48#endif
49
50#ifdef IPX
51#include <netipx/ipx.h>
52#include <netipx/ipx_if.h>
53#endif
54
55#ifdef NS
56#include <netns/ns.h>
57#include <netns/ns_if.h>
58#endif
59
60#ifdef ISO
61#include <netiso/argo_debug.h>
62#include <netiso/iso.h>
63#include <netiso/iso_var.h>
64#include <netiso/iso_snpac.h>
65#endif
66
67#include <net/if_sppp.h>
68
69#define MAXALIVECNT 3 /* max. alive packets */
70
71/*
72 * Interface flags that can be set in an ifconfig command.
73 *
74 * Setting link0 will make the link passive, i.e. it will be marked
75 * as being administrative openable, but won't be opened to begin
76 * with. Incoming calls will be answered, or subsequent calls with
77 * -link1 will cause the administrative open of the LCP layer.
78 *
79 * Setting link1 will cause the link to auto-dial only as packets
80 * arrive to be sent.
81 *
82 * Setting IFF_DEBUG will syslog the option negotiation and state
83 * transitions at level kern.debug. Note: all logs consistently look
84 * like
85 *
86 * <if-name><unit>: <proto-name> <additional info...>
87 *
88 * with <if-name><unit> being something like "bppp0", and <proto-name>
89 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc.
90 */
91
92#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */
93#define IFF_AUTO IFF_LINK1 /* auto-dial on output */
94
95#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */
96#define PPP_UI 0x03 /* Unnumbered Information */
97#define PPP_IP 0x0021 /* Internet Protocol */
98#define PPP_ISO 0x0023 /* ISO OSI Protocol */
99#define PPP_XNS 0x0025 /* Xerox NS Protocol */
100#define PPP_IPX 0x002b /* Novell IPX Protocol */
101#define PPP_LCP 0xc021 /* Link Control Protocol */
102#define PPP_PAP 0xc023 /* Password Authentication Protocol */
103#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */
104#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */
105
106#define CONF_REQ 1 /* PPP configure request */
107#define CONF_ACK 2 /* PPP configure acknowledge */
108#define CONF_NAK 3 /* PPP configure negative ack */
109#define CONF_REJ 4 /* PPP configure reject */
110#define TERM_REQ 5 /* PPP terminate request */
111#define TERM_ACK 6 /* PPP terminate acknowledge */
112#define CODE_REJ 7 /* PPP code reject */
113#define PROTO_REJ 8 /* PPP protocol reject */
114#define ECHO_REQ 9 /* PPP echo request */
115#define ECHO_REPLY 10 /* PPP echo reply */
116#define DISC_REQ 11 /* PPP discard request */
117
118#define LCP_OPT_MRU 1 /* maximum receive unit */
119#define LCP_OPT_ASYNC_MAP 2 /* async control character map */
120#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */
121#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */
122#define LCP_OPT_MAGIC 5 /* magic number */
123#define LCP_OPT_RESERVED 6 /* reserved */
124#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */
125#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */
126
127#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */
128#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */
129#define IPCP_OPT_ADDRESS 3 /* local IP address */
130
131#define PAP_REQ 1 /* PAP name/password request */
132#define PAP_ACK 2 /* PAP acknowledge */
133#define PAP_NAK 3 /* PAP fail */
134
135#define CHAP_CHALLENGE 1 /* CHAP challenge request */
136#define CHAP_RESPONSE 2 /* CHAP challenge response */
137#define CHAP_SUCCESS 3 /* CHAP response ok */
138#define CHAP_FAILURE 4 /* CHAP response failed */
139
140#define CHAP_MD5 5 /* hash algorithm - MD5 */
141
142#define CISCO_MULTICAST 0x8f /* Cisco multicast address */
143#define CISCO_UNICAST 0x0f /* Cisco unicast address */
144#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */
145#define CISCO_ADDR_REQ 0 /* Cisco address request */
146#define CISCO_ADDR_REPLY 1 /* Cisco address reply */
147#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */
148
149/* states are named and numbered according to RFC 1661 */
150#define STATE_INITIAL 0
151#define STATE_STARTING 1
152#define STATE_CLOSED 2
153#define STATE_STOPPED 3
154#define STATE_CLOSING 4
155#define STATE_STOPPING 5
156#define STATE_REQ_SENT 6
157#define STATE_ACK_RCVD 7
158#define STATE_ACK_SENT 8
159#define STATE_OPENED 9
160
161struct ppp_header {
162 u_char address;
163 u_char control;
164 u_short protocol;
165};
166#define PPP_HEADER_LEN sizeof (struct ppp_header)
167
168struct lcp_header {
169 u_char type;
170 u_char ident;
171 u_short len;
172};
173#define LCP_HEADER_LEN sizeof (struct lcp_header)
174
175struct cisco_packet {
176 u_long type;
177 u_long par1;
178 u_long par2;
179 u_short rel;
180 u_short time0;
181 u_short time1;
182};
183#define CISCO_PACKET_LEN 18
184
185/*
186 * We follow the spelling and capitalization of RFC 1661 here, to make
187 * it easier comparing with the standard. Please refer to this RFC in
188 * case you can't make sense out of these abbreviation; it will also
189 * explain the semantics related to the various events and actions.
190 */
191struct cp {
192 u_short proto; /* PPP control protocol number */
193 u_char protoidx; /* index into state table in struct sppp */
194 u_char flags;
195#define CP_LCP 0x01 /* this is the LCP */
196#define CP_AUTH 0x02 /* this is an authentication protocol */
197#define CP_NCP 0x04 /* this is a NCP */
198#define CP_QUAL 0x08 /* this is a quality reporting protocol */
199 const char *name; /* name of this control protocol */
200 /* event handlers */
201 void (*Up)(struct sppp *sp);
202 void (*Down)(struct sppp *sp);
203 void (*Open)(struct sppp *sp);
204 void (*Close)(struct sppp *sp);
205 void (*TO)(void *sp);
206 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len);
207 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len);
208 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len);
209 /* actions */
210 void (*tlu)(struct sppp *sp);
211 void (*tld)(struct sppp *sp);
212 void (*tls)(struct sppp *sp);
213 void (*tlf)(struct sppp *sp);
214 void (*scr)(struct sppp *sp);
215};
216
217static struct sppp *spppq;
218static struct callout_handle keepalive_ch;
219
220/*
221 * The following disgusting hack gets around the problem that IP TOS
222 * can't be set yet. We want to put "interactive" traffic on a high
223 * priority queue. To decide if traffic is interactive, we check that
224 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control.
225 *
226 * XXX is this really still necessary? - joerg -
227 */
228static u_short interactive_ports[8] = {
229 0, 513, 0, 0,
230 0, 21, 0, 23,
231};
232#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p))
233
234/* almost every function needs these */
235#define STDDCL \
236 struct ifnet *ifp = &sp->pp_if; \
237 int debug = ifp->if_flags & IFF_DEBUG
238
239static int sppp_output(struct ifnet *ifp, struct mbuf *m,
240 struct sockaddr *dst, struct rtentry *rt);
241
242static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2);
243static void sppp_cisco_input(struct sppp *sp, struct mbuf *m);
244
245static void sppp_cp_input(const struct cp *cp, struct sppp *sp,
246 struct mbuf *m);
247static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
248 u_char ident, u_short len, void *data);
249static void sppp_cp_timeout(void *arg);
250static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp,
251 int newstate);
252static void sppp_auth_send(const struct cp *cp,
253 struct sppp *sp, u_char type, u_char id,
254 ...);
255
256static void sppp_up_event(const struct cp *cp, struct sppp *sp);
257static void sppp_down_event(const struct cp *cp, struct sppp *sp);
258static void sppp_open_event(const struct cp *cp, struct sppp *sp);
259static void sppp_close_event(const struct cp *cp, struct sppp *sp);
260static void sppp_to_event(const struct cp *cp, struct sppp *sp);
261
262static void sppp_null(struct sppp *sp);
263
264static void sppp_lcp_init(struct sppp *sp);
265static void sppp_lcp_up(struct sppp *sp);
266static void sppp_lcp_down(struct sppp *sp);
267static void sppp_lcp_open(struct sppp *sp);
268static void sppp_lcp_close(struct sppp *sp);
269static void sppp_lcp_TO(void *sp);
270static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
271static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
272static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
273static void sppp_lcp_tlu(struct sppp *sp);
274static void sppp_lcp_tld(struct sppp *sp);
275static void sppp_lcp_tls(struct sppp *sp);
276static void sppp_lcp_tlf(struct sppp *sp);
277static void sppp_lcp_scr(struct sppp *sp);
278static void sppp_lcp_check_and_close(struct sppp *sp);
279static int sppp_ncp_check(struct sppp *sp);
280
281static void sppp_ipcp_init(struct sppp *sp);
282static void sppp_ipcp_up(struct sppp *sp);
283static void sppp_ipcp_down(struct sppp *sp);
284static void sppp_ipcp_open(struct sppp *sp);
285static void sppp_ipcp_close(struct sppp *sp);
286static void sppp_ipcp_TO(void *sp);
287static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
288static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
289static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
290static void sppp_ipcp_tlu(struct sppp *sp);
291static void sppp_ipcp_tld(struct sppp *sp);
292static void sppp_ipcp_tls(struct sppp *sp);
293static void sppp_ipcp_tlf(struct sppp *sp);
294static void sppp_ipcp_scr(struct sppp *sp);
295
296static void sppp_pap_input(struct sppp *sp, struct mbuf *m);
297static void sppp_pap_init(struct sppp *sp);
298static void sppp_pap_open(struct sppp *sp);
299static void sppp_pap_close(struct sppp *sp);
300static void sppp_pap_TO(void *sp);
301static void sppp_pap_my_TO(void *sp);
302static void sppp_pap_tlu(struct sppp *sp);
303static void sppp_pap_tld(struct sppp *sp);
304static void sppp_pap_scr(struct sppp *sp);
305
306static void sppp_chap_input(struct sppp *sp, struct mbuf *m);
307static void sppp_chap_init(struct sppp *sp);
308static void sppp_chap_open(struct sppp *sp);
309static void sppp_chap_close(struct sppp *sp);
310static void sppp_chap_TO(void *sp);
311static void sppp_chap_tlu(struct sppp *sp);
312static void sppp_chap_tld(struct sppp *sp);
313static void sppp_chap_scr(struct sppp *sp);
314
315static const char *sppp_auth_type_name(u_short proto, u_char type);
316static const char *sppp_cp_type_name(u_char type);
317static const char *sppp_dotted_quad(u_long addr);
318static const char *sppp_ipcp_opt_name(u_char opt);
319static const char *sppp_lcp_opt_name(u_char opt);
320static const char *sppp_phase_name(enum ppp_phase phase);
321static const char *sppp_proto_name(u_short proto);
322static const char *sppp_state_name(int state);
323static int sppp_params(struct sppp *sp, int cmd, void *data);
324static int sppp_strnlen(u_char *p, int max);
325static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst,
326 u_long *srcmask);
327static void sppp_keepalive(void *dummy);
328static void sppp_phase_network(struct sppp *sp);
329static void sppp_print_bytes(const u_char *p, u_short len);
330static void sppp_print_string(const char *p, u_short len);
331static void sppp_qflush(struct ifqueue *ifq);
332static void sppp_set_ip_addr(struct sppp *sp, u_long src);
333
334/* our control protocol descriptors */
335const struct cp lcp = {
336 PPP_LCP, IDX_LCP, CP_LCP, "lcp",
337 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close,
338 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak,
339 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf,
340 sppp_lcp_scr
341};
342
343const struct cp ipcp = {
344 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp",
345 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close,
346 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak,
347 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf,
348 sppp_ipcp_scr
349};
350
351const struct cp pap = {
352 PPP_PAP, IDX_PAP, CP_AUTH, "pap",
353 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close,
354 sppp_pap_TO, 0, 0, 0,
355 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null,
356 sppp_pap_scr
357};
358
359const struct cp chap = {
360 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap",
361 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close,
362 sppp_chap_TO, 0, 0, 0,
363 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null,
364 sppp_chap_scr
365};
366
367const struct cp *cps[IDX_COUNT] = {
368 &lcp, /* IDX_LCP */
369 &ipcp, /* IDX_IPCP */
370 &pap, /* IDX_PAP */
371 &chap, /* IDX_CHAP */
372};
373
374
375�/*
376 * Exported functions, comprising our interface to the lower layer.
377 */
378
379/*
380 * Process the received packet.
381 */
382void
383sppp_input(struct ifnet *ifp, struct mbuf *m)
384{
385 struct ppp_header *h;
386 struct ifqueue *inq = 0;
387 int s;
388 struct sppp *sp = (struct sppp *)ifp;
389 int debug = ifp->if_flags & IFF_DEBUG;
390
391 if (ifp->if_flags & IFF_UP)
392 /* Count received bytes, add FCS and one flag */
393 ifp->if_ibytes += m->m_pkthdr.len + 3;
394
395 if (m->m_pkthdr.len <= PPP_HEADER_LEN) {
396 /* Too small packet, drop it. */
397 if (debug)
398 log(LOG_DEBUG,
399 "%s%d: input packet is too small, %d bytes\n",
400 ifp->if_name, ifp->if_unit, m->m_pkthdr.len);
401 drop:
402 ++ifp->if_ierrors;
403 ++ifp->if_iqdrops;
404 m_freem (m);
405 return;
406 }
407
408 /* Get PPP header. */
409 h = mtod (m, struct ppp_header*);
410 m_adj (m, PPP_HEADER_LEN);
411
412 switch (h->address) {
413 case PPP_ALLSTATIONS:
414 if (h->control != PPP_UI)
415 goto invalid;
416 if (sp->pp_flags & PP_CISCO) {
417 if (debug)
418 log(LOG_DEBUG,
419 "%s%d: PPP packet in Cisco mode "
420 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
421 ifp->if_name, ifp->if_unit,
422 h->address, h->control, ntohs(h->protocol));
423 goto drop;
424 }
425 switch (ntohs (h->protocol)) {
426 default:
427 if (sp->state[IDX_LCP] == STATE_OPENED)
428 sppp_cp_send (sp, PPP_LCP, PROTO_REJ,
429 ++sp->pp_seq, m->m_pkthdr.len + 2,
430 &h->protocol);
431 if (debug)
432 log(LOG_DEBUG,
433 "%s%d: invalid input protocol "
434 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
435 ifp->if_name, ifp->if_unit,
436 h->address, h->control, ntohs(h->protocol));
437 ++ifp->if_noproto;
438 goto drop;
439 case PPP_LCP:
440 sppp_cp_input(&lcp, sp, m);
441 m_freem (m);
442 return;
443 case PPP_PAP:
444 if (sp->pp_phase >= PHASE_AUTHENTICATE)
445 sppp_pap_input(sp, m);
446 m_freem (m);
447 return;
448 case PPP_CHAP:
449 if (sp->pp_phase >= PHASE_AUTHENTICATE)
450 sppp_chap_input(sp, m);
451 m_freem (m);
452 return;
453#ifdef INET
454 case PPP_IPCP:
455 if (sp->pp_phase == PHASE_NETWORK)
456 sppp_cp_input(&ipcp, sp, m);
457 m_freem (m);
458 return;
459 case PPP_IP:
460 if (sp->state[IDX_IPCP] == STATE_OPENED) {
461 schednetisr (NETISR_IP);
462 inq = &ipintrq;
463 }
464 break;
465#endif
466#ifdef IPX
467 case PPP_IPX:
468 /* IPX IPXCP not implemented yet */
469 if (sp->pp_phase == PHASE_NETWORK) {
470 schednetisr (NETISR_IPX);
471 inq = &ipxintrq;
472 }
473 break;
474#endif
475#ifdef NS
476 case PPP_XNS:
477 /* XNS IDPCP not implemented yet */
478 if (sp->pp_phase == PHASE_NETWORK) {
479 schednetisr (NETISR_NS);
480 inq = &nsintrq;
481 }
482 break;
483#endif
484#ifdef ISO
485 case PPP_ISO:
486 /* OSI NLCP not implemented yet */
487 if (sp->pp_phase == PHASE_NETWORK) {
488 schednetisr (NETISR_ISO);
489 inq = &clnlintrq;
490 }
491 break;
492#endif
493 }
494 break;
495 case CISCO_MULTICAST:
496 case CISCO_UNICAST:
497 /* Don't check the control field here (RFC 1547). */
498 if (! (sp->pp_flags & PP_CISCO)) {
499 if (debug)
500 log(LOG_DEBUG,
501 "%s%d: Cisco packet in PPP mode "
502 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
503 ifp->if_name, ifp->if_unit,
504 h->address, h->control, ntohs(h->protocol));
505 goto drop;
506 }
507 switch (ntohs (h->protocol)) {
508 default:
509 ++ifp->if_noproto;
510 goto invalid;
511 case CISCO_KEEPALIVE:
512 sppp_cisco_input ((struct sppp*) ifp, m);
513 m_freem (m);
514 return;
515#ifdef INET
516 case ETHERTYPE_IP:
517 schednetisr (NETISR_IP);
518 inq = &ipintrq;
519 break;
520#endif
521#ifdef IPX
522 case ETHERTYPE_IPX:
523 schednetisr (NETISR_IPX);
524 inq = &ipxintrq;
525 break;
526#endif
527#ifdef NS
528 case ETHERTYPE_NS:
529 schednetisr (NETISR_NS);
530 inq = &nsintrq;
531 break;
532#endif
533 }
534 break;
535 default: /* Invalid PPP packet. */
536 invalid:
537 if (debug)
538 log(LOG_DEBUG,
539 "%s%d: invalid input packet "
540 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
541 ifp->if_name, ifp->if_unit,
542 h->address, h->control, ntohs(h->protocol));
543 goto drop;
544 }
545
546 if (! (ifp->if_flags & IFF_UP) || ! inq)
547 goto drop;
548
549 /* Check queue. */
550 s = splimp();
551 if (IF_QFULL (inq)) {
552 /* Queue overflow. */
553 IF_DROP(inq);
554 splx(s);
555 if (debug)
556 log(LOG_DEBUG, "%s%d: protocol queue overflow\n",
557 ifp->if_name, ifp->if_unit);
558 goto drop;
559 }
560 IF_ENQUEUE(inq, m);
561 splx(s);
562}
563
564/*
565 * Enqueue transmit packet.
566 */
567static int
568sppp_output(struct ifnet *ifp, struct mbuf *m,
569 struct sockaddr *dst, struct rtentry *rt)
570{
571 struct sppp *sp = (struct sppp*) ifp;
572 struct ppp_header *h;
573 struct ifqueue *ifq;
574 int s, rv = 0;
575
576 s = splimp();
577
578 if ((ifp->if_flags & IFF_UP) == 0 ||
579 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) {
580 m_freem (m);
581 splx (s);
582 return (ENETDOWN);
583 }
584
585 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) {
586 /*
587 * Interface is not yet running, but auto-dial. Need
588 * to start LCP for it.
589 */
590 ifp->if_flags |= IFF_RUNNING;
591 splx(s);
592 lcp.Open(sp);
593 s = splimp();
594 }
595
596 ifq = &ifp->if_snd;
597#ifdef INET
598 /*
599 * Put low delay, telnet, rlogin and ftp control packets
600 * in front of the queue.
601 */
602 if (dst->sa_family == AF_INET) {
603 struct ip *ip = mtod (m, struct ip*);
604 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl);
605
606 if (! IF_QFULL (&sp->pp_fastq) &&
607 ((ip->ip_tos & IPTOS_LOWDELAY) ||
608 ip->ip_p == IPPROTO_TCP &&
609 m->m_len >= sizeof (struct ip) + sizeof (struct tcphdr) &&
610 (INTERACTIVE (ntohs (tcp->th_sport)) ||
611 INTERACTIVE (ntohs (tcp->th_dport)))))
612 ifq = &sp->pp_fastq;
613 }
614#endif
615
616 /*
617 * Prepend general data packet PPP header. For now, IP only.
618 */
619 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT);
620 if (! m) {
621 if (ifp->if_flags & IFF_DEBUG)
622 log(LOG_DEBUG, "%s%d: no memory for transmit header\n",
623 ifp->if_name, ifp->if_unit);
624 ++ifp->if_oerrors;
625 splx (s);
626 return (ENOBUFS);
627 }
628 h = mtod (m, struct ppp_header*);
629 if (sp->pp_flags & PP_CISCO) {
630 h->address = CISCO_UNICAST; /* unicast address */
631 h->control = 0;
632 } else {
633 h->address = PPP_ALLSTATIONS; /* broadcast address */
634 h->control = PPP_UI; /* Unnumbered Info */
635 }
636
637 switch (dst->sa_family) {
638#ifdef INET
639 case AF_INET: /* Internet Protocol */
640 if (sp->pp_flags & PP_CISCO)
641 h->protocol = htons (ETHERTYPE_IP);
642 else {
643 /*
644 * Don't choke with an ENETDOWN early. It's
645 * possible that we just started dialing out,
646 * so don't drop the packet immediately. If
647 * we notice that we run out of buffer space
648 * below, we will however remember that we are
649 * not ready to carry IP packets, and return
650 * ENETDOWN, as opposed to ENOBUFS.
651 */
652 h->protocol = htons(PPP_IP);
653 if (sp->state[IDX_IPCP] != STATE_OPENED)
654 rv = ENETDOWN;
655 }
656 break;
657#endif
658#ifdef NS
659 case AF_NS: /* Xerox NS Protocol */
660 h->protocol = htons ((sp->pp_flags & PP_CISCO) ?
661 ETHERTYPE_NS : PPP_XNS);
662 break;
663#endif
664#ifdef IPX
665 case AF_IPX: /* Novell IPX Protocol */
666 h->protocol = htons ((sp->pp_flags & PP_CISCO) ?
667 ETHERTYPE_IPX : PPP_IPX);
668 break;
669#endif
670#ifdef ISO
671 case AF_ISO: /* ISO OSI Protocol */
672 if (sp->pp_flags & PP_CISCO)
673 goto nosupport;
674 h->protocol = htons (PPP_ISO);
675 break;
676nosupport:
677#endif
678 default:
679 m_freem (m);
680 ++ifp->if_oerrors;
681 splx (s);
682 return (EAFNOSUPPORT);
683 }
684
685 /*
686 * Queue message on interface, and start output if interface
687 * not yet active.
688 */
689 if (IF_QFULL (ifq)) {
690 IF_DROP (&ifp->if_snd);
691 m_freem (m);
692 ++ifp->if_oerrors;
693 splx (s);
694 return (rv? rv: ENOBUFS);
695 }
696 IF_ENQUEUE (ifq, m);
697 if (! (ifp->if_flags & IFF_OACTIVE))
698 (*ifp->if_start) (ifp);
699
700 /*
701 * Count output packets and bytes.
702 * The packet length includes header, FCS and 1 flag,
703 * according to RFC 1333.
704 */
705 ifp->if_obytes += m->m_pkthdr.len + 3;
706 splx (s);
707 return (0);
708}
709
710void
711sppp_attach(struct ifnet *ifp)
712{
713 struct sppp *sp = (struct sppp*) ifp;
714
715 /* Initialize keepalive handler. */
716 if (! spppq)
717 keepalive_ch = timeout(sppp_keepalive, 0, hz * 10);
718
719 /* Insert new entry into the keepalive list. */
720 sp->pp_next = spppq;
721 spppq = sp;
722
723 sp->pp_if.if_type = IFT_PPP;
724 sp->pp_if.if_output = sppp_output;
725 sp->pp_fastq.ifq_maxlen = 32;
726 sp->pp_cpq.ifq_maxlen = 20;
727 sp->pp_loopcnt = 0;
728 sp->pp_alivecnt = 0;
729 sp->pp_seq = 0;
730 sp->pp_rseq = 0;
731 sp->pp_phase = PHASE_DEAD;
732 sp->pp_up = lcp.Up;
733 sp->pp_down = lcp.Down;
734
735 sppp_lcp_init(sp);
736 sppp_ipcp_init(sp);
737 sppp_pap_init(sp);
738 sppp_chap_init(sp);
739}
740
741void
742sppp_detach(struct ifnet *ifp)
743{
744 struct sppp **q, *p, *sp = (struct sppp*) ifp;
745 int i;
746
747 /* Remove the entry from the keepalive list. */
748 for (q = &spppq; (p = *q); q = &p->pp_next)
749 if (p == sp) {
750 *q = p->pp_next;
751 break;
752 }
753
754 /* Stop keepalive handler. */
755 if (! spppq)
756 untimeout(sppp_keepalive, 0, keepalive_ch);
757
758 for (i = 0; i < IDX_COUNT; i++)
759 untimeout((cps[i])->TO, (void *)sp, sp->ch[i]);
760 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
761}
762
763/*
764 * Flush the interface output queue.
765 */
766void
767sppp_flush(struct ifnet *ifp)
768{
769 struct sppp *sp = (struct sppp*) ifp;
770
771 sppp_qflush (&sp->pp_if.if_snd);
772 sppp_qflush (&sp->pp_fastq);
773 sppp_qflush (&sp->pp_cpq);
774}
775
776/*
777 * Check if the output queue is empty.
778 */
779int
780sppp_isempty(struct ifnet *ifp)
781{
782 struct sppp *sp = (struct sppp*) ifp;
783 int empty, s;
784
785 s = splimp();
786 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head &&
787 !sp->pp_if.if_snd.ifq_head;
788 splx(s);
789 return (empty);
790}
791
792/*
793 * Get next packet to send.
794 */
795struct mbuf *
796sppp_dequeue(struct ifnet *ifp)
797{
798 struct sppp *sp = (struct sppp*) ifp;
799 struct mbuf *m;
800 int s;
801
802 s = splimp();
803 /*
804 * Process only the control protocol queue until we have at
805 * least one NCP open.
806 *
807 * Do always serve all three queues in Cisco mode.
808 */
809 IF_DEQUEUE(&sp->pp_cpq, m);
810 if (m == NULL &&
811 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) {
812 IF_DEQUEUE(&sp->pp_fastq, m);
813 if (m == NULL)
814 IF_DEQUEUE (&sp->pp_if.if_snd, m);
815 }
816 splx(s);
817 return m;
818}
819
820/*
821 * Pick the next packet, do not remove it from the queue.
822 */
823struct mbuf *
824sppp_pick(struct ifnet *ifp)
825{
826 struct sppp *sp = (struct sppp*)ifp;
827 struct mbuf *m;
828 int s;
829
830 s= splimp ();
831
832 m = sp->pp_cpq.ifq_head;
833 if (m == NULL &&
834 (sp->pp_phase == PHASE_NETWORK ||
835 (sp->pp_flags & PP_CISCO) != 0))
836 if ((m = sp->pp_fastq.ifq_head) == NULL)
837 m = sp->pp_if.if_snd.ifq_head;
838 splx (s);
839 return (m);
840}
841
842/*
843 * Process an ioctl request. Called on low priority level.
844 */
845int
846sppp_ioctl(struct ifnet *ifp, int cmd, void *data)
847{
848 struct ifreq *ifr = (struct ifreq*) data;
849 struct sppp *sp = (struct sppp*) ifp;
850 int s, rv, going_up, going_down, newmode;
851
852 s = splimp();
853 rv = 0;
854 switch (cmd) {
855 case SIOCAIFADDR:
856 case SIOCSIFDSTADDR:
857 break;
858
859 case SIOCSIFADDR:
860 if_up(ifp);
861 /* fall through... */
862
863 case SIOCSIFFLAGS:
864 going_up = ifp->if_flags & IFF_UP &&
865 (ifp->if_flags & IFF_RUNNING) == 0;
866 going_down = (ifp->if_flags & IFF_UP) == 0 &&
867 ifp->if_flags & IFF_RUNNING;
868 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE);
869 if (newmode == (IFF_AUTO | IFF_PASSIVE)) {
870 /* sanity */
871 newmode = IFF_PASSIVE;
872 ifp->if_flags &= ~IFF_AUTO;
873 }
874
875 if (going_up || going_down)
876 lcp.Close(sp);
877 if (going_up && newmode == 0) {
878 /* neither auto-dial nor passive */
879 ifp->if_flags |= IFF_RUNNING;
880 if (!(sp->pp_flags & PP_CISCO))
881 lcp.Open(sp);
882 } else if (going_down) {
883 sppp_flush(ifp);
884 ifp->if_flags &= ~IFF_RUNNING;
885 }
886
887 break;
888
889#ifdef SIOCSIFMTU
890#ifndef ifr_mtu
891#define ifr_mtu ifr_metric
892#endif
893 case SIOCSIFMTU:
894 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru)
895 return (EINVAL);
896 ifp->if_mtu = ifr->ifr_mtu;
897 break;
898#endif
899#ifdef SLIOCSETMTU
900 case SLIOCSETMTU:
901 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru)
902 return (EINVAL);
903 ifp->if_mtu = *(short*)data;
904 break;
905#endif
906#ifdef SIOCGIFMTU
907 case SIOCGIFMTU:
908 ifr->ifr_mtu = ifp->if_mtu;
909 break;
910#endif
911#ifdef SLIOCGETMTU
912 case SLIOCGETMTU:
913 *(short*)data = ifp->if_mtu;
914 break;
915#endif
916 case SIOCADDMULTI:
917 case SIOCDELMULTI:
918 break;
919
920 case SIOCGIFGENERIC:
921 case SIOCSIFGENERIC:
922 rv = sppp_params(sp, cmd, data);
923 break;
924
925 default:
926 rv = ENOTTY;
927 }
928 splx(s);
929 return rv;
930}
931
932
933�/*
934 * Cisco framing implementation.
935 */
936
937/*
938 * Handle incoming Cisco keepalive protocol packets.
939 */
940static void
941sppp_cisco_input(struct sppp *sp, struct mbuf *m)
942{
943 STDDCL;
944 struct cisco_packet *h;
945 u_long me, mymask;
946
947 if (m->m_pkthdr.len < CISCO_PACKET_LEN) {
948 if (debug)
949 log(LOG_DEBUG,
950 "%s%d: cisco invalid packet length: %d bytes\n",
951 ifp->if_name, ifp->if_unit, m->m_pkthdr.len);
952 return;
953 }
954 h = mtod (m, struct cisco_packet*);
955 if (debug)
956 log(LOG_DEBUG,
957 "%s%d: cisco input: %d bytes "
958 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n",
959 ifp->if_name, ifp->if_unit, m->m_pkthdr.len,
960 ntohl (h->type), h->par1, h->par2, h->rel,
961 h->time0, h->time1);
962 switch (ntohl (h->type)) {
963 default:
964 if (debug)
965 addlog("%s%d: cisco unknown packet type: 0x%lx\n",
966 ifp->if_name, ifp->if_unit, ntohl (h->type));
967 break;
968 case CISCO_ADDR_REPLY:
969 /* Reply on address request, ignore */
970 break;
971 case CISCO_KEEPALIVE_REQ:
972 sp->pp_alivecnt = 0;
973 sp->pp_rseq = ntohl (h->par1);
974 if (sp->pp_seq == sp->pp_rseq) {
975 /* Local and remote sequence numbers are equal.
976 * Probably, the line is in loopback mode. */
977 if (sp->pp_loopcnt >= MAXALIVECNT) {
978 printf ("%s%d: loopback\n",
979 ifp->if_name, ifp->if_unit);
980 sp->pp_loopcnt = 0;
981 if (ifp->if_flags & IFF_UP) {
982 if_down (ifp);
983 sppp_qflush (&sp->pp_cpq);
984 }
985 }
986 ++sp->pp_loopcnt;
987
988 /* Generate new local sequence number */
989 sp->pp_seq ^= time.tv_sec ^ time.tv_usec;
990 break;
991 }
992 sp->pp_loopcnt = 0;
993 if (! (ifp->if_flags & IFF_UP) &&
994 (ifp->if_flags & IFF_RUNNING)) {
995 if_up(ifp);
996 printf ("%s%d: up\n", ifp->if_name, ifp->if_unit);
997 }
998 break;
999 case CISCO_ADDR_REQ:
1000 sppp_get_ip_addrs(sp, &me, 0, &mymask);
1001 if (me != 0L)
1002 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask);
1003 break;
1004 }
1005}
1006
1007/*
1008 * Send Cisco keepalive packet.
1009 */
1010static void
1011sppp_cisco_send(struct sppp *sp, int type, long par1, long par2)
1012{
1013 STDDCL;
1014 struct ppp_header *h;
1015 struct cisco_packet *ch;
1016 struct mbuf *m;
1017 u_long t = (time.tv_sec - boottime.tv_sec) * 1000;
1018
1019 MGETHDR (m, M_DONTWAIT, MT_DATA);
1020 if (! m)
1021 return;
1022 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN;
1023 m->m_pkthdr.rcvif = 0;
1024
1025 h = mtod (m, struct ppp_header*);
1026 h->address = CISCO_MULTICAST;
1027 h->control = 0;
1028 h->protocol = htons (CISCO_KEEPALIVE);
1029
1030 ch = (struct cisco_packet*) (h + 1);
1031 ch->type = htonl (type);
1032 ch->par1 = htonl (par1);
1033 ch->par2 = htonl (par2);
1034 ch->rel = -1;
1035 ch->time0 = htons ((u_short) (t >> 16));
1036 ch->time1 = htons ((u_short) t);
1037
1038 if (debug)
1039 log(LOG_DEBUG,
1040 "%s%d: cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n",
1041 ifp->if_name, ifp->if_unit, ntohl (ch->type), ch->par1,
1042 ch->par2, ch->rel, ch->time0, ch->time1);
1043
1044 if (IF_QFULL (&sp->pp_cpq)) {
1045 IF_DROP (&sp->pp_fastq);
1046 IF_DROP (&ifp->if_snd);
1047 m_freem (m);
1048 } else
1049 IF_ENQUEUE (&sp->pp_cpq, m);
1050 if (! (ifp->if_flags & IFF_OACTIVE))
1051 (*ifp->if_start) (ifp);
1052 ifp->if_obytes += m->m_pkthdr.len + 3;
1053}
1054
1055�/*
1056 * PPP protocol implementation.
