct ppp_header *h; 3552 struct lcp_header *lh; 3553 struct mbuf *m; 3554 u_char *p; 3555 int len; 3556 unsigned mlen; 3557 const char *msg; 3558 va_list ap; 3559 3560 MGETHDR (m, M_DONTWAIT, MT_DATA); 3561 if (! m) 3562 return; 3563 m->m_pkthdr.rcvif = 0; 3564 3565 h = mtod (m, struct ppp_header*); 3566 h->address = PPP_ALLSTATIONS; /* broadcast address */ 3567 h->control = PPP_UI; /* Unnumbered Info */ 3568 h->protocol = htons(cp->proto); 3569 3570 lh = (struct lcp_header*)(h + 1); 3571 lh->type = type; 3572 lh->ident = id; 3573 p = (u_char*) (lh+1); 3574 3575 va_start(ap, id); 3576 len = 0; 3577 3578 while ((mlen = va_arg(ap, unsigned)) != 0) { 3579 msg = va_arg(ap, const char *); 3580 len += mlen; 3581 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 3582 va_end(ap); 3583 m_freem(m); 3584 return; 3585 } 3586 3587 bcopy(msg, p, mlen); 3588 p += mlen; 3589 } 3590 va_end(ap); 3591 3592 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 3593 lh->len = htons (LCP_HEADER_LEN + len); 3594 3595 if (debug) { 3596 log(LOG_DEBUG, "%s%d: %s output <%s id=0x%x len=%d", 3597 ifp->if_name, ifp->if_unit, cp->name, 3598 sppp_auth_type_name(cp->proto, lh->type), 3599 lh->ident, ntohs(lh->len)); 3600 if (len) 3601 sppp_print_bytes((u_char*) (lh+1), len); 3602 addlog(">\n"); 3603 } 3604 if (IF_QFULL (&sp->pp_cpq)) { 3605 IF_DROP (&sp->pp_fastq); 3606 IF_DROP (&ifp->if_snd); 3607 m_freem (m); 3608 ++ifp->if_oerrors; 3609 } else 3610 IF_ENQUEUE (&sp->pp_cpq, m); 3611 if (! (ifp->if_flags & IFF_OACTIVE)) 3612 (*ifp->if_start) (ifp); 3613 ifp->if_obytes += m->m_pkthdr.len + 3; 3614} 3615 3616/* 3617 * Flush interface queue. 3618 */ 3619static void 3620sppp_qflush(struct ifqueue *ifq) 3621{ 3622 struct mbuf *m, *n; 3623 3624 n = ifq->ifq_head; 3625 while ((m = n)) { 3626 n = m->m_act; 3627 m_freem (m); 3628 } 3629 ifq->ifq_head = 0; 3630 ifq->ifq_tail = 0; 3631 ifq->ifq_len = 0; 3632} 3633 3634/* 3635 * Send keepalive packets, every 10 seconds. 3636 */ 3637static void 3638sppp_keepalive(void *dummy) 3639{ 3640 struct sppp *sp; 3641 int s; 3642 3643 s = splimp(); 3644 for (sp=spppq; sp; sp=sp->pp_next) { 3645 struct ifnet *ifp = &sp->pp_if; 3646 3647 /* Keepalive mode disabled or channel down? */ 3648 if (! (sp->pp_flags & PP_KEEPALIVE) || 3649 ! (ifp->if_flags & IFF_RUNNING)) 3650 continue; 3651 3652 /* No keepalive in PPP mode if LCP not opened yet. */ 3653 if (! (sp->pp_flags & PP_CISCO) && 3654 sp->pp_phase < PHASE_AUTHENTICATE) 3655 continue; 3656 3657 if (sp->pp_alivecnt == MAXALIVECNT) { 3658 /* No keepalive packets got. Stop the interface. */ 3659 printf ("%s%d: down\n", ifp->if_name, ifp->if_unit); 3660 if_down (ifp); 3661 sppp_qflush (&sp->pp_cpq); 3662 if (! (sp->pp_flags & PP_CISCO)) { 3663 /* XXX */ 3664 /* Shut down the PPP link. */ 3665 lcp.Down(sp); 3666 /* Initiate negotiation. XXX */ 3667 lcp.Up(sp); 3668 } 3669 } 3670 if (sp->pp_alivecnt <= MAXALIVECNT) 3671 ++sp->pp_alivecnt; 3672 if (sp->pp_flags & PP_CISCO) 3673 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, ++sp->pp_seq, 3674 sp->pp_rseq); 3675 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 3676 long nmagic = htonl (sp->lcp.magic); 3677 sp->lcp.echoid = ++sp->pp_seq; 3678 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 3679 sp->lcp.echoid, 4, &nmagic); 3680 } 3681 } 3682 splx(s); 3683 keepalive_ch = timeout(sppp_keepalive, 0, hz * 10); 3684} 3685 3686/* 3687 * Get both IP addresses. 3688 */ 3689static void 3690sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 3691{ 3692 struct ifnet *ifp = &sp->pp_if; 3693 struct ifaddr *ifa; 3694 struct sockaddr_in *si, *sm; 3695 u_long ssrc, ddst; 3696 3697 ssrc = ddst = 0L; 3698 /* 3699 * Pick the first AF_INET address from the list, 3700 * aliases don't make any sense on a p2p link anyway. 3701 */ 3702 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 3703 ifa; 3704 ifa = ifa->ifa_link.tqe_next) 3705 if (ifa->ifa_addr->sa_family == AF_INET) { 3706 si = (struct sockaddr_in *)ifa->ifa_addr; 3707 sm = (struct sockaddr_in *)ifa->ifa_netmask; 3708 if (si) 3709 break; 3710 } 3711 if (ifa) { 3712 if (si && si->sin_addr.s_addr) { 3713 ssrc = si->sin_addr.s_addr; 3714 if (srcmask) 3715 *srcmask = ntohl(sm->sin_addr.s_addr); 3716 } 3717 3718 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 3719 if (si && si->sin_addr.s_addr) 3720 ddst = si->sin_addr.s_addr; 3721 } 3722 3723 if (dst) *dst = ntohl(ddst); 3724 if (src) *src = ntohl(ssrc); 3725} 3726 3727/* 3728 * Set my IP address. Must be called at splimp. 3729 */ 3730static void 3731sppp_set_ip_addr(struct sppp *sp, u_long src) 3732{ 3733 struct ifnet *ifp = &sp->pp_if; 3734 struct ifaddr *ifa; 3735 struct sockaddr_in *si; 3736 u_long ssrc, ddst; 3737 3738 /* 3739 * Pick the first AF_INET address from the list, 3740 * aliases don't make any sense on a p2p link anyway. 3741 */ 3742 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 3743 ifa; 3744 ifa = ifa->ifa_link.tqe_next) 3745 if (ifa->ifa_addr->sa_family == AF_INET) { 3746 si = (struct sockaddr_in *)ifa->ifa_addr; 3747 if (si) 3748 break; 3749 } 3750 if (ifa && si) 3751 si->sin_addr.s_addr = htonl(src); 3752} 3753 3754static int 3755sppp_params(struct sppp *sp, int cmd, void *data) 3756{ 3757 int subcmd; 3758 struct ifreq *ifr = (struct ifreq *)data; 3759 struct spppreq spr; 3760 3761 /* 3762 * ifr->ifr_data is supposed to point to a struct spppreq. 3763 * Check the cmd word first before attempting to fetch all the 3764 * data. 3765 */ 3766 if ((subcmd = fuword(ifr->ifr_data)) == -1) 3767 return EFAULT; 3768 3769 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0) 3770 return EFAULT; 3771 3772 switch (subcmd) { 3773 case SPPPIOGDEFS: 3774 if (cmd != SIOCGIFGENERIC) 3775 return EINVAL; 3776 /* 3777 * We copy over the entire current state, but clean 3778 * out some of the stuff we don't wanna pass up. 3779 * Remember, SIOCGIFGENERIC is unprotected, and can be 3780 * called by any user. No need to ever get PAP or 3781 * CHAP secrets back to userland anyway. 3782 */ 3783 bcopy(sp, &spr.defs, sizeof(struct sppp)); 3784 bzero(spr.defs.myauth.secret, AUTHKEYLEN); 3785 bzero(spr.defs.myauth.challenge, AUTHKEYLEN); 3786 bzero(spr.defs.hisauth.secret, AUTHKEYLEN); 3787 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN); 3788 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr); 3789 3790 case SPPPIOSDEFS: 3791 if (cmd != SIOCSIFGENERIC) 3792 return EINVAL; 3793 /* 3794 * We have a very specific idea of which fields we allow 3795 * being passed back from userland, so to not clobber our 3796 * current state. For one, we only allow setting 3797 * anything if LCP is in dead phase. Once the LCP 3798 * negotiations started, the authentication settings must 3799 * not be changed again. (The administrator can force an 3800 * ifconfig down in order to get LCP back into dead 3801 * phase.) 3802 * 3803 * Also, we only allow for authentication parameters to be 3804 * specified. 3805 * 3806 * XXX Should allow to set or clear pp_flags. 3807 * 3808 * Finally, if the respective authentication protocol to 3809 * be used is set differently than 0, but the secret is 3810 * passed as all zeros, we don't trash the existing secret. 3811 * This allows an administrator to change the system name 3812 * only without clobbering the secret (which he didn't get 3813 * back in a previous SPPPIOGDEFS call). However, the 3814 * secrets are cleared if the authentication protocol is 3815 * reset to 0. 3816 */ 3817 if (sp->pp_phase != PHASE_DEAD) 3818 return EBUSY; 3819 3820 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP && 3821 spr.defs.myauth.proto != PPP_CHAP) || 3822 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP && 3823 spr.defs.hisauth.proto != PPP_CHAP)) 3824 return EINVAL; 3825 3826 if (spr.defs.myauth.proto == 0) 3827 /* resetting myauth */ 3828 bzero(&sp->myauth, sizeof sp->myauth); 3829 else { 3830 /* setting/changing myauth */ 3831 sp->myauth.proto = spr.defs.myauth.proto; 3832 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 3833 if (spr.defs.myauth.secret[0] != '\0') 3834 bcopy(spr.defs.myauth.secret, sp->myauth.secret, 3835 AUTHKEYLEN); 3836 } 3837 if (spr.defs.hisauth.proto == 0) 3838 /* resetting hisauth */ 3839 bzero(&sp->hisauth, sizeof sp->hisauth); 3840 else { 3841 /* setting/changing hisauth */ 3842 sp->hisauth.proto = spr.defs.hisauth.proto; 3843 sp->hisauth.flags = spr.defs.hisauth.flags; 3844 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 3845 if (spr.defs.hisauth.secret[0] != '\0') 3846 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret, 3847 AUTHKEYLEN); 3848 } 3849 break; 3850 3851 default: 3852 return EINVAL; 3853 } 3854 3855 return 0; 3856} 3857 3858static void 3859sppp_phase_network(struct sppp *sp) 3860{ 3861 struct ifnet *ifp = &sp->pp_if; 3862 int i; 3863 u_long mask; 3864 3865 sp->pp_phase = PHASE_NETWORK; 3866 3867 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit, 3868 sppp_phase_name(sp->pp_phase)); 3869 3870 /* Notify NCPs now. */ 3871 for (i = 0; i < IDX_COUNT; i++) 3872 if ((cps[i])->flags & CP_NCP) 3873 (cps[i])->Open(sp); 3874 3875 /* Send Up events to all NCPs. */ 3876 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 3877 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 3878 (cps[i])->Up(sp); 3879 3880 /* if no NCP is starting, all this was in vain, close down */ 3881 sppp_lcp_check_and_close(sp); 3882} 3883 3884 3885static const char * 3886sppp_cp_type_name(u_char type) 3887{ 3888 static char buf[12]; 3889 switch (type) { 3890 case CONF_REQ: return "conf-req"; 3891 case CONF_ACK: return "conf-ack"; 3892 case CONF_NAK: return "conf-nak"; 3893 case CONF_REJ: return "conf-rej"; 3894 case TERM_REQ: return "term-req"; 3895 case TERM_ACK: return "term-ack"; 3896 case CODE_REJ: return "code-rej"; 3897 case PROTO_REJ: return "proto-rej"; 3898 case ECHO_REQ: return "echo-req"; 3899 case ECHO_REPLY: return "echo-reply"; 3900 case DISC_REQ: return "discard-req"; 3901 } 3902 sprintf (buf, "0x%x", type); 3903 return buf; 3904} 3905 3906static const char * 3907sppp_auth_type_name(u_short proto, u_char type) 3908{ 3909 static char buf[12]; 3910 switch (proto) { 3911 case PPP_CHAP: 3912 switch (type) { 3913 case CHAP_CHALLENGE: return "challenge"; 3914 case CHAP_RESPONSE: return "response"; 3915 case CHAP_SUCCESS: return "success"; 3916 case CHAP_FAILURE: return "failure"; 3917 } 3918 case PPP_PAP: 3919 switch (type) { 3920 case PAP_REQ: return "req"; 3921 case PAP_ACK: return "ack"; 3922 case PAP_NAK: return "nak"; 3923 } 3924 } 3925 sprintf (buf, "0x%x", type); 3926 return buf; 3927} 3928 3929static const char * 3930sppp_lcp_opt_name(u_char opt) 3931{ 3932 static char buf[12]; 3933 switch (opt) { 3934 case LCP_OPT_MRU: return "mru"; 3935 case LCP_OPT_ASYNC_MAP: return "async-map"; 3936 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 3937 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 3938 case LCP_OPT_MAGIC: return "magic"; 3939 case LCP_OPT_PROTO_COMP: return "proto-comp"; 3940 case LCP_OPT_ADDR_COMP: return "addr-comp"; 3941 } 3942 sprintf (buf, "0x%x", opt); 3943 return buf; 3944} 3945 3946static const char * 3947sppp_ipcp_opt_name(u_char opt) 3948{ 3949 static char buf[12]; 3950 switch (opt) { 3951 case IPCP_OPT_ADDRESSES: return "addresses"; 3952 case IPCP_OPT_COMPRESSION: return "compression"; 3953 case IPCP_OPT_ADDRESS: return "address"; 3954 } 3955 sprintf (buf, "0x%x", opt); 3956 return buf; 3957} 3958 3959static const char * 3960sppp_state_name(int state) 3961{ 3962 switch (state) { 3963 case STATE_INITIAL: return "initial"; 3964 case STATE_STARTING: return "starting"; 3965 case STATE_CLOSED: return "closed"; 3966 case STATE_STOPPED: return "stopped"; 3967 case STATE_CLOSING: return "closing"; 3968 case STATE_STOPPING: return "stopping"; 3969 case STATE_REQ_SENT: return "req-sent"; 3970 case STATE_ACK_RCVD: return "ack-rcvd"; 3971 case STATE_ACK_SENT: return "ack-sent"; 3972 case STATE_OPENED: return "opened"; 3973 } 3974 return "illegal"; 3975} 3976 3977static const char * 3978sppp_phase_name(enum ppp_phase phase) 3979{ 3980 switch (phase) { 3981 case PHASE_DEAD: return "dead"; 3982 case PHASE_ESTABLISH: return "establish"; 3983 case PHASE_TERMINATE: return "terminate"; 3984 case PHASE_AUTHENTICATE: return "authenticate"; 3985 case PHASE_NETWORK: return "network"; 3986 } 3987 return "illegal"; 3988} 3989 3990static const char * 3991sppp_proto_name(u_short proto) 3992{ 3993 static char buf[12]; 3994 switch (proto) { 3995 case PPP_LCP: return "lcp"; 3996 case PPP_IPCP: return "ipcp"; 3997 case PPP_PAP: return "pap"; 3998 case PPP_CHAP: return "chap"; 3999 } 4000 sprintf(buf, "0x%x", (unsigned)proto); 4001 return buf; 4002} 4003 4004static void 4005sppp_print_bytes(const u_char *p, u_short len) 4006{ 4007 addlog(" %x", *p++); 4008 while (--len > 0) 4009 addlog("-%x", *p++); 4010} 4011 4012static void 4013sppp_print_string(const char *p, u_short len) 4014{ 4015 u_char c; 4016 4017 while (len-- > 0) { 4018 c = *p++; 4019 /* 4020 * Print only ASCII chars directly. RFC 1994 recommends 4021 * using only them, but we don't rely on it. */ 4022 if (c < ' ' || c > '~') 4023 addlog("\\x%x", c); 4024 else 4025 addlog("%c", c); 4026 } 4027} 4028 4029static const char * 4030sppp_dotted_quad(u_long addr) 4031{ 4032 static char s[16]; 4033 sprintf(s, "%d.%d.%d.%d", 4034 (addr >> 24) & 0xff, 4035 (addr >> 16) & 0xff, 4036 (addr >> 8) & 0xff, 4037 addr & 0xff); 4038 return s; 4039} 4040 4041static int 4042sppp_strnlen(u_char *p, int max) 4043{ 4044 int len; 4045 4046 for (len = 0; len < max && *p; ++p) 4047 ++len; 4048 return len; 4049} 4050 4051/* a dummy, used to drop uninteresting events */ 4052static void 4053sppp_null(struct sppp *unused) 4054{ 4055 /* do just nothing */ 4056} 4057/* 4058 * This file is large. Tell emacs to highlight it nevertheless. 4059 * 4060 * Local Variables: 4061 * hilit-auto-highlight-maxout: 120000 4062 * End: 4063 */
