1/*
2 * Synchronous PPP/Cisco link level subroutines.
3 * Keepalive protocol implemented in both Cisco and PPP modes.
4 *
5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd.
6 * Author: Serge Vakulenko, <vak@cronyx.ru>
7 *
8 * Heavily revamped to conform to RFC 1661.
9 * Copyright (C) 1997, Joerg Wunsch.
10 *
11 * This software is distributed with NO WARRANTIES, not even the implied
12 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
13 *
14 * Authors grant any other persons or organisations permission to use
15 * or modify this software as long as this message is kept with the software,
16 * all derivative works or modified versions.
17 *
18 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997
19 *
20 * $Id: if_spppsubr.c,v 1.26 1997/09/02 01:18:37 bde Exp $
21 */
22
23#include <sys/param.h>
24#include <sys/systm.h>
25#include <sys/kernel.h>
26#include <sys/sockio.h>
27#include <sys/socket.h>
28#include <sys/syslog.h>
29#include <sys/malloc.h>
30#include <sys/mbuf.h>
31#include <sys/md5.h>
32
33#include <net/if.h>
34#include <net/netisr.h>
35#include <net/if_types.h>
36
37#include <machine/stdarg.h>
38
39#ifdef INET
40#include <netinet/in.h>
41#include <netinet/in_systm.h>
42#include <netinet/in_var.h>
43#include <netinet/ip.h>
44#include <netinet/tcp.h>
45#include <netinet/if_ether.h>
46#endif
--- 24 unchanged lines hidden (view full) ---
71 *
72 * Setting link0 will make the link passive, i.e. it will be marked
73 * as being administrative openable, but won't be opened to begin
74 * with. Incoming calls will be answered, or subsequent calls with
75 * -link1 will cause the administrative open of the LCP layer.
76 *
77 * Setting link1 will cause the link to auto-dial only as packets
78 * arrive to be sent.
79 *
80 * Setting IFF_DEBUG will syslog the option negotiation and state
81 * transitions at level kern.debug. Note: all logs consistently look
82 * like
83 *
84 * <if-name><unit>: <proto-name> <additional info...>
85 *
86 * with <if-name><unit> being something like "bppp0", and <proto-name>
87 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc.
88 */
89
90#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */
91#define IFF_AUTO IFF_LINK1 /* auto-dial on output */
92
93#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */
94#define PPP_UI 0x03 /* Unnumbered Information */
95#define PPP_IP 0x0021 /* Internet Protocol */
96#define PPP_ISO 0x0023 /* ISO OSI Protocol */
97#define PPP_XNS 0x0025 /* Xerox NS Protocol */
98#define PPP_IPX 0x002b /* Novell IPX Protocol */
99#define PPP_LCP 0xc021 /* Link Control Protocol */
100#define PPP_PAP 0xc023 /* Password Authentication Protocol */
101#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */
102#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */
103
104#define CONF_REQ 1 /* PPP configure request */
105#define CONF_ACK 2 /* PPP configure acknowledge */
106#define CONF_NAK 3 /* PPP configure negative ack */
107#define CONF_REJ 4 /* PPP configure reject */
108#define TERM_REQ 5 /* PPP terminate request */
109#define TERM_ACK 6 /* PPP terminate acknowledge */
110#define CODE_REJ 7 /* PPP code reject */
111#define PROTO_REJ 8 /* PPP protocol reject */
112#define ECHO_REQ 9 /* PPP echo request */
113#define ECHO_REPLY 10 /* PPP echo reply */
114#define DISC_REQ 11 /* PPP discard request */
115
116#define LCP_OPT_MRU 1 /* maximum receive unit */
117#define LCP_OPT_ASYNC_MAP 2 /* async control character map */
118#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */
119#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */
120#define LCP_OPT_MAGIC 5 /* magic number */
121#define LCP_OPT_RESERVED 6 /* reserved */
122#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */
123#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */
124
125#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */
126#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */
127#define IPCP_OPT_ADDRESS 3 /* local IP address */
128
129#define PAP_REQ 1 /* PAP name/password request */
130#define PAP_ACK 2 /* PAP acknowledge */
131#define PAP_NAK 3 /* PAP fail */
132
133#define CHAP_CHALLENGE 1 /* CHAP challenge request */
134#define CHAP_RESPONSE 2 /* CHAP challenge response */
135#define CHAP_SUCCESS 3 /* CHAP response ok */
136#define CHAP_FAILURE 4 /* CHAP response failed */
137
138#define CHAP_MD5 5 /* hash algorithm - MD5 */
139
140#define CISCO_MULTICAST 0x8f /* Cisco multicast address */
141#define CISCO_UNICAST 0x0f /* Cisco unicast address */
142#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */
143#define CISCO_ADDR_REQ 0 /* Cisco address request */
144#define CISCO_ADDR_REPLY 1 /* Cisco address reply */
145#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */
146
147/* states are named and numbered according to RFC 1661 */
148#define STATE_INITIAL 0
149#define STATE_STARTING 1
150#define STATE_CLOSED 2
151#define STATE_STOPPED 3
152#define STATE_CLOSING 4
153#define STATE_STOPPING 5
154#define STATE_REQ_SENT 6
--- 53 unchanged lines hidden (view full) ---
208 void (*tlu)(struct sppp *sp);
209 void (*tld)(struct sppp *sp);
210 void (*tls)(struct sppp *sp);
211 void (*tlf)(struct sppp *sp);
212 void (*scr)(struct sppp *sp);
213};
214
215static struct sppp *spppq;
216static struct callout_handle keepalive_ch;
217
218/*
219 * The following disgusting hack gets around the problem that IP TOS
220 * can't be set yet. We want to put "interactive" traffic on a high
221 * priority queue. To decide if traffic is interactive, we check that
222 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control.
223 *
224 * XXX is this really still necessary? - joerg -
225 */
226static u_short interactive_ports[8] = {
227 0, 513, 0, 0,
228 0, 21, 0, 23,
229};
230#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p))
231
232/* almost every function needs these */
233#define STDDCL \
234 struct ifnet *ifp = &sp->pp_if; \
235 int debug = ifp->if_flags & IFF_DEBUG
236
237static int sppp_output(struct ifnet *ifp, struct mbuf *m,
238 struct sockaddr *dst, struct rtentry *rt);
239
240static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2);
241static void sppp_cisco_input(struct sppp *sp, struct mbuf *m);
242
243static void sppp_cp_input(const struct cp *cp, struct sppp *sp,
244 struct mbuf *m);
245static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
246 u_char ident, u_short len, void *data);
247static void sppp_cp_timeout(void *arg);
248static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp,
249 int newstate);
250static void sppp_auth_send(const struct cp *cp,
251 struct sppp *sp, u_char type, u_char id,
252 ...);
253
254static void sppp_up_event(const struct cp *cp, struct sppp *sp);
255static void sppp_down_event(const struct cp *cp, struct sppp *sp);
256static void sppp_open_event(const struct cp *cp, struct sppp *sp);
257static void sppp_close_event(const struct cp *cp, struct sppp *sp);
258static void sppp_to_event(const struct cp *cp, struct sppp *sp);
259
260static void sppp_null(struct sppp *sp);
261
262static void sppp_lcp_init(struct sppp *sp);
263static void sppp_lcp_up(struct sppp *sp);
264static void sppp_lcp_down(struct sppp *sp);
265static void sppp_lcp_open(struct sppp *sp);
266static void sppp_lcp_close(struct sppp *sp);
267static void sppp_lcp_TO(void *sp);
268static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
269static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
270static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
271static void sppp_lcp_tlu(struct sppp *sp);
272static void sppp_lcp_tld(struct sppp *sp);
273static void sppp_lcp_tls(struct sppp *sp);
274static void sppp_lcp_tlf(struct sppp *sp);
275static void sppp_lcp_scr(struct sppp *sp);
276static void sppp_lcp_check_and_close(struct sppp *sp);
277static int sppp_ncp_check(struct sppp *sp);
278
279static void sppp_ipcp_init(struct sppp *sp);
280static void sppp_ipcp_up(struct sppp *sp);
281static void sppp_ipcp_down(struct sppp *sp);
282static void sppp_ipcp_open(struct sppp *sp);
283static void sppp_ipcp_close(struct sppp *sp);
284static void sppp_ipcp_TO(void *sp);
285static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
286static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
287static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
288static void sppp_ipcp_tlu(struct sppp *sp);
289static void sppp_ipcp_tld(struct sppp *sp);
290static void sppp_ipcp_tls(struct sppp *sp);
291static void sppp_ipcp_tlf(struct sppp *sp);
292static void sppp_ipcp_scr(struct sppp *sp);
293
294static void sppp_pap_input(struct sppp *sp, struct mbuf *m);
295static void sppp_pap_init(struct sppp *sp);
296static void sppp_pap_open(struct sppp *sp);
297static void sppp_pap_close(struct sppp *sp);
298static void sppp_pap_TO(void *sp);
299static void sppp_pap_my_TO(void *sp);
300static void sppp_pap_tlu(struct sppp *sp);
301static void sppp_pap_tld(struct sppp *sp);
302static void sppp_pap_scr(struct sppp *sp);
303
304static void sppp_chap_input(struct sppp *sp, struct mbuf *m);
305static void sppp_chap_init(struct sppp *sp);
306static void sppp_chap_open(struct sppp *sp);
307static void sppp_chap_close(struct sppp *sp);
308static void sppp_chap_TO(void *sp);
309static void sppp_chap_tlu(struct sppp *sp);
310static void sppp_chap_tld(struct sppp *sp);
311static void sppp_chap_scr(struct sppp *sp);
312
313static const char *sppp_auth_type_name(u_short proto, u_char type);
314static const char *sppp_cp_type_name(u_char type);
315static const char *sppp_dotted_quad(u_long addr);
316static const char *sppp_ipcp_opt_name(u_char opt);
317static const char *sppp_lcp_opt_name(u_char opt);
318static const char *sppp_phase_name(enum ppp_phase phase);
319static const char *sppp_proto_name(u_short proto);
320static const char *sppp_state_name(int state);
321static int sppp_params(struct sppp *sp, int cmd, void *data);
322static int sppp_strnlen(u_char *p, int max);
323static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst,
324 u_long *srcmask);
325static void sppp_keepalive(void *dummy);
326static void sppp_phase_network(struct sppp *sp);
327static void sppp_print_bytes(const u_char *p, u_short len);
328static void sppp_print_string(const char *p, u_short len);
329static void sppp_qflush(struct ifqueue *ifq);
330static void sppp_set_ip_addr(struct sppp *sp, u_long src);
331
332/* our control protocol descriptors */
333const struct cp lcp = {
334 PPP_LCP, IDX_LCP, CP_LCP, "lcp",
335 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close,
336 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak,
337 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf,
338 sppp_lcp_scr
339};
340
341const struct cp ipcp = {
342 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp",
343 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close,
344 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak,
345 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf,
346 sppp_ipcp_scr
347};
348
349const struct cp pap = {
350 PPP_PAP, IDX_PAP, CP_AUTH, "pap",
351 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close,
352 sppp_pap_TO, 0, 0, 0,
353 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null,
354 sppp_pap_scr
355};
356
357const struct cp chap = {
358 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap",
359 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close,
360 sppp_chap_TO, 0, 0, 0,
361 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null,
362 sppp_chap_scr
363};
364
365const struct cp *cps[IDX_COUNT] = {
366 &lcp, /* IDX_LCP */
367 &ipcp, /* IDX_IPCP */
368 &pap, /* IDX_PAP */
369 &chap, /* IDX_CHAP */
370};
371
372
373 /*
374 * Exported functions, comprising our interface to the lower layer.
375 */
376
377/*
--- 52 unchanged lines hidden (view full) ---
430 log(LOG_DEBUG,
431 "%s%d: invalid input protocol "
432 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
433 ifp->if_name, ifp->if_unit,
434 h->address, h->control, ntohs(h->protocol));
435 ++ifp->if_noproto;
436 goto drop;
437 case PPP_LCP:
438 sppp_cp_input(&lcp, sp, m);
439 m_freem (m);
440 return;
441 case PPP_PAP:
442 if (sp->pp_phase >= PHASE_AUTHENTICATE)
443 sppp_pap_input(sp, m);
444 m_freem (m);
445 return;
446 case PPP_CHAP:
447 if (sp->pp_phase >= PHASE_AUTHENTICATE)
448 sppp_chap_input(sp, m);
449 m_freem (m);
450 return;
451#ifdef INET
452 case PPP_IPCP:
453 if (sp->pp_phase == PHASE_NETWORK)
454 sppp_cp_input(&ipcp, sp, m);
455 m_freem (m);
456 return;
457 case PPP_IP:
458 if (sp->state[IDX_IPCP] == STATE_OPENED) {
459 schednetisr (NETISR_IP);
460 inq = &ipintrq;
461 }
462 break;
--- 244 unchanged lines hidden (view full) ---
707
708void
709sppp_attach(struct ifnet *ifp)
710{
711 struct sppp *sp = (struct sppp*) ifp;
712
713 /* Initialize keepalive handler. */
714 if (! spppq)
715 keepalive_ch = timeout(sppp_keepalive, 0, hz * 10);
716
717 /* Insert new entry into the keepalive list. */
718 sp->pp_next = spppq;
719 spppq = sp;
720
721 sp->pp_if.if_type = IFT_PPP;
722 sp->pp_if.if_output = sppp_output;
723 sp->pp_fastq.ifq_maxlen = 32;
724 sp->pp_cpq.ifq_maxlen = 20;
725 sp->pp_loopcnt = 0;
726 sp->pp_alivecnt = 0;
727 sp->pp_seq = 0;
728 sp->pp_rseq = 0;
729 sp->pp_phase = PHASE_DEAD;
730 sp->pp_up = lcp.Up;
731 sp->pp_down = lcp.Down;
732
733 sppp_lcp_init(sp);
734 sppp_ipcp_init(sp);
735 sppp_pap_init(sp);
736 sppp_chap_init(sp);
737}
738
739void
740sppp_detach(struct ifnet *ifp)
741{
742 struct sppp **q, *p, *sp = (struct sppp*) ifp;
743 int i;
744
745 /* Remove the entry from the keepalive list. */
746 for (q = &spppq; (p = *q); q = &p->pp_next)
747 if (p == sp) {
748 *q = p->pp_next;
749 break;
750 }
751
752 /* Stop keepalive handler. */
753 if (! spppq)
754 untimeout(sppp_keepalive, 0, keepalive_ch);
755
756 for (i = 0; i < IDX_COUNT; i++)
757 untimeout((cps[i])->TO, (void *)sp, sp->ch[i]);
758 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
759}
760
761/*
762 * Flush the interface output queue.
763 */
764void
765sppp_flush(struct ifnet *ifp)
766{
--- 27 unchanged lines hidden (view full) ---
794sppp_dequeue(struct ifnet *ifp)
795{
796 struct sppp *sp = (struct sppp*) ifp;
797 struct mbuf *m;
798 int s;
799
800 s = splimp();
801 /*
802 * Process only the control protocol queue until we have at
803 * least one NCP open.
804 *
805 * Do always serve all three queues in Cisco mode.
806 */
807 IF_DEQUEUE(&sp->pp_cpq, m);
808 if (m == NULL &&
809 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) {
810 IF_DEQUEUE(&sp->pp_fastq, m);
811 if (m == NULL)
812 IF_DEQUEUE (&sp->pp_if.if_snd, m);
813 }
814 splx(s);
815 return m;
816}
817
818/*
819 * Pick the next packet, do not remove it from the queue.
820 */
821struct mbuf *
822sppp_pick(struct ifnet *ifp)
823{
824 struct sppp *sp = (struct sppp*)ifp;
825 struct mbuf *m;
826 int s;
827
828 s= splimp ();
829
830 m = sp->pp_cpq.ifq_head;
831 if (m == NULL &&
832 (sp->pp_phase == PHASE_NETWORK ||
833 (sp->pp_flags & PP_CISCO) != 0))
834 if ((m = sp->pp_fastq.ifq_head) == NULL)
835 m = sp->pp_if.if_snd.ifq_head;
836 splx (s);
837 return (m);
838}
839
840/*
841 * Process an ioctl request. Called on low priority level.
842 */
843int
844sppp_ioctl(struct ifnet *ifp, int cmd, void *data)
845{
846 struct ifreq *ifr = (struct ifreq*) data;
847 struct sppp *sp = (struct sppp*) ifp;
848 int s, rv, going_up, going_down, newmode;
849
850 s = splimp();
851 rv = 0;
852 switch (cmd) {
853 case SIOCAIFADDR:
854 case SIOCSIFDSTADDR:
855 break;
856
857 case SIOCSIFADDR:
858 if_up(ifp);
859 /* fall through... */
--- 50 unchanged lines hidden (view full) ---
910 case SLIOCGETMTU:
911 *(short*)data = ifp->if_mtu;
912 break;
913#endif
914 case SIOCADDMULTI:
915 case SIOCDELMULTI:
916 break;
917
918 case SIOCGIFGENERIC:
919 case SIOCSIFGENERIC:
920 rv = sppp_params(sp, cmd, data);
921 break;
922
923 default:
924 rv = ENOTTY;
925 }
926 splx(s);
927 return rv;
928}
929
930
931 /*
932 * Cisco framing implementation.
933 */
934
935/*
936 * Handle incoming Cisco keepalive protocol packets.
937 */
938static void
939sppp_cisco_input(struct sppp *sp, struct mbuf *m)
940{
941 STDDCL;
942 struct cisco_packet *h;
943 u_long me, mymask;
944
945 if (m->m_pkthdr.len < CISCO_PACKET_LEN) {
946 if (debug)
947 log(LOG_DEBUG,
948 "%s%d: cisco invalid packet length: %d bytes\n",
949 ifp->if_name, ifp->if_unit, m->m_pkthdr.len);
950 return;
951 }
952 h = mtod (m, struct cisco_packet*);
953 if (debug)
954 log(LOG_DEBUG,
955 "%s%d: cisco input: %d bytes "
956 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n",
957 ifp->if_name, ifp->if_unit, m->m_pkthdr.len,
958 ntohl (h->type), h->par1, h->par2, h->rel,
959 h->time0, h->time1);
960 switch (ntohl (h->type)) {
961 default:
962 if (debug)
963 addlog("%s%d: cisco unknown packet type: 0x%lx\n",
964 ifp->if_name, ifp->if_unit, ntohl (h->type));
965 break;
966 case CISCO_ADDR_REPLY:
967 /* Reply on address request, ignore */
968 break;
969 case CISCO_KEEPALIVE_REQ:
970 sp->pp_alivecnt = 0;
971 sp->pp_rseq = ntohl (h->par1);
--- 10 unchanged lines hidden (view full) ---
982 }
983 }
984 ++sp->pp_loopcnt;
985
986 /* Generate new local sequence number */
987 sp->pp_seq ^= time.tv_sec ^ time.tv_usec;
988 break;
989 }
990 sp->pp_loopcnt = 0;
991 if (! (ifp->if_flags & IFF_UP) &&
992 (ifp->if_flags & IFF_RUNNING)) {
993 if_up(ifp);
994 printf ("%s%d: up\n", ifp->if_name, ifp->if_unit);
995 }
996 break;
997 case CISCO_ADDR_REQ:
998 sppp_get_ip_addrs(sp, &me, 0, &mymask);
999 if (me != 0L)
1000 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask);
1001 break;
1002 }
1003}
1004
1005/*
1006 * Send Cisco keepalive packet.
1007 */
1008static void
--- 126 unchanged lines hidden (view full) ---
1135 sppp_state_name(sp->state[cp->protoidx]),
1136 sppp_cp_type_name (h->type), h->ident, ntohs (h->len));
1137 if (len > 4)
1138 sppp_print_bytes ((u_char*) (h+1), len-4);
1139 addlog(">\n");
1140 }
1141 if (len > ntohs (h->len))
1142 len = ntohs (h->len);
1143 p = (u_char *)(h + 1);
1144 switch (h->type) {
1145 case CONF_REQ:
1146 if (len < 4) {
1147 if (debug)
1148 addlog("%s%d: %s invalid conf-req length %d\n",
1149 ifp->if_name, ifp->if_unit, cp->name,
1150 len);
1151 ++ifp->if_ierrors;
1152 break;
1153 }
1154 /* handle states where RCR doesn't get a SCA/SCN */
1155 switch (sp->state[cp->protoidx]) {
1156 case STATE_CLOSING:
1157 case STATE_STOPPING:
1158 return;
1159 case STATE_CLOSED:
1160 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident,
1161 0, 0);
1162 return;
1163 }
1164 rv = (cp->RCR)(sp, h, len);
1165 switch (sp->state[cp->protoidx]) {
1166 case STATE_OPENED:
1167 (cp->tld)(sp);
1168 (cp->scr)(sp);
1169 /* fall through... */
1170 case STATE_ACK_SENT:
1171 case STATE_REQ_SENT:
1172 sppp_cp_change_state(cp, sp, rv?