1057 */
1058
1059/*
1060 * Send PPP control protocol packet.
1061 */
1062static void
1063sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
1064 u_char ident, u_short len, void *data)
1065{
1066 STDDCL;
1067 struct ppp_header *h;
1068 struct lcp_header *lh;
1069 struct mbuf *m;
1070
1071 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN)
1072 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN;
1073 MGETHDR (m, M_DONTWAIT, MT_DATA);
1074 if (! m)
1075 return;
1076 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len;
1077 m->m_pkthdr.rcvif = 0;
1078
1079 h = mtod (m, struct ppp_header*);
1080 h->address = PPP_ALLSTATIONS; /* broadcast address */
1081 h->control = PPP_UI; /* Unnumbered Info */
1082 h->protocol = htons (proto); /* Link Control Protocol */
1083
1084 lh = (struct lcp_header*) (h + 1);
1085 lh->type = type;
1086 lh->ident = ident;
1087 lh->len = htons (LCP_HEADER_LEN + len);
1088 if (len)
1089 bcopy (data, lh+1, len);
1090
1091 if (debug) {
1092 log(LOG_DEBUG, "%s%d: %s output <%s id=0x%x len=%d",
1093 ifp->if_name, ifp->if_unit,
1094 sppp_proto_name(proto),
1095 sppp_cp_type_name (lh->type), lh->ident,
1096 ntohs (lh->len));
1097 if (len)
1098 sppp_print_bytes ((u_char*) (lh+1), len);
1099 addlog(">\n");
1100 }
1101 if (IF_QFULL (&sp->pp_cpq)) {
1102 IF_DROP (&sp->pp_fastq);
1103 IF_DROP (&ifp->if_snd);
1104 m_freem (m);
1105 ++ifp->if_oerrors;
1106 } else
1107 IF_ENQUEUE (&sp->pp_cpq, m);
1108 if (! (ifp->if_flags & IFF_OACTIVE))
1109 (*ifp->if_start) (ifp);
1110 ifp->if_obytes += m->m_pkthdr.len + 3;
1111}
1112
1113/*
1114 * Handle incoming PPP control protocol packets.
1115 */
1116static void
1117sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m)
1118{
1119 STDDCL;
1120 struct lcp_header *h;
1121 int len = m->m_pkthdr.len;
1122 int rv;
1123 u_char *p;
1124
1125 if (len < 4) {
1126 if (debug)
1127 log(LOG_DEBUG,
1128 "%s%d: %s invalid packet length: %d bytes\n",
1129 ifp->if_name, ifp->if_unit, cp->name, len);
1130 return;
1131 }
1132 h = mtod (m, struct lcp_header*);
1133 if (debug) {
1134 log(LOG_DEBUG,
1135 "%s%d: %s input(%s): <%s id=0x%x len=%d",
1136 ifp->if_name, ifp->if_unit, cp->name,
1137 sppp_state_name(sp->state[cp->protoidx]),
1138 sppp_cp_type_name (h->type), h->ident, ntohs (h->len));
1139 if (len > 4)
1140 sppp_print_bytes ((u_char*) (h+1), len-4);
1141 addlog(">\n");
1142 }
1143 if (len > ntohs (h->len))
1144 len = ntohs (h->len);
1145 p = (u_char *)(h + 1);
1146 switch (h->type) {
1147 case CONF_REQ:
1148 if (len < 4) {
1149 if (debug)
1150 addlog("%s%d: %s invalid conf-req length %d\n",
1151 ifp->if_name, ifp->if_unit, cp->name,
1152 len);
1153 ++ifp->if_ierrors;
1154 break;
1155 }
1156 /* handle states where RCR doesn't get a SCA/SCN */
1157 switch (sp->state[cp->protoidx]) {
1158 case STATE_CLOSING:
1159 case STATE_STOPPING:
1160 return;
1161 case STATE_CLOSED:
1162 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident,
1163 0, 0);
1164 return;
1165 }
1166 rv = (cp->RCR)(sp, h, len);
1167 switch (sp->state[cp->protoidx]) {
1168 case STATE_OPENED:
1169 (cp->tld)(sp);
1170 (cp->scr)(sp);
1171 /* fall through... */
1172 case STATE_ACK_SENT:
1173 case STATE_REQ_SENT:
1174 sppp_cp_change_state(cp, sp, rv?
1175 STATE_ACK_SENT: STATE_REQ_SENT);
1176 break;
1177 case STATE_STOPPED:
1178 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1179 (cp->scr)(sp);
1180 sppp_cp_change_state(cp, sp, rv?
1181 STATE_ACK_SENT: STATE_REQ_SENT);
1182 break;
1183 case STATE_ACK_RCVD:
1184 if (rv) {
1185 sppp_cp_change_state(cp, sp, STATE_OPENED);
1186 if (debug)
1187 log(LOG_DEBUG, "%s%d: %s tlu\n",
1188 ifp->if_name, ifp->if_unit,
1189 cp->name);
1190 (cp->tlu)(sp);
1191 } else
1192 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1193 break;
1194 default:
1195 printf("%s%d: %s illegal %s in state %s\n",
1196 ifp->if_name, ifp->if_unit, cp->name,
1197 sppp_cp_type_name(h->type),
1198 sppp_state_name(sp->state[cp->protoidx]));
1199 ++ifp->if_ierrors;
1200 }
1201 break;
1202 case CONF_ACK:
1203 if (h->ident != sp->confid[cp->protoidx]) {
1204 if (debug)
1205 addlog("%s%d: %s id mismatch 0x%x != 0x%x\n",
1206 ifp->if_name, ifp->if_unit, cp->name,
1207 h->ident, sp->confid[cp->protoidx]);
1208 ++ifp->if_ierrors;
1209 break;
1210 }
1211 switch (sp->state[cp->protoidx]) {
1212 case STATE_CLOSED:
1213 case STATE_STOPPED:
1214 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1215 break;
1216 case STATE_CLOSING:
1217 case STATE_STOPPING:
1218 break;
1219 case STATE_REQ_SENT:
1220 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1221 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1222 break;
1223 case STATE_OPENED:
1224 (cp->tld)(sp);
1225 /* fall through */
1226 case STATE_ACK_RCVD:
1227 (cp->scr)(sp);
1228 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1229 break;
1230 case STATE_ACK_SENT:
1231 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1232 sppp_cp_change_state(cp, sp, STATE_OPENED);
1233 if (debug)
1234 log(LOG_DEBUG, "%s%d: %s tlu\n",
1235 ifp->if_name, ifp->if_unit, cp->name);
1236 (cp->tlu)(sp);
1237 break;
1238 default:
1239 printf("%s%d: %s illegal %s in state %s\n",
1240 ifp->if_name, ifp->if_unit, cp->name,
1241 sppp_cp_type_name(h->type),
1242 sppp_state_name(sp->state[cp->protoidx]));
1243 ++ifp->if_ierrors;
1244 }
1245 break;
1246 case CONF_NAK:
1247 case CONF_REJ:
1248 if (h->ident != sp->confid[cp->protoidx]) {
1249 if (debug)
1250 addlog("%s%d: %s id mismatch 0x%x != 0x%x\n",
1251 ifp->if_name, ifp->if_unit, cp->name,
1252 h->ident, sp->confid[cp->protoidx]);
1253 ++ifp->if_ierrors;
1254 break;
1255 }
1256 if (h->type == CONF_NAK)
1257 (cp->RCN_nak)(sp, h, len);
1258 else /* CONF_REJ */
1259 (cp->RCN_rej)(sp, h, len);
1260
1261 switch (sp->state[cp->protoidx]) {
1262 case STATE_CLOSED:
1263 case STATE_STOPPED:
1264 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1265 break;
1266 case STATE_REQ_SENT:
1267 case STATE_ACK_SENT:
1268 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1269 (cp->scr)(sp);
1270 break;
1271 case STATE_OPENED:
1272 (cp->tld)(sp);
1273 /* fall through */
1274 case STATE_ACK_RCVD:
1275 sppp_cp_change_state(cp, sp, STATE_ACK_SENT);
1276 (cp->scr)(sp);
1277 break;
1278 case STATE_CLOSING:
1279 case STATE_STOPPING:
1280 break;
1281 default:
1282 printf("%s%d: %s illegal %s in state %s\n",
1283 ifp->if_name, ifp->if_unit, cp->name,
1284 sppp_cp_type_name(h->type),
1285 sppp_state_name(sp->state[cp->protoidx]));
1286 ++ifp->if_ierrors;
1287 }
1288 break;
1289
1290 case TERM_REQ:
1291 switch (sp->state[cp->protoidx]) {
1292 case STATE_ACK_RCVD:
1293 case STATE_ACK_SENT:
1294 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1295 /* fall through */
1296 case STATE_CLOSED:
1297 case STATE_STOPPED:
1298 case STATE_CLOSING:
1299 case STATE_STOPPING:
1300 case STATE_REQ_SENT:
1301 sta:
1302 /* Send Terminate-Ack packet. */
1303 if (debug)
1304 log(LOG_DEBUG, "%s%d: %s send terminate-ack\n",
1305 ifp->if_name, ifp->if_unit, cp->name);
1306 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1307 break;
1308 case STATE_OPENED:
1309 (cp->tld)(sp);
1310 sp->rst_counter[cp->protoidx] = 0;
1311 sppp_cp_change_state(cp, sp, STATE_STOPPING);
1312 goto sta;
1313 break;
1314 default:
1315 printf("%s%d: %s illegal %s in state %s\n",
1316 ifp->if_name, ifp->if_unit, cp->name,
1317 sppp_cp_type_name(h->type),
1318 sppp_state_name(sp->state[cp->protoidx]));
1319 ++ifp->if_ierrors;
1320 }
1321 break;
1322 case TERM_ACK:
1323 switch (sp->state[cp->protoidx]) {
1324 case STATE_CLOSED:
1325 case STATE_STOPPED:
1326 case STATE_REQ_SENT:
1327 case STATE_ACK_SENT:
1328 break;
1329 case STATE_CLOSING:
1330 (cp->tlf)(sp);
1331 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1332 break;
1333 case STATE_STOPPING:
1334 (cp->tlf)(sp);
1335 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1336 break;
1337 case STATE_ACK_RCVD:
1338 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1339 break;
1340 case STATE_OPENED:
1341 (cp->tld)(sp);
1342 (cp->scr)(sp);
1343 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1344 break;
1345 default:
1346 printf("%s%d: %s illegal %s in state %s\n",
1347 ifp->if_name, ifp->if_unit, cp->name,
1348 sppp_cp_type_name(h->type),
1349 sppp_state_name(sp->state[cp->protoidx]));
1350 ++ifp->if_ierrors;
1351 }
1352 break;
1353 case CODE_REJ:
1354 case PROTO_REJ:
1355 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */
1356 log(LOG_INFO,
1357 "%s%d: %s: ignoring RXJ (%s) for proto 0x%x, "
1358 "danger will robinson\n",
1359 ifp->if_name, ifp->if_unit, cp->name,
1360 sppp_cp_type_name(h->type), ntohs(*((u_short *)p)));
1361 switch (sp->state[cp->protoidx]) {
1362 case STATE_CLOSED:
1363 case STATE_STOPPED:
1364 case STATE_REQ_SENT:
1365 case STATE_ACK_SENT:
1366 case STATE_CLOSING:
1367 case STATE_STOPPING:
1368 case STATE_OPENED:
1369 break;
1370 case STATE_ACK_RCVD:
1371 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1372 break;
1373 default:
1374 printf("%s%d: %s illegal %s in state %s\n",
1375 ifp->if_name, ifp->if_unit, cp->name,
1376 sppp_cp_type_name(h->type),
1377 sppp_state_name(sp->state[cp->protoidx]));
1378 ++ifp->if_ierrors;
1379 }
1380 break;
1381 case DISC_REQ:
1382 if (cp->proto != PPP_LCP)
1383 goto illegal;
1384 /* Discard the packet. */
1385 break;
1386 case ECHO_REQ:
1387 if (cp->proto != PPP_LCP)
1388 goto illegal;
1389 if (sp->state[cp->protoidx] != STATE_OPENED) {
1390 if (debug)
1391 addlog("%s%d: lcp echo req but lcp closed\n",
1392 ifp->if_name, ifp->if_unit);
1393 ++ifp->if_ierrors;
1394 break;
1395 }
1396 if (len < 8) {
1397 if (debug)
1398 addlog("%s%d: invalid lcp echo request "
1399 "packet length: %d bytes\n",
1400 ifp->if_name, ifp->if_unit, len);
1401 break;
1402 }
1403 if (ntohl (*(long*)(h+1)) == sp->lcp.magic) {
1404 /* Line loopback mode detected. */
1405 printf("%s%d: loopback\n", ifp->if_name, ifp->if_unit);
1406 if_down (ifp);
1407 sppp_qflush (&sp->pp_cpq);
1408
1409 /* Shut down the PPP link. */
1410 /* XXX */
1411 lcp.Down(sp);
1412 lcp.Up(sp);
1413 break;
1414 }
1415 *(long*)(h+1) = htonl (sp->lcp.magic);
1416 if (debug)
1417 addlog("%s%d: got lcp echo req, sending echo rep\n",
1418 ifp->if_name, ifp->if_unit);
1419 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1);
1420 break;
1421 case ECHO_REPLY:
1422 if (cp->proto != PPP_LCP)
1423 goto illegal;
1424 if (h->ident != sp->lcp.echoid) {
1425 ++ifp->if_ierrors;
1426 break;
1427 }
1428 if (len < 8) {
1429 if (debug)
1430 addlog("%s%d: lcp invalid echo reply "
1431 "packet length: %d bytes\n",
1432 ifp->if_name, ifp->if_unit, len);
1433 break;
1434 }
1435 if (debug)
1436 addlog("%s%d: lcp got echo rep\n",
1437 ifp->if_name, ifp->if_unit);
1438 if (ntohl (*(long*)(h+1)) != sp->lcp.magic)
1439 sp->pp_alivecnt = 0;
1440 break;
1441 default:
1442 /* Unknown packet type -- send Code-Reject packet. */
1443 illegal:
1444 if (debug)
1445 addlog("%s%d: %c send code-rej for 0x%x\n",
1446 ifp->if_name, ifp->if_unit, cp->name, h->type);
1447 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq,
1448 m->m_pkthdr.len, h);
1449 ++ifp->if_ierrors;
1450 }
1451}
1452
1453
1454/*
1455 * The generic part of all Up/Down/Open/Close/TO event handlers.
1456 * Basically, the state transition handling in the automaton.
1457 */
1458static void
1459sppp_up_event(const struct cp *cp, struct sppp *sp)
1460{
1461 STDDCL;
1462
1463 if (debug)
1464 log(LOG_DEBUG, "%s%d: %s up(%s)\n",
1465 ifp->if_name, ifp->if_unit, cp->name,
1466 sppp_state_name(sp->state[cp->protoidx]));
1467
1468 switch (sp->state[cp->protoidx]) {
1469 case STATE_INITIAL:
1470 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1471 break;
1472 case STATE_STARTING:
1473 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1474 (cp->scr)(sp);
1475 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1476 break;
1477 default:
1478 printf("%s%d: %s illegal up in state %s\n",
1479 ifp->if_name, ifp->if_unit, cp->name,
1480 sppp_state_name(sp->state[cp->protoidx]));
1481 }
1482}
1483
1484static void
1485sppp_down_event(const struct cp *cp, struct sppp *sp)
1486{
1487 STDDCL;
1488
1489 if (debug)
1490 log(LOG_DEBUG, "%s%d: %s down(%s)\n",
1491 ifp->if_name, ifp->if_unit, cp->name,
1492 sppp_state_name(sp->state[cp->protoidx]));
1493
1494 switch (sp->state[cp->protoidx]) {
1495 case STATE_CLOSED:
1496 case STATE_CLOSING:
1497 sppp_cp_change_state(cp, sp, STATE_INITIAL);
1498 break;
1499 case STATE_STOPPED:
1500 (cp->tls)(sp);
1501 /* fall through */
1502 case STATE_STOPPING:
1503 case STATE_REQ_SENT:
1504 case STATE_ACK_RCVD:
1505 case STATE_ACK_SENT:
1506 sppp_cp_change_state(cp, sp, STATE_STARTING);
1507 break;
1508 case STATE_OPENED:
1509 (cp->tld)(sp);
1510 sppp_cp_change_state(cp, sp, STATE_STARTING);
1511 break;
1512 default:
1513 printf("%s%d: %s illegal down in state %s\n",
1514 ifp->if_name, ifp->if_unit, cp->name,
1515 sppp_state_name(sp->state[cp->protoidx]));
1516 }
1517}
1518
1519
1520static void
1521sppp_open_event(const struct cp *cp, struct sppp *sp)
1522{
1523 STDDCL;
1524
1525 if (debug)
1526 log(LOG_DEBUG, "%s%d: %s open(%s)\n",
1527 ifp->if_name, ifp->if_unit, cp->name,
1528 sppp_state_name(sp->state[cp->protoidx]));
1529
1530 switch (sp->state[cp->protoidx]) {
1531 case STATE_INITIAL:
1532 (cp->tls)(sp);
1533 sppp_cp_change_state(cp, sp, STATE_STARTING);
1534 break;
1535 case STATE_STARTING:
1536 break;
1537 case STATE_CLOSED:
1538 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1539 (cp->scr)(sp);
1540 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1541 break;
1542 case STATE_STOPPED:
1543 case STATE_STOPPING:
1544 case STATE_REQ_SENT:
1545 case STATE_ACK_RCVD:
1546 case STATE_ACK_SENT:
1547 case STATE_OPENED:
1548 break;
1549 case STATE_CLOSING:
1550 sppp_cp_change_state(cp, sp, STATE_STOPPING);
1551 break;
1552 }
1553}
1554
1555
1556static void
1557sppp_close_event(const struct cp *cp, struct sppp *sp)
1558{
1559 STDDCL;
1560
1561 if (debug)
1562 log(LOG_DEBUG, "%s%d: %s close(%s)\n",
1563 ifp->if_name, ifp->if_unit, cp->name,
1564 sppp_state_name(sp->state[cp->protoidx]));
1565
1566 switch (sp->state[cp->protoidx]) {
1567 case STATE_INITIAL:
1568 case STATE_CLOSED:
1569 case STATE_CLOSING:
1570 break;
1571 case STATE_STARTING:
1572 (cp->tlf)(sp);
1573 sppp_cp_change_state(cp, sp, STATE_INITIAL);
1574 break;
1575 case STATE_STOPPED:
1576 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1577 break;
1578 case STATE_STOPPING:
1579 sppp_cp_change_state(cp, sp, STATE_CLOSING);
1580 break;
1581 case STATE_OPENED:
1582 (cp->tld)(sp);
1583 /* fall through */
1584 case STATE_REQ_SENT:
1585 case STATE_ACK_RCVD:
1586 case STATE_ACK_SENT:
1587 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate;
1588 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0);
1589 sppp_cp_change_state(cp, sp, STATE_CLOSING);
1590 break;
1591 }
1592}
1593
1594static void
1595sppp_to_event(const struct cp *cp, struct sppp *sp)
1596{
1597 STDDCL;
1598 int s;
1599
1600 s = splimp();
1601 if (debug)
1602 log(LOG_DEBUG, "%s%d: %s TO(%s) rst_counter = %d\n",
1603 ifp->if_name, ifp->if_unit, cp->name,
1604 sppp_state_name(sp->state[cp->protoidx]),
1605 sp->rst_counter[cp->protoidx]);
1606
1607 if (--sp->rst_counter[cp->protoidx] < 0)
1608 /* TO- event */
1609 switch (sp->state[cp->protoidx]) {
1610 case STATE_CLOSING:
1611 (cp->tlf)(sp);
1612 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1613 break;
1614 case STATE_STOPPING:
1615 (cp->tlf)(sp);
1616 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1617 break;
1618 case STATE_REQ_SENT:
1619 case STATE_ACK_RCVD:
1620 case STATE_ACK_SENT:
1621 (cp->tlf)(sp);
1622 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1623 break;
1624 }
1625 else
1626 /* TO+ event */
1627 switch (sp->state[cp->protoidx]) {
1628 case STATE_CLOSING:
1629 case STATE_STOPPING:
1630 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq,
1631 0, 0);
1632 sp->ch[cp->protoidx] = timeout(cp->TO, (void *)sp,
1633 sp->lcp.timeout);
1634 break;
1635 case STATE_REQ_SENT:
1636 case STATE_ACK_RCVD:
1637 (cp->scr)(sp);
1638 /* sppp_cp_change_state() will restart the timer */
1639 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1640 break;
1641 case STATE_ACK_SENT:
1642 (cp->scr)(sp);
1643 sp->ch[cp->protoidx] = timeout(cp->TO, (void *)sp,
1644 sp->lcp.timeout);
1645 break;
1646 }
1647
1648 splx(s);
1649}
1650
1651/*
1652 * Change the state of a control protocol in the state automaton.
1653 * Takes care of starting/stopping the restart timer.
1654 */
1655void
1656sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate)
1657{
1658 sp->state[cp->protoidx] = newstate;
1659
1660 untimeout(cp->TO, (void *)sp, sp->ch[cp->protoidx]);
1661 switch (newstate) {
1662 case STATE_INITIAL:
1663 case STATE_STARTING:
1664 case STATE_CLOSED:
1665 case STATE_STOPPED:
1666 case STATE_OPENED:
1667 break;
1668 case STATE_CLOSING:
1669 case STATE_STOPPING:
1670 case STATE_REQ_SENT:
1671 case STATE_ACK_RCVD:
1672 case STATE_ACK_SENT:
1673 sp->ch[cp->protoidx] = timeout(cp->TO, (void *)sp,
1674 sp->lcp.timeout);
1675 break;
1676 }
1677}
1678�/*
1679 *--------------------------------------------------------------------------*
1680 * *
1681 * The LCP implementation. *
1682 * *
1683 *--------------------------------------------------------------------------*
1684 */
1685static void
1686sppp_lcp_init(struct sppp *sp)
1687{
1688 sp->lcp.opts = (1 << LCP_OPT_MAGIC);
1689 sp->lcp.magic = 0;
1690 sp->state[IDX_LCP] = STATE_INITIAL;
1691 sp->fail_counter[IDX_LCP] = 0;
1692 sp->lcp.protos = 0;
1693 sp->lcp.mru = sp->lcp.their_mru = PP_MTU;
1694
1695 /*
1696 * Initialize counters and timeout values. Note that we don't
1697 * use the 3 seconds suggested in RFC 1661 since we are likely
1698 * running on a fast link. XXX We should probably implement
1699 * the exponential backoff option. Note that these values are
1700 * relevant for all control protocols, not just LCP only.
1701 */
1702 sp->lcp.timeout = 1 * hz;
1703 sp->lcp.max_terminate = 2;
1704 sp->lcp.max_configure = 10;
1705 sp->lcp.max_failure = 10;
1706 callout_handle_init(&sp->ch[IDX_LCP]);
1707}
1708
1709static void
1710sppp_lcp_up(struct sppp *sp)
1711{
1712 STDDCL;
1713
1714 /*
1715 * If this interface is passive or dial-on-demand, and we are
1716 * still in Initial state, it means we've got an incoming
1717 * call. Activate the interface.
1718 */
1719 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) {
1720 if (debug)
1721 log(LOG_DEBUG,
1722 "%s%d: Up event", ifp->if_name, ifp->if_unit);
1723 ifp->if_flags |= IFF_RUNNING;
1724 if (sp->state[IDX_LCP] == STATE_INITIAL) {
1725 if (debug)
1726 addlog("(incoming call)\n");
1727 sp->pp_flags |= PP_CALLIN;
1728 lcp.Open(sp);
1729 } else if (debug)
1730 addlog("\n");
1731 }
1732
1733 sppp_up_event(&lcp, sp);
1734}
1735
1736static void
1737sppp_lcp_down(struct sppp *sp)
1738{
1739 STDDCL;
1740
1741 sppp_down_event(&lcp, sp);
1742
1743 /*
1744 * If this is neither a dial-on-demand nor a passive
1745 * interface, simulate an ``ifconfig down'' action, so the
1746 * administrator can force a redial by another ``ifconfig
1747 * up''. XXX For leased line operation, should we immediately
1748 * try to reopen the connection here?
1749 */
1750 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) {
1751 log(LOG_INFO,
1752 "%s%d: Down event (carrier loss), taking interface down.\n",
1753 ifp->if_name, ifp->if_unit);
1754 if_down(ifp);
1755 } else {
1756 if (debug)
1757 log(LOG_DEBUG,
1758 "%s%d: Down event (carrier loss)\n",
1759 ifp->if_name, ifp->if_unit);
1760 }
1761 sp->pp_flags &= ~PP_CALLIN;
1762 if (sp->state[IDX_LCP] != STATE_INITIAL)
1763 lcp.Close(sp);
1764 ifp->if_flags &= ~IFF_RUNNING;
1765}
1766
1767static void
1768sppp_lcp_open(struct sppp *sp)
1769{
1770 /*
1771 * If we are authenticator, negotiate LCP_AUTH
1772 */
1773 if (sp->hisauth.proto != 0)
1774 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO);
1775 else
1776 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
1777 sp->pp_flags &= ~PP_NEEDAUTH;
1778 sppp_open_event(&lcp, sp);
1779}
1780
1781static void
1782sppp_lcp_close(struct sppp *sp)
1783{
1784 sppp_close_event(&lcp, sp);
1785}
1786
1787static void
1788sppp_lcp_TO(void *cookie)
1789{
1790 sppp_to_event(&lcp, (struct sppp *)cookie);
1791}
1792
1793/*
1794 * Analyze a configure request. Return true if it was agreeable, and
1795 * caused action sca, false if it has been rejected or nak'ed, and
1796 * caused action scn. (The return value is used to make the state
1797 * transition decision in the state automaton.)
1798 */
1799static int
1800sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
1801{
1802 STDDCL;
1803 u_char *buf, *r, *p;
1804 int origlen, rlen;
1805 u_long nmagic;
1806 u_short authproto;
1807
1808 len -= 4;
1809 origlen = len;
1810 buf = r = malloc (len, M_TEMP, M_NOWAIT);
1811 if (! buf)
1812 return (0);
1813
1814 if (debug)
1815 log(LOG_DEBUG, "%s%d: lcp parse opts: ",
1816 ifp->if_name, ifp->if_unit);
1817
1818 /* pass 1: check for things that need to be rejected */
1819 p = (void*) (h+1);
1820 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
1821 if (debug)
1822 addlog(" %s ", sppp_lcp_opt_name(*p));
1823 switch (*p) {
1824 case LCP_OPT_MAGIC:
1825 /* Magic number. */
1826 /* fall through, both are same length */
1827 case LCP_OPT_ASYNC_MAP:
1828 /* Async control character map. */
1829 if (len >= 6 || p[1] == 6)
1830 continue;
1831 if (debug)
1832 addlog("[invalid] ");
1833 break;
1834 case LCP_OPT_MRU:
1835 /* Maximum receive unit. */
1836 if (len >= 4 && p[1] == 4)
1837 continue;
1838 if (debug)
1839 addlog("[invalid] ");
1840 break;
1841 case LCP_OPT_AUTH_PROTO:
1842 if (len < 4) {
1843 if (debug)
1844 addlog("[invalid] ");
1845 break;
1846 }
1847 authproto = (p[2] << 8) + p[3];
1848 if (authproto == PPP_CHAP && p[1] != 5) {
1849 if (debug)
1850 addlog("[invalid chap len] ");
1851 break;
1852 }
1853 if (sp->myauth.proto == 0) {
1854 /* we are not configured to do auth */
1855 if (debug)
1856 addlog("[not configured] ");
1857 break;
1858 }
1859 /*
1860 * Remote want us to authenticate, remember this,
1861 * so we stay in PHASE_AUTHENTICATE after LCP got
1862 * up.
1863 */
1864 sp->pp_flags |= PP_NEEDAUTH;
1865 continue;
1866 default:
1867 /* Others not supported. */
1868 if (debug)
1869 addlog("[rej] ");
1870 break;
1871 }
1872 /* Add the option to rejected list. */
1873 bcopy (p, r, p[1]);
1874 r += p[1];
1875 rlen += p[1];
1876 }
1877 if (rlen) {
1878 if (debug)
1879 addlog(" send conf-rej\n");
1880 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
1881 return 0;
1882 } else if (debug)
1883 addlog("\n");
1884
1885 /*
1886 * pass 2: check for option values that are unacceptable and
1887 * thus require to be nak'ed.
1888 */
1889 if (debug)
1890 log(LOG_DEBUG, "%s%d: lcp parse opt values: ",
1891 ifp->if_name, ifp->if_unit);
1892
1893 p = (void*) (h+1);
1894 len = origlen;
1895 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
1896 if (debug)
1897 addlog(" %s ", sppp_lcp_opt_name(*p));
1898 switch (*p) {
1899 case LCP_OPT_MAGIC:
1900 /* Magic number -- extract. */
1901 nmagic = (u_long)p[2] << 24 |
1902 (u_long)p[3] << 16 | p[4] << 8 | p[5];
1903 if (nmagic != sp->lcp.magic) {
1904 if (debug)
1905 addlog("0x%x ", nmagic);
1906 continue;
1907 }
1908 /*
1909 * Local and remote magics equal -- loopback?
1910 */
1911 if (sp->pp_loopcnt >= MAXALIVECNT*5) {
1912 printf ("%s%d: loopback\n",
1913 ifp->if_name, ifp->if_unit);
1914 sp->pp_loopcnt = 0;
1915 if (ifp->if_flags & IFF_UP) {
1916 if_down(ifp);
1917 sppp_qflush(&sp->pp_cpq);
1918 /* XXX ? */
1919 lcp.Down(sp);
1920 lcp.Up(sp);
1921 }
1922 } else if (debug)
1923 addlog("[glitch] ");
1924 ++sp->pp_loopcnt;
1925 /*
1926 * We negate our magic here, and NAK it. If
1927 * we see it later in an NAK packet, we
1928 * suggest a new one.
1929 */
1930 nmagic = ~sp->lcp.magic;
1931 /* Gonna NAK it. */
1932 p[2] = nmagic >> 24;
1933 p[3] = nmagic >> 16;
1934 p[4] = nmagic >> 8;
1935 p[5] = nmagic;
1936 break;
1937
1938 case LCP_OPT_ASYNC_MAP:
1939 /* Async control character map -- check to be zero. */
1940 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) {
1941 if (debug)
1942 addlog("[empty] ");
1943 continue;
1944 }
1945 if (debug)
1946 addlog("[non-empty] ");
1947 /* suggest a zero one */
1948 p[2] = p[3] = p[4] = p[5] = 0;
1949 break;
1950
1951 case LCP_OPT_MRU:
1952 /*
1953 * Maximum receive unit. Always agreeable,
1954 * but ignored by now.
1955 */
1956 sp->lcp.their_mru = p[2] * 256 + p[3];
1957 if (debug)
1958 addlog("%d ", sp->lcp.their_mru);
1959 continue;
1960
1961 case LCP_OPT_AUTH_PROTO:
1962 authproto = (p[2] << 8) + p[3];
1963 if (sp->myauth.proto != authproto) {
1964 /* not agreed, nak */
1965 if (debug)
1966 addlog("[mine %s != his %s] ",
1967 sppp_proto_name(sp->hisauth.proto),
1968 sppp_proto_name(authproto));
1969 p[2] = sp->myauth.proto >> 8;
1970 p[3] = sp->myauth.proto;
1971 break;
1972 }
1973 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) {
1974 if (debug)
1975 addlog("[chap not MD5] ");
1976 p[4] == CHAP_MD5;
1977 break;
1978 }
1979 continue;
1980 }
1981 /* Add the option to nak'ed list. */
1982 bcopy (p, r, p[1]);
1983 r += p[1];
1984 rlen += p[1];
1985 }
1986 if (rlen) {
1987 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) {
1988 if (debug)
1989 addlog(" max_failure (%d) exceeded, "
1990 "send conf-rej\n",
1991 sp->lcp.max_failure);
1992 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
1993 } else {
1994 if (debug)
1995 addlog(" send conf-nak\n");
1996 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf);
1997 }
1998 return 0;
1999 } else {
2000 if (debug)
2001 addlog(" send conf-ack\n");
2002 sp->fail_counter[IDX_LCP] = 0;
2003 sp->pp_loopcnt = 0;
2004 sppp_cp_send (sp, PPP_LCP, CONF_ACK,
2005 h->ident, origlen, h+1);
2006 }
2007
2008 free (buf, M_TEMP);
2009 return (rlen == 0);
2010}
2011
2012/*
2013 * Analyze the LCP Configure-Reject option list, and adjust our
2014 * negotiation.
2015 */
2016static void
2017sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
2018{
2019 STDDCL;
2020 u_char *buf, *p;
2021
2022 len -= 4;
2023 buf = malloc (len, M_TEMP, M_NOWAIT);
2024 if (!buf)
2025 return;
2026
2027 if (debug)
2028 log(LOG_DEBUG, "%s%d: lcp rej opts: ",
2029 ifp->if_name, ifp->if_unit);
2030
2031 p = (void*) (h+1);
2032 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
2033 if (debug)
2034 addlog(" %s ", sppp_lcp_opt_name(*p));
2035 switch (*p) {
2036 case LCP_OPT_MAGIC:
2037 /* Magic number -- can't use it, use 0 */
2038 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC);
2039 sp->lcp.magic = 0;
2040 break;
2041 case LCP_OPT_MRU:
2042 /*
2043 * Should not be rejected anyway, since we only
2044 * negotiate a MRU if explicitly requested by
2045 * peer.