| 51#endif 52 53#ifdef IPX 54#include <netipx/ipx.h> 55#include <netipx/ipx_if.h> 56#endif 57 58#ifdef NS 59#include <netns/ns.h> 60#include <netns/ns_if.h> 61#endif 62 63#ifdef ISO 64#include <netiso/argo_debug.h> 65#include <netiso/iso.h> 66#include <netiso/iso_var.h> 67#include <netiso/iso_snpac.h> 68#endif 69 70#include <net/if_sppp.h> 71 72#define MAXALIVECNT 3 /* max. alive packets */ 73 74/* 75 * Interface flags that can be set in an ifconfig command. 76 * 77 * Setting link0 will make the link passive, i.e. it will be marked 78 * as being administrative openable, but won't be opened to begin 79 * with. Incoming calls will be answered, or subsequent calls with 80 * -link1 will cause the administrative open of the LCP layer. 81 * 82 * Setting link1 will cause the link to auto-dial only as packets 83 * arrive to be sent. 84 * 85 * Setting IFF_DEBUG will syslog the option negotiation and state 86 * transitions at level kern.debug. Note: all logs consistently look 87 * like 88 * 89 * <if-name><unit>: <proto-name> <additional info...> 90 * 91 * with <if-name><unit> being something like "bppp0", and <proto-name> 92 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 93 */ 94 95#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 96#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 97 98#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 99#define PPP_UI 0x03 /* Unnumbered Information */ 100#define PPP_IP 0x0021 /* Internet Protocol */ 101#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 102#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 103#define PPP_IPX 0x002b /* Novell IPX Protocol */ 104#define PPP_LCP 0xc021 /* Link Control Protocol */ 105#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 106#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 107#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 108 109#define CONF_REQ 1 /* PPP configure request */ 110#define CONF_ACK 2 /* PPP configure acknowledge */ 111#define CONF_NAK 3 /* PPP configure negative ack */ 112#define CONF_REJ 4 /* PPP configure reject */ 113#define TERM_REQ 5 /* PPP terminate request */ 114#define TERM_ACK 6 /* PPP terminate acknowledge */ 115#define CODE_REJ 7 /* PPP code reject */ 116#define PROTO_REJ 8 /* PPP protocol reject */ 117#define ECHO_REQ 9 /* PPP echo request */ 118#define ECHO_REPLY 10 /* PPP echo reply */ 119#define DISC_REQ 11 /* PPP discard request */ 120 121#define LCP_OPT_MRU 1 /* maximum receive unit */ 122#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 123#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 124#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 125#define LCP_OPT_MAGIC 5 /* magic number */ 126#define LCP_OPT_RESERVED 6 /* reserved */ 127#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 128#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 129 130#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 131#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 132#define IPCP_OPT_ADDRESS 3 /* local IP address */ 133 134#define PAP_REQ 1 /* PAP name/password request */ 135#define PAP_ACK 2 /* PAP acknowledge */ 136#define PAP_NAK 3 /* PAP fail */ 137 138#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 139#define CHAP_RESPONSE 2 /* CHAP challenge response */ 140#define CHAP_SUCCESS 3 /* CHAP response ok */ 141#define CHAP_FAILURE 4 /* CHAP response failed */ 142 143#define CHAP_MD5 5 /* hash algorithm - MD5 */ 144 145#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 146#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 147#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 148#define CISCO_ADDR_REQ 0 /* Cisco address request */ 149#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 150#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 151 152/* states are named and numbered according to RFC 1661 */ 153#define STATE_INITIAL 0 154#define STATE_STARTING 1 155#define STATE_CLOSED 2 156#define STATE_STOPPED 3 157#define STATE_CLOSING 4 158#define STATE_STOPPING 5 159#define STATE_REQ_SENT 6 160#define STATE_ACK_RCVD 7 161#define STATE_ACK_SENT 8 162#define STATE_OPENED 9 163 164struct ppp_header { 165 u_char address; 166 u_char control; 167 u_short protocol; 168}; 169#define PPP_HEADER_LEN sizeof (struct ppp_header) 170 171struct lcp_header { 172 u_char type; 173 u_char ident; 174 u_short len; 175}; 176#define LCP_HEADER_LEN sizeof (struct lcp_header) 177 178struct cisco_packet { 179 u_long type; 180 u_long par1; 181 u_long par2; 182 u_short rel; 183 u_short time0; 184 u_short time1; 185}; 186#define CISCO_PACKET_LEN 18 187 188/* 189 * We follow the spelling and capitalization of RFC 1661 here, to make 190 * it easier comparing with the standard. Please refer to this RFC in 191 * case you can't make sense out of these abbreviation; it will also 192 * explain the semantics related to the various events and actions. 193 */ 194struct cp { 195 u_short proto; /* PPP control protocol number */ 196 u_char protoidx; /* index into state table in struct sppp */ 197 u_char flags; 198#define CP_LCP 0x01 /* this is the LCP */ 199#define CP_AUTH 0x02 /* this is an authentication protocol */ 200#define CP_NCP 0x04 /* this is a NCP */ 201#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 202 const char *name; /* name of this control protocol */ 203 /* event handlers */ 204 void (*Up)(struct sppp *sp); 205 void (*Down)(struct sppp *sp); 206 void (*Open)(struct sppp *sp); 207 void (*Close)(struct sppp *sp); 208 void (*TO)(void *sp); 209 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 210 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 211 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 212 /* actions */ 213 void (*tlu)(struct sppp *sp); 214 void (*tld)(struct sppp *sp); 215 void (*tls)(struct sppp *sp); 216 void (*tlf)(struct sppp *sp); 217 void (*scr)(struct sppp *sp); 218}; 219 220static struct sppp *spppq; 221static struct callout_handle keepalive_ch; 222 223/* 224 * The following disgusting hack gets around the problem that IP TOS 225 * can't be set yet. We want to put "interactive" traffic on a high 226 * priority queue. To decide if traffic is interactive, we check that 227 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 228 * 229 * XXX is this really still necessary? - joerg - 230 */ 231static u_short interactive_ports[8] = { 232 0, 513, 0, 0, 233 0, 21, 0, 23, 234}; 235#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 236 237/* almost every function needs these */ 238#define STDDCL \ 239 struct ifnet *ifp = &sp->pp_if; \ 240 int debug = ifp->if_flags & IFF_DEBUG 241 242static int sppp_output(struct ifnet *ifp, struct mbuf *m, 243 struct sockaddr *dst, struct rtentry *rt); 244 245static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 246static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 247 248static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 249 struct mbuf *m); 250static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 251 u_char ident, u_short len, void *data); 252static void sppp_cp_timeout(void *arg); 253static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 254 int newstate); 255static void sppp_auth_send(const struct cp *cp, 256 struct sppp *sp, u_char type, u_char id, 257 ...); 258 259static void sppp_up_event(const struct cp *cp, struct sppp *sp); 260static void sppp_down_event(const struct cp *cp, struct sppp *sp); 261static void sppp_open_event(const struct cp *cp, struct sppp *sp); 262static void sppp_close_event(const struct cp *cp, struct sppp *sp); 263static void sppp_to_event(const struct cp *cp, struct sppp *sp); 264 265static void sppp_null(struct sppp *sp); 266 267static void sppp_lcp_init(struct sppp *sp); 268static void sppp_lcp_up(struct sppp *sp); 269static void sppp_lcp_down(struct sppp *sp); 270static void sppp_lcp_open(struct sppp *sp); 271static void sppp_lcp_close(struct sppp *sp); 272static void sppp_lcp_TO(void *sp); 273static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 274static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 275static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 276static void sppp_lcp_tlu(struct sppp *sp); 277static void sppp_lcp_tld(struct sppp *sp); 278static void sppp_lcp_tls(struct sppp *sp); 279static void sppp_lcp_tlf(struct sppp *sp); 280static void sppp_lcp_scr(struct sppp *sp); 281static void sppp_lcp_check_and_close(struct sppp *sp); 282static int sppp_ncp_check(struct sppp *sp); 283 284static void sppp_ipcp_init(struct sppp *sp); 285static void sppp_ipcp_up(struct sppp *sp); 286static void sppp_ipcp_down(struct sppp *sp); 287static void sppp_ipcp_open(struct sppp *sp); 288static void sppp_ipcp_close(struct sppp *sp); 289static void sppp_ipcp_TO(void *sp); 290static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 291static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 292static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 293static void sppp_ipcp_tlu(struct sppp *sp); 294static void sppp_ipcp_tld(struct sppp *sp); 295static void sppp_ipcp_tls(struct sppp *sp); 296static void sppp_ipcp_tlf(struct sppp *sp); 297static void sppp_ipcp_scr(struct sppp *sp); 298 299static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 300static void sppp_pap_init(struct sppp *sp); 301static void sppp_pap_open(struct sppp *sp); 302static void sppp_pap_close(struct sppp *sp); 303static void sppp_pap_TO(void *sp); 304static void sppp_pap_my_TO(void *sp); 305static void sppp_pap_tlu(struct sppp *sp); 306static void sppp_pap_tld(struct sppp *sp); 307static void sppp_pap_scr(struct sppp *sp); 308 309static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 310static void sppp_chap_init(struct sppp *sp); 311static void sppp_chap_open(struct sppp *sp); 312static void sppp_chap_close(struct sppp *sp); 313static void sppp_chap_TO(void *sp); 314static void sppp_chap_tlu(struct sppp *sp); 315static void sppp_chap_tld(struct sppp *sp); 316static void sppp_chap_scr(struct sppp *sp); 317 318static const char *sppp_auth_type_name(u_short proto, u_char type); 319static const char *sppp_cp_type_name(u_char type); 320static const char *sppp_dotted_quad(u_long addr); 321static const char *sppp_ipcp_opt_name(u_char opt); 322static const char *sppp_lcp_opt_name(u_char opt); 323static const char *sppp_phase_name(enum ppp_phase phase); 324static const char *sppp_proto_name(u_short proto); 325static const char *sppp_state_name(int state); 326static int sppp_params(struct sppp *sp, int cmd, void *data); 327static int sppp_strnlen(u_char *p, int max); 328static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 329 u_long *srcmask); 330static void sppp_keepalive(void *dummy); 331static void sppp_phase_network(struct sppp *sp); 332static void sppp_print_bytes(const u_char *p, u_short len); 333static void sppp_print_string(const char *p, u_short len); 334static void sppp_qflush(struct ifqueue *ifq); 335static void sppp_set_ip_addr(struct sppp *sp, u_long src); 336 337/* our control protocol descriptors */ 338const struct cp lcp = { 339 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 340 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 341 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 342 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 343 sppp_lcp_scr 344}; 345 346const struct cp ipcp = { 347 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp", 348 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 349 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 350 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 351 sppp_ipcp_scr 352}; 353 354const struct cp pap = { 355 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 356 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 357 sppp_pap_TO, 0, 0, 0, 358 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 359 sppp_pap_scr 360}; 361 362const struct cp chap = { 363 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 364 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 365 sppp_chap_TO, 0, 0, 0, 366 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 367 sppp_chap_scr 368}; 369 370const struct cp *cps[IDX_COUNT] = { 371 &lcp, /* IDX_LCP */ 372 &ipcp, /* IDX_IPCP */ 373 &pap, /* IDX_PAP */ 374 &chap, /* IDX_CHAP */ 375}; 376 377 378/* 379 * Exported functions, comprising our interface to the lower layer. 380 */ 381 382/* 383 * Process the received packet. 384 */ 385void 386sppp_input(struct ifnet *ifp, struct mbuf *m) 387{ 388 struct ppp_header *h; 389 struct ifqueue *inq = 0; 390 int s; 391 struct sppp *sp = (struct sppp *)ifp; 392 int debug = ifp->if_flags & IFF_DEBUG; 393 394 if (ifp->if_flags & IFF_UP) 395 /* Count received bytes, add FCS and one flag */ 396 ifp->if_ibytes += m->m_pkthdr.len + 3; 397 398 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 399 /* Too small packet, drop it. */ 400 if (debug) 401 log(LOG_DEBUG, 402 "%s%d: input packet is too small, %d bytes\n", 403 ifp->if_name, ifp->if_unit, m->m_pkthdr.len); 404 drop: 405 ++ifp->if_ierrors; 406 ++ifp->if_iqdrops; 407 m_freem (m); 408 return; 409 } 410 411 /* Get PPP header. */ 412 h = mtod (m, struct ppp_header*); 413 m_adj (m, PPP_HEADER_LEN); 414 415 switch (h->address) { 416 case PPP_ALLSTATIONS: 417 if (h->control != PPP_UI) 418 goto invalid; 419 if (sp->pp_flags & PP_CISCO) { 420 if (debug) 421 log(LOG_DEBUG, 422 "%s%d: PPP packet in Cisco mode " 423 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 424 ifp->if_name, ifp->if_unit, 425 h->address, h->control, ntohs(h->protocol)); 426 goto drop; 427 } 428 switch (ntohs (h->protocol)) { 429 default: 430 if (sp->state[IDX_LCP] == STATE_OPENED) 431 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 432 ++sp->pp_seq, m->m_pkthdr.len + 2, 433 &h->protocol); 434 if (debug) 435 log(LOG_DEBUG, 436 "%s%d: invalid input protocol " 437 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 438 ifp->if_name, ifp->if_unit, 439 h->address, h->control, ntohs(h->protocol)); 440 ++ifp->if_noproto; 441 goto drop; 442 case PPP_LCP: 443 sppp_cp_input(&lcp, sp, m); 444 m_freem (m); 445 return; 446 case PPP_PAP: 447 if (sp->pp_phase >= PHASE_AUTHENTICATE) 448 sppp_pap_input(sp, m); 449 m_freem (m); 450 return; 451 case PPP_CHAP: 452 if (sp->pp_phase >= PHASE_AUTHENTICATE) 453 sppp_chap_input(sp, m); 454 m_freem (m); 455 return; 456#ifdef INET 457 case PPP_IPCP: 458 if (sp->pp_phase == PHASE_NETWORK) 459 sppp_cp_input(&ipcp, sp, m); 460 m_freem (m); 461 return; 462 case PPP_IP: 463 if (sp->state[IDX_IPCP] == STATE_OPENED) { 464 schednetisr (NETISR_IP); 465 inq = &ipintrq; 466 } 467 break; 468#endif 469#ifdef IPX 470 case PPP_IPX: 471 /* IPX IPXCP not implemented yet */ 472 if (sp->pp_phase == PHASE_NETWORK) { 473 schednetisr (NETISR_IPX); 474 inq = &ipxintrq; 475 } 476 break; 477#endif 478#ifdef NS 479 case PPP_XNS: 480 /* XNS IDPCP not implemented yet */ 481 if (sp->pp_phase == PHASE_NETWORK) { 482 schednetisr (NETISR_NS); 483 inq = &nsintrq; 484 } 485 break; 486#endif 487#ifdef ISO 488 case PPP_ISO: 489 /* OSI NLCP not implemented yet */ 490 if (sp->pp_phase == PHASE_NETWORK) { 491 schednetisr (NETISR_ISO); 492 inq = &clnlintrq; 493 } 494 break; 495#endif 496 } 497 break; 498 case CISCO_MULTICAST: 499 case CISCO_UNICAST: 500 /* Don't check the control field here (RFC 1547). */ 501 if (! (sp->pp_flags & PP_CISCO)) { 502 if (debug) 503 log(LOG_DEBUG, 504 "%s%d: Cisco packet in PPP mode " 505 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 506 ifp->if_name, ifp->if_unit, 507 h->address, h->control, ntohs(h->protocol)); 508 goto drop; 509 } 510 switch (ntohs (h->protocol)) { 511 default: 512 ++ifp->if_noproto; 513 goto invalid; 514 case CISCO_KEEPALIVE: 515 sppp_cisco_input ((struct sppp*) ifp, m); 516 m_freem (m); 517 return; 518#ifdef INET 519 case ETHERTYPE_IP: 520 schednetisr (NETISR_IP); 521 inq = &ipintrq; 522 break; 523#endif 524#ifdef IPX 525 case ETHERTYPE_IPX: 526 schednetisr (NETISR_IPX); 527 inq = &ipxintrq; 528 break; 529#endif 530#ifdef NS 531 case ETHERTYPE_NS: 532 schednetisr (NETISR_NS); 533 inq = &nsintrq; 534 break; 535#endif 536 } 537 break; 538 default: /* Invalid PPP packet. */ 539 invalid: 540 if (debug) 541 log(LOG_DEBUG, 542 "%s%d: invalid input packet " 543 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 544 ifp->if_name, ifp->if_unit, 545 h->address, h->control, ntohs(h->protocol)); 546 goto drop; 547 } 548 549 if (! (ifp->if_flags & IFF_UP) || ! inq) 550 goto drop; 551 552 /* Check queue. */ 553 s = splimp(); 554 if (IF_QFULL (inq)) { 555 /* Queue overflow. */ 556 IF_DROP(inq); 557 splx(s); 558 if (debug) 559 log(LOG_DEBUG, "%s%d: protocol queue overflow\n", 560 ifp->if_name, ifp->if_unit); 561 goto drop; 562 } 563 IF_ENQUEUE(inq, m); 564 splx(s); 565} 566 567/* 568 * Enqueue transmit packet. 569 */ 570static int 571sppp_output(struct ifnet *ifp, struct mbuf *m, 572 struct sockaddr *dst, struct rtentry *rt) 573{ 574 struct sppp *sp = (struct sppp*) ifp; 575 struct ppp_header *h; 576 struct ifqueue *ifq; 577 int s, rv = 0; 578 579 s = splimp(); 580 581 if ((ifp->if_flags & IFF_UP) == 0 || 582 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 583 m_freem (m); 584 splx (s); 585 return (ENETDOWN); 586 } 587 588 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 589 /* 590 * Interface is not yet running, but auto-dial. Need 591 * to start LCP for it. 592 */ 593 ifp->if_flags |= IFF_RUNNING; 594 splx(s); 595 lcp.Open(sp); 596 s = splimp(); 597 } 598 599 ifq = &ifp->if_snd; 600#ifdef INET 601 /* 602 * Put low delay, telnet, rlogin and ftp control packets 603 * in front of the queue. 