1173 STATE_ACK_SENT: STATE_REQ_SENT);
1174 break;
1175 case STATE_STOPPED:
1176 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1177 (cp->scr)(sp);
1178 sppp_cp_change_state(cp, sp, rv?
1179 STATE_ACK_SENT: STATE_REQ_SENT);
1180 break;
1181 case STATE_ACK_RCVD:
1182 if (rv) {
1183 sppp_cp_change_state(cp, sp, STATE_OPENED);
1184 if (debug)
1185 log(LOG_DEBUG, "%s%d: %s tlu\n",
1186 ifp->if_name, ifp->if_unit,
1187 cp->name);
1188 (cp->tlu)(sp);
--- 35 unchanged lines hidden (view full) ---
1224 case STATE_ACK_RCVD:
1225 (cp->scr)(sp);
1226 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1227 break;
1228 case STATE_ACK_SENT:
1229 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1230 sppp_cp_change_state(cp, sp, STATE_OPENED);
1231 if (debug)
1232 log(LOG_DEBUG, "%s%d: %s tlu\n",
1233 ifp->if_name, ifp->if_unit, cp->name);
1234 (cp->tlu)(sp);
1235 break;
1236 default:
1237 printf("%s%d: %s illegal %s in state %s\n",
1238 ifp->if_name, ifp->if_unit, cp->name,
1239 sppp_cp_type_name(h->type),
1240 sppp_state_name(sp->state[cp->protoidx]));
--- 105 unchanged lines hidden (view full) ---
1346 sppp_cp_type_name(h->type),
1347 sppp_state_name(sp->state[cp->protoidx]));
1348 ++ifp->if_ierrors;
1349 }
1350 break;
1351 case CODE_REJ:
1352 case PROTO_REJ:
1353 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */
1354 log(LOG_INFO,
1355 "%s%d: %s: ignoring RXJ (%s) for proto 0x%x, "
1356 "danger will robinson\n",
1357 ifp->if_name, ifp->if_unit, cp->name,
1358 sppp_cp_type_name(h->type), ntohs(*((u_short *)p)));
1359 switch (sp->state[cp->protoidx]) {
1360 case STATE_CLOSED:
1361 case STATE_STOPPED:
1362 case STATE_REQ_SENT:
1363 case STATE_ACK_SENT:
1364 case STATE_CLOSING:
1365 case STATE_STOPPING:
1366 case STATE_OPENED:
--- 317 unchanged lines hidden (view full) ---
1684sppp_lcp_init(struct sppp *sp)
1685{
1686 sp->lcp.opts = (1 << LCP_OPT_MAGIC);
1687 sp->lcp.magic = 0;
1688 sp->state[IDX_LCP] = STATE_INITIAL;
1689 sp->fail_counter[IDX_LCP] = 0;
1690 sp->lcp.protos = 0;
1691 sp->lcp.mru = sp->lcp.their_mru = PP_MTU;
1692
1693 /*
1694 * Initialize counters and timeout values. Note that we don't
1695 * use the 3 seconds suggested in RFC 1661 since we are likely
1696 * running on a fast link. XXX We should probably implement
1697 * the exponential backoff option. Note that these values are
1698 * relevant for all control protocols, not just LCP only.
1699 */
1700 sp->lcp.timeout = 1 * hz;
1701 sp->lcp.max_terminate = 2;
1702 sp->lcp.max_configure = 10;
1703 sp->lcp.max_failure = 10;
1704 callout_handle_init(&sp->ch[IDX_LCP]);
1705}
1706
1707static void
1708sppp_lcp_up(struct sppp *sp)
1709{
1710 STDDCL;
1711
1712 /*
1713 * If this interface is passive or dial-on-demand, and we are
1714 * still in Initial state, it means we've got an incoming
1715 * call. Activate the interface.
1716 */
1717 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) {
1718 if (debug)
1719 log(LOG_DEBUG,
1720 "%s%d: Up event", ifp->if_name, ifp->if_unit);
1721 ifp->if_flags |= IFF_RUNNING;
1722 if (sp->state[IDX_LCP] == STATE_INITIAL) {
1723 if (debug)
1724 addlog("(incoming call)\n");
1725 sp->pp_flags |= PP_CALLIN;
1726 lcp.Open(sp);
1727 } else if (debug)
1728 addlog("\n");
1729 }
1730
1731 sppp_up_event(&lcp, sp);
1732}
1733
1734static void
1735sppp_lcp_down(struct sppp *sp)
1736{
--- 14 unchanged lines hidden (view full) ---
1751 ifp->if_name, ifp->if_unit);
1752 if_down(ifp);
1753 } else {
1754 if (debug)
1755 log(LOG_DEBUG,
1756 "%s%d: Down event (carrier loss)\n",
1757 ifp->if_name, ifp->if_unit);
1758 }
1759 sp->pp_flags &= ~PP_CALLIN;
1760 if (sp->state[IDX_LCP] != STATE_INITIAL)
1761 lcp.Close(sp);
1762 ifp->if_flags &= ~IFF_RUNNING;
1763}
1764
1765static void
1766sppp_lcp_open(struct sppp *sp)
1767{
1768 /*
1769 * If we are authenticator, negotiate LCP_AUTH
1770 */
1771 if (sp->hisauth.proto != 0)
1772 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO);
1773 else
1774 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
1775 sp->pp_flags &= ~PP_NEEDAUTH;
1776 sppp_open_event(&lcp, sp);
1777}
1778
1779static void
1780sppp_lcp_close(struct sppp *sp)
1781{
1782 sppp_close_event(&lcp, sp);
1783}
--- 12 unchanged lines hidden (view full) ---
1796 */
1797static int
1798sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
1799{
1800 STDDCL;
1801 u_char *buf, *r, *p;
1802 int origlen, rlen;
1803 u_long nmagic;
1804 u_short authproto;
1805
1806 len -= 4;
1807 origlen = len;
1808 buf = r = malloc (len, M_TEMP, M_NOWAIT);
1809 if (! buf)
1810 return (0);
1811
1812 if (debug)
--- 18 unchanged lines hidden (view full) ---
1831 break;
1832 case LCP_OPT_MRU:
1833 /* Maximum receive unit. */
1834 if (len >= 4 && p[1] == 4)
1835 continue;
1836 if (debug)
1837 addlog("[invalid] ");
1838 break;
1839 case LCP_OPT_AUTH_PROTO:
1840 if (len < 4) {
1841 if (debug)
1842 addlog("[invalid] ");
1843 break;
1844 }
1845 authproto = (p[2] << 8) + p[3];
1846 if (authproto == PPP_CHAP && p[1] != 5) {
1847 if (debug)
1848 addlog("[invalid chap len] ");
1849 break;
1850 }
1851 if (sp->myauth.proto == 0) {
1852 /* we are not configured to do auth */
1853 if (debug)
1854 addlog("[not configured] ");
1855 break;
1856 }
1857 /*
1858 * Remote want us to authenticate, remember this,
1859 * so we stay in PHASE_AUTHENTICATE after LCP got
1860 * up.
1861 */
1862 sp->pp_flags |= PP_NEEDAUTH;
1863 continue;
1864 default:
1865 /* Others not supported. */
1866 if (debug)
1867 addlog("[rej] ");
1868 break;
1869 }
1870 /* Add the option to rejected list. */
1871 bcopy (p, r, p[1]);
--- 30 unchanged lines hidden (view full) ---
1902 if (debug)
1903 addlog("0x%x ", nmagic);
1904 continue;
1905 }
1906 /*
1907 * Local and remote magics equal -- loopback?
1908 */
1909 if (sp->pp_loopcnt >= MAXALIVECNT*5) {
1910 printf ("%s%d: loopback\n",
1911 ifp->if_name, ifp->if_unit);
1912 sp->pp_loopcnt = 0;
1913 if (ifp->if_flags & IFF_UP) {
1914 if_down(ifp);
1915 sppp_qflush(&sp->pp_cpq);
1916 /* XXX ? */
1917 lcp.Down(sp);
1918 lcp.Up(sp);
--- 31 unchanged lines hidden (view full) ---
1950 /*
1951 * Maximum receive unit. Always agreeable,
1952 * but ignored by now.
1953 */
1954 sp->lcp.their_mru = p[2] * 256 + p[3];
1955 if (debug)
1956 addlog("%d ", sp->lcp.their_mru);
1957 continue;
1958
1959 case LCP_OPT_AUTH_PROTO:
1960 authproto = (p[2] << 8) + p[3];
1961 if (sp->myauth.proto != authproto) {
1962 /* not agreed, nak */
1963 if (debug)
1964 addlog("[mine %s != his %s] ",
1965 sppp_proto_name(sp->hisauth.proto),
1966 sppp_proto_name(authproto));
1967 p[2] = sp->myauth.proto >> 8;
1968 p[3] = sp->myauth.proto;
1969 break;
1970 }
1971 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) {
1972 if (debug)
1973 addlog("[chap not MD5] ");
1974 p[4] == CHAP_MD5;
1975 break;
1976 }
1977 continue;
1978 }
1979 /* Add the option to nak'ed list. */
1980 bcopy (p, r, p[1]);
1981 r += p[1];
1982 rlen += p[1];
1983 }
1984 if (rlen) {
1985 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) {
--- 53 unchanged lines hidden (view full) ---
2039 case LCP_OPT_MRU:
2040 /*
2041 * Should not be rejected anyway, since we only
2042 * negotiate a MRU if explicitly requested by
2043 * peer.
2044 */
2045 sp->lcp.opts &= ~(1 << LCP_OPT_MRU);
2046 break;
2047 case LCP_OPT_AUTH_PROTO:
2048 /*
2049 * Peer doesn't want to authenticate himself,
2050 * deny unless this is a dialout call, and
2051 * AUTHFLAG_NOCALLOUT is set.
2052 */
2053 if ((sp->pp_flags & PP_CALLIN) == 0 &&
2054 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) {
2055 if (debug)
2056 addlog("[don't insist on auth "
2057 "for callout]");
2058 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
2059 break;
2060 }
2061 if (debug)
2062 addlog("[access denied]\n");
2063 lcp.Close(sp);
2064 break;
2065 }
2066 }
2067 if (debug)
2068 addlog("\n");
2069 free (buf, M_TEMP);
2070 return;
2071}
2072
--- 55 unchanged lines hidden (view full) ---
2128 if (debug)
2129 addlog("%d ", mru);
2130 if (mru < PP_MTU || mru > PP_MAX_MRU)
2131 mru = PP_MTU;
2132 sp->lcp.mru = mru;
2133 sp->lcp.opts |= (1 << LCP_OPT_MRU);
2134 }
2135 break;
2136 case LCP_OPT_AUTH_PROTO:
2137 /*
2138 * Peer doesn't like our authentication method,
2139 * deny.
2140 */
2141 if (debug)
2142 addlog("[access denied]\n");
2143 lcp.Close(sp);
2144 break;
2145 }
2146 }
2147 if (debug)
2148 addlog("\n");
2149 free (buf, M_TEMP);
2150 return;
2151}
2152
--- 11 unchanged lines hidden (view full) ---
2164 if_up(ifp);
2165 printf ("%s%d: up\n", ifp->if_name, ifp->if_unit);
2166 }
2167
2168 for (i = 0; i < IDX_COUNT; i++)
2169 if ((cps[i])->flags & CP_QUAL)
2170 (cps[i])->Open(sp);
2171
2172 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 ||
2173 (sp->pp_flags & PP_NEEDAUTH) != 0)
2174 sp->pp_phase = PHASE_AUTHENTICATE;
2175 else
2176 sp->pp_phase = PHASE_NETWORK;
2177
2178 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit,
2179 sppp_phase_name(sp->pp_phase));
2180
2181 /*
2182 * Open all authentication protocols. This is even required
2183 * if we already proceeded to network phase, since it might be
2184 * that remote wants us to authenticate, so we might have to
2185 * send a PAP request. Undesired authentication protocols
2186 * don't do anything when they get an Open event.
2187 */
2188 for (i = 0; i < IDX_COUNT; i++)
2189 if ((cps[i])->flags & CP_AUTH)
2190 (cps[i])->Open(sp);
2191
2192 if (sp->pp_phase == PHASE_NETWORK) {
2193 /* Notify all NCPs. */
2194 for (i = 0; i < IDX_COUNT; i++)
2195 if ((cps[i])->flags & CP_NCP)
2196 (cps[i])->Open(sp);
2197 }
2198
2199 /* Send Up events to all started protos. */
2200 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2201 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0)
2202 (cps[i])->Up(sp);
2203
2204 if (sp->pp_phase == PHASE_NETWORK)
2205 /* if no NCP is starting, close down */
2206 sppp_lcp_check_and_close(sp);
2207}
2208
2209static void
2210sppp_lcp_tld(struct sppp *sp)
2211{
2212 STDDCL;
2213 int i;
2214 u_long mask;
--- 43 unchanged lines hidden (view full) ---
2258 /* Notify lower layer if desired. */
2259 if (sp->pp_tlf)
2260 (sp->pp_tlf)(sp);
2261}
2262
2263static void
2264sppp_lcp_scr(struct sppp *sp)
2265{
2266 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */];
2267 int i = 0;
2268 u_short authproto;
2269
2270 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) {
2271 if (! sp->lcp.magic)
2272 sp->lcp.magic = time.tv_sec + time.tv_usec;
2273 opt[i++] = LCP_OPT_MAGIC;
2274 opt[i++] = 6;
2275 opt[i++] = sp->lcp.magic >> 24;
2276 opt[i++] = sp->lcp.magic >> 16;
2277 opt[i++] = sp->lcp.magic >> 8;
2278 opt[i++] = sp->lcp.magic;
2279 }
2280
2281 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) {
2282 opt[i++] = LCP_OPT_MRU;
2283 opt[i++] = 4;
2284 opt[i++] = sp->lcp.mru >> 8;
2285 opt[i++] = sp->lcp.mru;
2286 }
2287
2288 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) {
2289 authproto = sp->hisauth.proto;
2290 opt[i++] = LCP_OPT_AUTH_PROTO;
2291 opt[i++] = authproto == PPP_CHAP? 5: 4;
2292 opt[i++] = authproto >> 8;
2293 opt[i++] = authproto;
2294 if (authproto == PPP_CHAP)
2295 opt[i++] = CHAP_MD5;
2296 }
2297
2298 sp->confid[IDX_LCP] = ++sp->pp_seq;
2299 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt);
2300}
2301
2302/*
2303 * Check the open NCPs, return true if at least one NCP is open.
2304 */
2305static int
2306sppp_ncp_check(struct sppp *sp)
2307{
2308 int i, mask;
2309
2310 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2311 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP)
2312 return 1;
2313 return 0;
2314}
2315
2316/*
2317 * Re-check the open NCPs and see if we should terminate the link.
2318 * Called by the NCPs during their tlf action handling.
2319 */
2320static void
2321sppp_lcp_check_and_close(struct sppp *sp)
2322{
2323
2324 if (sp->pp_phase < PHASE_NETWORK)
2325 /* don't bother, we are already going down */
2326 return;
2327
2328 if (sppp_ncp_check(sp))
2329 return;
2330
2331 lcp.Close(sp);
2332}
2333 /*
2334 *--------------------------------------------------------------------------*
2335 * *
2336 * The IPCP implementation. *
2337 * *
2338 *--------------------------------------------------------------------------*
--- 22 unchanged lines hidden (view full) ---
2361}
2362
2363static void
2364sppp_ipcp_open(struct sppp *sp)
2365{
2366 STDDCL;
2367 u_long myaddr, hisaddr;
2368
2369 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0);
2370 /*
2371 * If we don't have his address, this probably means our
2372 * interface doesn't want to talk IP at all. (This could
2373 * be the case if somebody wants to speak only IPX, for
2374 * example.) Don't open IPCP in this case.
2375 */
2376 if (hisaddr == 0L) {
2377 /* XXX this message should go away */
--- 97 unchanged lines hidden (view full) ---
2475 if (debug)
2476 addlog(" send conf-rej\n");
2477 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf);
2478 return 0;
2479 } else if (debug)
2480 addlog("\n");
2481
2482 /* pass 2: parse option values */
2483 sppp_get_ip_addrs(sp, 0, &hisaddr, 0);
2484 if (debug)
2485 log(LOG_DEBUG, "%s%d: ipcp parse opt values: ",
2486 ifp->if_name, ifp->if_unit);
2487 p = (void*) (h+1);
2488 len = origlen;
2489 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2490 if (debug)
2491 addlog(" %s ", sppp_ipcp_opt_name(*p));
2492 switch (*p) {
2493#ifdef notyet
2494 case IPCP_OPT_COMPRESSION:
--- 4 unchanged lines hidden (view full) ---
2499 p[4] << 8 | p[5];
2500 if (desiredaddr == hisaddr) {
2501 /*
2502 * Peer's address is same as our value,
2503 * this is agreeable. Gonna conf-ack
2504 * it.
2505 */
2506 if (debug)
2507 addlog("%s [ack] ",
2508 sppp_dotted_quad(hisaddr));
2509 /* record that we've seen it already */
2510 sp->ipcp.flags |= IPCP_HISADDR_SEEN;
2511 continue;
2512 }
2513 /*
2514 * The address wasn't agreeable. This is either
2515 * he sent us 0.0.0.0, asking to assign him an
2516 * address, or he send us another address not
2517 * matching our value. Either case, we gonna
2518 * conf-nak it with our value.
2519 */
2520 if (debug) {
2521 if (desiredaddr == 0)
2522 addlog("[addr requested] ");
2523 else
2524 addlog("%s [not agreed] ",
2525 sppp_dotted_quad(desiredaddr));
2526
2527 p[2] = hisaddr >> 24;
2528 p[3] = hisaddr >> 16;
2529 p[4] = hisaddr >> 8;
2530 p[5] = hisaddr;
2531 }
2532 break;
2533 }
--- 117 unchanged lines hidden (view full) ---
2651 * if we can do something for him. We'll drop
2652 * him our address then.
2653 */
2654 if (len >= 6 && p[1] == 6) {
2655 wantaddr = p[2] << 24 | p[3] << 16 |
2656 p[4] << 8 | p[5];
2657 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
2658 if (debug)
2659 addlog("[wantaddr %s] ",
2660 sppp_dotted_quad(wantaddr));
2661 /*
2662 * When doing dynamic address assignment,
2663 * we accept his offer. Otherwise, we
2664 * ignore it and thus continue to negotiate
2665 * our already existing value.
2666 */
2667 if (sp->ipcp.flags & IPCP_MYADDR_DYN) {
2668 sppp_set_ip_addr(sp, wantaddr);
--- 34 unchanged lines hidden (view full) ---
2703 sp->lcp.protos |= (1 << IDX_IPCP);
2704}
2705
2706static void
2707sppp_ipcp_tlf(struct sppp *sp)
2708{
2709 /* we no longer need LCP */
2710 sp->lcp.protos &= ~(1 << IDX_IPCP);
2711 sppp_lcp_check_and_close(sp);
2712}
2713
2714static void
2715sppp_ipcp_scr(struct sppp *sp)
2716{
2717 char opt[6 /* compression */ + 6 /* address */];
2718 u_long ouraddr;
2719 int i = 0;
--- 5 unchanged lines hidden (view full) ---
2725 opt[i++] = 0; /* VJ header compression */
2726 opt[i++] = 0x2d; /* VJ header compression */
2727 opt[i++] = max_slot_id;
2728 opt[i++] = comp_slot_id;
2729 }
2730#endif
2731
2732 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) {
2733 sppp_get_ip_addrs(sp, &ouraddr, 0, 0);
2734 opt[i++] = IPCP_OPT_ADDRESS;
2735 opt[i++] = 6;
2736 opt[i++] = ouraddr >> 24;
2737 opt[i++] = ouraddr >> 16;
2738 opt[i++] = ouraddr >> 8;
2739 opt[i++] = ouraddr;
2740 }
2741
2742 sp->confid[IDX_IPCP] = ++sp->pp_seq;
2743 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt);
2744}
2745
2746
2747 /*
2748 *--------------------------------------------------------------------------*
2749 * *
2750 * The CHAP implementation. *
2751 * *
2752 *--------------------------------------------------------------------------*
2753 */
2754
2755/*
2756 * The authentication protocols don't employ a full-fledged state machine as
2757 * the control protocols do, since they do have Open and Close events, but
2758 * not Up and Down, nor are they explicitly terminated. Also, use of the
2759 * authentication protocols may be different in both directions (this makes
2760 * sense, think of a machine that never accepts incoming calls but only
2761 * calls out, it doesn't require the called party to authenticate itself).