2046 */
2047 sp->lcp.opts &= ~(1 << LCP_OPT_MRU);
2048 break;
2049 case LCP_OPT_AUTH_PROTO:
2050 /*
2051 * Peer doesn't want to authenticate himself,
2052 * deny unless this is a dialout call, and
2053 * AUTHFLAG_NOCALLOUT is set.
2054 */
2055 if ((sp->pp_flags & PP_CALLIN) == 0 &&
2056 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) {
2057 if (debug)
2058 addlog("[don't insist on auth "
2059 "for callout]");
2060 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
2061 break;
2062 }
2063 if (debug)
2064 addlog("[access denied]\n");
2065 lcp.Close(sp);
2066 break;
2067 }
2068 }
2069 if (debug)
2070 addlog("\n");
2071 free (buf, M_TEMP);
2072 return;
2073}
2074
2075/*
2076 * Analyze the LCP Configure-NAK option list, and adjust our
2077 * negotiation.
2078 */
2079static void
2080sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
2081{
2082 STDDCL;
2083 u_char *buf, *p;
2084 u_long magic;
2085
2086 len -= 4;
2087 buf = malloc (len, M_TEMP, M_NOWAIT);
2088 if (!buf)
2089 return;
2090
2091 if (debug)
2092 log(LOG_DEBUG, "%s%d: lcp nak opts: ",
2093 ifp->if_name, ifp->if_unit);
2094
2095 p = (void*) (h+1);
2096 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
2097 if (debug)
2098 addlog(" %s ", sppp_lcp_opt_name(*p));
2099 switch (*p) {
2100 case LCP_OPT_MAGIC:
2101 /* Magic number -- renegotiate */
2102 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) &&
2103 len >= 6 && p[1] == 6) {
2104 magic = (u_long)p[2] << 24 |
2105 (u_long)p[3] << 16 | p[4] << 8 | p[5];
2106 /*
2107 * If the remote magic is our negated one,
2108 * this looks like a loopback problem.
2109 * Suggest a new magic to make sure.
2110 */
2111 if (magic == ~sp->lcp.magic) {
2112 if (debug)
2113 addlog("magic glitch ");
2114 sp->lcp.magic += time.tv_sec + time.tv_usec;
2115 } else {
2116 sp->lcp.magic = magic;
2117 if (debug)
2118 addlog("%d ");
2119 }
2120 }
2121 break;
2122 case LCP_OPT_MRU:
2123 /*
2124 * Peer wants to advise us to negotiate an MRU.
2125 * Agree on it if it's reasonable, or use
2126 * default otherwise.
2127 */
2128 if (len >= 4 && p[1] == 4) {
2129 u_int mru = p[2] * 256 + p[3];
2130 if (debug)
2131 addlog("%d ", mru);
2132 if (mru < PP_MTU || mru > PP_MAX_MRU)
2133 mru = PP_MTU;
2134 sp->lcp.mru = mru;
2135 sp->lcp.opts |= (1 << LCP_OPT_MRU);
2136 }
2137 break;
2138 case LCP_OPT_AUTH_PROTO:
2139 /*
2140 * Peer doesn't like our authentication method,
2141 * deny.
2142 */
2143 if (debug)
2144 addlog("[access denied]\n");
2145 lcp.Close(sp);
2146 break;
2147 }
2148 }
2149 if (debug)
2150 addlog("\n");
2151 free (buf, M_TEMP);
2152 return;
2153}
2154
2155static void
2156sppp_lcp_tlu(struct sppp *sp)
2157{
2158 STDDCL;
2159 int i;
2160 u_long mask;
2161
2162 /* XXX ? */
2163 if (! (ifp->if_flags & IFF_UP) &&
2164 (ifp->if_flags & IFF_RUNNING)) {
2165 /* Coming out of loopback mode. */
2166 if_up(ifp);
2167 printf ("%s%d: up\n", ifp->if_name, ifp->if_unit);
2168 }
2169
2170 for (i = 0; i < IDX_COUNT; i++)
2171 if ((cps[i])->flags & CP_QUAL)
2172 (cps[i])->Open(sp);
2173
2174 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 ||
2175 (sp->pp_flags & PP_NEEDAUTH) != 0)
2176 sp->pp_phase = PHASE_AUTHENTICATE;
2177 else
2178 sp->pp_phase = PHASE_NETWORK;
2179
2180 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit,
2181 sppp_phase_name(sp->pp_phase));
2182
2183 /*
2184 * Open all authentication protocols. This is even required
2185 * if we already proceeded to network phase, since it might be
2186 * that remote wants us to authenticate, so we might have to
2187 * send a PAP request. Undesired authentication protocols
2188 * don't do anything when they get an Open event.
2189 */
2190 for (i = 0; i < IDX_COUNT; i++)
2191 if ((cps[i])->flags & CP_AUTH)
2192 (cps[i])->Open(sp);
2193
2194 if (sp->pp_phase == PHASE_NETWORK) {
2195 /* Notify all NCPs. */
2196 for (i = 0; i < IDX_COUNT; i++)
2197 if ((cps[i])->flags & CP_NCP)
2198 (cps[i])->Open(sp);
2199 }
2200
2201 /* Send Up events to all started protos. */
2202 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2203 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0)
2204 (cps[i])->Up(sp);
2205
2206 if (sp->pp_phase == PHASE_NETWORK)
2207 /* if no NCP is starting, close down */
2208 sppp_lcp_check_and_close(sp);
2209}
2210
2211static void
2212sppp_lcp_tld(struct sppp *sp)
2213{
2214 STDDCL;
2215 int i;
2216 u_long mask;
2217
2218 sp->pp_phase = PHASE_TERMINATE;
2219
2220 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit,
2221 sppp_phase_name(sp->pp_phase));
2222
2223 /*
2224 * Take upper layers down. We send the Down event first and
2225 * the Close second to prevent the upper layers from sending
2226 * ``a flurry of terminate-request packets'', as the RFC
2227 * describes it.
2228 */
2229 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2230 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) {
2231 (cps[i])->Down(sp);
2232 (cps[i])->Close(sp);
2233 }
2234}
2235
2236static void
2237sppp_lcp_tls(struct sppp *sp)
2238{
2239 STDDCL;
2240
2241 sp->pp_phase = PHASE_ESTABLISH;
2242
2243 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit,
2244 sppp_phase_name(sp->pp_phase));
2245
2246 /* Notify lower layer if desired. */
2247 if (sp->pp_tls)
2248 (sp->pp_tls)(sp);
2249}
2250
2251static void
2252sppp_lcp_tlf(struct sppp *sp)
2253{
2254 STDDCL;
2255
2256 sp->pp_phase = PHASE_DEAD;
2257 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit,
2258 sppp_phase_name(sp->pp_phase));
2259
2260 /* Notify lower layer if desired. */
2261 if (sp->pp_tlf)
2262 (sp->pp_tlf)(sp);
2263}
2264
2265static void
2266sppp_lcp_scr(struct sppp *sp)
2267{
2268 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */];
2269 int i = 0;
2270 u_short authproto;
2271
2272 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) {
2273 if (! sp->lcp.magic)
2274 sp->lcp.magic = time.tv_sec + time.tv_usec;
2275 opt[i++] = LCP_OPT_MAGIC;
2276 opt[i++] = 6;
2277 opt[i++] = sp->lcp.magic >> 24;
2278 opt[i++] = sp->lcp.magic >> 16;
2279 opt[i++] = sp->lcp.magic >> 8;
2280 opt[i++] = sp->lcp.magic;
2281 }
2282
2283 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) {
2284 opt[i++] = LCP_OPT_MRU;
2285 opt[i++] = 4;
2286 opt[i++] = sp->lcp.mru >> 8;
2287 opt[i++] = sp->lcp.mru;
2288 }
2289
2290 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) {
2291 authproto = sp->hisauth.proto;
2292 opt[i++] = LCP_OPT_AUTH_PROTO;
2293 opt[i++] = authproto == PPP_CHAP? 5: 4;
2294 opt[i++] = authproto >> 8;
2295 opt[i++] = authproto;
2296 if (authproto == PPP_CHAP)
2297 opt[i++] = CHAP_MD5;
2298 }
2299
2300 sp->confid[IDX_LCP] = ++sp->pp_seq;
2301 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt);
2302}
2303
2304/*
2305 * Check the open NCPs, return true if at least one NCP is open.
2306 */
2307static int
2308sppp_ncp_check(struct sppp *sp)
2309{
2310 int i, mask;
2311
2312 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2313 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP)
2314 return 1;
2315 return 0;
2316}
2317
2318/*
2319 * Re-check the open NCPs and see if we should terminate the link.
2320 * Called by the NCPs during their tlf action handling.
2321 */
2322static void
2323sppp_lcp_check_and_close(struct sppp *sp)
2324{
2325
2326 if (sp->pp_phase < PHASE_NETWORK)
2327 /* don't bother, we are already going down */
2328 return;
2329
2330 if (sppp_ncp_check(sp))
2331 return;
2332
2333 lcp.Close(sp);
2334}
2335�/*
2336 *--------------------------------------------------------------------------*
2337 * *
2338 * The IPCP implementation. *
2339 * *
2340 *--------------------------------------------------------------------------*
2341 */
2342
2343static void
2344sppp_ipcp_init(struct sppp *sp)
2345{
2346 sp->ipcp.opts = 0;
2347 sp->ipcp.flags = 0;
2348 sp->state[IDX_IPCP] = STATE_INITIAL;
2349 sp->fail_counter[IDX_IPCP] = 0;
2350 callout_handle_init(&sp->ch[IDX_IPCP]);
2351}
2352
2353static void
2354sppp_ipcp_up(struct sppp *sp)
2355{
2356 sppp_up_event(&ipcp, sp);
2357}
2358
2359static void
2360sppp_ipcp_down(struct sppp *sp)
2361{
2362 sppp_down_event(&ipcp, sp);
2363}
2364
2365static void
2366sppp_ipcp_open(struct sppp *sp)
2367{
2368 STDDCL;
2369 u_long myaddr, hisaddr;
2370
2371 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0);
2372 /*
2373 * If we don't have his address, this probably means our
2374 * interface doesn't want to talk IP at all. (This could
2375 * be the case if somebody wants to speak only IPX, for
2376 * example.) Don't open IPCP in this case.
2377 */
2378 if (hisaddr == 0L) {
2379 /* XXX this message should go away */
2380 if (debug)
2381 log(LOG_DEBUG, "%s%d: ipcp_open(): no IP interface\n",
2382 ifp->if_name, ifp->if_unit);
2383 return;
2384 }
2385
2386 if (myaddr == 0L) {
2387 /*
2388 * I don't have an assigned address, so i need to
2389 * negotiate my address.
2390 */
2391 sp->ipcp.flags |= IPCP_MYADDR_DYN;
2392 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
2393 }
2394 sppp_open_event(&ipcp, sp);
2395}
2396
2397static void
2398sppp_ipcp_close(struct sppp *sp)
2399{
2400 sppp_close_event(&ipcp, sp);
2401 if (sp->ipcp.flags & IPCP_MYADDR_DYN)
2402 /*
2403 * My address was dynamic, clear it again.
2404 */
2405 sppp_set_ip_addr(sp, 0L);
2406}
2407
2408static void
2409sppp_ipcp_TO(void *cookie)
2410{
2411 sppp_to_event(&ipcp, (struct sppp *)cookie);
2412}
2413
2414/*
2415 * Analyze a configure request. Return true if it was agreeable, and
2416 * caused action sca, false if it has been rejected or nak'ed, and
2417 * caused action scn. (The return value is used to make the state
2418 * transition decision in the state automaton.)
2419 */
2420static int
2421sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
2422{
2423 u_char *buf, *r, *p;
2424 struct ifnet *ifp = &sp->pp_if;
2425 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
2426 u_long hisaddr, desiredaddr;
2427
2428 len -= 4;
2429 origlen = len;
2430 /*
2431 * Make sure to allocate a buf that can at least hold a
2432 * conf-nak with an `address' option. We might need it below.
2433 */
2434 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT);
2435 if (! buf)
2436 return (0);
2437
2438 /* pass 1: see if we can recognize them */
2439 if (debug)
2440 log(LOG_DEBUG, "%s%d: ipcp parse opts: ",
2441 ifp->if_name, ifp->if_unit);
2442 p = (void*) (h+1);
2443 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2444 if (debug)
2445 addlog(" %s ", sppp_ipcp_opt_name(*p));
2446 switch (*p) {
2447#ifdef notyet
2448 case IPCP_OPT_COMPRESSION:
2449 if (len >= 6 && p[1] >= 6) {
2450 /* correctly formed compress option */
2451 continue;
2452 }
2453 if (debug)
2454 addlog("[invalid] ");
2455 break;
2456#endif
2457 case IPCP_OPT_ADDRESS:
2458 if (len >= 6 && p[1] == 6) {
2459 /* correctly formed address option */
2460 continue;
2461 }
2462 if (debug)
2463 addlog("[invalid] ");
2464 break;
2465 default:
2466 /* Others not supported. */
2467 if (debug)
2468 addlog("[rej] ");
2469 break;
2470 }
2471 /* Add the option to rejected list. */
2472 bcopy (p, r, p[1]);
2473 r += p[1];
2474 rlen += p[1];
2475 }
2476 if (rlen) {
2477 if (debug)
2478 addlog(" send conf-rej\n");
2479 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf);
2480 return 0;
2481 } else if (debug)
2482 addlog("\n");
2483
2484 /* pass 2: parse option values */
2485 sppp_get_ip_addrs(sp, 0, &hisaddr, 0);
2486 if (debug)
2487 log(LOG_DEBUG, "%s%d: ipcp parse opt values: ",
2488 ifp->if_name, ifp->if_unit);
2489 p = (void*) (h+1);
2490 len = origlen;
2491 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2492 if (debug)
2493 addlog(" %s ", sppp_ipcp_opt_name(*p));
2494 switch (*p) {
2495#ifdef notyet
2496 case IPCP_OPT_COMPRESSION:
2497 continue;
2498#endif
2499 case IPCP_OPT_ADDRESS:
2500 desiredaddr = p[2] << 24 | p[3] << 16 |
2501 p[4] << 8 | p[5];
2502 if (desiredaddr == hisaddr) {
2503 /*
2504 * Peer's address is same as our value,
2505 * this is agreeable. Gonna conf-ack
2506 * it.
2507 */
2508 if (debug)
2509 addlog("%s [ack] ",
2510 sppp_dotted_quad(hisaddr));
2511 /* record that we've seen it already */
2512 sp->ipcp.flags |= IPCP_HISADDR_SEEN;
2513 continue;
2514 }
2515 /*
2516 * The address wasn't agreeable. This is either
2517 * he sent us 0.0.0.0, asking to assign him an
2518 * address, or he send us another address not
2519 * matching our value. Either case, we gonna
2520 * conf-nak it with our value.
2521 */
2522 if (debug) {
2523 if (desiredaddr == 0)
2524 addlog("[addr requested] ");
2525 else
2526 addlog("%s [not agreed] ",
2527 sppp_dotted_quad(desiredaddr));
2528
2529 p[2] = hisaddr >> 24;
2530 p[3] = hisaddr >> 16;
2531 p[4] = hisaddr >> 8;
2532 p[5] = hisaddr;
2533 }
2534 break;
2535 }
2536 /* Add the option to nak'ed list. */
2537 bcopy (p, r, p[1]);
2538 r += p[1];
2539 rlen += p[1];
2540 }
2541
2542 /*
2543 * If we are about to conf-ack the request, but haven't seen
2544 * his address so far, gonna conf-nak it instead, with the
2545 * `address' option present and our idea of his address being
2546 * filled in there, to request negotiation of both addresses.
2547 *
2548 * XXX This can result in an endless req - nak loop if peer
2549 * doesn't want to send us his address. Q: What should we do
2550 * about it? XXX A: implement the max-failure counter.
2551 */
2552 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) {
2553 buf[0] = IPCP_OPT_ADDRESS;
2554 buf[1] = 6;
2555 buf[2] = hisaddr >> 24;
2556 buf[3] = hisaddr >> 16;
2557 buf[4] = hisaddr >> 8;
2558 buf[5] = hisaddr;
2559 rlen = 6;
2560 if (debug)
2561 addlog("still need hisaddr ");
2562 }
2563
2564 if (rlen) {
2565 if (debug)
2566 addlog(" send conf-nak\n");
2567 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf);
2568 } else {
2569 if (debug)
2570 addlog(" send conf-ack\n");
2571 sppp_cp_send (sp, PPP_IPCP, CONF_ACK,
2572 h->ident, origlen, h+1);
2573 }
2574
2575 free (buf, M_TEMP);
2576 return (rlen == 0);
2577}
2578
2579/*
2580 * Analyze the IPCP Configure-Reject option list, and adjust our
2581 * negotiation.
2582 */
2583static void
2584sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
2585{
2586 u_char *buf, *p;
2587 struct ifnet *ifp = &sp->pp_if;
2588 int debug = ifp->if_flags & IFF_DEBUG;
2589
2590 len -= 4;
2591 buf = malloc (len, M_TEMP, M_NOWAIT);
2592 if (!buf)
2593 return;
2594
2595 if (debug)
2596 log(LOG_DEBUG, "%s%d: ipcp rej opts: ",
2597 ifp->if_name, ifp->if_unit);
2598
2599 p = (void*) (h+1);
2600 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
2601 if (debug)
2602 addlog(" %s ", sppp_ipcp_opt_name(*p));
2603 switch (*p) {
2604 case IPCP_OPT_ADDRESS:
2605 /*
2606 * Peer doesn't grok address option. This is
2607 * bad. XXX Should we better give up here?
2608 */
2609 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS);
2610 break;
2611#ifdef notyet
2612 case IPCP_OPT_COMPRESS:
2613 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS);
2614 break;
2615#endif
2616 }
2617 }
2618 if (debug)
2619 addlog("\n");
2620 free (buf, M_TEMP);
2621 return;
2622}
2623
2624/*
2625 * Analyze the IPCP Configure-NAK option list, and adjust our
2626 * negotiation.
2627 */
2628static void
2629sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
2630{
2631 u_char *buf, *p;
2632 struct ifnet *ifp = &sp->pp_if;
2633 int debug = ifp->if_flags & IFF_DEBUG;
2634 u_long wantaddr;
2635
2636 len -= 4;
2637 buf = malloc (len, M_TEMP, M_NOWAIT);
2638 if (!buf)
2639 return;
2640
2641 if (debug)
2642 log(LOG_DEBUG, "%s%d: ipcp nak opts: ",
2643 ifp->if_name, ifp->if_unit);
2644
2645 p = (void*) (h+1);
2646 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
2647 if (debug)
2648 addlog(" %s ", sppp_ipcp_opt_name(*p));
2649 switch (*p) {
2650 case IPCP_OPT_ADDRESS:
2651 /*
2652 * Peer doesn't like our local IP address. See
2653 * if we can do something for him. We'll drop
2654 * him our address then.
2655 */
2656 if (len >= 6 && p[1] == 6) {
2657 wantaddr = p[2] << 24 | p[3] << 16 |
2658 p[4] << 8 | p[5];
2659 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
2660 if (debug)
2661 addlog("[wantaddr %s] ",
2662 sppp_dotted_quad(wantaddr));
2663 /*
2664 * When doing dynamic address assignment,
2665 * we accept his offer. Otherwise, we
2666 * ignore it and thus continue to negotiate
2667 * our already existing value.
2668 */
2669 if (sp->ipcp.flags & IPCP_MYADDR_DYN) {
2670 sppp_set_ip_addr(sp, wantaddr);
2671 if (debug)
2672 addlog("[agree] ");
2673 }
2674 }
2675 break;
2676#ifdef notyet
2677 case IPCP_OPT_COMPRESS:
2678 /*
2679 * Peer wants different compression parameters.
2680 */
2681 break;
2682#endif
2683 }
2684 }
2685 if (debug)
2686 addlog("\n");
2687 free (buf, M_TEMP);
2688 return;
2689}
2690
2691static void
2692sppp_ipcp_tlu(struct sppp *sp)
2693{
2694}
2695
2696static void
2697sppp_ipcp_tld(struct sppp *sp)
2698{
2699}
2700
2701static void
2702sppp_ipcp_tls(struct sppp *sp)
2703{
2704 /* indicate to LCP that it must stay alive */
2705 sp->lcp.protos |= (1 << IDX_IPCP);
2706}
2707
2708static void
2709sppp_ipcp_tlf(struct sppp *sp)
2710{
2711 /* we no longer need LCP */
2712 sp->lcp.protos &= ~(1 << IDX_IPCP);
2713 sppp_lcp_check_and_close(sp);
2714}
2715
2716static void
2717sppp_ipcp_scr(struct sppp *sp)
2718{
2719 char opt[6 /* compression */ + 6 /* address */];
2720 u_long ouraddr;
2721 int i = 0;
2722
2723#ifdef notyet
2724 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) {
2725 opt[i++] = IPCP_OPT_COMPRESSION;
2726 opt[i++] = 6;
2727 opt[i++] = 0; /* VJ header compression */
2728 opt[i++] = 0x2d; /* VJ header compression */
2729 opt[i++] = max_slot_id;
2730 opt[i++] = comp_slot_id;
2731 }
2732#endif
2733
2734 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) {
2735 sppp_get_ip_addrs(sp, &ouraddr, 0, 0);
2736 opt[i++] = IPCP_OPT_ADDRESS;
2737 opt[i++] = 6;
2738 opt[i++] = ouraddr >> 24;
2739 opt[i++] = ouraddr >> 16;
2740 opt[i++] = ouraddr >> 8;
2741 opt[i++] = ouraddr;
2742 }
2743
2744 sp->confid[IDX_IPCP] = ++sp->pp_seq;
2745 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt);
2746}
2747
2748
2749�/*
2750 *--------------------------------------------------------------------------*
2751 * *
2752 * The CHAP implementation. *
2753 * *
2754 *--------------------------------------------------------------------------*
2755 */
2756
2757/*
2758 * The authentication protocols don't employ a full-fledged state machine as
2759 * the control protocols do, since they do have Open and Close events, but
2760 * not Up and Down, nor are they explicitly terminated. Also, use of the
2761 * authentication protocols may be different in both directions (this makes
2762 * sense, think of a machine that never accepts incoming calls but only
2763 * calls out, it doesn't require the called party to authenticate itself).
2764 *
2765 * Our state machine for the local authentication protocol (we are requesting
2766 * the peer to authenticate) looks like:
2767 *
2768 * RCA-
2769 * +--------------------------------------------+
2770 * V scn,tld|
2771 * +--------+ Close +---------+ RCA+
2772 * | |<----------------------------------| |------+
2773 * +--->| Closed | TO* | Opened | sca |
2774 * | | |-----+ +-------| |<-----+
2775 * | +--------+ irc | | +---------+
2776 * | ^ | | ^
2777 * | | | | |
2778 * | | | | |
2779 * | TO-| | | |
2780 * | |tld TO+ V | |
2781 * | | +------->+ | |
2782 * | | | | | |
2783 * | +--------+ V | |
2784 * | | |<----+<--------------------+ |
2785 * | | Req- | scr |
2786 * | | Sent | |
2787 * | | | |
2788 * | +--------+ |
2789 * | RCA- | | RCA+ |
2790 * +------+ +------------------------------------------+
2791 * scn,tld sca,irc,ict,tlu
2792 *
2793 *
2794 * with:
2795 *
2796 * Open: LCP reached authentication phase
2797 * Close: LCP reached terminate phase
2798 *
2799 * RCA+: received reply (pap-req, chap-response), acceptable
2800 * RCN: received reply (pap-req, chap-response), not acceptable
2801 * TO+: timeout with restart counter >= 0
2802 * TO-: timeout with restart counter < 0
2803 * TO*: reschedule timeout for CHAP
2804 *
2805 * scr: send request packet (none for PAP, chap-challenge)
2806 * sca: send ack packet (pap-ack, chap-success)
2807 * scn: send nak packet (pap-nak, chap-failure)
2808 * ict: initialize re-challenge timer (CHAP only)
2809 *
2810 * tlu: this-layer-up, LCP reaches network phase
2811 * tld: this-layer-down, LCP enters terminate phase
2812 *
2813 * Note that in CHAP mode, after sending a new challenge, while the state
2814 * automaton falls back into Req-Sent state, it doesn't signal a tld
2815 * event to LCP, so LCP remains in network phase. Only after not getting
2816 * any response (or after getting an unacceptable response), CHAP closes,
2817 * causing LCP to enter terminate phase.
2818 *
2819 * With PAP, there is no initial request that can be sent. The peer is
2820 * expected to send one based on the successful negotiation of PAP as
2821 * the authentication protocol during the LCP option negotiation.
2822 *
2823 * Incoming authentication protocol requests (remote requests
2824 * authentication, we are peer) don't employ a state machine at all,
2825 * they are simply answered. Some peers [Ascend P50 firmware rev
2826 * 4.50] react allergically when sending IPCP requests while they are
2827 * still in authentication phase (thereby violating the standard that
2828 * demands that these NCP packets are to be discarded), so we keep
2829 * track of the peer demanding us to authenticate, and only proceed to
2830 * phase network once we've seen a positive acknowledge for the
2831 * authentication.
2832 */
2833
2834/*
2835 * Handle incoming CHAP packets.
2836 */
2837void
2838sppp_chap_input(struct sppp *sp, struct mbuf *m)
2839{
2840 STDDCL;
2841 struct lcp_header *h;
2842 int len, x;
2843 u_char *value, *name, digest[AUTHKEYLEN], dsize;
2844 int value_len, name_len;
2845 MD5_CTX ctx;
2846
2847 len = m->m_pkthdr.len;
2848 if (len < 4) {
2849 if (debug)
2850 log(LOG_DEBUG,
2851 "%s%d: chap invalid packet length: %d bytes\n",
2852 ifp->if_name, ifp->if_unit, len);
2853 return;
2854 }
2855 h = mtod (m, struct lcp_header*);
2856 if (len > ntohs (h->len))
2857 len = ntohs (h->len);
2858
2859 switch (h->type) {
2860 /* challenge, failure and success are his authproto */
2861 case CHAP_CHALLENGE:
2862 value = 1 + (u_char*)(h+1);
2863 value_len = value[-1];
2864 name = value + value_len;
2865 name_len = len - value_len - 5;
2866 if (name_len < 0) {
2867 if (debug) {
2868 log(LOG_DEBUG,
2869 "%s%d: chap corrupted challenge "
2870 "<%s id=0x%x len=%d",
2871 ifp->if_name, ifp->if_unit,
2872 sppp_auth_type_name(PPP_CHAP, h->type),
2873 h->ident, ntohs(h->len));
2874 if (len > 4)
2875 sppp_print_bytes((u_char*) (h+1), len-4);
2876 addlog(">\n");
2877 }
2878 break;
2879 }
2880
2881 if (debug) {
2882 log(LOG_DEBUG,
2883 "%s%d: chap input <%s id=0x%x len=%d name=",
2884 ifp->if_name, ifp->if_unit,
2885 sppp_auth_type_name(PPP_CHAP, h->type), h->ident,
2886 ntohs(h->len));
2887 sppp_print_string((char*) name, name_len);
2888 addlog(" value-size=%d value=", value_len);
2889 sppp_print_bytes(value, value_len);
2890 addlog(">\n");
2891 }
2892
2893 /* Compute reply value. */
2894 MD5Init(&ctx);
2895 MD5Update(&ctx, &h->ident, 1);
2896 MD5Update(&ctx, sp->myauth.secret,
2897 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN));
2898 MD5Update(&ctx, value, value_len);
2899 MD5Final(digest, &ctx);
2900 dsize = sizeof digest;
2901
2902 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident,
2903 sizeof dsize, (const char *)&dsize,
2904 sizeof digest, digest,
2905 sppp_strnlen(sp->myauth.name, AUTHNAMELEN),
2906 sp->myauth.name,
2907 0);
2908 break;
2909
2910 case CHAP_SUCCESS:
2911 if (debug) {
2912 log(LOG_DEBUG, "%s%d: chap success",
2913 ifp->if_name, ifp->if_unit);
2914 if (len > 4) {
2915 addlog(": ");
2916 sppp_print_string((char*)(h + 1), len - 4);
2917 }
2918 addlog("\n");
2919 }
2920 x = splimp();
2921 sp->pp_flags &= ~PP_NEEDAUTH;
2922 if (sp->myauth.proto == PPP_CHAP &&
2923 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
2924 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) {
2925 /*
2926 * We are authenticator for CHAP but didn't
2927 * complete yet. Leave it to tlu to proceed
2928 * to network phase.
2929 */
2930 splx(x);
2931 break;
2932 }
2933 splx(x);
2934 sppp_phase_network(sp);
2935 break;
2936
2937 case CHAP_FAILURE:
2938 if (debug) {
2939 log(LOG_INFO, "%s%d: chap failure",
2940 ifp->if_name, ifp->if_unit);
2941 if (len > 4) {
2942 addlog(": ");
2943 sppp_print_string((char*)(h + 1), len - 4);
2944 }
2945 addlog("\n");
2946 } else
2947 log(LOG_INFO, "%s%d: chap failure\n",
2948 ifp->if_name, ifp->if_unit);
2949 /* await LCP shutdown by authenticator */
2950 break;
2951
2952 /* response is my authproto */
2953 case CHAP_RESPONSE:
2954 value = 1 + (u_char*)(h+1);
2955 value_len = value[-1];
2956 name = value + value_len;
2957 name_len = len - value_len - 5;
2958 if (name_len < 0) {
2959 if (debug) {
2960 log(LOG_DEBUG,
2961 "%s%d: chap corrupted response "
2962 "<%s id=0x%x len=%d",
2963 ifp->if_name, ifp->if_unit,
2964 sppp_auth_type_name(PPP_CHAP, h->type),
2965 h->ident, ntohs(h->len));
2966 if (len > 4)
2967 sppp_print_bytes((u_char*)(h+1), len-4);
2968 addlog(">\n");
2969 }
2970 break;
2971 }
2972 if (h->ident != sp->confid[IDX_CHAP]) {
2973 if (debug)
2974 log(LOG_DEBUG,
2975 "%s%d: chap dropping response for old ID "
2976 "(got %d, expected %d)\n",
2977 h->ident, sp->confid[IDX_CHAP]);
2978 break;
2979 }
2980 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)
2981 || bcmp(name, sp->hisauth.name, name_len) != 0) {
2982 log(LOG_INFO, "%s%d: chap response, his name ",
2983 ifp->if_name, ifp->if_unit);
2984 sppp_print_string(name, name_len);
2985 addlog(" != expected ");
2986 sppp_print_string(sp->hisauth.name,
2987 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN));
2988 addlog("\n");
2989 }
2990 if (debug) {
2991 log(LOG_DEBUG, "%s%d: chap input(%s) "
2992 "<%s id=0x%x len=%d name=",
2993 ifp->if_name, ifp->if_unit,
2994 sppp_state_name(sp->state[IDX_CHAP]),
2995 sppp_auth_type_name(PPP_CHAP, h->type),
2996 h->ident, ntohs (h->len));
2997 sppp_print_string((char*)name, name_len);
2998 addlog(" value-size=%d value=", value_len);
2999 sppp_print_bytes(value, value_len);
3000 addlog(">\n");
3001 }
3002 if (value_len != AUTHKEYLEN) {
3003 if (debug)
3004 log(LOG_DEBUG,
3005 "%s%d: chap bad hash value length: "
3006 "%d bytes, should be %d\n",
3007 ifp->if_name, ifp->if_unit, value_len,
3008 AUTHKEYLEN);
3009 break;
3010 }
3011
3012 MD5Init(&ctx);
3013 MD5Update(&ctx, &h->ident, 1);
3014 MD5Update(&ctx, sp->hisauth.secret,
3015 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN));
3016 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN);
3017 MD5Final(digest, &ctx);
3018
3019#define FAILMSG "Failed..."
3020#define SUCCMSG "Welcome!"