604 */ 605 if (dst->sa_family == AF_INET) { 606 struct ip *ip = mtod (m, struct ip*); 607 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 608 609 if (! IF_QFULL (&sp->pp_fastq) && 610 ((ip->ip_tos & IPTOS_LOWDELAY) || 611 ip->ip_p == IPPROTO_TCP && 612 m->m_len >= sizeof (struct ip) + sizeof (struct tcphdr) && 613 (INTERACTIVE (ntohs (tcp->th_sport)) || 614 INTERACTIVE (ntohs (tcp->th_dport))))) 615 ifq = &sp->pp_fastq; 616 } 617#endif 618 619 /* 620 * Prepend general data packet PPP header. For now, IP only. 621 */ 622 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 623 if (! m) { 624 if (ifp->if_flags & IFF_DEBUG) 625 log(LOG_DEBUG, "%s%d: no memory for transmit header\n", 626 ifp->if_name, ifp->if_unit); 627 ++ifp->if_oerrors; 628 splx (s); 629 return (ENOBUFS); 630 } 631 h = mtod (m, struct ppp_header*); 632 if (sp->pp_flags & PP_CISCO) { 633 h->address = CISCO_UNICAST; /* unicast address */ 634 h->control = 0; 635 } else { 636 h->address = PPP_ALLSTATIONS; /* broadcast address */ 637 h->control = PPP_UI; /* Unnumbered Info */ 638 } 639 640 switch (dst->sa_family) { 641#ifdef INET 642 case AF_INET: /* Internet Protocol */ 643 if (sp->pp_flags & PP_CISCO) 644 h->protocol = htons (ETHERTYPE_IP); 645 else { 646 /* 647 * Don't choke with an ENETDOWN early. It's 648 * possible that we just started dialing out, 649 * so don't drop the packet immediately. If 650 * we notice that we run out of buffer space 651 * below, we will however remember that we are 652 * not ready to carry IP packets, and return 653 * ENETDOWN, as opposed to ENOBUFS. 654 */ 655 h->protocol = htons(PPP_IP); 656 if (sp->state[IDX_IPCP] != STATE_OPENED) 657 rv = ENETDOWN; 658 } 659 break; 660#endif 661#ifdef NS 662 case AF_NS: /* Xerox NS Protocol */ 663 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 664 ETHERTYPE_NS : PPP_XNS); 665 break; 666#endif 667#ifdef IPX 668 case AF_IPX: /* Novell IPX Protocol */ 669 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 670 ETHERTYPE_IPX : PPP_IPX); 671 break; 672#endif 673#ifdef ISO 674 case AF_ISO: /* ISO OSI Protocol */ 675 if (sp->pp_flags & PP_CISCO) 676 goto nosupport; 677 h->protocol = htons (PPP_ISO); 678 break; 679nosupport: 680#endif 681 default: 682 m_freem (m); 683 ++ifp->if_oerrors; 684 splx (s); 685 return (EAFNOSUPPORT); 686 } 687 688 /* 689 * Queue message on interface, and start output if interface 690 * not yet active. 691 */ 692 if (IF_QFULL (ifq)) { 693 IF_DROP (&ifp->if_snd); 694 m_freem (m); 695 ++ifp->if_oerrors; 696 splx (s); 697 return (rv? rv: ENOBUFS); 698 } 699 IF_ENQUEUE (ifq, m); 700 if (! (ifp->if_flags & IFF_OACTIVE)) 701 (*ifp->if_start) (ifp); 702 703 /* 704 * Count output packets and bytes. 705 * The packet length includes header, FCS and 1 flag, 706 * according to RFC 1333. 707 */ 708 ifp->if_obytes += m->m_pkthdr.len + 3; 709 splx (s); 710 return (0); 711} 712 713void 714sppp_attach(struct ifnet *ifp) 715{ 716 struct sppp *sp = (struct sppp*) ifp; 717 718 /* Initialize keepalive handler. */ 719 if (! spppq) 720 keepalive_ch = timeout(sppp_keepalive, 0, hz * 10); 721 722 /* Insert new entry into the keepalive list. */ 723 sp->pp_next = spppq; 724 spppq = sp; 725 726 sp->pp_if.if_type = IFT_PPP; 727 sp->pp_if.if_output = sppp_output; 728 sp->pp_fastq.ifq_maxlen = 32; 729 sp->pp_cpq.ifq_maxlen = 20; 730 sp->pp_loopcnt = 0; 731 sp->pp_alivecnt = 0; 732 sp->pp_seq = 0; 733 sp->pp_rseq = 0; 734 sp->pp_phase = PHASE_DEAD; 735 sp->pp_up = lcp.Up; 736 sp->pp_down = lcp.Down; 737 738 sppp_lcp_init(sp); 739 sppp_ipcp_init(sp); 740 sppp_pap_init(sp); 741 sppp_chap_init(sp); 742} 743 744void 745sppp_detach(struct ifnet *ifp) 746{ 747 struct sppp **q, *p, *sp = (struct sppp*) ifp; 748 int i; 749 750 /* Remove the entry from the keepalive list. */ 751 for (q = &spppq; (p = *q); q = &p->pp_next) 752 if (p == sp) { 753 *q = p->pp_next; 754 break; 755 } 756 757 /* Stop keepalive handler. */ 758 if (! spppq) 759 untimeout(sppp_keepalive, 0, keepalive_ch); 760 761 for (i = 0; i < IDX_COUNT; i++) 762 untimeout((cps[i])->TO, (void *)sp, sp->ch[i]); 763 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 764} 765 766/* 767 * Flush the interface output queue. 768 */ 769void 770sppp_flush(struct ifnet *ifp) 771{ 772 struct sppp *sp = (struct sppp*) ifp; 773 774 sppp_qflush (&sp->pp_if.if_snd); 775 sppp_qflush (&sp->pp_fastq); 776 sppp_qflush (&sp->pp_cpq); 777} 778 779/* 780 * Check if the output queue is empty. 781 */ 782int 783sppp_isempty(struct ifnet *ifp) 784{ 785 struct sppp *sp = (struct sppp*) ifp; 786 int empty, s; 787 788 s = splimp(); 789 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 790 !sp->pp_if.if_snd.ifq_head; 791 splx(s); 792 return (empty); 793} 794 795/* 796 * Get next packet to send. 797 */ 798struct mbuf * 799sppp_dequeue(struct ifnet *ifp) 800{ 801 struct sppp *sp = (struct sppp*) ifp; 802 struct mbuf *m; 803 int s; 804 805 s = splimp(); 806 /* 807 * Process only the control protocol queue until we have at 808 * least one NCP open. 809 * 810 * Do always serve all three queues in Cisco mode. 811 */ 812 IF_DEQUEUE(&sp->pp_cpq, m); 813 if (m == NULL && 814 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) { 815 IF_DEQUEUE(&sp->pp_fastq, m); 816 if (m == NULL) 817 IF_DEQUEUE (&sp->pp_if.if_snd, m); 818 } 819 splx(s); 820 return m; 821} 822 823/* 824 * Pick the next packet, do not remove it from the queue. 825 */ 826struct mbuf * 827sppp_pick(struct ifnet *ifp) 828{ 829 struct sppp *sp = (struct sppp*)ifp; 830 struct mbuf *m; 831 int s; 832 833 s= splimp (); 834 835 m = sp->pp_cpq.ifq_head; 836 if (m == NULL && 837 (sp->pp_phase == PHASE_NETWORK || 838 (sp->pp_flags & PP_CISCO) != 0)) 839 if ((m = sp->pp_fastq.ifq_head) == NULL) 840 m = sp->pp_if.if_snd.ifq_head; 841 splx (s); 842 return (m); 843} 844 845/* 846 * Process an ioctl request. Called on low priority level. 847 */ 848int 849sppp_ioctl(struct ifnet *ifp, int cmd, void *data) 850{ 851 struct ifreq *ifr = (struct ifreq*) data; 852 struct sppp *sp = (struct sppp*) ifp; 853 int s, rv, going_up, going_down, newmode; 854 855 s = splimp(); 856 rv = 0; 857 switch (cmd) { 858 case SIOCAIFADDR: 859 case SIOCSIFDSTADDR: 860 break; 861 862 case SIOCSIFADDR: 863 if_up(ifp); 864 /* fall through... */ 865 866 case SIOCSIFFLAGS: 867 going_up = ifp->if_flags & IFF_UP && 868 (ifp->if_flags & IFF_RUNNING) == 0; 869 going_down = (ifp->if_flags & IFF_UP) == 0 && 870 ifp->if_flags & IFF_RUNNING; 871 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 872 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 873 /* sanity */ 874 newmode = IFF_PASSIVE; 875 ifp->if_flags &= ~IFF_AUTO; 876 } 877 878 if (going_up || going_down) 879 lcp.Close(sp); 880 if (going_up && newmode == 0) { 881 /* neither auto-dial nor passive */ 882 ifp->if_flags |= IFF_RUNNING; 883 if (!(sp->pp_flags & PP_CISCO)) 884 lcp.Open(sp); 885 } else if (going_down) { 886 sppp_flush(ifp); 887 ifp->if_flags &= ~IFF_RUNNING; 888 } 889 890 break; 891 892#ifdef SIOCSIFMTU 893#ifndef ifr_mtu 894#define ifr_mtu ifr_metric 895#endif 896 case SIOCSIFMTU: 897 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 898 return (EINVAL); 899 ifp->if_mtu = ifr->ifr_mtu; 900 break; 901#endif 902#ifdef SLIOCSETMTU 903 case SLIOCSETMTU: 904 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 905 return (EINVAL); 906 ifp->if_mtu = *(short*)data; 907 break; 908#endif 909#ifdef SIOCGIFMTU 910 case SIOCGIFMTU: 911 ifr->ifr_mtu = ifp->if_mtu; 912 break; 913#endif 914#ifdef SLIOCGETMTU 915 case SLIOCGETMTU: 916 *(short*)data = ifp->if_mtu; 917 break; 918#endif 919 case SIOCADDMULTI: 920 case SIOCDELMULTI: 921 break; 922 923 case SIOCGIFGENERIC: 924 case SIOCSIFGENERIC: 925 rv = sppp_params(sp, cmd, data); 926 break; 927 928 default: 929 rv = ENOTTY; 930 } 931 splx(s); 932 return rv; 933} 934 935 936/* 937 * Cisco framing implementation. 938 */ 939 940/* 941 * Handle incoming Cisco keepalive protocol packets. 942 */ 943static void 944sppp_cisco_input(struct sppp *sp, struct mbuf *m) 945{ 946 STDDCL; 947 struct cisco_packet *h; 948 u_long me, mymask; 949 950 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 951 if (debug) 952 log(LOG_DEBUG, 953 "%s%d: cisco invalid packet length: %d bytes\n", 954 ifp->if_name, ifp->if_unit, m->m_pkthdr.len); 955 return; 956 } 957 h = mtod (m, struct cisco_packet*); 958 if (debug) 959 log(LOG_DEBUG, 960 "%s%d: cisco input: %d bytes " 961 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 962 ifp->if_name, ifp->if_unit, m->m_pkthdr.len, 963 ntohl (h->type), h->par1, h->par2, h->rel, 964 h->time0, h->time1); 965 switch (ntohl (h->type)) { 966 default: 967 if (debug) 968 addlog("%s%d: cisco unknown packet type: 0x%lx\n", 969 ifp->if_name, ifp->if_unit, ntohl (h->type)); 970 break; 971 case CISCO_ADDR_REPLY: 972 /* Reply on address request, ignore */ 973 break; 974 case CISCO_KEEPALIVE_REQ: 975 sp->pp_alivecnt = 0; 976 sp->pp_rseq = ntohl (h->par1); 977 if (sp->pp_seq == sp->pp_rseq) { 978 /* Local and remote sequence numbers are equal. 979 * Probably, the line is in loopback mode. */ 980 if (sp->pp_loopcnt >= MAXALIVECNT) { 981 printf ("%s%d: loopback\n", 982 ifp->if_name, ifp->if_unit); 983 sp->pp_loopcnt = 0; 984 if (ifp->if_flags & IFF_UP) { 985 if_down (ifp); 986 sppp_qflush (&sp->pp_cpq); 987 } 988 } 989 ++sp->pp_loopcnt; 990 991 /* Generate new local sequence number */ 992 sp->pp_seq ^= time.tv_sec ^ time.tv_usec; 993 break; 994 } 995 sp->pp_loopcnt = 0; 996 if (! (ifp->if_flags & IFF_UP) && 997 (ifp->if_flags & IFF_RUNNING)) { 998 if_up(ifp); 999 printf ("%s%d: up\n", ifp->if_name, ifp->if_unit); 1000 } 1001 break; 1002 case CISCO_ADDR_REQ: 1003 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1004 if (me != 0L) 1005 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1006 break; 1007 } 1008} 1009 1010/* 1011 * Send Cisco keepalive packet. 1012 */ 1013static void 1014sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1015{ 1016 STDDCL; 1017 struct ppp_header *h; 1018 struct cisco_packet *ch; 1019 struct mbuf *m; 1020 u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1021 1022 MGETHDR (m, M_DONTWAIT, MT_DATA); 1023 if (! m) 1024 return; 1025 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1026 m->m_pkthdr.rcvif = 0; 1027 1028 h = mtod (m, struct ppp_header*); 1029 h->address = CISCO_MULTICAST; 1030 h->control = 0; 1031 h->protocol = htons (CISCO_KEEPALIVE); 1032 1033 ch = (struct cisco_packet*) (h + 1); 1034 ch->type = htonl (type); 1035 ch->par1 = htonl (par1); 1036 ch->par2 = htonl (par2); 1037 ch->rel = -1; 1038 ch->time0 = htons ((u_short) (t >> 16)); 1039 ch->time1 = htons ((u_short) t); 1040 1041 if (debug) 1042 log(LOG_DEBUG, 1043 "%s%d: cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1044 ifp->if_name, ifp->if_unit, ntohl (ch->type), ch->par1, 1045 ch->par2, ch->rel, ch->time0, ch->time1); 1046 1047 if (IF_QFULL (&sp->pp_cpq)) { 1048 IF_DROP (&sp->pp_fastq); 1049 IF_DROP (&ifp->if_snd); 1050 m_freem (m); 1051 } else 1052 IF_ENQUEUE (&sp->pp_cpq, m); 1053 if (! (ifp->if_flags & IFF_OACTIVE)) 1054 (*ifp->if_start) (ifp); 1055 ifp->if_obytes += m->m_pkthdr.len + 3; 1056} 1057 1058/* 1059 * PPP protocol implementation. 1060 */ 1061 1062/* 1063 * Send PPP control protocol packet. 1064 */ 1065static void 1066sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1067 u_char ident, u_short len, void *data) 1068{ 1069 STDDCL; 1070 struct ppp_header *h; 1071 struct lcp_header *lh; 1072 struct mbuf *m; 1073 1074 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1075 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1076 MGETHDR (m, M_DONTWAIT, MT_DATA); 1077 if (! m) 1078 return; 1079 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1080 m->m_pkthdr.rcvif = 0; 1081 1082 h = mtod (m, struct ppp_header*); 1083 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1084 h->control = PPP_UI; /* Unnumbered Info */ 1085 h->protocol = htons (proto); /* Link Control Protocol */ 1086 1087 lh = (struct lcp_header*) (h + 1); 1088 lh->type = type; 1089 lh->ident = ident; 1090 lh->len = htons (LCP_HEADER_LEN + len); 1091 if (len) 1092 bcopy (data, lh+1, len); 1093 1094 if (debug) { 1095 log(LOG_DEBUG, "%s%d: %s output <%s id=0x%x len=%d", 1096 ifp->if_name, ifp->if_unit, 1097 sppp_proto_name(proto), 1098 sppp_cp_type_name (lh->type), lh->ident, 1099 ntohs (lh->len)); 1100 if (len) 1101 sppp_print_bytes ((u_char*) (lh+1), len); 1102 addlog(">\n"); 1103 } 1104 if (IF_QFULL (&sp->pp_cpq)) { 1105 IF_DROP (&sp->pp_fastq); 1106 IF_DROP (&ifp->if_snd); 1107 m_freem (m); 1108 ++ifp->if_oerrors; 1109 } else 1110 IF_ENQUEUE (&sp->pp_cpq, m); 1111 if (! (ifp->if_flags & IFF_OACTIVE)) 1112 (*ifp->if_start) (ifp); 1113 ifp->if_obytes += m->m_pkthdr.len + 3; 1114} 1115 1116/* 1117 * Handle incoming PPP control protocol packets. 1118 */ 1119static void 1120sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1121{ 1122 STDDCL; 1123 struct lcp_header *h; 1124 int len = m->m_pkthdr.len; 1125 int rv; 1126 u_char *p; 1127 1128 if (len < 4) { 1129 if (debug) 1130 log(LOG_DEBUG, 1131 "%s%d: %s invalid packet length: %d bytes\n", 1132 ifp->if_name, ifp->if_unit, cp->name, len); 1133 return; 1134 } 1135 h = mtod (m, struct lcp_header*); 1136 if (debug) { 1137 log(LOG_DEBUG, 1138 "%s%d: %s input(%s): <%s id=0x%x len=%d", 1139 ifp->if_name, ifp->if_unit, cp->name, 1140 sppp_state_name(sp->state[cp->protoidx]), 1141 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1142 if (len > 4) 1143 sppp_print_bytes ((u_char*) (h+1), len-4); 1144 addlog(">\n"); 1145 } 1146 if (len > ntohs (h->len)) 1147 len = ntohs (h->len); 1148 p = (u_char *)(h + 1); 1149 switch (h->type) { 1150 case CONF_REQ: 1151 if (len < 4) { 1152 if (debug) 1153 addlog("%s%d: %s invalid conf-req length %d\n", 1154 ifp->if_name, ifp->if_unit, cp->name, 1155 len); 1156 ++ifp->if_ierrors; 1157 break; 1158 } 1159 /* handle states where RCR doesn't get a SCA/SCN */ 1160 switch (sp->state[cp->protoidx]) { 1161 case STATE_CLOSING: 1162 case STATE_STOPPING: 1163 return; 1164 case STATE_CLOSED: 1165 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1166 0, 0); 1167 return; 1168 } 1169 rv = (cp->RCR)(sp, h, len); 1170 switch (sp->state[cp->protoidx]) { 1171 case STATE_OPENED: 1172 (cp->tld)(sp); 1173 (cp->scr)(sp); 1174 /* fall through... */ 1175 case STATE_ACK_SENT: 1176 case STATE_REQ_SENT: 1177 sppp_cp_change_state(cp, sp, rv? 1178 STATE_ACK_SENT: STATE_REQ_SENT); 1179 break; 1180 case STATE_STOPPED: 1181 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1182 (cp->scr)(sp); 1183 sppp_cp_change_state(cp, sp, rv? 1184 STATE_ACK_SENT: STATE_REQ_SENT); 1185 break; 1186 case STATE_ACK_RCVD: 1187 if (rv) { 1188 sppp_cp_change_state(cp, sp, STATE_OPENED); 1189 if (debug) 1190 log(LOG_DEBUG, "%s%d: %s tlu\n", 1191 ifp->if_name, ifp->if_unit, 1192 cp->name); 1193 (cp->tlu)(sp); 1194 } else 1195 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1196 break; 1197 default: 1198 printf("%s%d: %s illegal %s in state %s\n", 1199 ifp->if_name, ifp->if_unit, cp->name, 1200 sppp_cp_type_name(h->type), 1201 sppp_state_name(sp->state[cp->protoidx])); 1202 ++ifp->if_ierrors; 1203 } 1204 break; 1205 case CONF_ACK: 1206 if (h->ident != sp->confid[cp->protoidx]) { 1207 if (debug) 1208 addlog("%s%d: %s id mismatch 0x%x != 0x%x\n", 1209 ifp->if_name, ifp->if_unit, cp->name, 