if_spppsubr.c revision 102412
1195534Sscottl/* 2238805Smav * Synchronous PPP/Cisco link level subroutines. 3195534Sscottl * Keepalive protocol implemented in both Cisco and PPP modes. 4195534Sscottl * 5195534Sscottl * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6195534Sscottl * Author: Serge Vakulenko, <vak@cronyx.ru> 7195534Sscottl * 8195534Sscottl * Heavily revamped to conform to RFC 1661. 9195534Sscottl * Copyright (C) 1997, 2001 Joerg Wunsch. 10195534Sscottl * 11195534Sscottl * This software is distributed with NO WARRANTIES, not even the implied 12195534Sscottl * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13195534Sscottl * 14195534Sscottl * Authors grant any other persons or organisations permission to use 15195534Sscottl * or modify this software as long as this message is kept with the software, 16195534Sscottl * all derivative works or modified versions. 17195534Sscottl * 18195534Sscottl * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 19195534Sscottl * 20195534Sscottl * $FreeBSD: head/sys/net/if_spppsubr.c 102412 2002-08-25 13:23:09Z charnier $ 21195534Sscottl */ 22195534Sscottl 23195534Sscottl#include <sys/param.h> 24195534Sscottl 25195534Sscottl#if defined(__FreeBSD__) && __FreeBSD__ >= 3 26195534Sscottl#include "opt_inet.h" 27195534Sscottl#include "opt_inet6.h" 28195534Sscottl#include "opt_ipx.h" 29195534Sscottl#endif 30195534Sscottl 31195534Sscottl#ifdef NetBSD1_3 32195534Sscottl# if NetBSD1_3 > 6 33195534Sscottl# include "opt_inet.h" 34195534Sscottl# include "opt_inet6.h" 35220576Smav# include "opt_iso.h" 36195534Sscottl# endif 37195534Sscottl#endif 38195534Sscottl 39195534Sscottl#include <sys/systm.h> 40195534Sscottl#include <sys/kernel.h> 41195534Sscottl#include <sys/module.h> 42195534Sscottl#include <sys/sockio.h> 43195534Sscottl#include <sys/socket.h> 44195534Sscottl#include <sys/syslog.h> 45195534Sscottl#if defined(__FreeBSD__) && __FreeBSD__ >= 3 46195534Sscottl#include <sys/random.h> 47195534Sscottl#endif 48195534Sscottl#include <sys/malloc.h> 49195534Sscottl#include <sys/mbuf.h> 50195534Sscottl 51195534Sscottl#if defined (__OpenBSD__) 52195534Sscottl#include <sys/md5k.h> 53195534Sscottl#else 54195534Sscottl#include <sys/md5.h> 55260387Sscottl#endif 56208375Smav 57208375Smav#include <net/if.h> 58195534Sscottl#include <net/netisr.h> 59195534Sscottl#include <net/if_types.h> 60196656Smav#include <net/route.h> 61260387Sscottl#include <netinet/in.h> 62260387Sscottl#include <netinet/in_systm.h> 63260387Sscottl#include <netinet/ip.h> 64279918Smav#include <net/slcompress.h> 65195534Sscottl 66195534Sscottl#if defined (__NetBSD__) || defined (__OpenBSD__) 67195534Sscottl#include <machine/cpu.h> /* XXX for softnet */ 68195534Sscottl#endif 69279918Smav 70195534Sscottl#include <machine/stdarg.h> 71195534Sscottl 72195534Sscottl#include <netinet/in.h> 73195534Sscottl#include <netinet/in_systm.h> 74195534Sscottl#include <netinet/in_var.h> 75279918Smav 76279918Smav#ifdef INET 77279918Smav#include <netinet/ip.h> 78279918Smav#include <netinet/tcp.h> 79279918Smav#endif 80279918Smav 81195534Sscottl#if defined (__FreeBSD__) || defined (__OpenBSD__) 82195534Sscottl# include <netinet/if_ether.h> 83279918Smav#else 84279918Smav# include <net/ethertypes.h> 85195534Sscottl#endif 86279918Smav 87279918Smav#ifdef IPX 88279918Smav#include <netipx/ipx.h> 89195534Sscottl#include <netipx/ipx_if.h> 90195534Sscottl#endif 91195534Sscottl 92195534Sscottl#ifdef NS 93227293Sed#include <netns/ns.h> 94195534Sscottl#include <netns/ns_if.h> 95220565Smav#endif 96220565Smav 97220565Smav#include <net/if_sppp.h> 98220565Smav 99220565Smav#if defined(__FreeBSD__) && __FreeBSD__ >= 3 100220565Smav# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg, handle) 101279918Smav# define TIMEOUT(fun, arg1, arg2, handle) handle = timeout(fun, arg1, arg2) 102279918Smav# define IOCTL_CMD_T u_long 103195534Sscottl#else 104279918Smav# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg) 105279918Smav# define TIMEOUT(fun, arg1, arg2, handle) timeout(fun, arg1, arg2) 106279918Smav# define IOCTL_CMD_T int 107279918Smav#endif 108279918Smav 109279918Smav#define MAXALIVECNT 3 /* max. alive packets */ 110279918Smav 111279918Smav/* 112279918Smav * Interface flags that can be set in an ifconfig command. 113279918Smav * 114279918Smav * Setting link0 will make the link passive, i.e. it will be marked 115279918Smav * as being administrative openable, but won't be opened to begin 116279918Smav * with. Incoming calls will be answered, or subsequent calls with 117279918Smav * -link1 will cause the administrative open of the LCP layer. 118279918Smav * 119279918Smav * Setting link1 will cause the link to auto-dial only as packets 120199322Smav * arrive to be sent. 121199322Smav * 122279918Smav * Setting IFF_DEBUG will syslog the option negotiation and state 123279918Smav * transitions at level kern.debug. Note: all logs consistently look 124279918Smav * like 125279918Smav * 126199322Smav * <if-name><unit>: <proto-name> <additional info...> 127199322Smav * 128279918Smav * with <if-name><unit> being something like "bppp0", and <proto-name> 129279918Smav * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 130199322Smav */ 131279918Smav 132279918Smav#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 133195534Sscottl#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 134279918Smav#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 135279918Smav 136279918Smav#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 137279918Smav#define PPP_UI 0x03 /* Unnumbered Information */ 138279918Smav#define PPP_IP 0x0021 /* Internet Protocol */ 139279918Smav#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 140279918Smav#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 141279918Smav#define PPP_IPX 0x002b /* Novell IPX Protocol */ 142279918Smav#define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */ 143279918Smav#define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */ 144279918Smav#define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 145199322Smav#define PPP_LCP 0xc021 /* Link Control Protocol */ 146199176Smav#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 147279918Smav#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 148279918Smav#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 149279918Smav#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 150195534Sscottl 151195534Sscottl#define CONF_REQ 1 /* PPP configure request */ 152279918Smav#define CONF_ACK 2 /* PPP configure acknowledge */ 153279918Smav#define CONF_NAK 3 /* PPP configure negative ack */ 154195534Sscottl#define CONF_REJ 4 /* PPP configure reject */ 155195534Sscottl#define TERM_REQ 5 /* PPP terminate request */ 156195534Sscottl#define TERM_ACK 6 /* PPP terminate acknowledge */ 157302791Smav#define CODE_REJ 7 /* PPP code reject */ 158302791Smav#define PROTO_REJ 8 /* PPP protocol reject */ 159195534Sscottl#define ECHO_REQ 9 /* PPP echo request */ 160195534Sscottl#define ECHO_REPLY 10 /* PPP echo reply */ 161195534Sscottl#define DISC_REQ 11 /* PPP discard request */ 162279918Smav 163196656Smav#define LCP_OPT_MRU 1 /* maximum receive unit */ 164196656Smav#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 165279918Smav#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 166195534Sscottl#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 167208414Smav#define LCP_OPT_MAGIC 5 /* magic number */ 168208414Smav#define LCP_OPT_RESERVED 6 /* reserved */ 169195534Sscottl#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 170195534Sscottl#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 171195534Sscottl 172195534Sscottl#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 173195534Sscottl#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 174195534Sscottl#define IPCP_OPT_ADDRESS 3 /* local IP address */ 175195534Sscottl 176195534Sscottl#define IPV6CP_OPT_IFID 1 /* interface identifier */ 177195534Sscottl#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 178195534Sscottl 179195534Sscottl#define IPCP_COMP_VJ 0x2d /* Code for VJ compression */ 180195534Sscottl 181199322Smav#define PAP_REQ 1 /* PAP name/password request */ 182199322Smav#define PAP_ACK 2 /* PAP acknowledge */ 183199322Smav#define PAP_NAK 3 /* PAP fail */ 184240383Smav 185199322Smav#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 186203108Smav#define CHAP_RESPONSE 2 /* CHAP challenge response */ 187203108Smav#define CHAP_SUCCESS 3 /* CHAP response ok */ 188195534Sscottl#define CHAP_FAILURE 4 /* CHAP response failed */ 189222304Smav 190222304Smav#define CHAP_MD5 5 /* hash algorithm - MD5 */ 191271523Smav 192222304Smav#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 193271523Smav#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 194222304Smav#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 195199322Smav#define CISCO_ADDR_REQ 0 /* Cisco address request */ 196199322Smav#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 197199322Smav#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 198199322Smav 199199322Smav/* states are named and numbered according to RFC 1661 */ 200199322Smav#define STATE_INITIAL 0 201199322Smav#define STATE_STARTING 1 202199322Smav#define STATE_CLOSED 2 203199322Smav#define STATE_STOPPED 3 204199322Smav#define STATE_CLOSING 4 205199322Smav#define STATE_STOPPING 5 206199322Smav#define STATE_REQ_SENT 6 207199322Smav#define STATE_ACK_RCVD 7 208199322Smav#define STATE_ACK_SENT 8 209195534Sscottl#define STATE_OPENED 9 210199322Smav 211199322Smavstruct ppp_header { 212199322Smav u_char address; 213199322Smav u_char control; 214199322Smav u_short protocol; 215205422Smav} __attribute__((__packed__)); 216205422Smav#define PPP_HEADER_LEN sizeof (struct ppp_header) 217222039Smav 218249346Smavstruct lcp_header { 219249346Smav u_char type; 220276268Sian u_char ident; 221249346Smav u_short len; 222249346Smav} __attribute__((__packed__)); 223249346Smav#define LCP_HEADER_LEN sizeof (struct lcp_header) 224249346Smav 225249346Smavstruct cisco_packet { 226249346Smav u_long type; 227249346Smav u_long par1; 228277061Ssmh u_long par2; 229249346Smav u_short rel; 230249346Smav u_short time0; 231205422Smav u_short time1; 232279918Smav} __attribute__((__packed__)); 233195534Sscottl#define CISCO_PACKET_LEN sizeof (struct cisco_packet) 234277061Ssmh 235249346Smav/* 236279918Smav * We follow the spelling and capitalization of RFC 1661 here, to make 237279918Smav * it easier comparing with the standard. Please refer to this RFC in 238195534Sscottl * case you can't make sense out of these abbreviation; it will also 239277061Ssmh * explain the semantics related to the various events and actions. 240195534Sscottl */ 241279918Smavstruct cp { 242260387Sscottl u_short proto; /* PPP control protocol number */ 243260387Sscottl u_char protoidx; /* index into state table in struct sppp */ 244260387Sscottl u_char flags; 245260387Sscottl#define CP_LCP 0x01 /* this is the LCP */ 246260387Sscottl#define CP_AUTH 0x02 /* this is an authentication protocol */ 247260387Sscottl#define CP_NCP 0x04 /* this is a NCP */ 248195534Sscottl#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 249196656Smav const char *name; /* name of this control protocol */ 250195534Sscottl /* event handlers */ 251203123Smav void (*Up)(struct sppp *sp); 252195534Sscottl void (*Down)(struct sppp *sp); 253195534Sscottl void (*Open)(struct sppp *sp); 254196656Smav void (*Close)(struct sppp *sp); 255195534Sscottl void (*TO)(void *sp); 256195534Sscottl int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 257196656Smav void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 258203123Smav void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 259203123Smav /* actions */ 260203123Smav void (*tlu)(struct sppp *sp); 261250792Ssmh void (*tld)(struct sppp *sp); 262250792Ssmh void (*tls)(struct sppp *sp); 263250792Ssmh void (*tlf)(struct sppp *sp); 264250792Ssmh void (*scr)(struct sppp *sp); 265195534Sscottl}; 266195534Sscottl 267196656Smavstatic struct sppp *spppq; 268196656Smav#if defined(__FreeBSD__) && __FreeBSD__ >= 3 269196656Smavstatic struct callout_handle keepalive_ch; 270196656Smav#endif 271196656Smav 272196656Smav#if defined(__FreeBSD__) && __FreeBSD__ >= 3 273196656Smav#define SPP_FMT "%s%d: " 274196656Smav#define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 275195534Sscottl#else 276195534Sscottl#define SPP_FMT "%s: " 277195534Sscottl#define SPP_ARGS(ifp) (ifp)->if_xname 278196656Smav#endif 279196656Smav 280196656Smav#ifdef INET 281196656Smav/* 282196656Smav * The following disgusting hack gets around the problem that IP TOS 283196656Smav * can't be set yet. We want to put "interactive" traffic on a high 284196656Smav * priority queue. To decide if traffic is interactive, we check that 285196656Smav * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 286196656Smav * 287196656Smav * XXX is this really still necessary? - joerg - 288196656Smav */ 289195534Sscottlstatic u_short interactive_ports[8] = { 290240383Smav 0, 513, 0, 0, 291253647Smav 0, 21, 0, 23, 292253647Smav}; 293253647Smav#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 294253647Smav#endif 295196656Smav 296196656Smav/* almost every function needs these */ 297196656Smav#define STDDCL \ 298196656Smav struct ifnet *ifp = &sp->pp_if; \ 299195534Sscottl int debug = ifp->if_flags & IFF_DEBUG 300195534Sscottl 301195534Sscottlstatic int sppp_output(struct ifnet *ifp, struct mbuf *m, 302227635Smav struct sockaddr *dst, struct rtentry *rt); 303195534Sscottl 304227635Smavstatic void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 305227635Smavstatic void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 306227635Smav 307227635Smavstatic void sppp_cp_input(const struct cp *cp, struct sppp *sp, 308227635Smav struct mbuf *m); 309195534Sscottlstatic void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 310238805Smav u_char ident, u_short len, void *data); 311238805Smav/* static void sppp_cp_timeout(void *arg); */ 312238805Smavstatic void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 313238805Smav int newstate); 314238805Smavstatic void sppp_auth_send(const struct cp *cp, 315238805Smav struct sppp *sp, unsigned int type, unsigned int id, 316238805Smav ...); 317195534Sscottl 318277061Ssmhstatic void sppp_up_event(const struct cp *cp, struct sppp *sp); 319195534Sscottlstatic void sppp_down_event(const struct cp *cp, struct sppp *sp); 320195534Sscottlstatic void sppp_open_event(const struct cp *cp, struct sppp *sp); 321279918Smavstatic void sppp_close_event(const struct cp *cp, struct sppp *sp); 322195534Sscottlstatic void sppp_to_event(const struct cp *cp, struct sppp *sp); 323195534Sscottl 324195534Sscottlstatic void sppp_null(struct sppp *sp); 325227701Shselasky 326195534Sscottlstatic void sppp_lcp_init(struct sppp *sp); 327195534Sscottlstatic void sppp_lcp_up(struct sppp *sp); 328227849Shselaskystatic void sppp_lcp_down(struct