2762 *
2763 * Our state machine for the local authentication protocol (we are requesting
2764 * the peer to authenticate) looks like:
2765 *
2766 * RCA-
2767 * +--------------------------------------------+
2768 * V scn,tld|
2769 * +--------+ Close +---------+ RCA+
2770 * | |<----------------------------------| |------+
2771 * +--->| Closed | TO* | Opened | sca |
2772 * | | |-----+ +-------| |<-----+
2773 * | +--------+ irc | | +---------+
2774 * | ^ | | ^
2775 * | | | | |
2776 * | | | | |
2777 * | TO-| | | |
2778 * | |tld TO+ V | |
2779 * | | +------->+ | |
2780 * | | | | | |
2781 * | +--------+ V | |
2782 * | | |<----+<--------------------+ |
2783 * | | Req- | scr |
2784 * | | Sent | |
2785 * | | | |
2786 * | +--------+ |
2787 * | RCA- | | RCA+ |
2788 * +------+ +------------------------------------------+
2789 * scn,tld sca,irc,ict,tlu
2790 *
2791 *
2792 * with:
2793 *
2794 * Open: LCP reached authentication phase
2795 * Close: LCP reached terminate phase
2796 *
2797 * RCA+: received reply (pap-req, chap-response), acceptable
2798 * RCN: received reply (pap-req, chap-response), not acceptable
2799 * TO+: timeout with restart counter >= 0
2800 * TO-: timeout with restart counter < 0
2801 * TO*: reschedule timeout for CHAP
2802 *
2803 * scr: send request packet (none for PAP, chap-challenge)
2804 * sca: send ack packet (pap-ack, chap-success)
2805 * scn: send nak packet (pap-nak, chap-failure)
2806 * ict: initialize re-challenge timer (CHAP only)
2807 *
2808 * tlu: this-layer-up, LCP reaches network phase
2809 * tld: this-layer-down, LCP enters terminate phase
2810 *
2811 * Note that in CHAP mode, after sending a new challenge, while the state
2812 * automaton falls back into Req-Sent state, it doesn't signal a tld
2813 * event to LCP, so LCP remains in network phase. Only after not getting
2814 * any response (or after getting an unacceptable response), CHAP closes,
2815 * causing LCP to enter terminate phase.
2816 *
2817 * With PAP, there is no initial request that can be sent. The peer is
2818 * expected to send one based on the successful negotiation of PAP as
2819 * the authentication protocol during the LCP option negotiation.
2820 *
2821 * Incoming authentication protocol requests (remote requests
2822 * authentication, we are peer) don't employ a state machine at all,
2823 * they are simply answered. Some peers [Ascend P50 firmware rev
2824 * 4.50] react allergically when sending IPCP requests while they are
2825 * still in authentication phase (thereby violating the standard that
2826 * demands that these NCP packets are to be discarded), so we keep
2827 * track of the peer demanding us to authenticate, and only proceed to
2828 * phase network once we've seen a positive acknowledge for the
2829 * authentication.
2830 */
2831
2832/*
2833 * Handle incoming CHAP packets.
2834 */
2835void
2836sppp_chap_input(struct sppp *sp, struct mbuf *m)
2837{
2838 STDDCL;
2839 struct lcp_header *h;
2840 int len, x;
2841 u_char *value, *name, digest[AUTHKEYLEN], dsize;
2842 int value_len, name_len;
2843 MD5_CTX ctx;
2844
2845 len = m->m_pkthdr.len;
2846 if (len < 4) {
2847 if (debug)
2848 log(LOG_DEBUG,
2849 "%s%d: chap invalid packet length: %d bytes\n",
2850 ifp->if_name, ifp->if_unit, len);
2851 return;
2852 }
2853 h = mtod (m, struct lcp_header*);
2854 if (len > ntohs (h->len))
2855 len = ntohs (h->len);
2856
2857 switch (h->type) {
2858 /* challenge, failure and success are his authproto */
2859 case CHAP_CHALLENGE:
2860 value = 1 + (u_char*)(h+1);
2861 value_len = value[-1];
2862 name = value + value_len;
2863 name_len = len - value_len - 5;
2864 if (name_len < 0) {
2865 if (debug) {
2866 log(LOG_DEBUG,
2867 "%s%d: chap corrupted challenge "
2868 "<%s id=0x%x len=%d",
2869 ifp->if_name, ifp->if_unit,
2870 sppp_auth_type_name(PPP_CHAP, h->type),
2871 h->ident, ntohs(h->len));
2872 if (len > 4)
2873 sppp_print_bytes((u_char*) (h+1), len-4);
2874 addlog(">\n");
2875 }
2876 break;
2877 }
2878 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)
2879 || bcmp(name, sp->hisauth.name, name_len) != 0) {
2880 log(LOG_INFO, "%s%d: chap challenge, his name ");
2881 sppp_print_string(name, name_len);
2882 addlog(" != expected ");
2883 sppp_print_string(sp->hisauth.name,
2884 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN));
2885 addlog("\n");
2886 }
2887
2888 if (debug) {
2889 log(LOG_DEBUG,
2890 "%s%d: chap input <%s id=0x%x len=%d name=",
2891 ifp->if_name, ifp->if_unit,
2892 sppp_auth_type_name(PPP_CHAP, h->type), h->ident,
2893 ntohs(h->len));
2894 sppp_print_string((char*) name, name_len);
2895 addlog(" value-size=%d value=", value_len);
2896 sppp_print_bytes(value, value_len);
2897 addlog(">\n");
2898 }
2899
2900 /* Compute reply value. */
2901 MD5Init(&ctx);
2902 MD5Update(&ctx, &h->ident, 1);
2903 MD5Update(&ctx, sp->myauth.secret,
2904 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN));
2905 MD5Update(&ctx, value, value_len);
2906 MD5Final(digest, &ctx);
2907 dsize = sizeof digest;
2908
2909 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident,
2910 sizeof dsize, (const char *)&dsize,
2911 sizeof digest, digest,
2912 sppp_strnlen(sp->myauth.name, AUTHNAMELEN),
2913 sp->myauth.name,
2914 0);
2915 break;
2916
2917 case CHAP_SUCCESS:
2918 if (debug) {
2919 log(LOG_DEBUG, "%s%d: chap success",
2920 ifp->if_name, ifp->if_unit);
2921 if (len > 4) {
2922 addlog(": ");
2923 sppp_print_string((char*)(h + 1), len - 4);
2924 }
2925 addlog("\n");
2926 }
2927 x = splimp();
2928 sp->pp_flags &= ~PP_NEEDAUTH;
2929 if (sp->myauth.proto == PPP_CHAP &&
2930 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) {
2931 /*
2932 * We are authenticator for CHAP but didn't
2933 * complete yet. Leave it to tlu to proceed
2934 * to network phase.
2935 */
2936 splx(x);
2937 break;
2938 }
2939 splx(x);
2940 sppp_phase_network(sp);
2941 break;
2942
2943 case CHAP_FAILURE:
2944 if (debug) {
2945 log(LOG_INFO, "%s%d: chap failure",
2946 ifp->if_name, ifp->if_unit);
2947 if (len > 4) {
2948 addlog(": ");
2949 sppp_print_string((char*)(h + 1), len - 4);
2950 }
2951 addlog("\n");
2952 } else
2953 log(LOG_INFO, "%s%d: chap failure\n",
2954 ifp->if_name, ifp->if_unit);
2955 /* await LCP shutdown by authenticator */
2956 break;
2957
2958 /* response is my authproto */
2959 case CHAP_RESPONSE:
2960 value = 1 + (u_char*)(h+1);
2961 value_len = value[-1];
2962 name = value + value_len;
2963 name_len = len - value_len - 5;
2964 if (name_len < 0) {
2965 if (debug) {
2966 log(LOG_DEBUG,
2967 "%s%d: chap corrupted response "
2968 "<%s id=0x%x len=%d",
2969 ifp->if_name, ifp->if_unit,
2970 sppp_auth_type_name(PPP_CHAP, h->type),
2971 h->ident, ntohs(h->len));
2972 if (len > 4)
2973 sppp_print_bytes((u_char*)(h+1), len-4);
2974 addlog(">\n");
2975 }
2976 break;
2977 }
2978 if (h->ident != sp->confid[IDX_CHAP]) {
2979 if (debug)
2980 log(LOG_DEBUG,
2981 "%s%d: chap dropping response for old ID "
2982 "(got %d, expected %d)\n",
2983 h->ident, sp->confid[IDX_CHAP]);
2984 break;
2985 }
2986 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)
2987 || bcmp(name, sp->hisauth.name, name_len) != 0) {
2988 log(LOG_INFO, "%s%d: chap response, his name ",
2989 ifp->if_name, ifp->if_unit);
2990 sppp_print_string(name, name_len);
2991 addlog(" != expected ");
2992 sppp_print_string(sp->hisauth.name,
2993 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN));
2994 addlog("\n");
2995 }
2996 if (debug) {
2997 log(LOG_DEBUG, "%s%d: chap input(%s) "
2998 "<%s id=0x%x len=%d name=",
2999 ifp->if_name, ifp->if_unit,
3000 sppp_state_name(sp->state[IDX_CHAP]),
3001 sppp_auth_type_name(PPP_CHAP, h->type),
3002 h->ident, ntohs (h->len));
3003 sppp_print_string((char*)name, name_len);
3004 addlog(" value-size=%d value=", value_len);
3005 sppp_print_bytes(value, value_len);
3006 addlog(">\n");
3007 }
3008 if (value_len != AUTHKEYLEN) {
3009 if (debug)
3010 log(LOG_DEBUG,
3011 "%s%d: chap bad hash value length: "
3012 "%d bytes, should be %d\n",
3013 ifp->if_name, ifp->if_unit, value_len,
3014 AUTHKEYLEN);
3015 break;
3016 }
3017
3018 MD5Init(&ctx);
3019 MD5Update(&ctx, &h->ident, 1);
3020 MD5Update(&ctx, sp->hisauth.secret,
3021 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN));
3022 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN);
3023 MD5Final(digest, &ctx);
3024
3025#define FAILMSG "Failed..."
3026#define SUCCMSG "Welcome!"
3027
3028 if (value_len != sizeof digest ||
3029 bcmp(digest, value, value_len) != 0) {
3030 /* action scn, tld */
3031 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident,
3032 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
3033 0);
3034 chap.tld(sp);
3035 break;
3036 }
3037 /* action sca, perhaps tlu */
3038 if (sp->state[IDX_CHAP] == STATE_REQ_SENT ||
3039 sp->state[IDX_CHAP] == STATE_OPENED)
3040 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident,
3041 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
3042 0);
3043 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) {
3044 sppp_cp_change_state(&chap, sp, STATE_OPENED);
3045 chap.tlu(sp);
3046 }
3047 break;
3048
3049 default:
3050 /* Unknown CHAP packet type -- ignore. */
3051 if (debug) {
3052 log(LOG_DEBUG, "%s%d: chap unknown input(%s) "
3053 "<0x%x id=0x%xh len=%d",
3054 ifp->if_name, ifp->if_unit,
3055 sppp_state_name(sp->state[IDX_CHAP]),
3056 h->type, h->ident, ntohs(h->len));
3057 if (len > 4)
3058 sppp_print_bytes((u_char*)(h+1), len-4);
3059 addlog(">\n");
3060 }
3061 break;
3062
3063 }
3064}
3065
3066static void
3067sppp_chap_init(struct sppp *sp)
3068{
3069 /* Chap doesn't have STATE_INITIAL at all. */
3070 sp->state[IDX_CHAP] = STATE_CLOSED;
3071 sp->fail_counter[IDX_CHAP] = 0;
3072 callout_handle_init(&sp->ch[IDX_CHAP]);
3073}
3074
3075static void
3076sppp_chap_open(struct sppp *sp)
3077{
3078 if (sp->myauth.proto == PPP_CHAP &&
3079 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
3080 /* we are authenticator for CHAP, start it */
3081 chap.scr(sp);
3082 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3083 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
3084 }
3085 /* nothing to be done if we are peer, await a challenge */
3086}
3087
3088static void
3089sppp_chap_close(struct sppp *sp)
3090{
3091 if (sp->state[IDX_CHAP] != STATE_CLOSED)
3092 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
3093}
3094
3095static void
3096sppp_chap_TO(void *cookie)
3097{
3098 struct sppp *sp = (struct sppp *)cookie;
3099 STDDCL;
3100 int s;
3101
3102 s = splimp();
3103 if (debug)
3104 log(LOG_DEBUG, "%s%d: chap TO(%s) rst_counter = %d\n",
3105 ifp->if_name, ifp->if_unit,
3106 sppp_state_name(sp->state[IDX_CHAP]),
3107 sp->rst_counter[IDX_CHAP]);
3108
3109 if (--sp->rst_counter[IDX_CHAP] < 0)
3110 /* TO- event */
3111 switch (sp->state[IDX_CHAP]) {
3112 case STATE_REQ_SENT:
3113 chap.tld(sp);
3114 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
3115 break;
3116 }
3117 else
3118 /* TO+ (or TO*) event */
3119 switch (sp->state[IDX_CHAP]) {
3120 case STATE_OPENED:
3121 /* TO* event */
3122 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3123 /* fall through */
3124 case STATE_REQ_SENT:
3125 chap.scr(sp);
3126 /* sppp_cp_change_state() will restart the timer */
3127 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
3128 break;
3129 }
3130
3131 splx(s);
3132}
3133
3134static void
3135sppp_chap_tlu(struct sppp *sp)
3136{
3137 STDDCL;
3138 int i, x;
3139
3140 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3141
3142 /*
3143 * Some broken CHAP implementations (Conware CoNet, firmware
3144 * 4.0.?) don't want to re-authenticate their CHAP once the
3145 * initial challenge-response exchange has taken place.
3146 * Provide for an option to avoid rechallenges.
3147 */
3148 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) {
3149 /*
3150 * Compute the re-challenge timeout. This will yield
3151 * a number between 300 and 810 seconds.
3152 */
3153 i = 300 + ((unsigned)(random() & 0xff00) >> 7);
3154
3155 sp->ch[IDX_CHAP] = timeout(chap.TO, (void *)sp, i * hz);
3156 }
3157
3158 if (debug) {
3159 log(LOG_DEBUG,
3160 "%s%d: chap %s, ",
3161 ifp->if_name, ifp->if_unit,
3162 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu");
3163 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0)
3164 addlog("next re-challenge in %d seconds\n", i);
3165 else
3166 addlog("re-challenging supressed\n");
3167 }
3168
3169 x = splimp();
3170 /* indicate to LCP that we need to be closed down */
3171 sp->lcp.protos |= (1 << IDX_CHAP);
3172
3173 if (sp->pp_flags & PP_NEEDAUTH) {
3174 /*
3175 * Remote is authenticator, but his auth proto didn't
3176 * complete yet. Defer the transition to network
3177 * phase.
3178 */
3179 splx(x);
3180 return;
3181 }
3182 splx(x);
3183
3184 /*
3185 * If we are already in phase network, we are done here. This
3186 * is the case if this is a dummy tlu event after a re-challenge.
3187 */
3188 if (sp->pp_phase != PHASE_NETWORK)
3189 sppp_phase_network(sp);
3190}
3191
3192static void
3193sppp_chap_tld(struct sppp *sp)
3194{
3195 STDDCL;
3196
3197 if (debug)
3198 log(LOG_DEBUG, "%s%d: chap tld\n", ifp->if_name, ifp->if_unit);
3199 untimeout(chap.TO, (void *)sp, sp->ch[IDX_CHAP]);
3200 sp->lcp.protos &= ~(1 << IDX_CHAP);
3201
3202 lcp.Close(sp);
3203}
3204
3205static void
3206sppp_chap_scr(struct sppp *sp)
3207{
3208 struct timeval tv;
3209 u_long *ch, seed;
3210 u_char clen;
3211
3212 /* Compute random challenge. */
3213 ch = (u_long *)sp->myauth.challenge;
3214 microtime(&tv);
3215 seed = tv.tv_sec ^ tv.tv_usec;
3216 ch[0] = seed ^ random();
3217 ch[1] = seed ^ random();
3218 ch[2] = seed ^ random();
3219 ch[3] = seed ^ random();
3220 clen = AUTHKEYLEN;
3221
3222 sp->confid[IDX_CHAP] = ++sp->pp_seq;
3223
3224 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP],
3225 sizeof clen, (const char *)&clen,
3226 AUTHKEYLEN, sp->myauth.challenge,
3227 sppp_strnlen(sp->myauth.name, AUTHNAMELEN),
3228 sp->myauth.name,
3229 0);
3230}
3231 /*
3232 *--------------------------------------------------------------------------*
3233 * *
3234 * The PAP implementation. *
3235 * *
3236 *--------------------------------------------------------------------------*
3237 */
3238/*
3239 * For PAP, we need to keep a little state also if we are the peer, not the
3240 * authenticator. This is since we don't get a request to authenticate, but
3241 * have to repeatedly authenticate ourself until we got a response (or the
3242 * retry counter is expired).
3243 */
3244
3245/*
3246 * Handle incoming PAP packets. */
3247static void
3248sppp_pap_input(struct sppp *sp, struct mbuf *m)
3249{
3250 STDDCL;
3251 struct lcp_header *h;
3252 int len, x;
3253 u_char *name, *passwd, mlen;
3254 int name_len, passwd_len;
3255
3256 len = m->m_pkthdr.len;
3257 if (len < 5) {
3258 if (debug)
3259 log(LOG_DEBUG,
3260 "%s%d: pap invalid packet length: %d bytes\n",
3261 ifp->if_name, ifp->if_unit, len);
3262 return;
3263 }
3264 h = mtod (m, struct lcp_header*);
3265 if (len > ntohs (h->len))
3266 len = ntohs (h->len);
3267 switch (h->type) {
3268 /* PAP request is my authproto */
3269 case PAP_REQ:
3270 name = 1 + (u_char*)(h+1);
3271 name_len = name[-1];
3272 passwd = name + name_len + 1;
3273 if (name_len > len - 6 ||
3274 (passwd_len = passwd[-1]) > len - 6 - name_len) {
3275 if (debug) {
3276 log(LOG_DEBUG, "%s%d: pap corrupted input "
3277 "<%s id=0x%x len=%d",
3278 ifp->if_name, ifp->if_unit,
3279 sppp_auth_type_name(PPP_PAP, h->type),
3280 h->ident, ntohs(h->len));
3281 if (len > 4)
3282 sppp_print_bytes((u_char*)(h+1), len-4);
3283 addlog(">\n");
3284 }
3285 break;
3286 }
3287 if (debug) {
3288 log(LOG_DEBUG, "%s%d: pap input(%s) "
3289 "<%s id=0x%x len=%d name=",
3290 ifp->if_name, ifp->if_unit,
3291 sppp_state_name(sp->state[IDX_PAP]),
3292 sppp_auth_type_name(PPP_PAP, h->type),
3293 h->ident, ntohs(h->len));
3294 sppp_print_string((char*)name, name_len);
3295 addlog(" passwd=");
3296 sppp_print_string((char*)passwd, passwd_len);
3297 addlog(">\n");
3298 }
3299 if (name_len > AUTHNAMELEN ||
3300 passwd_len > AUTHKEYLEN ||
3301 bcmp(name, sp->hisauth.name, name_len) != 0 ||
3302 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) {
3303 /* action scn, tld */
3304 mlen = sizeof(FAILMSG) - 1;
3305 sppp_auth_send(&pap, sp, PAP_NAK, h->ident,
3306 sizeof mlen, (const char *)&mlen,
3307 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
3308 0);
3309 pap.tld(sp);
3310 break;
3311 }
3312 /* action sca, perhaps tlu */
3313 if (sp->state[IDX_PAP] == STATE_REQ_SENT ||
3314 sp->state[IDX_PAP] == STATE_OPENED) {
3315 mlen = sizeof(SUCCMSG) - 1;
3316 sppp_auth_send(&pap, sp, PAP_ACK, h->ident,
3317 sizeof mlen, (const char *)&mlen,
3318 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
3319 0);
3320 }
3321 if (sp->state[IDX_PAP] == STATE_REQ_SENT) {
3322 sppp_cp_change_state(&pap, sp, STATE_OPENED);
3323 pap.tlu(sp);
3324 }
3325 break;
3326
3327 /* ack and nak are his authproto */
3328 case PAP_ACK:
3329 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
3330 if (debug) {
3331 log(LOG_DEBUG, "%s%d: pap success",
3332 ifp->if_name, ifp->if_unit);
3333 name_len = *((char *)h);
3334 if (len > 5 && name_len) {
3335 addlog(": ");
3336 sppp_print_string((char*)(h+1), name_len);
3337 }
3338 addlog("\n");
3339 }
3340 x = splimp();
3341 sp->pp_flags &= ~PP_NEEDAUTH;
3342 if (sp->myauth.proto == PPP_PAP &&
3343 (sp->lcp.protos & (1 << IDX_PAP)) == 0) {
3344 /*
3345 * We are authenticator for PAP but didn't
3346 * complete yet. Leave it to tlu to proceed
3347 * to network phase.