1210 h->ident, sp->confid[cp->protoidx]); 1211 ++ifp->if_ierrors; 1212 break; 1213 } 1214 switch (sp->state[cp->protoidx]) { 1215 case STATE_CLOSED: 1216 case STATE_STOPPED: 1217 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1218 break; 1219 case STATE_CLOSING: 1220 case STATE_STOPPING: 1221 break; 1222 case STATE_REQ_SENT: 1223 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1224 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1225 break; 1226 case STATE_OPENED: 1227 (cp->tld)(sp); 1228 /* fall through */ 1229 case STATE_ACK_RCVD: 1230 (cp->scr)(sp); 1231 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1232 break; 1233 case STATE_ACK_SENT: 1234 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1235 sppp_cp_change_state(cp, sp, STATE_OPENED); 1236 if (debug) 1237 log(LOG_DEBUG, "%s%d: %s tlu\n", 1238 ifp->if_name, ifp->if_unit, cp->name); 1239 (cp->tlu)(sp); 1240 break; 1241 default: 1242 printf("%s%d: %s illegal %s in state %s\n", 1243 ifp->if_name, ifp->if_unit, cp->name, 1244 sppp_cp_type_name(h->type), 1245 sppp_state_name(sp->state[cp->protoidx])); 1246 ++ifp->if_ierrors; 1247 } 1248 break; 1249 case CONF_NAK: 1250 case CONF_REJ: 1251 if (h->ident != sp->confid[cp->protoidx]) { 1252 if (debug) 1253 addlog("%s%d: %s id mismatch 0x%x != 0x%x\n", 1254 ifp->if_name, ifp->if_unit, cp->name, 1255 h->ident, sp->confid[cp->protoidx]); 1256 ++ifp->if_ierrors; 1257 break; 1258 } 1259 if (h->type == CONF_NAK) 1260 (cp->RCN_nak)(sp, h, len); 1261 else /* CONF_REJ */ 1262 (cp->RCN_rej)(sp, h, len); 1263 1264 switch (sp->state[cp->protoidx]) { 1265 case STATE_CLOSED: 1266 case STATE_STOPPED: 1267 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1268 break; 1269 case STATE_REQ_SENT: 1270 case STATE_ACK_SENT: 1271 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1272 (cp->scr)(sp); 1273 break; 1274 case STATE_OPENED: 1275 (cp->tld)(sp); 1276 /* fall through */ 1277 case STATE_ACK_RCVD: 1278 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1279 (cp->scr)(sp); 1280 break; 1281 case STATE_CLOSING: 1282 case STATE_STOPPING: 1283 break; 1284 default: 1285 printf("%s%d: %s illegal %s in state %s\n", 1286 ifp->if_name, ifp->if_unit, cp->name, 1287 sppp_cp_type_name(h->type), 1288 sppp_state_name(sp->state[cp->protoidx])); 1289 ++ifp->if_ierrors; 1290 } 1291 break; 1292 1293 case TERM_REQ: 1294 switch (sp->state[cp->protoidx]) { 1295 case STATE_ACK_RCVD: 1296 case STATE_ACK_SENT: 1297 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1298 /* fall through */ 1299 case STATE_CLOSED: 1300 case STATE_STOPPED: 1301 case STATE_CLOSING: 1302 case STATE_STOPPING: 1303 case STATE_REQ_SENT: 1304 sta: 1305 /* Send Terminate-Ack packet. */ 1306 if (debug) 1307 log(LOG_DEBUG, "%s%d: %s send terminate-ack\n", 1308 ifp->if_name, ifp->if_unit, cp->name); 1309 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1310 break; 1311 case STATE_OPENED: 1312 (cp->tld)(sp); 1313 sp->rst_counter[cp->protoidx] = 0; 1314 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1315 goto sta; 1316 break; 1317 default: 1318 printf("%s%d: %s illegal %s in state %s\n", 1319 ifp->if_name, ifp->if_unit, cp->name, 1320 sppp_cp_type_name(h->type), 1321 sppp_state_name(sp->state[cp->protoidx])); 1322 ++ifp->if_ierrors; 1323 } 1324 break; 1325 case TERM_ACK: 1326 switch (sp->state[cp->protoidx]) { 1327 case STATE_CLOSED: 1328 case STATE_STOPPED: 1329 case STATE_REQ_SENT: 1330 case STATE_ACK_SENT: 1331 break; 1332 case STATE_CLOSING: 1333 (cp->tlf)(sp); 1334 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1335 break; 1336 case STATE_STOPPING: 1337 (cp->tlf)(sp); 1338 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1339 break; 1340 case STATE_ACK_RCVD: 1341 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1342 break; 1343 case STATE_OPENED: 1344 (cp->tld)(sp); 1345 (cp->scr)(sp); 1346 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1347 break; 1348 default: 1349 printf("%s%d: %s illegal %s in state %s\n", 1350 ifp->if_name, ifp->if_unit, cp->name, 1351 sppp_cp_type_name(h->type), 1352 sppp_state_name(sp->state[cp->protoidx])); 1353 ++ifp->if_ierrors; 1354 } 1355 break; 1356 case CODE_REJ: 1357 case PROTO_REJ: 1358 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1359 log(LOG_INFO, 1360 "%s%d: %s: ignoring RXJ (%s) for proto 0x%x, " 1361 "danger will robinson\n", 1362 ifp->if_name, ifp->if_unit, cp->name, 1363 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1364 switch (sp->state[cp->protoidx]) { 1365 case STATE_CLOSED: 1366 case STATE_STOPPED: 1367 case STATE_REQ_SENT: 1368 case STATE_ACK_SENT: 1369 case STATE_CLOSING: 1370 case STATE_STOPPING: 1371 case STATE_OPENED: 1372 break; 1373 case STATE_ACK_RCVD: 1374 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1375 break; 1376 default: 1377 printf("%s%d: %s illegal %s in state %s\n", 1378 ifp->if_name, ifp->if_unit, cp->name, 1379 sppp_cp_type_name(h->type), 1380 sppp_state_name(sp->state[cp->protoidx])); 1381 ++ifp->if_ierrors; 1382 } 1383 break; 1384 case DISC_REQ: 1385 if (cp->proto != PPP_LCP) 1386 goto illegal; 1387 /* Discard the packet. */ 1388 break; 1389 case ECHO_REQ: 1390 if (cp->proto != PPP_LCP) 1391 goto illegal; 1392 if (sp->state[cp->protoidx] != STATE_OPENED) { 1393 if (debug) 1394 addlog("%s%d: lcp echo req but lcp closed\n", 1395 ifp->if_name, ifp->if_unit); 1396 ++ifp->if_ierrors; 1397 break; 1398 } 1399 if (len < 8) { 1400 if (debug) 1401 addlog("%s%d: invalid lcp echo request " 1402 "packet length: %d bytes\n", 1403 ifp->if_name, ifp->if_unit, len); 1404 break; 1405 } 1406 if (ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1407 /* Line loopback mode detected. */ 1408 printf("%s%d: loopback\n", ifp->if_name, ifp->if_unit); 1409 if_down (ifp); 1410 sppp_qflush (&sp->pp_cpq); 1411 1412 /* Shut down the PPP link. */ 1413 /* XXX */ 1414 lcp.Down(sp); 1415 lcp.Up(sp); 1416 break; 1417 } 1418 *(long*)(h+1) = htonl (sp->lcp.magic); 1419 if (debug) 1420 addlog("%s%d: got lcp echo req, sending echo rep\n", 1421 ifp->if_name, ifp->if_unit); 1422 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1423 break; 1424 case ECHO_REPLY: 1425 if (cp->proto != PPP_LCP) 1426 goto illegal; 1427 if (h->ident != sp->lcp.echoid) { 1428 ++ifp->if_ierrors; 1429 break; 1430 } 1431 if (len < 8) { 1432 if (debug) 1433 addlog("%s%d: lcp invalid echo reply " 1434 "packet length: %d bytes\n", 1435 ifp->if_name, ifp->if_unit, len); 1436 break; 1437 } 1438 if (debug) 1439 addlog("%s%d: lcp got echo rep\n", 1440 ifp->if_name, ifp->if_unit); 1441 if (ntohl (*(long*)(h+1)) != sp->lcp.magic) 1442 sp->pp_alivecnt = 0; 1443 break; 1444 default: 1445 /* Unknown packet type -- send Code-Reject packet. */ 1446 illegal: 1447 if (debug) 1448 addlog("%s%d: %c send code-rej for 0x%x\n", 1449 ifp->if_name, ifp->if_unit, cp->name, h->type); 1450 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq, 1451 m->m_pkthdr.len, h); 1452 ++ifp->if_ierrors; 1453 } 1454} 1455 1456 1457/* 1458 * The generic part of all Up/Down/Open/Close/TO event handlers. 1459 * Basically, the state transition handling in the automaton. 1460 */ 1461static void 1462sppp_up_event(const struct cp *cp, struct sppp *sp) 1463{ 1464 STDDCL; 1465 1466 if (debug) 1467 log(LOG_DEBUG, "%s%d: %s up(%s)\n", 1468 ifp->if_name, ifp->if_unit, cp->name, 1469 sppp_state_name(sp->state[cp->protoidx])); 1470 1471 switch (sp->state[cp->protoidx]) { 1472 case STATE_INITIAL: 1473 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1474 break; 1475 case STATE_STARTING: 1476 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1477 (cp->scr)(sp); 1478 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1479 break; 1480 default: 1481 printf("%s%d: %s illegal up in state %s\n", 1482 ifp->if_name, ifp->if_unit, cp->name, 1483 sppp_state_name(sp->state[cp->protoidx])); 1484 } 1485} 1486 1487static void 1488sppp_down_event(const struct cp *cp, struct sppp *sp) 1489{ 1490 STDDCL; 1491 1492 if (debug) 1493 log(LOG_DEBUG, "%s%d: %s down(%s)\n", 1494 ifp->if_name, ifp->if_unit, cp->name, 1495 sppp_state_name(sp->state[cp->protoidx])); 1496 1497 switch (sp->state[cp->protoidx]) { 1498 case STATE_CLOSED: 1499 case STATE_CLOSING: 1500 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1501 break; 1502 case STATE_STOPPED: 1503 (cp->tls)(sp); 1504 /* fall through */ 1505 case STATE_STOPPING: 1506 case STATE_REQ_SENT: 1507 case STATE_ACK_RCVD: 1508 case STATE_ACK_SENT: 1509 sppp_cp_change_state(cp, sp, STATE_STARTING); 1510 break; 1511 case STATE_OPENED: 1512 (cp->tld)(sp); 1513 sppp_cp_change_state(cp, sp, STATE_STARTING); 1514 break; 1515 default: 1516 printf("%s%d: %s illegal down in state %s\n", 1517 ifp->if_name, ifp->if_unit, cp->name, 1518 sppp_state_name(sp->state[cp->protoidx])); 1519 } 1520} 1521 1522 1523static void 1524sppp_open_event(const struct cp *cp, struct sppp *sp) 1525{ 1526 STDDCL; 1527 1528 if (debug) 1529 log(LOG_DEBUG, "%s%d: %s open(%s)\n", 1530 ifp->if_name, ifp->if_unit, cp->name, 1531 sppp_state_name(sp->state[cp->protoidx])); 1532 1533 switch (sp->state[cp->protoidx]) { 1534 case STATE_INITIAL: 1535 (cp->tls)(sp); 1536 sppp_cp_change_state(cp, sp, STATE_STARTING); 1537 break; 1538 case STATE_STARTING: 1539 break; 1540 case STATE_CLOSED: 1541 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1542 (cp->scr)(sp); 1543 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1544 break; 1545 case STATE_STOPPED: 1546 case STATE_STOPPING: 1547 case STATE_REQ_SENT: 1548 case STATE_ACK_RCVD: 1549 case STATE_ACK_SENT: 1550 case STATE_OPENED: 1551 break; 1552 case STATE_CLOSING: 1553 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1554 break; 1555 } 1556} 1557 1558 1559static void 1560sppp_close_event(const struct cp *cp, struct sppp *sp) 1561{ 1562 STDDCL; 1563 1564 if (debug) 1565 log(LOG_DEBUG, "%s%d: %s close(%s)\n", 1566 ifp->if_name, ifp->if_unit, cp->name, 1567 sppp_state_name(sp->state[cp->protoidx])); 1568 1569 switch (sp->state[cp->protoidx]) { 1570 case STATE_INITIAL: 1571 case STATE_CLOSED: 1572 case STATE_CLOSING: 1573 break; 1574 case STATE_STARTING: 1575 (cp->tlf)(sp); 1576 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1577 break; 1578 case STATE_STOPPED: 1579 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1580 break; 1581 case STATE_STOPPING: 1582 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1583 break; 1584 case STATE_OPENED: 1585 (cp->tld)(sp); 1586 /* fall through */ 1587 case STATE_REQ_SENT: 1588 case STATE_ACK_RCVD: 1589 case STATE_ACK_SENT: 1590 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1591 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1592 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1593 break; 1594 } 1595} 1596 1597static void 1598sppp_to_event(const struct cp *cp, struct sppp *sp) 1599{ 1600 STDDCL; 1601 int s; 1602 1603 s = splimp(); 1604 if (debug) 1605 log(LOG_DEBUG, "%s%d: %s TO(%s) rst_counter = %d\n", 1606 ifp->if_name, ifp->if_unit, cp->name, 1607 sppp_state_name(sp->state[cp->protoidx]), 1608 sp->rst_counter[cp->protoidx]); 1609 1610 if (--sp->rst_counter[cp->protoidx] < 0) 1611 /* TO- event */ 1612 switch (sp->state[cp->protoidx]) { 1613 case STATE_CLOSING: 1614 (cp->tlf)(sp); 1615 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1616 break; 1617 case STATE_STOPPING: 1618 (cp->tlf)(sp); 1619 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1620 break; 1621 case STATE_REQ_SENT: 1622 case STATE_ACK_RCVD: 1623 case STATE_ACK_SENT: 1624 (cp->tlf)(sp); 1625 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1626 break; 1627 } 1628 else 1629 /* TO+ event */ 1630 switch (sp->state[cp->protoidx]) { 1631 case STATE_CLOSING: 1632 case STATE_STOPPING: 1633 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 1634 0, 0); 1635 sp->ch[cp->protoidx] = timeout(cp->TO, (void *)sp, 1636 sp->lcp.timeout); 1637 break; 1638 case STATE_REQ_SENT: 1639 case STATE_ACK_RCVD: 1640 (cp->scr)(sp); 1641 /* sppp_cp_change_state() will restart the timer */ 1642 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1643 break; 1644 case STATE_ACK_SENT: 1645 (cp->scr)(sp); 1646 sp->ch[cp->protoidx] = timeout(cp->TO, (void *)sp, 1647 sp->lcp.timeout); 1648 break; 1649 } 1650 1651 splx(s); 1652} 1653 1654/* 1655 * Change the state of a control protocol in the state automaton. 1656 * Takes care of starting/stopping the restart timer. 1657 */ 1658void 1659sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1660{ 1661 sp->state[cp->protoidx] = newstate; 1662 1663 untimeout(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 1664 switch (newstate) { 1665 case STATE_INITIAL: 1666 case STATE_STARTING: 1667 case STATE_CLOSED: 1668 case STATE_STOPPED: 1669 case STATE_OPENED: 1670 break; 1671 case STATE_CLOSING: 1672 case STATE_STOPPING: 1673 case STATE_REQ_SENT: 1674 case STATE_ACK_RCVD: 1675 case STATE_ACK_SENT: 1676 sp->ch[cp->protoidx] = timeout(cp->TO, (void *)sp, 1677 sp->lcp.timeout); 1678 break; 1679 } 1680} 1681/* 1682 *--------------------------------------------------------------------------* 1683 * * 1684 * The LCP implementation. * 1685 * * 1686 *--------------------------------------------------------------------------* 1687 */ 1688static void 1689sppp_lcp_init(struct sppp *sp) 1690{ 1691 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1692 sp->lcp.magic = 0; 1693 sp->state[IDX_LCP] = STATE_INITIAL; 1694 sp->fail_counter[IDX_LCP] = 0; 1695 sp->lcp.protos = 0; 1696 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 1697 1698 /* 1699 * Initialize counters and timeout values. Note that we don't 1700 * use the 3 seconds suggested in RFC 1661 since we are likely 1701 * running on a fast link. XXX We should probably implement 1702 * the exponential backoff option. Note that these values are 1703 * relevant for all control protocols, not just LCP only. 1704 */ 1705 sp->lcp.timeout = 1 * hz; 1706 sp->lcp.max_terminate = 2; 1707 sp->lcp.max_configure = 10; 1708 sp->lcp.max_failure = 10; 1709 callout_handle_init(&sp->ch[IDX_LCP]); 1710} 1711 1712static void 1713sppp_lcp_up(struct sppp *sp) 1714{ 1715 STDDCL; 1716 1717 /* 1718 * If this interface is passive or dial-on-demand, and we are 1719 * still in Initial state, it means we've got an incoming 1720 * call. Activate the interface. 1721 */ 1722 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 1723 if (debug) 1724 log(LOG_DEBUG, 1725 "%s%d: Up event", ifp->if_name, ifp->if_unit); 1726 ifp->if_flags |= IFF_RUNNING; 1727 if (sp->state[IDX_LCP] == STATE_INITIAL) { 1728 if (debug) 1729 addlog("(incoming call)\n"); 1730 sp->pp_flags |= PP_CALLIN; 1731 lcp.Open(sp); 1732 } else if (debug) 1733 addlog("\n"); 1734 } 1735 1736 sppp_up_event(&lcp, sp); 1737} 1738 1739static void 1740sppp_lcp_down(struct sppp *sp) 1741{ 1742 STDDCL; 1743 1744 sppp_down_event(&lcp, sp); 1745 1746 /* 1747 * If this is neither a dial-on-demand nor a passive 1748 * interface, simulate an ``ifconfig down'' action, so the 1749 * administrator can force a redial by another ``ifconfig 1750 * up''. XXX For leased line operation, should we immediately 1751 * try to reopen the connection here? 1752 */ 1753 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 1754 log(LOG_INFO, 1755 "%s%d: Down event (carrier loss), taking interface down.