sppp *sp); 329227701Shselaskystatic void sppp_lcp_open(struct sppp *sp); 330195534Sscottlstatic void sppp_lcp_close(struct sppp *sp); 331195534Sscottlstatic void sppp_lcp_TO(void *sp); 332195534Sscottlstatic int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 333195534Sscottlstatic void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 334195534Sscottlstatic void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 335195534Sscottlstatic void sppp_lcp_tlu(struct sppp *sp); 336195534Sscottlstatic void sppp_lcp_tld(struct sppp *sp); 337195534Sscottlstatic void sppp_lcp_tls(struct sppp *sp); 338195534Sscottlstatic void sppp_lcp_tlf(struct sppp *sp); 339249346Smavstatic void sppp_lcp_scr(struct sppp *sp); 340195534Sscottlstatic void sppp_lcp_check_and_close(struct sppp *sp); 341195534Sscottlstatic int sppp_ncp_check(struct sppp *sp); 342195534Sscottl 343195534Sscottlstatic void sppp_ipcp_init(struct sppp *sp); 344195534Sscottlstatic void sppp_ipcp_up(struct sppp *sp); 345195534Sscottlstatic void sppp_ipcp_down(struct sppp *sp); 346195534Sscottlstatic void sppp_ipcp_open(struct sppp *sp); 347279918Smavstatic void sppp_ipcp_close(struct sppp *sp); 348195534Sscottlstatic void sppp_ipcp_TO(void *sp); 349195534Sscottlstatic int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 350195534Sscottlstatic void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 351260387Sscottlstatic void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 352195534Sscottlstatic void sppp_ipcp_tlu(struct sppp *sp); 353195534Sscottlstatic void sppp_ipcp_tld(struct sppp *sp); 354195534Sscottlstatic void sppp_ipcp_tls(struct sppp *sp); 355195534Sscottlstatic void sppp_ipcp_tlf(struct sppp *sp); 356195534Sscottlstatic void sppp_ipcp_scr(struct sppp *sp); 357195534Sscottl 358195534Sscottlstatic void sppp_ipv6cp_init(struct sppp *sp); 359277061Ssmhstatic void sppp_ipv6cp_up(struct sppp *sp); 360277061Ssmhstatic void sppp_ipv6cp_down(struct sppp *sp); 361277061Ssmhstatic void sppp_ipv6cp_open(struct sppp *sp); 362277061Ssmhstatic void sppp_ipv6cp_close(struct sppp *sp); 363277061Ssmhstatic void sppp_ipv6cp_TO(void *sp); 364277061Ssmhstatic int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 365277061Ssmhstatic void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 366277061Ssmhstatic void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 367195534Sscottlstatic void sppp_ipv6cp_tlu(struct sppp *sp); 368195534Sscottlstatic void sppp_ipv6cp_tld(struct sppp *sp); 369195534Sscottlstatic void sppp_ipv6cp_tls(struct sppp *sp); 370260387Sscottlstatic void sppp_ipv6cp_tlf(struct sppp *sp); 371279918Smavstatic void sppp_ipv6cp_scr(struct sppp *sp); 372279918Smav 373279918Smavstatic void sppp_pap_input(struct sppp *sp, struct mbuf *m); 374196656Smavstatic void sppp_pap_init(struct sppp *sp); 375195534Sscottlstatic void sppp_pap_open(struct sppp *sp); 376304413Smavstatic void sppp_pap_close(struct sppp *sp); 377304413Smavstatic void sppp_pap_TO(void *sp); 378195534Sscottlstatic void sppp_pap_my_TO(void *sp); 379195534Sscottlstatic void sppp_pap_tlu(struct sppp *sp); 380195534Sscottlstatic void sppp_pap_tld(struct sppp *sp); 381195534Sscottlstatic void sppp_pap_scr(struct sppp *sp); 382195534Sscottl 383195534Sscottlstatic void sppp_chap_input(struct sppp *sp, struct mbuf *m); 384277061Ssmhstatic void sppp_chap_init(struct sppp *sp); 385195534Sscottlstatic void sppp_chap_open(struct sppp *sp); 386195534Sscottlstatic void sppp_chap_close(struct sppp *sp); 387260387Sscottlstatic void sppp_chap_TO(void *sp); 388260387Sscottlstatic void sppp_chap_tlu(struct sppp *sp); 389260387Sscottlstatic void sppp_chap_tld(struct sppp *sp); 390195534Sscottlstatic void sppp_chap_scr(struct sppp *sp); 391195534Sscottl 392195534Sscottlstatic const char *sppp_auth_type_name(u_short proto, u_char type); 393277061Ssmhstatic const char *sppp_cp_type_name(u_char type); 394195534Sscottlstatic const char *sppp_dotted_quad(u_long addr); 395202011Smavstatic const char *sppp_ipcp_opt_name(u_char opt); 396202011Smav#ifdef INET6 397202011Smavstatic const char *sppp_ipv6cp_opt_name(u_char opt); 398202011Smav#endif 399202011Smavstatic const char *sppp_lcp_opt_name(u_char opt); 400202011Smavstatic const char *sppp_phase_name(enum ppp_phase phase); 401195534Sscottlstatic const char *sppp_proto_name(u_short proto); 402195534Sscottlstatic const char *sppp_state_name(int state); 403195534Sscottlstatic int sppp_params(struct sppp *sp, u_long cmd, void *data); 404195534Sscottlstatic int sppp_strnlen(u_char *p, int max); 405195534Sscottlstatic void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 406195534Sscottl u_long *srcmask); 407195534Sscottlstatic void sppp_keepalive(void *dummy); 408195534Sscottlstatic void sppp_phase_network(struct sppp *sp); 409195534Sscottlstatic void sppp_print_bytes(const u_char *p, u_short len); 410195534Sscottlstatic void sppp_print_string(const char *p, u_short len); 411195534Sscottlstatic void sppp_qflush(struct ifqueue *ifq); 412195534Sscottlstatic void sppp_set_ip_addr(struct sppp *sp, u_long src); 413205422Smav#ifdef INET6 414195534Sscottlstatic void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 415195534Sscottl struct in6_addr *dst, struct in6_addr *srcmask); 416195534Sscottl#ifdef IPV6CP_MYIFID_DYN 417196656Smavstatic void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 418195534Sscottlstatic void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 419196656Smav#endif 420196656Smavstatic void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 421196656Smav#endif 422196656Smav 423196656Smav/* our control protocol descriptors */ 424195534Sscottlstatic const struct cp lcp = { 425196656Smav PPP_LCP, IDX_LCP, CP_LCP, "lcp", 426304414Smav sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 427196656Smav sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 428205422Smav sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 429205422Smav sppp_lcp_scr 430205422Smav}; 431200814Smav 432200814Smavstatic const struct cp ipcp = { 433205422Smav PPP_IPCP, IDX_IPCP, 434205422Smav#ifdef INET /* don't run IPCP if there's no IPv4 support */ 435205422Smav CP_NCP, 436195534Sscottl#else 437195534Sscottl 0, 438195534Sscottl#endif 439199322Smav "ipcp", 440195534Sscottl sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 441195534Sscottl sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 442200814Smav sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 443200814Smav sppp_ipcp_scr 444200814Smav}; 445195534Sscottl 446195534Sscottlstatic const struct cp ipv6cp = { 447195534Sscottl PPP_IPV6CP, IDX_IPV6CP, 448195534Sscottl#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 449195534Sscottl CP_NCP, 450195534Sscottl#else 451195534Sscottl 0, 452195534Sscottl#endif 453195534Sscottl "ipv6cp", 454195534Sscottl sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 455195534Sscottl sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 456195534Sscottl sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 457195534Sscottl sppp_ipv6cp_scr 458195534Sscottl}; 459195534Sscottl 460195534Sscottlstatic const struct cp pap = { 461202011Smav PPP_PAP, IDX_PAP, CP_AUTH, "pap", 462260387Sscottl sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 463195534Sscottl sppp_pap_TO, 0, 0, 0, 464195534Sscottl sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 465260387Sscottl sppp_pap_scr 466260387Sscottl}; 467260387Sscottl 468260387Sscottlstatic const struct cp chap = { 469260387Sscottl PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 470260387Sscottl sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 471260387Sscottl sppp_chap_TO, 0, 0, 0, 472260387Sscottl sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 473260387Sscottl sppp_chap_scr 474260387Sscottl}; 475260387Sscottl 476260387Sscottlstatic const struct cp *cps[IDX_COUNT] = { 477260387Sscottl &lcp, /* IDX_LCP */ 478260387Sscottl &ipcp, /* IDX_IPCP */ 479260387Sscottl &ipv6cp, /* IDX_IPV6CP */ 480279918Smav &pap, /* IDX_PAP */ 481195534Sscottl &chap, /* IDX_CHAP */ 482279918Smav}; 483195534Sscottl 484195534Sscottlstatic int 485238805Smavsppp_modevent(module_t mod, int type, void *unused) 486195534Sscottl{ 487238805Smav switch (type) { 488195534Sscottl case MOD_LOAD: 489238805Smav break; 490238805Smav case MOD_UNLOAD: 491195534Sscottl return EACCES; 492195534Sscottl break; 493238805Smav default: 494238805Smav break; 495238805Smav } 496238805Smav return 0; 497238805Smav} 498238805Smavstatic moduledata_t spppmod = { 499238805Smav "sppp", 500238805Smav sppp_modevent, 501238805Smav 0 502238805Smav}; 503238805SmavMODULE_VERSION(sppp, 1); 504238805SmavDECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 505238805Smav 506238805Smav/* 507238805Smav * Exported functions, comprising our interface to the lower layer. 508238805Smav */ 509238805Smav 510195534Sscottl/* 511195534Sscottl * Process the received packet. 512238805Smav */ 513195534Sscottlvoid 514195534Sscottlsppp_input(struct ifnet *ifp, struct mbuf *m) 515195534Sscottl{ 516195534Sscottl struct ppp_header *h; 517195534Sscottl struct ifqueue *inq = 0; 518195534Sscottl struct sppp *sp = (struct sppp *)ifp; 519195534Sscottl u_char *iphdr; 520195534Sscottl int hlen, vjlen, do_account = 0; 521195534Sscottl int debug = ifp->if_flags & IFF_DEBUG; 522195534Sscottl 523195534Sscottl if (ifp->if_flags & IFF_UP) 524195534Sscottl /* Count received bytes, add FCS and one flag */ 525195534Sscottl ifp->if_ibytes += m->m_pkthdr.len + 3; 526195534Sscottl 527195534Sscottl if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 528195534Sscottl /* Too small packet, drop it. */ 529195534Sscottl if (debug) 530195534Sscottl log(LOG_DEBUG, 531279918Smav SPP_FMT "input packet is too small, %d bytes\n", 532195534Sscottl SPP_ARGS(ifp), m->m_pkthdr.len); 533279918Smav drop: 534195534Sscottl m_freem (m); 535195534Sscottl drop2: 536195534Sscottl ++ifp->if_ierrors; 537195534Sscottl ++ifp->if_iqdrops; 538195534Sscottl return; 539195534Sscottl } 540195534Sscottl 541195534Sscottl /* Get PPP header. */ 542277061Ssmh h = mtod (m, struct ppp_header*); 543195534Sscottl m_adj (m, PPP_HEADER_LEN); 544195534Sscottl 545195534Sscottl switch (h->address) { 546195534Sscottl case PPP_ALLSTATIONS: 547195534Sscottl if (h->control != PPP_UI) 548279918Smav goto invalid; 549195534Sscottl if (sp->pp_mode == IFF_CISCO) { 550279918Smav if (debug) 551279918Smav log(LOG_DEBUG, 552195534Sscottl SPP_FMT "PPP packet in Cisco mode " 553195534Sscottl "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 554195534Sscottl SPP_ARGS(ifp), 555195534Sscottl h->address, h->control, ntohs(h->protocol)); 556195534Sscottl goto drop; 557195534Sscottl } 558195534Sscottl switch (ntohs (h->protocol)) { 559195534Sscottl default: 560195534Sscottl if (debug) 561195534Sscottl log(LOG_DEBUG, 562195534Sscottl SPP_FMT "rejecting protocol " 563195534Sscottl "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 564195534Sscottl SPP_ARGS(ifp), 565279918Smav h->address, h->control, ntohs(h->protocol)); 566195534Sscottl if (sp->state[IDX_LCP] == STATE_OPENED) 567279918Smav sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 568195534Sscottl ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 569195534Sscottl &h->protocol); 570195534Sscottl ++ifp->if_noproto; 571195534Sscottl goto drop; 572195534Sscottl case PPP_LCP: 573195534Sscottl sppp_cp_input(&lcp, sp, m); 574195534Sscottl m_freem (m); 575195534Sscottl return; 576195534Sscottl case PPP_PAP: 577279918Smav if (sp->pp_phase >= PHASE_AUTHENTICATE) 578195534Sscottl sppp_pap_input(sp, m); 579195534Sscottl m_freem (m); 580238805Smav return; 581195534Sscottl case PPP_CHAP: 582195534Sscottl if (sp->pp_phase >= PHASE_AUTHENTICATE) 583238805Smav sppp_chap_input(sp, m); 584238805Smav m_freem (m); 585238805Smav return; 586195534Sscottl#ifdef INET 587195534Sscottl case PPP_IPCP: 588195534Sscottl if (sp->pp_phase == PHASE_NETWORK) 589195534Sscottl sppp_cp_input(&ipcp, sp, m); 590279918Smav m_freem (m); 591208410Smav return; 592208410Smav case PPP_IP: 593208410Smav if (sp->state[IDX_IPCP] == STATE_OPENED) { 594238805Smav schednetisr (NETISR_IP); 595208410Smav inq = &ipintrq; 596238805Smav } 597238805Smav do_account++; 598238805Smav break; 599208410Smav case PPP_VJ_COMP: 600208410Smav if (sp->state[IDX_IPCP] == STATE_OPENED) { 601208410Smav if ((vjlen = 602279918Smav sl_uncompress_tcp_core(mtod(m, u_char *), 603249346Smav m->m_len, m->m_len, 604249346Smav TYPE_COMPRESSED_TCP, 605249346Smav sp->pp_comp, 606249346Smav &iphdr, &hlen)) <= 0) { 607249346Smav if (debug) 608249346Smav log(LOG_INFO, 609249346Smav SPP_FMT "VJ uncompress failed on compressed packet\n", 610195534Sscottl SPP_ARGS(ifp)); 611195534Sscottl goto drop; 612195534Sscottl } 613195534Sscottl 614195534Sscottl /* 615281140Smav * Trim the VJ header off the packet, and prepend 616195534Sscottl * the uncompressed IP header (which will usually 617195534Sscottl * end up in two chained mbufs since there's not 618195534Sscottl * enough leading space in the existing mbuf). 