3348 */
3349 splx(x);
3350 break;
3351 }
3352 splx(x);
3353 sppp_phase_network(sp);
3354 break;
3355
3356 case PAP_NAK:
3357 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
3358 if (debug) {
3359 log(LOG_INFO, "%s%d: pap failure",
3360 ifp->if_name, ifp->if_unit);
3361 name_len = *((char *)h);
3362 if (len > 5 && name_len) {
3363 addlog(": ");
3364 sppp_print_string((char*)(h+1), name_len);
3365 }
3366 addlog("\n");
3367 } else
3368 log(LOG_INFO, "%s%d: pap failure\n",
3369 ifp->if_name, ifp->if_unit);
3370 /* await LCP shutdown by authenticator */
3371 break;
3372
3373 default:
3374 /* Unknown PAP packet type -- ignore. */
3375 if (debug) {
3376 log(LOG_DEBUG, "%s%d: pap corrupted input "
3377 "<0x%x id=0x%x len=%d",
3378 ifp->if_name, ifp->if_unit,
3379 h->type, h->ident, ntohs(h->len));
3380 if (len > 4)
3381 sppp_print_bytes((u_char*)(h+1), len-4);
3382 addlog(">\n");
3383 }
3384 break;
3385
3386 }
3387}
3388
3389static void
3390sppp_pap_init(struct sppp *sp)
3391{
3392 /* PAP doesn't have STATE_INITIAL at all. */
3393 sp->state[IDX_PAP] = STATE_CLOSED;
3394 sp->fail_counter[IDX_PAP] = 0;
3395 callout_handle_init(&sp->ch[IDX_PAP]);
3396 callout_handle_init(&sp->pap_my_to_ch);
3397}
3398
3399static void
3400sppp_pap_open(struct sppp *sp)
3401{
3402 if (sp->hisauth.proto == PPP_PAP &&
3403 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
3404 /* we are authenticator for PAP, start our timer */
3405 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
3406 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
3407 }
3408 if (sp->myauth.proto == PPP_PAP) {
3409 /* we are peer, send a request, and start a timer */
3410 pap.scr(sp);
3411 sp->pap_my_to_ch = timeout(sppp_pap_my_TO, (void *)sp,
3412 sp->lcp.timeout);
3413 }
3414}
3415
3416static void
3417sppp_pap_close(struct sppp *sp)
3418{
3419 if (sp->state[IDX_PAP] != STATE_CLOSED)
3420 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
3421}
3422
3423/*
3424 * That's the timeout routine if we are authenticator. Since the
3425 * authenticator is basically passive in PAP, we can't do much here.
3426 */
3427static void
3428sppp_pap_TO(void *cookie)
3429{
3430 struct sppp *sp = (struct sppp *)cookie;
3431 STDDCL;
3432 int s;
3433
3434 s = splimp();
3435 if (debug)
3436 log(LOG_DEBUG, "%s%d: pap TO(%s) rst_counter = %d\n",
3437 ifp->if_name, ifp->if_unit,
3438 sppp_state_name(sp->state[IDX_PAP]),
3439 sp->rst_counter[IDX_PAP]);
3440
3441 if (--sp->rst_counter[IDX_PAP] < 0)
3442 /* TO- event */
3443 switch (sp->state[IDX_PAP]) {
3444 case STATE_REQ_SENT:
3445 pap.tld(sp);
3446 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
3447 break;
3448 }
3449 else
3450 /* TO+ event, not very much we could do */
3451 switch (sp->state[IDX_PAP]) {
3452 case STATE_REQ_SENT:
3453 /* sppp_cp_change_state() will restart the timer */
3454 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
3455 break;
3456 }
3457
3458 splx(s);
3459}
3460
3461/*
3462 * That's the timeout handler if we are peer. Since the peer is active,
3463 * we need to retransmit our PAP request since it is apparently lost.
3464 * XXX We should impose a max counter.
3465 */
3466static void
3467sppp_pap_my_TO(void *cookie)
3468{
3469 struct sppp *sp = (struct sppp *)cookie;
3470 STDDCL;
3471
3472 if (debug)
3473 log(LOG_DEBUG, "%s%d: pap peer TO\n",
3474 ifp->if_name, ifp->if_unit);
3475
3476 pap.scr(sp);
3477}
3478
3479static void
3480sppp_pap_tlu(struct sppp *sp)
3481{
3482 STDDCL;
3483 int x;
3484
3485 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
3486
3487 if (debug)
3488 log(LOG_DEBUG, "%s%d: %s tlu\n",
3489 ifp->if_name, ifp->if_unit, pap.name);
3490
3491 x = splimp();
3492 /* indicate to LCP that we need to be closed down */
3493 sp->lcp.protos |= (1 << IDX_PAP);
3494
3495 if (sp->pp_flags & PP_NEEDAUTH) {
3496 /*
3497 * Remote is authenticator, but his auth proto didn't
3498 * complete yet. Defer the transition to network
3499 * phase.
3500 */
3501 splx(x);
3502 return;
3503 }
3504 splx(x);
3505 sppp_phase_network(sp);
3506}
3507
3508static void
3509sppp_pap_tld(struct sppp *sp)
3510{
3511 STDDCL;
3512
3513 if (debug)
3514 log(LOG_DEBUG, "%s%d: pap tld\n", ifp->if_name, ifp->if_unit);
3515 untimeout(pap.TO, (void *)sp, sp->ch[IDX_PAP]);
3516 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
3517 sp->lcp.protos &= ~(1 << IDX_PAP);
3518
3519 lcp.Close(sp);
3520}
3521
3522static void
3523sppp_pap_scr(struct sppp *sp)
3524{
3525 STDDCL;
3526 u_char idlen, pwdlen;
3527
3528 sp->confid[IDX_PAP] = ++sp->pp_seq;
3529 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN);
3530 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN);
3531
3532 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP],
3533 sizeof idlen, (const char *)&idlen,
3534 (unsigned)idlen, sp->myauth.name,
3535 sizeof pwdlen, (const char *)&pwdlen,
3536 (unsigned)pwdlen, sp->myauth.secret,
3537 0);
3538}
3539 /*
3540 * Random miscellaneous functions.
3541 */
3542
3543/*
3544 * Send a PAP or CHAP proto packet.
3545 *
3546 * Varadic function, each of the elements for the ellipsis is of type
3547 * ``unsigned mlen, const u_char *msg''. Processing will stop iff
3548 * mlen == 0.
3549 */
3550
3551static void
3552sppp_auth_send(const struct cp *cp, struct sppp *sp, u_char type, u_char id,
3553 ...)
3554{
3555 STDDCL;
3556 struct ppp_header *h;
3557 struct lcp_header *lh;
3558 struct mbuf *m;
3559 u_char *p;
3560 int len;
3561 unsigned mlen;
3562 const char *msg;
3563 va_list ap;
3564
3565 MGETHDR (m, M_DONTWAIT, MT_DATA);
3566 if (! m)
3567 return;
3568 m->m_pkthdr.rcvif = 0;
3569
3570 h = mtod (m, struct ppp_header*);
3571 h->address = PPP_ALLSTATIONS; /* broadcast address */
3572 h->control = PPP_UI; /* Unnumbered Info */
3573 h->protocol = htons(cp->proto);
3574
3575 lh = (struct lcp_header*)(h + 1);
3576 lh->type = type;
3577 lh->ident = id;
3578 p = (u_char*) (lh+1);
3579
3580 va_start(ap, id);
3581 len = 0;
3582
3583 while ((mlen = va_arg(ap, unsigned)) != 0) {
3584 msg = va_arg(ap, const char *);
3585 len += mlen;
3586 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) {
3587 va_end(ap);
3588 m_freem(m);
3589 return;
3590 }
3591
3592 bcopy(msg, p, mlen);
3593 p += mlen;
3594 }
3595 va_end(ap);
3596
3597 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len;
3598 lh->len = htons (LCP_HEADER_LEN + len);
3599
3600 if (debug) {
3601 log(LOG_DEBUG, "%s%d: %s output <%s id=0x%x len=%d",
3602 ifp->if_name, ifp->if_unit, cp->name,
3603 sppp_auth_type_name(cp->proto, lh->type),
3604 lh->ident, ntohs(lh->len));
3605 if (len)
3606 sppp_print_bytes((u_char*) (lh+1), len);
3607 addlog(">\n");
3608 }
3609 if (IF_QFULL (&sp->pp_cpq)) {
3610 IF_DROP (&sp->pp_fastq);
3611 IF_DROP (&ifp->if_snd);
3612 m_freem (m);
3613 ++ifp->if_oerrors;
3614 } else
3615 IF_ENQUEUE (&sp->pp_cpq, m);
3616 if (! (ifp->if_flags & IFF_OACTIVE))
3617 (*ifp->if_start) (ifp);
3618 ifp->if_obytes += m->m_pkthdr.len + 3;
3619}
3620
3621/*
3622 * Flush interface queue.
3623 */
3624static void
3625sppp_qflush(struct ifqueue *ifq)
3626{
3627 struct mbuf *m, *n;
3628
3629 n = ifq->ifq_head;
--- 57 unchanged lines hidden (view full) ---
3687 splx(s);
3688 keepalive_ch = timeout(sppp_keepalive, 0, hz * 10);
3689}
3690
3691/*
3692 * Get both IP addresses.
3693 */
3694static void
3695sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask)
3696{
3697 struct ifnet *ifp = &sp->pp_if;
3698 struct ifaddr *ifa;
3699 struct sockaddr_in *si, *sm;
3700 u_long ssrc, ddst;
3701
3702 ssrc = ddst = 0L;
3703 /*
3704 * Pick the first AF_INET address from the list,
3705 * aliases don't make any sense on a p2p link anyway.
3706 */
3707 for (ifa = ifp->if_addrhead.tqh_first, si = 0;
3708 ifa;
3709 ifa = ifa->ifa_link.tqe_next)
3710 if (ifa->ifa_addr->sa_family == AF_INET) {
3711 si = (struct sockaddr_in *)ifa->ifa_addr;
3712 sm = (struct sockaddr_in *)ifa->ifa_netmask;
3713 if (si)
3714 break;
3715 }
3716 if (ifa) {
3717 if (si && si->sin_addr.s_addr) {
3718 ssrc = si->sin_addr.s_addr;
3719 if (srcmask)
3720 *srcmask = ntohl(sm->sin_addr.s_addr);
3721 }
3722
3723 si = (struct sockaddr_in *)ifa->ifa_dstaddr;
3724 if (si && si->sin_addr.s_addr)
3725 ddst = si->sin_addr.s_addr;
3726 }
3727
3728 if (dst) *dst = ntohl(ddst);
3729 if (src) *src = ntohl(ssrc);
--- 10 unchanged lines hidden (view full) ---
3740 struct sockaddr_in *si;
3741 u_long ssrc, ddst;
3742
3743 /*
3744 * Pick the first AF_INET address from the list,
3745 * aliases don't make any sense on a p2p link anyway.
3746 */
3747 for (ifa = ifp->if_addrhead.tqh_first, si = 0;
3748 ifa;
3749 ifa = ifa->ifa_link.tqe_next)
3750 if (ifa->ifa_addr->sa_family == AF_INET) {
3751 si = (struct sockaddr_in *)ifa->ifa_addr;
3752 if (si)
3753 break;
3754 }
3755 if (ifa && si)
3756 si->sin_addr.s_addr = htonl(src);
3757}
3758
3759static int
3760sppp_params(struct sppp *sp, int cmd, void *data)
3761{
3762 int subcmd;
3763 struct ifreq *ifr = (struct ifreq *)data;
3764 struct spppreq spr;
3765
3766 /*
3767 * ifr->ifr_data is supposed to point to a struct spppreq.
3768 * Check the cmd word first before attempting to fetch all the
3769 * data.
3770 */
3771 if ((subcmd = fuword(ifr->ifr_data)) == -1)
3772 return EFAULT;
3773
3774 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0)
3775 return EFAULT;
3776
3777 switch (subcmd) {
3778 case SPPPIOGDEFS:
3779 if (cmd != SIOCGIFGENERIC)
3780 return EINVAL;
3781 /*
3782 * We copy over the entire current state, but clean
3783 * out some of the stuff we don't wanna pass up.
3784 * Remember, SIOCGIFGENERIC is unprotected, and can be
3785 * called by any user. No need to ever get PAP or
3786 * CHAP secrets back to userland anyway.
3787 */
3788 bcopy(sp, &spr.defs, sizeof(struct sppp));
3789 bzero(spr.defs.myauth.secret, AUTHKEYLEN);
3790 bzero(spr.defs.myauth.challenge, AUTHKEYLEN);
3791 bzero(spr.defs.hisauth.secret, AUTHKEYLEN);
3792 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN);
3793 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr);
3794
3795 case SPPPIOSDEFS:
3796 if (cmd != SIOCSIFGENERIC)
3797 return EINVAL;
3798 /*
3799 * We have a very specific idea of which fields we allow
3800 * being passed back from userland, so to not clobber our
3801 * current state. For one, we only allow setting
3802 * anything if LCP is in dead phase. Once the LCP
3803 * negotiations started, the authentication settings must
3804 * not be changed again. (The administrator can force an
3805 * ifconfig down in order to get LCP back into dead
3806 * phase.)
3807 *
3808 * Also, we only allow for authentication parameters to be
3809 * specified.
3810 *
3811 * XXX Should allow to set or clear pp_flags.
3812 *
3813 * Finally, if the respective authentication protocol to
3814 * be used is set differently than 0, but the secret is
3815 * passed as all zeros, we don't trash the existing secret.
3816 * This allows an administrator to change the system name
3817 * only without clobbering the secret (which he didn't get
3818 * back in a previous SPPPIOGDEFS call). However, the
3819 * secrets are cleared if the authentication protocol is
3820 * reset to 0.
3821 */
3822 if (sp->pp_phase != PHASE_DEAD)
3823 return EBUSY;
3824
3825 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP &&
3826 spr.defs.myauth.proto != PPP_CHAP) ||
3827 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP &&
3828 spr.defs.hisauth.proto != PPP_CHAP))
3829 return EINVAL;
3830
3831 if (spr.defs.myauth.proto == 0)
3832 /* resetting myauth */
3833 bzero(&sp->myauth, sizeof sp->myauth);
3834 else {
3835 /* setting/changing myauth */
3836 sp->myauth.proto = spr.defs.myauth.proto;
3837 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN);
3838 if (spr.defs.myauth.secret[0] != '\0')
3839 bcopy(spr.defs.myauth.secret, sp->myauth.secret,
3840 AUTHKEYLEN);
3841 }
3842 if (spr.defs.hisauth.proto == 0)
3843 /* resetting hisauth */
3844 bzero(&sp->hisauth, sizeof sp->hisauth);
3845 else {
3846 /* setting/changing hisauth */
3847 sp->hisauth.proto = spr.defs.hisauth.proto;
3848 sp->hisauth.flags = spr.defs.hisauth.flags;
3849 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN);
3850 if (spr.defs.hisauth.secret[0] != '\0')
3851 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret,
3852 AUTHKEYLEN);
3853 }
3854 break;
3855
3856 default:
3857 return EINVAL;
3858 }
3859
3860 return 0;
3861}
3862
3863static void
3864sppp_phase_network(struct sppp *sp)
3865{
3866 struct ifnet *ifp = &sp->pp_if;
3867 int i;
3868 u_long mask;
3869
3870 sp->pp_phase = PHASE_NETWORK;
3871
3872 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit,
3873 sppp_phase_name(sp->pp_phase));
3874
3875 /* Notify NCPs now. */
3876 for (i = 0; i < IDX_COUNT; i++)
3877 if ((cps[i])->flags & CP_NCP)
3878 (cps[i])->Open(sp);
3879
3880 /* Send Up events to all NCPs. */
3881 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
3882 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP))
3883 (cps[i])->Up(sp);
3884
3885 /* if no NCP is starting, all this was in vain, close down */
3886 sppp_lcp_check_and_close(sp);
3887}
3888
3889
3890static const char *
3891sppp_cp_type_name(u_char type)
3892{
3893 static char buf[12];
3894 switch (type) {
3895 case CONF_REQ: return "conf-req";
3896 case CONF_ACK: return "conf-ack";
3897 case CONF_NAK: return "conf-nak";
3898 case CONF_REJ: return "conf-rej";
3899 case TERM_REQ: return "term-req";
3900 case TERM_ACK: return "term-ack";
3901 case CODE_REJ: return "code-rej";
3902 case PROTO_REJ: return "proto-rej";
3903 case ECHO_REQ: return "echo-req";
3904 case ECHO_REPLY: return "echo-reply";
3905 case DISC_REQ: return "discard-req";
3906 }
3907 sprintf (buf, "0x%x", type);
3908 return buf;
3909}
3910
3911static const char *
3912sppp_auth_type_name(u_short proto, u_char type)
3913{
3914 static char buf[12];
3915 switch (proto) {
3916 case PPP_CHAP:
3917 switch (type) {
3918 case CHAP_CHALLENGE: return "challenge";
3919 case CHAP_RESPONSE: return "response";
3920 case CHAP_SUCCESS: return "success";
3921 case CHAP_FAILURE: return "failure";
3922 }
3923 case PPP_PAP:
3924 switch (type) {
3925 case PAP_REQ: return "req";
3926 case PAP_ACK: return "ack";
3927 case PAP_NAK: return "nak";
3928 }
3929 }
3930 sprintf (buf, "0x%x", type);
3931 return buf;
3932}
3933
3934static const char *
3935sppp_lcp_opt_name(u_char opt)
3936{
3937 static char buf[12];
3938 switch (opt) {
3939 case LCP_OPT_MRU: return "mru";
3940 case LCP_OPT_ASYNC_MAP: return "async-map";
3941 case LCP_OPT_AUTH_PROTO: return "auth-proto";
3942 case LCP_OPT_QUAL_PROTO: return "qual-proto";
3943 case LCP_OPT_MAGIC: return "magic";
3944 case LCP_OPT_PROTO_COMP: return "proto-comp";
3945 case LCP_OPT_ADDR_COMP: return "addr-comp";
3946 }
3947 sprintf (buf, "0x%x", opt);
3948 return buf;
3949}
3950
3951static const char *
3952sppp_ipcp_opt_name(u_char opt)
3953{
3954 static char buf[12];
3955 switch (opt) {
3956 case IPCP_OPT_ADDRESSES: return "addresses";
3957 case IPCP_OPT_COMPRESSION: return "compression";
3958 case IPCP_OPT_ADDRESS: return "address";
3959 }
3960 sprintf (buf, "0x%x", opt);
3961 return buf;
3962}
3963
3964static const char *
3965sppp_state_name(int state)
3966{
3967 switch (state) {
3968 case STATE_INITIAL: return "initial";
3969 case STATE_STARTING: return "starting";
--- 24 unchanged lines hidden (view full) ---
3994
3995static const char *
3996sppp_proto_name(u_short proto)
3997{
3998 static char buf[12];
3999 switch (proto) {
4000 case PPP_LCP: return "lcp";
4001 case PPP_IPCP: return "ipcp";
4002 case PPP_PAP: return "pap";
4003 case PPP_CHAP: return "chap";
4004 }
4005 sprintf(buf, "0x%x", (unsigned)proto);
4006 return buf;
4007}
4008
4009static void
4010sppp_print_bytes(const u_char *p, u_short len)
4011{
4012 addlog(" %x", *p++);
4013 while (--len > 0)
4014 addlog("-%x", *p++);
4015}
4016
4017static void
4018sppp_print_string(const char *p, u_short len)
4019{
4020 u_char c;
4021
4022 while (len-- > 0) {
4023 c = *p++;
4024 /*
4025 * Print only ASCII chars directly. RFC 1994 recommends
4026 * using only them, but we don't rely on it. */
4027 if (c < ' ' || c > '~')
4028 addlog("\\x%x", c);
4029 else
4030 addlog("%c", c);
4031 }
4032}
4033
4034static const char *
4035sppp_dotted_quad(u_long addr)
4036{
4037 static char s[16];
4038 sprintf(s, "%d.%d.%d.%d",
4039 (addr >> 24) & 0xff,
4040 (addr >> 16) & 0xff,
4041 (addr >> 8) & 0xff,
4042 addr & 0xff);
4043 return s;
4044}
4045
4046static int
4047sppp_strnlen(u_char *p, int max)
4048{
4049 int len;
4050
4051 for (len = 0; len < max && *p; ++p)
4052 ++len;
4053 return len;
4054}
4055
4056/* a dummy, used to drop uninteresting events */
4057static void
4058sppp_null(struct sppp *unused)
4059{
4060 /* do just nothing */
4061}
4062/*
4063 * This file is large. Tell emacs to highlight it nevertheless.
4064 *
4065 * Local Variables:
4066 * hilit-auto-highlight-maxout: 120000
4067 * End:
4068 */
2 * Synchronous PPP/Cisco link level subroutines.