3021
3022 if (value_len != sizeof digest ||
3023 bcmp(digest, value, value_len) != 0) {
3024 /* action scn, tld */
3025 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident,
3026 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
3027 0);
3028 chap.tld(sp);
3029 break;
3030 }
3031 /* action sca, perhaps tlu */
3032 if (sp->state[IDX_CHAP] == STATE_REQ_SENT ||
3033 sp->state[IDX_CHAP] == STATE_OPENED)
3034 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident,
3035 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
3036 0);
3037 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) {
3038 sppp_cp_change_state(&chap, sp, STATE_OPENED);
3039 chap.tlu(sp);
3040 }
3041 break;
3042
3043 default:
3044 /* Unknown CHAP packet type -- ignore. */
3045 if (debug) {
3046 log(LOG_DEBUG, "%s%d: chap unknown input(%s) "
3047 "<0x%x id=0x%xh len=%d",
3048 ifp->if_name, ifp->if_unit,
3049 sppp_state_name(sp->state[IDX_CHAP]),
3050 h->type, h->ident, ntohs(h->len));
3051 if (len > 4)
3052 sppp_print_bytes((u_char*)(h+1), len-4);
3053 addlog(">\n");
3054 }
3055 break;
3056
3057 }
3058}
3059
3060static void
3061sppp_chap_init(struct sppp *sp)
3062{
3063 /* Chap doesn't have STATE_INITIAL at all. */
3064 sp->state[IDX_CHAP] = STATE_CLOSED;
3065 sp->fail_counter[IDX_CHAP] = 0;
3066 callout_handle_init(&sp->ch[IDX_CHAP]);
3067}
3068
3069static void
3070sppp_chap_open(struct sppp *sp)
3071{
3072 if (sp->myauth.proto == PPP_CHAP &&
3073 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
3074 /* we are authenticator for CHAP, start it */
3075 chap.scr(sp);
3076 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3077 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
3078 }
3079 /* nothing to be done if we are peer, await a challenge */
3080}
3081
3082static void
3083sppp_chap_close(struct sppp *sp)
3084{
3085 if (sp->state[IDX_CHAP] != STATE_CLOSED)
3086 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
3087}
3088
3089static void
3090sppp_chap_TO(void *cookie)
3091{
3092 struct sppp *sp = (struct sppp *)cookie;
3093 STDDCL;
3094 int s;
3095
3096 s = splimp();
3097 if (debug)
3098 log(LOG_DEBUG, "%s%d: chap TO(%s) rst_counter = %d\n",
3099 ifp->if_name, ifp->if_unit,
3100 sppp_state_name(sp->state[IDX_CHAP]),
3101 sp->rst_counter[IDX_CHAP]);
3102
3103 if (--sp->rst_counter[IDX_CHAP] < 0)
3104 /* TO- event */
3105 switch (sp->state[IDX_CHAP]) {
3106 case STATE_REQ_SENT:
3107 chap.tld(sp);
3108 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
3109 break;
3110 }
3111 else
3112 /* TO+ (or TO*) event */
3113 switch (sp->state[IDX_CHAP]) {
3114 case STATE_OPENED:
3115 /* TO* event */
3116 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3117 /* fall through */
3118 case STATE_REQ_SENT:
3119 chap.scr(sp);
3120 /* sppp_cp_change_state() will restart the timer */
3121 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
3122 break;
3123 }
3124
3125 splx(s);
3126}
3127
3128static void
3129sppp_chap_tlu(struct sppp *sp)
3130{
3131 STDDCL;
3132 int i, x;
3133
3134 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3135
3136 /*
3137 * Some broken CHAP implementations (Conware CoNet, firmware
3138 * 4.0.?) don't want to re-authenticate their CHAP once the
3139 * initial challenge-response exchange has taken place.
3140 * Provide for an option to avoid rechallenges.
3141 */
3142 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) {
3143 /*
3144 * Compute the re-challenge timeout. This will yield
3145 * a number between 300 and 810 seconds.
3146 */
3147 i = 300 + ((unsigned)(random() & 0xff00) >> 7);
3148
3149 sp->ch[IDX_CHAP] = timeout(chap.TO, (void *)sp, i * hz);
3150 }
3151
3152 if (debug) {
3153 log(LOG_DEBUG,
3154 "%s%d: chap %s, ",
3155 ifp->if_name, ifp->if_unit,
3156 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu");
3157 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0)
3158 addlog("next re-challenge in %d seconds\n", i);
3159 else
3160 addlog("re-challenging supressed\n");
3161 }
3162
3163 x = splimp();
3164 /* indicate to LCP that we need to be closed down */
3165 sp->lcp.protos |= (1 << IDX_CHAP);
3166
3167 if (sp->pp_flags & PP_NEEDAUTH) {
3168 /*
3169 * Remote is authenticator, but his auth proto didn't
3170 * complete yet. Defer the transition to network
3171 * phase.
3172 */
3173 splx(x);
3174 return;
3175 }
3176 splx(x);
3177
3178 /*
3179 * If we are already in phase network, we are done here. This
3180 * is the case if this is a dummy tlu event after a re-challenge.
3181 */
3182 if (sp->pp_phase != PHASE_NETWORK)
3183 sppp_phase_network(sp);
3184}
3185
3186static void
3187sppp_chap_tld(struct sppp *sp)
3188{
3189 STDDCL;
3190
3191 if (debug)
3192 log(LOG_DEBUG, "%s%d: chap tld\n", ifp->if_name, ifp->if_unit);
3193 untimeout(chap.TO, (void *)sp, sp->ch[IDX_CHAP]);
3194 sp->lcp.protos &= ~(1 << IDX_CHAP);
3195
3196 lcp.Close(sp);
3197}
3198
3199static void
3200sppp_chap_scr(struct sppp *sp)
3201{
3202 struct timeval tv;
3203 u_long *ch, seed;
3204 u_char clen;
3205
3206 /* Compute random challenge. */
3207 ch = (u_long *)sp->myauth.challenge;
3208 microtime(&tv);
3209 seed = tv.tv_sec ^ tv.tv_usec;
3210 ch[0] = seed ^ random();
3211 ch[1] = seed ^ random();
3212 ch[2] = seed ^ random();
3213 ch[3] = seed ^ random();
3214 clen = AUTHKEYLEN;
3215
3216 sp->confid[IDX_CHAP] = ++sp->pp_seq;
3217
3218 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP],
3219 sizeof clen, (const char *)&clen,
3220 AUTHKEYLEN, sp->myauth.challenge,
3221 sppp_strnlen(sp->myauth.name, AUTHNAMELEN),
3222 sp->myauth.name,
3223 0);
3224}
3225�/*
3226 *--------------------------------------------------------------------------*
3227 * *
3228 * The PAP implementation. *
3229 * *
3230 *--------------------------------------------------------------------------*
3231 */
3232/*
3233 * For PAP, we need to keep a little state also if we are the peer, not the
3234 * authenticator. This is since we don't get a request to authenticate, but
3235 * have to repeatedly authenticate ourself until we got a response (or the
3236 * retry counter is expired).
3237 */
3238
3239/*
3240 * Handle incoming PAP packets. */
3241static void
3242sppp_pap_input(struct sppp *sp, struct mbuf *m)
3243{
3244 STDDCL;
3245 struct lcp_header *h;
3246 int len, x;
3247 u_char *name, *passwd, mlen;
3248 int name_len, passwd_len;
3249
3250 len = m->m_pkthdr.len;
3251 if (len < 5) {
3252 if (debug)
3253 log(LOG_DEBUG,
3254 "%s%d: pap invalid packet length: %d bytes\n",
3255 ifp->if_name, ifp->if_unit, len);
3256 return;
3257 }
3258 h = mtod (m, struct lcp_header*);
3259 if (len > ntohs (h->len))
3260 len = ntohs (h->len);
3261 switch (h->type) {
3262 /* PAP request is my authproto */
3263 case PAP_REQ:
3264 name = 1 + (u_char*)(h+1);
3265 name_len = name[-1];
3266 passwd = name + name_len + 1;
3267 if (name_len > len - 6 ||
3268 (passwd_len = passwd[-1]) > len - 6 - name_len) {
3269 if (debug) {
3270 log(LOG_DEBUG, "%s%d: pap corrupted input "
3271 "<%s id=0x%x len=%d",
3272 ifp->if_name, ifp->if_unit,
3273 sppp_auth_type_name(PPP_PAP, h->type),
3274 h->ident, ntohs(h->len));
3275 if (len > 4)
3276 sppp_print_bytes((u_char*)(h+1), len-4);
3277 addlog(">\n");
3278 }
3279 break;
3280 }
3281 if (debug) {
3282 log(LOG_DEBUG, "%s%d: pap input(%s) "
3283 "<%s id=0x%x len=%d name=",
3284 ifp->if_name, ifp->if_unit,
3285 sppp_state_name(sp->state[IDX_PAP]),
3286 sppp_auth_type_name(PPP_PAP, h->type),
3287 h->ident, ntohs(h->len));
3288 sppp_print_string((char*)name, name_len);
3289 addlog(" passwd=");
3290 sppp_print_string((char*)passwd, passwd_len);
3291 addlog(">\n");
3292 }
3293 if (name_len > AUTHNAMELEN ||
3294 passwd_len > AUTHKEYLEN ||
3295 bcmp(name, sp->hisauth.name, name_len) != 0 ||
3296 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) {
3297 /* action scn, tld */
3298 mlen = sizeof(FAILMSG) - 1;
3299 sppp_auth_send(&pap, sp, PAP_NAK, h->ident,
3300 sizeof mlen, (const char *)&mlen,
3301 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
3302 0);
3303 pap.tld(sp);
3304 break;
3305 }
3306 /* action sca, perhaps tlu */
3307 if (sp->state[IDX_PAP] == STATE_REQ_SENT ||
3308 sp->state[IDX_PAP] == STATE_OPENED) {
3309 mlen = sizeof(SUCCMSG) - 1;
3310 sppp_auth_send(&pap, sp, PAP_ACK, h->ident,
3311 sizeof mlen, (const char *)&mlen,
3312 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
3313 0);
3314 }
3315 if (sp->state[IDX_PAP] == STATE_REQ_SENT) {
3316 sppp_cp_change_state(&pap, sp, STATE_OPENED);
3317 pap.tlu(sp);
3318 }
3319 break;
3320
3321 /* ack and nak are his authproto */
3322 case PAP_ACK:
3323 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
3324 if (debug) {
3325 log(LOG_DEBUG, "%s%d: pap success",
3326 ifp->if_name, ifp->if_unit);
3327 name_len = *((char *)h);
3328 if (len > 5 && name_len) {
3329 addlog(": ");
3330 sppp_print_string((char*)(h+1), name_len);
3331 }
3332 addlog("\n");
3333 }
3334 x = splimp();
3335 sp->pp_flags &= ~PP_NEEDAUTH;
3336 if (sp->myauth.proto == PPP_PAP &&
3337 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
3338 (sp->lcp.protos & (1 << IDX_PAP)) == 0) {
3339 /*
3340 * We are authenticator for PAP but didn't
3341 * complete yet. Leave it to tlu to proceed
3342 * to network phase.
3343 */
3344 splx(x);
3345 break;
3346 }
3347 splx(x);
3348 sppp_phase_network(sp);
3349 break;
3350
3351 case PAP_NAK:
3352 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
3353 if (debug) {
3354 log(LOG_INFO, "%s%d: pap failure",
3355 ifp->if_name, ifp->if_unit);
3356 name_len = *((char *)h);
3357 if (len > 5 && name_len) {
3358 addlog(": ");
3359 sppp_print_string((char*)(h+1), name_len);
3360 }
3361 addlog("\n");
3362 } else
3363 log(LOG_INFO, "%s%d: pap failure\n",
3364 ifp->if_name, ifp->if_unit);
3365 /* await LCP shutdown by authenticator */
3366 break;
3367
3368 default:
3369 /* Unknown PAP packet type -- ignore. */
3370 if (debug) {
3371 log(LOG_DEBUG, "%s%d: pap corrupted input "
3372 "<0x%x id=0x%x len=%d",
3373 ifp->if_name, ifp->if_unit,
3374 h->type, h->ident, ntohs(h->len));
3375 if (len > 4)
3376 sppp_print_bytes((u_char*)(h+1), len-4);
3377 addlog(">\n");
3378 }
3379 break;
3380
3381 }
3382}
3383
3384static void
3385sppp_pap_init(struct sppp *sp)
3386{
3387 /* PAP doesn't have STATE_INITIAL at all. */
3388 sp->state[IDX_PAP] = STATE_CLOSED;
3389 sp->fail_counter[IDX_PAP] = 0;
3390 callout_handle_init(&sp->ch[IDX_PAP]);
3391 callout_handle_init(&sp->pap_my_to_ch);
3392}
3393
3394static void
3395sppp_pap_open(struct sppp *sp)
3396{
3397 if (sp->hisauth.proto == PPP_PAP &&
3398 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
3399 /* we are authenticator for PAP, start our timer */
3400 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
3401 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
3402 }
3403 if (sp->myauth.proto == PPP_PAP) {
3404 /* we are peer, send a request, and start a timer */
3405 pap.scr(sp);
3406 sp->pap_my_to_ch = timeout(sppp_pap_my_TO, (void *)sp,
3407 sp->lcp.timeout);
3408 }
3409}
3410
3411static void
3412sppp_pap_close(struct sppp *sp)
3413{
3414 if (sp->state[IDX_PAP] != STATE_CLOSED)
3415 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
3416}
3417
3418/*
3419 * That's the timeout routine if we are authenticator. Since the
3420 * authenticator is basically passive in PAP, we can't do much here.
3421 */
3422static void
3423sppp_pap_TO(void *cookie)
3424{
3425 struct sppp *sp = (struct sppp *)cookie;
3426 STDDCL;
3427 int s;
3428
3429 s = splimp();
3430 if (debug)
3431 log(LOG_DEBUG, "%s%d: pap TO(%s) rst_counter = %d\n",
3432 ifp->if_name, ifp->if_unit,
3433 sppp_state_name(sp->state[IDX_PAP]),
3434 sp->rst_counter[IDX_PAP]);
3435
3436 if (--sp->rst_counter[IDX_PAP] < 0)
3437 /* TO- event */
3438 switch (sp->state[IDX_PAP]) {
3439 case STATE_REQ_SENT:
3440 pap.tld(sp);
3441 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
3442 break;
3443 }
3444 else
3445 /* TO+ event, not very much we could do */
3446 switch (sp->state[IDX_PAP]) {
3447 case STATE_REQ_SENT:
3448 /* sppp_cp_change_state() will restart the timer */
3449 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
3450 break;
3451 }
3452
3453 splx(s);
3454}
3455
3456/*
3457 * That's the timeout handler if we are peer. Since the peer is active,
3458 * we need to retransmit our PAP request since it is apparently lost.
3459 * XXX We should impose a max counter.
3460 */
3461static void
3462sppp_pap_my_TO(void *cookie)
3463{
3464 struct sppp *sp = (struct sppp *)cookie;
3465 STDDCL;
3466
3467 if (debug)
3468 log(LOG_DEBUG, "%s%d: pap peer TO\n",
3469 ifp->if_name, ifp->if_unit);
3470
3471 pap.scr(sp);
3472}
3473
3474static void
3475sppp_pap_tlu(struct sppp *sp)
3476{
3477 STDDCL;
3478 int x;
3479
3480 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
3481
3482 if (debug)
3483 log(LOG_DEBUG, "%s%d: %s tlu\n",
3484 ifp->if_name, ifp->if_unit, pap.name);
3485
3486 x = splimp();
3487 /* indicate to LCP that we need to be closed down */
3488 sp->lcp.protos |= (1 << IDX_PAP);
3489
3490 if (sp->pp_flags & PP_NEEDAUTH) {
3491 /*
3492 * Remote is authenticator, but his auth proto didn't
3493 * complete yet. Defer the transition to network
3494 * phase.
3495 */
3496 splx(x);
3497 return;
3498 }
3499 splx(x);
3500 sppp_phase_network(sp);
3501}
3502
3503static void
3504sppp_pap_tld(struct sppp *sp)
3505{
3506 STDDCL;
3507
3508 if (debug)
3509 log(LOG_DEBUG, "%s%d: pap tld\n", ifp->if_name, ifp->if_unit);
3510 untimeout(pap.TO, (void *)sp, sp->ch[IDX_PAP]);
3511 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
3512 sp->lcp.protos &= ~(1 << IDX_PAP);
3513
3514 lcp.Close(sp);
3515}
3516
3517static void
3518sppp_pap_scr(struct sppp *sp)
3519{
3520 STDDCL;
3521 u_char idlen, pwdlen;
3522
3523 sp->confid[IDX_PAP] = ++sp->pp_seq;
3524 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN);
3525 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN);
3526
3527 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP],
3528 sizeof idlen, (const char *)&idlen,
3529 (unsigned)idlen, sp->myauth.name,
3530 sizeof pwdlen, (const char *)&pwdlen,
3531 (unsigned)pwdlen, sp->myauth.secret,
3532 0);
3533}
3534�/*
3535 * Random miscellaneous functions.
3536 */
3537
3538/*
3539 * Send a PAP or CHAP proto packet.
3540 *
3541 * Varadic function, each of the elements for the ellipsis is of type
3542 * ``unsigned mlen, const u_char *msg''. Processing will stop iff
3543 * mlen == 0.
3544 */
3545
3546static void
3547sppp_auth_send(const struct cp *cp, struct sppp *sp, u_char type, u_char id,
3548 ...)
3549{
3550 STDDCL;
3551 struct ppp_header *h;
3552 struct lcp_header *lh;
3553 struct mbuf *m;
3554 u_char *p;
3555 int len;
3556 unsigned mlen;
3557 const char *msg;
3558 va_list ap;
3559
3560 MGETHDR (m, M_DONTWAIT, MT_DATA);
3561 if (! m)
3562 return;
3563 m->m_pkthdr.rcvif = 0;
3564
3565 h = mtod (m, struct ppp_header*);
3566 h->address = PPP_ALLSTATIONS; /* broadcast address */
3567 h->control = PPP_UI; /* Unnumbered Info */
3568 h->protocol = htons(cp->proto);
3569
3570 lh = (struct lcp_header*)(h + 1);
3571 lh->type = type;
3572 lh->ident = id;
3573 p = (u_char*) (lh+1);
3574
3575 va_start(ap, id);
3576 len = 0;
3577
3578 while ((mlen = va_arg(ap, unsigned)) != 0) {
3579 msg = va_arg(ap, const char *);
3580 len += mlen;
3581 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) {
3582 va_end(ap);
3583 m_freem(m);
3584 return;
3585 }
3586
3587 bcopy(msg, p, mlen);
3588 p += mlen;
3589 }
3590 va_end(ap);
3591
3592 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len;
3593 lh->len = htons (LCP_HEADER_LEN + len);
3594
3595 if (debug) {
3596 log(LOG_DEBUG, "%s%d: %s output <%s id=0x%x len=%d",
3597 ifp->if_name, ifp->if_unit, cp->name,
3598 sppp_auth_type_name(cp->proto, lh->type),
3599 lh->ident, ntohs(lh->len));
3600 if (len)
3601 sppp_print_bytes((u_char*) (lh+1), len);
3602 addlog(">\n");
3603 }
3604 if (IF_QFULL (&sp->pp_cpq)) {
3605 IF_DROP (&sp->pp_fastq);
3606 IF_DROP (&ifp->if_snd);
3607 m_freem (m);
3608 ++ifp->if_oerrors;
3609 } else
3610 IF_ENQUEUE (&sp->pp_cpq, m);
3611 if (! (ifp->if_flags & IFF_OACTIVE))
3612 (*ifp->if_start) (ifp);
3613 ifp->if_obytes += m->m_pkthdr.len + 3;
3614}
3615
3616/*
3617 * Flush interface queue.
3618 */
3619static void
3620sppp_qflush(struct ifqueue *ifq)
3621{
3622 struct mbuf *m, *n;
3623
3624 n = ifq->ifq_head;
3625 while ((m = n)) {
3626 n = m->m_act;
3627 m_freem (m);
3628 }
3629 ifq->ifq_head = 0;
3630 ifq->ifq_tail = 0;
3631 ifq->ifq_len = 0;
3632}
3633
3634/*
3635 * Send keepalive packets, every 10 seconds.
3636 */
3637static void
3638sppp_keepalive(void *dummy)
3639{
3640 struct sppp *sp;
3641 int s;
3642
3643 s = splimp();
3644 for (sp=spppq; sp; sp=sp->pp_next) {
3645 struct ifnet *ifp = &sp->pp_if;
3646
3647 /* Keepalive mode disabled or channel down? */
3648 if (! (sp->pp_flags & PP_KEEPALIVE) ||
3649 ! (ifp->if_flags & IFF_RUNNING))
3650 continue;
3651
3652 /* No keepalive in PPP mode if LCP not opened yet. */
3653 if (! (sp->pp_flags & PP_CISCO) &&
3654 sp->pp_phase < PHASE_AUTHENTICATE)
3655 continue;
3656
3657 if (sp->pp_alivecnt == MAXALIVECNT) {
3658 /* No keepalive packets got. Stop the interface. */
3659 printf ("%s%d: down\n", ifp->if_name, ifp->if_unit);
3660 if_down (ifp);
3661 sppp_qflush (&sp->pp_cpq);
3662 if (! (sp->pp_flags & PP_CISCO)) {
3663 /* XXX */
3664 /* Shut down the PPP link. */
3665 lcp.Down(sp);
3666 /* Initiate negotiation. XXX */
3667 lcp.Up(sp);
3668 }
3669 }
3670 if (sp->pp_alivecnt <= MAXALIVECNT)
3671 ++sp->pp_alivecnt;
3672 if (sp->pp_flags & PP_CISCO)
3673 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, ++sp->pp_seq,
3674 sp->pp_rseq);
3675 else if (sp->pp_phase >= PHASE_AUTHENTICATE) {
3676 long nmagic = htonl (sp->lcp.magic);
3677 sp->lcp.echoid = ++sp->pp_seq;
3678 sppp_cp_send (sp, PPP_LCP, ECHO_REQ,
3679 sp->lcp.echoid, 4, &nmagic);
3680 }
3681 }
3682 splx(s);
3683 keepalive_ch = timeout(sppp_keepalive, 0, hz * 10);
3684}
3685
3686/*
3687 * Get both IP addresses.
3688 */
3689static void
3690sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask)
3691{
3692 struct ifnet *ifp = &sp->pp_if;
3693 struct ifaddr *ifa;
3694 struct sockaddr_in *si, *sm;
3695 u_long ssrc, ddst;
3696
3697 ssrc = ddst = 0L;
3698 /*
3699 * Pick the first AF_INET address from the list,
3700 * aliases don't make any sense on a p2p link anyway.
3701 */
3702 for (ifa = ifp->if_addrhead.tqh_first, si = 0;
3703 ifa;
3704 ifa = ifa->ifa_link.tqe_next)
3705 if (ifa->ifa_addr->sa_family == AF_INET) {
3706 si = (struct sockaddr_in *)ifa->ifa_addr;
3707 sm = (struct sockaddr_in *)ifa->ifa_netmask;
3708 if (si)
3709 break;
3710 }
3711 if (ifa) {
3712 if (si && si->sin_addr.s_addr) {
3713 ssrc = si->sin_addr.s_addr;
3714 if (srcmask)
3715 *srcmask = ntohl(sm->sin_addr.s_addr);
3716 }
3717
3718 si = (struct sockaddr_in *)ifa->ifa_dstaddr;
3719 if (si && si->sin_addr.s_addr)
3720 ddst = si->sin_addr.s_addr;
3721 }
3722
3723 if (dst) *dst = ntohl(ddst);
3724 if (src) *src = ntohl(ssrc);
3725}
3726
3727/*
3728 * Set my IP address. Must be called at splimp.
3729 */
3730static void
3731sppp_set_ip_addr(struct sppp *sp, u_long src)
3732{
3733 struct ifnet *ifp = &sp->pp_if;
3734 struct ifaddr *ifa;
3735 struct sockaddr_in *si;
3736 u_long ssrc, ddst;
3737
3738 /*
3739 * Pick the first AF_INET address from the list,
3740 * aliases don't make any sense on a p2p link anyway.
3741 */
3742 for (ifa = ifp->if_addrhead.tqh_first, si = 0;
3743 ifa;
3744 ifa = ifa->ifa_link.tqe_next)
3745 if (ifa->ifa_addr->sa_family == AF_INET) {
3746 si = (struct sockaddr_in *)ifa->ifa_addr;
3747 if (si)
3748 break;
3749 }
3750 if (ifa && si)
3751 si->sin_addr.s_addr = htonl(src);
3752}
3753
3754static int
3755sppp_params(struct sppp *sp, int cmd, void *data)
3756{
3757 int subcmd;
3758 struct ifreq *ifr = (struct ifreq *)data;
3759 struct spppreq spr;
3760
3761 /*
3762 * ifr->ifr_data is supposed to point to a struct spppreq.
3763 * Check the cmd word first before attempting to fetch all the
3764 * data.
3765 */
3766 if ((subcmd = fuword(ifr->ifr_data)) == -1)
3767 return EFAULT;
3768
3769 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0)
3770 return EFAULT;
3771
3772 switch (subcmd) {
3773 case SPPPIOGDEFS:
3774 if (cmd != SIOCGIFGENERIC)
3775 return EINVAL;
3776 /*
3777 * We copy over the entire current state, but clean
3778 * out some of the stuff we don't wanna pass up.
3779 * Remember, SIOCGIFGENERIC is unprotected, and can be
3780 * called by any user. No need to ever get PAP or
3781 * CHAP secrets back to userland anyway.
3782 */
3783 bcopy(sp, &spr.defs, sizeof(struct sppp));
3784 bzero(spr.defs.myauth.secret, AUTHKEYLEN);
3785 bzero(spr.defs.myauth.challenge, AUTHKEYLEN);
3786 bzero(spr.defs.hisauth.secret, AUTHKEYLEN);
3787 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN);
3788 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr);
3789
3790 case SPPPIOSDEFS:
3791 if (cmd != SIOCSIFGENERIC)
3792 return EINVAL;
3793 /*
3794 * We have a very specific idea of which fields we allow
3795 * being passed back from userland, so to not clobber our
3796 * current state. For one, we only allow setting
3797 * anything if LCP is in dead phase. Once the LCP
3798 * negotiations started, the authentication settings must
3799 * not be changed again. (The administrator can force an
3800 * ifconfig down in order to get LCP back into dead
3801 * phase.)
3802 *
3803 * Also, we only allow for authentication parameters to be
3804 * specified.
3805 *
3806 * XXX Should allow to set or clear pp_flags.
3807 *
3808 * Finally, if the respective authentication protocol to
3809 * be used is set differently than 0, but the secret is
3810 * passed as all zeros, we don't trash the existing secret.
3811 * This allows an administrator to change the system name
3812 * only without clobbering the secret (which he didn't get
3813 * back in a previous SPPPIOGDEFS call). However, the
3814 * secrets are cleared if the authentication protocol is
3815 * reset to 0.
3816 */
3817 if (sp->pp_phase != PHASE_DEAD)
3818 return EBUSY;
3819
3820 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP &&
3821 spr.defs.myauth.proto != PPP_CHAP) ||
3822 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP &&
3823 spr.defs.hisauth.proto != PPP_CHAP))
3824 return EINVAL;
3825
3826 if (spr.defs.myauth.proto == 0)
3827 /* resetting myauth */
3828 bzero(&sp->myauth, sizeof sp->myauth);
3829 else {
3830 /* setting/changing myauth */
3831 sp->myauth.proto = spr.defs.myauth.proto;
3832 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN);
3833 if (spr.defs.myauth.secret[0] != '\0')
3834 bcopy(spr.defs.myauth.secret, sp->myauth.secret,
3835 AUTHKEYLEN);
3836 }
3837 if (spr.defs.hisauth.proto == 0)
3838 /* resetting hisauth */
3839 bzero(&sp->hisauth, sizeof sp->hisauth);
3840 else {
3841 /* setting/changing hisauth */
3842 sp->hisauth.proto = spr.defs.hisauth.proto;
3843 sp->hisauth.flags = spr.defs.hisauth.flags;
3844 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN);
3845 if (spr.defs.hisauth.secret[0] != '\0')
3846 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret,
3847 AUTHKEYLEN);
3848 }
3849 break;
3850
3851 default:
3852 return EINVAL;
3853 }
3854
3855 return 0;
3856}
3857
3858static void
3859sppp_phase_network(struct sppp *sp)
3860{
3861 struct ifnet *ifp = &sp->pp_if;
3862 int i;
3863 u_long mask;
3864
3865 sp->pp_phase = PHASE_NETWORK;
3866
3867 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit,
3868 sppp_phase_name(sp->pp_phase));
3869
3870 /* Notify NCPs now. */
3871 for (i = 0; i < IDX_COUNT; i++)
3872 if ((cps[i])->flags & CP_NCP)
3873 (cps[i])->Open(sp);
3874
3875 /* Send Up events to all NCPs. */
3876 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
3877 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP))
3878 (cps[i])->Up(sp);
3879
3880 /* if no NCP is starting, all this was in vain, close down */
3881 sppp_lcp_check_and_close(sp);
3882}
3883
3884
3885static const char *
3886sppp_cp_type_name(u_char type)
3887{
3888 static char buf[12];
3889 switch (type) {
3890 case CONF_REQ: return "conf-req";
3891 case CONF_ACK: return "conf-ack";
3892 case CONF_NAK: return "conf-nak";
3893 case CONF_REJ: return "conf-rej";
3894 case TERM_REQ: return "term-req";
3895 case TERM_ACK: return "term-ack";
3896 case CODE_REJ: return "code-rej";
3897 case PROTO_REJ: return "proto-rej";
3898 case ECHO_REQ: return "echo-req";
3899 case ECHO_REPLY: return "echo-reply";
3900 case DISC_REQ: return "discard-req";
3901 }
3902 sprintf (buf, "0x%x", type);
3903 return buf;
3904}
3905
3906static const char *
3907sppp_auth_type_name(u_short proto, u_char type)
3908{
3909 static char buf[12];
3910 switch (proto) {
3911 case PPP_CHAP:
3912 switch (type) {
3913 case CHAP_CHALLENGE: return "challenge";
3914 case CHAP_RESPONSE: return "response";
3915 case CHAP_SUCCESS: return "success";
3916 case CHAP_FAILURE: return "failure";
3917 }
3918 case PPP_PAP:
3919 switch (type) {
3920 case PAP_REQ: return "req";
3921 case PAP_ACK: return "ack";
3922 case PAP_NAK: return "nak";
3923 }
3924 }
3925 sprintf (buf, "0x%x", type);
3926 return buf;
3927}
3928
3929static const char *
3930sppp_lcp_opt_name(u_char opt)
3931{
3932 static char buf[12];
3933 switch (opt) {
3934 case LCP_OPT_MRU: return "mru";
3935 case LCP_OPT_ASYNC_MAP: return "async-map";
3936 case LCP_OPT_AUTH_PROTO: return "auth-proto";
3937 case LCP_OPT_QUAL_PROTO: return "qual-proto";
3938 case LCP_OPT_MAGIC: return "magic";
3939 case LCP_OPT_PROTO_COMP: return "proto-comp";
3940 case LCP_OPT_ADDR_COMP: return "addr-comp";
3941 }
3942 sprintf (buf, "0x%x", opt);
3943 return buf;
3944}
3945
3946static const char *
3947sppp_ipcp_opt_name(u_char opt)
3948{
3949 static char buf[12];
3950 switch (opt) {
3951 case IPCP_OPT_ADDRESSES: return "addresses";
3952 case IPCP_OPT_COMPRESSION: return "compression";
3953 case IPCP_OPT_ADDRESS: return "address";
3954 }
3955 sprintf (buf, "0x%x", opt);
3956 return buf;
3957}
3958
3959static const char *
3960sppp_state_name(int state)
3961{
3962 switch (state) {
3963 case STATE_INITIAL: return "initial";
3964 case STATE_STARTING: return "starting";
3965 case STATE_CLOSED: return "closed";
3966 case STATE_STOPPED: return "stopped";
3967 case STATE_CLOSING: return "closing";
3968 case STATE_STOPPING: return "stopping";
3969 case STATE_REQ_SENT: return "req-sent";
3970 case STATE_ACK_RCVD: return "ack-rcvd";
3971 case STATE_ACK_SENT: return "ack-sent";
3972 case STATE_OPENED: return "opened";
3973 }
3974 return "illegal";
3975}
3976
3977static const char *
3978sppp_phase_name(enum ppp_phase phase)
3979{
3980 switch (phase) {
3981 case PHASE_DEAD: return "dead";
3982 case PHASE_ESTABLISH: return "establish";
3983 case PHASE_TERMINATE: return "terminate";
3984 case PHASE_AUTHENTICATE: return "authenticate";
3985 case PHASE_NETWORK: return "network";
3986 }
3987 return "illegal";
3988}
3989
3990static const char *
3991sppp_proto_name(u_short proto)
3992{
3993 static char buf[12];
3994 switch (proto) {
3995 case PPP_LCP: return "lcp";
3996 case PPP_IPCP: return "ipcp";
3997 case PPP_PAP: return "pap";
3998 case PPP_CHAP: return "chap";
3999 }
4000 sprintf(buf, "0x%x", (unsigned)proto);
4001 return buf;
4002}
4003
4004static void
4005sppp_print_bytes(const u_char *p, u_short len)
4006{
4007 addlog(" %x", *p++);
4008 while (--len > 0)
4009 addlog("-%x", *p++);
4010}
4011
4012static void
4013sppp_print_string(const char *p, u_short len)
4014{
4015 u_char c;
4016
4017 while (len-- > 0) {
4018 c = *p++;
4019 /*
4020 * Print only ASCII chars directly. RFC 1994 recommends
4021 * using only them, but we don't rely on it. */
4022 if (c < ' ' || c > '~')
4023 addlog("\\x%x", c);
4024 else
4025 addlog("%c", c);
4026 }
4027}
4028
4029static const char *
4030sppp_dotted_quad(u_long addr)
4031{
4032 static char s[16];
4033 sprintf(s, "%d.%d.%d.%d",
4034 (addr >> 24) & 0xff,
4035 (addr >> 16) & 0xff,
4036 (addr >> 8) & 0xff,
4037 addr & 0xff);
4038 return s;
4039}
4040
4041static int
4042sppp_strnlen(u_char *p, int max)
4043{
4044 int len;
4045
4046 for (len = 0; len < max && *p; ++p)
4047 ++len;
4048 return len;
4049}
4050
4051/* a dummy, used to drop uninteresting events */
4052static void
4053sppp_null(struct sppp *unused)
4054{
4055 /* do just nothing */
4056}
4057/*
4058 * This file is large. Tell emacs to highlight it nevertheless.