619195534Sscottl */ 620195534Sscottl m_adj(m, vjlen); 621195534Sscottl M_PREPEND(m, hlen, M_DONTWAIT); 622195534Sscottl if (m == NULL) 623195534Sscottl goto drop2; 624199821Smav bcopy(iphdr, mtod(m, u_char *), hlen); 625203123Smav 626195534Sscottl schednetisr (NETISR_IP); 627195534Sscottl inq = &ipintrq; 628195534Sscottl } 629196656Smav do_account++; 630196656Smav break; 631199322Smav case PPP_VJ_UCOMP: 632279918Smav if (sp->state[IDX_IPCP] == STATE_OPENED) { 633279918Smav if (sl_uncompress_tcp_core(mtod(m, u_char *), 634279918Smav m->m_len, m->m_len, 635279918Smav TYPE_UNCOMPRESSED_TCP, 636215725Smav sp->pp_comp, 637196656Smav &iphdr, &hlen) != 0) { 638279918Smav if (debug) 639195534Sscottl log(LOG_INFO, 640195534Sscottl SPP_FMT "VJ uncompress failed on uncompressed packet\n", 641260387Sscottl SPP_ARGS(ifp)); 642196656Smav goto drop; 643196656Smav } 644220576Smav schednetisr (NETISR_IP); 645279918Smav inq = &ipintrq; 646279918Smav } 647199821Smav do_account++; 648203030Smav break; 649203030Smav#endif 650195534Sscottl#ifdef INET6 651199821Smav case PPP_IPV6CP: 652199821Smav if (sp->pp_phase == PHASE_NETWORK) 653199821Smav sppp_cp_input(&ipv6cp, sp, m); 654199821Smav m_freem (m); 655199821Smav return; 656199821Smav 657207499Smav case PPP_IPV6: 658199821Smav if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 659207499Smav schednetisr (NETISR_IPV6); 660207499Smav inq = &ip6intrq; 661207499Smav } 662207499Smav do_account++; 663207499Smav break; 664220602Smav#endif 665220602Smav#ifdef IPX 666199821Smav case PPP_IPX: 667238805Smav /* IPX IPXCP not implemented yet */ 668195534Sscottl if (sp->pp_phase == PHASE_NETWORK) { 669195534Sscottl schednetisr (NETISR_IPX); 670195534Sscottl inq = &ipxintrq; 671305798Smav } 672305798Smav do_account++; 673305798Smav break; 674305798Smav#endif 675305798Smav#ifdef NS 676305798Smav case PPP_XNS: 677305798Smav /* XNS IDPCP not implemented yet */ 678305798Smav if (sp->pp_phase == PHASE_NETWORK) { 679305798Smav schednetisr (NETISR_NS); 680305798Smav inq = &nsintrq; 681305798Smav } 682305798Smav do_account++; 683305798Smav break; 684305798Smav#endif 685305798Smav } 686195534Sscottl break; 687195534Sscottl case CISCO_MULTICAST: 688279918Smav case CISCO_UNICAST: 689208375Smav /* Don't check the control field here (RFC 1547). */ 690195534Sscottl if (sp->pp_mode != IFF_CISCO) { 691195534Sscottl if (debug) 692195534Sscottl log(LOG_DEBUG, 693195534Sscottl SPP_FMT "Cisco packet in PPP mode " 694208813Smav "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 695208813Smav SPP_ARGS(ifp), 696195534Sscottl h->address, h->control, ntohs(h->protocol)); 697195534Sscottl goto drop; 698260387Sscottl } 699279918Smav switch (ntohs (h->protocol)) { 700195534Sscottl default: 701195534Sscottl ++ifp->if_noproto; 702195534Sscottl goto invalid; 703195534Sscottl case CISCO_KEEPALIVE: 704195534Sscottl sppp_cisco_input ((struct sppp*) ifp, m); 705195534Sscottl m_freem (m); 706195534Sscottl return; 707195534Sscottl#ifdef INET 708195534Sscottl case ETHERTYPE_IP: 709195534Sscottl schednetisr (NETISR_IP); 710195534Sscottl inq = &ipintrq; 711195534Sscottl do_account++; 712195534Sscottl break; 713279918Smav#endif 714313446Smav#ifdef INET6 715199278Smav case ETHERTYPE_IPV6: 716199278Smav schednetisr (NETISR_IPV6); 717195534Sscottl inq = &ip6intrq; 718208813Smav do_account++; 719195534Sscottl break; 720195534Sscottl#endif 721208813Smav#ifdef IPX 722195534Sscottl case ETHERTYPE_IPX: 723195534Sscottl schednetisr (NETISR_IPX); 724195534Sscottl inq = &ipxintrq; 725195534Sscottl do_account++; 726195534Sscottl break; 727195534Sscottl#endif 728195534Sscottl#ifdef NS 729195534Sscottl case ETHERTYPE_NS: 730195534Sscottl schednetisr (NETISR_NS); 731195534Sscottl inq = &nsintrq; 732195534Sscottl do_account++; 733195534Sscottl break; 734196656Smav#endif 735196656Smav } 736196656Smav break; 737279918Smav default: /* Invalid PPP packet. */ 738196656Smav invalid: 739195534Sscottl if (debug) 740195534Sscottl log(LOG_DEBUG, 741195534Sscottl SPP_FMT "invalid input packet " 742195534Sscottl "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 743195534Sscottl SPP_ARGS(ifp), 744195534Sscottl h->address, h->control, ntohs(h->protocol)); 745195534Sscottl goto drop; 746195534Sscottl } 747195534Sscottl 748208813Smav if (! (ifp->if_flags & IFF_UP) || ! inq) 749195534Sscottl goto drop; 750195534Sscottl 751214325Smav /* Check queue. */ 752195534Sscottl if (! IF_HANDOFF(inq, m, NULL)) { 753195534Sscottl if (debug) 754195534Sscottl log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 755195534Sscottl SPP_ARGS(ifp)); 756195534Sscottl goto drop; 757195534Sscottl } 758195534Sscottl if (do_account) 759195534Sscottl /* 760195534Sscottl * Do only account for network packets, not for control 761195534Sscottl * packets. This is used by some subsystems to detect 762220576Smav * idle lines. 763220576Smav */ 764220576Smav sp->pp_last_recv = time_second; 765220576Smav} 766220576Smav 767195534Sscottl/* 768195534Sscottl * Enqueue transmit packet. 769195534Sscottl */ 770195534Sscottlstatic int 771195534Sscottlsppp_output(struct ifnet *ifp, struct mbuf *m, 772196656Smav struct sockaddr *dst, struct rtentry *rt) 773196656Smav{ 774220576Smav struct sppp *sp = (struct sppp*) ifp; 775195534Sscottl struct ppp_header *h; 776195534Sscottl struct ifqueue *ifq = NULL; 777195534Sscottl int s, rv = 0; 778208375Smav int ipproto = PPP_IP; 779195534Sscottl int debug = ifp->if_flags & IFF_DEBUG; 780195534Sscottl 781195534Sscottl s = splimp(); 782195534Sscottl 783195534Sscottl if ((ifp->if_flags & IFF_UP) == 0 || 784195534Sscottl (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 785195534Sscottl#ifdef INET6 786195534Sscottl drop: 787195534Sscottl#endif 788208375Smav m_freem (m); 789195534Sscottl splx (s); 790195534Sscottl return (ENETDOWN); 791208375Smav } 792195534Sscottl 793208375Smav if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 794208375Smav#ifdef INET6 795208375Smav /* 796208375Smav * XXX 797208375Smav * 798208375Smav * Hack to prevent the initialization-time generated 799208375Smav * IPv6 multicast packet to erroneously cause a 800208375Smav * dialout event in case IPv6 has been 801208375Smav * administratively disabled on that interface. 802208375Smav */ 803208375Smav if (dst->sa_family == AF_INET6 && 804208375Smav !(sp->confflags & CONF_ENABLE_IPV6)) 805208375Smav goto drop; 806208375Smav#endif 807279918Smav /* 808279918Smav * Interface is not yet running, but auto-dial. Need 809208375Smav * to start LCP for it. 810208375Smav */ 811208375Smav ifp->if_flags |= IFF_RUNNING; 812208375Smav splx(s); 813208375Smav lcp.Open(sp); 814208375Smav s = splimp(); 815208375Smav } 816208375Smav 817195534Sscottl ifq = &ifp->if_snd; 818195534Sscottl#ifdef INET 819195534Sscottl if (dst->sa_family == AF_INET) { 820279918Smav /* XXX Check mbuf length here? */ 821279918Smav struct ip *ip = mtod (m, struct ip*); 822195534Sscottl struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 823195534Sscottl 824195534Sscottl /* 825195534Sscottl * When using dynamic local IP address assignment by using 826195534Sscottl * 0.0.0.0 as a local address, the first TCP session will 827195534Sscottl * not connect because the local TCP checksum is computed 828195534Sscottl * using 0.0.0.0 which will later become our real IP address 829195534Sscottl * so the TCP checksum computed at the remote end will 830195534Sscottl * become invalid. So we 831195534Sscottl * - don't let packets with src ip addr 0 thru 832195534Sscottl * - we flag TCP packets with src ip 0 as an error 833195534Sscottl */ 834208375Smav 835208375Smav if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 836208375Smav { 837208375Smav m_freem(m); 838208375Smav splx(s); 839208375Smav if(ip->ip_p == IPPROTO_TCP) 840220576Smav return(EADDRNOTAVAIL); 841220576Smav else 842220576Smav return(0); 843220576Smav } 844220576Smav 845220576Smav /* 846208375Smav * Put low delay, telnet, rlogin and ftp control packets 847208375Smav * in front of the queue. 848208375Smav */ 849208375Smav if (_IF_QFULL(&sp->pp_fastq)) 850208375Smav ; 851208375Smav else if (ip->ip_tos & IPTOS_LOWDELAY) 852208375Smav ifq = &sp->pp_fastq; 853208375Smav else if (m->m_len < sizeof *ip + sizeof *tcp) 854195534Sscottl ; 855195534Sscottl else if (ip->ip_p != IPPROTO_TCP) 856195534Sscottl ; 857195534Sscottl else if (INTERACTIVE (ntohs (tcp->th_sport))) 858208375Smav ifq = &sp->pp_fastq; 859208375Smav else if (INTERACTIVE (ntohs (tcp->th_dport))) 860279918Smav ifq = &sp->pp_fastq; 861208375Smav 862208375Smav /* 863195534Sscottl * Do IP Header compression 864195534Sscottl */ 865195534Sscottl if (sp->pp_mode != IFF_CISCO && (sp->ipcp.flags & IPCP_VJ) && 866195534Sscottl ip->ip_p == IPPROTO_TCP) 867195534Sscottl switch (sl_compress_tcp(m, ip, sp->pp_comp, 868195534Sscottl sp->ipcp.compress_cid)) { 869195534Sscottl case TYPE_COMPRESSED_TCP: 870195534Sscottl ipproto = PPP_VJ_COMP; 871195534Sscottl break; 872195534Sscottl case TYPE_UNCOMPRESSED_TCP: 873278405Smarius ipproto = PPP_VJ_UCOMP; 874195534Sscottl break; 875195534Sscottl case TYPE_IP: 876195534Sscottl ipproto = PPP_IP; 877195534Sscottl break; 878195534Sscottl default: 879195534Sscottl m_freem(m); 880278405Smarius splx(s); 881195534Sscottl return (EINVAL); 882195534Sscottl } 883195534Sscottl } 884195534Sscottl#endif 885195534Sscottl 886195534Sscottl#ifdef INET6 887195534Sscottl if (dst->sa_family == AF_INET6) { 888195534Sscottl /* XXX do something tricky here? */ 889195534Sscottl } 890195534Sscottl#endif 891195534Sscottl 892203123Smav /* 893195534Sscottl * Prepend general data packet PPP header. For now, IP only. 894195534Sscottl */ 895195534Sscottl M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 896249346Smav if (! m) { 897195534Sscottl if (debug) 898195534Sscottl log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 899195534Sscottl SPP_ARGS(ifp)); 900248687Smav ++ifp->if_oerrors; 901248687Smav splx (s); 902195534Sscottl return (ENOBUFS); 903195534Sscottl } 904195534Sscottl /* 905195534Sscottl * May want to check size of packet 906195534Sscottl * (albeit due to the implementation it's always enough) 907195534Sscottl */ 908195534Sscottl h = mtod (m, struct ppp_header*); 909195534Sscottl if (sp->pp_mode == IFF_CISCO) { 910203123Smav h->address = CISCO_UNICAST; /* unicast address */ 911203123Smav h->control = 0; 912203123Smav } else { 913203123Smav h->address = PPP_ALLSTATIONS; /* broadcast address */ 914203123Smav h->control = PPP_UI; /* Unnumbered Info */ 915249346Smav } 916203123Smav 917195534Sscottl switch (dst->sa_family) { 918195534Sscottl#ifdef INET 919195534Sscottl case AF_INET: /* Internet Protocol */ 920195534Sscottl if (sp->pp_mode == IFF_CISCO) 921195534Sscottl h->protocol = htons (ETHERTYPE_IP); 922195534Sscottl else { 923203123Smav /* 924195534Sscottl * Don't choke with an ENETDOWN early. It's 925195534Sscottl * possible that we just started dialing out, 926195534Sscottl * so don't drop the packet immediately. If 927195534Sscottl * we notice that we run out of buffer space 928195534Sscottl * below, we will however remember that we are 929195534Sscottl * not ready to carry IP packets, and return 930249346Smav * ENETDOWN, as opposed to ENOBUFS. 931195534Sscottl */ 932195534Sscottl h->protocol = htons(ipproto); 933195534Sscottl if (sp->state[IDX_IPCP] != STATE_OPENED) 934195534Sscottl rv = ENETDOWN; 935195534Sscottl } 936195534Sscottl break; 937195534Sscottl#endif 938195534Sscottl#ifdef INET6 939195534Sscottl case AF_INET6: /* Internet Protocol */ 940195534Sscottl if (sp->pp_mode == IFF_CISCO) 941195534Sscottl h->protocol = htons (ETHERTYPE_IPV6); 942195534Sscottl else { 943195534Sscottl /* 944195534Sscottl * Don't choke with an ENETDOWN early. It's 945195534Sscottl * possible that we just started dialing out, 946195534Sscottl * so don't drop the packet immediately. If 947195534Sscottl * we notice that we run out of buffer space 948195534Sscottl * below, we will however remember that we are 949195534Sscottl * not ready to carry IP packets, and return 950195534Sscottl * ENETDOWN, as opposed to ENOBUFS. 951195534Sscottl */ 952195534Sscottl h->protocol = htons(PPP_IPV6); 953195534Sscottl if (sp->state[IDX_IPV6CP] != STATE_OPENED) 954195534Sscottl rv = ENETDOWN; 955195534Sscottl } 956195534Sscottl break; 957195534Sscottl#endif 958195534Sscottl#ifdef NS 959195534Sscottl case AF_NS: /* Xerox NS Protocol */ 960195534Sscottl h->protocol = htons (sp->pp_mode == IFF_CISCO ? 961195534Sscottl ETHERTYPE_NS : PPP_XNS); 962195534Sscottl break; 963195534Sscottl#endif 964195534Sscottl#ifdef IPX 965195534Sscottl case AF_IPX: /* Novell IPX Protocol */ 966195534Sscottl h->protocol = htons (sp->pp_mode == IFF_CISCO ? 967195534Sscottl ETHERTYPE_IPX : PPP_IPX); 968195534Sscottl break; 969195534Sscottl#endif 970195534Sscottl default: 971195534Sscottl m_freem (m); 972195534Sscottl ++ifp->if_oerrors; 973195534Sscottl splx (s); 974195534Sscottl return (EAFNOSUPPORT); 975195534Sscottl } 976195534Sscottl 977195534Sscottl /* 978195534Sscottl * Queue message on interface, and start output if interface 979195534Sscottl * not yet active. 980195534Sscottl */ 981195534Sscottl if (! IF_HANDOFF_ADJ(ifq, m, ifp, 3)) { 982195534Sscottl ++ifp->if_oerrors; 983195534Sscottl return (rv? rv: ENOBUFS); 984195534Sscottl } 985195534Sscottl /* 986195534Sscottl * Unlike in sppp_input(), we can always bump the timestamp 987195534Sscottl * here since sppp_output() is only called on behalf of 988195534Sscottl * network-layer traffic; control-layer traffic is handled 989195534Sscottl * by sppp_cp_send(). 990195534Sscottl */ 991279918Smav sp->pp_last_sent = time_second; 992195534Sscottl return (0); 993195534Sscottl} 994195534Sscottl 995195534Sscottlvoid 996195534Sscottlsppp_attach(struct ifnet *ifp) 997195534Sscottl{ 998195534Sscottl struct sppp *sp = (struct sppp*) ifp; 999195534Sscottl 1000195534Sscottl /* Initialize keepalive handler. */ 1001195534Sscottl if (! spppq) 1002195534Sscottl TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 1003195534Sscottl 1004195534Sscottl /* Insert new entry into the keepalive list. */ 1005195534Sscottl sp->pp_next = spppq; 1006195534Sscottl spppq = sp; 1007195534Sscottl 1008195534Sscottl sp->pp_if.if_mtu = PP_MTU; 1009195534Sscottl sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 1010195534Sscottl sp->pp_if.if_type = IFT_PPP; 1011195534Sscottl sp->pp_if.if_output = sppp_output; 1012196656Smav#if 0 1013195534Sscottl sp->pp_flags = PP_KEEPALIVE; 1014195534Sscottl#endif 1015195534Sscottl sp->pp_if.if_snd.ifq_maxlen = 32; 1016195534Sscottl sp->pp_fastq.ifq_maxlen = 32; 1017195534Sscottl sp->pp_cpq.ifq_maxlen = 20; 1018195534Sscottl sp->pp_loopcnt = 0; 1019195534Sscottl sp->pp_alivecnt = 0; 1020220657Smav bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 1021279918Smav bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 1022195534Sscottl sp->pp_phase = PHASE_DEAD; 1023195534Sscottl sp->pp_up = lcp.Up; 1024220657Smav sp->pp_down = lcp.Down; 1025220657Smav if(!mtx_initialized(&sp->pp_cpq.ifq_mtx)) 1026195534Sscottl mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", NULL, MTX_DEF); 1027203108Smav if(!mtx_initialized(&sp->pp_fastq.ifq_mtx)) 1028203108Smav mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", NULL, MTX_DEF); 1029203165Smav sp->pp_last_recv = sp->pp_last_sent = time_second; 1030220657Smav sp->confflags = 0; 1031279918Smav#ifdef INET 1032220657Smav sp->confflags |= CONF_ENABLE_VJ; 1033279918Smav#endif 1034195534Sscottl#ifdef INET6 1035279918Smav sp->confflags |= CONF_ENABLE_IPV6; 1036203108Smav#endif 1037220657Smav sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAIT); 1038203108Smav sl_compress_init(sp->pp_comp, -1); 1039203108Smav sppp_lcp_init(sp); 1040203108Smav sppp_ipcp_init(sp); 1041203108Smav sppp_ipv6cp_init(sp); 1042220657Smav sppp_pap_init(sp); 1043203108Smav sppp_chap_init(sp); 1044203108Smav} 1045220657Smav 1046195534Sscottlvoid 1047220657Smavsppp_detach(struct ifnet *ifp) 1048195534Sscottl{ 1049195534Sscottl struct sppp **q, *p, *sp = (struct sppp*) ifp; 1050195534Sscottl int i; 1051279918Smav 1052220657Smav /* Remove the entry from the keepalive list. */ 1053220657Smav for (q = &spppq; (p = *q); q = &p->pp_next) 1054220657Smav if (p == sp) { 1055279918Smav *q = p->pp_next; 1056220657Smav break; 1057220657Smav } 1058220657Smav 1059220657Smav /* Stop keepalive handler. */ 1060220657Smav if (! spppq) 1061220657Smav UNTIMEOUT(sppp_keepalive, 0, keepalive_ch); 1062220657Smav 1063220657Smav for (i = 0; i < IDX_COUNT; i++) 1064220657Smav UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]); 1065279918Smav UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 1066220657Smav mtx_destroy(&sp->pp_cpq.ifq_mtx); 1067220657Smav mtx_destroy(&sp->pp_fastq.ifq_mtx); 1068220657Smav} 1069220657Smav 1070220657Smav/* 1071279918Smav * Flush the interface output queue. 