\n", 1756 ifp->if_name, ifp->if_unit); 1757 if_down(ifp); 1758 } else { 1759 if (debug) 1760 log(LOG_DEBUG, 1761 "%s%d: Down event (carrier loss)\n", 1762 ifp->if_name, ifp->if_unit); 1763 } 1764 sp->pp_flags &= ~PP_CALLIN; 1765 if (sp->state[IDX_LCP] != STATE_INITIAL) 1766 lcp.Close(sp); 1767 ifp->if_flags &= ~IFF_RUNNING; 1768} 1769 1770static void 1771sppp_lcp_open(struct sppp *sp) 1772{ 1773 /* 1774 * If we are authenticator, negotiate LCP_AUTH 1775 */ 1776 if (sp->hisauth.proto != 0) 1777 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 1778 else 1779 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1780 sp->pp_flags &= ~PP_NEEDAUTH; 1781 sppp_open_event(&lcp, sp); 1782} 1783 1784static void 1785sppp_lcp_close(struct sppp *sp) 1786{ 1787 sppp_close_event(&lcp, sp); 1788} 1789 1790static void 1791sppp_lcp_TO(void *cookie) 1792{ 1793 sppp_to_event(&lcp, (struct sppp *)cookie); 1794} 1795 1796/* 1797 * Analyze a configure request. Return true if it was agreeable, and 1798 * caused action sca, false if it has been rejected or nak'ed, and 1799 * caused action scn. (The return value is used to make the state 1800 * transition decision in the state automaton.) 1801 */ 1802static int 1803sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 1804{ 1805 STDDCL; 1806 u_char *buf, *r, *p; 1807 int origlen, rlen; 1808 u_long nmagic; 1809 u_short authproto; 1810 1811 len -= 4; 1812 origlen = len; 1813 buf = r = malloc (len, M_TEMP, M_NOWAIT); 1814 if (! buf) 1815 return (0); 1816 1817 if (debug) 1818 log(LOG_DEBUG, "%s%d: lcp parse opts: ", 1819 ifp->if_name, ifp->if_unit); 1820 1821 /* pass 1: check for things that need to be rejected */ 1822 p = (void*) (h+1); 1823 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 1824 if (debug) 1825 addlog(" %s ", sppp_lcp_opt_name(*p)); 1826 switch (*p) { 1827 case LCP_OPT_MAGIC: 1828 /* Magic number. */ 1829 /* fall through, both are same length */ 1830 case LCP_OPT_ASYNC_MAP: 1831 /* Async control character map. */ 1832 if (len >= 6 || p[1] == 6) 1833 continue; 1834 if (debug) 1835 addlog("[invalid] "); 1836 break; 1837 case LCP_OPT_MRU: 1838 /* Maximum receive unit. */ 1839 if (len >= 4 && p[1] == 4) 1840 continue; 1841 if (debug) 1842 addlog("[invalid] "); 1843 break; 1844 case LCP_OPT_AUTH_PROTO: 1845 if (len < 4) { 1846 if (debug) 1847 addlog("[invalid] "); 1848 break; 1849 } 1850 authproto = (p[2] << 8) + p[3]; 1851 if (authproto == PPP_CHAP && p[1] != 5) { 1852 if (debug) 1853 addlog("[invalid chap len] "); 1854 break; 1855 } 1856 if (sp->myauth.proto == 0) { 1857 /* we are not configured to do auth */ 1858 if (debug) 1859 addlog("[not configured] "); 1860 break; 1861 } 1862 /* 1863 * Remote want us to authenticate, remember this, 1864 * so we stay in PHASE_AUTHENTICATE after LCP got 1865 * up. 1866 */ 1867 sp->pp_flags |= PP_NEEDAUTH; 1868 continue; 1869 default: 1870 /* Others not supported. */ 1871 if (debug) 1872 addlog("[rej] "); 1873 break; 1874 } 1875 /* Add the option to rejected list. */ 1876 bcopy (p, r, p[1]); 1877 r += p[1]; 1878 rlen += p[1]; 1879 } 1880 if (rlen) { 1881 if (debug) 1882 addlog(" send conf-rej\n"); 1883 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 1884 return 0; 1885 } else if (debug) 1886 addlog("\n"); 1887 1888 /* 1889 * pass 2: check for option values that are unacceptable and 1890 * thus require to be nak'ed. 1891 */ 1892 if (debug) 1893 log(LOG_DEBUG, "%s%d: lcp parse opt values: ", 1894 ifp->if_name, ifp->if_unit); 1895 1896 p = (void*) (h+1); 1897 len = origlen; 1898 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 1899 if (debug) 1900 addlog(" %s ", sppp_lcp_opt_name(*p)); 1901 switch (*p) { 1902 case LCP_OPT_MAGIC: 1903 /* Magic number -- extract. */ 1904 nmagic = (u_long)p[2] << 24 | 1905 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 1906 if (nmagic != sp->lcp.magic) { 1907 if (debug) 1908 addlog("0x%x ", nmagic); 1909 continue; 1910 } 1911 /* 1912 * Local and remote magics equal -- loopback? 1913 */ 1914 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 1915 printf ("%s%d: loopback\n", 1916 ifp->if_name, ifp->if_unit); 1917 sp->pp_loopcnt = 0; 1918 if (ifp->if_flags & IFF_UP) { 1919 if_down(ifp); 1920 sppp_qflush(&sp->pp_cpq); 1921 /* XXX ? */ 1922 lcp.Down(sp); 1923 lcp.Up(sp); 1924 } 1925 } else if (debug) 1926 addlog("[glitch] "); 1927 ++sp->pp_loopcnt; 1928 /* 1929 * We negate our magic here, and NAK it. If 1930 * we see it later in an NAK packet, we 1931 * suggest a new one. 1932 */ 1933 nmagic = ~sp->lcp.magic; 1934 /* Gonna NAK it. */ 1935 p[2] = nmagic >> 24; 1936 p[3] = nmagic >> 16; 1937 p[4] = nmagic >> 8; 1938 p[5] = nmagic; 1939 break; 1940 1941 case LCP_OPT_ASYNC_MAP: 1942 /* Async control character map -- check to be zero. */ 1943 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 1944 if (debug) 1945 addlog("[empty] "); 1946 continue; 1947 } 1948 if (debug) 1949 addlog("[non-empty] "); 1950 /* suggest a zero one */ 1951 p[2] = p[3] = p[4] = p[5] = 0; 1952 break; 1953 1954 case LCP_OPT_MRU: 1955 /* 1956 * Maximum receive unit. Always agreeable, 1957 * but ignored by now. 1958 */ 1959 sp->lcp.their_mru = p[2] * 256 + p[3]; 1960 if (debug) 1961 addlog("%d ", sp->lcp.their_mru); 1962 continue; 1963 1964 case LCP_OPT_AUTH_PROTO: 1965 authproto = (p[2] << 8) + p[3]; 1966 if (sp->myauth.proto != authproto) { 1967 /* not agreed, nak */ 1968 if (debug) 1969 addlog("[mine %s != his %s] ", 1970 sppp_proto_name(sp->hisauth.proto), 1971 sppp_proto_name(authproto)); 1972 p[2] = sp->myauth.proto >> 8; 1973 p[3] = sp->myauth.proto; 1974 break; 1975 } 1976 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 1977 if (debug) 1978 addlog("[chap not MD5] "); 1979 p[4] == CHAP_MD5; 1980 break; 1981 } 1982 continue; 1983 } 1984 /* Add the option to nak'ed list. */ 1985 bcopy (p, r, p[1]); 1986 r += p[1]; 1987 rlen += p[1]; 1988 } 1989 if (rlen) { 1990 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 1991 if (debug) 1992 addlog(" max_failure (%d) exceeded, " 1993 "send conf-rej\n", 1994 sp->lcp.max_failure); 1995 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 1996 } else { 1997 if (debug) 1998 addlog(" send conf-nak\n"); 1999 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2000 } 2001 return 0; 2002 } else { 2003 if (debug) 2004 addlog(" send conf-ack\n"); 2005 sp->fail_counter[IDX_LCP] = 0; 2006 sp->pp_loopcnt = 0; 2007 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2008 h->ident, origlen, h+1); 2009 } 2010 2011 free (buf, M_TEMP); 2012 return (rlen == 0); 2013} 2014 2015/* 2016 * Analyze the LCP Configure-Reject option list, and adjust our 2017 * negotiation. 2018 */ 2019static void 2020sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2021{ 2022 STDDCL; 2023 u_char *buf, *p; 2024 2025 len -= 4; 2026 buf = malloc (len, M_TEMP, M_NOWAIT); 2027 if (!buf) 2028 return; 2029 2030 if (debug) 2031 log(LOG_DEBUG, "%s%d: lcp rej opts: ", 2032 ifp->if_name, ifp->if_unit); 2033 2034 p = (void*) (h+1); 2035 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2036 if (debug) 2037 addlog(" %s ", sppp_lcp_opt_name(*p)); 2038 switch (*p) { 2039 case LCP_OPT_MAGIC: 2040 /* Magic number -- can't use it, use 0 */ 2041 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2042 sp->lcp.magic = 0; 2043 break; 2044 case LCP_OPT_MRU: 2045 /* 2046 * Should not be rejected anyway, since we only 2047 * negotiate a MRU if explicitly requested by 2048 * peer. 2049 */ 2050 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2051 break; 2052 case LCP_OPT_AUTH_PROTO: 2053 /* 2054 * Peer doesn't want to authenticate himself, 2055 * deny unless this is a dialout call, and 2056 * AUTHFLAG_NOCALLOUT is set. 2057 */ 2058 if ((sp->pp_flags & PP_CALLIN) == 0 && 2059 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2060 if (debug) 2061 addlog("[don't insist on auth " 2062 "for callout]"); 2063 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2064 break; 2065 } 2066 if (debug) 2067 addlog("[access denied]\n"); 2068 lcp.Close(sp); 2069 break; 2070 } 2071 } 2072 if (debug) 2073 addlog("\n"); 2074 free (buf, M_TEMP); 2075 return; 2076} 2077 2078/* 2079 * Analyze the LCP Configure-NAK option list, and adjust our 2080 * negotiation. 2081 */ 2082static void 2083sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2084{ 2085 STDDCL; 2086 u_char *buf, *p; 2087 u_long magic; 2088 2089 len -= 4; 2090 buf = malloc (len, M_TEMP, M_NOWAIT); 2091 if (!buf) 2092 return; 2093 2094 if (debug) 2095 log(LOG_DEBUG, "%s%d: lcp nak opts: ", 2096 ifp->if_name, ifp->if_unit); 2097 2098 p = (void*) (h+1); 2099 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2100 if (debug) 2101 addlog(" %s ", sppp_lcp_opt_name(*p)); 2102 switch (*p) { 2103 case LCP_OPT_MAGIC: 2104 /* Magic number -- renegotiate */ 2105 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2106 len >= 6 && p[1] == 6) { 2107 magic = (u_long)p[2] << 24 | 2108 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2109 /* 2110 * If the remote magic is our negated one, 2111 * this looks like a loopback problem. 2112 * Suggest a new magic to make sure. 2113 */ 2114 if (magic == ~sp->lcp.magic) { 2115 if (debug) 2116 addlog("magic glitch "); 2117 sp->lcp.magic += time.tv_sec + time.tv_usec; 2118 } else { 2119 sp->lcp.magic = magic; 2120 if (debug) 2121 addlog("%d "); 2122 } 2123 } 2124 break; 2125 case LCP_OPT_MRU: 2126 /* 2127 * Peer wants to advise us to negotiate an MRU. 2128 * Agree on it if it's reasonable, or use 2129 * default otherwise. 2130 */ 2131 if (len >= 4 && p[1] == 4) { 2132 u_int mru = p[2] * 256 + p[3]; 2133 if (debug) 2134 addlog("%d ", mru); 2135 if (mru < PP_MTU || mru > PP_MAX_MRU) 2136 mru = PP_MTU; 2137 sp->lcp.mru = mru; 2138 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2139 } 2140 break; 2141 case LCP_OPT_AUTH_PROTO: 2142 /* 2143 * Peer doesn't like our authentication method, 2144 * deny. 2145 */ 2146 if (debug) 2147 addlog("[access denied]\n"); 2148 lcp.Close(sp); 2149 break; 2150 } 2151 } 2152 if (debug) 2153 addlog("\n"); 2154 free (buf, M_TEMP); 2155 return; 2156} 2157 2158static void 2159sppp_lcp_tlu(struct sppp *sp) 2160{ 2161 STDDCL; 2162 int i; 2163 u_long mask; 2164 2165 /* XXX ? */ 2166 if (! (ifp->if_flags & IFF_UP) && 2167 (ifp->if_flags & IFF_RUNNING)) { 2168 /* Coming out of loopback mode. */ 2169 if_up(ifp); 2170 printf ("%s%d: up\n", ifp->if_name, ifp->if_unit); 2171 } 2172 2173 for (i = 0; i < IDX_COUNT; i++) 2174 if ((cps[i])->flags & CP_QUAL) 2175 (cps[i])->Open(sp); 2176 2177 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2178 (sp->pp_flags & PP_NEEDAUTH) != 0) 2179 sp->pp_phase = PHASE_AUTHENTICATE; 2180 else 2181 sp->pp_phase = PHASE_NETWORK; 2182 2183 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit, 2184 sppp_phase_name(sp->pp_phase)); 2185 2186 /* 2187 * Open all authentication protocols. This is even required 2188 * if we already proceeded to network phase, since it might be 2189 * that remote wants us to authenticate, so we might have to 2190 * send a PAP request. Undesired authentication protocols 2191 * don't do anything when they get an Open event. 2192 */ 2193 for (i = 0; i < IDX_COUNT; i++) 2194 if ((cps[i])->flags & CP_AUTH) 2195 (cps[i])->Open(sp); 2196 2197 if (sp->pp_phase == PHASE_NETWORK) { 2198 /* Notify all NCPs. */ 2199 for (i = 0; i < IDX_COUNT; i++) 2200 if ((cps[i])->flags & CP_NCP) 2201 (cps[i])->Open(sp); 2202 } 2203 2204 /* Send Up events to all started protos. */ 2205 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2206 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2207 (cps[i])->Up(sp); 2208 2209 if (sp->pp_phase == PHASE_NETWORK) 2210 /* if no NCP is starting, close down */ 2211 sppp_lcp_check_and_close(sp); 2212} 2213 2214static void 2215sppp_lcp_tld(struct sppp *sp) 2216{ 2217 STDDCL; 2218 int i; 2219 u_long mask; 2220 2221 sp->pp_phase = PHASE_TERMINATE; 2222 2223 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit, 2224 sppp_phase_name(sp->pp_phase)); 2225 2226 /* 2227 * Take upper layers down. We send the Down event first and 2228 * the Close second to prevent the upper layers from sending 2229 * ``a flurry of terminate-request packets'', as the RFC 2230 * describes it. 2231 */ 2232 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2233 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2234 (cps[i])->Down(sp); 2235 (cps[i])->Close(sp); 2236 } 2237} 2238 2239static void 2240sppp_lcp_tls(struct sppp *sp) 2241{ 2242 STDDCL; 2243 2244 sp->pp_phase = PHASE_ESTABLISH; 2245 2246 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit, 2247 sppp_phase_name(sp->pp_phase)); 2248 2249 /* Notify lower layer if desired. */ 2250 if (sp->pp_tls) 2251 (sp->pp_tls)(sp); 2252} 2253 2254static void 2255sppp_lcp_tlf(struct sppp *sp) 2256{ 2257 STDDCL; 2258 2259 sp->pp_phase = PHASE_DEAD; 2260 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit, 2261 sppp_phase_name(sp->pp_phase)); 2262 2263 /* Notify lower layer if desired. */ 2264 if (sp->pp_tlf) 2265 (sp->pp_tlf)(sp); 2266} 2267 2268static void 2269sppp_lcp_scr(struct sppp *sp) 2270{ 2271 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2272 int i = 0; 2273 u_short authproto; 2274 2275 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2276 if (! sp->lcp.magic) 2277 sp->lcp.magic = time.tv_sec + time.tv_usec; 2278 opt[i++] = LCP_OPT_MAGIC; 2279 opt[i++] = 6; 2280 opt[i++] = sp->lcp.magic >> 24; 2281 opt[i++] = sp->lcp.magic >> 16; 2282 opt[i++] = sp->lcp.magic >> 8; 2283 opt[i++] = sp->lcp.magic; 2284 } 2285 2286 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2287 opt[i++] = LCP_OPT_MRU; 2288 opt[i++] = 4; 2289 opt[i++] = sp->lcp.mru >> 8; 2290 opt[i++] = sp->lcp.mru; 2291 } 2292 2293 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2294 authproto = sp->hisauth.proto; 2295 opt[i++] = LCP_OPT_AUTH_PROTO; 2296 opt[i++] = authproto == PPP_CHAP? 5: 4; 2297 opt[i++] = authproto >> 8; 2298 opt[i++] = authproto; 2299 if (authproto == PPP_CHAP) 2300 opt[i++] = CHAP_MD5; 2301 } 2302 2303 sp->confid[IDX_LCP] = ++sp->pp_seq; 2304 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2305} 2306 2307/* 2308 * Check the open NCPs, return true if at least one NCP is open. 2309 */ 2310static int 2311sppp_ncp_check(struct sppp *sp) 2312{ 2313 int i, mask; 2314 2315 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2316 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2317 return 1; 2318 return 0; 2319} 2320 2321/* 2322 * Re-check the open NCPs and see if we should terminate the link. 2323 * Called by the NCPs during their tlf action handling. 2324 */ 2325static void 2326sppp_lcp_check_and_close(struct sppp *sp) 2327{ 2328 2329 if (sp->pp_phase < PHASE_NETWORK) 2330 /* don't bother, we are already going down */ 2331 return; 2332 2333 if (sppp_ncp_check(sp)) 2334 return; 2335 2336 lcp.Close(sp); 2337} 2338/* 2339 *--------------------------------------------------------------------------* 2340 * * 2341 * The IPCP implementation. * 2342 * * 2343 *--------------------------------------------------------------------------* 2344 */ 2345 2346static void 2347sppp_ipcp_init(struct sppp *sp) 2348{ 2349 sp->ipcp.opts = 0; 2350 sp->ipcp.flags = 0; 2351 sp->state[IDX_IPCP] = STATE_INITIAL; 2352 sp->fail_counter[IDX_IPCP] = 0; 2353 callout_handle_init(&sp->ch[IDX_IPCP]); 2354} 2355 2356static void 2357sppp_ipcp_up(struct sppp *sp) 2358{ 2359 sppp_up_event(&ipcp, sp); 2360} 2361 2362static void 2363sppp_ipcp_down(struct sppp *sp) 2364{ 2365 sppp_down_event(&ipcp, sp); 2366} 2367 2368static void 2369sppp_ipcp_open(struct sppp *sp) 2370{ 2371 STDDCL; 2372 u_long myaddr, hisaddr; 2373 2374 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2375 /* 2376 * If we don't have his address, this probably means our 2377 * interface doesn't want to talk IP at all. (This could 2378 * be the case if somebody wants to speak only IPX, for 2379 * example.) Don't open IPCP in this case. 2380 */ 2381 if (hisaddr == 0L) { 2382 /* XXX this message should go away */ 2383 if (debug) 2384 log(LOG_DEBUG, "%s%d: ipcp_open(): no IP interface\n", 2385 ifp->if_name, ifp->if_unit); 2386 return; 2387 } 2388 2389 if (myaddr == 0L) { 2390 /* 2391 * I don't have an assigned address, so i need to 2392 * negotiate my address. 