4059 *
4060 * Local Variables:
4061 * hilit-auto-highlight-maxout: 120000
4062 * End:
4063 */
| 51#endif
52
53#ifdef IPX
54#include <netipx/ipx.h>
55#include <netipx/ipx_if.h>
56#endif
57
58#ifdef NS
59#include <netns/ns.h>
60#include <netns/ns_if.h>
61#endif
62
63#ifdef ISO
64#include <netiso/argo_debug.h>
65#include <netiso/iso.h>
66#include <netiso/iso_var.h>
67#include <netiso/iso_snpac.h>
68#endif
69
70#include <net/if_sppp.h>
71
72#define MAXALIVECNT 3 /* max. alive packets */
73
74/*
75 * Interface flags that can be set in an ifconfig command.
76 *
77 * Setting link0 will make the link passive, i.e. it will be marked
78 * as being administrative openable, but won't be opened to begin
79 * with. Incoming calls will be answered, or subsequent calls with
80 * -link1 will cause the administrative open of the LCP layer.
81 *
82 * Setting link1 will cause the link to auto-dial only as packets
83 * arrive to be sent.
84 *
85 * Setting IFF_DEBUG will syslog the option negotiation and state
86 * transitions at level kern.debug. Note: all logs consistently look
87 * like
88 *
89 * <if-name><unit>: <proto-name> <additional info...>
90 *
91 * with <if-name><unit> being something like "bppp0", and <proto-name>
92 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc.
93 */
94
95#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */
96#define IFF_AUTO IFF_LINK1 /* auto-dial on output */
97
98#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */
99#define PPP_UI 0x03 /* Unnumbered Information */
100#define PPP_IP 0x0021 /* Internet Protocol */
101#define PPP_ISO 0x0023 /* ISO OSI Protocol */
102#define PPP_XNS 0x0025 /* Xerox NS Protocol */
103#define PPP_IPX 0x002b /* Novell IPX Protocol */
104#define PPP_LCP 0xc021 /* Link Control Protocol */
105#define PPP_PAP 0xc023 /* Password Authentication Protocol */
106#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */
107#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */
108
109#define CONF_REQ 1 /* PPP configure request */
110#define CONF_ACK 2 /* PPP configure acknowledge */
111#define CONF_NAK 3 /* PPP configure negative ack */
112#define CONF_REJ 4 /* PPP configure reject */
113#define TERM_REQ 5 /* PPP terminate request */
114#define TERM_ACK 6 /* PPP terminate acknowledge */
115#define CODE_REJ 7 /* PPP code reject */
116#define PROTO_REJ 8 /* PPP protocol reject */
117#define ECHO_REQ 9 /* PPP echo request */
118#define ECHO_REPLY 10 /* PPP echo reply */
119#define DISC_REQ 11 /* PPP discard request */
120
121#define LCP_OPT_MRU 1 /* maximum receive unit */
122#define LCP_OPT_ASYNC_MAP 2 /* async control character map */
123#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */
124#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */
125#define LCP_OPT_MAGIC 5 /* magic number */
126#define LCP_OPT_RESERVED 6 /* reserved */
127#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */
128#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */
129
130#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */
131#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */
132#define IPCP_OPT_ADDRESS 3 /* local IP address */
133
134#define PAP_REQ 1 /* PAP name/password request */
135#define PAP_ACK 2 /* PAP acknowledge */
136#define PAP_NAK 3 /* PAP fail */
137
138#define CHAP_CHALLENGE 1 /* CHAP challenge request */
139#define CHAP_RESPONSE 2 /* CHAP challenge response */
140#define CHAP_SUCCESS 3 /* CHAP response ok */
141#define CHAP_FAILURE 4 /* CHAP response failed */
142
143#define CHAP_MD5 5 /* hash algorithm - MD5 */
144
145#define CISCO_MULTICAST 0x8f /* Cisco multicast address */
146#define CISCO_UNICAST 0x0f /* Cisco unicast address */
147#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */
148#define CISCO_ADDR_REQ 0 /* Cisco address request */
149#define CISCO_ADDR_REPLY 1 /* Cisco address reply */
150#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */
151
152/* states are named and numbered according to RFC 1661 */
153#define STATE_INITIAL 0
154#define STATE_STARTING 1
155#define STATE_CLOSED 2
156#define STATE_STOPPED 3
157#define STATE_CLOSING 4
158#define STATE_STOPPING 5
159#define STATE_REQ_SENT 6
160#define STATE_ACK_RCVD 7
161#define STATE_ACK_SENT 8
162#define STATE_OPENED 9
163
164struct ppp_header {
165 u_char address;
166 u_char control;
167 u_short protocol;
168};
169#define PPP_HEADER_LEN sizeof (struct ppp_header)
170
171struct lcp_header {
172 u_char type;
173 u_char ident;
174 u_short len;
175};
176#define LCP_HEADER_LEN sizeof (struct lcp_header)
177
178struct cisco_packet {
179 u_long type;
180 u_long par1;
181 u_long par2;
182 u_short rel;
183 u_short time0;
184 u_short time1;
185};
186#define CISCO_PACKET_LEN 18
187
188/*
189 * We follow the spelling and capitalization of RFC 1661 here, to make
190 * it easier comparing with the standard. Please refer to this RFC in
191 * case you can't make sense out of these abbreviation; it will also
192 * explain the semantics related to the various events and actions.
193 */
194struct cp {
195 u_short proto; /* PPP control protocol number */
196 u_char protoidx; /* index into state table in struct sppp */
197 u_char flags;
198#define CP_LCP 0x01 /* this is the LCP */
199#define CP_AUTH 0x02 /* this is an authentication protocol */
200#define CP_NCP 0x04 /* this is a NCP */
201#define CP_QUAL 0x08 /* this is a quality reporting protocol */
202 const char *name; /* name of this control protocol */
203 /* event handlers */
204 void (*Up)(struct sppp *sp);
205 void (*Down)(struct sppp *sp);
206 void (*Open)(struct sppp *sp);
207 void (*Close)(struct sppp *sp);
208 void (*TO)(void *sp);
209 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len);
210 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len);
211 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len);
212 /* actions */
213 void (*tlu)(struct sppp *sp);
214 void (*tld)(struct sppp *sp);
215 void (*tls)(struct sppp *sp);
216 void (*tlf)(struct sppp *sp);
217 void (*scr)(struct sppp *sp);
218};
219
220static struct sppp *spppq;
221static struct callout_handle keepalive_ch;
222
223/*
224 * The following disgusting hack gets around the problem that IP TOS
225 * can't be set yet. We want to put "interactive" traffic on a high
226 * priority queue. To decide if traffic is interactive, we check that
227 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control.
228 *
229 * XXX is this really still necessary? - joerg -
230 */
231static u_short interactive_ports[8] = {
232 0, 513, 0, 0,
233 0, 21, 0, 23,
234};
235#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p))
236
237/* almost every function needs these */
238#define STDDCL \
239 struct ifnet *ifp = &sp->pp_if; \
240 int debug = ifp->if_flags & IFF_DEBUG
241
242static int sppp_output(struct ifnet *ifp, struct mbuf *m,
243 struct sockaddr *dst, struct rtentry *rt);
244
245static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2);
246static void sppp_cisco_input(struct sppp *sp, struct mbuf *m);
247
248static void sppp_cp_input(const struct cp *cp, struct sppp *sp,
249 struct mbuf *m);
250static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
251 u_char ident, u_short len, void *data);
252static void sppp_cp_timeout(void *arg);
253static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp,
254 int newstate);
255static void sppp_auth_send(const struct cp *cp,
256 struct sppp *sp, u_char type, u_char id,
257 ...);
258
259static void sppp_up_event(const struct cp *cp, struct sppp *sp);
260static void sppp_down_event(const struct cp *cp, struct sppp *sp);
261static void sppp_open_event(const struct cp *cp, struct sppp *sp);
262static void sppp_close_event(const struct cp *cp, struct sppp *sp);
263static void sppp_to_event(const struct cp *cp, struct sppp *sp);
264
265static void sppp_null(struct sppp *sp);
266
267static void sppp_lcp_init(struct sppp *sp);
268static void sppp_lcp_up(struct sppp *sp);
269static void sppp_lcp_down(struct sppp *sp);
270static void sppp_lcp_open(struct sppp *sp);
271static void sppp_lcp_close(struct sppp *sp);
272static void sppp_lcp_TO(void *sp);
273static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
274static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
275static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
276static void sppp_lcp_tlu(struct sppp *sp);
277static void sppp_lcp_tld(struct sppp *sp);
278static void sppp_lcp_tls(struct sppp *sp);
279static void sppp_lcp_tlf(struct sppp *sp);
280static void sppp_lcp_scr(struct sppp *sp);
281static void sppp_lcp_check_and_close(struct sppp *sp);
282static int sppp_ncp_check(struct sppp *sp);
283
284static void sppp_ipcp_init(struct sppp *sp);
285static void sppp_ipcp_up(struct sppp *sp);
286static void sppp_ipcp_down(struct sppp *sp);
287static void sppp_ipcp_open(struct sppp *sp);
288static void sppp_ipcp_close(struct sppp *sp);
289static void sppp_ipcp_TO(void *sp);
290static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
291static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
292static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
293static void sppp_ipcp_tlu(struct sppp *sp);
294static void sppp_ipcp_tld(struct sppp *sp);
295static void sppp_ipcp_tls(struct sppp *sp);
296static void sppp_ipcp_tlf(struct sppp *sp);
297static void sppp_ipcp_scr(struct sppp *sp);
298
299static void sppp_pap_input(struct sppp *sp, struct mbuf *m);
300static void sppp_pap_init(struct sppp *sp);
301static void sppp_pap_open(struct sppp *sp);
302static void sppp_pap_close(struct sppp *sp);
303static void sppp_pap_TO(void *sp);
304static void sppp_pap_my_TO(void *sp);
305static void sppp_pap_tlu(struct sppp *sp);
306static void sppp_pap_tld(struct sppp *sp);
307static void sppp_pap_scr(struct sppp *sp);
308
309static void sppp_chap_input(struct sppp *sp, struct mbuf *m);
310static void sppp_chap_init(struct sppp *sp);
311static void sppp_chap_open(struct sppp *sp);
312static void sppp_chap_close(struct sppp *sp);
313static void sppp_chap_TO(void *sp);
314static void sppp_chap_tlu(struct sppp *sp);
315static void sppp_chap_tld(struct sppp *sp);
316static void sppp_chap_scr(struct sppp *sp);
317
318static const char *sppp_auth_type_name(u_short proto, u_char type);
319static const char *sppp_cp_type_name(u_char type);
320static const char *sppp_dotted_quad(u_long addr);
321static const char *sppp_ipcp_opt_name(u_char opt);
322static const char *sppp_lcp_opt_name(u_char opt);
323static const char *sppp_phase_name(enum ppp_phase phase);
324static const char *sppp_proto_name(u_short proto);
325static const char *sppp_state_name(int state);
326static int sppp_params(struct sppp *sp, int cmd, void *data);
327static int sppp_strnlen(u_char *p, int max);
328static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst,
329 u_long *srcmask);
330static void sppp_keepalive(void *dummy);
331static void sppp_phase_network(struct sppp *sp);
332static void sppp_print_bytes(const u_char *p, u_short len);
333static void sppp_print_string(const char *p, u_short len);
334static void sppp_qflush(struct ifqueue *ifq);
335static void sppp_set_ip_addr(struct sppp *sp, u_long src);
336
337/* our control protocol descriptors */
338const struct cp lcp = {
339 PPP_LCP, IDX_LCP, CP_LCP, "lcp",
340 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close,
341 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak,
342 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf,
343 sppp_lcp_scr
344};
345
346const struct cp ipcp = {
347 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp",
348 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close,
349 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak,
350 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf,
351 sppp_ipcp_scr
352};
353
354const struct cp pap = {
355 PPP_PAP, IDX_PAP, CP_AUTH, "pap",
356 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close,
357 sppp_pap_TO, 0, 0, 0,
358 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null,
359 sppp_pap_scr
360};
361
362const struct cp chap = {
363 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap",
364 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close,
365 sppp_chap_TO, 0, 0, 0,
366 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null,
367 sppp_chap_scr
368};
369
370const struct cp *cps[IDX_COUNT] = {
371 &lcp, /* IDX_LCP */
372 &ipcp, /* IDX_IPCP */
373 &pap, /* IDX_PAP */
374 &chap, /* IDX_CHAP */
375};
376
377
378�/*
379 * Exported functions, comprising our interface to the lower layer.
380 */
381
382/*
383 * Process the received packet.
384 */
385void
386sppp_input(struct ifnet *ifp, struct mbuf *m)
387{
388 struct ppp_header *h;
389 struct ifqueue *inq = 0;
390 int s;
391 struct sppp *sp = (struct sppp *)ifp;
392 int debug = ifp->if_flags & IFF_DEBUG;
393
394 if (ifp->if_flags & IFF_UP)
395 /* Count received bytes, add FCS and one flag */
396 ifp->if_ibytes += m->m_pkthdr.len + 3;
397
398 if (m->m_pkthdr.len <= PPP_HEADER_LEN) {
399 /* Too small packet, drop it. */
400 if (debug)
401 log(LOG_DEBUG,
402 "%s%d: input packet is too small, %d bytes\n",
403 ifp->if_name, ifp->if_unit, m->m_pkthdr.len);
404 drop:
405 ++ifp->if_ierrors;
406 ++ifp->if_iqdrops;
407 m_freem (m);
408 return;
409 }
410
411 /* Get PPP header. */
412 h = mtod (m, struct ppp_header*);
413 m_adj (m, PPP_HEADER_LEN);
414
415 switch (h->address) {
416 case PPP_ALLSTATIONS:
417 if (h->control != PPP_UI)
418 goto invalid;
419 if (sp->pp_flags & PP_CISCO) {
420 if (debug)
421 log(LOG_DEBUG,
422 "%s%d: PPP packet in Cisco mode "
423 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
424 ifp->if_name, ifp->if_unit,
425 h->address, h->control, ntohs(h->protocol));
426 goto drop;
427 }
428 switch (ntohs (h->protocol)) {
429 default:
430 if (sp->state[IDX_LCP] == STATE_OPENED)
431 sppp_cp_send (sp, PPP_LCP, PROTO_REJ,
432 ++sp->pp_seq, m->m_pkthdr.len + 2,
433 &h->protocol);
434 if (debug)
435 log(LOG_DEBUG,
436 "%s%d: invalid input protocol "
437 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
438 ifp->if_name, ifp->if_unit,
439 h->address, h->control, ntohs(h->protocol));
440 ++ifp->if_noproto;
441 goto drop;
442 case PPP_LCP:
443 sppp_cp_input(&lcp, sp, m);
444 m_freem (m);
445 return;
446 case PPP_PAP:
447 if (sp->pp_phase >= PHASE_AUTHENTICATE)
448 sppp_pap_input(sp, m);
449 m_freem (m);
450 return;
451 case PPP_CHAP:
452 if (sp->pp_phase >= PHASE_AUTHENTICATE)
453 sppp_chap_input(sp, m);
454 m_freem (m);
455 return;
456#ifdef INET
457 case PPP_IPCP:
458 if (sp->pp_phase == PHASE_NETWORK)
459 sppp_cp_input(&ipcp, sp, m);
460 m_freem (m);
461 return;
462 case PPP_IP:
463 if (sp->state[IDX_IPCP] == STATE_OPENED) {
464 schednetisr (NETISR_IP);
465 inq = &ipintrq;
466 }
467 break;
468#endif
469#ifdef IPX
470 case PPP_IPX:
471 /* IPX IPXCP not implemented yet */
472 if (sp->pp_phase == PHASE_NETWORK) {
473 schednetisr (NETISR_IPX);
474 inq = &ipxintrq;
475 }
476 break;
477#endif
478#ifdef NS
479 case PPP_XNS:
480 /* XNS IDPCP not implemented yet */
481 if (sp->pp_phase == PHASE_NETWORK) {
482 schednetisr (NETISR_NS);
483 inq = &nsintrq;
484 }
485 break;
486#endif
487#ifdef ISO
488 case PPP_ISO:
489 /* OSI NLCP not implemented yet */
490 if (sp->pp_phase == PHASE_NETWORK) {
491 schednetisr (NETISR_ISO);
492 inq = &clnlintrq;
493 }
494 break;
495#endif
496 }
497 break;
498 case CISCO_MULTICAST:
499 case CISCO_UNICAST:
500 /* Don't check the control field here (RFC 1547). */
501 if (! (sp->pp_flags & PP_CISCO)) {
502 if (debug)
503 log(LOG_DEBUG,
504 "%s%d: Cisco packet in PPP mode "
505 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
506 ifp->if_name, ifp->if_unit,
507 h->address, h->control, ntohs(h->protocol));
508 goto drop;
509 }
510 switch (ntohs (h->protocol)) {
511 default:
512 ++ifp->if_noproto;
513 goto invalid;
514 case CISCO_KEEPALIVE:
515 sppp_cisco_input ((struct sppp*) ifp, m);
516 m_freem (m);
517 return;
518#ifdef INET
519 case ETHERTYPE_IP:
520 schednetisr (NETISR_IP);
521 inq = &ipintrq;
522 break;
523#endif
524#ifdef IPX
525 case ETHERTYPE_IPX:
526 schednetisr (NETISR_IPX);
527 inq = &ipxintrq;
528 break;
529#endif
530#ifdef NS
531 case ETHERTYPE_NS:
532 schednetisr (NETISR_NS);
533 inq = &nsintrq;
534 break;
535#endif
536 }
537 break;
538 default: /* Invalid PPP packet. */
539 invalid:
540 if (debug)
541 log(LOG_DEBUG,
542 "%s%d: invalid input packet "
543 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
544 ifp->if_name, ifp->if_unit,
545 h->address, h->control, ntohs(h->protocol));
546 goto drop;
547 }
548
549 if (! (ifp->if_flags & IFF_UP) || ! inq)
550 goto drop;
551
552 /* Check queue. */
553 s = splimp();
554 if (IF_QFULL (inq)) {
555 /* Queue overflow. */
556 IF_DROP(inq);
557 splx(s);
558 if (debug)
559 log(LOG_DEBUG, "%s%d: protocol queue overflow\n",
560 ifp->if_name, ifp->if_unit);
561 goto drop;
562 }
563 IF_ENQUEUE(inq, m);
564 splx(s);
565}
566
567/*
568 * Enqueue transmit packet.
569 */
570static int
571sppp_output(struct ifnet *ifp, struct mbuf *m,
572 struct sockaddr *dst, struct rtentry *rt)
573{
574 struct sppp *sp = (struct sppp*) ifp;
575 struct ppp_header *h;
576 struct ifqueue *ifq;
577 int s, rv = 0;
578
579 s = splimp();
580
581 if ((ifp->if_flags & IFF_UP) == 0 ||
582 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) {
583 m_freem (m);
584 splx (s);
585 return (ENETDOWN);
586 }
587
588 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) {
589 /*
590 * Interface is not yet running, but auto-dial. Need
591 * to start LCP for it.
592 */
593 ifp->if_flags |= IFF_RUNNING;
594 splx(s);
595 lcp.Open(sp);
596 s = splimp();
597 }
598
599 ifq = &ifp->if_snd;
600#ifdef INET
601 /*
602 * Put low delay, telnet, rlogin and ftp control packets
603 * in front of the queue.
604 */
605 if (dst->sa_family == AF_INET) {
606 struct ip *ip = mtod (m, struct ip*);
607 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl);
608
609 if (! IF_QFULL (&sp->pp_fastq) &&
610 ((ip->ip_tos & IPTOS_LOWDELAY) ||
611 ip->ip_p == IPPROTO_TCP &&
612 m->m_len >= sizeof (struct ip) + sizeof (struct tcphdr) &&
613 (INTERACTIVE (ntohs (tcp->th_sport)) ||
614 INTERACTIVE (ntohs (tcp->th_dport)))))
615 ifq = &sp->pp_fastq;
616 }
617#endif
618
619 /*
620 * Prepend general data packet PPP header. For now, IP only.
621 */
622 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT);
623 if (! m) {
624 if (ifp->if_flags & IFF_DEBUG)
625 log(LOG_DEBUG, "%s%d: no memory for transmit header\n",
626 ifp->if_name, ifp->if_unit);
627 ++ifp->if_oerrors;
628 splx (s);
629 return (ENOBUFS);
630 }
631 h = mtod (m, struct ppp_header*);
632 if (sp->pp_flags & PP_CISCO) {
633 h->address = CISCO_UNICAST; /* unicast address */
634 h->control = 0;
635 } else {
636 h->address = PPP_ALLSTATIONS; /* broadcast address */
637 h->control = PPP_UI; /* Unnumbered Info */
638 }
639
640 switch (dst->sa_family) {
641#ifdef INET
642 case AF_INET: /* Internet Protocol */
643 if (sp->pp_flags & PP_CISCO)
644 h->protocol = htons (ETHERTYPE_IP);
645 else {
646 /*
647 * Don't choke with an ENETDOWN early. It's
648 * possible that we just started dialing out,
649 * so don't drop the packet immediately. If
650 * we notice that we run out of buffer space
651 * below, we will however remember that we are
652 * not ready to carry IP packets, and return
653 * ENETDOWN, as opposed to ENOBUFS.
654 */
655 h->protocol = htons(PPP_IP);
656 if (sp->state[IDX_IPCP] != STATE_OPENED)
657 rv = ENETDOWN;
658 }
659 break;
660#endif
661#ifdef NS
662 case AF_NS: /* Xerox NS Protocol */
663 h->protocol = htons ((sp->pp_flags & PP_CISCO) ?
664 ETHERTYPE_NS : PPP_XNS);
665 break;
666#endif
667#ifdef IPX
668 case AF_IPX: /* Novell IPX Protocol */
669 h->protocol = htons ((sp->pp_flags & PP_CISCO) ?
670 ETHERTYPE_IPX : PPP_IPX);
671 break;
672#endif
673#ifdef ISO
674 case AF_ISO: /* ISO OSI Protocol */
675 if (sp->pp_flags & PP_CISCO)
676 goto nosupport;
677 h->protocol = htons (PPP_ISO);
678 break;
679nosupport:
680#endif
681 default:
682 m_freem (m);
683 ++ifp->if_oerrors;
684 splx (s);
685 return (EAFNOSUPPORT);
686 }
687
688 /*
689 * Queue message on interface, and start output if interface
690 * not yet active.
691 */
692 if (IF_QFULL (ifq)) {
693 IF_DROP (&ifp->if_snd);
694 m_freem (m);
695 ++ifp->if_oerrors;
696 splx (s);
697 return (rv? rv: ENOBUFS);
698 }
699 IF_ENQUEUE (ifq, m);
700 if (! (ifp->if_flags & IFF_OACTIVE))
701 (*ifp->if_start) (ifp);
702
703 /*
704 * Count output packets and bytes.
705 * The packet length includes header, FCS and 1 flag,
706 * according to RFC 1333.
707 */
708 ifp->if_obytes += m->m_pkthdr.len + 3;
709 splx (s);
710 return (0);
711}
712
713void
714sppp_attach(struct ifnet *ifp)
715{
716 struct sppp *sp = (struct sppp*) ifp;
717
718 /* Initialize keepalive handler. */
719 if (! spppq)
720 keepalive_ch = timeout(sppp_keepalive, 0, hz * 10);
721
722 /* Insert new entry into the keepalive list. */
723 sp->pp_next = spppq;
724 spppq = sp;
725
726 sp->pp_if.if_type = IFT_PPP;
727 sp->pp_if.if_output = sppp_output;
728 sp->pp_fastq.ifq_maxlen = 32;
729 sp->pp_cpq.ifq_maxlen = 20;
730 sp->pp_loopcnt = 0;
731 sp->pp_alivecnt = 0;
732 sp->pp_seq = 0;
733 sp->pp_rseq = 0;
734 sp->pp_phase = PHASE_DEAD;
735 sp->pp_up = lcp.Up;
736 sp->pp_down = lcp.Down;
737
738 sppp_lcp_init(sp);
739 sppp_ipcp_init(sp);
740 sppp_pap_init(sp);
741 sppp_chap_init(sp);
742}
743
744void
745sppp_detach(struct ifnet *ifp)
746{
747 struct sppp **q, *p, *sp = (struct sppp*) ifp;
748 int i;
749
750 /* Remove the entry from the keepalive list. */
751 for (q = &spppq; (p = *q); q = &p->pp_next)
752 if (p == sp) {
753 *q = p->pp_next;
754 break;
755 }
756
757 /* Stop keepalive handler. */
758 if (! spppq)
759 untimeout(sppp_keepalive, 0, keepalive_ch);
760
761 for (i = 0; i < IDX_COUNT; i++)
762 untimeout((cps[i])->TO, (void *)sp, sp->ch[i]);
763 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
764}
765
766/*
767 * Flush the interface output queue.
768 */
769void
770sppp_flush(struct ifnet *ifp)
771{
772 struct sppp *sp = (struct sppp*) ifp;
773
774 sppp_qflush (&sp->pp_if.if_snd);
775 sppp_qflush (&sp->pp_fastq);
776 sppp_qflush (&sp->pp_cpq);
777}
778
779/*
780 * Check if the output queue is empty.
781 */
782int
783sppp_isempty(struct ifnet *ifp)
784{
785 struct sppp *sp = (struct sppp*) ifp;
786 int empty, s;
787
788 s = splimp();
789 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head &&
790 !sp->pp_if.if_snd.ifq_head;
791 splx(s);
792 return (empty);
793}
794
795/*
796 * Get next packet to send.
797 */
798struct mbuf *
799sppp_dequeue(struct ifnet *ifp)
800{
801 struct sppp *sp = (struct sppp*) ifp;
802 struct mbuf *m;
803 int s;
804
805 s = splimp();
806 /*
807 * Process only the control protocol queue until we have at
808 * least one NCP open.
809 *
810 * Do always serve all three queues in Cisco mode.
811 */
812 IF_DEQUEUE(&sp->pp_cpq, m);
813 if (m == NULL &&
814 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) {
815 IF_DEQUEUE(&sp->pp_fastq, m);
816 if (m == NULL)
817 IF_DEQUEUE (&sp->pp_if.if_snd, m);
818 }
819 splx(s);
820 return m;
821}
822
823/*
824 * Pick the next packet, do not remove it from the queue.
825 */
826struct mbuf *
827sppp_pick(struct ifnet *ifp)
828{
829 struct sppp *sp = (struct sppp*)ifp;
830 struct mbuf *m;
831 int s;
832
833 s= splimp ();
834
835 m = sp->pp_cpq.ifq_head;
836 if (m == NULL &&
837 (sp->pp_phase == PHASE_NETWORK ||
838 (sp->pp_flags & PP_CISCO) != 0))
839 if ((m = sp->pp_fastq.ifq_head) == NULL)
840 m = sp->pp_if.if_snd.ifq_head;
841 splx (s);
842 return (m);
843}
844
845/*
846 * Process an ioctl request. Called on low priority level.
847 */
848int
849sppp_ioctl(struct ifnet *ifp, int cmd, void *data)
850{
851 struct ifreq *ifr = (struct ifreq*) data;
852 struct sppp *sp = (struct sppp*) ifp;
853 int s, rv, going_up, going_down, newmode;
854
855 s = splimp();
856 rv = 0;
857 switch (cmd) {
858 case SIOCAIFADDR:
859 case SIOCSIFDSTADDR:
860 break;
861
862 case SIOCSIFADDR:
863 if_up(ifp);
864 /* fall through... */
865
866 case SIOCSIFFLAGS:
867 going_up = ifp->if_flags & IFF_UP &&
868 (ifp->if_flags & IFF_RUNNING) == 0;
869 going_down = (ifp->if_flags & IFF_UP) == 0 &&
870 ifp->if_flags & IFF_RUNNING;
871 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE);
872 if (newmode == (IFF_AUTO | IFF_PASSIVE)) {
873 /* sanity */
874 newmode = IFF_PASSIVE;
875 ifp->if_flags &= ~IFF_AUTO;
876 }
877
878 if (going_up || going_down)
879 lcp.Close(sp);
880 if (going_up && newmode == 0) {
881 /* neither auto-dial nor passive */
882 ifp->if_flags |= IFF_RUNNING;
883 if (!(sp->pp_flags & PP_CISCO))
884 lcp.Open(sp);
885 } else if (going_down) {
886 sppp_flush(ifp);
887 ifp->if_flags &= ~IFF_RUNNING;
888 }
889
890 break;
891
892#ifdef SIOCSIFMTU
893#ifndef ifr_mtu
894#define ifr_mtu ifr_metric
895#endif
896 case SIOCSIFMTU:
897 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru)
898 return (EINVAL);
899 ifp->if_mtu = ifr->ifr_mtu;
900 break;
901#endif
902#ifdef SLIOCSETMTU
903 case SLIOCSETMTU:
904 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru)
905 return (EINVAL);
906 ifp->if_mtu = *(short*)data;
907 break;
908#endif
909#ifdef SIOCGIFMTU
910 case SIOCGIFMTU:
911 ifr->ifr_mtu = ifp->if_mtu;
912 break;
913#endif
914#ifdef SLIOCGETMTU
915 case SLIOCGETMTU:
916 *(short*)data = ifp->if_mtu;
917 break;
918#endif
919 case SIOCADDMULTI:
920 case SIOCDELMULTI:
921 break;
922
923 case SIOCGIFGENERIC:
924 case SIOCSIFGENERIC:
925 rv = sppp_params(sp, cmd, data);
926 break;
927
928 default:
929 rv = ENOTTY;
930 }
931 splx(s);
932 return rv;
933}
934
935
936�/*
937 * Cisco framing implementation.
938 */
939
940/*
941 * Handle incoming Cisco keepalive protocol packets.
942 */
943static void
944sppp_cisco_input(struct sppp *sp, struct mbuf *m)
945{
946 STDDCL;
947 struct cisco_packet *h;
948 u_long me, mymask;
949
950 if (m->m_pkthdr.len < CISCO_PACKET_LEN) {
951 if (debug)
952 log(LOG_DEBUG,
953 "%s%d: cisco invalid packet length: %d bytes\n",
954 ifp->if_name, ifp->if_unit, m->m_pkthdr.len);
955 return;
956 }
957 h = mtod (m, struct cisco_packet*);
958 if (debug)
959 log(LOG_DEBUG,
960 "%s%d: cisco input: %d bytes "
961 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n",
962 ifp->if_name, ifp->if_unit, m->m_pkthdr.len,
963 ntohl (h->type), h->par1, h->par2, h->rel,
964 h->time0, h->time1);
965 switch (ntohl (h->type)) {
966 default:
967 if (debug)
968 addlog("%s%d: cisco unknown packet type: 0x%lx\n",
969 ifp->if_name, ifp->if_unit, ntohl (h->type));
970 break;
971 case CISCO_ADDR_REPLY:
972 /* Reply on address request, ignore */
973 break;
974 case CISCO_KEEPALIVE_REQ:
975 sp->pp_alivecnt = 0;
976 sp->pp_rseq = ntohl (h->par1);
977 if (sp->pp_seq == sp->pp_rseq) {
978 /* Local and remote sequence numbers are equal.
979 * Probably, the line is in loopback mode. */
980 if (sp->pp_loopcnt >= MAXALIVECNT) {
981 printf ("%s%d: loopback\n",
982 ifp->if_name, ifp->if_unit);
983 sp->pp_loopcnt = 0;
984 if (ifp->if_flags & IFF_UP) {
985 if_down (ifp);
986 sppp_qflush (&sp->pp_cpq);
987 }
988 }
989 ++sp->pp_loopcnt;
990
991 /* Generate new local sequence number */
992 sp->pp_seq ^= time.tv_sec ^ time.tv_usec;
993 break;
994 }
995 sp->pp_loopcnt = 0;
996 if (! (ifp->if_flags & IFF_UP) &&
997 (ifp->if_flags & IFF_RUNNING)) {
998 if_up(ifp);
999 printf ("%s%d: up\n", ifp->if_name, ifp->if_unit);
1000 }
1001 break;
1002 case CISCO_ADDR_REQ:
1003 sppp_get_ip_addrs(sp, &me, 0, &mymask);
1004 if (me != 0L)
1005 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask);
1006 break;
1007 }
1008}
1009
1010/*
1011 * Send Cisco keepalive packet.
1012 */
1013static void
1014sppp_cisco_send(struct sppp *sp, int type, long par1, long par2)
1015{
1016 STDDCL;
1017 struct ppp_header *h;
1018 struct cisco_packet *ch;
1019 struct mbuf *m;
1020 u_long t = (time.tv_sec - boottime.tv_sec) * 1000;
1021
1022 MGETHDR (m, M_DONTWAIT, MT_DATA);
1023 if (! m)
1024 return;
1025 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN;
1026 m->m_pkthdr.rcvif = 0;
1027
1028 h = mtod (m, struct ppp_header*);
1029 h->address = CISCO_MULTICAST;
1030 h->control = 0;
1031 h->protocol = htons (CISCO_KEEPALIVE);
1032
1033 ch = (struct cisco_packet*) (h + 1);
1034 ch->type = htonl (type);
1035 ch->par1 = htonl (par1);
1036 ch->par2 = htonl (par2);
1037 ch->rel = -1;
1038 ch->time0 = htons ((u_short) (t >> 16));
1039 ch->time1 = htons ((u_short) t);
1040
1041 if (debug)
1042 log(LOG_DEBUG,
1043 "%s%d: cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n",
1044 ifp->if_name, ifp->if_unit, ntohl (ch->type), ch->par1,
1045 ch->par2, ch->rel, ch->time0, ch->time1);
1046
1047 if (IF_QFULL (&sp->pp_cpq)) {
1048 IF_DROP (&sp->pp_fastq);
1049 IF_DROP (&ifp->if_snd);
1050 m_freem (m);
1051 } else
1052 IF_ENQUEUE (&sp->pp_cpq, m);
1053 if (! (ifp->if_flags & IFF_OACTIVE))
1054 (*ifp->if_start) (ifp);
1055 ifp->if_obytes += m->m_pkthdr.len + 3;
1056}
1057
1058�/*
1059 * PPP protocol implementation.