1072220657Smav */ 1073220657Smavvoid 1074220657Smavsppp_flush(struct ifnet *ifp) 1075220657Smav{ 1076220657Smav struct sppp *sp = (struct sppp*) ifp; 1077220657Smav 1078220657Smav sppp_qflush (&sp->pp_if.if_snd); 1079220657Smav sppp_qflush (&sp->pp_fastq); 1080220657Smav sppp_qflush (&sp->pp_cpq); 1081220657Smav} 1082220657Smav 1083279918Smav/* 1084196656Smav * Check if the output queue is empty. 1085196656Smav */ 1086196656Smavint 1087196656Smavsppp_isempty(struct ifnet *ifp) 1088200196Smav{ 1089200196Smav struct sppp *sp = (struct sppp*) ifp; 1090196656Smav int empty, s; 1091279918Smav 1092196656Smav s = splimp(); 1093196656Smav empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 1094196656Smav !sp->pp_if.if_snd.ifq_head; 1095196656Smav splx(s); 1096196656Smav return (empty); 1097196656Smav} 1098196656Smav 1099196656Smav/* 1100196656Smav * Get next packet to send. 1101196656Smav */ 1102196656Smavstruct mbuf * 1103196656Smavsppp_dequeue(struct ifnet *ifp) 1104260387Sscottl{ 1105195534Sscottl struct sppp *sp = (struct sppp*) ifp; 1106260387Sscottl struct mbuf *m; 1107260387Sscottl int s; 1108260387Sscottl 1109260387Sscottl s = splimp(); 1110260387Sscottl /* 1111260387Sscottl * Process only the control protocol queue until we have at 1112260387Sscottl * least one NCP open. 1113260387Sscottl * 1114260387Sscottl * Do always serve all three queues in Cisco mode. 1115260387Sscottl */ 1116260387Sscottl IF_DEQUEUE(&sp->pp_cpq, m); 1117260387Sscottl if (m == NULL && 1118260387Sscottl (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO)) { 1119260387Sscottl IF_DEQUEUE(&sp->pp_fastq, m); 1120279918Smav if (m == NULL) 1121260387Sscottl IF_DEQUEUE (&sp->pp_if.if_snd, m); 1122195534Sscottl } 1123260387Sscottl splx(s); 1124260387Sscottl return m; 1125260387Sscottl} 1126195534Sscottl 1127260387Sscottl/* 1128195534Sscottl * Pick the next packet, do not remove it from the queue. 1129195534Sscottl */ 1130195534Sscottlstruct mbuf * 1131195534Sscottlsppp_pick(struct ifnet *ifp) 1132260387Sscottl{ 1133260387Sscottl struct sppp *sp = (struct sppp*)ifp; 1134279918Smav struct mbuf *m; 1135260387Sscottl int s; 1136260387Sscottl 1137276020Ssmh s= splimp (); 1138260387Sscottl 1139260387Sscottl m = sp->pp_cpq.ifq_head; 1140260387Sscottl if (m == NULL && 1141260387Sscottl (sp->pp_phase == PHASE_NETWORK || sp->pp_mode == IFF_CISCO)) 1142260387Sscottl if ((m = sp->pp_fastq.ifq_head) == NULL) 1143260387Sscottl m = sp->pp_if.if_snd.ifq_head; 1144260387Sscottl splx (s); 1145260387Sscottl return (m); 1146276020Ssmh} 1147276020Ssmh 1148276020Ssmh/* 1149276020Ssmh * Process an ioctl request. Called on low priority level. 1150276020Ssmh */ 1151260387Sscottlint 1152276020Ssmhsppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1153276020Ssmh{ 1154260387Sscottl struct ifreq *ifr = (struct ifreq*) data; 1155260387Sscottl struct sppp *sp = (struct sppp*) ifp; 1156260387Sscottl int s, rv, going_up, going_down, newmode; 1157260387Sscottl 1158260387Sscottl s = splimp(); 1159196656Smav rv = 0; 1160196656Smav switch (cmd) { 1161279918Smav case SIOCAIFADDR: 1162196656Smav case SIOCSIFDSTADDR: 1163196656Smav break; 1164196656Smav 1165196656Smav case SIOCSIFADDR: 1166196656Smav /* set the interface "up" when assigning an IP address */ 1167196656Smav ifp->if_flags |= IFF_UP; 1168196656Smav /* FALLTHROUGH */ 1169196656Smav 1170196656Smav case SIOCSIFFLAGS: 1171196656Smav going_up = ifp->if_flags & IFF_UP && 1172196656Smav (ifp->if_flags & IFF_RUNNING) == 0; 1173196656Smav going_down = (ifp->if_flags & IFF_UP) == 0 && 1174196656Smav ifp->if_flags & IFF_RUNNING; 1175260387Sscottl 1176195534Sscottl newmode = ifp->if_flags & IFF_PASSIVE; 1177260387Sscottl if (!newmode) 1178195534Sscottl newmode = ifp->if_flags & IFF_AUTO; 1179220657Smav if (!newmode) 1180195534Sscottl newmode = ifp->if_flags & IFF_CISCO; 1181260387Sscottl ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1182195534Sscottl ifp->if_flags |= newmode; 1183195534Sscottl 1184248698Smav if (newmode != sp->pp_mode) { 1185248698Smav going_down = 1; 1186248698Smav if (!going_up) 1187248698Smav going_up = ifp->if_flags & IFF_RUNNING; 1188248698Smav } 1189248698Smav 1190248698Smav if (going_down) { 1191248704Smav if (sp->pp_mode != IFF_CISCO) 1192248704Smav lcp.Close(sp); 1193200196Smav else if (sp->pp_tlf) 1194200196Smav (sp->pp_tlf)(sp); 1195203123Smav sppp_flush(ifp); 1196200196Smav ifp->if_flags &= ~IFF_RUNNING; 1197200196Smav sp->pp_mode = newmode; 1198203123Smav } 1199203123Smav 1200203123Smav if (going_up) { 1201203123Smav if (sp->pp_mode != IFF_CISCO) 1202203123Smav lcp.Close(sp); 1203203123Smav sp->pp_mode = newmode; 1204203123Smav if (sp->pp_mode == 0) { 1205203123Smav ifp->if_flags |= IFF_RUNNING; 1206203123Smav lcp.Open(sp); 1207203123Smav } 1208200196Smav if (sp->pp_mode == IFF_CISCO) { 1209200196Smav if (sp->pp_tls) 1210200196Smav (sp->pp_tls)(sp); 1211200196Smav ifp->if_flags |= IFF_RUNNING; 1212195534Sscottl } 1213198319Smav } 1214198319Smav 1215198319Smav break; 1216198319Smav 1217198319Smav#ifdef SIOCSIFMTU 1218279918Smav#ifndef ifr_mtu 1219198319Smav#define ifr_mtu ifr_metric 1220198319Smav#endif 1221220657Smav case SIOCSIFMTU: 1222220657Smav if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1223279918Smav return (EINVAL); 1224195534Sscottl ifp->if_mtu = ifr->ifr_mtu; 1225198319Smav break; 1226198319Smav#endif 1227313446Smav#ifdef SLIOCSETMTU 1228313446Smav case SLIOCSETMTU: 1229313446Smav if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1230313446Smav return (EINVAL); 1231313446Smav ifp->if_mtu = *(short*)data; 1232313446Smav break; 1233313446Smav#endif 1234313446Smav#ifdef SIOCGIFMTU 1235313446Smav case SIOCGIFMTU: 1236313446Smav ifr->ifr_mtu = ifp->if_mtu; 1237313446Smav break; 1238313446Smav#endif 1239313446Smav#ifdef SLIOCGETMTU 1240203123Smav case SLIOCGETMTU: 1241203123Smav *(short*)data = ifp->if_mtu; 1242203123Smav break; 1243203123Smav#endif 1244203123Smav case SIOCADDMULTI: 1245203123Smav case SIOCDELMULTI: 1246203123Smav break; 1247203123Smav 1248203123Smav case SIOCGIFGENERIC: 1249203123Smav case SIOCSIFGENERIC: 1250203123Smav rv = sppp_params(sp, cmd, data); 1251203123Smav break; 1252203123Smav 1253203123Smav default: 1254203123Smav rv = ENOTTY; 1255203123Smav } 1256203123Smav splx(s); 1257203123Smav return rv; 1258203123Smav} 1259203123Smav 1260203123Smav/* 1261203123Smav * Cisco framing implementation. 1262248698Smav */ 1263195534Sscottl 1264195534Sscottl/* 1265195534Sscottl * Handle incoming Cisco keepalive protocol packets. 1266203123Smav */ 1267195534Sscottlstatic void 1268195534Sscottlsppp_cisco_input(struct sppp *sp, struct mbuf *m) 1269248698Smav{ 1270195534Sscottl STDDCL; 1271195534Sscottl struct cisco_packet *h; 1272195534Sscottl u_long me, mymask; 1273195534Sscottl 1274195534Sscottl if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1275195534Sscottl if (debug) 1276195534Sscottl log(LOG_DEBUG, 1277195534Sscottl SPP_FMT "cisco invalid packet length: %d bytes\n", 1278195534Sscottl SPP_ARGS(ifp), m->m_pkthdr.len); 1279195534Sscottl return; 1280198319Smav } 1281198319Smav h = mtod (m, struct cisco_packet*); 1282198319Smav if (debug) 1283198319Smav log(LOG_DEBUG, 1284260387Sscottl SPP_FMT "cisco input: %d bytes " 1285195534Sscottl "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1286195534Sscottl SPP_ARGS(ifp), m->m_pkthdr.len, 1287195534Sscottl (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1288195534Sscottl (u_int)h->time0, (u_int)h->time1); 1289195534Sscottl switch (ntohl (h->type)) { 1290203123Smav default: 1291203123Smav if (debug) 1292203123Smav log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1293198390Smav SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1294203123Smav break; 1295195534Sscottl case CISCO_ADDR_REPLY: 1296203123Smav /* Reply on address request, ignore */ 1297203123Smav break; 1298195534Sscottl case CISCO_KEEPALIVE_REQ: 1299195534Sscottl sp->pp_alivecnt = 0; 1300195534Sscottl sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1301195534Sscottl if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1302195534Sscottl /* Local and remote sequence numbers are equal. 1303195534Sscottl * Probably, the line is in loopback mode. */ 1304195534Sscottl if (sp->pp_loopcnt >= MAXALIVECNT) { 1305195534Sscottl printf (SPP_FMT "loopback\n", 1306195534Sscottl SPP_ARGS(ifp)); 1307203123Smav sp->pp_loopcnt = 0; 1308203123Smav if (ifp->if_flags & IFF_UP) { 1309203123Smav if_down (ifp); 1310203123Smav sppp_qflush (&sp->pp_cpq); 1311198390Smav } 1312203123Smav } 1313198390Smav ++sp->pp_loopcnt; 1314198390Smav 1315198390Smav /* Generate new local sequence number */ 1316195534Sscottl#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1317195534Sscottl sp->pp_seq[IDX_LCP] = random(); 1318195534Sscottl#else 1319195534Sscottl sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec; 1320203123Smav#endif 1321203123Smav break; 1322203123Smav } 1323203123Smav sp->pp_loopcnt = 0; 1324220565Smav if (! (ifp->if_flags & IFF_UP) && 1325203123Smav (ifp->if_flags & IFF_RUNNING)) { 1326195534Sscottl if_up(ifp); 1327196656Smav printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1328196907Smav } 1329279918Smav break; 1330195534Sscottl case CISCO_ADDR_REQ: 1331195534Sscottl sppp_get_ip_addrs(sp, &me, 0, &mymask); 1332195534Sscottl if (me != 0L) 1333195534Sscottl sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1334279918Smav break; 1335195534Sscottl } 1336203123Smav} 1337195534Sscottl 1338195534Sscottl/* 1339195534Sscottl * Send Cisco keepalive packet. 1340199747Smav */ 1341199747Smavstatic void 1342203123Smavsppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1343199747Smav{ 1344203123Smav STDDCL; 1345203123Smav struct ppp_header *h; 1346203123Smav struct cisco_packet *ch; 1347203123Smav struct mbuf *m; 1348203123Smav#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1349203123Smav struct timeval tv; 1350203123Smav#else 1351203123Smav u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1352203123Smav#endif 1353203123Smav 1354203123Smav#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1355203123Smav getmicrouptime(&tv); 1356203123Smav#endif 1357203123Smav 1358195534Sscottl MGETHDR (m, M_DONTWAIT, MT_DATA); 1359203123Smav if (! m) 1360203123Smav return; 1361203123Smav m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1362203123Smav m->m_pkthdr.rcvif = 0; 1363203123Smav 1364203123Smav h = mtod (m, struct ppp_header*); 1365203123Smav h->address = CISCO_MULTICAST; 1366203123Smav h->control = 0; 1367203123Smav h->protocol = htons (CISCO_KEEPALIVE); 1368203123Smav 1369195534Sscottl ch = (struct cisco_packet*) (h + 1); 1370195534Sscottl ch->type = htonl (type); 1371195534Sscottl ch->par1 = htonl (par1); 1372195534Sscottl ch->par2 = htonl (par2); 1373195534Sscottl ch->rel = -1; 1374195534Sscottl 1375195534Sscottl#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1376195534Sscottl ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1377195534Sscottl ch->time1 = htons ((u_short) tv.tv_sec); 1378195534Sscottl#else 1379195534Sscottl ch->time0 = htons ((u_short) (t >> 16)); 1380195534Sscottl ch->time1 = htons ((u_short) t); 1381195534Sscottl#endif 1382195534Sscottl 1383195534Sscottl if (debug) 1384279918Smav log(LOG_DEBUG, 1385195534Sscottl SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1386195534Sscottl SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1387199747Smav (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1388195534Sscottl 1389195534Sscottl if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1390199747Smav ifp->if_oerrors++; 1391199747Smav} 1392199747Smav 1393199747Smav/* 1394279918Smav * PPP protocol implementation. 1395279918Smav */ 1396279918Smav 1397279918Smav/* 1398279918Smav * Send PPP control protocol packet. 1399279918Smav */ 1400279918Smavstatic void 1401279918Smavsppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1402195534Sscottl u_char ident, u_short len, void *data) 1403195534Sscottl{ 1404195534Sscottl STDDCL; 1405195534Sscottl struct ppp_header *h; 1406196656Smav struct lcp_header *lh; 1407196656Smav struct mbuf *m; 1408196656Smav 1409195534Sscottl if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1410279918Smav len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1411195534Sscottl MGETHDR (m, M_DONTWAIT, MT_DATA); 1412203123Smav if (! m) 1413195534Sscottl return; 1414195534Sscottl m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1415195534Sscottl m->m_pkthdr.rcvif = 0; 1416203123Smav 1417195534Sscottl h = mtod (m, struct ppp_header*); 1418195534Sscottl h->address = PPP_ALLSTATIONS; /* broadcast address */ 1419195534Sscottl h->control = PPP_UI; /* Unnumbered Info */ 1420195534Sscottl h->protocol = htons (proto); /* Link Control Protocol */ 1421279918Smav 1422195534Sscottl lh = (struct lcp_header*) (h + 1); 1423195534Sscottl lh->type = type; 1424246713Skib lh->ident = ident; 1425246713Skib lh->len = htons (LCP_HEADER_LEN + len); 1426279918Smav if (len) 1427279918Smav bcopy (data, lh+1, len); 1428195534Sscottl 1429279918Smav if (debug) { 1430195534Sscottl log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1431195534Sscottl SPP_ARGS(ifp), 1432195534Sscottl sppp_proto_name(proto), 1433195534Sscottl sppp_cp_type_name (lh->type), lh->ident, 1434195534Sscottl ntohs (lh->len)); 1435195534Sscottl sppp_print_bytes ((u_char*) (lh+1), len); 1436195534Sscottl log(-1, ">\n"); 1437279918Smav } 1438195534Sscottl if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1439195534Sscottl ifp->if_oerrors++; 1440195534Sscottl} 1441195534Sscottl 1442195534Sscottl/* 1443279918Smav * Handle incoming PPP control protocol packets. 