3 * Keepalive protocol implemented in both Cisco and PPP modes.
4 *
5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd.
6 * Author: Serge Vakulenko, <vak@cronyx.ru>
7 *
8 * Heavily revamped to conform to RFC 1661.
9 * Copyright (C) 1997, Joerg Wunsch.
10 *
11 * This software is distributed with NO WARRANTIES, not even the implied
12 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
13 *
14 * Authors grant any other persons or organisations permission to use
15 * or modify this software as long as this message is kept with the software,
16 * all derivative works or modified versions.
17 *
18 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997
19 *
20 * $Id: if_spppsubr.c,v 1.26 1997/09/02 01:18:37 bde Exp $
21 */
22
23#include <sys/param.h>
24#include <sys/systm.h>
25#include <sys/kernel.h>
26#include <sys/sockio.h>
27#include <sys/socket.h>
28#include <sys/syslog.h>
29#include <sys/malloc.h>
30#include <sys/mbuf.h>
31#include <sys/md5.h>
32
33#include <net/if.h>
34#include <net/netisr.h>
35#include <net/if_types.h>
36
37#include <machine/stdarg.h>
38
39#ifdef INET
40#include <netinet/in.h>
41#include <netinet/in_systm.h>
42#include <netinet/in_var.h>
43#include <netinet/ip.h>
44#include <netinet/tcp.h>
45#include <netinet/if_ether.h>
46#endif
--- 24 unchanged lines hidden (view full) ---
71 *
72 * Setting link0 will make the link passive, i.e. it will be marked
73 * as being administrative openable, but won't be opened to begin
74 * with. Incoming calls will be answered, or subsequent calls with
75 * -link1 will cause the administrative open of the LCP layer.
76 *
77 * Setting link1 will cause the link to auto-dial only as packets
78 * arrive to be sent.
79 *
80 * Setting IFF_DEBUG will syslog the option negotiation and state
81 * transitions at level kern.debug. Note: all logs consistently look
82 * like
83 *
84 * <if-name><unit>: <proto-name> <additional info...>
85 *
86 * with <if-name><unit> being something like "bppp0", and <proto-name>
87 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc.
88 */
89
90#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */
91#define IFF_AUTO IFF_LINK1 /* auto-dial on output */
92
93#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */
94#define PPP_UI 0x03 /* Unnumbered Information */
95#define PPP_IP 0x0021 /* Internet Protocol */
96#define PPP_ISO 0x0023 /* ISO OSI Protocol */
97#define PPP_XNS 0x0025 /* Xerox NS Protocol */
98#define PPP_IPX 0x002b /* Novell IPX Protocol */
99#define PPP_LCP 0xc021 /* Link Control Protocol */
100#define PPP_PAP 0xc023 /* Password Authentication Protocol */
101#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */
102#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */
103
104#define CONF_REQ 1 /* PPP configure request */
105#define CONF_ACK 2 /* PPP configure acknowledge */
106#define CONF_NAK 3 /* PPP configure negative ack */
107#define CONF_REJ 4 /* PPP configure reject */
108#define TERM_REQ 5 /* PPP terminate request */
109#define TERM_ACK 6 /* PPP terminate acknowledge */
110#define CODE_REJ 7 /* PPP code reject */
111#define PROTO_REJ 8 /* PPP protocol reject */
112#define ECHO_REQ 9 /* PPP echo request */
113#define ECHO_REPLY 10 /* PPP echo reply */
114#define DISC_REQ 11 /* PPP discard request */
115
116#define LCP_OPT_MRU 1 /* maximum receive unit */
117#define LCP_OPT_ASYNC_MAP 2 /* async control character map */
118#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */
119#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */
120#define LCP_OPT_MAGIC 5 /* magic number */
121#define LCP_OPT_RESERVED 6 /* reserved */
122#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */
123#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */
124
125#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */
126#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */
127#define IPCP_OPT_ADDRESS 3 /* local IP address */
128
129#define PAP_REQ 1 /* PAP name/password request */
130#define PAP_ACK 2 /* PAP acknowledge */
131#define PAP_NAK 3 /* PAP fail */
132
133#define CHAP_CHALLENGE 1 /* CHAP challenge request */
134#define CHAP_RESPONSE 2 /* CHAP challenge response */
135#define CHAP_SUCCESS 3 /* CHAP response ok */
136#define CHAP_FAILURE 4 /* CHAP response failed */
137
138#define CHAP_MD5 5 /* hash algorithm - MD5 */
139
140#define CISCO_MULTICAST 0x8f /* Cisco multicast address */
141#define CISCO_UNICAST 0x0f /* Cisco unicast address */
142#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */
143#define CISCO_ADDR_REQ 0 /* Cisco address request */
144#define CISCO_ADDR_REPLY 1 /* Cisco address reply */
145#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */
146
147/* states are named and numbered according to RFC 1661 */
148#define STATE_INITIAL 0
149#define STATE_STARTING 1
150#define STATE_CLOSED 2
151#define STATE_STOPPED 3
152#define STATE_CLOSING 4
153#define STATE_STOPPING 5
154#define STATE_REQ_SENT 6
--- 53 unchanged lines hidden (view full) ---
208 void (*tlu)(struct sppp *sp);
209 void (*tld)(struct sppp *sp);
210 void (*tls)(struct sppp *sp);
211 void (*tlf)(struct sppp *sp);
212 void (*scr)(struct sppp *sp);
213};
214
215static struct sppp *spppq;
216static struct callout_handle keepalive_ch;
217
218/*
219 * The following disgusting hack gets around the problem that IP TOS
220 * can't be set yet. We want to put "interactive" traffic on a high
221 * priority queue. To decide if traffic is interactive, we check that
222 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control.
223 *
224 * XXX is this really still necessary? - joerg -
225 */
226static u_short interactive_ports[8] = {
227 0, 513, 0, 0,
228 0, 21, 0, 23,
229};
230#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p))
231
232/* almost every function needs these */
233#define STDDCL \
234 struct ifnet *ifp = &sp->pp_if; \
235 int debug = ifp->if_flags & IFF_DEBUG
236
237static int sppp_output(struct ifnet *ifp, struct mbuf *m,
238 struct sockaddr *dst, struct rtentry *rt);
239
240static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2);
241static void sppp_cisco_input(struct sppp *sp, struct mbuf *m);
242
243static void sppp_cp_input(const struct cp *cp, struct sppp *sp,
244 struct mbuf *m);
245static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
246 u_char ident, u_short len, void *data);
247static void sppp_cp_timeout(void *arg);
248static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp,
249 int newstate);
250static void sppp_auth_send(const struct cp *cp,
251 struct sppp *sp, u_char type, u_char id,
252 ...);
253
254static void sppp_up_event(const struct cp *cp, struct sppp *sp);
255static void sppp_down_event(const struct cp *cp, struct sppp *sp);
256static void sppp_open_event(const struct cp *cp, struct sppp *sp);
257static void sppp_close_event(const struct cp *cp, struct sppp *sp);
258static void sppp_to_event(const struct cp *cp, struct sppp *sp);
259
260static void sppp_null(struct sppp *sp);
261
262static void sppp_lcp_init(struct sppp *sp);
263static void sppp_lcp_up(struct sppp *sp);
264static void sppp_lcp_down(struct sppp *sp);
265static void sppp_lcp_open(struct sppp *sp);
266static void sppp_lcp_close(struct sppp *sp);
267static void sppp_lcp_TO(void *sp);
268static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
269static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
270static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
271static void sppp_lcp_tlu(struct sppp *sp);
272static void sppp_lcp_tld(struct sppp *sp);
273static void sppp_lcp_tls(struct sppp *sp);
274static void sppp_lcp_tlf(struct sppp *sp);
275static void sppp_lcp_scr(struct sppp *sp);
276static void sppp_lcp_check_and_close(struct sppp *sp);
277static int sppp_ncp_check(struct sppp *sp);
278
279static void sppp_ipcp_init(struct sppp *sp);
280static void sppp_ipcp_up(struct sppp *sp);
281static void sppp_ipcp_down(struct sppp *sp);
282static void sppp_ipcp_open(struct sppp *sp);
283static void sppp_ipcp_close(struct sppp *sp);
284static void sppp_ipcp_TO(void *sp);
285static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
286static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
287static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
288static void sppp_ipcp_tlu(struct sppp *sp);
289static void sppp_ipcp_tld(struct sppp *sp);
290static void sppp_ipcp_tls(struct sppp *sp);
291static void sppp_ipcp_tlf(struct sppp *sp);
292static void sppp_ipcp_scr(struct sppp *sp);
293
294static void sppp_pap_input(struct sppp *sp, struct mbuf *m);
295static void sppp_pap_init(struct sppp *sp);
296static void sppp_pap_open(struct sppp *sp);
297static void sppp_pap_close(struct sppp *sp);
298static void sppp_pap_TO(void *sp);
299static void sppp_pap_my_TO(void *sp);
300static void sppp_pap_tlu(struct sppp *sp);
301static void sppp_pap_tld(struct sppp *sp);
302static void sppp_pap_scr(struct sppp *sp);
303
304static void sppp_chap_input(struct sppp *sp, struct mbuf *m);
305static void sppp_chap_init(struct sppp *sp);
306static void sppp_chap_open(struct sppp *sp);
307static void sppp_chap_close(struct sppp *sp);
308static void sppp_chap_TO(void *sp);
309static void sppp_chap_tlu(struct sppp *sp);
310static void sppp_chap_tld(struct sppp *sp);
311static void sppp_chap_scr(struct sppp *sp);
312
313static const char *sppp_auth_type_name(u_short proto, u_char type);
314static const char *sppp_cp_type_name(u_char type);
315static const char *sppp_dotted_quad(u_long addr);
316static const char *sppp_ipcp_opt_name(u_char opt);
317static const char *sppp_lcp_opt_name(u_char opt);
318static const char *sppp_phase_name(enum ppp_phase phase);
319static const char *sppp_proto_name(u_short proto);
320static const char *sppp_state_name(int state);
321static int sppp_params(struct sppp *sp, int cmd, void *data);
322static int sppp_strnlen(u_char *p, int max);
323static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst,
324 u_long *srcmask);
325static void sppp_keepalive(void *dummy);
326static void sppp_phase_network(struct sppp *sp);
327static void sppp_print_bytes(const u_char *p, u_short len);
328static void sppp_print_string(const char *p, u_short len);
329static void sppp_qflush(struct ifqueue *ifq);
330static void sppp_set_ip_addr(struct sppp *sp, u_long src);
331
332/* our control protocol descriptors */
333const struct cp lcp = {
334 PPP_LCP, IDX_LCP, CP_LCP, "lcp",
335 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close,
336 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak,
337 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf,
338 sppp_lcp_scr
339};
340
341const struct cp ipcp = {
342 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp",
343 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close,
344 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak,
345 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf,
346 sppp_ipcp_scr
347};
348
349const struct cp pap = {
350 PPP_PAP, IDX_PAP, CP_AUTH, "pap",
351 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close,
352 sppp_pap_TO, 0, 0, 0,
353 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null,
354 sppp_pap_scr
355};
356
357const struct cp chap = {
358 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap",
359 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close,
360 sppp_chap_TO, 0, 0, 0,
361 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null,
362 sppp_chap_scr
363};
364
365const struct cp *cps[IDX_COUNT] = {
366 &lcp, /* IDX_LCP */
367 &ipcp, /* IDX_IPCP */
368 &pap, /* IDX_PAP */
369 &chap, /* IDX_CHAP */
370};
371
372
373 /*
374 * Exported functions, comprising our interface to the lower layer.
375 */
376
377/*
--- 52 unchanged lines hidden (view full) ---
430 log(LOG_DEBUG,
431 "%s%d: invalid input protocol "
432 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
433 ifp->if_name, ifp->if_unit,
434 h->address, h->control, ntohs(h->protocol));
435 ++ifp->if_noproto;
436 goto drop;
437 case PPP_LCP:
438 sppp_cp_input(&lcp, sp, m);
439 m_freem (m);
440 return;
441 case PPP_PAP:
442 if (sp->pp_phase >= PHASE_AUTHENTICATE)
443 sppp_pap_input(sp, m);
444 m_freem (m);
445 return;
446 case PPP_CHAP:
447 if (sp->pp_phase >= PHASE_AUTHENTICATE)
448 sppp_chap_input(sp, m);
449 m_freem (m);
450 return;
451#ifdef INET
452 case PPP_IPCP:
453 if (sp->pp_phase == PHASE_NETWORK)
454 sppp_cp_input(&ipcp, sp, m);
455 m_freem (m);
456 return;
457 case PPP_IP:
458 if (sp->state[IDX_IPCP] == STATE_OPENED) {
459 schednetisr (NETISR_IP);
460 inq = &ipintrq;
461 }
462 break;
--- 244 unchanged lines hidden (view full) ---
707
708void
709sppp_attach(struct ifnet *ifp)
710{
711 struct sppp *sp = (struct sppp*) ifp;
712
713 /* Initialize keepalive handler. */
714 if (! spppq)
715 keepalive_ch = timeout(sppp_keepalive, 0, hz * 10);
716
717 /* Insert new entry into the keepalive list. */
718 sp->pp_next = spppq;
719 spppq = sp;
720
721 sp->pp_if.if_type = IFT_PPP;
722 sp->pp_if.if_output = sppp_output;
723 sp->pp_fastq.ifq_maxlen = 32;
724 sp->pp_cpq.ifq_maxlen = 20;
725 sp->pp_loopcnt = 0;
726 sp->pp_alivecnt = 0;
727 sp->pp_seq = 0;
728 sp->pp_rseq = 0;
729 sp->pp_phase = PHASE_DEAD;
730 sp->pp_up = lcp.Up;
731 sp->pp_down = lcp.Down;
732
733 sppp_lcp_init(sp);
734 sppp_ipcp_init(sp);
735 sppp_pap_init(sp);
736 sppp_chap_init(sp);
737}
738
739void
740sppp_detach(struct ifnet *ifp)
741{
742 struct sppp **q, *p, *sp = (struct sppp*) ifp;
743 int i;
744
745 /* Remove the entry from the keepalive list. */
746 for (q = &spppq; (p = *q); q = &p->pp_next)
747 if (p == sp) {
748 *q = p->pp_next;
749 break;
750 }
751
752 /* Stop keepalive handler. */
753 if (! spppq)
754 untimeout(sppp_keepalive, 0, keepalive_ch);
755
756 for (i = 0; i < IDX_COUNT; i++)
757 untimeout((cps[i])->TO, (void *)sp, sp->ch[i]);
758 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
759}
760
761/*
762 * Flush the interface output queue.
763 */
764void
765sppp_flush(struct ifnet *ifp)
766{
--- 27 unchanged lines hidden (view full) ---
794sppp_dequeue(struct ifnet *ifp)
795{
796 struct sppp *sp = (struct sppp*) ifp;
797 struct mbuf *m;
798 int s;
799
800 s = splimp();
801 /*
802 * Process only the control protocol queue until we have at
803 * least one NCP open.
804 *
805 * Do always serve all three queues in Cisco mode.
806 */
807 IF_DEQUEUE(&sp->pp_cpq, m);
808 if (m == NULL &&
809 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) {
810 IF_DEQUEUE(&sp->pp_fastq, m);
811 if (m == NULL)
812 IF_DEQUEUE (&sp->pp_if.if_snd, m);
813 }
814 splx(s);
815 return m;
816}
817
818/*
819 * Pick the next packet, do not remove it from the queue.
820 */
821struct mbuf *
822sppp_pick(struct ifnet *ifp)
823{
824 struct sppp *sp = (struct sppp*)ifp;
825 struct mbuf *m;
826 int s;
827
828 s= splimp ();
829
830 m = sp->pp_cpq.ifq_head;
831 if (m == NULL &&
832 (sp->pp_phase == PHASE_NETWORK ||
833 (sp->pp_flags & PP_CISCO) != 0))
834 if ((m = sp->pp_fastq.ifq_head) == NULL)
835 m = sp->pp_if.if_snd.ifq_head;
836 splx (s);
837 return (m);
838}
839
840/*
841 * Process an ioctl request. Called on low priority level.
842 */
843int
844sppp_ioctl(struct ifnet *ifp, int cmd, void *data)
845{
846 struct ifreq *ifr = (struct ifreq*) data;
847 struct sppp *sp = (struct sppp*) ifp;
848 int s, rv, going_up, going_down, newmode;
849
850 s = splimp();
851 rv = 0;
852 switch (cmd) {
853 case SIOCAIFADDR:
854 case SIOCSIFDSTADDR:
855 break;
856
857 case SIOCSIFADDR:
858 if_up(ifp);
859 /* fall through... */
--- 50 unchanged lines hidden (view full) ---
910 case SLIOCGETMTU:
911 *(short*)data = ifp->if_mtu;
912 break;
913#endif
914 case SIOCADDMULTI:
915 case SIOCDELMULTI:
916 break;
917
918 case SIOCGIFGENERIC:
919 case SIOCSIFGENERIC:
920 rv = sppp_params(sp, cmd, data);
921 break;
922
923 default:
924 rv = ENOTTY;
925 }
926 splx(s);
927 return rv;
928}
929
930
931 /*
932 * Cisco framing implementation.
933 */
934
935/*
936 * Handle incoming Cisco keepalive protocol packets.
937 */
938static void
939sppp_cisco_input(struct sppp *sp, struct mbuf *m)
940{
941 STDDCL;
942 struct cisco_packet *h;
943 u_long me, mymask;
944
945 if (m->m_pkthdr.len < CISCO_PACKET_LEN) {
946 if (debug)
947 log(LOG_DEBUG,
948 "%s%d: cisco invalid packet length: %d bytes\n",
949 ifp->if_name, ifp->if_unit, m->m_pkthdr.len);
950 return;
951 }
952 h = mtod (m, struct cisco_packet*);
953 if (debug)
954 log(LOG_DEBUG,
955 "%s%d: cisco input: %d bytes "
956 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n",
957 ifp->if_name, ifp->if_unit, m->m_pkthdr.len,
958 ntohl (h->type), h->par1, h->par2, h->rel,
959 h->time0, h->time1);
960 switch (ntohl (h->type)) {
961 default:
962 if (debug)
963 addlog("%s%d: cisco unknown packet type: 0x%lx\n",
964 ifp->if_name, ifp->if_unit, ntohl (h->type));
965 break;
966 case CISCO_ADDR_REPLY:
967 /* Reply on address request, ignore */
968 break;
969 case CISCO_KEEPALIVE_REQ:
970 sp->pp_alivecnt = 0;
971 sp->pp_rseq = ntohl (h->par1);
--- 10 unchanged lines hidden (view full) ---
982 }
983 }
984 ++sp->pp_loopcnt;
985
986 /* Generate new local sequence number */
987 sp->pp_seq ^= time.tv_sec ^ time.tv_usec;
988 break;
989 }
990 sp->pp_loopcnt = 0;
991 if (! (ifp->if_flags & IFF_UP) &&
992 (ifp->if_flags & IFF_RUNNING)) {
993 if_up(ifp);
994 printf ("%s%d: up\n", ifp->if_name, ifp->if_unit);
995 }
996 break;
997 case CISCO_ADDR_REQ:
998 sppp_get_ip_addrs(sp, &me, 0, &mymask);
999 if (me != 0L)
1000 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask);
1001 break;
1002 }
1003}
1004
1005/*
1006 * Send Cisco keepalive packet.
1007 */
1008static void
--- 126 unchanged lines hidden (view full) ---
1135 sppp_state_name(sp->state[cp->protoidx]),
1136 sppp_cp_type_name (h->type), h->ident, ntohs (h->len));
1137 if (len > 4)
1138 sppp_print_bytes ((u_char*) (h+1), len-4);
1139 addlog(">\n");
1140 }
1141 if (len > ntohs (h->len))
1142 len = ntohs (h->len);
1143 p = (u_char *)(h + 1);
1144 switch (h->type) {
1145 case CONF_REQ:
1146 if (len < 4) {
1147 if (debug)
1148 addlog("%s%d: %s invalid conf-req length %d\n",
1149 ifp->if_name, ifp->if_unit, cp->name,
1150 len);
1151 ++ifp->if_ierrors;
1152 break;
1153 }
1154 /* handle states where RCR doesn't get a SCA/SCN */
1155 switch (sp->state[cp->protoidx]) {
1156 case STATE_CLOSING:
1157 case STATE_STOPPING:
1158 return;
1159 case STATE_CLOSED:
1160 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident,
1161 0, 0);
1162 return;
1163 }
1164 rv = (cp->RCR)(sp, h, len);
1165 switch (sp->state[cp->protoidx]) {
1166 case STATE_OPENED:
1167 (cp->tld)(sp);
1168 (cp->scr)(sp);
1169 /* fall through... */
1170 case STATE_ACK_SENT:
1171 case STATE_REQ_SENT:
1172 sppp_cp_change_state(cp, sp, rv?