1060 */
1061
1062/*
1063 * Send PPP control protocol packet.
1064 */
1065static void
1066sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
1067 u_char ident, u_short len, void *data)
1068{
1069 STDDCL;
1070 struct ppp_header *h;
1071 struct lcp_header *lh;
1072 struct mbuf *m;
1073
1074 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN)
1075 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN;
1076 MGETHDR (m, M_DONTWAIT, MT_DATA);
1077 if (! m)
1078 return;
1079 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len;
1080 m->m_pkthdr.rcvif = 0;
1081
1082 h = mtod (m, struct ppp_header*);
1083 h->address = PPP_ALLSTATIONS; /* broadcast address */
1084 h->control = PPP_UI; /* Unnumbered Info */
1085 h->protocol = htons (proto); /* Link Control Protocol */
1086
1087 lh = (struct lcp_header*) (h + 1);
1088 lh->type = type;
1089 lh->ident = ident;
1090 lh->len = htons (LCP_HEADER_LEN + len);
1091 if (len)
1092 bcopy (data, lh+1, len);
1093
1094 if (debug) {
1095 log(LOG_DEBUG, "%s%d: %s output <%s id=0x%x len=%d",
1096 ifp->if_name, ifp->if_unit,
1097 sppp_proto_name(proto),
1098 sppp_cp_type_name (lh->type), lh->ident,
1099 ntohs (lh->len));
1100 if (len)
1101 sppp_print_bytes ((u_char*) (lh+1), len);
1102 addlog(">\n");
1103 }
1104 if (IF_QFULL (&sp->pp_cpq)) {
1105 IF_DROP (&sp->pp_fastq);
1106 IF_DROP (&ifp->if_snd);
1107 m_freem (m);
1108 ++ifp->if_oerrors;
1109 } else
1110 IF_ENQUEUE (&sp->pp_cpq, m);
1111 if (! (ifp->if_flags & IFF_OACTIVE))
1112 (*ifp->if_start) (ifp);
1113 ifp->if_obytes += m->m_pkthdr.len + 3;
1114}
1115
1116/*
1117 * Handle incoming PPP control protocol packets.
1118 */
1119static void
1120sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m)
1121{
1122 STDDCL;
1123 struct lcp_header *h;
1124 int len = m->m_pkthdr.len;
1125 int rv;
1126 u_char *p;
1127
1128 if (len < 4) {
1129 if (debug)
1130 log(LOG_DEBUG,
1131 "%s%d: %s invalid packet length: %d bytes\n",
1132 ifp->if_name, ifp->if_unit, cp->name, len);
1133 return;
1134 }
1135 h = mtod (m, struct lcp_header*);
1136 if (debug) {
1137 log(LOG_DEBUG,
1138 "%s%d: %s input(%s): <%s id=0x%x len=%d",
1139 ifp->if_name, ifp->if_unit, cp->name,
1140 sppp_state_name(sp->state[cp->protoidx]),
1141 sppp_cp_type_name (h->type), h->ident, ntohs (h->len));
1142 if (len > 4)
1143 sppp_print_bytes ((u_char*) (h+1), len-4);
1144 addlog(">\n");
1145 }
1146 if (len > ntohs (h->len))
1147 len = ntohs (h->len);
1148 p = (u_char *)(h + 1);
1149 switch (h->type) {
1150 case CONF_REQ:
1151 if (len < 4) {
1152 if (debug)
1153 addlog("%s%d: %s invalid conf-req length %d\n",
1154 ifp->if_name, ifp->if_unit, cp->name,
1155 len);
1156 ++ifp->if_ierrors;
1157 break;
1158 }
1159 /* handle states where RCR doesn't get a SCA/SCN */
1160 switch (sp->state[cp->protoidx]) {
1161 case STATE_CLOSING:
1162 case STATE_STOPPING:
1163 return;
1164 case STATE_CLOSED:
1165 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident,
1166 0, 0);
1167 return;
1168 }
1169 rv = (cp->RCR)(sp, h, len);
1170 switch (sp->state[cp->protoidx]) {
1171 case STATE_OPENED:
1172 (cp->tld)(sp);
1173 (cp->scr)(sp);
1174 /* fall through... */
1175 case STATE_ACK_SENT:
1176 case STATE_REQ_SENT:
1177 sppp_cp_change_state(cp, sp, rv?
1178 STATE_ACK_SENT: STATE_REQ_SENT);
1179 break;
1180 case STATE_STOPPED:
1181 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1182 (cp->scr)(sp);
1183 sppp_cp_change_state(cp, sp, rv?
1184 STATE_ACK_SENT: STATE_REQ_SENT);
1185 break;
1186 case STATE_ACK_RCVD:
1187 if (rv) {
1188 sppp_cp_change_state(cp, sp, STATE_OPENED);
1189 if (debug)
1190 log(LOG_DEBUG, "%s%d: %s tlu\n",
1191 ifp->if_name, ifp->if_unit,
1192 cp->name);
1193 (cp->tlu)(sp);
1194 } else
1195 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1196 break;
1197 default:
1198 printf("%s%d: %s illegal %s in state %s\n",
1199 ifp->if_name, ifp->if_unit, cp->name,
1200 sppp_cp_type_name(h->type),
1201 sppp_state_name(sp->state[cp->protoidx]));
1202 ++ifp->if_ierrors;
1203 }
1204 break;
1205 case CONF_ACK:
1206 if (h->ident != sp->confid[cp->protoidx]) {
1207 if (debug)
1208 addlog("%s%d: %s id mismatch 0x%x != 0x%x\n",
1209 ifp->if_name, ifp->if_unit, cp->name,
1210 h->ident, sp->confid[cp->protoidx]);
1211 ++ifp->if_ierrors;
1212 break;
1213 }
1214 switch (sp->state[cp->protoidx]) {
1215 case STATE_CLOSED:
1216 case STATE_STOPPED:
1217 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1218 break;
1219 case STATE_CLOSING:
1220 case STATE_STOPPING:
1221 break;
1222 case STATE_REQ_SENT:
1223 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1224 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1225 break;
1226 case STATE_OPENED:
1227 (cp->tld)(sp);
1228 /* fall through */
1229 case STATE_ACK_RCVD:
1230 (cp->scr)(sp);
1231 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1232 break;
1233 case STATE_ACK_SENT:
1234 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1235 sppp_cp_change_state(cp, sp, STATE_OPENED);
1236 if (debug)
1237 log(LOG_DEBUG, "%s%d: %s tlu\n",
1238 ifp->if_name, ifp->if_unit, cp->name);
1239 (cp->tlu)(sp);
1240 break;
1241 default:
1242 printf("%s%d: %s illegal %s in state %s\n",
1243 ifp->if_name, ifp->if_unit, cp->name,
1244 sppp_cp_type_name(h->type),
1245 sppp_state_name(sp->state[cp->protoidx]));
1246 ++ifp->if_ierrors;
1247 }
1248 break;
1249 case CONF_NAK:
1250 case CONF_REJ:
1251 if (h->ident != sp->confid[cp->protoidx]) {
1252 if (debug)
1253 addlog("%s%d: %s id mismatch 0x%x != 0x%x\n",
1254 ifp->if_name, ifp->if_unit, cp->name,
1255 h->ident, sp->confid[cp->protoidx]);
1256 ++ifp->if_ierrors;
1257 break;
1258 }
1259 if (h->type == CONF_NAK)
1260 (cp->RCN_nak)(sp, h, len);
1261 else /* CONF_REJ */
1262 (cp->RCN_rej)(sp, h, len);
1263
1264 switch (sp->state[cp->protoidx]) {
1265 case STATE_CLOSED:
1266 case STATE_STOPPED:
1267 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1268 break;
1269 case STATE_REQ_SENT:
1270 case STATE_ACK_SENT:
1271 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1272 (cp->scr)(sp);
1273 break;
1274 case STATE_OPENED:
1275 (cp->tld)(sp);
1276 /* fall through */
1277 case STATE_ACK_RCVD:
1278 sppp_cp_change_state(cp, sp, STATE_ACK_SENT);
1279 (cp->scr)(sp);
1280 break;
1281 case STATE_CLOSING:
1282 case STATE_STOPPING:
1283 break;
1284 default:
1285 printf("%s%d: %s illegal %s in state %s\n",
1286 ifp->if_name, ifp->if_unit, cp->name,
1287 sppp_cp_type_name(h->type),
1288 sppp_state_name(sp->state[cp->protoidx]));
1289 ++ifp->if_ierrors;
1290 }
1291 break;
1292
1293 case TERM_REQ:
1294 switch (sp->state[cp->protoidx]) {
1295 case STATE_ACK_RCVD:
1296 case STATE_ACK_SENT:
1297 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1298 /* fall through */
1299 case STATE_CLOSED:
1300 case STATE_STOPPED:
1301 case STATE_CLOSING:
1302 case STATE_STOPPING:
1303 case STATE_REQ_SENT:
1304 sta:
1305 /* Send Terminate-Ack packet. */
1306 if (debug)
1307 log(LOG_DEBUG, "%s%d: %s send terminate-ack\n",
1308 ifp->if_name, ifp->if_unit, cp->name);
1309 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1310 break;
1311 case STATE_OPENED:
1312 (cp->tld)(sp);
1313 sp->rst_counter[cp->protoidx] = 0;
1314 sppp_cp_change_state(cp, sp, STATE_STOPPING);
1315 goto sta;
1316 break;
1317 default:
1318 printf("%s%d: %s illegal %s in state %s\n",
1319 ifp->if_name, ifp->if_unit, cp->name,
1320 sppp_cp_type_name(h->type),
1321 sppp_state_name(sp->state[cp->protoidx]));
1322 ++ifp->if_ierrors;
1323 }
1324 break;
1325 case TERM_ACK:
1326 switch (sp->state[cp->protoidx]) {
1327 case STATE_CLOSED:
1328 case STATE_STOPPED:
1329 case STATE_REQ_SENT:
1330 case STATE_ACK_SENT:
1331 break;
1332 case STATE_CLOSING:
1333 (cp->tlf)(sp);
1334 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1335 break;
1336 case STATE_STOPPING:
1337 (cp->tlf)(sp);
1338 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1339 break;
1340 case STATE_ACK_RCVD:
1341 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1342 break;
1343 case STATE_OPENED:
1344 (cp->tld)(sp);
1345 (cp->scr)(sp);
1346 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1347 break;
1348 default:
1349 printf("%s%d: %s illegal %s in state %s\n",
1350 ifp->if_name, ifp->if_unit, cp->name,
1351 sppp_cp_type_name(h->type),
1352 sppp_state_name(sp->state[cp->protoidx]));
1353 ++ifp->if_ierrors;
1354 }
1355 break;
1356 case CODE_REJ:
1357 case PROTO_REJ:
1358 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */
1359 log(LOG_INFO,
1360 "%s%d: %s: ignoring RXJ (%s) for proto 0x%x, "
1361 "danger will robinson\n",
1362 ifp->if_name, ifp->if_unit, cp->name,
1363 sppp_cp_type_name(h->type), ntohs(*((u_short *)p)));
1364 switch (sp->state[cp->protoidx]) {
1365 case STATE_CLOSED:
1366 case STATE_STOPPED:
1367 case STATE_REQ_SENT:
1368 case STATE_ACK_SENT:
1369 case STATE_CLOSING:
1370 case STATE_STOPPING:
1371 case STATE_OPENED:
1372 break;
1373 case STATE_ACK_RCVD:
1374 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1375 break;
1376 default:
1377 printf("%s%d: %s illegal %s in state %s\n",
1378 ifp->if_name, ifp->if_unit, cp->name,
1379 sppp_cp_type_name(h->type),
1380 sppp_state_name(sp->state[cp->protoidx]));
1381 ++ifp->if_ierrors;
1382 }
1383 break;
1384 case DISC_REQ:
1385 if (cp->proto != PPP_LCP)
1386 goto illegal;
1387 /* Discard the packet. */
1388 break;
1389 case ECHO_REQ:
1390 if (cp->proto != PPP_LCP)
1391 goto illegal;
1392 if (sp->state[cp->protoidx] != STATE_OPENED) {
1393 if (debug)
1394 addlog("%s%d: lcp echo req but lcp closed\n",
1395 ifp->if_name, ifp->if_unit);
1396 ++ifp->if_ierrors;
1397 break;
1398 }
1399 if (len < 8) {
1400 if (debug)
1401 addlog("%s%d: invalid lcp echo request "
1402 "packet length: %d bytes\n",
1403 ifp->if_name, ifp->if_unit, len);
1404 break;
1405 }
1406 if (ntohl (*(long*)(h+1)) == sp->lcp.magic) {
1407 /* Line loopback mode detected. */
1408 printf("%s%d: loopback\n", ifp->if_name, ifp->if_unit);
1409 if_down (ifp);
1410 sppp_qflush (&sp->pp_cpq);
1411
1412 /* Shut down the PPP link. */
1413 /* XXX */
1414 lcp.Down(sp);
1415 lcp.Up(sp);
1416 break;
1417 }
1418 *(long*)(h+1) = htonl (sp->lcp.magic);
1419 if (debug)
1420 addlog("%s%d: got lcp echo req, sending echo rep\n",
1421 ifp->if_name, ifp->if_unit);
1422 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1);
1423 break;
1424 case ECHO_REPLY:
1425 if (cp->proto != PPP_LCP)
1426 goto illegal;
1427 if (h->ident != sp->lcp.echoid) {
1428 ++ifp->if_ierrors;
1429 break;
1430 }
1431 if (len < 8) {
1432 if (debug)
1433 addlog("%s%d: lcp invalid echo reply "
1434 "packet length: %d bytes\n",
1435 ifp->if_name, ifp->if_unit, len);
1436 break;
1437 }
1438 if (debug)
1439 addlog("%s%d: lcp got echo rep\n",
1440 ifp->if_name, ifp->if_unit);
1441 if (ntohl (*(long*)(h+1)) != sp->lcp.magic)
1442 sp->pp_alivecnt = 0;
1443 break;
1444 default:
1445 /* Unknown packet type -- send Code-Reject packet. */
1446 illegal:
1447 if (debug)
1448 addlog("%s%d: %c send code-rej for 0x%x\n",
1449 ifp->if_name, ifp->if_unit, cp->name, h->type);
1450 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq,
1451 m->m_pkthdr.len, h);
1452 ++ifp->if_ierrors;
1453 }
1454}
1455
1456
1457/*
1458 * The generic part of all Up/Down/Open/Close/TO event handlers.
1459 * Basically, the state transition handling in the automaton.
1460 */
1461static void
1462sppp_up_event(const struct cp *cp, struct sppp *sp)
1463{
1464 STDDCL;
1465
1466 if (debug)
1467 log(LOG_DEBUG, "%s%d: %s up(%s)\n",
1468 ifp->if_name, ifp->if_unit, cp->name,
1469 sppp_state_name(sp->state[cp->protoidx]));
1470
1471 switch (sp->state[cp->protoidx]) {
1472 case STATE_INITIAL:
1473 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1474 break;
1475 case STATE_STARTING:
1476 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1477 (cp->scr)(sp);
1478 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1479 break;
1480 default:
1481 printf("%s%d: %s illegal up in state %s\n",
1482 ifp->if_name, ifp->if_unit, cp->name,
1483 sppp_state_name(sp->state[cp->protoidx]));
1484 }
1485}
1486
1487static void
1488sppp_down_event(const struct cp *cp, struct sppp *sp)
1489{
1490 STDDCL;
1491
1492 if (debug)
1493 log(LOG_DEBUG, "%s%d: %s down(%s)\n",
1494 ifp->if_name, ifp->if_unit, cp->name,
1495 sppp_state_name(sp->state[cp->protoidx]));
1496
1497 switch (sp->state[cp->protoidx]) {
1498 case STATE_CLOSED:
1499 case STATE_CLOSING:
1500 sppp_cp_change_state(cp, sp, STATE_INITIAL);
1501 break;
1502 case STATE_STOPPED:
1503 (cp->tls)(sp);
1504 /* fall through */
1505 case STATE_STOPPING:
1506 case STATE_REQ_SENT:
1507 case STATE_ACK_RCVD:
1508 case STATE_ACK_SENT:
1509 sppp_cp_change_state(cp, sp, STATE_STARTING);
1510 break;
1511 case STATE_OPENED:
1512 (cp->tld)(sp);
1513 sppp_cp_change_state(cp, sp, STATE_STARTING);
1514 break;
1515 default:
1516 printf("%s%d: %s illegal down in state %s\n",
1517 ifp->if_name, ifp->if_unit, cp->name,
1518 sppp_state_name(sp->state[cp->protoidx]));
1519 }
1520}
1521
1522
1523static void
1524sppp_open_event(const struct cp *cp, struct sppp *sp)
1525{
1526 STDDCL;
1527
1528 if (debug)
1529 log(LOG_DEBUG, "%s%d: %s open(%s)\n",
1530 ifp->if_name, ifp->if_unit, cp->name,
1531 sppp_state_name(sp->state[cp->protoidx]));
1532
1533 switch (sp->state[cp->protoidx]) {
1534 case STATE_INITIAL:
1535 (cp->tls)(sp);
1536 sppp_cp_change_state(cp, sp, STATE_STARTING);
1537 break;
1538 case STATE_STARTING:
1539 break;
1540 case STATE_CLOSED:
1541 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1542 (cp->scr)(sp);
1543 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1544 break;
1545 case STATE_STOPPED:
1546 case STATE_STOPPING:
1547 case STATE_REQ_SENT:
1548 case STATE_ACK_RCVD:
1549 case STATE_ACK_SENT:
1550 case STATE_OPENED:
1551 break;
1552 case STATE_CLOSING:
1553 sppp_cp_change_state(cp, sp, STATE_STOPPING);
1554 break;
1555 }
1556}
1557
1558
1559static void
1560sppp_close_event(const struct cp *cp, struct sppp *sp)
1561{
1562 STDDCL;
1563
1564 if (debug)
1565 log(LOG_DEBUG, "%s%d: %s close(%s)\n",
1566 ifp->if_name, ifp->if_unit, cp->name,
1567 sppp_state_name(sp->state[cp->protoidx]));
1568
1569 switch (sp->state[cp->protoidx]) {
1570 case STATE_INITIAL:
1571 case STATE_CLOSED:
1572 case STATE_CLOSING:
1573 break;
1574 case STATE_STARTING:
1575 (cp->tlf)(sp);
1576 sppp_cp_change_state(cp, sp, STATE_INITIAL);
1577 break;
1578 case STATE_STOPPED:
1579 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1580 break;
1581 case STATE_STOPPING:
1582 sppp_cp_change_state(cp, sp, STATE_CLOSING);
1583 break;
1584 case STATE_OPENED:
1585 (cp->tld)(sp);
1586 /* fall through */
1587 case STATE_REQ_SENT:
1588 case STATE_ACK_RCVD:
1589 case STATE_ACK_SENT:
1590 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate;
1591 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0);
1592 sppp_cp_change_state(cp, sp, STATE_CLOSING);
1593 break;
1594 }
1595}
1596
1597static void
1598sppp_to_event(const struct cp *cp, struct sppp *sp)
1599{
1600 STDDCL;
1601 int s;
1602
1603 s = splimp();
1604 if (debug)
1605 log(LOG_DEBUG, "%s%d: %s TO(%s) rst_counter = %d\n",
1606 ifp->if_name, ifp->if_unit, cp->name,
1607 sppp_state_name(sp->state[cp->protoidx]),
1608 sp->rst_counter[cp->protoidx]);
1609
1610 if (--sp->rst_counter[cp->protoidx] < 0)
1611 /* TO- event */
1612 switch (sp->state[cp->protoidx]) {
1613 case STATE_CLOSING:
1614 (cp->tlf)(sp);
1615 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1616 break;
1617 case STATE_STOPPING:
1618 (cp->tlf)(sp);
1619 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1620 break;
1621 case STATE_REQ_SENT:
1622 case STATE_ACK_RCVD:
1623 case STATE_ACK_SENT:
1624 (cp->tlf)(sp);
1625 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1626 break;
1627 }
1628 else
1629 /* TO+ event */
1630 switch (sp->state[cp->protoidx]) {
1631 case STATE_CLOSING:
1632 case STATE_STOPPING:
1633 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq,
1634 0, 0);
1635 sp->ch[cp->protoidx] = timeout(cp->TO, (void *)sp,
1636 sp->lcp.timeout);
1637 break;
1638 case STATE_REQ_SENT:
1639 case STATE_ACK_RCVD:
1640 (cp->scr)(sp);
1641 /* sppp_cp_change_state() will restart the timer */
1642 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1643 break;
1644 case STATE_ACK_SENT:
1645 (cp->scr)(sp);
1646 sp->ch[cp->protoidx] = timeout(cp->TO, (void *)sp,
1647 sp->lcp.timeout);
1648 break;
1649 }
1650
1651 splx(s);
1652}
1653
1654/*
1655 * Change the state of a control protocol in the state automaton.
1656 * Takes care of starting/stopping the restart timer.
1657 */
1658void
1659sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate)
1660{
1661 sp->state[cp->protoidx] = newstate;
1662
1663 untimeout(cp->TO, (void *)sp, sp->ch[cp->protoidx]);
1664 switch (newstate) {
1665 case STATE_INITIAL:
1666 case STATE_STARTING:
1667 case STATE_CLOSED:
1668 case STATE_STOPPED:
1669 case STATE_OPENED:
1670 break;
1671 case STATE_CLOSING:
1672 case STATE_STOPPING:
1673 case STATE_REQ_SENT:
1674 case STATE_ACK_RCVD:
1675 case STATE_ACK_SENT:
1676 sp->ch[cp->protoidx] = timeout(cp->TO, (void *)sp,
1677 sp->lcp.timeout);
1678 break;
1679 }
1680}
1681�/*
1682 *--------------------------------------------------------------------------*
1683 * *
1684 * The LCP implementation. *
1685 * *
1686 *--------------------------------------------------------------------------*
1687 */
1688static void
1689sppp_lcp_init(struct sppp *sp)
1690{
1691 sp->lcp.opts = (1 << LCP_OPT_MAGIC);
1692 sp->lcp.magic = 0;
1693 sp->state[IDX_LCP] = STATE_INITIAL;
1694 sp->fail_counter[IDX_LCP] = 0;
1695 sp->lcp.protos = 0;
1696 sp->lcp.mru = sp->lcp.their_mru = PP_MTU;
1697
1698 /*
1699 * Initialize counters and timeout values. Note that we don't
1700 * use the 3 seconds suggested in RFC 1661 since we are likely
1701 * running on a fast link. XXX We should probably implement
1702 * the exponential backoff option. Note that these values are
1703 * relevant for all control protocols, not just LCP only.
1704 */
1705 sp->lcp.timeout = 1 * hz;
1706 sp->lcp.max_terminate = 2;
1707 sp->lcp.max_configure = 10;
1708 sp->lcp.max_failure = 10;
1709 callout_handle_init(&sp->ch[IDX_LCP]);
1710}
1711
1712static void
1713sppp_lcp_up(struct sppp *sp)
1714{
1715 STDDCL;
1716
1717 /*
1718 * If this interface is passive or dial-on-demand, and we are
1719 * still in Initial state, it means we've got an incoming
1720 * call. Activate the interface.
1721 */
1722 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) {
1723 if (debug)
1724 log(LOG_DEBUG,
1725 "%s%d: Up event", ifp->if_name, ifp->if_unit);
1726 ifp->if_flags |= IFF_RUNNING;
1727 if (sp->state[IDX_LCP] == STATE_INITIAL) {
1728 if (debug)
1729 addlog("(incoming call)\n");
1730 sp->pp_flags |= PP_CALLIN;
1731 lcp.Open(sp);
1732 } else if (debug)
1733 addlog("\n");
1734 }
1735
1736 sppp_up_event(&lcp, sp);
1737}
1738
1739static void
1740sppp_lcp_down(struct sppp *sp)
1741{
1742 STDDCL;
1743
1744 sppp_down_event(&lcp, sp);
1745
1746 /*
1747 * If this is neither a dial-on-demand nor a passive
1748 * interface, simulate an ``ifconfig down'' action, so the
1749 * administrator can force a redial by another ``ifconfig
1750 * up''. XXX For leased line operation, should we immediately
1751 * try to reopen the connection here?
1752 */
1753 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) {
1754 log(LOG_INFO,
1755 "%s%d: Down event (carrier loss), taking interface down.\n",
1756 ifp->if_name, ifp->if_unit);
1757 if_down(ifp);
1758 } else {
1759 if (debug)
1760 log(LOG_DEBUG,
1761 "%s%d: Down event (carrier loss)\n",
1762 ifp->if_name, ifp->if_unit);
1763 }
1764 sp->pp_flags &= ~PP_CALLIN;
1765 if (sp->state[IDX_LCP] != STATE_INITIAL)
1766 lcp.Close(sp);
1767 ifp->if_flags &= ~IFF_RUNNING;
1768}
1769
1770static void
1771sppp_lcp_open(struct sppp *sp)
1772{
1773 /*
1774 * If we are authenticator, negotiate LCP_AUTH
1775 */
1776 if (sp->hisauth.proto != 0)
1777 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO);
1778 else
1779 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
1780 sp->pp_flags &= ~PP_NEEDAUTH;
1781 sppp_open_event(&lcp, sp);
1782}
1783
1784static void
1785sppp_lcp_close(struct sppp *sp)
1786{
1787 sppp_close_event(&lcp, sp);
1788}
1789
1790static void
1791sppp_lcp_TO(void *cookie)
1792{
1793 sppp_to_event(&lcp, (struct sppp *)cookie);
1794}
1795
1796/*
1797 * Analyze a configure request. Return true if it was agreeable, and
1798 * caused action sca, false if it has been rejected or nak'ed, and
1799 * caused action scn. (The return value is used to make the state
1800 * transition decision in the state automaton.)
1801 */
1802static int
1803sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
1804{
1805 STDDCL;
1806 u_char *buf, *r, *p;
1807 int origlen, rlen;
1808 u_long nmagic;
1809 u_short authproto;
1810
1811 len -= 4;
1812 origlen = len;
1813 buf = r = malloc (len, M_TEMP, M_NOWAIT);
1814 if (! buf)
1815 return (0);
1816
1817 if (debug)
1818 log(LOG_DEBUG, "%s%d: lcp parse opts: ",
1819 ifp->if_name, ifp->if_unit);
1820
1821 /* pass 1: check for things that need to be rejected */
1822 p = (void*) (h+1);
1823 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
1824 if (debug)
1825 addlog(" %s ", sppp_lcp_opt_name(*p));
1826 switch (*p) {
1827 case LCP_OPT_MAGIC:
1828 /* Magic number. */
1829 /* fall through, both are same length */
1830 case LCP_OPT_ASYNC_MAP:
1831 /* Async control character map. */
1832 if (len >= 6 || p[1] == 6)
1833 continue;
1834 if (debug)
1835 addlog("[invalid] ");
1836 break;
1837 case LCP_OPT_MRU:
1838 /* Maximum receive unit. */
1839 if (len >= 4 && p[1] == 4)
1840 continue;
1841 if (debug)
1842 addlog("[invalid] ");
1843 break;
1844 case LCP_OPT_AUTH_PROTO:
1845 if (len < 4) {
1846 if (debug)
1847 addlog("[invalid] ");
1848 break;
1849 }
1850 authproto = (p[2] << 8) + p[3];
1851 if (authproto == PPP_CHAP && p[1] != 5) {
1852 if (debug)
1853 addlog("[invalid chap len] ");
1854 break;
1855 }
1856 if (sp->myauth.proto == 0) {
1857 /* we are not configured to do auth */
1858 if (debug)
1859 addlog("[not configured] ");
1860 break;
1861 }
1862 /*
1863 * Remote want us to authenticate, remember this,
1864 * so we stay in PHASE_AUTHENTICATE after LCP got
1865 * up.
1866 */
1867 sp->pp_flags |= PP_NEEDAUTH;
1868 continue;
1869 default:
1870 /* Others not supported. */
1871 if (debug)
1872 addlog("[rej] ");
1873 break;
1874 }
1875 /* Add the option to rejected list. */
1876 bcopy (p, r, p[1]);
1877 r += p[1];
1878 rlen += p[1];
1879 }
1880 if (rlen) {
1881 if (debug)
1882 addlog(" send conf-rej\n");
1883 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
1884 return 0;
1885 } else if (debug)
1886 addlog("\n");
1887
1888 /*
1889 * pass 2: check for option values that are unacceptable and
1890 * thus require to be nak'ed.
1891 */
1892 if (debug)
1893 log(LOG_DEBUG, "%s%d: lcp parse opt values: ",
1894 ifp->if_name, ifp->if_unit);
1895
1896 p = (void*) (h+1);
1897 len = origlen;
1898 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
1899 if (debug)
1900 addlog(" %s ", sppp_lcp_opt_name(*p));
1901 switch (*p) {
1902 case LCP_OPT_MAGIC:
1903 /* Magic number -- extract. */
1904 nmagic = (u_long)p[2] << 24 |
1905 (u_long)p[3] << 16 | p[4] << 8 | p[5];
1906 if (nmagic != sp->lcp.magic) {
1907 if (debug)
1908 addlog("0x%x ", nmagic);
1909 continue;
1910 }
1911 /*
1912 * Local and remote magics equal -- loopback?
1913 */
1914 if (sp->pp_loopcnt >= MAXALIVECNT*5) {
1915 printf ("%s%d: loopback\n",
1916 ifp->if_name, ifp->if_unit);
1917 sp->pp_loopcnt = 0;
1918 if (ifp->if_flags & IFF_UP) {
1919 if_down(ifp);
1920 sppp_qflush(&sp->pp_cpq);
1921 /* XXX ? */
1922 lcp.Down(sp);
1923 lcp.Up(sp);
1924 }
1925 } else if (debug)
1926 addlog("[glitch] ");
1927 ++sp->pp_loopcnt;
1928 /*
1929 * We negate our magic here, and NAK it. If
1930 * we see it later in an NAK packet, we
1931 * suggest a new one.
1932 */
1933 nmagic = ~sp->lcp.magic;
1934 /* Gonna NAK it. */
1935 p[2] = nmagic >> 24;
1936 p[3] = nmagic >> 16;
1937 p[4] = nmagic >> 8;
1938 p[5] = nmagic;
1939 break;
1940
1941 case LCP_OPT_ASYNC_MAP:
1942 /* Async control character map -- check to be zero. */
1943 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) {
1944 if (debug)
1945 addlog("[empty] ");
1946 continue;
1947 }
1948 if (debug)
1949 addlog("[non-empty] ");
1950 /* suggest a zero one */
1951 p[2] = p[3] = p[4] = p[5] = 0;
1952 break;
1953
1954 case LCP_OPT_MRU:
1955 /*
1956 * Maximum receive unit. Always agreeable,
1957 * but ignored by now.
1958 */
1959 sp->lcp.their_mru = p[2] * 256 + p[3];
1960 if (debug)
1961 addlog("%d ", sp->lcp.their_mru);
1962 continue;
1963
1964 case LCP_OPT_AUTH_PROTO:
1965 authproto = (p[2] << 8) + p[3];
1966 if (sp->myauth.proto != authproto) {
1967 /* not agreed, nak */
1968 if (debug)
1969 addlog("[mine %s != his %s] ",
1970 sppp_proto_name(sp->hisauth.proto),
1971 sppp_proto_name(authproto));
1972 p[2] = sp->myauth.proto >> 8;
1973 p[3] = sp->myauth.proto;
1974 break;
1975 }
1976 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) {
1977 if (debug)
1978 addlog("[chap not MD5] ");
1979 p[4] == CHAP_MD5;
1980 break;
1981 }
1982 continue;
1983 }
1984 /* Add the option to nak'ed list. */
1985 bcopy (p, r, p[1]);
1986 r += p[1];
1987 rlen += p[1];
1988 }
1989 if (rlen) {
1990 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) {
1991 if (debug)
1992 addlog(" max_failure (%d) exceeded, "
1993 "send conf-rej\n",
1994 sp->lcp.max_failure);
1995 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
1996 } else {
1997 if (debug)
1998 addlog(" send conf-nak\n");
1999 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf);
2000 }
2001 return 0;
2002 } else {
2003 if (debug)
2004 addlog(" send conf-ack\n");
2005 sp->fail_counter[IDX_LCP] = 0;
2006 sp->pp_loopcnt = 0;
2007 sppp_cp_send (sp, PPP_LCP, CONF_ACK,
2008 h->ident, origlen, h+1);
2009 }
2010
2011 free (buf, M_TEMP);
2012 return (rlen == 0);
2013}
2014
2015/*
2016 * Analyze the LCP Configure-Reject option list, and adjust our
2017 * negotiation.
2018 */
2019static void
2020sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
2021{
2022 STDDCL;
2023 u_char *buf, *p;
2024
2025 len -= 4;
2026 buf = malloc (len, M_TEMP, M_NOWAIT);
2027 if (!buf)
2028 return;
2029
2030 if (debug)
2031 log(LOG_DEBUG, "%s%d: lcp rej opts: ",
2032 ifp->if_name, ifp->if_unit);
2033
2034 p = (void*) (h+1);
2035 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
2036 if (debug)
2037 addlog(" %s ", sppp_lcp_opt_name(*p));
2038 switch (*p) {
2039 case LCP_OPT_MAGIC:
2040 /* Magic number -- can't use it, use 0 */
2041 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC);
2042 sp->lcp.magic = 0;
2043 break;
2044 case LCP_OPT_MRU:
2045 /*
2046 * Should not be rejected anyway, since we only
2047 * negotiate a MRU if explicitly requested by
2048 * peer.