1444195534Sscottl */ 1445195534Sscottlstatic void 1446195534Sscottlsppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1447195534Sscottl{ 1448195534Sscottl STDDCL; 1449195534Sscottl struct lcp_header *h; 1450195534Sscottl int len = m->m_pkthdr.len; 1451195534Sscottl int rv; 1452195534Sscottl u_char *p; 1453195534Sscottl 1454195534Sscottl if (len < 4) { 1455195534Sscottl if (debug) 1456195534Sscottl log(LOG_DEBUG, 1457195534Sscottl SPP_FMT "%s invalid packet length: %d bytes\n", 1458195534Sscottl SPP_ARGS(ifp), cp->name, len); 1459195534Sscottl return; 1460195534Sscottl } 1461195534Sscottl h = mtod (m, struct lcp_header*); 1462195534Sscottl if (debug) { 1463195534Sscottl log(LOG_DEBUG, 1464195534Sscottl SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1465195534Sscottl SPP_ARGS(ifp), cp->name, 1466195534Sscottl sppp_state_name(sp->state[cp->protoidx]), 1467195534Sscottl sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1468279918Smav sppp_print_bytes ((u_char*) (h+1), len-4); 1469195534Sscottl log(-1, ">\n"); 1470195534Sscottl } 1471195534Sscottl if (len > ntohs (h->len)) 1472195534Sscottl len = ntohs (h->len); 1473222304Smav p = (u_char *)(h + 1); 1474203123Smav switch (h->type) { 1475203123Smav case CONF_REQ: 1476195534Sscottl if (len < 4) { 1477195534Sscottl if (debug) 1478195534Sscottl log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1479195534Sscottl SPP_ARGS(ifp), cp->name, 1480195534Sscottl len); 1481279918Smav ++ifp->if_ierrors; 1482195534Sscottl break; 1483195534Sscottl } 1484195534Sscottl /* handle states where RCR doesn't get a SCA/SCN */ 1485195534Sscottl switch (sp->state[cp->protoidx]) { 1486195534Sscottl case STATE_CLOSING: 1487195534Sscottl case STATE_STOPPING: 1488195534Sscottl return; 1489214988Smav case STATE_CLOSED: 1490214988Smav sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1491214988Smav 0, 0); 1492214988Smav return; 1493214988Smav } 1494214988Smav rv = (cp->RCR)(sp, h, len); 1495214988Smav switch (sp->state[cp->protoidx]) { 1496195534Sscottl case STATE_OPENED: 1497195534Sscottl (cp->tld)(sp); 1498203123Smav (cp->scr)(sp); 1499203123Smav /* FALLTHROUGH */ 1500222304Smav case STATE_ACK_SENT: 1501203123Smav case STATE_REQ_SENT: 1502279918Smav /* 1503279918Smav * sppp_cp_change_state() have the side effect of 1504279918Smav * restarting the timeouts. We want to avoid that 1505203123Smav * if the state don't change, otherwise we won't 1506203123Smav * ever timeout and resend a configuration request 1507222304Smav * that got lost. 1508203123Smav */ 1509203123Smav if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1510203123Smav STATE_REQ_SENT)) 1511203123Smav break; 1512222304Smav sppp_cp_change_state(cp, sp, rv? 1513222304Smav STATE_ACK_SENT: STATE_REQ_SENT); 1514195534Sscottl break; 1515195534Sscottl case STATE_STOPPED: 1516195534Sscottl sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1517195534Sscottl (cp->scr)(sp); 1518214988Smav sppp_cp_change_state(cp, sp, rv? 1519195534Sscottl STATE_ACK_SENT: STATE_REQ_SENT); 1520195534Sscottl break; 1521195534Sscottl case STATE_ACK_RCVD: 1522195534Sscottl if (rv) { 1523195534Sscottl sppp_cp_change_state(cp, sp, STATE_OPENED); 1524195534Sscottl if (debug) 1525195534Sscottl log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1526203123Smav SPP_ARGS(ifp), 1527203123Smav cp->name); 1528203123Smav (cp->tlu)(sp); 1529203123Smav } else 1530203123Smav sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1531195534Sscottl break; 1532195534Sscottl default: 1533195534Sscottl printf(SPP_FMT "%s illegal %s in state %s\n", 1534195534Sscottl SPP_ARGS(ifp), cp->name, 1535195534Sscottl sppp_cp_type_name(h->type), 1536195534Sscottl sppp_state_name(sp->state[cp->protoidx])); 1537222304Smav ++ifp->if_ierrors; 1538220777Smav } 1539195534Sscottl break; 1540195534Sscottl case CONF_ACK: 1541195534Sscottl if (h->ident != sp->confid[cp->protoidx]) { 1542220777Smav if (debug) 1543195534Sscottl log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1544195534Sscottl SPP_ARGS(ifp), cp->name, 1545222304Smav h->ident, sp->confid[cp->protoidx]); 1546222304Smav ++ifp->if_ierrors; 1547222285Smav break; 1548195534Sscottl } 1549195534Sscottl switch (sp->state[cp->protoidx]) { 1550195534Sscottl case STATE_CLOSED: 1551222285Smav case STATE_STOPPED: 1552195534Sscottl sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1553195534Sscottl break; 1554195534Sscottl case STATE_CLOSING: 1555198851Smav case STATE_STOPPING: 1556198851Smav break; 1557279918Smav case STATE_REQ_SENT: 1558198851Smav sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1559198851Smav sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1560198851Smav break; 1561198851Smav case STATE_OPENED: 1562195534Sscottl (cp->tld)(sp); 1563222304Smav /* FALLTHROUGH */ 1564271523Smav case STATE_ACK_RCVD: 1565271523Smav (cp->scr)(sp); 1566271523Smav sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1567271523Smav break; 1568271523Smav case STATE_ACK_SENT: 1569271523Smav sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1570271523Smav sppp_cp_change_state(cp, sp, STATE_OPENED); 1571271523Smav if (debug) 1572279918Smav log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1573271523Smav SPP_ARGS(ifp), cp->name); 1574222304Smav (cp->tlu)(sp); 1575222304Smav break; 1576222304Smav default: 1577222304Smav printf(SPP_FMT "%s illegal %s in state %s\n", 1578222304Smav SPP_ARGS(ifp), cp->name, 1579222304Smav sppp_cp_type_name(h->type), 1580222304Smav sppp_state_name(sp->state[cp->protoidx])); 1581195534Sscottl ++ifp->if_ierrors; 1582279918Smav } 1583222304Smav break; 1584279918Smav case CONF_NAK: 1585224498Smav case CONF_REJ: 1586203108Smav if (h->ident != sp->confid[cp->protoidx]) { 1587203108Smav if (debug) 1588203108Smav log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1589203108Smav SPP_ARGS(ifp), cp->name, 1590224498Smav h->ident, sp->confid[cp->protoidx]); 1591224498Smav ++ifp->if_ierrors; 1592195534Sscottl break; 1593195534Sscottl } 1594222304Smav if (h->type == CONF_NAK) 1595203123Smav (cp->RCN_nak)(sp, h, len); 1596222304Smav else /* CONF_REJ */ 1597222285Smav (cp->RCN_rej)(sp, h, len); 1598222285Smav 1599195534Sscottl switch (sp->state[cp->protoidx]) { 1600195534Sscottl case STATE_CLOSED: 1601195534Sscottl case STATE_STOPPED: 1602275982Ssmh sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1603275982Ssmh break; 1604195534Sscottl case STATE_REQ_SENT: 1605195534Sscottl case STATE_ACK_SENT: 1606195534Sscottl sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1607203873Smav /* 1608203873Smav * Slow things down a bit if we think we might be 1609279918Smav * in loopback. Depend on the timeout to send the 1610203873Smav * next configuration request. 1611203873Smav */ 1612203873Smav if (sp->pp_loopcnt) 1613203873Smav break; 1614203873Smav (cp->scr)(sp); 1615203873Smav break; 1616203873Smav case STATE_OPENED: 1617203873Smav (cp->tld)(sp); 1618203873Smav /* FALLTHROUGH */ 1619203873Smav case STATE_ACK_RCVD: 1620203873Smav sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1621203873Smav (cp->scr)(sp); 1622203873Smav break; 1623203873Smav case STATE_CLOSING: 1624203873Smav case STATE_STOPPING: 1625279918Smav break; 1626203873Smav default: 1627203873Smav printf(SPP_FMT "%s illegal %s in state %s\n", 1628203873Smav SPP_ARGS(ifp), cp->name, 1629203873Smav sppp_cp_type_name(h->type), 1630203873Smav sppp_state_name(sp->state[cp->protoidx])); 1631203873Smav ++ifp->if_ierrors; 1632203873Smav } 1633203873Smav break; 1634203873Smav 1635203873Smav case TERM_REQ: 1636203873Smav switch (sp->state[cp->protoidx]) { 1637203873Smav case STATE_ACK_RCVD: 1638275982Ssmh case STATE_ACK_SENT: 1639275982Ssmh sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1640275982Ssmh /* FALLTHROUGH */ 1641203873Smav case STATE_CLOSED: 1642203873Smav case STATE_STOPPED: 1643203873Smav case STATE_CLOSING: 1644195534Sscottl case STATE_STOPPING: 1645195534Sscottl case STATE_REQ_SENT: 1646195534Sscottl sta: 1647195534Sscottl /* Send Terminate-Ack packet. */ 1648279918Smav if (debug) 1649279918Smav log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1650198319Smav SPP_ARGS(ifp), cp->name); 1651198319Smav sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1652195534Sscottl break; 1653195534Sscottl case STATE_OPENED: 1654196656Smav (cp->tld)(sp); 1655198319Smav sp->rst_counter[cp->protoidx] = 0; 1656196656Smav sppp_cp_change_state(cp, sp, STATE_STOPPING); 1657196656Smav goto sta; 1658198319Smav break; 1659198319Smav default: 1660198319Smav printf(SPP_FMT "%s illegal %s in state %s\n", 1661198319Smav SPP_ARGS(ifp), cp->name, 1662198319Smav sppp_cp_type_name(h->type), 1663198319Smav sppp_state_name(sp->state[cp->protoidx])); 1664203123Smav ++ifp->if_ierrors; 1665224498Smav } 1666198319Smav break; 1667224498Smav case TERM_ACK: 1668224498Smav switch (sp->state[cp->protoidx]) { 1669224498Smav case STATE_CLOSED: 1670224498Smav case STATE_STOPPED: 1671198319Smav case STATE_REQ_SENT: 1672275982Ssmh case STATE_ACK_SENT: 1673275982Ssmh break; 1674275982Ssmh case STATE_CLOSING: 1675198319Smav sppp_cp_change_state(cp, sp, STATE_CLOSED); 1676198319Smav (cp->tlf)(sp); 1677198319Smav break; 1678222304Smav case STATE_STOPPING: 1679222304Smav sppp_cp_change_state(cp, sp, STATE_STOPPED); 1680224498Smav (cp->tlf)(sp); 1681224498Smav break; 1682198319Smav case STATE_ACK_RCVD: 1683198319Smav sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1684224498Smav break; 1685224498Smav case STATE_OPENED: 1686195534Sscottl (cp->tld)(sp); 1687197838Smav (cp->scr)(sp); 1688195534Sscottl sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1689195534Sscottl break; 1690195534Sscottl default: 1691195534Sscottl printf(SPP_FMT "%s illegal %s in state %s\n", 1692198319Smav SPP_ARGS(ifp), cp->name, 1693198319Smav sppp_cp_type_name(h->type), 1694198319Smav sppp_state_name(sp->state[cp->protoidx])); 1695198319Smav ++ifp->if_ierrors; 1696260387Sscottl } 1697195534Sscottl break; 1698224498Smav case CODE_REJ: 1699203873Smav /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1700203873Smav log(LOG_INFO, 1701203873Smav SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1702203873Smav "danger will robinson\n", 1703203873Smav SPP_ARGS(ifp), cp->name, 1704203873Smav sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1705203873Smav switch (sp->state[cp->protoidx]) { 1706203873Smav case STATE_CLOSED: 1707203873Smav case STATE_STOPPED: 1708203873Smav case STATE_REQ_SENT: 1709203873Smav case STATE_ACK_SENT: 1710203873Smav case STATE_CLOSING: 1711203873Smav case STATE_STOPPING: 1712203873Smav case STATE_OPENED: 1713203873Smav break; 1714203873Smav case STATE_ACK_RCVD: 1715203873Smav sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1716279918Smav break; 1717203873Smav default: 1718203873Smav printf(SPP_FMT "%s illegal %s in state %s\n", 1719203873Smav SPP_ARGS(ifp), cp->name, 1720195534Sscottl sppp_cp_type_name(h->type), 1721195534Sscottl sppp_state_name(sp->state[cp->protoidx])); 1722195534Sscottl ++ifp->if_ierrors; 1723195534Sscottl } 1724195534Sscottl break; 1725195534Sscottl case PROTO_REJ: 1726195534Sscottl { 1727279918Smav int catastrophic; 1728195534Sscottl const struct cp *upper; 1729214988Smav int i; 1730212732Smav u_int16_t proto; 1731222304Smav 1732195534Sscottl catastrophic = 0; 1733195534Sscottl upper = NULL; 1734214988Smav proto = ntohs(*((u_int16_t *)p)); 1735214988Smav for (i = 0; i < IDX_COUNT; i++) { 1736214988Smav if (cps[i]->proto == proto) { 1737195534Sscottl upper = cps[i]; 1738195534Sscottl break; 1739195534Sscottl } 1740195534Sscottl } 1741195534Sscottl if (upper == NULL) 1742195534Sscottl catastrophic++; 1743195534Sscottl 1744195534Sscottl if (catastrophic || debug) 1745195534Sscottl log(catastrophic? LOG_INFO: LOG_DEBUG, 1746195534Sscottl SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1747195534Sscottl SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1748195534Sscottl sppp_cp_type_name(h->type), proto, 1749195534Sscottl upper ? upper->name : "unknown", 1750203123Smav upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1751203123Smav 1752203123Smav /* 1753203123Smav * if we got RXJ+ against conf-req, the peer does not implement 1754203123Smav * this particular protocol type. terminate the protocol. 1755203123Smav */ 1756203123Smav if (upper && !catastrophic) { 1757203123Smav if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1758203123Smav upper->Close(sp); 1759203123Smav break; 1760195534Sscottl } 1761195534Sscottl } 1762195534Sscottl 1763195534Sscottl /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1764195534Sscottl switch (sp->state[cp->protoidx]) { 1765195534Sscottl case STATE_CLOSED: 1766195534Sscottl case STATE_STOPPED: 1767195534Sscottl case STATE_REQ_SENT: 1768195534Sscottl case STATE_ACK_SENT: 1769222304Smav case STATE_CLOSING: 1770222304Smav case STATE_STOPPING: 1771222304Smav case STATE_OPENED: 1772222304Smav break; 1773222304Smav case STATE_ACK_RCVD: 1774222304Smav sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1775222304Smav break; 1776222304Smav default: 1777222304Smav printf(SPP_FMT "%s illegal %s in state %s\n", 1778222304Smav SPP_ARGS(ifp), cp->name, 1779222304Smav sppp_cp_type_name(h->type), 1780222304Smav sppp_state_name(sp->state[cp->protoidx])); 1781222304Smav ++ifp->if_ierrors; 1782222304Smav } 1783195534Sscottl break; 1784195534Sscottl } 1785214988Smav case DISC_REQ: 1786218596Smav if (cp->proto != PPP_LCP) 1787218596Smav goto illegal; 1788214988Smav /* Discard the packet. */ 1789214988Smav break; 1790214988Smav case ECHO_REQ: 1791214988Smav if (cp->proto != PPP_LCP) 1792218596Smav goto illegal; 1793218596Smav if (sp->state[cp->protoidx] != STATE_OPENED) { 1794214988Smav if (debug) 1795214988Smav log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1796214988Smav SPP_ARGS(ifp)); 1797195534Sscottl ++ifp->if_ierrors; 1798195534Sscottl break; 1799195534Sscottl } 1800195534Sscottl if (len < 8) { 1801195534Sscottl if (debug) 1802195534Sscottl log(-1, SPP_FMT "invalid lcp echo request " 1803195534Sscottl "packet length: %d bytes\n", 1804203123Smav SPP_ARGS(ifp), len); 1805203123Smav break; 1806198319Smav } 1807220565Smav if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1808198319Smav ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1809198319Smav /* Line loopback mode detected. */ 1810198319Smav printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1811198319Smav sp->pp_loopcnt = MAXALIVECNT * 5; 1812195534Sscottl if_down (ifp); 1813195534Sscottl sppp_qflush (&sp->pp_cpq); 1814195534Sscottl 1815195534Sscottl /* Shut down the PPP link. */ 1816195534Sscottl /* XXX */ 1817195534Sscottl lcp.Down(sp); 1818195534Sscottl lcp.Up(sp); 1819195534Sscottl break; 1820195534Sscottl } 1821198851Smav *(long*)(h+1) = htonl (sp->lcp.magic); 1822195534Sscottl if (debug) 1823195534Sscottl log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1824195534Sscottl SPP_ARGS(ifp)); 1825195534Sscottl sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1826195534Sscottl break; 1827195534Sscottl case ECHO_REPLY: 1828198319Smav if (cp->proto != PPP_LCP) 1829195534Sscottl goto illegal; 1830195534Sscottl if (h->ident != sp->lcp.echoid) { 1831195534Sscottl ++ifp->if_ierrors; 1832195534Sscottl break; 1833195534Sscottl } 1834195534Sscottl if (len < 8) { 1835195534Sscottl if (debug) 1836195534Sscottl log(-1, SPP_FMT "lcp invalid echo reply " 1837198851Smav "packet length: %d bytes\n", 1838220565Smav SPP_ARGS(ifp), len); 1839198319Smav break; 1840198319Smav } 1841198319Smav if (debug) 1842198319Smav log(-1, SPP_FMT "lcp got echo rep\n", 1843198319Smav SPP_ARGS(ifp)); 1844195534Sscottl if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1845195534Sscottl ntohl (*(long*)(h+1)) != sp->lcp.magic) 1846220565Smav sp->pp_alivecnt = 0; 1847198319Smav break; 1848198319Smav default: 1849198319Smav /* Unknown packet type -- send Code-Reject packet. */ 1850198319Smav illegal: 1851195534Sscottl if (debug) 1852195534Sscottl log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1853195534Sscottl SPP_ARGS(ifp), cp->name, h->type); 1854198851Smav sppp_cp_send(sp, cp->proto, CODE_REJ, 1855195534Sscottl ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1856195534Sscottl ++ifp->if_ierrors; 1857195534Sscottl } 1858199747Smav} 1859195534Sscottl 1860195534Sscottl 1861195534Sscottl/* 1862195534Sscottl * The generic part of all Up/Down/Open/Close/TO event handlers. 