1173 STATE_ACK_SENT: STATE_REQ_SENT);
1174 break;
1175 case STATE_STOPPED:
1176 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1177 (cp->scr)(sp);
1178 sppp_cp_change_state(cp, sp, rv?
1179 STATE_ACK_SENT: STATE_REQ_SENT);
1180 break;
1181 case STATE_ACK_RCVD:
1182 if (rv) {
1183 sppp_cp_change_state(cp, sp, STATE_OPENED);
1184 if (debug)
1185 log(LOG_DEBUG, "%s%d: %s tlu\n",
1186 ifp->if_name, ifp->if_unit,
1187 cp->name);
1188 (cp->tlu)(sp);
--- 35 unchanged lines hidden (view full) ---
1224 case STATE_ACK_RCVD:
1225 (cp->scr)(sp);
1226 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1227 break;
1228 case STATE_ACK_SENT:
1229 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1230 sppp_cp_change_state(cp, sp, STATE_OPENED);
1231 if (debug)
1232 log(LOG_DEBUG, "%s%d: %s tlu\n",
1233 ifp->if_name, ifp->if_unit, cp->name);
1234 (cp->tlu)(sp);
1235 break;
1236 default:
1237 printf("%s%d: %s illegal %s in state %s\n",
1238 ifp->if_name, ifp->if_unit, cp->name,
1239 sppp_cp_type_name(h->type),
1240 sppp_state_name(sp->state[cp->protoidx]));
--- 105 unchanged lines hidden (view full) ---
1346 sppp_cp_type_name(h->type),
1347 sppp_state_name(sp->state[cp->protoidx]));
1348 ++ifp->if_ierrors;
1349 }
1350 break;
1351 case CODE_REJ:
1352 case PROTO_REJ:
1353 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */
1354 log(LOG_INFO,
1355 "%s%d: %s: ignoring RXJ (%s) for proto 0x%x, "
1356 "danger will robinson\n",
1357 ifp->if_name, ifp->if_unit, cp->name,
1358 sppp_cp_type_name(h->type), ntohs(*((u_short *)p)));
1359 switch (sp->state[cp->protoidx]) {
1360 case STATE_CLOSED:
1361 case STATE_STOPPED:
1362 case STATE_REQ_SENT:
1363 case STATE_ACK_SENT:
1364 case STATE_CLOSING:
1365 case STATE_STOPPING:
1366 case STATE_OPENED:
--- 317 unchanged lines hidden (view full) ---
1684sppp_lcp_init(struct sppp *sp)
1685{
1686 sp->lcp.opts = (1 << LCP_OPT_MAGIC);
1687 sp->lcp.magic = 0;
1688 sp->state[IDX_LCP] = STATE_INITIAL;
1689 sp->fail_counter[IDX_LCP] = 0;
1690 sp->lcp.protos = 0;
1691 sp->lcp.mru = sp->lcp.their_mru = PP_MTU;
1692
1693 /*
1694 * Initialize counters and timeout values. Note that we don't
1695 * use the 3 seconds suggested in RFC 1661 since we are likely
1696 * running on a fast link. XXX We should probably implement
1697 * the exponential backoff option. Note that these values are
1698 * relevant for all control protocols, not just LCP only.
1699 */
1700 sp->lcp.timeout = 1 * hz;
1701 sp->lcp.max_terminate = 2;
1702 sp->lcp.max_configure = 10;
1703 sp->lcp.max_failure = 10;
1704 callout_handle_init(&sp->ch[IDX_LCP]);
1705}
1706
1707static void
1708sppp_lcp_up(struct sppp *sp)
1709{
1710 STDDCL;
1711
1712 /*
1713 * If this interface is passive or dial-on-demand, and we are
1714 * still in Initial state, it means we've got an incoming
1715 * call. Activate the interface.
1716 */
1717 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) {
1718 if (debug)
1719 log(LOG_DEBUG,
1720 "%s%d: Up event", ifp->if_name, ifp->if_unit);
1721 ifp->if_flags |= IFF_RUNNING;
1722 if (sp->state[IDX_LCP] == STATE_INITIAL) {
1723 if (debug)
1724 addlog("(incoming call)\n");
1725 sp->pp_flags |= PP_CALLIN;
1726 lcp.Open(sp);
1727 } else if (debug)
1728 addlog("\n");
1729 }
1730
1731 sppp_up_event(&lcp, sp);
1732}
1733
1734static void
1735sppp_lcp_down(struct sppp *sp)
1736{
--- 14 unchanged lines hidden (view full) ---
1751 ifp->if_name, ifp->if_unit);
1752 if_down(ifp);
1753 } else {
1754 if (debug)
1755 log(LOG_DEBUG,
1756 "%s%d: Down event (carrier loss)\n",
1757 ifp->if_name, ifp->if_unit);
1758 }
1759 sp->pp_flags &= ~PP_CALLIN;
1760 if (sp->state[IDX_LCP] != STATE_INITIAL)
1761 lcp.Close(sp);
1762 ifp->if_flags &= ~IFF_RUNNING;
1763}
1764
1765static void
1766sppp_lcp_open(struct sppp *sp)
1767{
1768 /*
1769 * If we are authenticator, negotiate LCP_AUTH
1770 */
1771 if (sp->hisauth.proto != 0)
1772 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO);
1773 else
1774 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
1775 sp->pp_flags &= ~PP_NEEDAUTH;
1776 sppp_open_event(&lcp, sp);
1777}
1778
1779static void
1780sppp_lcp_close(struct sppp *sp)
1781{
1782 sppp_close_event(&lcp, sp);
1783}
--- 12 unchanged lines hidden (view full) ---
1796 */
1797static int
1798sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
1799{
1800 STDDCL;
1801 u_char *buf, *r, *p;
1802 int origlen, rlen;
1803 u_long nmagic;
1804 u_short authproto;
1805
1806 len -= 4;
1807 origlen = len;
1808 buf = r = malloc (len, M_TEMP, M_NOWAIT);
1809 if (! buf)
1810 return (0);
1811
1812 if (debug)
--- 18 unchanged lines hidden (view full) ---
1831 break;
1832 case LCP_OPT_MRU:
1833 /* Maximum receive unit. */
1834 if (len >= 4 && p[1] == 4)
1835 continue;
1836 if (debug)
1837 addlog("[invalid] ");
1838 break;
1839 case LCP_OPT_AUTH_PROTO:
1840 if (len < 4) {
1841 if (debug)
1842 addlog("[invalid] ");
1843 break;
1844 }
1845 authproto = (p[2] << 8) + p[3];
1846 if (authproto == PPP_CHAP && p[1] != 5) {
1847 if (debug)
1848 addlog("[invalid chap len] ");
1849 break;
1850 }
1851 if (sp->myauth.proto == 0) {
1852 /* we are not configured to do auth */
1853 if (debug)
1854 addlog("[not configured] ");
1855 break;
1856 }
1857 /*
1858 * Remote want us to authenticate, remember this,
1859 * so we stay in PHASE_AUTHENTICATE after LCP got
1860 * up.
1861 */
1862 sp->pp_flags |= PP_NEEDAUTH;
1863 continue;
1864 default:
1865 /* Others not supported. */
1866 if (debug)
1867 addlog("[rej] ");
1868 break;
1869 }
1870 /* Add the option to rejected list. */
1871 bcopy (p, r, p[1]);
--- 30 unchanged lines hidden (view full) ---
1902 if (debug)
1903 addlog("0x%x ", nmagic);
1904 continue;
1905 }
1906 /*
1907 * Local and remote magics equal -- loopback?
1908 */
1909 if (sp->pp_loopcnt >= MAXALIVECNT*5) {
1910 printf ("%s%d: loopback\n",
1911 ifp->if_name, ifp->if_unit);
1912 sp->pp_loopcnt = 0;
1913 if (ifp->if_flags & IFF_UP) {
1914 if_down(ifp);
1915 sppp_qflush(&sp->pp_cpq);
1916 /* XXX ? */
1917 lcp.Down(sp);
1918 lcp.Up(sp);
--- 31 unchanged lines hidden (view full) ---
1950 /*
1951 * Maximum receive unit. Always agreeable,
1952 * but ignored by now.
1953 */
1954 sp->lcp.their_mru = p[2] * 256 + p[3];
1955 if (debug)
1956 addlog("%d ", sp->lcp.their_mru);
1957 continue;
1958
1959 case LCP_OPT_AUTH_PROTO:
1960 authproto = (p[2] << 8) + p[3];
1961 if (sp->myauth.proto != authproto) {
1962 /* not agreed, nak */
1963 if (debug)
1964 addlog("[mine %s != his %s] ",
1965 sppp_proto_name(sp->hisauth.proto),
1966 sppp_proto_name(authproto));
1967 p[2] = sp->myauth.proto >> 8;
1968 p[3] = sp->myauth.proto;
1969 break;
1970 }
1971 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) {
1972 if (debug)
1973 addlog("[chap not MD5] ");
1974 p[4] == CHAP_MD5;
1975 break;
1976 }
1977 continue;
1978 }
1979 /* Add the option to nak'ed list. */
1980 bcopy (p, r, p[1]);
1981 r += p[1];
1982 rlen += p[1];
1983 }
1984 if (rlen) {
1985 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) {
--- 53 unchanged lines hidden (view full) ---
2039 case LCP_OPT_MRU:
2040 /*
2041 * Should not be rejected anyway, since we only
2042 * negotiate a MRU if explicitly requested by
2043 * peer.
2044 */
2045 sp->lcp.opts &= ~(1 << LCP_OPT_MRU);
2046 break;
2047 case LCP_OPT_AUTH_PROTO:
2048 /*
2049 * Peer doesn't want to authenticate himself,
2050 * deny unless this is a dialout call, and
2051 * AUTHFLAG_NOCALLOUT is set.
2052 */
2053 if ((sp->pp_flags & PP_CALLIN) == 0 &&
2054 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) {
2055 if (debug)
2056 addlog("[don't insist on auth "
2057 "for callout]");
2058 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
2059 break;
2060 }
2061 if (debug)
2062 addlog("[access denied]\n");
2063 lcp.Close(sp);
2064 break;
2065 }
2066 }
2067 if (debug)
2068 addlog("\n");
2069 free (buf, M_TEMP);
2070 return;
2071}
2072
--- 55 unchanged lines hidden (view full) ---
2128 if (debug)
2129 addlog("%d ", mru);
2130 if (mru < PP_MTU || mru > PP_MAX_MRU)
2131 mru = PP_MTU;
2132 sp->lcp.mru = mru;
2133 sp->lcp.opts |= (1 << LCP_OPT_MRU);
2134 }
2135 break;
2136 case LCP_OPT_AUTH_PROTO:
2137 /*
2138 * Peer doesn't like our authentication method,
2139 * deny.
2140 */
2141 if (debug)
2142 addlog("[access denied]\n");
2143 lcp.Close(sp);
2144 break;
2145 }
2146 }
2147 if (debug)
2148 addlog("\n");
2149 free (buf, M_TEMP);
2150 return;
2151}
2152
--- 11 unchanged lines hidden (view full) ---
2164 if_up(ifp);
2165 printf ("%s%d: up\n", ifp->if_name, ifp->if_unit);
2166 }
2167
2168 for (i = 0; i < IDX_COUNT; i++)
2169 if ((cps[i])->flags & CP_QUAL)
2170 (cps[i])->Open(sp);
2171
2172 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 ||
2173 (sp->pp_flags & PP_NEEDAUTH) != 0)
2174 sp->pp_phase = PHASE_AUTHENTICATE;
2175 else
2176 sp->pp_phase = PHASE_NETWORK;
2177
2178 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit,
2179 sppp_phase_name(sp->pp_phase));
2180
2181 /*
2182 * Open all authentication protocols. This is even required
2183 * if we already proceeded to network phase, since it might be
2184 * that remote wants us to authenticate, so we might have to
2185 * send a PAP request. Undesired authentication protocols
2186 * don't do anything when they get an Open event.
2187 */
2188 for (i = 0; i < IDX_COUNT; i++)
2189 if ((cps[i])->flags & CP_AUTH)
2190 (cps[i])->Open(sp);
2191
2192 if (sp->pp_phase == PHASE_NETWORK) {
2193 /* Notify all NCPs. */
2194 for (i = 0; i < IDX_COUNT; i++)
2195 if ((cps[i])->flags & CP_NCP)
2196 (cps[i])->Open(sp);
2197 }
2198
2199 /* Send Up events to all started protos. */
2200 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2201 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0)
2202 (cps[i])->Up(sp);
2203
2204 if (sp->pp_phase == PHASE_NETWORK)
2205 /* if no NCP is starting, close down */
2206 sppp_lcp_check_and_close(sp);
2207}
2208
2209static void
2210sppp_lcp_tld(struct sppp *sp)
2211{
2212 STDDCL;
2213 int i;
2214 u_long mask;
--- 43 unchanged lines hidden (view full) ---
2258 /* Notify lower layer if desired. */
2259 if (sp->pp_tlf)
2260 (sp->pp_tlf)(sp);
2261}
2262
2263static void
2264sppp_lcp_scr(struct sppp *sp)
2265{
2266 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */];
2267 int i = 0;
2268 u_short authproto;
2269
2270 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) {
2271 if (! sp->lcp.magic)
2272 sp->lcp.magic = time.tv_sec + time.tv_usec;
2273 opt[i++] = LCP_OPT_MAGIC;
2274 opt[i++] = 6;
2275 opt[i++] = sp->lcp.magic >> 24;
2276 opt[i++] = sp->lcp.magic >> 16;
2277 opt[i++] = sp->lcp.magic >> 8;
2278 opt[i++] = sp->lcp.magic;
2279 }
2280
2281 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) {
2282 opt[i++] = LCP_OPT_MRU;
2283 opt[i++] = 4;
2284 opt[i++] = sp->lcp.mru >> 8;
2285 opt[i++] = sp->lcp.mru;
2286 }
2287
2288 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) {
2289 authproto = sp->hisauth.proto;
2290 opt[i++] = LCP_OPT_AUTH_PROTO;
2291 opt[i++] = authproto == PPP_CHAP? 5: 4;
2292 opt[i++] = authproto >> 8;
2293 opt[i++] = authproto;
2294 if (authproto == PPP_CHAP)
2295 opt[i++] = CHAP_MD5;
2296 }
2297
2298 sp->confid[IDX_LCP] = ++sp->pp_seq;
2299 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt);
2300}
2301
2302/*
2303 * Check the open NCPs, return true if at least one NCP is open.
2304 */
2305static int
2306sppp_ncp_check(struct sppp *sp)
2307{
2308 int i, mask;
2309
2310 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2311 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP)
2312 return 1;
2313 return 0;
2314}
2315
2316/*
2317 * Re-check the open NCPs and see if we should terminate the link.
2318 * Called by the NCPs during their tlf action handling.
2319 */
2320static void
2321sppp_lcp_check_and_close(struct sppp *sp)
2322{
2323
2324 if (sp->pp_phase < PHASE_NETWORK)
2325 /* don't bother, we are already going down */
2326 return;
2327
2328 if (sppp_ncp_check(sp))
2329 return;
2330
2331 lcp.Close(sp);
2332}
2333 /*
2334 *--------------------------------------------------------------------------*
2335 * *
2336 * The IPCP implementation. *
2337 * *
2338 *--------------------------------------------------------------------------*
--- 22 unchanged lines hidden (view full) ---
2361}
2362
2363static void
2364sppp_ipcp_open(struct sppp *sp)
2365{
2366 STDDCL;
2367 u_long myaddr, hisaddr;
2368
2369 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0);
2370 /*
2371 * If we don't have his address, this probably means our
2372 * interface doesn't want to talk IP at all. (This could
2373 * be the case if somebody wants to speak only IPX, for
2374 * example.) Don't open IPCP in this case.
2375 */
2376 if (hisaddr == 0L) {
2377 /* XXX this message should go away */
--- 97 unchanged lines hidden (view full) ---
2475 if (debug)
2476 addlog(" send conf-rej\n");
2477 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf);
2478 return 0;
2479 } else if (debug)
2480 addlog("\n");
2481
2482 /* pass 2: parse option values */
2483 sppp_get_ip_addrs(sp, 0, &hisaddr, 0);
2484 if (debug)
2485 log(LOG_DEBUG, "%s%d: ipcp parse opt values: ",
2486 ifp->if_name, ifp->if_unit);
2487 p = (void*) (h+1);
2488 len = origlen;
2489 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2490 if (debug)
2491 addlog(" %s ", sppp_ipcp_opt_name(*p));
2492 switch (*p) {
2493#ifdef notyet
2494 case IPCP_OPT_COMPRESSION:
--- 4 unchanged lines hidden (view full) ---
2499 p[4] << 8 | p[5];
2500 if (desiredaddr == hisaddr) {
2501 /*
2502 * Peer's address is same as our value,
2503 * this is agreeable. Gonna conf-ack
2504 * it.
2505 */
2506 if (debug)
2507 addlog("%s [ack] ",
2508 sppp_dotted_quad(hisaddr));
2509 /* record that we've seen it already */
2510 sp->ipcp.flags |= IPCP_HISADDR_SEEN;
2511 continue;
2512 }
2513 /*
2514 * The address wasn't agreeable. This is either
2515 * he sent us 0.0.0.0, asking to assign him an
2516 * address, or he send us another address not
2517 * matching our value. Either case, we gonna
2518 * conf-nak it with our value.
2519 */
2520 if (debug) {
2521 if (desiredaddr == 0)
2522 addlog("[addr requested] ");
2523 else
2524 addlog("%s [not agreed] ",
2525 sppp_dotted_quad(desiredaddr));
2526
2527 p[2] = hisaddr >> 24;
2528 p[3] = hisaddr >> 16;
2529 p[4] = hisaddr >> 8;
2530 p[5] = hisaddr;
2531 }
2532 break;
2533 }
--- 117 unchanged lines hidden (view full) ---
2651 * if we can do something for him. We'll drop
2652 * him our address then.
2653 */
2654 if (len >= 6 && p[1] == 6) {
2655 wantaddr = p[2] << 24 | p[3] << 16 |
2656 p[4] << 8 | p[5];
2657 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
2658 if (debug)
2659 addlog("[wantaddr %s] ",
2660 sppp_dotted_quad(wantaddr));
2661 /*
2662 * When doing dynamic address assignment,
2663 * we accept his offer. Otherwise, we
2664 * ignore it and thus continue to negotiate
2665 * our already existing value.
2666 */
2667 if (sp->ipcp.flags & IPCP_MYADDR_DYN) {
2668 sppp_set_ip_addr(sp, wantaddr);
--- 34 unchanged lines hidden (view full) ---
2703 sp->lcp.protos |= (1 << IDX_IPCP);
2704}
2705
2706static void
2707sppp_ipcp_tlf(struct sppp *sp)
2708{
2709 /* we no longer need LCP */
2710 sp->lcp.protos &= ~(1 << IDX_IPCP);
2711 sppp_lcp_check_and_close(sp);
2712}
2713
2714static void
2715sppp_ipcp_scr(struct sppp *sp)
2716{
2717 char opt[6 /* compression */ + 6 /* address */];
2718 u_long ouraddr;
2719 int i = 0;
--- 5 unchanged lines hidden (view full) ---
2725 opt[i++] = 0; /* VJ header compression */
2726 opt[i++] = 0x2d; /* VJ header compression */
2727 opt[i++] = max_slot_id;
2728 opt[i++] = comp_slot_id;
2729 }
2730#endif
2731
2732 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) {
2733 sppp_get_ip_addrs(sp, &ouraddr, 0, 0);
2734 opt[i++] = IPCP_OPT_ADDRESS;
2735 opt[i++] = 6;
2736 opt[i++] = ouraddr >> 24;
2737 opt[i++] = ouraddr >> 16;
2738 opt[i++] = ouraddr >> 8;
2739 opt[i++] = ouraddr;
2740 }
2741
2742 sp->confid[IDX_IPCP] = ++sp->pp_seq;
2743 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt);
2744}
2745
2746
2747 /*
2748 *--------------------------------------------------------------------------*
2749 * *
2750 * The CHAP implementation. *
2751 * *
2752 *--------------------------------------------------------------------------*
2753 */
2754
2755/*
2756 * The authentication protocols don't employ a full-fledged state machine as
2757 * the control protocols do, since they do have Open and Close events, but
2758 * not Up and Down, nor are they explicitly terminated. Also, use of the
2759 * authentication protocols may be different in both directions (this makes
2760 * sense, think of a machine that never accepts incoming calls but only
2761 * calls out, it doesn't require the called party to authenticate itself).