2049 */
2050 sp->lcp.opts &= ~(1 << LCP_OPT_MRU);
2051 break;
2052 case LCP_OPT_AUTH_PROTO:
2053 /*
2054 * Peer doesn't want to authenticate himself,
2055 * deny unless this is a dialout call, and
2056 * AUTHFLAG_NOCALLOUT is set.
2057 */
2058 if ((sp->pp_flags & PP_CALLIN) == 0 &&
2059 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) {
2060 if (debug)
2061 addlog("[don't insist on auth "
2062 "for callout]");
2063 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
2064 break;
2065 }
2066 if (debug)
2067 addlog("[access denied]\n");
2068 lcp.Close(sp);
2069 break;
2070 }
2071 }
2072 if (debug)
2073 addlog("\n");
2074 free (buf, M_TEMP);
2075 return;
2076}
2077
2078/*
2079 * Analyze the LCP Configure-NAK option list, and adjust our
2080 * negotiation.
2081 */
2082static void
2083sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
2084{
2085 STDDCL;
2086 u_char *buf, *p;
2087 u_long magic;
2088
2089 len -= 4;
2090 buf = malloc (len, M_TEMP, M_NOWAIT);
2091 if (!buf)
2092 return;
2093
2094 if (debug)
2095 log(LOG_DEBUG, "%s%d: lcp nak opts: ",
2096 ifp->if_name, ifp->if_unit);
2097
2098 p = (void*) (h+1);
2099 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
2100 if (debug)
2101 addlog(" %s ", sppp_lcp_opt_name(*p));
2102 switch (*p) {
2103 case LCP_OPT_MAGIC:
2104 /* Magic number -- renegotiate */
2105 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) &&
2106 len >= 6 && p[1] == 6) {
2107 magic = (u_long)p[2] << 24 |
2108 (u_long)p[3] << 16 | p[4] << 8 | p[5];
2109 /*
2110 * If the remote magic is our negated one,
2111 * this looks like a loopback problem.
2112 * Suggest a new magic to make sure.
2113 */
2114 if (magic == ~sp->lcp.magic) {
2115 if (debug)
2116 addlog("magic glitch ");
2117 sp->lcp.magic += time.tv_sec + time.tv_usec;
2118 } else {
2119 sp->lcp.magic = magic;
2120 if (debug)
2121 addlog("%d ");
2122 }
2123 }
2124 break;
2125 case LCP_OPT_MRU:
2126 /*
2127 * Peer wants to advise us to negotiate an MRU.
2128 * Agree on it if it's reasonable, or use
2129 * default otherwise.
2130 */
2131 if (len >= 4 && p[1] == 4) {
2132 u_int mru = p[2] * 256 + p[3];
2133 if (debug)
2134 addlog("%d ", mru);
2135 if (mru < PP_MTU || mru > PP_MAX_MRU)
2136 mru = PP_MTU;
2137 sp->lcp.mru = mru;
2138 sp->lcp.opts |= (1 << LCP_OPT_MRU);
2139 }
2140 break;
2141 case LCP_OPT_AUTH_PROTO:
2142 /*
2143 * Peer doesn't like our authentication method,
2144 * deny.
2145 */
2146 if (debug)
2147 addlog("[access denied]\n");
2148 lcp.Close(sp);
2149 break;
2150 }
2151 }
2152 if (debug)
2153 addlog("\n");
2154 free (buf, M_TEMP);
2155 return;
2156}
2157
2158static void
2159sppp_lcp_tlu(struct sppp *sp)
2160{
2161 STDDCL;
2162 int i;
2163 u_long mask;
2164
2165 /* XXX ? */
2166 if (! (ifp->if_flags & IFF_UP) &&
2167 (ifp->if_flags & IFF_RUNNING)) {
2168 /* Coming out of loopback mode. */
2169 if_up(ifp);
2170 printf ("%s%d: up\n", ifp->if_name, ifp->if_unit);
2171 }
2172
2173 for (i = 0; i < IDX_COUNT; i++)
2174 if ((cps[i])->flags & CP_QUAL)
2175 (cps[i])->Open(sp);
2176
2177 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 ||
2178 (sp->pp_flags & PP_NEEDAUTH) != 0)
2179 sp->pp_phase = PHASE_AUTHENTICATE;
2180 else
2181 sp->pp_phase = PHASE_NETWORK;
2182
2183 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit,
2184 sppp_phase_name(sp->pp_phase));
2185
2186 /*
2187 * Open all authentication protocols. This is even required
2188 * if we already proceeded to network phase, since it might be
2189 * that remote wants us to authenticate, so we might have to
2190 * send a PAP request. Undesired authentication protocols
2191 * don't do anything when they get an Open event.
2192 */
2193 for (i = 0; i < IDX_COUNT; i++)
2194 if ((cps[i])->flags & CP_AUTH)
2195 (cps[i])->Open(sp);
2196
2197 if (sp->pp_phase == PHASE_NETWORK) {
2198 /* Notify all NCPs. */
2199 for (i = 0; i < IDX_COUNT; i++)
2200 if ((cps[i])->flags & CP_NCP)
2201 (cps[i])->Open(sp);
2202 }
2203
2204 /* Send Up events to all started protos. */
2205 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2206 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0)
2207 (cps[i])->Up(sp);
2208
2209 if (sp->pp_phase == PHASE_NETWORK)
2210 /* if no NCP is starting, close down */
2211 sppp_lcp_check_and_close(sp);
2212}
2213
2214static void
2215sppp_lcp_tld(struct sppp *sp)
2216{
2217 STDDCL;
2218 int i;
2219 u_long mask;
2220
2221 sp->pp_phase = PHASE_TERMINATE;
2222
2223 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit,
2224 sppp_phase_name(sp->pp_phase));
2225
2226 /*
2227 * Take upper layers down. We send the Down event first and
2228 * the Close second to prevent the upper layers from sending
2229 * ``a flurry of terminate-request packets'', as the RFC
2230 * describes it.
2231 */
2232 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2233 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) {
2234 (cps[i])->Down(sp);
2235 (cps[i])->Close(sp);
2236 }
2237}
2238
2239static void
2240sppp_lcp_tls(struct sppp *sp)
2241{
2242 STDDCL;
2243
2244 sp->pp_phase = PHASE_ESTABLISH;
2245
2246 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit,
2247 sppp_phase_name(sp->pp_phase));
2248
2249 /* Notify lower layer if desired. */
2250 if (sp->pp_tls)
2251 (sp->pp_tls)(sp);
2252}
2253
2254static void
2255sppp_lcp_tlf(struct sppp *sp)
2256{
2257 STDDCL;
2258
2259 sp->pp_phase = PHASE_DEAD;
2260 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit,
2261 sppp_phase_name(sp->pp_phase));
2262
2263 /* Notify lower layer if desired. */
2264 if (sp->pp_tlf)
2265 (sp->pp_tlf)(sp);
2266}
2267
2268static void
2269sppp_lcp_scr(struct sppp *sp)
2270{
2271 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */];
2272 int i = 0;
2273 u_short authproto;
2274
2275 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) {
2276 if (! sp->lcp.magic)
2277 sp->lcp.magic = time.tv_sec + time.tv_usec;
2278 opt[i++] = LCP_OPT_MAGIC;
2279 opt[i++] = 6;
2280 opt[i++] = sp->lcp.magic >> 24;
2281 opt[i++] = sp->lcp.magic >> 16;
2282 opt[i++] = sp->lcp.magic >> 8;
2283 opt[i++] = sp->lcp.magic;
2284 }
2285
2286 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) {
2287 opt[i++] = LCP_OPT_MRU;
2288 opt[i++] = 4;
2289 opt[i++] = sp->lcp.mru >> 8;
2290 opt[i++] = sp->lcp.mru;
2291 }
2292
2293 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) {
2294 authproto = sp->hisauth.proto;
2295 opt[i++] = LCP_OPT_AUTH_PROTO;
2296 opt[i++] = authproto == PPP_CHAP? 5: 4;
2297 opt[i++] = authproto >> 8;
2298 opt[i++] = authproto;
2299 if (authproto == PPP_CHAP)
2300 opt[i++] = CHAP_MD5;
2301 }
2302
2303 sp->confid[IDX_LCP] = ++sp->pp_seq;
2304 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt);
2305}
2306
2307/*
2308 * Check the open NCPs, return true if at least one NCP is open.
2309 */
2310static int
2311sppp_ncp_check(struct sppp *sp)
2312{
2313 int i, mask;
2314
2315 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2316 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP)
2317 return 1;
2318 return 0;
2319}
2320
2321/*
2322 * Re-check the open NCPs and see if we should terminate the link.
2323 * Called by the NCPs during their tlf action handling.
2324 */
2325static void
2326sppp_lcp_check_and_close(struct sppp *sp)
2327{
2328
2329 if (sp->pp_phase < PHASE_NETWORK)
2330 /* don't bother, we are already going down */
2331 return;
2332
2333 if (sppp_ncp_check(sp))
2334 return;
2335
2336 lcp.Close(sp);
2337}
2338�/*
2339 *--------------------------------------------------------------------------*
2340 * *
2341 * The IPCP implementation. *
2342 * *
2343 *--------------------------------------------------------------------------*
2344 */
2345
2346static void
2347sppp_ipcp_init(struct sppp *sp)
2348{
2349 sp->ipcp.opts = 0;
2350 sp->ipcp.flags = 0;
2351 sp->state[IDX_IPCP] = STATE_INITIAL;
2352 sp->fail_counter[IDX_IPCP] = 0;
2353 callout_handle_init(&sp->ch[IDX_IPCP]);
2354}
2355
2356static void
2357sppp_ipcp_up(struct sppp *sp)
2358{
2359 sppp_up_event(&ipcp, sp);
2360}
2361
2362static void
2363sppp_ipcp_down(struct sppp *sp)
2364{
2365 sppp_down_event(&ipcp, sp);
2366}
2367
2368static void
2369sppp_ipcp_open(struct sppp *sp)
2370{
2371 STDDCL;
2372 u_long myaddr, hisaddr;
2373
2374 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0);
2375 /*
2376 * If we don't have his address, this probably means our
2377 * interface doesn't want to talk IP at all. (This could
2378 * be the case if somebody wants to speak only IPX, for
2379 * example.) Don't open IPCP in this case.
2380 */
2381 if (hisaddr == 0L) {
2382 /* XXX this message should go away */
2383 if (debug)
2384 log(LOG_DEBUG, "%s%d: ipcp_open(): no IP interface\n",
2385 ifp->if_name, ifp->if_unit);
2386 return;
2387 }
2388
2389 if (myaddr == 0L) {
2390 /*
2391 * I don't have an assigned address, so i need to
2392 * negotiate my address.
2393 */
2394 sp->ipcp.flags |= IPCP_MYADDR_DYN;
2395 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
2396 }
2397 sppp_open_event(&ipcp, sp);
2398}
2399
2400static void
2401sppp_ipcp_close(struct sppp *sp)
2402{
2403 sppp_close_event(&ipcp, sp);
2404 if (sp->ipcp.flags & IPCP_MYADDR_DYN)
2405 /*
2406 * My address was dynamic, clear it again.
2407 */
2408 sppp_set_ip_addr(sp, 0L);
2409}
2410
2411static void
2412sppp_ipcp_TO(void *cookie)
2413{
2414 sppp_to_event(&ipcp, (struct sppp *)cookie);
2415}
2416
2417/*
2418 * Analyze a configure request. Return true if it was agreeable, and
2419 * caused action sca, false if it has been rejected or nak'ed, and
2420 * caused action scn. (The return value is used to make the state
2421 * transition decision in the state automaton.)
2422 */
2423static int
2424sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
2425{
2426 u_char *buf, *r, *p;
2427 struct ifnet *ifp = &sp->pp_if;
2428 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
2429 u_long hisaddr, desiredaddr;
2430
2431 len -= 4;
2432 origlen = len;
2433 /*
2434 * Make sure to allocate a buf that can at least hold a
2435 * conf-nak with an `address' option. We might need it below.
2436 */
2437 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT);
2438 if (! buf)
2439 return (0);
2440
2441 /* pass 1: see if we can recognize them */
2442 if (debug)
2443 log(LOG_DEBUG, "%s%d: ipcp parse opts: ",
2444 ifp->if_name, ifp->if_unit);
2445 p = (void*) (h+1);
2446 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2447 if (debug)
2448 addlog(" %s ", sppp_ipcp_opt_name(*p));
2449 switch (*p) {
2450#ifdef notyet
2451 case IPCP_OPT_COMPRESSION:
2452 if (len >= 6 && p[1] >= 6) {
2453 /* correctly formed compress option */
2454 continue;
2455 }
2456 if (debug)
2457 addlog("[invalid] ");
2458 break;
2459#endif
2460 case IPCP_OPT_ADDRESS:
2461 if (len >= 6 && p[1] == 6) {
2462 /* correctly formed address option */
2463 continue;
2464 }
2465 if (debug)
2466 addlog("[invalid] ");
2467 break;
2468 default:
2469 /* Others not supported. */
2470 if (debug)
2471 addlog("[rej] ");
2472 break;
2473 }
2474 /* Add the option to rejected list. */
2475 bcopy (p, r, p[1]);
2476 r += p[1];
2477 rlen += p[1];
2478 }
2479 if (rlen) {
2480 if (debug)
2481 addlog(" send conf-rej\n");
2482 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf);
2483 return 0;
2484 } else if (debug)
2485 addlog("\n");
2486
2487 /* pass 2: parse option values */
2488 sppp_get_ip_addrs(sp, 0, &hisaddr, 0);
2489 if (debug)
2490 log(LOG_DEBUG, "%s%d: ipcp parse opt values: ",
2491 ifp->if_name, ifp->if_unit);
2492 p = (void*) (h+1);
2493 len = origlen;
2494 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2495 if (debug)
2496 addlog(" %s ", sppp_ipcp_opt_name(*p));
2497 switch (*p) {
2498#ifdef notyet
2499 case IPCP_OPT_COMPRESSION:
2500 continue;
2501#endif
2502 case IPCP_OPT_ADDRESS:
2503 desiredaddr = p[2] << 24 | p[3] << 16 |
2504 p[4] << 8 | p[5];
2505 if (desiredaddr == hisaddr) {
2506 /*
2507 * Peer's address is same as our value,
2508 * this is agreeable. Gonna conf-ack
2509 * it.
2510 */
2511 if (debug)
2512 addlog("%s [ack] ",
2513 sppp_dotted_quad(hisaddr));
2514 /* record that we've seen it already */
2515 sp->ipcp.flags |= IPCP_HISADDR_SEEN;
2516 continue;
2517 }
2518 /*
2519 * The address wasn't agreeable. This is either
2520 * he sent us 0.0.0.0, asking to assign him an
2521 * address, or he send us another address not
2522 * matching our value. Either case, we gonna
2523 * conf-nak it with our value.
2524 */
2525 if (debug) {
2526 if (desiredaddr == 0)
2527 addlog("[addr requested] ");
2528 else
2529 addlog("%s [not agreed] ",
2530 sppp_dotted_quad(desiredaddr));
2531
2532 p[2] = hisaddr >> 24;
2533 p[3] = hisaddr >> 16;
2534 p[4] = hisaddr >> 8;
2535 p[5] = hisaddr;
2536 }
2537 break;
2538 }
2539 /* Add the option to nak'ed list. */
2540 bcopy (p, r, p[1]);
2541 r += p[1];
2542 rlen += p[1];
2543 }
2544
2545 /*
2546 * If we are about to conf-ack the request, but haven't seen
2547 * his address so far, gonna conf-nak it instead, with the
2548 * `address' option present and our idea of his address being
2549 * filled in there, to request negotiation of both addresses.
2550 *
2551 * XXX This can result in an endless req - nak loop if peer
2552 * doesn't want to send us his address. Q: What should we do
2553 * about it? XXX A: implement the max-failure counter.
2554 */
2555 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) {
2556 buf[0] = IPCP_OPT_ADDRESS;
2557 buf[1] = 6;
2558 buf[2] = hisaddr >> 24;
2559 buf[3] = hisaddr >> 16;
2560 buf[4] = hisaddr >> 8;
2561 buf[5] = hisaddr;
2562 rlen = 6;
2563 if (debug)
2564 addlog("still need hisaddr ");
2565 }
2566
2567 if (rlen) {
2568 if (debug)
2569 addlog(" send conf-nak\n");
2570 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf);
2571 } else {
2572 if (debug)
2573 addlog(" send conf-ack\n");
2574 sppp_cp_send (sp, PPP_IPCP, CONF_ACK,
2575 h->ident, origlen, h+1);
2576 }
2577
2578 free (buf, M_TEMP);
2579 return (rlen == 0);
2580}
2581
2582/*
2583 * Analyze the IPCP Configure-Reject option list, and adjust our
2584 * negotiation.
2585 */
2586static void
2587sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
2588{
2589 u_char *buf, *p;
2590 struct ifnet *ifp = &sp->pp_if;
2591 int debug = ifp->if_flags & IFF_DEBUG;
2592
2593 len -= 4;
2594 buf = malloc (len, M_TEMP, M_NOWAIT);
2595 if (!buf)
2596 return;
2597
2598 if (debug)
2599 log(LOG_DEBUG, "%s%d: ipcp rej opts: ",
2600 ifp->if_name, ifp->if_unit);
2601
2602 p = (void*) (h+1);
2603 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
2604 if (debug)
2605 addlog(" %s ", sppp_ipcp_opt_name(*p));
2606 switch (*p) {
2607 case IPCP_OPT_ADDRESS:
2608 /*
2609 * Peer doesn't grok address option. This is
2610 * bad. XXX Should we better give up here?
2611 */
2612 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS);
2613 break;
2614#ifdef notyet
2615 case IPCP_OPT_COMPRESS:
2616 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS);
2617 break;
2618#endif
2619 }
2620 }
2621 if (debug)
2622 addlog("\n");
2623 free (buf, M_TEMP);
2624 return;
2625}
2626
2627/*
2628 * Analyze the IPCP Configure-NAK option list, and adjust our
2629 * negotiation.
2630 */
2631static void
2632sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
2633{
2634 u_char *buf, *p;
2635 struct ifnet *ifp = &sp->pp_if;
2636 int debug = ifp->if_flags & IFF_DEBUG;
2637 u_long wantaddr;
2638
2639 len -= 4;
2640 buf = malloc (len, M_TEMP, M_NOWAIT);
2641 if (!buf)
2642 return;
2643
2644 if (debug)
2645 log(LOG_DEBUG, "%s%d: ipcp nak opts: ",
2646 ifp->if_name, ifp->if_unit);
2647
2648 p = (void*) (h+1);
2649 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
2650 if (debug)
2651 addlog(" %s ", sppp_ipcp_opt_name(*p));
2652 switch (*p) {
2653 case IPCP_OPT_ADDRESS:
2654 /*
2655 * Peer doesn't like our local IP address. See
2656 * if we can do something for him. We'll drop
2657 * him our address then.
2658 */
2659 if (len >= 6 && p[1] == 6) {
2660 wantaddr = p[2] << 24 | p[3] << 16 |
2661 p[4] << 8 | p[5];
2662 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
2663 if (debug)
2664 addlog("[wantaddr %s] ",
2665 sppp_dotted_quad(wantaddr));
2666 /*
2667 * When doing dynamic address assignment,
2668 * we accept his offer. Otherwise, we
2669 * ignore it and thus continue to negotiate
2670 * our already existing value.
2671 */
2672 if (sp->ipcp.flags & IPCP_MYADDR_DYN) {
2673 sppp_set_ip_addr(sp, wantaddr);
2674 if (debug)
2675 addlog("[agree] ");
2676 }
2677 }
2678 break;
2679#ifdef notyet
2680 case IPCP_OPT_COMPRESS:
2681 /*
2682 * Peer wants different compression parameters.
2683 */
2684 break;
2685#endif
2686 }
2687 }
2688 if (debug)
2689 addlog("\n");
2690 free (buf, M_TEMP);
2691 return;
2692}
2693
2694static void
2695sppp_ipcp_tlu(struct sppp *sp)
2696{
2697}
2698
2699static void
2700sppp_ipcp_tld(struct sppp *sp)
2701{
2702}
2703
2704static void
2705sppp_ipcp_tls(struct sppp *sp)
2706{
2707 /* indicate to LCP that it must stay alive */
2708 sp->lcp.protos |= (1 << IDX_IPCP);
2709}
2710
2711static void
2712sppp_ipcp_tlf(struct sppp *sp)
2713{
2714 /* we no longer need LCP */
2715 sp->lcp.protos &= ~(1 << IDX_IPCP);
2716 sppp_lcp_check_and_close(sp);
2717}
2718
2719static void
2720sppp_ipcp_scr(struct sppp *sp)
2721{
2722 char opt[6 /* compression */ + 6 /* address */];
2723 u_long ouraddr;
2724 int i = 0;
2725
2726#ifdef notyet
2727 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) {
2728 opt[i++] = IPCP_OPT_COMPRESSION;
2729 opt[i++] = 6;
2730 opt[i++] = 0; /* VJ header compression */
2731 opt[i++] = 0x2d; /* VJ header compression */
2732 opt[i++] = max_slot_id;
2733 opt[i++] = comp_slot_id;
2734 }
2735#endif
2736
2737 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) {
2738 sppp_get_ip_addrs(sp, &ouraddr, 0, 0);
2739 opt[i++] = IPCP_OPT_ADDRESS;
2740 opt[i++] = 6;
2741 opt[i++] = ouraddr >> 24;
2742 opt[i++] = ouraddr >> 16;
2743 opt[i++] = ouraddr >> 8;
2744 opt[i++] = ouraddr;
2745 }
2746
2747 sp->confid[IDX_IPCP] = ++sp->pp_seq;
2748 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt);
2749}
2750
2751
2752�/*
2753 *--------------------------------------------------------------------------*
2754 * *
2755 * The CHAP implementation. *
2756 * *
2757 *--------------------------------------------------------------------------*
2758 */
2759
2760/*
2761 * The authentication protocols don't employ a full-fledged state machine as
2762 * the control protocols do, since they do have Open and Close events, but
2763 * not Up and Down, nor are they explicitly terminated. Also, use of the
2764 * authentication protocols may be different in both directions (this makes
2765 * sense, think of a machine that never accepts incoming calls but only
2766 * calls out, it doesn't require the called party to authenticate itself).
2767 *
2768 * Our state machine for the local authentication protocol (we are requesting
2769 * the peer to authenticate) looks like:
2770 *
2771 * RCA-
2772 * +--------------------------------------------+
2773 * V scn,tld|
2774 * +--------+ Close +---------+ RCA+
2775 * | |<----------------------------------| |------+
2776 * +--->| Closed | TO* | Opened | sca |
2777 * | | |-----+ +-------| |<-----+
2778 * | +--------+ irc | | +---------+
2779 * | ^ | | ^
2780 * | | | | |
2781 * | | | | |
2782 * | TO-| | | |
2783 * | |tld TO+ V | |
2784 * | | +------->+ | |
2785 * | | | | | |
2786 * | +--------+ V | |
2787 * | | |<----+<--------------------+ |
2788 * | | Req- | scr |
2789 * | | Sent | |
2790 * | | | |
2791 * | +--------+ |
2792 * | RCA- | | RCA+ |
2793 * +------+ +------------------------------------------+
2794 * scn,tld sca,irc,ict,tlu
2795 *
2796 *
2797 * with:
2798 *
2799 * Open: LCP reached authentication phase
2800 * Close: LCP reached terminate phase
2801 *
2802 * RCA+: received reply (pap-req, chap-response), acceptable
2803 * RCN: received reply (pap-req, chap-response), not acceptable
2804 * TO+: timeout with restart counter >= 0
2805 * TO-: timeout with restart counter < 0
2806 * TO*: reschedule timeout for CHAP
2807 *
2808 * scr: send request packet (none for PAP, chap-challenge)
2809 * sca: send ack packet (pap-ack, chap-success)
2810 * scn: send nak packet (pap-nak, chap-failure)
2811 * ict: initialize re-challenge timer (CHAP only)
2812 *
2813 * tlu: this-layer-up, LCP reaches network phase
2814 * tld: this-layer-down, LCP enters terminate phase
2815 *
2816 * Note that in CHAP mode, after sending a new challenge, while the state
2817 * automaton falls back into Req-Sent state, it doesn't signal a tld
2818 * event to LCP, so LCP remains in network phase. Only after not getting
2819 * any response (or after getting an unacceptable response), CHAP closes,
2820 * causing LCP to enter terminate phase.
2821 *
2822 * With PAP, there is no initial request that can be sent. The peer is
2823 * expected to send one based on the successful negotiation of PAP as
2824 * the authentication protocol during the LCP option negotiation.
2825 *
2826 * Incoming authentication protocol requests (remote requests
2827 * authentication, we are peer) don't employ a state machine at all,
2828 * they are simply answered. Some peers [Ascend P50 firmware rev
2829 * 4.50] react allergically when sending IPCP requests while they are
2830 * still in authentication phase (thereby violating the standard that
2831 * demands that these NCP packets are to be discarded), so we keep
2832 * track of the peer demanding us to authenticate, and only proceed to
2833 * phase network once we've seen a positive acknowledge for the
2834 * authentication.
2835 */
2836
2837/*
2838 * Handle incoming CHAP packets.
2839 */
2840void
2841sppp_chap_input(struct sppp *sp, struct mbuf *m)
2842{
2843 STDDCL;
2844 struct lcp_header *h;
2845 int len, x;
2846 u_char *value, *name, digest[AUTHKEYLEN], dsize;
2847 int value_len, name_len;
2848 MD5_CTX ctx;
2849
2850 len = m->m_pkthdr.len;
2851 if (len < 4) {
2852 if (debug)
2853 log(LOG_DEBUG,
2854 "%s%d: chap invalid packet length: %d bytes\n",
2855 ifp->if_name, ifp->if_unit, len);
2856 return;
2857 }
2858 h = mtod (m, struct lcp_header*);
2859 if (len > ntohs (h->len))
2860 len = ntohs (h->len);
2861
2862 switch (h->type) {
2863 /* challenge, failure and success are his authproto */
2864 case CHAP_CHALLENGE:
2865 value = 1 + (u_char*)(h+1);
2866 value_len = value[-1];
2867 name = value + value_len;
2868 name_len = len - value_len - 5;
2869 if (name_len < 0) {
2870 if (debug) {
2871 log(LOG_DEBUG,
2872 "%s%d: chap corrupted challenge "
2873 "<%s id=0x%x len=%d",
2874 ifp->if_name, ifp->if_unit,
2875 sppp_auth_type_name(PPP_CHAP, h->type),
2876 h->ident, ntohs(h->len));
2877 if (len > 4)
2878 sppp_print_bytes((u_char*) (h+1), len-4);
2879 addlog(">\n");
2880 }
2881 break;
2882 }
2883
2884 if (debug) {
2885 log(LOG_DEBUG,
2886 "%s%d: chap input <%s id=0x%x len=%d name=",
2887 ifp->if_name, ifp->if_unit,
2888 sppp_auth_type_name(PPP_CHAP, h->type), h->ident,
2889 ntohs(h->len));
2890 sppp_print_string((char*) name, name_len);
2891 addlog(" value-size=%d value=", value_len);
2892 sppp_print_bytes(value, value_len);
2893 addlog(">\n");
2894 }
2895
2896 /* Compute reply value. */
2897 MD5Init(&ctx);
2898 MD5Update(&ctx, &h->ident, 1);
2899 MD5Update(&ctx, sp->myauth.secret,
2900 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN));
2901 MD5Update(&ctx, value, value_len);
2902 MD5Final(digest, &ctx);
2903 dsize = sizeof digest;
2904
2905 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident,
2906 sizeof dsize, (const char *)&dsize,
2907 sizeof digest, digest,
2908 sppp_strnlen(sp->myauth.name, AUTHNAMELEN),
2909 sp->myauth.name,
2910 0);
2911 break;
2912
2913 case CHAP_SUCCESS:
2914 if (debug) {
2915 log(LOG_DEBUG, "%s%d: chap success",
2916 ifp->if_name, ifp->if_unit);
2917 if (len > 4) {
2918 addlog(": ");
2919 sppp_print_string((char*)(h + 1), len - 4);
2920 }
2921 addlog("\n");
2922 }
2923 x = splimp();
2924 sp->pp_flags &= ~PP_NEEDAUTH;
2925 if (sp->myauth.proto == PPP_CHAP &&
2926 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
2927 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) {
2928 /*
2929 * We are authenticator for CHAP but didn't
2930 * complete yet. Leave it to tlu to proceed
2931 * to network phase.
2932 */
2933 splx(x);
2934 break;
2935 }
2936 splx(x);
2937 sppp_phase_network(sp);
2938 break;
2939
2940 case CHAP_FAILURE:
2941 if (debug) {
2942 log(LOG_INFO, "%s%d: chap failure",
2943 ifp->if_name, ifp->if_unit);
2944 if (len > 4) {
2945 addlog(": ");
2946 sppp_print_string((char*)(h + 1), len - 4);
2947 }
2948 addlog("\n");
2949 } else
2950 log(LOG_INFO, "%s%d: chap failure\n",
2951 ifp->if_name, ifp->if_unit);
2952 /* await LCP shutdown by authenticator */
2953 break;
2954
2955 /* response is my authproto */
2956 case CHAP_RESPONSE:
2957 value = 1 + (u_char*)(h+1);
2958 value_len = value[-1];
2959 name = value + value_len;
2960 name_len = len - value_len - 5;
2961 if (name_len < 0) {
2962 if (debug) {
2963 log(LOG_DEBUG,
2964 "%s%d: chap corrupted response "
2965 "<%s id=0x%x len=%d",
2966 ifp->if_name, ifp->if_unit,
2967 sppp_auth_type_name(PPP_CHAP, h->type),
2968 h->ident, ntohs(h->len));
2969 if (len > 4)
2970 sppp_print_bytes((u_char*)(h+1), len-4);
2971 addlog(">\n");
2972 }
2973 break;
2974 }
2975 if (h->ident != sp->confid[IDX_CHAP]) {
2976 if (debug)
2977 log(LOG_DEBUG,
2978 "%s%d: chap dropping response for old ID "
2979 "(got %d, expected %d)\n",
2980 h->ident, sp->confid[IDX_CHAP]);
2981 break;
2982 }
2983 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)
2984 || bcmp(name, sp->hisauth.name, name_len) != 0) {
2985 log(LOG_INFO, "%s%d: chap response, his name ",
2986 ifp->if_name, ifp->if_unit);
2987 sppp_print_string(name, name_len);
2988 addlog(" != expected ");
2989 sppp_print_string(sp->hisauth.name,
2990 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN));
2991 addlog("\n");
2992 }
2993 if (debug) {
2994 log(LOG_DEBUG, "%s%d: chap input(%s) "
2995 "<%s id=0x%x len=%d name=",
2996 ifp->if_name, ifp->if_unit,
2997 sppp_state_name(sp->state[IDX_CHAP]),
2998 sppp_auth_type_name(PPP_CHAP, h->type),
2999 h->ident, ntohs (h->len));
3000 sppp_print_string((char*)name, name_len);
3001 addlog(" value-size=%d value=", value_len);
3002 sppp_print_bytes(value, value_len);
3003 addlog(">\n");
3004 }
3005 if (value_len != AUTHKEYLEN) {
3006 if (debug)
3007 log(LOG_DEBUG,
3008 "%s%d: chap bad hash value length: "
3009 "%d bytes, should be %d\n",
3010 ifp->if_name, ifp->if_unit, value_len,
3011 AUTHKEYLEN);
3012 break;
3013 }
3014
3015 MD5Init(&ctx);
3016 MD5Update(&ctx, &h->ident, 1);
3017 MD5Update(&ctx, sp->hisauth.secret,
3018 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN));
3019 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN);
3020 MD5Final(digest, &ctx);
3021
3022#define FAILMSG "Failed..."
3023#define SUCCMSG "Welcome!"