2393 */ 2394 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2395 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2396 } 2397 sppp_open_event(&ipcp, sp); 2398} 2399 2400static void 2401sppp_ipcp_close(struct sppp *sp) 2402{ 2403 sppp_close_event(&ipcp, sp); 2404 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2405 /* 2406 * My address was dynamic, clear it again. 2407 */ 2408 sppp_set_ip_addr(sp, 0L); 2409} 2410 2411static void 2412sppp_ipcp_TO(void *cookie) 2413{ 2414 sppp_to_event(&ipcp, (struct sppp *)cookie); 2415} 2416 2417/* 2418 * Analyze a configure request. Return true if it was agreeable, and 2419 * caused action sca, false if it has been rejected or nak'ed, and 2420 * caused action scn. (The return value is used to make the state 2421 * transition decision in the state automaton.) 2422 */ 2423static int 2424sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2425{ 2426 u_char *buf, *r, *p; 2427 struct ifnet *ifp = &sp->pp_if; 2428 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2429 u_long hisaddr, desiredaddr; 2430 2431 len -= 4; 2432 origlen = len; 2433 /* 2434 * Make sure to allocate a buf that can at least hold a 2435 * conf-nak with an `address' option. We might need it below. 2436 */ 2437 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2438 if (! buf) 2439 return (0); 2440 2441 /* pass 1: see if we can recognize them */ 2442 if (debug) 2443 log(LOG_DEBUG, "%s%d: ipcp parse opts: ", 2444 ifp->if_name, ifp->if_unit); 2445 p = (void*) (h+1); 2446 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2447 if (debug) 2448 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2449 switch (*p) { 2450#ifdef notyet 2451 case IPCP_OPT_COMPRESSION: 2452 if (len >= 6 && p[1] >= 6) { 2453 /* correctly formed compress option */ 2454 continue; 2455 } 2456 if (debug) 2457 addlog("[invalid] "); 2458 break; 2459#endif 2460 case IPCP_OPT_ADDRESS: 2461 if (len >= 6 && p[1] == 6) { 2462 /* correctly formed address option */ 2463 continue; 2464 } 2465 if (debug) 2466 addlog("[invalid] "); 2467 break; 2468 default: 2469 /* Others not supported. */ 2470 if (debug) 2471 addlog("[rej] "); 2472 break; 2473 } 2474 /* Add the option to rejected list. */ 2475 bcopy (p, r, p[1]); 2476 r += p[1]; 2477 rlen += p[1]; 2478 } 2479 if (rlen) { 2480 if (debug) 2481 addlog(" send conf-rej\n"); 2482 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2483 return 0; 2484 } else if (debug) 2485 addlog("\n"); 2486 2487 /* pass 2: parse option values */ 2488 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2489 if (debug) 2490 log(LOG_DEBUG, "%s%d: ipcp parse opt values: ", 2491 ifp->if_name, ifp->if_unit); 2492 p = (void*) (h+1); 2493 len = origlen; 2494 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2495 if (debug) 2496 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2497 switch (*p) { 2498#ifdef notyet 2499 case IPCP_OPT_COMPRESSION: 2500 continue; 2501#endif 2502 case IPCP_OPT_ADDRESS: 2503 desiredaddr = p[2] << 24 | p[3] << 16 | 2504 p[4] << 8 | p[5]; 2505 if (desiredaddr == hisaddr) { 2506 /* 2507 * Peer's address is same as our value, 2508 * this is agreeable. Gonna conf-ack 2509 * it. 2510 */ 2511 if (debug) 2512 addlog("%s [ack] ", 2513 sppp_dotted_quad(hisaddr)); 2514 /* record that we've seen it already */ 2515 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2516 continue; 2517 } 2518 /* 2519 * The address wasn't agreeable. This is either 2520 * he sent us 0.0.0.0, asking to assign him an 2521 * address, or he send us another address not 2522 * matching our value. Either case, we gonna 2523 * conf-nak it with our value. 2524 */ 2525 if (debug) { 2526 if (desiredaddr == 0) 2527 addlog("[addr requested] "); 2528 else 2529 addlog("%s [not agreed] ", 2530 sppp_dotted_quad(desiredaddr)); 2531 2532 p[2] = hisaddr >> 24; 2533 p[3] = hisaddr >> 16; 2534 p[4] = hisaddr >> 8; 2535 p[5] = hisaddr; 2536 } 2537 break; 2538 } 2539 /* Add the option to nak'ed list. */ 2540 bcopy (p, r, p[1]); 2541 r += p[1]; 2542 rlen += p[1]; 2543 } 2544 2545 /* 2546 * If we are about to conf-ack the request, but haven't seen 2547 * his address so far, gonna conf-nak it instead, with the 2548 * `address' option present and our idea of his address being 2549 * filled in there, to request negotiation of both addresses. 2550 * 2551 * XXX This can result in an endless req - nak loop if peer 2552 * doesn't want to send us his address. Q: What should we do 2553 * about it? XXX A: implement the max-failure counter. 2554 */ 2555 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) { 2556 buf[0] = IPCP_OPT_ADDRESS; 2557 buf[1] = 6; 2558 buf[2] = hisaddr >> 24; 2559 buf[3] = hisaddr >> 16; 2560 buf[4] = hisaddr >> 8; 2561 buf[5] = hisaddr; 2562 rlen = 6; 2563 if (debug) 2564 addlog("still need hisaddr "); 2565 } 2566 2567 if (rlen) { 2568 if (debug) 2569 addlog(" send conf-nak\n"); 2570 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2571 } else { 2572 if (debug) 2573 addlog(" send conf-ack\n"); 2574 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2575 h->ident, origlen, h+1); 2576 } 2577 2578 free (buf, M_TEMP); 2579 return (rlen == 0); 2580} 2581 2582/* 2583 * Analyze the IPCP Configure-Reject option list, and adjust our 2584 * negotiation. 2585 */ 2586static void 2587sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2588{ 2589 u_char *buf, *p; 2590 struct ifnet *ifp = &sp->pp_if; 2591 int debug = ifp->if_flags & IFF_DEBUG; 2592 2593 len -= 4; 2594 buf = malloc (len, M_TEMP, M_NOWAIT); 2595 if (!buf) 2596 return; 2597 2598 if (debug) 2599 log(LOG_DEBUG, "%s%d: ipcp rej opts: ", 2600 ifp->if_name, ifp->if_unit); 2601 2602 p = (void*) (h+1); 2603 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2604 if (debug) 2605 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2606 switch (*p) { 2607 case IPCP_OPT_ADDRESS: 2608 /* 2609 * Peer doesn't grok address option. This is 2610 * bad. XXX Should we better give up here? 2611 */ 2612 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 2613 break; 2614#ifdef notyet 2615 case IPCP_OPT_COMPRESS: 2616 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 2617 break; 2618#endif 2619 } 2620 } 2621 if (debug) 2622 addlog("\n"); 2623 free (buf, M_TEMP); 2624 return; 2625} 2626 2627/* 2628 * Analyze the IPCP Configure-NAK option list, and adjust our 2629 * negotiation. 2630 */ 2631static void 2632sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2633{ 2634 u_char *buf, *p; 2635 struct ifnet *ifp = &sp->pp_if; 2636 int debug = ifp->if_flags & IFF_DEBUG; 2637 u_long wantaddr; 2638 2639 len -= 4; 2640 buf = malloc (len, M_TEMP, M_NOWAIT); 2641 if (!buf) 2642 return; 2643 2644 if (debug) 2645 log(LOG_DEBUG, "%s%d: ipcp nak opts: ", 2646 ifp->if_name, ifp->if_unit); 2647 2648 p = (void*) (h+1); 2649 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2650 if (debug) 2651 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2652 switch (*p) { 2653 case IPCP_OPT_ADDRESS: 2654 /* 2655 * Peer doesn't like our local IP address. See 2656 * if we can do something for him. We'll drop 2657 * him our address then. 2658 */ 2659 if (len >= 6 && p[1] == 6) { 2660 wantaddr = p[2] << 24 | p[3] << 16 | 2661 p[4] << 8 | p[5]; 2662 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2663 if (debug) 2664 addlog("[wantaddr %s] ", 2665 sppp_dotted_quad(wantaddr)); 2666 /* 2667 * When doing dynamic address assignment, 2668 * we accept his offer. Otherwise, we 2669 * ignore it and thus continue to negotiate 2670 * our already existing value. 2671 */ 2672 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 2673 sppp_set_ip_addr(sp, wantaddr); 2674 if (debug) 2675 addlog("[agree] "); 2676 } 2677 } 2678 break; 2679#ifdef notyet 2680 case IPCP_OPT_COMPRESS: 2681 /* 2682 * Peer wants different compression parameters. 2683 */ 2684 break; 2685#endif 2686 } 2687 } 2688 if (debug) 2689 addlog("\n"); 2690 free (buf, M_TEMP); 2691 return; 2692} 2693 2694static void 2695sppp_ipcp_tlu(struct sppp *sp) 2696{ 2697} 2698 2699static void 2700sppp_ipcp_tld(struct sppp *sp) 2701{ 2702} 2703 2704static void 2705sppp_ipcp_tls(struct sppp *sp) 2706{ 2707 /* indicate to LCP that it must stay alive */ 2708 sp->lcp.protos |= (1 << IDX_IPCP); 2709} 2710 2711static void 2712sppp_ipcp_tlf(struct sppp *sp) 2713{ 2714 /* we no longer need LCP */ 2715 sp->lcp.protos &= ~(1 << IDX_IPCP); 2716 sppp_lcp_check_and_close(sp); 2717} 2718 2719static void 2720sppp_ipcp_scr(struct sppp *sp) 2721{ 2722 char opt[6 /* compression */ + 6 /* address */]; 2723 u_long ouraddr; 2724 int i = 0; 2725 2726#ifdef notyet 2727 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 2728 opt[i++] = IPCP_OPT_COMPRESSION; 2729 opt[i++] = 6; 2730 opt[i++] = 0; /* VJ header compression */ 2731 opt[i++] = 0x2d; /* VJ header compression */ 2732 opt[i++] = max_slot_id; 2733 opt[i++] = comp_slot_id; 2734 } 2735#endif 2736 2737 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 2738 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 2739 opt[i++] = IPCP_OPT_ADDRESS; 2740 opt[i++] = 6; 2741 opt[i++] = ouraddr >> 24; 2742 opt[i++] = ouraddr >> 16; 2743 opt[i++] = ouraddr >> 8; 2744 opt[i++] = ouraddr; 2745 } 2746 2747 sp->confid[IDX_IPCP] = ++sp->pp_seq; 2748 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 2749} 2750 2751 2752/* 2753 *--------------------------------------------------------------------------* 2754 * * 2755 * The CHAP implementation. * 2756 * * 2757 *--------------------------------------------------------------------------* 2758 */ 2759 2760/* 2761 * The authentication protocols don't employ a full-fledged state machine as 2762 * the control protocols do, since they do have Open and Close events, but 2763 * not Up and Down, nor are they explicitly terminated. Also, use of the 2764 * authentication protocols may be different in both directions (this makes 2765 * sense, think of a machine that never accepts incoming calls but only 2766 * calls out, it doesn't require the called party to authenticate itself). 2767 * 2768 * Our state machine for the local authentication protocol (we are requesting 2769 * the peer to authenticate) looks like: 2770 * 2771 * RCA- 2772 * +--------------------------------------------+ 2773 * V scn,tld| 2774 * +--------+ Close +---------+ RCA+ 2775 * | |<----------------------------------| |------+ 2776 * +--->| Closed | TO* | Opened | sca | 2777 * | | |-----+ +-------| |<-----+ 2778 * | +--------+ irc | | +---------+ 2779 * | ^ | | ^ 2780 * | | | | | 2781 * | | | | | 2782 * | TO-| | | | 2783 * | |tld TO+ V | | 2784 * | | +------->+ | | 2785 * | | | | | | 2786 * | +--------+ V | | 2787 * | | |<----+<--------------------+ | 2788 * | | Req- | scr | 2789 * | | Sent | | 2790 * | | | | 2791 * | +--------+ | 2792 * | RCA- | | RCA+ | 2793 * +------+ +------------------------------------------+ 2794 * scn,tld sca,irc,ict,tlu 2795 * 2796 * 2797 * with: 2798 * 2799 * Open: LCP reached authentication phase 2800 * Close: LCP reached terminate phase 2801 * 2802 * RCA+: received reply (pap-req, chap-response), acceptable 2803 * RCN: received reply (pap-req, chap-response), not acceptable 2804 * TO+: timeout with restart counter >= 0 2805 * TO-: timeout with restart counter < 0 2806 * TO*: reschedule timeout for CHAP 2807 * 2808 * scr: send request packet (none for PAP, chap-challenge) 2809 * sca: send ack packet (pap-ack, chap-success) 2810 * scn: send nak packet (pap-nak, chap-failure) 2811 * ict: initialize re-challenge timer (CHAP only) 2812 * 2813 * tlu: this-layer-up, LCP reaches network phase 2814 * tld: this-layer-down, LCP enters terminate phase 2815 * 2816 * Note that in CHAP mode, after sending a new challenge, while the state 2817 * automaton falls back into Req-Sent state, it doesn't signal a tld 2818 * event to LCP, so LCP remains in network phase. Only after not getting 2819 * any response (or after getting an unacceptable response), CHAP closes, 2820 * causing LCP to enter terminate phase. 2821 * 2822 * With PAP, there is no initial request that can be sent. The peer is 2823 * expected to send one based on the successful negotiation of PAP as 2824 * the authentication protocol during the LCP option negotiation. 2825 * 2826 * Incoming authentication protocol requests (remote requests 2827 * authentication, we are peer) don't employ a state machine at all, 2828 * they are simply answered. Some peers [Ascend P50 firmware rev 2829 * 4.50] react allergically when sending IPCP requests while they are 2830 * still in authentication phase (thereby violating the standard that 2831 * demands that these NCP packets are to be discarded), so we keep 2832 * track of the peer demanding us to authenticate, and only proceed to 2833 * phase network once we've seen a positive acknowledge for the 2834 * authentication. 2835 */ 2836 2837/* 2838 * Handle incoming CHAP packets. 2839 */ 2840void 2841sppp_chap_input(struct sppp *sp, struct mbuf *m) 2842{ 2843 STDDCL; 2844 struct lcp_header *h; 2845 int len, x; 2846 u_char *value, *name, digest[AUTHKEYLEN], dsize; 2847 int value_len, name_len; 2848 MD5_CTX ctx; 2849 2850 len = m->m_pkthdr.len; 2851 if (len < 4) { 2852 if (debug) 2853 log(LOG_DEBUG, 2854 "%s%d: chap invalid packet length: %d bytes\n", 2855 ifp->if_name, ifp->if_unit, len); 2856 return; 2857 } 2858 h = mtod (m, struct lcp_header*); 2859 if (len > ntohs (h->len)) 2860 len = ntohs (h->len); 2861 2862 switch (h->type) { 2863 /* challenge, failure and success are his authproto */ 2864 case CHAP_CHALLENGE: 2865 value = 1 + (u_char*)(h+1); 2866 value_len = value[-1]; 2867 name = value + value_len; 2868 name_len = len - value_len - 5; 2869 if (name_len < 0) { 2870 if (debug) { 2871 log(LOG_DEBUG, 2872 "%s%d: chap corrupted challenge " 2873 "<%s id=0x%x len=%d", 2874 ifp->if_name, ifp->if_unit, 2875 sppp_auth_type_name(PPP_CHAP, h->type), 2876 h->ident, ntohs(h->len)); 2877 if (len > 4) 2878 sppp_print_bytes((u_char*) (h+1), len-4); 2879 addlog(">\n"); 2880 } 2881 break; 2882 } 2883 2884 if (debug) { 2885 log(LOG_DEBUG, 2886 "%s%d: chap input <%s id=0x%x len=%d name=", 2887 ifp->if_name, ifp->if_unit, 2888 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 2889 ntohs(h->len)); 2890 sppp_print_string((char*) name, name_len); 2891 addlog(" value-size=%d value=", value_len); 2892 sppp_print_bytes(value, value_len); 2893 addlog(">\n"); 2894 } 2895 2896 /* Compute reply value. */ 2897 MD5Init(&ctx); 2898 MD5Update(&ctx, &h->ident, 1); 2899 MD5Update(&ctx, sp->myauth.secret, 2900 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 2901 MD5Update(&ctx, value, value_len); 2902 MD5Final(digest, &ctx); 2903 dsize = sizeof digest; 2904 2905 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 2906 sizeof dsize, (const char *)&dsize, 2907 sizeof digest, digest, 2908 sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 2909 sp->myauth.name, 2910 0); 2911 break; 2912 2913 case CHAP_SUCCESS: 2914 if (debug) { 2915 log(LOG_DEBUG, "%s%d: chap success", 2916 ifp->if_name, ifp->if_unit); 2917 if (len > 4) { 2918 addlog(": "); 2919 sppp_print_string((char*)(h + 1), len - 4); 2920 } 2921 addlog("\n"); 2922 } 2923 x = splimp(); 2924 sp->pp_flags &= ~PP_NEEDAUTH; 2925 if (sp->myauth.proto == PPP_CHAP && 2926 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 2927 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 2928 /* 2929 * We are authenticator for CHAP but didn't 2930 * complete yet. Leave it to tlu to proceed 2931 * to network phase. 