1863195534Sscottl * Basically, the state transition handling in the automaton. 1864195534Sscottl */ 1865203123Smavstatic void 1866195534Sscottlsppp_up_event(const struct cp *cp, struct sppp *sp) 1867195534Sscottl{ 1868195534Sscottl STDDCL; 1869203123Smav 1870195534Sscottl if (debug) 1871212732Smav log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1872212732Smav SPP_ARGS(ifp), cp->name, 1873212732Smav sppp_state_name(sp->state[cp->protoidx])); 1874212732Smav 1875212732Smav switch (sp->state[cp->protoidx]) { 1876212732Smav case STATE_INITIAL: 1877212732Smav sppp_cp_change_state(cp, sp, STATE_CLOSED); 1878195534Sscottl break; 1879195534Sscottl case STATE_STARTING: 1880195534Sscottl sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1881195534Sscottl (cp->scr)(sp); 1882195534Sscottl sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1883195534Sscottl break; 1884195534Sscottl default: 1885279918Smav printf(SPP_FMT "%s illegal up in state %s\n", 1886195534Sscottl SPP_ARGS(ifp), cp->name, 1887195534Sscottl sppp_state_name(sp->state[cp->protoidx])); 1888198851Smav } 1889220565Smav} 1890279918Smav 1891220565Smavstatic void 1892220565Smavsppp_down_event(const struct cp *cp, struct sppp *sp) 1893279918Smav{ 1894220565Smav STDDCL; 1895220565Smav 1896220565Smav if (debug) 1897220565Smav log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1898195534Sscottl SPP_ARGS(ifp), cp->name, 1899203123Smav sppp_state_name(sp->state[cp->protoidx])); 1900198851Smav 1901260387Sscottl switch (sp->state[cp->protoidx]) { 1902198851Smav case STATE_CLOSED: 1903198851Smav case STATE_CLOSING: 1904198851Smav sppp_cp_change_state(cp, sp, STATE_INITIAL); 1905203873Smav break; 1906279918Smav case STATE_STOPPED: 1907203123Smav sppp_cp_change_state(cp, sp, STATE_STARTING); 1908203123Smav (cp->tls)(sp); 1909203123Smav break; 1910279918Smav case STATE_STOPPING: 1911279918Smav case STATE_REQ_SENT: 1912279918Smav case STATE_ACK_RCVD: 1913203123Smav case STATE_ACK_SENT: 1914203123Smav sppp_cp_change_state(cp, sp, STATE_STARTING); 1915220565Smav break; 1916279918Smav case STATE_OPENED: 1917198851Smav (cp->tld)(sp); 1918203873Smav sppp_cp_change_state(cp, sp, STATE_STARTING); 1919203873Smav break; 1920203873Smav default: 1921279918Smav printf(SPP_FMT "%s illegal down in state %s\n", 1922222285Smav SPP_ARGS(ifp), cp->name, 1923279918Smav sppp_state_name(sp->state[cp->protoidx])); 1924222285Smav } 1925222285Smav} 1926279918Smav 1927222285Smav 1928222285Smavstatic void 1929196656Smavsppp_open_event(const struct cp *cp, struct sppp *sp) 1930207499Smav{ 1931207499Smav STDDCL; 1932196656Smav 1933196656Smav if (debug) 1934196656Smav log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1935195534Sscottl SPP_ARGS(ifp), cp->name, 1936195534Sscottl sppp_state_name(sp->state[cp->protoidx])); 1937195534Sscottl 1938279918Smav switch (sp->state[cp->protoidx]) { 1939195534Sscottl case STATE_INITIAL: 1940195534Sscottl sppp_cp_change_state(cp, sp, STATE_STARTING); 1941195534Sscottl (cp->tls)(sp); 1942220565Smav break; 1943195534Sscottl case STATE_STARTING: 1944195534Sscottl break; 1945220830Smav case STATE_CLOSED: 1946195534Sscottl sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1947195534Sscottl (cp->scr)(sp); 1948195534Sscottl sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1949195534Sscottl break; 1950195534Sscottl case STATE_STOPPED: 1951195534Sscottl /* 1952279918Smav * Try escaping stopped state. This seems to bite 1953220822Smav * people occasionally, in particular for IPCP, 1954220830Smav * presumably following previous IPCP negotiation 1955220822Smav * aborts. Somehow, we must have missed a Down event 1956220822Smav * which would have caused a transition into starting 1957220822Smav * state, so as a bandaid we force the Down event now. 1958220822Smav * This effectively implements (something like the) 1959220822Smav * `restart' option mentioned in the state transition 1960260387Sscottl * table of RFC 1661. 1961220822Smav */ 1962220822Smav sppp_cp_change_state(cp, sp, STATE_STARTING); 1963220822Smav (cp->tls)(sp); 1964279918Smav break; 1965220822Smav case STATE_STOPPING: 1966195534Sscottl case STATE_REQ_SENT: 1967195534Sscottl case STATE_ACK_RCVD: 1968220565Smav case STATE_ACK_SENT: 1969220565Smav case STATE_OPENED: 1970220565Smav break; 1971220565Smav case STATE_CLOSING: 1972220565Smav sppp_cp_change_state(cp, sp, STATE_STOPPING); 1973220565Smav break; 1974220565Smav } 1975220565Smav} 1976220565Smav 1977220565Smav 1978279918Smavstatic void 1979220830Smavsppp_close_event(const struct cp *cp, struct sppp *sp) 1980220822Smav{ 1981220565Smav STDDCL; 1982220565Smav 1983220565Smav if (debug) 1984220565Smav log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1985220565Smav SPP_ARGS(ifp), cp->name, 1986220565Smav sppp_state_name(sp->state[cp->protoidx])); 1987220565Smav 1988220565Smav switch (sp->state[cp->protoidx]) { 1989220565Smav case STATE_INITIAL: 1990220565Smav case STATE_CLOSED: 1991220565Smav case STATE_CLOSING: 1992220565Smav break; 1993220565Smav case STATE_STARTING: 1994220565Smav sppp_cp_change_state(cp, sp, STATE_INITIAL); 1995220565Smav (cp->tlf)(sp); 1996220565Smav break; 1997220565Smav case STATE_STOPPED: 1998220565Smav sppp_cp_change_state(cp, sp, STATE_CLOSED); 1999220565Smav break; 2000220565Smav case STATE_STOPPING: 2001220565Smav sppp_cp_change_state(cp, sp, STATE_CLOSING); 2002220565Smav break; 2003220565Smav case STATE_OPENED: 2004220565Smav (cp->tld)(sp); 2005220565Smav /* FALLTHROUGH */ 2006195534Sscottl case STATE_REQ_SENT: 2007220565Smav case STATE_ACK_RCVD: 2008220822Smav case STATE_ACK_SENT: 2009198319Smav sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 2010279918Smav sppp_cp_send(sp, cp->proto, TERM_REQ, 2011195534Sscottl ++sp->pp_seq[cp->protoidx], 0, 0); 2012195534Sscottl sppp_cp_change_state(cp, sp, STATE_CLOSING); 2013195534Sscottl break; 2014279918Smav } 2015195534Sscottl} 2016195534Sscottl 2017195534Sscottlstatic void 2018195534Sscottlsppp_to_event(const struct cp *cp, struct sppp *sp) 2019195534Sscottl{ 2020220565Smav STDDCL; 2021195534Sscottl int s; 2022195534Sscottl 2023195534Sscottl s = splimp(); 2024195534Sscottl if (debug) 2025195534Sscottl log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 2026195534Sscottl SPP_ARGS(ifp), cp->name, 2027195534Sscottl sppp_state_name(sp->state[cp->protoidx]), 2028220565Smav sp->rst_counter[cp->protoidx]); 2029220565Smav 2030195534Sscottl if (--sp->rst_counter[cp->protoidx] < 0) 2031195534Sscottl /* TO- event */ 2032195534Sscottl switch (sp->state[cp->protoidx]) { 2033195534Sscottl case STATE_CLOSING: 2034195534Sscottl sppp_cp_change_state(cp, sp, STATE_CLOSED); 2035195534Sscottl (cp->tlf)(sp); 2036195534Sscottl break; 2037195534Sscottl case STATE_STOPPING: 2038195534Sscottl sppp_cp_change_state(cp, sp, STATE_STOPPED); 2039195534Sscottl (cp->tlf)(sp); 2040195534Sscottl break; 2041195534Sscottl case STATE_REQ_SENT: 2042195534Sscottl case STATE_ACK_RCVD: 2043195534Sscottl case STATE_ACK_SENT: 2044195534Sscottl sppp_cp_change_state(cp, sp, STATE_STOPPED); 2045195534Sscottl (cp->tlf)(sp); 2046195534Sscottl break; 2047260387Sscottl } 2048195534Sscottl else 2049203123Smav /* TO+ event */ 2050195534Sscottl switch (sp->state[cp->protoidx]) { 2051195534Sscottl case STATE_CLOSING: 2052195534Sscottl case STATE_STOPPING: 2053279918Smav sppp_cp_send(sp, cp->proto, TERM_REQ, 2054195534Sscottl ++sp->pp_seq[cp->protoidx], 0, 0); 2055279918Smav TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 2056195534Sscottl sp->ch[cp->protoidx]); 2057195534Sscottl break; 2058195534Sscottl case STATE_REQ_SENT: 2059195534Sscottl case STATE_ACK_RCVD: 2060220565Smav (cp->scr)(sp); 2061220565Smav /* sppp_cp_change_state() will restart the timer */ 2062260387Sscottl sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2063195534Sscottl break; 2064203123Smav case STATE_ACK_SENT: 2065195534Sscottl (cp->scr)(sp); 2066195534Sscottl TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 2067195534Sscottl sp->ch[cp->protoidx]); 2068195534Sscottl break; 2069198319Smav } 2070195534Sscottl 2071195534Sscottl splx(s); 2072195534Sscottl} 2073279918Smav 2074220565Smav/* 2075220565Smav * Change the state of a control protocol in the state automaton. 2076220565Smav * Takes care of starting/stopping the restart timer. 2077220565Smav */ 2078220565Smavvoid 2079220565Smavsppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2080220565Smav{ 2081220565Smav sp->state[cp->protoidx] = newstate; 2082220565Smav 2083220565Smav UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 2084220565Smav switch (newstate) { 2085220565Smav case STATE_INITIAL: 2086260387Sscottl case STATE_STARTING: 2087220565Smav case STATE_CLOSED: 2088220565Smav case STATE_STOPPED: 2089220565Smav case STATE_OPENED: 2090220565Smav break; 2091220565Smav case STATE_CLOSING: 2092220565Smav case STATE_STOPPING: 2093220565Smav case STATE_REQ_SENT: 2094279918Smav case STATE_ACK_RCVD: 2095195534Sscottl case STATE_ACK_SENT: 2096195534Sscottl TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 2097195534Sscottl sp->ch[cp->protoidx]); 2098195534Sscottl break; 2099195534Sscottl } 2100195534Sscottl} 2101195534Sscottl 2102203123Smav/* 2103203123Smav *--------------------------------------------------------------------------* 2104203123Smav * * 2105203123Smav * The LCP implementation. * 2106203123Smav * * 2107203123Smav *--------------------------------------------------------------------------* 2108195534Sscottl */ 2109195534Sscottlstatic void 2110207430Smavsppp_lcp_init(struct sppp *sp) 2111195534Sscottl{ 2112195534Sscottl sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2113195534Sscottl sp->lcp.magic = 0; 2114195534Sscottl sp->state[IDX_LCP] = STATE_INITIAL; 2115195534Sscottl sp->fail_counter[IDX_LCP] = 0; 2116279918Smav sp->pp_seq[IDX_LCP] = 0; 2117195534Sscottl sp->pp_rseq[IDX_LCP] = 0; 2118195534Sscottl sp->lcp.protos = 0; 2119195534Sscottl sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2120195534Sscottl 2121195534Sscottl /* Note that these values are relevant for all control protocols */ 2122195534Sscottl sp->lcp.timeout = 3 * hz; 2123195534Sscottl sp->lcp.max_terminate = 2; 2124195534Sscottl sp->lcp.max_configure = 10; 2125195534Sscottl sp->lcp.max_failure = 10; 2126195534Sscottl#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2127220777Smav callout_handle_init(&sp->ch[IDX_LCP]); 2128220777Smav#endif 2129279918Smav} 2130195534Sscottl 2131195534Sscottlstatic void 2132195534Sscottlsppp_lcp_up(struct sppp *sp) 2133203123Smav{ 2134195534Sscottl STDDCL; 2135195534Sscottl 2136195534Sscottl sp->pp_alivecnt = 0; 2137279918Smav sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2138195534Sscottl sp->lcp.magic = 0; 2139195534Sscottl sp->lcp.protos = 0; 2140195534Sscottl sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2141195534Sscottl /* 2142195534Sscottl * If we are authenticator, negotiate LCP_AUTH 2143195534Sscottl */ 2144195534Sscottl if (sp->hisauth.proto != 0) 2145195534Sscottl sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2146195534Sscottl else 2147195534Sscottl sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2148195534Sscottl sp->pp_flags &= ~PP_NEEDAUTH; 2149220777Smav /* 2150220777Smav * If this interface is passive or dial-on-demand, and we are 2151279918Smav * still in Initial state, it means we've got an incoming 2152195534Sscottl * call. Activate the interface. 2153195534Sscottl */ 2154195534Sscottl if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2155195534Sscottl if (debug) 2156195534Sscottl log(LOG_DEBUG, 2157195534Sscottl SPP_FMT "Up event", SPP_ARGS(ifp)); 2158195534Sscottl ifp->if_flags |= IFF_RUNNING; 2159279918Smav if (sp->state[IDX_LCP] == STATE_INITIAL) { 2160195534Sscottl if (debug) 2161195534Sscottl log(-1, "(incoming call)\n"); 2162195534Sscottl sp->pp_flags |= PP_CALLIN; 2163195534Sscottl lcp.Open(sp); 2164195534Sscottl } else if (debug) 2165195534Sscottl log(-1, "\n"); 2166195534Sscottl } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2167195534Sscottl (sp->state[IDX_LCP] == STATE_INITIAL)) { 2168195534Sscottl ifp->if_flags |= IFF_RUNNING; 2169195534Sscottl lcp.Open(sp); 2170220777Smav } 2171220777Smav 2172279918Smav sppp_up_event(&lcp, sp); 2173195534Sscottl} 2174195534Sscottl 2175195534Sscottlstatic void 2176195534Sscottlsppp_lcp_down(struct sppp *sp) 2177195534Sscottl{ 2178195534Sscottl STDDCL; 2179279918Smav 2180195534Sscottl sppp_down_event(&lcp, sp); 2181195534Sscottl 2182195534Sscottl /* 2183195534Sscottl * If this is neither a dial-on-demand nor a passive 2184195534Sscottl * interface, simulate an ``ifconfig down'' action, so the 2185195534Sscottl * administrator can force a redial by another ``ifconfig 2186195534Sscottl * up''. XXX For leased line operation, should we immediately 2187195534Sscottl * try to reopen the connection here? 2188195534Sscottl */ 2189279918Smav if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2190195534Sscottl log(LOG_INFO, 2191195534Sscottl SPP_FMT "Down event, taking interface down.\n", 2192195534Sscottl SPP_ARGS(ifp)); 2193195534Sscottl if_down(ifp); 2194195534Sscottl } else { 2195195534Sscottl if (debug) 2196220576Smav log(LOG_DEBUG, 2197220576Smav SPP_FMT "Down event (carrier loss)\n", 2198279918Smav SPP_ARGS(ifp)); 2199220576Smav sp->pp_flags &= ~PP_CALLIN; 2200220576Smav if (sp->state[IDX_LCP] != STATE_INITIAL) 2201220576Smav lcp.Close(sp); 2202220576Smav ifp->if_flags &= ~IFF_RUNNING; 2203195534Sscottl } 2204195534Sscottl} 2205220576Smav 2206220576Smavstatic void 2207220576Smavsppp_lcp_open(struct sppp *sp) 2208195534Sscottl{ 2209279918Smav sppp_open_event(&lcp, sp); 2210220576Smav} 2211195534Sscottl 2212195534Sscottlstatic void 2213195534Sscottlsppp_lcp_close(struct sppp *sp) 2214195534Sscottl{ 2215220576Smav sppp_close_event(&lcp, sp); 2216220576Smav} 2217279918Smav 2218220576Smavstatic void 2219220576Smavsppp_lcp_TO(void *cookie) 2220220576Smav{ 2221220576Smav sppp_to_event(&lcp, (struct sppp *)cookie); 2222279918Smav} 2223220576Smav 2224220576Smav/* 2225279918Smav * Analyze a configure request. Return true if it was agreeable, and 2226220576Smav * caused action sca, false if it has been rejected or nak'ed, and 2227220576Smav * caused action scn. (The return value is used to make the state 2228220576Smav * transition decision in the state automaton.) 