2762 *
2763 * Our state machine for the local authentication protocol (we are requesting
2764 * the peer to authenticate) looks like:
2765 *
2766 * RCA-
2767 * +--------------------------------------------+
2768 * V scn,tld|
2769 * +--------+ Close +---------+ RCA+
2770 * | |<----------------------------------| |------+
2771 * +--->| Closed | TO* | Opened | sca |
2772 * | | |-----+ +-------| |<-----+
2773 * | +--------+ irc | | +---------+
2774 * | ^ | | ^
2775 * | | | | |
2776 * | | | | |
2777 * | TO-| | | |
2778 * | |tld TO+ V | |
2779 * | | +------->+ | |
2780 * | | | | | |
2781 * | +--------+ V | |
2782 * | | |<----+<--------------------+ |
2783 * | | Req- | scr |
2784 * | | Sent | |
2785 * | | | |
2786 * | +--------+ |
2787 * | RCA- | | RCA+ |
2788 * +------+ +------------------------------------------+
2789 * scn,tld sca,irc,ict,tlu
2790 *
2791 *
2792 * with:
2793 *
2794 * Open: LCP reached authentication phase
2795 * Close: LCP reached terminate phase
2796 *
2797 * RCA+: received reply (pap-req, chap-response), acceptable
2798 * RCN: received reply (pap-req, chap-response), not acceptable
2799 * TO+: timeout with restart counter >= 0
2800 * TO-: timeout with restart counter < 0
2801 * TO*: reschedule timeout for CHAP
2802 *
2803 * scr: send request packet (none for PAP, chap-challenge)
2804 * sca: send ack packet (pap-ack, chap-success)
2805 * scn: send nak packet (pap-nak, chap-failure)
2806 * ict: initialize re-challenge timer (CHAP only)
2807 *
2808 * tlu: this-layer-up, LCP reaches network phase
2809 * tld: this-layer-down, LCP enters terminate phase
2810 *
2811 * Note that in CHAP mode, after sending a new challenge, while the state
2812 * automaton falls back into Req-Sent state, it doesn't signal a tld
2813 * event to LCP, so LCP remains in network phase. Only after not getting
2814 * any response (or after getting an unacceptable response), CHAP closes,
2815 * causing LCP to enter terminate phase.
2816 *
2817 * With PAP, there is no initial request that can be sent. The peer is
2818 * expected to send one based on the successful negotiation of PAP as
2819 * the authentication protocol during the LCP option negotiation.
2820 *
2821 * Incoming authentication protocol requests (remote requests
2822 * authentication, we are peer) don't employ a state machine at all,
2823 * they are simply answered. Some peers [Ascend P50 firmware rev
2824 * 4.50] react allergically when sending IPCP requests while they are
2825 * still in authentication phase (thereby violating the standard that
2826 * demands that these NCP packets are to be discarded), so we keep
2827 * track of the peer demanding us to authenticate, and only proceed to
2828 * phase network once we've seen a positive acknowledge for the
2829 * authentication.
2830 */
2831
2832/*
2833 * Handle incoming CHAP packets.
2834 */
2835void
2836sppp_chap_input(struct sppp *sp, struct mbuf *m)
2837{
2838 STDDCL;
2839 struct lcp_header *h;
2840 int len, x;
2841 u_char *value, *name, digest[AUTHKEYLEN], dsize;
2842 int value_len, name_len;
2843 MD5_CTX ctx;
2844
2845 len = m->m_pkthdr.len;
2846 if (len < 4) {
2847 if (debug)
2848 log(LOG_DEBUG,
2849 "%s%d: chap invalid packet length: %d bytes\n",
2850 ifp->if_name, ifp->if_unit, len);
2851 return;
2852 }
2853 h = mtod (m, struct lcp_header*);
2854 if (len > ntohs (h->len))
2855 len = ntohs (h->len);
2856
2857 switch (h->type) {
2858 /* challenge, failure and success are his authproto */
2859 case CHAP_CHALLENGE:
2860 value = 1 + (u_char*)(h+1);
2861 value_len = value[-1];
2862 name = value + value_len;
2863 name_len = len - value_len - 5;
2864 if (name_len < 0) {
2865 if (debug) {
2866 log(LOG_DEBUG,
2867 "%s%d: chap corrupted challenge "
2868 "<%s id=0x%x len=%d",
2869 ifp->if_name, ifp->if_unit,
2870 sppp_auth_type_name(PPP_CHAP, h->type),
2871 h->ident, ntohs(h->len));
2872 if (len > 4)
2873 sppp_print_bytes((u_char*) (h+1), len-4);
2874 addlog(">\n");
2875 }
2876 break;
2877 }
2878 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)
2879 || bcmp(name, sp->hisauth.name, name_len) != 0) {
2880 log(LOG_INFO, "%s%d: chap challenge, his name ");
2881 sppp_print_string(name, name_len);
2882 addlog(" != expected ");
2883 sppp_print_string(sp->hisauth.name,
2884 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN));
2885 addlog("\n");
2886 }
2887
2888 if (debug) {
2889 log(LOG_DEBUG,
2890 "%s%d: chap input <%s id=0x%x len=%d name=",
2891 ifp->if_name, ifp->if_unit,
2892 sppp_auth_type_name(PPP_CHAP, h->type), h->ident,
2893 ntohs(h->len));
2894 sppp_print_string((char*) name, name_len);
2895 addlog(" value-size=%d value=", value_len);
2896 sppp_print_bytes(value, value_len);
2897 addlog(">\n");
2898 }
2899
2900 /* Compute reply value. */
2901 MD5Init(&ctx);
2902 MD5Update(&ctx, &h->ident, 1);
2903 MD5Update(&ctx, sp->myauth.secret,
2904 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN));
2905 MD5Update(&ctx, value, value_len);
2906 MD5Final(digest, &ctx);
2907 dsize = sizeof digest;
2908
2909 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident,
2910 sizeof dsize, (const char *)&dsize,
2911 sizeof digest, digest,
2912 sppp_strnlen(sp->myauth.name, AUTHNAMELEN),
2913 sp->myauth.name,
2914 0);
2915 break;
2916
2917 case CHAP_SUCCESS:
2918 if (debug) {
2919 log(LOG_DEBUG, "%s%d: chap success",
2920 ifp->if_name, ifp->if_unit);
2921 if (len > 4) {
2922 addlog(": ");
2923 sppp_print_string((char*)(h + 1), len - 4);
2924 }
2925 addlog("\n");
2926 }
2927 x = splimp();
2928 sp->pp_flags &= ~PP_NEEDAUTH;
2929 if (sp->myauth.proto == PPP_CHAP &&
2930 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) {
2931 /*
2932 * We are authenticator for CHAP but didn't
2933 * complete yet. Leave it to tlu to proceed
2934 * to network phase.
2935 */
2936 splx(x);
2937 break;
2938 }
2939 splx(x);
2940 sppp_phase_network(sp);
2941 break;
2942
2943 case CHAP_FAILURE:
2944 if (debug) {
2945 log(LOG_INFO, "%s%d: chap failure",
2946 ifp->if_name, ifp->if_unit);
2947 if (len > 4) {
2948 addlog(": ");
2949 sppp_print_string((char*)(h + 1), len - 4);
2950 }
2951 addlog("\n");
2952 } else
2953 log(LOG_INFO, "%s%d: chap failure\n",
2954 ifp->if_name, ifp->if_unit);
2955 /* await LCP shutdown by authenticator */
2956 break;
2957
2958 /* response is my authproto */
2959 case CHAP_RESPONSE:
2960 value = 1 + (u_char*)(h+1);
2961 value_len = value[-1];
2962 name = value + value_len;
2963 name_len = len - value_len - 5;
2964 if (name_len < 0) {
2965 if (debug) {
2966 log(LOG_DEBUG,
2967 "%s%d: chap corrupted response "
2968 "<%s id=0x%x len=%d",
2969 ifp->if_name, ifp->if_unit,
2970 sppp_auth_type_name(PPP_CHAP, h->type),
2971 h->ident, ntohs(h->len));
2972 if (len > 4)
2973 sppp_print_bytes((u_char*)(h+1), len-4);
2974 addlog(">\n");
2975 }
2976 break;
2977 }
2978 if (h->ident != sp->confid[IDX_CHAP]) {
2979 if (debug)
2980 log(LOG_DEBUG,
2981 "%s%d: chap dropping response for old ID "
2982 "(got %d, expected %d)\n",
2983 h->ident, sp->confid[IDX_CHAP]);
2984 break;
2985 }
2986 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)
2987 || bcmp(name, sp->hisauth.name, name_len) != 0) {
2988 log(LOG_INFO, "%s%d: chap response, his name ",
2989 ifp->if_name, ifp->if_unit);
2990 sppp_print_string(name, name_len);
2991 addlog(" != expected ");
2992 sppp_print_string(sp->hisauth.name,
2993 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN));
2994 addlog("\n");
2995 }
2996 if (debug) {
2997 log(LOG_DEBUG, "%s%d: chap input(%s) "
2998 "<%s id=0x%x len=%d name=",
2999 ifp->if_name, ifp->if_unit,
3000 sppp_state_name(sp->state[IDX_CHAP]),
3001 sppp_auth_type_name(PPP_CHAP, h->type),
3002 h->ident, ntohs (h->len));
3003 sppp_print_string((char*)name, name_len);
3004 addlog(" value-size=%d value=", value_len);
3005 sppp_print_bytes(value, value_len);
3006 addlog(">\n");
3007 }
3008 if (value_len != AUTHKEYLEN) {
3009 if (debug)
3010 log(LOG_DEBUG,
3011 "%s%d: chap bad hash value length: "
3012 "%d bytes, should be %d\n",
3013 ifp->if_name, ifp->if_unit, value_len,
3014 AUTHKEYLEN);
3015 break;
3016 }
3017
3018 MD5Init(&ctx);
3019 MD5Update(&ctx, &h->ident, 1);
3020 MD5Update(&ctx, sp->hisauth.secret,
3021 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN));
3022 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN);
3023 MD5Final(digest, &ctx);
3024
3025#define FAILMSG "Failed..."
3026#define SUCCMSG "Welcome!"
3027
3028 if (value_len != sizeof digest ||
3029 bcmp(digest, value, value_len) != 0) {
3030 /* action scn, tld */
3031 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident,
3032 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
3033 0);
3034 chap.tld(sp);
3035 break;
3036 }
3037 /* action sca, perhaps tlu */
3038 if (sp->state[IDX_CHAP] == STATE_REQ_SENT ||
3039 sp->state[IDX_CHAP] == STATE_OPENED)
3040 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident,
3041 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
3042 0);
3043 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) {
3044 sppp_cp_change_state(&chap, sp, STATE_OPENED);
3045 chap.tlu(sp);
3046 }
3047 break;
3048
3049 default:
3050 /* Unknown CHAP packet type -- ignore. */
3051 if (debug) {
3052 log(LOG_DEBUG, "%s%d: chap unknown input(%s) "
3053 "<0x%x id=0x%xh len=%d",
3054 ifp->if_name, ifp->if_unit,
3055 sppp_state_name(sp->state[IDX_CHAP]),
3056 h->type, h->ident, ntohs(h->len));
3057 if (len > 4)
3058 sppp_print_bytes((u_char*)(h+1), len-4);
3059 addlog(">\n");
3060 }
3061 break;
3062
3063 }
3064}
3065
3066static void
3067sppp_chap_init(struct sppp *sp)
3068{
3069 /* Chap doesn't have STATE_INITIAL at all. */
3070 sp->state[IDX_CHAP] = STATE_CLOSED;
3071 sp->fail_counter[IDX_CHAP] = 0;
3072 callout_handle_init(&sp->ch[IDX_CHAP]);
3073}
3074
3075static void
3076sppp_chap_open(struct sppp *sp)
3077{
3078 if (sp->myauth.proto == PPP_CHAP &&
3079 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
3080 /* we are authenticator for CHAP, start it */
3081 chap.scr(sp);
3082 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3083 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
3084 }
3085 /* nothing to be done if we are peer, await a challenge */
3086}
3087
3088static void
3089sppp_chap_close(struct sppp *sp)
3090{
3091 if (sp->state[IDX_CHAP] != STATE_CLOSED)
3092 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
3093}
3094
3095static void
3096sppp_chap_TO(void *cookie)
3097{
3098 struct sppp *sp = (struct sppp *)cookie;
3099 STDDCL;
3100 int s;
3101
3102 s = splimp();
3103 if (debug)
3104 log(LOG_DEBUG, "%s%d: chap TO(%s) rst_counter = %d\n",
3105 ifp->if_name, ifp->if_unit,
3106 sppp_state_name(sp->state[IDX_CHAP]),
3107 sp->rst_counter[IDX_CHAP]);
3108
3109 if (--sp->rst_counter[IDX_CHAP] < 0)
3110 /* TO- event */
3111 switch (sp->state[IDX_CHAP]) {
3112 case STATE_REQ_SENT:
3113 chap.tld(sp);
3114 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
3115 break;
3116 }
3117 else
3118 /* TO+ (or TO*) event */
3119 switch (sp->state[IDX_CHAP]) {
3120 case STATE_OPENED:
3121 /* TO* event */
3122 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3123 /* fall through */
3124 case STATE_REQ_SENT:
3125 chap.scr(sp);
3126 /* sppp_cp_change_state() will restart the timer */
3127 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
3128 break;
3129 }
3130
3131 splx(s);
3132}
3133
3134static void
3135sppp_chap_tlu(struct sppp *sp)
3136{
3137 STDDCL;
3138 int i, x;
3139
3140 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3141
3142 /*
3143 * Some broken CHAP implementations (Conware CoNet, firmware
3144 * 4.0.?) don't want to re-authenticate their CHAP once the
3145 * initial challenge-response exchange has taken place.
3146 * Provide for an option to avoid rechallenges.
3147 */
3148 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) {
3149 /*
3150 * Compute the re-challenge timeout. This will yield
3151 * a number between 300 and 810 seconds.
3152 */
3153 i = 300 + ((unsigned)(random() & 0xff00) >> 7);
3154
3155 sp->ch[IDX_CHAP] = timeout(chap.TO, (void *)sp, i * hz);
3156 }
3157
3158 if (debug) {
3159 log(LOG_DEBUG,
3160 "%s%d: chap %s, ",
3161 ifp->if_name, ifp->if_unit,
3162 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu");
3163 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0)
3164 addlog("next re-challenge in %d seconds\n", i);
3165 else
3166 addlog("re-challenging supressed\n");
3167 }
3168
3169 x = splimp();
3170 /* indicate to LCP that we need to be closed down */
3171 sp->lcp.protos |= (1 << IDX_CHAP);
3172
3173 if (sp->pp_flags & PP_NEEDAUTH) {
3174 /*
3175 * Remote is authenticator, but his auth proto didn't
3176 * complete yet. Defer the transition to network
3177 * phase.
3178 */
3179 splx(x);
3180 return;
3181 }
3182 splx(x);
3183
3184 /*
3185 * If we are already in phase network, we are done here. This
3186 * is the case if this is a dummy tlu event after a re-challenge.
3187 */
3188 if (sp->pp_phase != PHASE_NETWORK)
3189 sppp_phase_network(sp);
3190}
3191
3192static void
3193sppp_chap_tld(struct sppp *sp)
3194{
3195 STDDCL;
3196
3197 if (debug)
3198 log(LOG_DEBUG, "%s%d: chap tld\n", ifp->if_name, ifp->if_unit);
3199 untimeout(chap.TO, (void *)sp, sp->ch[IDX_CHAP]);
3200 sp->lcp.protos &= ~(1 << IDX_CHAP);
3201
3202 lcp.Close(sp);
3203}
3204
3205static void
3206sppp_chap_scr(struct sppp *sp)
3207{
3208 struct timeval tv;
3209 u_long *ch, seed;
3210 u_char clen;
3211
3212 /* Compute random challenge. */
3213 ch = (u_long *)sp->myauth.challenge;
3214 microtime(&tv);
3215 seed = tv.tv_sec ^ tv.tv_usec;
3216 ch[0] = seed ^ random();
3217 ch[1] = seed ^ random();
3218 ch[2] = seed ^ random();
3219 ch[3] = seed ^ random();
3220 clen = AUTHKEYLEN;
3221
3222 sp->confid[IDX_CHAP] = ++sp->pp_seq;
3223
3224 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP],
3225 sizeof clen, (const char *)&clen,
3226 AUTHKEYLEN, sp->myauth.challenge,
3227 sppp_strnlen(sp->myauth.name, AUTHNAMELEN),
3228 sp->myauth.name,
3229 0);
3230}
3231 /*
3232 *--------------------------------------------------------------------------*
3233 * *
3234 * The PAP implementation. *
3235 * *
3236 *--------------------------------------------------------------------------*
3237 */
3238/*
3239 * For PAP, we need to keep a little state also if we are the peer, not the
3240 * authenticator. This is since we don't get a request to authenticate, but
3241 * have to repeatedly authenticate ourself until we got a response (or the
3242 * retry counter is expired).
3243 */
3244
3245/*
3246 * Handle incoming PAP packets. */
3247static void
3248sppp_pap_input(struct sppp *sp, struct mbuf *m)
3249{
3250 STDDCL;
3251 struct lcp_header *h;
3252 int len, x;
3253 u_char *name, *passwd, mlen;
3254 int name_len, passwd_len;
3255
3256 len = m->m_pkthdr.len;
3257 if (len < 5) {
3258 if (debug)
3259 log(LOG_DEBUG,
3260 "%s%d: pap invalid packet length: %d bytes\n",
3261 ifp->if_name, ifp->if_unit, len);
3262 return;
3263 }
3264 h = mtod (m, struct lcp_header*);
3265 if (len > ntohs (h->len))
3266 len = ntohs (h->len);
3267 switch (h->type) {
3268 /* PAP request is my authproto */
3269 case PAP_REQ:
3270 name = 1 + (u_char*)(h+1);
3271 name_len = name[-1];
3272 passwd = name + name_len + 1;
3273 if (name_len > len - 6 ||
3274 (passwd_len = passwd[-1]) > len - 6 - name_len) {
3275 if (debug) {
3276 log(LOG_DEBUG, "%s%d: pap corrupted input "
3277 "<%s id=0x%x len=%d",
3278 ifp->if_name, ifp->if_unit,
3279 sppp_auth_type_name(PPP_PAP, h->type),
3280 h->ident, ntohs(h->len));
3281 if (len > 4)
3282 sppp_print_bytes((u_char*)(h+1), len-4);
3283 addlog(">\n");
3284 }
3285 break;
3286 }
3287 if (debug) {
3288 log(LOG_DEBUG, "%s%d: pap input(%s) "
3289 "<%s id=0x%x len=%d name=",
3290 ifp->if_name, ifp->if_unit,
3291 sppp_state_name(sp->state[IDX_PAP]),
3292 sppp_auth_type_name(PPP_PAP, h->type),
3293 h->ident, ntohs(h->len));
3294 sppp_print_string((char*)name, name_len);
3295 addlog(" passwd=");
3296 sppp_print_string((char*)passwd, passwd_len);
3297 addlog(">\n");
3298 }
3299 if (name_len > AUTHNAMELEN ||
3300 passwd_len > AUTHKEYLEN ||
3301 bcmp(name, sp->hisauth.name, name_len) != 0 ||
3302 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) {
3303 /* action scn, tld */
3304 mlen = sizeof(FAILMSG) - 1;
3305 sppp_auth_send(&pap, sp, PAP_NAK, h->ident,
3306 sizeof mlen, (const char *)&mlen,
3307 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
3308 0);
3309 pap.tld(sp);
3310 break;
3311 }
3312 /* action sca, perhaps tlu */
3313 if (sp->state[IDX_PAP] == STATE_REQ_SENT ||
3314 sp->state[IDX_PAP] == STATE_OPENED) {
3315 mlen = sizeof(SUCCMSG) - 1;
3316 sppp_auth_send(&pap, sp, PAP_ACK, h->ident,
3317 sizeof mlen, (const char *)&mlen,
3318 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
3319 0);
3320 }
3321 if (sp->state[IDX_PAP] == STATE_REQ_SENT) {
3322 sppp_cp_change_state(&pap, sp, STATE_OPENED);
3323 pap.tlu(sp);
3324 }
3325 break;
3326
3327 /* ack and nak are his authproto */
3328 case PAP_ACK:
3329 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
3330 if (debug) {
3331 log(LOG_DEBUG, "%s%d: pap success",
3332 ifp->if_name, ifp->if_unit);
3333 name_len = *((char *)h);
3334 if (len > 5 && name_len) {
3335 addlog(": ");
3336 sppp_print_string((char*)(h+1), name_len);
3337 }
3338 addlog("\n");
3339 }
3340 x = splimp();
3341 sp->pp_flags &= ~PP_NEEDAUTH;
3342 if (sp->myauth.proto == PPP_PAP &&
3343 (sp->lcp.protos & (1 << IDX_PAP)) == 0) {
3344 /*
3345 * We are authenticator for PAP but didn't
3346 * complete yet. Leave it to tlu to proceed
3347 * to network phase.