3024
3025 if (value_len != sizeof digest ||
3026 bcmp(digest, value, value_len) != 0) {
3027 /* action scn, tld */
3028 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident,
3029 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
3030 0);
3031 chap.tld(sp);
3032 break;
3033 }
3034 /* action sca, perhaps tlu */
3035 if (sp->state[IDX_CHAP] == STATE_REQ_SENT ||
3036 sp->state[IDX_CHAP] == STATE_OPENED)
3037 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident,
3038 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
3039 0);
3040 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) {
3041 sppp_cp_change_state(&chap, sp, STATE_OPENED);
3042 chap.tlu(sp);
3043 }
3044 break;
3045
3046 default:
3047 /* Unknown CHAP packet type -- ignore. */
3048 if (debug) {
3049 log(LOG_DEBUG, "%s%d: chap unknown input(%s) "
3050 "<0x%x id=0x%xh len=%d",
3051 ifp->if_name, ifp->if_unit,
3052 sppp_state_name(sp->state[IDX_CHAP]),
3053 h->type, h->ident, ntohs(h->len));
3054 if (len > 4)
3055 sppp_print_bytes((u_char*)(h+1), len-4);
3056 addlog(">\n");
3057 }
3058 break;
3059
3060 }
3061}
3062
3063static void
3064sppp_chap_init(struct sppp *sp)
3065{
3066 /* Chap doesn't have STATE_INITIAL at all. */
3067 sp->state[IDX_CHAP] = STATE_CLOSED;
3068 sp->fail_counter[IDX_CHAP] = 0;
3069 callout_handle_init(&sp->ch[IDX_CHAP]);
3070}
3071
3072static void
3073sppp_chap_open(struct sppp *sp)
3074{
3075 if (sp->myauth.proto == PPP_CHAP &&
3076 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
3077 /* we are authenticator for CHAP, start it */
3078 chap.scr(sp);
3079 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3080 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
3081 }
3082 /* nothing to be done if we are peer, await a challenge */
3083}
3084
3085static void
3086sppp_chap_close(struct sppp *sp)
3087{
3088 if (sp->state[IDX_CHAP] != STATE_CLOSED)
3089 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
3090}
3091
3092static void
3093sppp_chap_TO(void *cookie)
3094{
3095 struct sppp *sp = (struct sppp *)cookie;
3096 STDDCL;
3097 int s;
3098
3099 s = splimp();
3100 if (debug)
3101 log(LOG_DEBUG, "%s%d: chap TO(%s) rst_counter = %d\n",
3102 ifp->if_name, ifp->if_unit,
3103 sppp_state_name(sp->state[IDX_CHAP]),
3104 sp->rst_counter[IDX_CHAP]);
3105
3106 if (--sp->rst_counter[IDX_CHAP] < 0)
3107 /* TO- event */
3108 switch (sp->state[IDX_CHAP]) {
3109 case STATE_REQ_SENT:
3110 chap.tld(sp);
3111 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
3112 break;
3113 }
3114 else
3115 /* TO+ (or TO*) event */
3116 switch (sp->state[IDX_CHAP]) {
3117 case STATE_OPENED:
3118 /* TO* event */
3119 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3120 /* fall through */
3121 case STATE_REQ_SENT:
3122 chap.scr(sp);
3123 /* sppp_cp_change_state() will restart the timer */
3124 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
3125 break;
3126 }
3127
3128 splx(s);
3129}
3130
3131static void
3132sppp_chap_tlu(struct sppp *sp)
3133{
3134 STDDCL;
3135 int i, x;
3136
3137 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3138
3139 /*
3140 * Some broken CHAP implementations (Conware CoNet, firmware
3141 * 4.0.?) don't want to re-authenticate their CHAP once the
3142 * initial challenge-response exchange has taken place.
3143 * Provide for an option to avoid rechallenges.
3144 */
3145 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) {
3146 /*
3147 * Compute the re-challenge timeout. This will yield
3148 * a number between 300 and 810 seconds.
3149 */
3150 i = 300 + ((unsigned)(random() & 0xff00) >> 7);
3151
3152 sp->ch[IDX_CHAP] = timeout(chap.TO, (void *)sp, i * hz);
3153 }
3154
3155 if (debug) {
3156 log(LOG_DEBUG,
3157 "%s%d: chap %s, ",
3158 ifp->if_name, ifp->if_unit,
3159 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu");
3160 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0)
3161 addlog("next re-challenge in %d seconds\n", i);
3162 else
3163 addlog("re-challenging supressed\n");
3164 }
3165
3166 x = splimp();
3167 /* indicate to LCP that we need to be closed down */
3168 sp->lcp.protos |= (1 << IDX_CHAP);
3169
3170 if (sp->pp_flags & PP_NEEDAUTH) {
3171 /*
3172 * Remote is authenticator, but his auth proto didn't
3173 * complete yet. Defer the transition to network
3174 * phase.
3175 */
3176 splx(x);
3177 return;
3178 }
3179 splx(x);
3180
3181 /*
3182 * If we are already in phase network, we are done here. This
3183 * is the case if this is a dummy tlu event after a re-challenge.
3184 */
3185 if (sp->pp_phase != PHASE_NETWORK)
3186 sppp_phase_network(sp);
3187}
3188
3189static void
3190sppp_chap_tld(struct sppp *sp)
3191{
3192 STDDCL;
3193
3194 if (debug)
3195 log(LOG_DEBUG, "%s%d: chap tld\n", ifp->if_name, ifp->if_unit);
3196 untimeout(chap.TO, (void *)sp, sp->ch[IDX_CHAP]);
3197 sp->lcp.protos &= ~(1 << IDX_CHAP);
3198
3199 lcp.Close(sp);
3200}
3201
3202static void
3203sppp_chap_scr(struct sppp *sp)
3204{
3205 struct timeval tv;
3206 u_long *ch, seed;
3207 u_char clen;
3208
3209 /* Compute random challenge. */
3210 ch = (u_long *)sp->myauth.challenge;
3211 microtime(&tv);
3212 seed = tv.tv_sec ^ tv.tv_usec;
3213 ch[0] = seed ^ random();
3214 ch[1] = seed ^ random();
3215 ch[2] = seed ^ random();
3216 ch[3] = seed ^ random();
3217 clen = AUTHKEYLEN;
3218
3219 sp->confid[IDX_CHAP] = ++sp->pp_seq;
3220
3221 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP],
3222 sizeof clen, (const char *)&clen,
3223 AUTHKEYLEN, sp->myauth.challenge,
3224 sppp_strnlen(sp->myauth.name, AUTHNAMELEN),
3225 sp->myauth.name,
3226 0);
3227}
3228�/*
3229 *--------------------------------------------------------------------------*
3230 * *
3231 * The PAP implementation. *
3232 * *
3233 *--------------------------------------------------------------------------*
3234 */
3235/*
3236 * For PAP, we need to keep a little state also if we are the peer, not the
3237 * authenticator. This is since we don't get a request to authenticate, but
3238 * have to repeatedly authenticate ourself until we got a response (or the
3239 * retry counter is expired).
3240 */
3241
3242/*
3243 * Handle incoming PAP packets. */
3244static void
3245sppp_pap_input(struct sppp *sp, struct mbuf *m)
3246{
3247 STDDCL;
3248 struct lcp_header *h;
3249 int len, x;
3250 u_char *name, *passwd, mlen;
3251 int name_len, passwd_len;
3252
3253 len = m->m_pkthdr.len;
3254 if (len < 5) {
3255 if (debug)
3256 log(LOG_DEBUG,
3257 "%s%d: pap invalid packet length: %d bytes\n",
3258 ifp->if_name, ifp->if_unit, len);
3259 return;
3260 }
3261 h = mtod (m, struct lcp_header*);
3262 if (len > ntohs (h->len))
3263 len = ntohs (h->len);
3264 switch (h->type) {
3265 /* PAP request is my authproto */
3266 case PAP_REQ:
3267 name = 1 + (u_char*)(h+1);
3268 name_len = name[-1];
3269 passwd = name + name_len + 1;
3270 if (name_len > len - 6 ||
3271 (passwd_len = passwd[-1]) > len - 6 - name_len) {
3272 if (debug) {
3273 log(LOG_DEBUG, "%s%d: pap corrupted input "
3274 "<%s id=0x%x len=%d",
3275 ifp->if_name, ifp->if_unit,
3276 sppp_auth_type_name(PPP_PAP, h->type),
3277 h->ident, ntohs(h->len));
3278 if (len > 4)
3279 sppp_print_bytes((u_char*)(h+1), len-4);
3280 addlog(">\n");
3281 }
3282 break;
3283 }
3284 if (debug) {
3285 log(LOG_DEBUG, "%s%d: pap input(%s) "
3286 "<%s id=0x%x len=%d name=",
3287 ifp->if_name, ifp->if_unit,
3288 sppp_state_name(sp->state[IDX_PAP]),
3289 sppp_auth_type_name(PPP_PAP, h->type),
3290 h->ident, ntohs(h->len));
3291 sppp_print_string((char*)name, name_len);
3292 addlog(" passwd=");
3293 sppp_print_string((char*)passwd, passwd_len);
3294 addlog(">\n");
3295 }
3296 if (name_len > AUTHNAMELEN ||
3297 passwd_len > AUTHKEYLEN ||
3298 bcmp(name, sp->hisauth.name, name_len) != 0 ||
3299 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) {
3300 /* action scn, tld */
3301 mlen = sizeof(FAILMSG) - 1;
3302 sppp_auth_send(&pap, sp, PAP_NAK, h->ident,
3303 sizeof mlen, (const char *)&mlen,
3304 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
3305 0);
3306 pap.tld(sp);
3307 break;
3308 }
3309 /* action sca, perhaps tlu */
3310 if (sp->state[IDX_PAP] == STATE_REQ_SENT ||
3311 sp->state[IDX_PAP] == STATE_OPENED) {
3312 mlen = sizeof(SUCCMSG) - 1;
3313 sppp_auth_send(&pap, sp, PAP_ACK, h->ident,
3314 sizeof mlen, (const char *)&mlen,
3315 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
3316 0);
3317 }
3318 if (sp->state[IDX_PAP] == STATE_REQ_SENT) {
3319 sppp_cp_change_state(&pap, sp, STATE_OPENED);
3320 pap.tlu(sp);
3321 }
3322 break;
3323
3324 /* ack and nak are his authproto */
3325 case PAP_ACK:
3326 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
3327 if (debug) {
3328 log(LOG_DEBUG, "%s%d: pap success",
3329 ifp->if_name, ifp->if_unit);
3330 name_len = *((char *)h);
3331 if (len > 5 && name_len) {
3332 addlog(": ");
3333 sppp_print_string((char*)(h+1), name_len);
3334 }
3335 addlog("\n");
3336 }
3337 x = splimp();
3338 sp->pp_flags &= ~PP_NEEDAUTH;
3339 if (sp->myauth.proto == PPP_PAP &&
3340 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
3341 (sp->lcp.protos & (1 << IDX_PAP)) == 0) {
3342 /*
3343 * We are authenticator for PAP but didn't
3344 * complete yet. Leave it to tlu to proceed
3345 * to network phase.
3346 */
3347 splx(x);
3348 break;
3349 }
3350 splx(x);
3351 sppp_phase_network(sp);
3352 break;
3353
3354 case PAP_NAK:
3355 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
3356 if (debug) {
3357 log(LOG_INFO, "%s%d: pap failure",
3358 ifp->if_name, ifp->if_unit);
3359 name_len = *((char *)h);
3360 if (len > 5 && name_len) {
3361 addlog(": ");
3362 sppp_print_string((char*)(h+1), name_len);
3363 }
3364 addlog("\n");
3365 } else
3366 log(LOG_INFO, "%s%d: pap failure\n",
3367 ifp->if_name, ifp->if_unit);
3368 /* await LCP shutdown by authenticator */
3369 break;
3370
3371 default:
3372 /* Unknown PAP packet type -- ignore. */
3373 if (debug) {
3374 log(LOG_DEBUG, "%s%d: pap corrupted input "
3375 "<0x%x id=0x%x len=%d",
3376 ifp->if_name, ifp->if_unit,
3377 h->type, h->ident, ntohs(h->len));
3378 if (len > 4)
3379 sppp_print_bytes((u_char*)(h+1), len-4);
3380 addlog(">\n");
3381 }
3382 break;
3383
3384 }
3385}
3386
3387static void
3388sppp_pap_init(struct sppp *sp)
3389{
3390 /* PAP doesn't have STATE_INITIAL at all. */
3391 sp->state[IDX_PAP] = STATE_CLOSED;
3392 sp->fail_counter[IDX_PAP] = 0;
3393 callout_handle_init(&sp->ch[IDX_PAP]);
3394 callout_handle_init(&sp->pap_my_to_ch);
3395}
3396
3397static void
3398sppp_pap_open(struct sppp *sp)
3399{
3400 if (sp->hisauth.proto == PPP_PAP &&
3401 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
3402 /* we are authenticator for PAP, start our timer */
3403 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
3404 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
3405 }
3406 if (sp->myauth.proto == PPP_PAP) {
3407 /* we are peer, send a request, and start a timer */
3408 pap.scr(sp);
3409 sp->pap_my_to_ch = timeout(sppp_pap_my_TO, (void *)sp,
3410 sp->lcp.timeout);
3411 }
3412}
3413
3414static void
3415sppp_pap_close(struct sppp *sp)
3416{
3417 if (sp->state[IDX_PAP] != STATE_CLOSED)
3418 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
3419}
3420
3421/*
3422 * That's the timeout routine if we are authenticator. Since the
3423 * authenticator is basically passive in PAP, we can't do much here.
3424 */
3425static void
3426sppp_pap_TO(void *cookie)
3427{
3428 struct sppp *sp = (struct sppp *)cookie;
3429 STDDCL;
3430 int s;
3431
3432 s = splimp();
3433 if (debug)
3434 log(LOG_DEBUG, "%s%d: pap TO(%s) rst_counter = %d\n",
3435 ifp->if_name, ifp->if_unit,
3436 sppp_state_name(sp->state[IDX_PAP]),
3437 sp->rst_counter[IDX_PAP]);
3438
3439 if (--sp->rst_counter[IDX_PAP] < 0)
3440 /* TO- event */
3441 switch (sp->state[IDX_PAP]) {
3442 case STATE_REQ_SENT:
3443 pap.tld(sp);
3444 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
3445 break;
3446 }
3447 else
3448 /* TO+ event, not very much we could do */
3449 switch (sp->state[IDX_PAP]) {
3450 case STATE_REQ_SENT:
3451 /* sppp_cp_change_state() will restart the timer */
3452 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
3453 break;
3454 }
3455
3456 splx(s);
3457}
3458
3459/*
3460 * That's the timeout handler if we are peer. Since the peer is active,
3461 * we need to retransmit our PAP request since it is apparently lost.
3462 * XXX We should impose a max counter.
3463 */
3464static void
3465sppp_pap_my_TO(void *cookie)
3466{
3467 struct sppp *sp = (struct sppp *)cookie;
3468 STDDCL;
3469
3470 if (debug)
3471 log(LOG_DEBUG, "%s%d: pap peer TO\n",
3472 ifp->if_name, ifp->if_unit);
3473
3474 pap.scr(sp);
3475}
3476
3477static void
3478sppp_pap_tlu(struct sppp *sp)
3479{
3480 STDDCL;
3481 int x;
3482
3483 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
3484
3485 if (debug)
3486 log(LOG_DEBUG, "%s%d: %s tlu\n",
3487 ifp->if_name, ifp->if_unit, pap.name);
3488
3489 x = splimp();
3490 /* indicate to LCP that we need to be closed down */
3491 sp->lcp.protos |= (1 << IDX_PAP);
3492
3493 if (sp->pp_flags & PP_NEEDAUTH) {
3494 /*
3495 * Remote is authenticator, but his auth proto didn't
3496 * complete yet. Defer the transition to network
3497 * phase.
3498 */
3499 splx(x);
3500 return;
3501 }
3502 splx(x);
3503 sppp_phase_network(sp);
3504}
3505
3506static void
3507sppp_pap_tld(struct sppp *sp)
3508{
3509 STDDCL;
3510
3511 if (debug)
3512 log(LOG_DEBUG, "%s%d: pap tld\n", ifp->if_name, ifp->if_unit);
3513 untimeout(pap.TO, (void *)sp, sp->ch[IDX_PAP]);
3514 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
3515 sp->lcp.protos &= ~(1 << IDX_PAP);
3516
3517 lcp.Close(sp);
3518}
3519
3520static void
3521sppp_pap_scr(struct sppp *sp)
3522{
3523 STDDCL;
3524 u_char idlen, pwdlen;
3525
3526 sp->confid[IDX_PAP] = ++sp->pp_seq;
3527 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN);
3528 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN);
3529
3530 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP],
3531 sizeof idlen, (const char *)&idlen,
3532 (unsigned)idlen, sp->myauth.name,
3533 sizeof pwdlen, (const char *)&pwdlen,
3534 (unsigned)pwdlen, sp->myauth.secret,
3535 0);
3536}
3537�/*
3538 * Random miscellaneous functions.
3539 */
3540
3541/*
3542 * Send a PAP or CHAP proto packet.
3543 *
3544 * Varadic function, each of the elements for the ellipsis is of type
3545 * ``unsigned mlen, const u_char *msg''. Processing will stop iff
3546 * mlen == 0.
3547 */
3548
3549static void
3550sppp_auth_send(const struct cp *cp, struct sppp *sp, u_char type, u_char id,
3551 ...)
3552{
3553 STDDCL;
3554 struct ppp_header *h;
3555 struct lcp_header *lh;
3556 struct mbuf *m;
3557 u_char *p;
3558 int len;
3559 unsigned mlen;
3560 const char *msg;
3561 va_list ap;
3562
3563 MGETHDR (m, M_DONTWAIT, MT_DATA);
3564 if (! m)
3565 return;
3566 m->m_pkthdr.rcvif = 0;
3567
3568 h = mtod (m, struct ppp_header*);
3569 h->address = PPP_ALLSTATIONS; /* broadcast address */
3570 h->control = PPP_UI; /* Unnumbered Info */
3571 h->protocol = htons(cp->proto);
3572
3573 lh = (struct lcp_header*)(h + 1);
3574 lh->type = type;
3575 lh->ident = id;
3576 p = (u_char*) (lh+1);
3577
3578 va_start(ap, id);
3579 len = 0;
3580
3581 while ((mlen = va_arg(ap, unsigned)) != 0) {
3582 msg = va_arg(ap, const char *);
3583 len += mlen;
3584 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) {
3585 va_end(ap);
3586 m_freem(m);
3587 return;
3588 }
3589
3590 bcopy(msg, p, mlen);
3591 p += mlen;
3592 }
3593 va_end(ap);
3594
3595 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len;
3596 lh->len = htons (LCP_HEADER_LEN + len);
3597
3598 if (debug) {
3599 log(LOG_DEBUG, "%s%d: %s output <%s id=0x%x len=%d",
3600 ifp->if_name, ifp->if_unit, cp->name,
3601 sppp_auth_type_name(cp->proto, lh->type),
3602 lh->ident, ntohs(lh->len));
3603 if (len)
3604 sppp_print_bytes((u_char*) (lh+1), len);
3605 addlog(">\n");
3606 }
3607 if (IF_QFULL (&sp->pp_cpq)) {
3608 IF_DROP (&sp->pp_fastq);
3609 IF_DROP (&ifp->if_snd);
3610 m_freem (m);
3611 ++ifp->if_oerrors;
3612 } else
3613 IF_ENQUEUE (&sp->pp_cpq, m);
3614 if (! (ifp->if_flags & IFF_OACTIVE))
3615 (*ifp->if_start) (ifp);
3616 ifp->if_obytes += m->m_pkthdr.len + 3;
3617}
3618
3619/*
3620 * Flush interface queue.
3621 */
3622static void
3623sppp_qflush(struct ifqueue *ifq)
3624{
3625 struct mbuf *m, *n;
3626
3627 n = ifq->ifq_head;
3628 while ((m = n)) {
3629 n = m->m_act;
3630 m_freem (m);
3631 }
3632 ifq->ifq_head = 0;
3633 ifq->ifq_tail = 0;
3634 ifq->ifq_len = 0;
3635}
3636
3637/*
3638 * Send keepalive packets, every 10 seconds.
3639 */
3640static void
3641sppp_keepalive(void *dummy)
3642{
3643 struct sppp *sp;
3644 int s;
3645
3646 s = splimp();
3647 for (sp=spppq; sp; sp=sp->pp_next) {
3648 struct ifnet *ifp = &sp->pp_if;
3649
3650 /* Keepalive mode disabled or channel down? */
3651 if (! (sp->pp_flags & PP_KEEPALIVE) ||
3652 ! (ifp->if_flags & IFF_RUNNING))
3653 continue;
3654
3655 /* No keepalive in PPP mode if LCP not opened yet. */
3656 if (! (sp->pp_flags & PP_CISCO) &&
3657 sp->pp_phase < PHASE_AUTHENTICATE)
3658 continue;
3659
3660 if (sp->pp_alivecnt == MAXALIVECNT) {
3661 /* No keepalive packets got. Stop the interface. */
3662 printf ("%s%d: down\n", ifp->if_name, ifp->if_unit);
3663 if_down (ifp);
3664 sppp_qflush (&sp->pp_cpq);
3665 if (! (sp->pp_flags & PP_CISCO)) {
3666 /* XXX */
3667 /* Shut down the PPP link. */
3668 lcp.Down(sp);
3669 /* Initiate negotiation. XXX */
3670 lcp.Up(sp);
3671 }
3672 }
3673 if (sp->pp_alivecnt <= MAXALIVECNT)
3674 ++sp->pp_alivecnt;
3675 if (sp->pp_flags & PP_CISCO)
3676 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, ++sp->pp_seq,
3677 sp->pp_rseq);
3678 else if (sp->pp_phase >= PHASE_AUTHENTICATE) {
3679 long nmagic = htonl (sp->lcp.magic);
3680 sp->lcp.echoid = ++sp->pp_seq;
3681 sppp_cp_send (sp, PPP_LCP, ECHO_REQ,
3682 sp->lcp.echoid, 4, &nmagic);
3683 }
3684 }
3685 splx(s);
3686 keepalive_ch = timeout(sppp_keepalive, 0, hz * 10);
3687}
3688
3689/*
3690 * Get both IP addresses.
3691 */
3692static void
3693sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask)
3694{
3695 struct ifnet *ifp = &sp->pp_if;
3696 struct ifaddr *ifa;
3697 struct sockaddr_in *si, *sm;
3698 u_long ssrc, ddst;
3699
3700 ssrc = ddst = 0L;
3701 /*
3702 * Pick the first AF_INET address from the list,
3703 * aliases don't make any sense on a p2p link anyway.
3704 */
3705 for (ifa = ifp->if_addrhead.tqh_first, si = 0;
3706 ifa;
3707 ifa = ifa->ifa_link.tqe_next)
3708 if (ifa->ifa_addr->sa_family == AF_INET) {
3709 si = (struct sockaddr_in *)ifa->ifa_addr;
3710 sm = (struct sockaddr_in *)ifa->ifa_netmask;
3711 if (si)
3712 break;
3713 }
3714 if (ifa) {
3715 if (si && si->sin_addr.s_addr) {
3716 ssrc = si->sin_addr.s_addr;
3717 if (srcmask)
3718 *srcmask = ntohl(sm->sin_addr.s_addr);
3719 }
3720
3721 si = (struct sockaddr_in *)ifa->ifa_dstaddr;
3722 if (si && si->sin_addr.s_addr)
3723 ddst = si->sin_addr.s_addr;
3724 }
3725
3726 if (dst) *dst = ntohl(ddst);
3727 if (src) *src = ntohl(ssrc);
3728}
3729
3730/*
3731 * Set my IP address. Must be called at splimp.
3732 */
3733static void
3734sppp_set_ip_addr(struct sppp *sp, u_long src)
3735{
3736 struct ifnet *ifp = &sp->pp_if;
3737 struct ifaddr *ifa;
3738 struct sockaddr_in *si;
3739 u_long ssrc, ddst;
3740
3741 /*
3742 * Pick the first AF_INET address from the list,
3743 * aliases don't make any sense on a p2p link anyway.
3744 */
3745 for (ifa = ifp->if_addrhead.tqh_first, si = 0;
3746 ifa;
3747 ifa = ifa->ifa_link.tqe_next)
3748 if (ifa->ifa_addr->sa_family == AF_INET) {
3749 si = (struct sockaddr_in *)ifa->ifa_addr;
3750 if (si)
3751 break;
3752 }
3753 if (ifa && si)
3754 si->sin_addr.s_addr = htonl(src);
3755}
3756
3757static int
3758sppp_params(struct sppp *sp, int cmd, void *data)
3759{
3760 int subcmd;
3761 struct ifreq *ifr = (struct ifreq *)data;
3762 struct spppreq spr;
3763
3764 /*
3765 * ifr->ifr_data is supposed to point to a struct spppreq.
3766 * Check the cmd word first before attempting to fetch all the
3767 * data.
3768 */
3769 if ((subcmd = fuword(ifr->ifr_data)) == -1)
3770 return EFAULT;
3771
3772 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0)
3773 return EFAULT;
3774
3775 switch (subcmd) {
3776 case SPPPIOGDEFS:
3777 if (cmd != SIOCGIFGENERIC)
3778 return EINVAL;
3779 /*
3780 * We copy over the entire current state, but clean
3781 * out some of the stuff we don't wanna pass up.
3782 * Remember, SIOCGIFGENERIC is unprotected, and can be
3783 * called by any user. No need to ever get PAP or
3784 * CHAP secrets back to userland anyway.
3785 */
3786 bcopy(sp, &spr.defs, sizeof(struct sppp));
3787 bzero(spr.defs.myauth.secret, AUTHKEYLEN);
3788 bzero(spr.defs.myauth.challenge, AUTHKEYLEN);
3789 bzero(spr.defs.hisauth.secret, AUTHKEYLEN);
3790 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN);
3791 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr);
3792
3793 case SPPPIOSDEFS:
3794 if (cmd != SIOCSIFGENERIC)
3795 return EINVAL;
3796 /*
3797 * We have a very specific idea of which fields we allow
3798 * being passed back from userland, so to not clobber our
3799 * current state. For one, we only allow setting
3800 * anything if LCP is in dead phase. Once the LCP
3801 * negotiations started, the authentication settings must
3802 * not be changed again. (The administrator can force an
3803 * ifconfig down in order to get LCP back into dead
3804 * phase.)
3805 *
3806 * Also, we only allow for authentication parameters to be
3807 * specified.
3808 *
3809 * XXX Should allow to set or clear pp_flags.
3810 *
3811 * Finally, if the respective authentication protocol to
3812 * be used is set differently than 0, but the secret is
3813 * passed as all zeros, we don't trash the existing secret.
3814 * This allows an administrator to change the system name
3815 * only without clobbering the secret (which he didn't get
3816 * back in a previous SPPPIOGDEFS call). However, the
3817 * secrets are cleared if the authentication protocol is
3818 * reset to 0.
3819 */
3820 if (sp->pp_phase != PHASE_DEAD)
3821 return EBUSY;
3822
3823 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP &&
3824 spr.defs.myauth.proto != PPP_CHAP) ||
3825 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP &&
3826 spr.defs.hisauth.proto != PPP_CHAP))
3827 return EINVAL;
3828
3829 if (spr.defs.myauth.proto == 0)
3830 /* resetting myauth */
3831 bzero(&sp->myauth, sizeof sp->myauth);
3832 else {
3833 /* setting/changing myauth */
3834 sp->myauth.proto = spr.defs.myauth.proto;
3835 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN);
3836 if (spr.defs.myauth.secret[0] != '\0')
3837 bcopy(spr.defs.myauth.secret, sp->myauth.secret,
3838 AUTHKEYLEN);
3839 }
3840 if (spr.defs.hisauth.proto == 0)
3841 /* resetting hisauth */
3842 bzero(&sp->hisauth, sizeof sp->hisauth);
3843 else {
3844 /* setting/changing hisauth */
3845 sp->hisauth.proto = spr.defs.hisauth.proto;
3846 sp->hisauth.flags = spr.defs.hisauth.flags;
3847 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN);
3848 if (spr.defs.hisauth.secret[0] != '\0')
3849 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret,
3850 AUTHKEYLEN);
3851 }
3852 break;
3853
3854 default:
3855 return EINVAL;
3856 }
3857
3858 return 0;
3859}
3860
3861static void
3862sppp_phase_network(struct sppp *sp)
3863{
3864 struct ifnet *ifp = &sp->pp_if;
3865 int i;
3866 u_long mask;
3867
3868 sp->pp_phase = PHASE_NETWORK;
3869
3870 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit,
3871 sppp_phase_name(sp->pp_phase));
3872
3873 /* Notify NCPs now. */
3874 for (i = 0; i < IDX_COUNT; i++)
3875 if ((cps[i])->flags & CP_NCP)
3876 (cps[i])->Open(sp);
3877
3878 /* Send Up events to all NCPs. */
3879 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
3880 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP))
3881 (cps[i])->Up(sp);
3882
3883 /* if no NCP is starting, all this was in vain, close down */
3884 sppp_lcp_check_and_close(sp);
3885}
3886
3887
3888static const char *
3889sppp_cp_type_name(u_char type)
3890{
3891 static char buf[12];
3892 switch (type) {
3893 case CONF_REQ: return "conf-req";
3894 case CONF_ACK: return "conf-ack";
3895 case CONF_NAK: return "conf-nak";
3896 case CONF_REJ: return "conf-rej";
3897 case TERM_REQ: return "term-req";
3898 case TERM_ACK: return "term-ack";
3899 case CODE_REJ: return "code-rej";
3900 case PROTO_REJ: return "proto-rej";
3901 case ECHO_REQ: return "echo-req";
3902 case ECHO_REPLY: return "echo-reply";
3903 case DISC_REQ: return "discard-req";
3904 }
3905 sprintf (buf, "0x%x", type);
3906 return buf;
3907}
3908
3909static const char *
3910sppp_auth_type_name(u_short proto, u_char type)
3911{
3912 static char buf[12];
3913 switch (proto) {
3914 case PPP_CHAP:
3915 switch (type) {
3916 case CHAP_CHALLENGE: return "challenge";
3917 case CHAP_RESPONSE: return "response";
3918 case CHAP_SUCCESS: return "success";
3919 case CHAP_FAILURE: return "failure";
3920 }
3921 case PPP_PAP:
3922 switch (type) {
3923 case PAP_REQ: return "req";
3924 case PAP_ACK: return "ack";
3925 case PAP_NAK: return "nak";
3926 }
3927 }
3928 sprintf (buf, "0x%x", type);
3929 return buf;
3930}
3931
3932static const char *
3933sppp_lcp_opt_name(u_char opt)
3934{
3935 static char buf[12];
3936 switch (opt) {
3937 case LCP_OPT_MRU: return "mru";
3938 case LCP_OPT_ASYNC_MAP: return "async-map";
3939 case LCP_OPT_AUTH_PROTO: return "auth-proto";
3940 case LCP_OPT_QUAL_PROTO: return "qual-proto";
3941 case LCP_OPT_MAGIC: return "magic";
3942 case LCP_OPT_PROTO_COMP: return "proto-comp";
3943 case LCP_OPT_ADDR_COMP: return "addr-comp";
3944 }
3945 sprintf (buf, "0x%x", opt);
3946 return buf;
3947}
3948
3949static const char *
3950sppp_ipcp_opt_name(u_char opt)
3951{
3952 static char buf[12];
3953 switch (opt) {
3954 case IPCP_OPT_ADDRESSES: return "addresses";
3955 case IPCP_OPT_COMPRESSION: return "compression";
3956 case IPCP_OPT_ADDRESS: return "address";
3957 }
3958 sprintf (buf, "0x%x", opt);
3959 return buf;
3960}
3961
3962static const char *
3963sppp_state_name(int state)
3964{
3965 switch (state) {
3966 case STATE_INITIAL: return "initial";
3967 case STATE_STARTING: return "starting";
3968 case STATE_CLOSED: return "closed";
3969 case STATE_STOPPED: return "stopped";
3970 case STATE_CLOSING: return "closing";
3971 case STATE_STOPPING: return "stopping";
3972 case STATE_REQ_SENT: return "req-sent";
3973 case STATE_ACK_RCVD: return "ack-rcvd";
3974 case STATE_ACK_SENT: return "ack-sent";
3975 case STATE_OPENED: return "opened";
3976 }
3977 return "illegal";
3978}
3979
3980static const char *
3981sppp_phase_name(enum ppp_phase phase)
3982{
3983 switch (phase) {
3984 case PHASE_DEAD: return "dead";
3985 case PHASE_ESTABLISH: return "establish";
3986 case PHASE_TERMINATE: return "terminate";
3987 case PHASE_AUTHENTICATE: return "authenticate";
3988 case PHASE_NETWORK: return "network";
3989 }
3990 return "illegal";
3991}
3992
3993static const char *
3994sppp_proto_name(u_short proto)
3995{
3996 static char buf[12];
3997 switch (proto) {
3998 case PPP_LCP: return "lcp";
3999 case PPP_IPCP: return "ipcp";
4000 case PPP_PAP: return "pap";
4001 case PPP_CHAP: return "chap";
4002 }
4003 sprintf(buf, "0x%x", (unsigned)proto);
4004 return buf;
4005}
4006
4007static void
4008sppp_print_bytes(const u_char *p, u_short len)
4009{
4010 addlog(" %x", *p++);
4011 while (--len > 0)
4012 addlog("-%x", *p++);
4013}
4014
4015static void
4016sppp_print_string(const char *p, u_short len)
4017{
4018 u_char c;
4019
4020 while (len-- > 0) {
4021 c = *p++;
4022 /*
4023 * Print only ASCII chars directly. RFC 1994 recommends
4024 * using only them, but we don't rely on it. */
4025 if (c < ' ' || c > '~')
4026 addlog("\\x%x", c);
4027 else
4028 addlog("%c", c);
4029 }
4030}
4031
4032static const char *
4033sppp_dotted_quad(u_long addr)
4034{
4035 static char s[16];
4036 sprintf(s, "%d.%d.%d.%d",
4037 (addr >> 24) & 0xff,
4038 (addr >> 16) & 0xff,
4039 (addr >> 8) & 0xff,
4040 addr & 0xff);
4041 return s;
4042}
4043
4044static int
4045sppp_strnlen(u_char *p, int max)
4046{
4047 int len;
4048
4049 for (len = 0; len < max && *p; ++p)
4050 ++len;
4051 return len;
4052}
4053
4054/* a dummy, used to drop uninteresting events */
4055static void
4056sppp_null(struct sppp *unused)
4057{
4058 /* do just nothing */
4059}
4060/*
4061 * This file is large. Tell emacs to highlight it nevertheless.
4062 *
4063 * Local Variables:
4064 * hilit-auto-highlight-maxout: 120000
4065 * End:
4066 */
|