2229220576Smav */ 2230279918Smavstatic int 2231279918Smavsppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2232220576Smav{ 2233220576Smav STDDCL; 2234220576Smav u_char *buf, *r, *p; 2235220576Smav int origlen, rlen; 2236220576Smav u_long nmagic; 2237220576Smav u_short authproto; 2238220576Smav 2239279918Smav len -= 4; 2240195534Sscottl origlen = len; 2241279918Smav buf = r = malloc (len, M_TEMP, M_NOWAIT); 2242195534Sscottl if (! buf) 2243195534Sscottl return (0); 2244203108Smav 2245195534Sscottl if (debug) 2246279918Smav log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2247220576Smav SPP_ARGS(ifp)); 2248220576Smav 2249220576Smav /* pass 1: check for things that need to be rejected */ 2250220576Smav p = (void*) (h+1); 2251220576Smav for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2252220576Smav if (debug) 2253195534Sscottl log(-1, " %s ", sppp_lcp_opt_name(*p)); 2254195534Sscottl switch (*p) { 2255195534Sscottl case LCP_OPT_MAGIC: 2256195534Sscottl /* Magic number. */ 2257195534Sscottl if (len >= 6 && p[1] == 6) 2258198319Smav continue; 2259198319Smav if (debug) 2260198319Smav log(-1, "[invalid] "); 2261198319Smav break; 2262260387Sscottl case LCP_OPT_ASYNC_MAP: 2263195534Sscottl /* Async control character map. */ 2264195534Sscottl if (len >= 6 && p[1] == 6) 2265279918Smav continue; 2266195534Sscottl if (debug) 2267195534Sscottl log(-1, "[invalid] "); 2268195534Sscottl break; 2269195534Sscottl case LCP_OPT_MRU: 2270195534Sscottl /* Maximum receive unit. */ 2271195534Sscottl if (len >= 4 && p[1] == 4) 2272195534Sscottl continue; 2273198851Smav if (debug) 2274198851Smav log(-1, "[invalid] "); 2275198851Smav break; 2276260387Sscottl case LCP_OPT_AUTH_PROTO: 2277198851Smav if (len < 4) { 2278203123Smav if (debug) 2279198851Smav log(-1, "[invalid] "); 2280203873Smav break; 2281203873Smav } 2282203123Smav authproto = (p[2] << 8) + p[3]; 2283203873Smav if (authproto == PPP_CHAP && p[1] != 5) { 2284224498Smav if (debug) 2285198851Smav log(-1, "[invalid chap len] "); 2286198319Smav break; 2287198319Smav } 2288195534Sscottl if (sp->myauth.proto == 0) { 2289195534Sscottl /* we are not configured to do auth */ 2290195534Sscottl if (debug) 2291279918Smav log(-1, "[not configured] "); 2292195534Sscottl break; 2293279918Smav } 2294220576Smav /* 2295195534Sscottl * Remote want us to authenticate, remember this, 2296195534Sscottl * so we stay in PHASE_AUTHENTICATE after LCP got 2297195534Sscottl * up. 2298220657Smav */ 2299220657Smav sp->pp_flags |= PP_NEEDAUTH; 2300203108Smav continue; 2301195534Sscottl default: 2302195534Sscottl /* Others not supported. */ 2303220576Smav if (debug) 2304279918Smav log(-1, "[rej] "); 2305195534Sscottl break; 2306279918Smav } 2307220576Smav /* Add the option to rejected list. */ 2308279918Smav bcopy (p, r, p[1]); 2309220576Smav r += p[1]; 2310220576Smav rlen += p[1]; 2311220576Smav } 2312195534Sscottl if (rlen) { 2313195534Sscottl if (debug) 2314195534Sscottl log(-1, " send conf-rej\n"); 2315220657Smav sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2316220657Smav return 0; 2317195534Sscottl } else if (debug) 2318220657Smav log(-1, "\n"); 2319196656Smav 2320196656Smav /* 2321220576Smav * pass 2: check for option values that are unacceptable and 2322279918Smav * thus require to be nak'ed. 2323220777Smav */ 2324279918Smav if (debug) 2325220576Smav log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2326220777Smav SPP_ARGS(ifp)); 2327195534Sscottl 2328195534Sscottl p = (void*) (h+1); 2329195534Sscottl len = origlen; 2330279918Smav for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2331195534Sscottl if (debug) 2332195534Sscottl log(-1, " %s ", sppp_lcp_opt_name(*p)); 2333195534Sscottl switch (*p) { 2334279917Smav case LCP_OPT_MAGIC: 2335195534Sscottl /* Magic number -- extract. */ 2336195534Sscottl nmagic = (u_long)p[2] << 24 | 2337195534Sscottl (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2338195534Sscottl if (nmagic != sp->lcp.magic) { 2339195534Sscottl sp->pp_loopcnt = 0; 2340199821Smav if (debug) 2341199821Smav log(-1, "0x%lx ", nmagic); 2342195534Sscottl continue; 2343195534Sscottl } 2344195534Sscottl if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2345195534Sscottl log(-1, "[glitch] "); 2346195534Sscottl ++sp->pp_loopcnt; 2347195534Sscottl /* 2348195534Sscottl * We negate our magic here, and NAK it. If 2349195534Sscottl * we see it later in an NAK packet, we 2350195534Sscottl * suggest a new one. 2351195534Sscottl */ 2352248687Smav nmagic = ~sp->lcp.magic; 2353195534Sscottl /* Gonna NAK it. */ 2354195534Sscottl p[2] = nmagic >> 24; 2355195534Sscottl p[3] = nmagic >> 16; 2356195534Sscottl p[4] = nmagic >> 8; 2357195534Sscottl p[5] = nmagic; 2358195534Sscottl break; 2359195534Sscottl 2360195534Sscottl case LCP_OPT_ASYNC_MAP: 2361195534Sscottl /* 2362195534Sscottl * Async control character map -- just ignore it. 2363195534Sscottl * 2364195534Sscottl * Quote from RFC 1662, chapter 6: 2365195534Sscottl * To enable this functionality, synchronous PPP 2366195534Sscottl * implementations MUST always respond to the 2367195534Sscottl * Async-Control-Character-Map Configuration 2368195534Sscottl * Option with the LCP Configure-Ack. However, 2369195534Sscottl * acceptance of the Configuration Option does 2370195534Sscottl * not imply that the synchronous implementation 2371195534Sscottl * will do any ACCM mapping. Instead, all such 2372195534Sscottl * octet mapping will be performed by the 2373195534Sscottl * asynchronous-to-synchronous converter. 2374195534Sscottl */ 2375195534Sscottl continue; 2376195534Sscottl 2377195534Sscottl case LCP_OPT_MRU: 2378195534Sscottl /* 2379195534Sscottl * Maximum receive unit. Always agreeable, 2380195534Sscottl * but ignored by now. 2381195534Sscottl */ 2382195534Sscottl sp->lcp.their_mru = p[2] * 256 + p[3]; 2383220829Smav if (debug) 2384195534Sscottl log(-1, "%lu ", sp->lcp.their_mru); 2385195534Sscottl continue; 2386220777Smav 2387195534Sscottl case LCP_OPT_AUTH_PROTO: 2388220829Smav authproto = (p[2] << 8) + p[3]; 2389220829Smav if (sp->myauth.proto != authproto) { 2390195534Sscottl /* not agreed, nak */ 2391195534Sscottl if (debug) 2392195534Sscottl log(-1, "[mine %s != his %s] ", 2393195534Sscottl sppp_proto_name(sp->hisauth.proto), 2394196656Smav sppp_proto_name(authproto)); 2395196656Smav p[2] = sp->myauth.proto >> 8; 2396196656Smav p[3] = sp->myauth.proto; 2397196656Smav break; 2398196656Smav } 2399196656Smav if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2400196656Smav if (debug) 2401220829Smav log(-1, "[chap not MD5] "); 2402220829Smav p[4] = CHAP_MD5; 2403220777Smav break; 2404195534Sscottl } 2405220829Smav continue; 2406195534Sscottl } 2407220829Smav /* Add the option to nak'ed list. */ 2408220829Smav bcopy (p, r, p[1]); 2409220829Smav r += p[1]; 2410195534Sscottl rlen += p[1]; 2411195534Sscottl } 2412195534Sscottl if (rlen) { 2413195534Sscottl /* 2414220777Smav * Local and remote magics equal -- loopback? 2415220777Smav */ 2416195534Sscottl if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2417195534Sscottl if (sp->pp_loopcnt == MAXALIVECNT*5) 2418195534Sscottl printf (SPP_FMT "loopback\n", 2419195534Sscottl SPP_ARGS(ifp)); 2420195534Sscottl if (ifp->if_flags & IFF_UP) { 2421195534Sscottl if_down(ifp); 2422195534Sscottl sppp_qflush(&sp->pp_cpq); 2423279918Smav /* XXX ? */ 2424195534Sscottl lcp.Down(sp); 2425199821Smav lcp.Up(sp); 2426195534Sscottl } 2427195534Sscottl } else if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2428220657Smav if (debug) 2429220657Smav log(-1, " max_failure (%d) exceeded, " 2430220657Smav "send conf-rej\n", 2431220657Smav sp->lcp.max_failure); 2432220657Smav sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2433220657Smav } else { 2434199821Smav if (debug) 2435199821Smav log(-1, " send conf-nak\n"); 2436195534Sscottl sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2437199821Smav } 2438195534Sscottl } else { 2439199821Smav if (debug) 2440195534Sscottl log(-1, " send conf-ack\n"); 2441195534Sscottl sp->fail_counter[IDX_LCP] = 0; 2442195534Sscottl sp->pp_loopcnt = 0; 2443195534Sscottl sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2444196656Smav h->ident, origlen, h+1); 2445196656Smav } 2446220777Smav 2447196656Smav free (buf, M_TEMP); 2448195534Sscottl return (rlen == 0); 2449195534Sscottl} 2450203426Smav 2451220657Smav/* 2452220657Smav * Analyze the LCP Configure-Reject option list, and adjust our 2453220657Smav * negotiation. 2454220657Smav */ 2455220657Smavstatic void 2456220657Smavsppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2457203426Smav{ 2458203426Smav STDDCL; 2459203426Smav u_char *buf, *p; 2460203426Smav 2461195534Sscottl len -= 4; 2462195534Sscottl buf = malloc (len, M_TEMP, M_NOWAIT); 2463207430Smav if (!buf) 2464279918Smav return; 2465207430Smav 2466207430Smav if (debug) 2467207430Smav log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2468207430Smav SPP_ARGS(ifp)); 2469260387Sscottl 2470207430Smav p = (void*) (h+1); 2471207430Smav for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2472207430Smav if (debug) 2473207430Smav log(-1, " %s ", sppp_lcp_opt_name(*p)); 2474260387Sscottl switch (*p) { 2475207430Smav case LCP_OPT_MAGIC: 2476207430Smav /* Magic number -- can't use it, use 0 */ 2477207430Smav sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2478207430Smav sp->lcp.magic = 0; 2479207430Smav break; 2480195534Sscottl case LCP_OPT_MRU: 2481195534Sscottl /* 2482195534Sscottl * Should not be rejected anyway, since we only 2483195534Sscottl * negotiate a MRU if explicitly requested by 2484195534Sscottl * peer. 2485195534Sscottl */ 2486195534Sscottl sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2487195534Sscottl break; 2488195534Sscottl case LCP_OPT_AUTH_PROTO: 2489195534Sscottl /* 2490195534Sscottl * Peer doesn't want to authenticate himself, 2491195534Sscottl * deny unless this is a dialout call, and 2492195534Sscottl * AUTHFLAG_NOCALLOUT is set. 2493279918Smav */ 2494207430Smav if ((sp->pp_flags & PP_CALLIN) == 0 && 2495207430Smav (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2496207430Smav if (debug) 2497207430Smav log(-1, "[don't insist on auth " 2498195534Sscottl "for callout]"); 2499195534Sscottl sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2500195534Sscottl break; 2501220565Smav } 2502195534Sscottl if (debug) 2503279918Smav log(-1, "[access denied]\n"); 2504195534Sscottl lcp.Close(sp); 2505195534Sscottl break; 2506195534Sscottl } 2507195534Sscottl } 2508195534Sscottl if (debug) 2509195534Sscottl log(-1, "\n"); 2510279918Smav free (buf, M_TEMP); 2511207430Smav return; 2512195534Sscottl} 2513195534Sscottl 2514195534Sscottl/* 2515195534Sscottl * Analyze the LCP Configure-NAK option list, and adjust our 2516195534Sscottl * negotiation. 2517195534Sscottl */ 2518195534Sscottlstatic void 2519195534Sscottlsppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2520195534Sscottl{ 2521195534Sscottl STDDCL; 2522195534Sscottl u_char *buf, *p; 2523199747Smav u_long magic; 2524195534Sscottl 2525279918Smav len -= 4; 2526207430Smav buf = malloc (len, M_TEMP, M_NOWAIT); 2527199747Smav if (!buf) 2528199747Smav return; 2529199747Smav 2530199747Smav if (debug) 2531199747Smav log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2532199747Smav SPP_ARGS(ifp)); 2533199747Smav 2534199747Smav p = (void*) (h+1); 2535199747Smav for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2536199747Smav if (debug) 2537199747Smav log(-1, " %s ", sppp_lcp_opt_name(*p)); 2538199747Smav switch (*p) { 2539199747Smav case LCP_OPT_MAGIC: 2540195534Sscottl /* Magic number -- renegotiate */ 2541203376Smav if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2542203376Smav len >= 6 && p[1] == 6) { 2543207499Smav magic = (u_long)p[2] << 24 | 2544207499Smav (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2545195534Sscottl /* 2546195534Sscottl * If the remote magic is our negated one, 2547195534Sscottl * this looks like a loopback problem. 2548195534Sscottl * Suggest a new magic to make sure. 2549195534Sscottl */ 2550195534Sscottl if (magic == ~sp->lcp.magic) { 2551195534Sscottl if (debug) 2552199747Smav log(-1, "magic glitch "); 2553195534Sscottl#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2554195534Sscottl sp->lcp.magic = random(); 2555279918Smav#else 2556207430Smav sp->lcp.magic = time.tv_sec + time.tv_usec; 2557199747Smav#endif 2558199747Smav } else { 2559199747Smav sp->lcp.magic = magic; 2560199747Smav if (debug) 2561236666Smav log(-1, "%lu ", magic); 2562196656Smav } 2563195534Sscottl } 2564196656Smav break; 2565195534Sscottl case LCP_OPT_MRU: 2566195534Sscottl /* 2567199747Smav * Peer wants to advise us to negotiate an MRU. 2568199747Smav * Agree on it if it's reasonable, or use 2569199747Smav * default otherwise. 2570195534Sscottl */ 2571199747Smav if (len >= 4 && p[1] == 4) { 2572199747Smav u_int mru = p[2] * 256 + p[3]; 2573199747Smav if (debug) 2574199747Smav log(-1, "%d ", mru); 2575199747Smav if (mru < PP_MTU || mru > PP_MAX_MRU) 2576199747Smav mru = PP_MTU; 2577207499Smav sp->lcp.mru = mru; 2578207499Smav sp->lcp.opts |= (1 << LCP_OPT_MRU); 2579207499Smav } 2580207499Smav break; 2581207499Smav case LCP_OPT_AUTH_PROTO: 2582207499Smav /* 2583207499Smav * Peer doesn't like our authentication method, 2584207499Smav * deny. 2585207499Smav */ 2586207499Smav if (debug) 2587220602Smav log(-1, "[access denied]\n"); 2588207499Smav lcp.Close(sp); 2589207499Smav break; 2590207499Smav } 2591195534Sscottl } 2592199747Smav if (debug) 2593199747Smav log(-1, "\n"); 2594207499Smav free (buf, M_TEMP); 2595207499Smav return; 2596195534Sscottl} 2597199747Smav 2598199747Smavstatic void 2599199747Smavsppp_lcp_tlu(struct sppp *sp) 2600199747Smav{ 2601199747Smav STDDCL; 2602195534Sscottl int i; 2603199747Smav u_long mask; 2604199747Smav 2605203376Smav /* XXX ? */ 2606203376Smav if (! (ifp->if_flags & IFF_UP) && 2607195534Sscottl (ifp->if_flags & IFF_RUNNING)) { 2608195534Sscottl /* Coming out of loopback mode. */ 2609195534Sscottl if_up(ifp); 2610195534Sscottl printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2611195534Sscottl } 2612279918Smav 2613195534Sscottl for (i = 0; i < IDX_COUNT; i++) 2614195534Sscottl if ((cps[i])->flags & CP_QUAL) 2615195534Sscottl (cps[i])->Open(sp); 2616195534Sscottl 2617195534Sscottl if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2618195534Sscottl (sp->pp_flags & PP_NEEDAUTH) != 0) 2619195534Sscottl sp->pp_phase = PHASE_AUTHENTICATE; 2620195534Sscottl else 2621195534Sscottl sp->pp_phase = PHASE_NETWORK; 2622195534Sscottl 2623195534Sscottl if (debug) 2624199278Smav log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2625199278Smav sppp_phase_name(sp->pp_phase)); 2626199278Smav 2627195534Sscottl /* 2628195534Sscottl * Open all authentication protocols. This is even required 2629195534Sscottl * if we already proceeded to network phase, since it might be 2630248522Skib * that remote wants us to authenticate, so we might have to 2631195534Sscottl * send a PAP request. Undesired authentication protocols 2632195534Sscottl * don't do anything when they get an Open event. 