2932 */ 2933 splx(x); 2934 break; 2935 } 2936 splx(x); 2937 sppp_phase_network(sp); 2938 break; 2939 2940 case CHAP_FAILURE: 2941 if (debug) { 2942 log(LOG_INFO, "%s%d: chap failure", 2943 ifp->if_name, ifp->if_unit); 2944 if (len > 4) { 2945 addlog(": "); 2946 sppp_print_string((char*)(h + 1), len - 4); 2947 } 2948 addlog("\n"); 2949 } else 2950 log(LOG_INFO, "%s%d: chap failure\n", 2951 ifp->if_name, ifp->if_unit); 2952 /* await LCP shutdown by authenticator */ 2953 break; 2954 2955 /* response is my authproto */ 2956 case CHAP_RESPONSE: 2957 value = 1 + (u_char*)(h+1); 2958 value_len = value[-1]; 2959 name = value + value_len; 2960 name_len = len - value_len - 5; 2961 if (name_len < 0) { 2962 if (debug) { 2963 log(LOG_DEBUG, 2964 "%s%d: chap corrupted response " 2965 "<%s id=0x%x len=%d", 2966 ifp->if_name, ifp->if_unit, 2967 sppp_auth_type_name(PPP_CHAP, h->type), 2968 h->ident, ntohs(h->len)); 2969 if (len > 4) 2970 sppp_print_bytes((u_char*)(h+1), len-4); 2971 addlog(">\n"); 2972 } 2973 break; 2974 } 2975 if (h->ident != sp->confid[IDX_CHAP]) { 2976 if (debug) 2977 log(LOG_DEBUG, 2978 "%s%d: chap dropping response for old ID " 2979 "(got %d, expected %d)\n", 2980 h->ident, sp->confid[IDX_CHAP]); 2981 break; 2982 } 2983 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 2984 || bcmp(name, sp->hisauth.name, name_len) != 0) { 2985 log(LOG_INFO, "%s%d: chap response, his name ", 2986 ifp->if_name, ifp->if_unit); 2987 sppp_print_string(name, name_len); 2988 addlog(" != expected "); 2989 sppp_print_string(sp->hisauth.name, 2990 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 2991 addlog("\n"); 2992 } 2993 if (debug) { 2994 log(LOG_DEBUG, "%s%d: chap input(%s) " 2995 "<%s id=0x%x len=%d name=", 2996 ifp->if_name, ifp->if_unit, 2997 sppp_state_name(sp->state[IDX_CHAP]), 2998 sppp_auth_type_name(PPP_CHAP, h->type), 2999 h->ident, ntohs (h->len)); 3000 sppp_print_string((char*)name, name_len); 3001 addlog(" value-size=%d value=", value_len); 3002 sppp_print_bytes(value, value_len); 3003 addlog(">\n"); 3004 } 3005 if (value_len != AUTHKEYLEN) { 3006 if (debug) 3007 log(LOG_DEBUG, 3008 "%s%d: chap bad hash value length: " 3009 "%d bytes, should be %d\n", 3010 ifp->if_name, ifp->if_unit, value_len, 3011 AUTHKEYLEN); 3012 break; 3013 } 3014 3015 MD5Init(&ctx); 3016 MD5Update(&ctx, &h->ident, 1); 3017 MD5Update(&ctx, sp->hisauth.secret, 3018 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 3019 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 3020 MD5Final(digest, &ctx); 3021 3022#define FAILMSG "Failed..." 3023#define SUCCMSG "Welcome!" 3024 3025 if (value_len != sizeof digest || 3026 bcmp(digest, value, value_len) != 0) { 3027 /* action scn, tld */ 3028 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3029 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3030 0); 3031 chap.tld(sp); 3032 break; 3033 } 3034 /* action sca, perhaps tlu */ 3035 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3036 sp->state[IDX_CHAP] == STATE_OPENED) 3037 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3038 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3039 0); 3040 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3041 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3042 chap.tlu(sp); 3043 } 3044 break; 3045 3046 default: 3047 /* Unknown CHAP packet type -- ignore. */ 3048 if (debug) { 3049 log(LOG_DEBUG, "%s%d: chap unknown input(%s) " 3050 "<0x%x id=0x%xh len=%d", 3051 ifp->if_name, ifp->if_unit, 3052 sppp_state_name(sp->state[IDX_CHAP]), 3053 h->type, h->ident, ntohs(h->len)); 3054 if (len > 4) 3055 sppp_print_bytes((u_char*)(h+1), len-4); 3056 addlog(">\n"); 3057 } 3058 break; 3059 3060 } 3061} 3062 3063static void 3064sppp_chap_init(struct sppp *sp) 3065{ 3066 /* Chap doesn't have STATE_INITIAL at all. */ 3067 sp->state[IDX_CHAP] = STATE_CLOSED; 3068 sp->fail_counter[IDX_CHAP] = 0; 3069 callout_handle_init(&sp->ch[IDX_CHAP]); 3070} 3071 3072static void 3073sppp_chap_open(struct sppp *sp) 3074{ 3075 if (sp->myauth.proto == PPP_CHAP && 3076 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3077 /* we are authenticator for CHAP, start it */ 3078 chap.scr(sp); 3079 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3080 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3081 } 3082 /* nothing to be done if we are peer, await a challenge */ 3083} 3084 3085static void 3086sppp_chap_close(struct sppp *sp) 3087{ 3088 if (sp->state[IDX_CHAP] != STATE_CLOSED) 3089 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3090} 3091 3092static void 3093sppp_chap_TO(void *cookie) 3094{ 3095 struct sppp *sp = (struct sppp *)cookie; 3096 STDDCL; 3097 int s; 3098 3099 s = splimp(); 3100 if (debug) 3101 log(LOG_DEBUG, "%s%d: chap TO(%s) rst_counter = %d\n", 3102 ifp->if_name, ifp->if_unit, 3103 sppp_state_name(sp->state[IDX_CHAP]), 3104 sp->rst_counter[IDX_CHAP]); 3105 3106 if (--sp->rst_counter[IDX_CHAP] < 0) 3107 /* TO- event */ 3108 switch (sp->state[IDX_CHAP]) { 3109 case STATE_REQ_SENT: 3110 chap.tld(sp); 3111 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3112 break; 3113 } 3114 else 3115 /* TO+ (or TO*) event */ 3116 switch (sp->state[IDX_CHAP]) { 3117 case STATE_OPENED: 3118 /* TO* event */ 3119 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3120 /* fall through */ 3121 case STATE_REQ_SENT: 3122 chap.scr(sp); 3123 /* sppp_cp_change_state() will restart the timer */ 3124 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3125 break; 3126 } 3127 3128 splx(s); 3129} 3130 3131static void 3132sppp_chap_tlu(struct sppp *sp) 3133{ 3134 STDDCL; 3135 int i, x; 3136 3137 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3138 3139 /* 3140 * Some broken CHAP implementations (Conware CoNet, firmware 3141 * 4.0.?) don't want to re-authenticate their CHAP once the 3142 * initial challenge-response exchange has taken place. 3143 * Provide for an option to avoid rechallenges. 3144 */ 3145 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 3146 /* 3147 * Compute the re-challenge timeout. This will yield 3148 * a number between 300 and 810 seconds. 3149 */ 3150 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 3151 3152 sp->ch[IDX_CHAP] = timeout(chap.TO, (void *)sp, i * hz); 3153 } 3154 3155 if (debug) { 3156 log(LOG_DEBUG, 3157 "%s%d: chap %s, ", 3158 ifp->if_name, ifp->if_unit, 3159 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 3160 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 3161 addlog("next re-challenge in %d seconds\n", i); 3162 else 3163 addlog("re-challenging supressed\n"); 3164 } 3165 3166 x = splimp(); 3167 /* indicate to LCP that we need to be closed down */ 3168 sp->lcp.protos |= (1 << IDX_CHAP); 3169 3170 if (sp->pp_flags & PP_NEEDAUTH) { 3171 /* 3172 * Remote is authenticator, but his auth proto didn't 3173 * complete yet. Defer the transition to network 3174 * phase. 3175 */ 3176 splx(x); 3177 return; 3178 } 3179 splx(x); 3180 3181 /* 3182 * If we are already in phase network, we are done here. This 3183 * is the case if this is a dummy tlu event after a re-challenge. 3184 */ 3185 if (sp->pp_phase != PHASE_NETWORK) 3186 sppp_phase_network(sp); 3187} 3188 3189static void 3190sppp_chap_tld(struct sppp *sp) 3191{ 3192 STDDCL; 3193 3194 if (debug) 3195 log(LOG_DEBUG, "%s%d: chap tld\n", ifp->if_name, ifp->if_unit); 3196 untimeout(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 3197 sp->lcp.protos &= ~(1 << IDX_CHAP); 3198 3199 lcp.Close(sp); 3200} 3201 3202static void 3203sppp_chap_scr(struct sppp *sp) 3204{ 3205 struct timeval tv; 3206 u_long *ch, seed; 3207 u_char clen; 3208 3209 /* Compute random challenge. */ 3210 ch = (u_long *)sp->myauth.challenge; 3211 microtime(&tv); 3212 seed = tv.tv_sec ^ tv.tv_usec; 3213 ch[0] = seed ^ random(); 3214 ch[1] = seed ^ random(); 3215 ch[2] = seed ^ random(); 3216 ch[3] = seed ^ random(); 3217 clen = AUTHKEYLEN; 3218 3219 sp->confid[IDX_CHAP] = ++sp->pp_seq; 3220 3221 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 3222 sizeof clen, (const char *)&clen, 3223 AUTHKEYLEN, sp->myauth.challenge, 3224 sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3225 sp->myauth.name, 3226 0); 3227} 3228/* 3229 *--------------------------------------------------------------------------* 3230 * * 3231 * The PAP implementation. * 3232 * * 3233 *--------------------------------------------------------------------------* 3234 */ 3235/* 3236 * For PAP, we need to keep a little state also if we are the peer, not the 3237 * authenticator. This is since we don't get a request to authenticate, but 3238 * have to repeatedly authenticate ourself until we got a response (or the 3239 * retry counter is expired). 3240 */ 3241 3242/* 3243 * Handle incoming PAP packets. */ 3244static void 3245sppp_pap_input(struct sppp *sp, struct mbuf *m) 3246{ 3247 STDDCL; 3248 struct lcp_header *h; 3249 int len, x; 3250 u_char *name, *passwd, mlen; 3251 int name_len, passwd_len; 3252 3253 len = m->m_pkthdr.len; 3254 if (len < 5) { 3255 if (debug) 3256 log(LOG_DEBUG, 3257 "%s%d: pap invalid packet length: %d bytes\n", 3258 ifp->if_name, ifp->if_unit, len); 3259 return; 3260 } 3261 h = mtod (m, struct lcp_header*); 3262 if (len > ntohs (h->len)) 3263 len = ntohs (h->len); 3264 switch (h->type) { 3265 /* PAP request is my authproto */ 3266 case PAP_REQ: 3267 name = 1 + (u_char*)(h+1); 3268 name_len = name[-1]; 3269 passwd = name + name_len + 1; 3270 if (name_len > len - 6 || 3271 (passwd_len = passwd[-1]) > len - 6 - name_len) { 3272 if (debug) { 3273 log(LOG_DEBUG, "%s%d: pap corrupted input " 3274 "<%s id=0x%x len=%d", 3275 ifp->if_name, ifp->if_unit, 3276 sppp_auth_type_name(PPP_PAP, h->type), 3277 h->ident, ntohs(h->len)); 3278 if (len > 4) 3279 sppp_print_bytes((u_char*)(h+1), len-4); 3280 addlog(">\n"); 3281 } 3282 break; 3283 } 3284 if (debug) { 3285 log(LOG_DEBUG, "%s%d: pap input(%s) " 3286 "<%s id=0x%x len=%d name=", 3287 ifp->if_name, ifp->if_unit, 3288 sppp_state_name(sp->state[IDX_PAP]), 3289 sppp_auth_type_name(PPP_PAP, h->type), 3290 h->ident, ntohs(h->len)); 3291 sppp_print_string((char*)name, name_len); 3292 addlog(" passwd="); 3293 sppp_print_string((char*)passwd, passwd_len); 3294 addlog(">\n"); 3295 } 3296 if (name_len > AUTHNAMELEN || 3297 passwd_len > AUTHKEYLEN || 3298 bcmp(name, sp->hisauth.name, name_len) != 0 || 3299 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 3300 /* action scn, tld */ 3301 mlen = sizeof(FAILMSG) - 1; 3302 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 3303 sizeof mlen, (const char *)&mlen, 3304 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3305 0); 3306 pap.tld(sp); 3307 break; 3308 } 3309 /* action sca, perhaps tlu */ 3310 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 3311 sp->state[IDX_PAP] == STATE_OPENED) { 3312 mlen = sizeof(SUCCMSG) - 1; 3313 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 3314 sizeof mlen, (const char *)&mlen, 3315 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3316 0); 3317 } 3318 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 3319 sppp_cp_change_state(&pap, sp, STATE_OPENED); 3320 pap.tlu(sp); 3321 } 3322 break; 3323 3324 /* ack and nak are his authproto */ 3325 case PAP_ACK: 3326 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3327 if (debug) { 3328 log(LOG_DEBUG, "%s%d: pap success", 3329 ifp->if_name, ifp->if_unit); 3330 name_len = *((char *)h); 3331 if (len > 5 && name_len) { 3332 addlog(": "); 3333 sppp_print_string((char*)(h+1), name_len); 3334 } 3335 addlog("\n"); 3336 } 3337 x = splimp(); 3338 sp->pp_flags &= ~PP_NEEDAUTH; 3339 if (sp->myauth.proto == PPP_PAP && 3340 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3341 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 3342 /* 3343 * We are authenticator for PAP but didn't 3344 * complete yet. Leave it to tlu to proceed 3345 * to network phase. 3346 */ 3347 splx(x); 3348 break; 3349 } 3350 splx(x); 3351 sppp_phase_network(sp); 3352 break; 3353 3354 case PAP_NAK: 3355 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3356 if (debug) { 3357 log(LOG_INFO, "%s%d: pap failure", 3358 ifp->if_name, ifp->if_unit); 3359 name_len = *((char *)h); 3360 if (len > 5 && name_len) { 3361 addlog(": "); 3362 sppp_print_string((char*)(h+1), name_len); 3363 } 3364 addlog("\n"); 3365 } else 3366 log(LOG_INFO, "%s%d: pap failure\n", 3367 ifp->if_name, ifp->if_unit); 3368 /* await LCP shutdown by authenticator */ 3369 break; 3370 3371 default: 3372 /* Unknown PAP packet type -- ignore. */ 3373 if (debug) { 3374 log(LOG_DEBUG, "%s%d: pap corrupted input " 3375 "<0x%x id=0x%x len=%d", 3376 ifp->if_name, ifp->if_unit, 3377 h->type, h->ident, ntohs(h->len)); 3378 if (len > 4) 3379 sppp_print_bytes((u_char*)(h+1), len-4); 3380 addlog(">\n"); 3381 } 3382 break; 3383 3384 } 3385} 3386 3387static void 3388sppp_pap_init(struct sppp *sp) 3389{ 3390 /* PAP doesn't have STATE_INITIAL at all. */ 3391 sp->state[IDX_PAP] = STATE_CLOSED; 3392 sp->fail_counter[IDX_PAP] = 0; 3393 callout_handle_init(&sp->ch[IDX_PAP]); 3394 callout_handle_init(&sp->pap_my_to_ch); 3395} 3396 3397static void 3398sppp_pap_open(struct sppp *sp) 3399{ 3400 if (sp->hisauth.proto == PPP_PAP && 3401 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3402 /* we are authenticator for PAP, start our timer */ 3403 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3404 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3405 } 3406 if (sp->myauth.proto == PPP_PAP) { 3407 /* we are peer, send a request, and start a timer */ 3408 pap.scr(sp); 3409 sp->pap_my_to_ch = timeout(sppp_pap_my_TO, (void *)sp, 3410 sp->lcp.timeout); 3411 } 3412} 3413 3414static void 3415sppp_pap_close(struct sppp *sp) 3416{ 3417 if (sp->state[IDX_PAP] != STATE_CLOSED) 3418 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3419} 3420 3421/* 3422 * That's the timeout routine if we are authenticator. Since the 3423 * authenticator is basically passive in PAP, we can't do much here. 3424 */ 3425static void 3426sppp_pap_TO(void *cookie) 3427{ 3428 struct sppp *sp = (struct sppp *)cookie; 3429 STDDCL; 3430 int s; 3431 3432 s = splimp(); 3433 if (debug) 3434 log(LOG_DEBUG, "%s%d: pap TO(%s) rst_counter = %d\n", 3435 ifp->if_name, ifp->if_unit, 3436 sppp_state_name(sp->state[IDX_PAP]), 3437 sp->rst_counter[IDX_PAP]); 3438 3439 if (--sp->rst_counter[IDX_PAP] < 0) 3440 /* TO- event */ 3441 switch (sp->state[IDX_PAP]) { 3442 case STATE_REQ_SENT: 3443 pap.tld(sp); 3444 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3445 break; 3446 } 3447 else 3448 /* TO+ event, not very much we could do */ 3449 switch (sp->state[IDX_PAP]) { 3450 case STATE_REQ_SENT: 3451 /* sppp_cp_change_state() will restart the timer */ 3452 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3453 break; 3454 } 3455 3456 splx(s); 3457} 3458 3459/* 3460 * That's the timeout handler if we are peer. Since the peer is active, 3461 * we need to retransmit our PAP request since it is apparently lost. 3462 * XXX We should impose a max counter. 3463 */ 3464static void 3465sppp_pap_my_TO(void *cookie) 3466{ 3467 struct sppp *sp = (struct sppp *)cookie; 3468 STDDCL; 3469 3470 if (debug) 3471 log(LOG_DEBUG, "%s%d: pap peer TO\n", 3472 ifp->if_name, ifp->if_unit); 3473 3474 pap.scr(sp); 3475} 3476 3477static void 3478sppp_pap_tlu(struct sppp *sp) 3479{ 3480 STDDCL; 3481 int x; 3482 3483 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3484 3485 if (debug) 3486 log(LOG_DEBUG, "%s%d: %s tlu\n", 3487 ifp->if_name, ifp->if_unit, pap.name); 3488 3489 x = splimp(); 3490 /* indicate to LCP that we need to be closed down */ 3491 sp->lcp.protos |= (1 << IDX_PAP); 3492 3493 if (sp->pp_flags & PP_NEEDAUTH) { 3494 /* 3495 * Remote is authenticator, but his auth proto didn't 3496 * complete yet. Defer the transition to network 3497 * phase. 