3348 */
3349 splx(x);
3350 break;
3351 }
3352 splx(x);
3353 sppp_phase_network(sp);
3354 break;
3355
3356 case PAP_NAK:
3357 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
3358 if (debug) {
3359 log(LOG_INFO, "%s%d: pap failure",
3360 ifp->if_name, ifp->if_unit);
3361 name_len = *((char *)h);
3362 if (len > 5 && name_len) {
3363 addlog(": ");
3364 sppp_print_string((char*)(h+1), name_len);
3365 }
3366 addlog("\n");
3367 } else
3368 log(LOG_INFO, "%s%d: pap failure\n",
3369 ifp->if_name, ifp->if_unit);
3370 /* await LCP shutdown by authenticator */
3371 break;
3372
3373 default:
3374 /* Unknown PAP packet type -- ignore. */
3375 if (debug) {
3376 log(LOG_DEBUG, "%s%d: pap corrupted input "
3377 "<0x%x id=0x%x len=%d",
3378 ifp->if_name, ifp->if_unit,
3379 h->type, h->ident, ntohs(h->len));
3380 if (len > 4)
3381 sppp_print_bytes((u_char*)(h+1), len-4);
3382 addlog(">\n");
3383 }
3384 break;
3385
3386 }
3387}
3388
3389static void
3390sppp_pap_init(struct sppp *sp)
3391{
3392 /* PAP doesn't have STATE_INITIAL at all. */
3393 sp->state[IDX_PAP] = STATE_CLOSED;
3394 sp->fail_counter[IDX_PAP] = 0;
3395 callout_handle_init(&sp->ch[IDX_PAP]);
3396 callout_handle_init(&sp->pap_my_to_ch);
3397}
3398
3399static void
3400sppp_pap_open(struct sppp *sp)
3401{
3402 if (sp->hisauth.proto == PPP_PAP &&
3403 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
3404 /* we are authenticator for PAP, start our timer */
3405 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
3406 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
3407 }
3408 if (sp->myauth.proto == PPP_PAP) {
3409 /* we are peer, send a request, and start a timer */
3410 pap.scr(sp);
3411 sp->pap_my_to_ch = timeout(sppp_pap_my_TO, (void *)sp,
3412 sp->lcp.timeout);
3413 }
3414}
3415
3416static void
3417sppp_pap_close(struct sppp *sp)
3418{
3419 if (sp->state[IDX_PAP] != STATE_CLOSED)
3420 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
3421}
3422
3423/*
3424 * That's the timeout routine if we are authenticator. Since the
3425 * authenticator is basically passive in PAP, we can't do much here.
3426 */
3427static void
3428sppp_pap_TO(void *cookie)
3429{
3430 struct sppp *sp = (struct sppp *)cookie;
3431 STDDCL;
3432 int s;
3433
3434 s = splimp();
3435 if (debug)
3436 log(LOG_DEBUG, "%s%d: pap TO(%s) rst_counter = %d\n",
3437 ifp->if_name, ifp->if_unit,
3438 sppp_state_name(sp->state[IDX_PAP]),
3439 sp->rst_counter[IDX_PAP]);
3440
3441 if (--sp->rst_counter[IDX_PAP] < 0)
3442 /* TO- event */
3443 switch (sp->state[IDX_PAP]) {
3444 case STATE_REQ_SENT:
3445 pap.tld(sp);
3446 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
3447 break;
3448 }
3449 else
3450 /* TO+ event, not very much we could do */
3451 switch (sp->state[IDX_PAP]) {
3452 case STATE_REQ_SENT:
3453 /* sppp_cp_change_state() will restart the timer */
3454 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
3455 break;
3456 }
3457
3458 splx(s);
3459}
3460
3461/*
3462 * That's the timeout handler if we are peer. Since the peer is active,
3463 * we need to retransmit our PAP request since it is apparently lost.
3464 * XXX We should impose a max counter.
3465 */
3466static void
3467sppp_pap_my_TO(void *cookie)
3468{
3469 struct sppp *sp = (struct sppp *)cookie;
3470 STDDCL;
3471
3472 if (debug)
3473 log(LOG_DEBUG, "%s%d: pap peer TO\n",
3474 ifp->if_name, ifp->if_unit);
3475
3476 pap.scr(sp);
3477}
3478
3479static void
3480sppp_pap_tlu(struct sppp *sp)
3481{
3482 STDDCL;
3483 int x;
3484
3485 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
3486
3487 if (debug)
3488 log(LOG_DEBUG, "%s%d: %s tlu\n",
3489 ifp->if_name, ifp->if_unit, pap.name);
3490
3491 x = splimp();
3492 /* indicate to LCP that we need to be closed down */
3493 sp->lcp.protos |= (1 << IDX_PAP);
3494
3495 if (sp->pp_flags & PP_NEEDAUTH) {
3496 /*
3497 * Remote is authenticator, but his auth proto didn't
3498 * complete yet. Defer the transition to network
3499 * phase.
3500 */
3501 splx(x);
3502 return;
3503 }
3504 splx(x);
3505 sppp_phase_network(sp);
3506}
3507
3508static void
3509sppp_pap_tld(struct sppp *sp)
3510{
3511 STDDCL;
3512
3513 if (debug)
3514 log(LOG_DEBUG, "%s%d: pap tld\n", ifp->if_name, ifp->if_unit);
3515 untimeout(pap.TO, (void *)sp, sp->ch[IDX_PAP]);
3516 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
3517 sp->lcp.protos &= ~(1 << IDX_PAP);
3518
3519 lcp.Close(sp);
3520}
3521
3522static void
3523sppp_pap_scr(struct sppp *sp)
3524{
3525 STDDCL;
3526 u_char idlen, pwdlen;
3527
3528 sp->confid[IDX_PAP] = ++sp->pp_seq;
3529 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN);
3530 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN);
3531
3532 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP],
3533 sizeof idlen, (const char *)&idlen,
3534 (unsigned)idlen, sp->myauth.name,
3535 sizeof pwdlen, (const char *)&pwdlen,
3536 (unsigned)pwdlen, sp->myauth.secret,
3537 0);
3538}
3539 /*
3540 * Random miscellaneous functions.
3541 */
3542
3543/*
3544 * Send a PAP or CHAP proto packet.
3545 *
3546 * Varadic function, each of the elements for the ellipsis is of type
3547 * ``unsigned mlen, const u_char *msg''. Processing will stop iff
3548 * mlen == 0.
3549 */
3550
3551static void
3552sppp_auth_send(const struct cp *cp, struct sppp *sp, u_char type, u_char id,
3553 ...)
3554{
3555 STDDCL;
3556 struct ppp_header *h;
3557 struct lcp_header *lh;
3558 struct mbuf *m;
3559 u_char *p;
3560 int len;
3561 unsigned mlen;
3562 const char *msg;
3563 va_list ap;
3564
3565 MGETHDR (m, M_DONTWAIT, MT_DATA);
3566 if (! m)
3567 return;
3568 m->m_pkthdr.rcvif = 0;
3569
3570 h = mtod (m, struct ppp_header*);
3571 h->address = PPP_ALLSTATIONS; /* broadcast address */
3572 h->control = PPP_UI; /* Unnumbered Info */
3573 h->protocol = htons(cp->proto);
3574
3575 lh = (struct lcp_header*)(h + 1);
3576 lh->type = type;
3577 lh->ident = id;
3578 p = (u_char*) (lh+1);
3579
3580 va_start(ap, id);
3581 len = 0;
3582
3583 while ((mlen = va_arg(ap, unsigned)) != 0) {
3584 msg = va_arg(ap, const char *);
3585 len += mlen;
3586 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) {
3587 va_end(ap);
3588 m_freem(m);
3589 return;
3590 }
3591
3592 bcopy(msg, p, mlen);
3593 p += mlen;
3594 }
3595 va_end(ap);
3596
3597 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len;
3598 lh->len = htons (LCP_HEADER_LEN + len);
3599
3600 if (debug) {
3601 log(LOG_DEBUG, "%s%d: %s output <%s id=0x%x len=%d",
3602 ifp->if_name, ifp->if_unit, cp->name,
3603 sppp_auth_type_name(cp->proto, lh->type),
3604 lh->ident, ntohs(lh->len));
3605 if (len)
3606 sppp_print_bytes((u_char*) (lh+1), len);
3607 addlog(">\n");
3608 }
3609 if (IF_QFULL (&sp->pp_cpq)) {
3610 IF_DROP (&sp->pp_fastq);
3611 IF_DROP (&ifp->if_snd);
3612 m_freem (m);
3613 ++ifp->if_oerrors;
3614 } else
3615 IF_ENQUEUE (&sp->pp_cpq, m);
3616 if (! (ifp->if_flags & IFF_OACTIVE))
3617 (*ifp->if_start) (ifp);
3618 ifp->if_obytes += m->m_pkthdr.len + 3;
3619}
3620
3621/*
3622 * Flush interface queue.
3623 */
3624static void
3625sppp_qflush(struct ifqueue *ifq)
3626{
3627 struct mbuf *m, *n;
3628
3629 n = ifq->ifq_head;
--- 57 unchanged lines hidden (view full) ---
3687 splx(s);
3688 keepalive_ch = timeout(sppp_keepalive, 0, hz * 10);
3689}
3690
3691/*
3692 * Get both IP addresses.
3693 */
3694static void
3695sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask)
3696{
3697 struct ifnet *ifp = &sp->pp_if;
3698 struct ifaddr *ifa;
3699 struct sockaddr_in *si, *sm;
3700 u_long ssrc, ddst;
3701
3702 ssrc = ddst = 0L;
3703 /*
3704 * Pick the first AF_INET address from the list,
3705 * aliases don't make any sense on a p2p link anyway.
3706 */
3707 for (ifa = ifp->if_addrhead.tqh_first, si = 0;
3708 ifa;
3709 ifa = ifa->ifa_link.tqe_next)
3710 if (ifa->ifa_addr->sa_family == AF_INET) {
3711 si = (struct sockaddr_in *)ifa->ifa_addr;
3712 sm = (struct sockaddr_in *)ifa->ifa_netmask;
3713 if (si)
3714 break;
3715 }
3716 if (ifa) {
3717 if (si && si->sin_addr.s_addr) {
3718 ssrc = si->sin_addr.s_addr;
3719 if (srcmask)
3720 *srcmask = ntohl(sm->sin_addr.s_addr);
3721 }
3722
3723 si = (struct sockaddr_in *)ifa->ifa_dstaddr;
3724 if (si && si->sin_addr.s_addr)
3725 ddst = si->sin_addr.s_addr;
3726 }
3727
3728 if (dst) *dst = ntohl(ddst);
3729 if (src) *src = ntohl(ssrc);
--- 10 unchanged lines hidden (view full) ---
3740 struct sockaddr_in *si;
3741 u_long ssrc, ddst;
3742
3743 /*
3744 * Pick the first AF_INET address from the list,
3745 * aliases don't make any sense on a p2p link anyway.
3746 */
3747 for (ifa = ifp->if_addrhead.tqh_first, si = 0;
3748 ifa;
3749 ifa = ifa->ifa_link.tqe_next)
3750 if (ifa->ifa_addr->sa_family == AF_INET) {
3751 si = (struct sockaddr_in *)ifa->ifa_addr;
3752 if (si)
3753 break;
3754 }
3755 if (ifa && si)
3756 si->sin_addr.s_addr = htonl(src);
3757}
3758
3759static int
3760sppp_params(struct sppp *sp, int cmd, void *data)
3761{
3762 int subcmd;
3763 struct ifreq *ifr = (struct ifreq *)data;
3764 struct spppreq spr;
3765
3766 /*
3767 * ifr->ifr_data is supposed to point to a struct spppreq.
3768 * Check the cmd word first before attempting to fetch all the
3769 * data.
3770 */
3771 if ((subcmd = fuword(ifr->ifr_data)) == -1)
3772 return EFAULT;
3773
3774 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0)
3775 return EFAULT;
3776
3777 switch (subcmd) {
3778 case SPPPIOGDEFS:
3779 if (cmd != SIOCGIFGENERIC)
3780 return EINVAL;
3781 /*
3782 * We copy over the entire current state, but clean
3783 * out some of the stuff we don't wanna pass up.
3784 * Remember, SIOCGIFGENERIC is unprotected, and can be
3785 * called by any user. No need to ever get PAP or
3786 * CHAP secrets back to userland anyway.
3787 */
3788 bcopy(sp, &spr.defs, sizeof(struct sppp));
3789 bzero(spr.defs.myauth.secret, AUTHKEYLEN);
3790 bzero(spr.defs.myauth.challenge, AUTHKEYLEN);
3791 bzero(spr.defs.hisauth.secret, AUTHKEYLEN);
3792 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN);
3793 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr);
3794
3795 case SPPPIOSDEFS:
3796 if (cmd != SIOCSIFGENERIC)
3797 return EINVAL;
3798 /*
3799 * We have a very specific idea of which fields we allow
3800 * being passed back from userland, so to not clobber our
3801 * current state. For one, we only allow setting
3802 * anything if LCP is in dead phase. Once the LCP
3803 * negotiations started, the authentication settings must
3804 * not be changed again. (The administrator can force an
3805 * ifconfig down in order to get LCP back into dead
3806 * phase.)
3807 *
3808 * Also, we only allow for authentication parameters to be
3809 * specified.
3810 *
3811 * XXX Should allow to set or clear pp_flags.
3812 *
3813 * Finally, if the respective authentication protocol to
3814 * be used is set differently than 0, but the secret is
3815 * passed as all zeros, we don't trash the existing secret.
3816 * This allows an administrator to change the system name
3817 * only without clobbering the secret (which he didn't get
3818 * back in a previous SPPPIOGDEFS call). However, the
3819 * secrets are cleared if the authentication protocol is
3820 * reset to 0.
3821 */
3822 if (sp->pp_phase != PHASE_DEAD)
3823 return EBUSY;
3824
3825 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP &&
3826 spr.defs.myauth.proto != PPP_CHAP) ||
3827 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP &&
3828 spr.defs.hisauth.proto != PPP_CHAP))
3829 return EINVAL;
3830
3831 if (spr.defs.myauth.proto == 0)
3832 /* resetting myauth */
3833 bzero(&sp->myauth, sizeof sp->myauth);
3834 else {
3835 /* setting/changing myauth */
3836 sp->myauth.proto = spr.defs.myauth.proto;
3837 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN);
3838 if (spr.defs.myauth.secret[0] != '\0')
3839 bcopy(spr.defs.myauth.secret, sp->myauth.secret,
3840 AUTHKEYLEN);
3841 }
3842 if (spr.defs.hisauth.proto == 0)
3843 /* resetting hisauth */
3844 bzero(&sp->hisauth, sizeof sp->hisauth);
3845 else {
3846 /* setting/changing hisauth */
3847 sp->hisauth.proto = spr.defs.hisauth.proto;
3848 sp->hisauth.flags = spr.defs.hisauth.flags;
3849 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN);
3850 if (spr.defs.hisauth.secret[0] != '\0')
3851 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret,
3852 AUTHKEYLEN);
3853 }
3854 break;
3855
3856 default:
3857 return EINVAL;
3858 }
3859
3860 return 0;
3861}
3862
3863static void
3864sppp_phase_network(struct sppp *sp)
3865{
3866 struct ifnet *ifp = &sp->pp_if;
3867 int i;
3868 u_long mask;
3869
3870 sp->pp_phase = PHASE_NETWORK;
3871
3872 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit,
3873 sppp_phase_name(sp->pp_phase));
3874
3875 /* Notify NCPs now. */
3876 for (i = 0; i < IDX_COUNT; i++)
3877 if ((cps[i])->flags & CP_NCP)
3878 (cps[i])->Open(sp);
3879
3880 /* Send Up events to all NCPs. */
3881 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
3882 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP))
3883 (cps[i])->Up(sp);
3884
3885 /* if no NCP is starting, all this was in vain, close down */
3886 sppp_lcp_check_and_close(sp);
3887}
3888
3889
3890static const char *
3891sppp_cp_type_name(u_char type)
3892{
3893 static char buf[12];
3894 switch (type) {
3895 case CONF_REQ: return "conf-req";
3896 case CONF_ACK: return "conf-ack";
3897 case CONF_NAK: return "conf-nak";
3898 case CONF_REJ: return "conf-rej";
3899 case TERM_REQ: return "term-req";
3900 case TERM_ACK: return "term-ack";
3901 case CODE_REJ: return "code-rej";
3902 case PROTO_REJ: return "proto-rej";
3903 case ECHO_REQ: return "echo-req";
3904 case ECHO_REPLY: return "echo-reply";
3905 case DISC_REQ: return "discard-req";
3906 }
3907 sprintf (buf, "0x%x", type);
3908 return buf;
3909}
3910
3911static const char *
3912sppp_auth_type_name(u_short proto, u_char type)
3913{
3914 static char buf[12];
3915 switch (proto) {
3916 case PPP_CHAP:
3917 switch (type) {
3918 case CHAP_CHALLENGE: return "challenge";
3919 case CHAP_RESPONSE: return "response";
3920 case CHAP_SUCCESS: return "success";
3921 case CHAP_FAILURE: return "failure";
3922 }
3923 case PPP_PAP:
3924 switch (type) {
3925 case PAP_REQ: return "req";
3926 case PAP_ACK: return "ack";
3927 case PAP_NAK: return "nak";
3928 }
3929 }
3930 sprintf (buf, "0x%x", type);
3931 return buf;
3932}
3933
3934static const char *
3935sppp_lcp_opt_name(u_char opt)
3936{
3937 static char buf[12];
3938 switch (opt) {
3939 case LCP_OPT_MRU: return "mru";
3940 case LCP_OPT_ASYNC_MAP: return "async-map";
3941 case LCP_OPT_AUTH_PROTO: return "auth-proto";
3942 case LCP_OPT_QUAL_PROTO: return "qual-proto";
3943 case LCP_OPT_MAGIC: return "magic";
3944 case LCP_OPT_PROTO_COMP: return "proto-comp";
3945 case LCP_OPT_ADDR_COMP: return "addr-comp";
3946 }
3947 sprintf (buf, "0x%x", opt);
3948 return buf;
3949}
3950
3951static const char *
3952sppp_ipcp_opt_name(u_char opt)
3953{
3954 static char buf[12];
3955 switch (opt) {
3956 case IPCP_OPT_ADDRESSES: return "addresses";
3957 case IPCP_OPT_COMPRESSION: return "compression";
3958 case IPCP_OPT_ADDRESS: return "address";
3959 }
3960 sprintf (buf, "0x%x", opt);
3961 return buf;
3962}
3963
3964static const char *
3965sppp_state_name(int state)
3966{
3967 switch (state) {
3968 case STATE_INITIAL: return "initial";
3969 case STATE_STARTING: return "starting";
--- 24 unchanged lines hidden (view full) ---
3994
3995static const char *
3996sppp_proto_name(u_short proto)
3997{
3998 static char buf[12];
3999 switch (proto) {
4000 case PPP_LCP: return "lcp";
4001 case PPP_IPCP: return "ipcp";
4002 case PPP_PAP: return "pap";
4003 case PPP_CHAP: return "chap";
4004 }
4005 sprintf(buf, "0x%x", (unsigned)proto);
4006 return buf;
4007}
4008
4009static void
4010sppp_print_bytes(const u_char *p, u_short len)
4011{
4012 addlog(" %x", *p++);
4013 while (--len > 0)
4014 addlog("-%x", *p++);
4015}
4016
4017static void
4018sppp_print_string(const char *p, u_short len)
4019{
4020 u_char c;
4021
4022 while (len-- > 0) {
4023 c = *p++;
4024 /*
4025 * Print only ASCII chars directly. RFC 1994 recommends
4026 * using only them, but we don't rely on it. */
4027 if (c < ' ' || c > '~')
4028 addlog("\\x%x", c);
4029 else
4030 addlog("%c", c);
4031 }
4032}
4033
4034static const char *
4035sppp_dotted_quad(u_long addr)
4036{
4037 static char s[16];
4038 sprintf(s, "%d.%d.%d.%d",
4039 (addr >> 24) & 0xff,
4040 (addr >> 16) & 0xff,
4041 (addr >> 8) & 0xff,
4042 addr & 0xff);
4043 return s;
4044}
4045
4046static int
4047sppp_strnlen(u_char *p, int max)
4048{
4049 int len;
4050
4051 for (len = 0; len < max && *p; ++p)
4052 ++len;
4053 return len;
4054}
4055
4056/* a dummy, used to drop uninteresting events */
4057static void
4058sppp_null(struct sppp *unused)
4059{
4060 /* do just nothing */
4061}
4062/*
4063 * This file is large. Tell emacs to highlight it nevertheless.
4064 *
4065 * Local Variables:
4066 * hilit-auto-highlight-maxout: 120000
4067 * End:
4068 */