3498 */ 3499 splx(x); 3500 return; 3501 } 3502 splx(x); 3503 sppp_phase_network(sp); 3504} 3505 3506static void 3507sppp_pap_tld(struct sppp *sp) 3508{ 3509 STDDCL; 3510 3511 if (debug) 3512 log(LOG_DEBUG, "%s%d: pap tld\n", ifp->if_name, ifp->if_unit); 3513 untimeout(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 3514 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3515 sp->lcp.protos &= ~(1 << IDX_PAP); 3516 3517 lcp.Close(sp); 3518} 3519 3520static void 3521sppp_pap_scr(struct sppp *sp) 3522{ 3523 STDDCL; 3524 u_char idlen, pwdlen; 3525 3526 sp->confid[IDX_PAP] = ++sp->pp_seq; 3527 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 3528 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 3529 3530 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 3531 sizeof idlen, (const char *)&idlen, 3532 (unsigned)idlen, sp->myauth.name, 3533 sizeof pwdlen, (const char *)&pwdlen, 3534 (unsigned)pwdlen, sp->myauth.secret, 3535 0); 3536} 3537/* 3538 * Random miscellaneous functions. 3539 */ 3540 3541/* 3542 * Send a PAP or CHAP proto packet. 3543 * 3544 * Varadic function, each of the elements for the ellipsis is of type 3545 * ``unsigned mlen, const u_char *msg''. Processing will stop iff 3546 * mlen == 0. 3547 */ 3548 3549static void 3550sppp_auth_send(const struct cp *cp, struct sppp *sp, u_char type, u_char id, 3551 ...) 3552{ 3553 STDDCL; 3554 struct ppp_header *h; 3555 struct lcp_header *lh; 3556 struct mbuf *m; 3557 u_char *p; 3558 int len; 3559 unsigned mlen; 3560 const char *msg; 3561 va_list ap; 3562 3563 MGETHDR (m, M_DONTWAIT, MT_DATA); 3564 if (! m) 3565 return; 3566 m->m_pkthdr.rcvif = 0; 3567 3568 h = mtod (m, struct ppp_header*); 3569 h->address = PPP_ALLSTATIONS; /* broadcast address */ 3570 h->control = PPP_UI; /* Unnumbered Info */ 3571 h->protocol = htons(cp->proto); 3572 3573 lh = (struct lcp_header*)(h + 1); 3574 lh->type = type; 3575 lh->ident = id; 3576 p = (u_char*) (lh+1); 3577 3578 va_start(ap, id); 3579 len = 0; 3580 3581 while ((mlen = va_arg(ap, unsigned)) != 0) { 3582 msg = va_arg(ap, const char *); 3583 len += mlen; 3584 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 3585 va_end(ap); 3586 m_freem(m); 3587 return; 3588 } 3589 3590 bcopy(msg, p, mlen); 3591 p += mlen; 3592 } 3593 va_end(ap); 3594 3595 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 3596 lh->len = htons (LCP_HEADER_LEN + len); 3597 3598 if (debug) { 3599 log(LOG_DEBUG, "%s%d: %s output <%s id=0x%x len=%d", 3600 ifp->if_name, ifp->if_unit, cp->name, 3601 sppp_auth_type_name(cp->proto, lh->type), 3602 lh->ident, ntohs(lh->len)); 3603 if (len) 3604 sppp_print_bytes((u_char*) (lh+1), len); 3605 addlog(">\n"); 3606 } 3607 if (IF_QFULL (&sp->pp_cpq)) { 3608 IF_DROP (&sp->pp_fastq); 3609 IF_DROP (&ifp->if_snd); 3610 m_freem (m); 3611 ++ifp->if_oerrors; 3612 } else 3613 IF_ENQUEUE (&sp->pp_cpq, m); 3614 if (! (ifp->if_flags & IFF_OACTIVE)) 3615 (*ifp->if_start) (ifp); 3616 ifp->if_obytes += m->m_pkthdr.len + 3; 3617} 3618 3619/* 3620 * Flush interface queue. 3621 */ 3622static void 3623sppp_qflush(struct ifqueue *ifq) 3624{ 3625 struct mbuf *m, *n; 3626 3627 n = ifq->ifq_head; 3628 while ((m = n)) { 3629 n = m->m_act; 3630 m_freem (m); 3631 } 3632 ifq->ifq_head = 0; 3633 ifq->ifq_tail = 0; 3634 ifq->ifq_len = 0; 3635} 3636 3637/* 3638 * Send keepalive packets, every 10 seconds. 3639 */ 3640static void 3641sppp_keepalive(void *dummy) 3642{ 3643 struct sppp *sp; 3644 int s; 3645 3646 s = splimp(); 3647 for (sp=spppq; sp; sp=sp->pp_next) { 3648 struct ifnet *ifp = &sp->pp_if; 3649 3650 /* Keepalive mode disabled or channel down? */ 3651 if (! (sp->pp_flags & PP_KEEPALIVE) || 3652 ! (ifp->if_flags & IFF_RUNNING)) 3653 continue; 3654 3655 /* No keepalive in PPP mode if LCP not opened yet. */ 3656 if (! (sp->pp_flags & PP_CISCO) && 3657 sp->pp_phase < PHASE_AUTHENTICATE) 3658 continue; 3659 3660 if (sp->pp_alivecnt == MAXALIVECNT) { 3661 /* No keepalive packets got. Stop the interface. */ 3662 printf ("%s%d: down\n", ifp->if_name, ifp->if_unit); 3663 if_down (ifp); 3664 sppp_qflush (&sp->pp_cpq); 3665 if (! (sp->pp_flags & PP_CISCO)) { 3666 /* XXX */ 3667 /* Shut down the PPP link. */ 3668 lcp.Down(sp); 3669 /* Initiate negotiation. XXX */ 3670 lcp.Up(sp); 3671 } 3672 } 3673 if (sp->pp_alivecnt <= MAXALIVECNT) 3674 ++sp->pp_alivecnt; 3675 if (sp->pp_flags & PP_CISCO) 3676 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, ++sp->pp_seq, 3677 sp->pp_rseq); 3678 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 3679 long nmagic = htonl (sp->lcp.magic); 3680 sp->lcp.echoid = ++sp->pp_seq; 3681 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 3682 sp->lcp.echoid, 4, &nmagic); 3683 } 3684 } 3685 splx(s); 3686 keepalive_ch = timeout(sppp_keepalive, 0, hz * 10); 3687} 3688 3689/* 3690 * Get both IP addresses. 3691 */ 3692static void 3693sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 3694{ 3695 struct ifnet *ifp = &sp->pp_if; 3696 struct ifaddr *ifa; 3697 struct sockaddr_in *si, *sm; 3698 u_long ssrc, ddst; 3699 3700 ssrc = ddst = 0L; 3701 /* 3702 * Pick the first AF_INET address from the list, 3703 * aliases don't make any sense on a p2p link anyway. 3704 */ 3705 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 3706 ifa; 3707 ifa = ifa->ifa_link.tqe_next) 3708 if (ifa->ifa_addr->sa_family == AF_INET) { 3709 si = (struct sockaddr_in *)ifa->ifa_addr; 3710 sm = (struct sockaddr_in *)ifa->ifa_netmask; 3711 if (si) 3712 break; 3713 } 3714 if (ifa) { 3715 if (si && si->sin_addr.s_addr) { 3716 ssrc = si->sin_addr.s_addr; 3717 if (srcmask) 3718 *srcmask = ntohl(sm->sin_addr.s_addr); 3719 } 3720 3721 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 3722 if (si && si->sin_addr.s_addr) 3723 ddst = si->sin_addr.s_addr; 3724 } 3725 3726 if (dst) *dst = ntohl(ddst); 3727 if (src) *src = ntohl(ssrc); 3728} 3729 3730/* 3731 * Set my IP address. Must be called at splimp. 3732 */ 3733static void 3734sppp_set_ip_addr(struct sppp *sp, u_long src) 3735{ 3736 struct ifnet *ifp = &sp->pp_if; 3737 struct ifaddr *ifa; 3738 struct sockaddr_in *si; 3739 u_long ssrc, ddst; 3740 3741 /* 3742 * Pick the first AF_INET address from the list, 3743 * aliases don't make any sense on a p2p link anyway. 3744 */ 3745 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 3746 ifa; 3747 ifa = ifa->ifa_link.tqe_next) 3748 if (ifa->ifa_addr->sa_family == AF_INET) { 3749 si = (struct sockaddr_in *)ifa->ifa_addr; 3750 if (si) 3751 break; 3752 } 3753 if (ifa && si) 3754 si->sin_addr.s_addr = htonl(src); 3755} 3756 3757static int 3758sppp_params(struct sppp *sp, int cmd, void *data) 3759{ 3760 int subcmd; 3761 struct ifreq *ifr = (struct ifreq *)data; 3762 struct spppreq spr; 3763 3764 /* 3765 * ifr->ifr_data is supposed to point to a struct spppreq. 3766 * Check the cmd word first before attempting to fetch all the 3767 * data. 3768 */ 3769 if ((subcmd = fuword(ifr->ifr_data)) == -1) 3770 return EFAULT; 3771 3772 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0) 3773 return EFAULT; 3774 3775 switch (subcmd) { 3776 case SPPPIOGDEFS: 3777 if (cmd != SIOCGIFGENERIC) 3778 return EINVAL; 3779 /* 3780 * We copy over the entire current state, but clean 3781 * out some of the stuff we don't wanna pass up. 3782 * Remember, SIOCGIFGENERIC is unprotected, and can be 3783 * called by any user. No need to ever get PAP or 3784 * CHAP secrets back to userland anyway. 3785 */ 3786 bcopy(sp, &spr.defs, sizeof(struct sppp)); 3787 bzero(spr.defs.myauth.secret, AUTHKEYLEN); 3788 bzero(spr.defs.myauth.challenge, AUTHKEYLEN); 3789 bzero(spr.defs.hisauth.secret, AUTHKEYLEN); 3790 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN); 3791 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr); 3792 3793 case SPPPIOSDEFS: 3794 if (cmd != SIOCSIFGENERIC) 3795 return EINVAL; 3796 /* 3797 * We have a very specific idea of which fields we allow 3798 * being passed back from userland, so to not clobber our 3799 * current state. For one, we only allow setting 3800 * anything if LCP is in dead phase. Once the LCP 3801 * negotiations started, the authentication settings must 3802 * not be changed again. (The administrator can force an 3803 * ifconfig down in order to get LCP back into dead 3804 * phase.) 3805 * 3806 * Also, we only allow for authentication parameters to be 3807 * specified. 3808 * 3809 * XXX Should allow to set or clear pp_flags. 3810 * 3811 * Finally, if the respective authentication protocol to 3812 * be used is set differently than 0, but the secret is 3813 * passed as all zeros, we don't trash the existing secret. 3814 * This allows an administrator to change the system name 3815 * only without clobbering the secret (which he didn't get 3816 * back in a previous SPPPIOGDEFS call). However, the 3817 * secrets are cleared if the authentication protocol is 3818 * reset to 0. 3819 */ 3820 if (sp->pp_phase != PHASE_DEAD) 3821 return EBUSY; 3822 3823 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP && 3824 spr.defs.myauth.proto != PPP_CHAP) || 3825 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP && 3826 spr.defs.hisauth.proto != PPP_CHAP)) 3827 return EINVAL; 3828 3829 if (spr.defs.myauth.proto == 0) 3830 /* resetting myauth */ 3831 bzero(&sp->myauth, sizeof sp->myauth); 3832 else { 3833 /* setting/changing myauth */ 3834 sp->myauth.proto = spr.defs.myauth.proto; 3835 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 3836 if (spr.defs.myauth.secret[0] != '\0') 3837 bcopy(spr.defs.myauth.secret, sp->myauth.secret, 3838 AUTHKEYLEN); 3839 } 3840 if (spr.defs.hisauth.proto == 0) 3841 /* resetting hisauth */ 3842 bzero(&sp->hisauth, sizeof sp->hisauth); 3843 else { 3844 /* setting/changing hisauth */ 3845 sp->hisauth.proto = spr.defs.hisauth.proto; 3846 sp->hisauth.flags = spr.defs.hisauth.flags; 3847 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 3848 if (spr.defs.hisauth.secret[0] != '\0') 3849 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret, 3850 AUTHKEYLEN); 3851 } 3852 break; 3853 3854 default: 3855 return EINVAL; 3856 } 3857 3858 return 0; 3859} 3860 3861static void 3862sppp_phase_network(struct sppp *sp) 3863{ 3864 struct ifnet *ifp = &sp->pp_if; 3865 int i; 3866 u_long mask; 3867 3868 sp->pp_phase = PHASE_NETWORK; 3869 3870 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit, 3871 sppp_phase_name(sp->pp_phase)); 3872 3873 /* Notify NCPs now. */ 3874 for (i = 0; i < IDX_COUNT; i++) 3875 if ((cps[i])->flags & CP_NCP) 3876 (cps[i])->Open(sp); 3877 3878 /* Send Up events to all NCPs. */ 3879 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 3880 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 3881 (cps[i])->Up(sp); 3882 3883 /* if no NCP is starting, all this was in vain, close down */ 3884 sppp_lcp_check_and_close(sp); 3885} 3886 3887 3888static const char * 3889sppp_cp_type_name(u_char type) 3890{ 3891 static char buf[12]; 3892 switch (type) { 3893 case CONF_REQ: return "conf-req"; 3894 case CONF_ACK: return "conf-ack"; 3895 case CONF_NAK: return "conf-nak"; 3896 case CONF_REJ: return "conf-rej"; 3897 case TERM_REQ: return "term-req"; 3898 case TERM_ACK: return "term-ack"; 3899 case CODE_REJ: return "code-rej"; 3900 case PROTO_REJ: return "proto-rej"; 3901 case ECHO_REQ: return "echo-req"; 3902 case ECHO_REPLY: return "echo-reply"; 3903 case DISC_REQ: return "discard-req"; 3904 } 3905 sprintf (buf, "0x%x", type); 3906 return buf; 3907} 3908 3909static const char * 3910sppp_auth_type_name(u_short proto, u_char type) 3911{ 3912 static char buf[12]; 3913 switch (proto) { 3914 case PPP_CHAP: 3915 switch (type) { 3916 case CHAP_CHALLENGE: return "challenge"; 3917 case CHAP_RESPONSE: return "response"; 3918 case CHAP_SUCCESS: return "success"; 3919 case CHAP_FAILURE: return "failure"; 3920 } 3921 case PPP_PAP: 3922 switch (type) { 3923 case PAP_REQ: return "req"; 3924 case PAP_ACK: return "ack"; 3925 case PAP_NAK: return "nak"; 3926 } 3927 } 3928 sprintf (buf, "0x%x", type); 3929 return buf; 3930} 3931 3932static const char * 3933sppp_lcp_opt_name(u_char opt) 3934{ 3935 static char buf[12]; 3936 switch (opt) { 3937 case LCP_OPT_MRU: return "mru"; 3938 case LCP_OPT_ASYNC_MAP: return "async-map"; 3939 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 3940 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 3941 case LCP_OPT_MAGIC: return "magic"; 3942 case LCP_OPT_PROTO_COMP: return "proto-comp"; 3943 case LCP_OPT_ADDR_COMP: return "addr-comp"; 3944 } 3945 sprintf (buf, "0x%x", opt); 3946 return buf; 3947} 3948 3949static const char * 3950sppp_ipcp_opt_name(u_char opt) 3951{ 3952 static char buf[12]; 3953 switch (opt) { 3954 case IPCP_OPT_ADDRESSES: return "addresses"; 3955 case IPCP_OPT_COMPRESSION: return "compression"; 3956 case IPCP_OPT_ADDRESS: return "address"; 3957 } 3958 sprintf (buf, "0x%x", opt); 3959 return buf; 3960} 3961 3962static const char * 3963sppp_state_name(int state) 3964{ 3965 switch (state) { 3966 case STATE_INITIAL: return "initial"; 3967 case STATE_STARTING: return "starting"; 3968 case STATE_CLOSED: return "closed"; 3969 case STATE_STOPPED: return "stopped"; 3970 case STATE_CLOSING: return "closing"; 3971 case STATE_STOPPING: return "stopping"; 3972 case STATE_REQ_SENT: return "req-sent"; 3973 case STATE_ACK_RCVD: return "ack-rcvd"; 3974 case STATE_ACK_SENT: return "ack-sent"; 3975 case STATE_OPENED: return "opened"; 3976 } 3977 return "illegal"; 3978} 3979 3980static const char * 3981sppp_phase_name(enum ppp_phase phase) 3982{ 3983 switch (phase) { 3984 case PHASE_DEAD: return "dead"; 3985 case PHASE_ESTABLISH: return "establish"; 3986 case PHASE_TERMINATE: return "terminate"; 3987 case PHASE_AUTHENTICATE: return "authenticate"; 3988 case PHASE_NETWORK: return "network"; 3989 } 3990 return "illegal"; 3991} 3992 3993static const char * 3994sppp_proto_name(u_short proto) 3995{ 3996 static char buf[12]; 3997 switch (proto) { 3998 case PPP_LCP: return "lcp"; 3999 case PPP_IPCP: return "ipcp"; 4000 case PPP_PAP: return "pap"; 4001 case PPP_CHAP: return "chap"; 4002 } 4003 sprintf(buf, "0x%x", (unsigned)proto); 4004 return buf; 4005} 4006 4007static void 4008sppp_print_bytes(const u_char *p, u_short len) 4009{ 4010 addlog(" %x", *p++); 4011 while (--len > 0) 4012 addlog("-%x", *p++); 4013} 4014 4015static void 4016sppp_print_string(const char *p, u_short len) 4017{ 4018 u_char c; 4019 4020 while (len-- > 0) { 4021 c = *p++; 4022 /* 4023 * Print only ASCII chars directly. RFC 1994 recommends 4024 * using only them, but we don't rely on it. */ 4025 if (c < ' ' || c > '~') 4026 addlog("\\x%x", c); 4027 else 4028 addlog("%c", c); 4029 } 4030} 4031 4032static const char * 4033sppp_dotted_quad(u_long addr) 4034{ 4035 static char s[16]; 4036 sprintf(s, "%d.%d.%d.%d", 4037 (addr >> 24) & 0xff, 4038 (addr >> 16) & 0xff, 4039 (addr >> 8) & 0xff, 4040 addr & 0xff); 4041 return s; 4042} 4043 4044static int 4045sppp_strnlen(u_char *p, int max) 4046{ 4047 int len; 4048 4049 for (len = 0; len < max && *p; ++p) 4050 ++len; 4051 return len; 4052} 4053 4054/* a dummy, used to drop uninteresting events */ 4055static void 4056sppp_null(struct sppp *unused) 4057{ 4058 /* do just nothing */ 4059} 4060/* 4061 * This file is large. Tell emacs to highlight it nevertheless. 4062 * 4063 * Local Variables: 4064 * hilit-auto-highlight-maxout: 120000 4065 * End: 4066 */
|