2633198322Smav */ 2634195534Sscottl for (i = 0; i < IDX_COUNT; i++) 2635195534Sscottl if ((cps[i])->flags & CP_AUTH) 2636195534Sscottl (cps[i])->Open(sp); 2637195534Sscottl 2638195534Sscottl if (sp->pp_phase == PHASE_NETWORK) { 2639195534Sscottl /* Notify all NCPs. */ 2640315813Smav for (i = 0; i < IDX_COUNT; i++) 2641315813Smav if (((cps[i])->flags & CP_NCP) && 2642315813Smav /* 2643195534Sscottl * XXX 2644195534Sscottl * Hack to administratively disable IPv6 if 2645196656Smav * not desired. Perhaps we should have another 2646236847Smav * flag for this, but right now, we can make 2647196656Smav * all struct cp's read/only. 2648195534Sscottl */ 2649196777Smav (cps[i] != &ipv6cp || 2650279918Smav (sp->confflags & CONF_ENABLE_IPV6))) 2651196796Smav (cps[i])->Open(sp); 2652279918Smav } 2653279918Smav 2654279918Smav /* Send Up events to all started protos. */ 2655279918Smav for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2656195534Sscottl if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2657195534Sscottl (cps[i])->Up(sp); 2658195534Sscottl 2659195534Sscottl /* notify low-level driver of state change */ 2660195534Sscottl if (sp->pp_chg) 2661195534Sscottl sp->pp_chg(sp, (int)sp->pp_phase); 2662195534Sscottl 2663260387Sscottl if (sp->pp_phase == PHASE_NETWORK) 2664195534Sscottl /* if no NCP is starting, close down */ 2665195534Sscottl sppp_lcp_check_and_close(sp); 2666195534Sscottl} 2667195534Sscottl 2668195534Sscottlstatic void 2669195534Sscottlsppp_lcp_tld(struct sppp *sp) 2670260387Sscottl{ 2671195534Sscottl STDDCL; 2672260387Sscottl int i; 2673260387Sscottl u_long mask; 2674260387Sscottl 2675260387Sscottl sp->pp_phase = PHASE_TERMINATE; 2676220789Smav 2677220789Smav if (debug) 2678220789Smav log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2679279918Smav sppp_phase_name(sp->pp_phase)); 2680220789Smav 2681195534Sscottl /* 2682279918Smav * Take upper layers down. We send the Down event first and 2683279918Smav * the Close second to prevent the upper layers from sending 2684 * ``a flurry of terminate-request packets'', as the RFC 2685 * describes it. 2686 */ 2687 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2688 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2689 (cps[i])->Down(sp); 2690 (cps[i])->Close(sp); 2691 } 2692} 2693 2694static void 2695sppp_lcp_tls(struct sppp *sp) 2696{ 2697 STDDCL; 2698 2699 sp->pp_phase = PHASE_ESTABLISH; 2700 2701 if (debug) 2702 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2703 sppp_phase_name(sp->pp_phase)); 2704 2705 /* Notify lower layer if desired. */ 2706 if (sp->pp_tls) 2707 (sp->pp_tls)(sp); 2708 else 2709 (sp->pp_up)(sp); 2710} 2711 2712static void 2713sppp_lcp_tlf(struct sppp *sp) 2714{ 2715 STDDCL; 2716 2717 sp->pp_phase = PHASE_DEAD; 2718 if (debug) 2719 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2720 sppp_phase_name(sp->pp_phase)); 2721 2722 /* Notify lower layer if desired. */ 2723 if (sp->pp_tlf) 2724 (sp->pp_tlf)(sp); 2725 else 2726 (sp->pp_down)(sp); 2727} 2728 2729static void 2730sppp_lcp_scr(struct sppp *sp) 2731{ 2732 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2733 int i = 0; 2734 u_short authproto; 2735 2736 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2737 if (! sp->lcp.magic) 2738#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2739 sp->lcp.magic = random(); 2740#else 2741 sp->lcp.magic = time.tv_sec + time.tv_usec; 2742#endif 2743 opt[i++] = LCP_OPT_MAGIC; 2744 opt[i++] = 6; 2745 opt[i++] = sp->lcp.magic >> 24; 2746 opt[i++] = sp->lcp.magic >> 16; 2747 opt[i++] = sp->lcp.magic >> 8; 2748 opt[i++] = sp->lcp.magic; 2749 } 2750 2751 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2752 opt[i++] = LCP_OPT_MRU; 2753 opt[i++] = 4; 2754 opt[i++] = sp->lcp.mru >> 8; 2755 opt[i++] = sp->lcp.mru; 2756 } 2757 2758 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2759 authproto = sp->hisauth.proto; 2760 opt[i++] = LCP_OPT_AUTH_PROTO; 2761 opt[i++] = authproto == PPP_CHAP? 5: 4; 2762 opt[i++] = authproto >> 8; 2763 opt[i++] = authproto; 2764 if (authproto == PPP_CHAP) 2765 opt[i++] = CHAP_MD5; 2766 } 2767 2768 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2769 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2770} 2771 2772/* 2773 * Check the open NCPs, return true if at least one NCP is open. 2774 */ 2775static int 2776sppp_ncp_check(struct sppp *sp) 2777{ 2778 int i, mask; 2779 2780 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2781 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2782 return 1; 2783 return 0; 2784} 2785 2786/* 2787 * Re-check the open NCPs and see if we should terminate the link. 2788 * Called by the NCPs during their tlf action handling. 2789 */ 2790static void 2791sppp_lcp_check_and_close(struct sppp *sp) 2792{ 2793 2794 if (sp->pp_phase < PHASE_NETWORK) 2795 /* don't bother, we are already going down */ 2796 return; 2797 2798 if (sppp_ncp_check(sp)) 2799 return; 2800 2801 lcp.Close(sp); 2802} 2803 2804/* 2805 *--------------------------------------------------------------------------* 2806 * * 2807 * The IPCP implementation. * 2808 * * 2809 *--------------------------------------------------------------------------* 2810 */ 2811 2812static void 2813sppp_ipcp_init(struct sppp *sp) 2814{ 2815 sp->ipcp.opts = 0; 2816 sp->ipcp.flags = 0; 2817 sp->state[IDX_IPCP] = STATE_INITIAL; 2818 sp->fail_counter[IDX_IPCP] = 0; 2819 sp->pp_seq[IDX_IPCP] = 0; 2820 sp->pp_rseq[IDX_IPCP] = 0; 2821#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2822 callout_handle_init(&sp->ch[IDX_IPCP]); 2823#endif 2824} 2825 2826static void 2827sppp_ipcp_up(struct sppp *sp) 2828{ 2829 sppp_up_event(&ipcp, sp); 2830} 2831 2832static void 2833sppp_ipcp_down(struct sppp *sp) 2834{ 2835 sppp_down_event(&ipcp, sp); 2836} 2837 2838static void 2839sppp_ipcp_open(struct sppp *sp) 2840{ 2841 STDDCL; 2842 u_long myaddr, hisaddr; 2843 2844 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN | 2845 IPCP_MYADDR_DYN | IPCP_VJ); 2846 sp->ipcp.opts = 0; 2847 2848 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2849 /* 2850 * If we don't have his address, this probably means our 2851 * interface doesn't want to talk IP at all. (This could 2852 * be the case if somebody wants to speak only IPX, for 2853 * example.) Don't open IPCP in this case. 2854 */ 2855 if (hisaddr == 0L) { 2856 /* XXX this message should go away */ 2857 if (debug) 2858 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2859 SPP_ARGS(ifp)); 2860 return; 2861 } 2862 if (myaddr == 0L) { 2863 /* 2864 * I don't have an assigned address, so i need to 2865 * negotiate my address. 2866 */ 2867 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2868 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2869 } else 2870 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2871 if (sp->confflags & CONF_ENABLE_VJ) { 2872 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION); 2873 sp->ipcp.max_state = MAX_STATES - 1; 2874 sp->ipcp.compress_cid = 1; 2875 } 2876 sppp_open_event(&ipcp, sp); 2877} 2878 2879static void 2880sppp_ipcp_close(struct sppp *sp) 2881{ 2882 sppp_close_event(&ipcp, sp); 2883 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2884 /* 2885 * My address was dynamic, clear it again. 2886 */ 2887 sppp_set_ip_addr(sp, 0L); 2888} 2889 2890static void 2891sppp_ipcp_TO(void *cookie) 2892{ 2893 sppp_to_event(&ipcp, (struct sppp *)cookie); 2894} 2895 2896/* 2897 * Analyze a configure request. Return true if it was agreeable, and 2898 * caused action sca, false if it has been rejected or nak'ed, and 2899 * caused action scn. (The return value is used to make the state 2900 * transition decision in the state automaton.) 2901 */ 2902static int 2903sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2904{ 2905 u_char *buf, *r, *p; 2906 struct ifnet *ifp = &sp->pp_if; 2907 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2908 u_long hisaddr, desiredaddr; 2909 int gotmyaddr = 0; 2910 int desiredcomp; 2911 2912 len -= 4; 2913 origlen = len; 2914 /* 2915 * Make sure to allocate a buf that can at least hold a 2916 * conf-nak with an `address' option. We might need it below. 2917 */ 2918 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2919 if (! buf) 2920 return (0); 2921 2922 /* pass 1: see if we can recognize them */ 2923 if (debug) 2924 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2925 SPP_ARGS(ifp)); 2926 p = (void*) (h+1); 2927 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2928 if (debug) 2929 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2930 switch (*p) { 2931 case IPCP_OPT_COMPRESSION: 2932 if (!(sp->confflags & CONF_ENABLE_VJ)) { 2933 /* VJ compression administratively disabled */ 2934 if (debug) 2935 log(-1, "[locally disabled] "); 2936 break; 2937 } 2938 /* 2939 * In theory, we should only conf-rej an 2940 * option that is shorter than RFC 1618 2941 * requires (i.e. < 4), and should conf-nak 2942 * anything else that is not VJ. However, 2943 * since our algorithm always uses the 2944 * original option to NAK it with new values, 2945 * things would become more complicated. In 2946 * pratice, the only commonly implemented IP 2947 * compression option is VJ anyway, so the 2948 * difference is negligible. 2949 */ 2950 if (len >= 6 && p[1] == 6) { 2951 /* 2952 * correctly formed compression option 2953 * that could be VJ compression 2954 */ 2955 continue; 2956 } 2957 if (debug) 2958 log(-1, 2959 "optlen %d [invalid/unsupported] ", 2960 p[1]); 2961 break; 2962 case IPCP_OPT_ADDRESS: 2963 if (len >= 6 && p[1] == 6) { 2964 /* correctly formed address option */ 2965 continue; 2966 } 2967 if (debug) 2968 log(-1, "[invalid] "); 2969 break; 2970 default: 2971 /* Others not supported. */ 2972 if (debug) 2973 log(-1, "[rej] "); 2974 break; 2975 } 2976 /* Add the option to rejected list. */ 2977 bcopy (p, r, p[1]); 2978 r += p[1]; 2979 rlen += p[1]; 2980 } 2981 if (rlen) { 2982 if (debug) 2983 log(-1, " send conf-rej\n"); 2984 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2985 return 0; 2986 } else if (debug) 2987 log(-1, "\n"); 2988 2989 /* pass 2: parse option values */ 2990 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2991 if (debug) 2992 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2993 SPP_ARGS(ifp)); 2994 p = (void*) (h+1); 2995 len = origlen; 2996 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2997 if (debug) 2998 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2999 switch (*p) { 3000 case IPCP_OPT_COMPRESSION: 3001 desiredcomp = p[2] << 8 | p[3]; 3002 /* We only support VJ */ 3003 if (desiredcomp == IPCP_COMP_VJ) { 3004 if (debug) 3005 log(-1, "VJ [ack] "); 3006 sp->ipcp.flags |= IPCP_VJ; 3007 sl_compress_init(sp->pp_comp, p[4]); 3008 sp->ipcp.max_state = p[4]; 3009 sp->ipcp.compress_cid = p[5]; 3010 continue; 3011 } 3012 if (debug) 3013 log(-1, 3014 "compproto %#04x [not supported] ", 3015 desiredcomp); 3016 p[2] = IPCP_COMP_VJ >> 8; 3017 p[3] = IPCP_COMP_VJ; 3018 p[4] = sp->ipcp.max_state; 3019 p[5] = sp->ipcp.compress_cid; 3020 break; 3021 case IPCP_OPT_ADDRESS: 3022 /* This is the address he wants in his end */ 3023 desiredaddr = p[2] << 24 | p[3] << 16 | 3024 p[4] << 8 | p[5]; 3025 if (desiredaddr == hisaddr || 3026 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) { 3027 /* 3028 * Peer's address is same as our value, 3029 * or we have set it to 0.0.0.* to 3030 * indicate that we do not really care, 3031 * this is agreeable. Gonna conf-ack 3032 * it. 3033 */ 3034 if (debug) 3035 log(-1, "%s [ack] ", 3036 sppp_dotted_quad(hisaddr)); 3037 /* record that we've seen it already */ 3038 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3039 continue; 3040 } 3041 /* 3042 * The address wasn't agreeable. This is either 3043 * he sent us 0.0.0.0, asking to assign him an 3044 * address, or he send us another address not 3045 * matching our value. Either case, we gonna 3046 * conf-nak it with our value. 3047 * XXX: we should "rej" if hisaddr == 0 3048 */ 3049 if (debug) { 3050 if (desiredaddr == 0) 3051 log(-1, "[addr requested] "); 3052 else 3053 log(-1, "%s [not agreed] ", 3054 sppp_dotted_quad(desiredaddr)); 3055 3056 } 3057 p[2] = hisaddr >> 24; 3058 p[3] = hisaddr >> 16; 3059 p[4] = hisaddr >> 8; 3060 p[5] = hisaddr; 3061 break; 3062 } 3063 /* Add the option to nak'ed list. */ 3064 bcopy (p, r, p[1]); 3065 r += p[1]; 3066 rlen += p[1]; 3067 } 3068 3069 /* 3070 * If we are about to conf-ack the request, but haven't seen 3071 * his address so far, gonna conf-nak it instead, with the 3072 * `address' option present and our idea of his address being 3073 * filled in there, to request negotiation of both addresses. 3074 * 3075 * XXX This can result in an endless req - nak loop if peer 3076 * doesn't want to send us his address. Q: What should we do 3077 * about it? XXX A: implement the max-failure counter. 3078 */ 3079 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 3080 buf[0] = IPCP_OPT_ADDRESS; 3081 buf[1] = 6; 3082 buf[2] = hisaddr >> 24; 3083 buf[3] = hisaddr >> 16; 3084 buf[4] = hisaddr >> 8; 3085 buf[5] = hisaddr; 3086 rlen = 6; 3087 if (debug) 3088 log(-1, "still need hisaddr "); 3089 } 3090 3091 if (rlen) { 3092 if (debug) 3093 log(-1, " send conf-nak\n"); 3094 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3095 } else { 3096 if (debug) 3097 log(-1, " send conf-ack\n"); 3098 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 3099 h->ident, origlen, h+1); 3100 } 3101 3102 free (buf, M_TEMP); 3103 return (rlen == 0); 3104} 3105 3106/* 3107 * Analyze the IPCP Configure-Reject option list, and adjust our 3108 * negotiation. 3109 */ 3110static void 3111sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3112{ 3113 u_char *buf, *p; 3114 struct ifnet *ifp = &sp->pp_if; 3115 int debug = ifp->if_flags & IFF_DEBUG; 3116 3117 len -= 4; 3118 buf = malloc (len, M_TEMP, M_NOWAIT); 3119 if (!buf) 3120 return; 3121 3122 if (debug) 3123 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 3124 SPP_ARGS(ifp)); 3125 3126 p = (void*) (h+1); 3127 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3128 if (debug) 3129 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3130 switch (*p) { 3131 case IPCP_OPT_COMPRESSION: 3132 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION); 3133 break; 3134 case IPCP_OPT_ADDRESS: 3135 /* 3136 * Peer doesn't grok address option. This is 3137 * bad. XXX Should we better give up here? 3138 * XXX We could try old "addresses" option... 3139 */ 3140 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3141 break; 3142 } 3143 } 3144 if (debug) 3145 log(-1, "\n"); 3146 free (buf, M_TEMP); 3147 return; 3148} 3149 3150/* 3151 * Analyze the IPCP Configure-NAK option list, and adjust our 3152 * negotiation. 3153 */ 3154static void 3155sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3156{ 3157 u_char *buf, *p; 3158 struct ifnet *ifp = &sp->pp_if; 3159 int debug = ifp->if_flags & IFF_DEBUG; 3160 int desiredcomp; 3161 u_long wantaddr; 3162 3163 len -= 4; 3164 buf = malloc (len, M_TEMP, M_NOWAIT); 3165 if (!buf) 3166 return; 3167 3168 if (debug) 3169 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 3170 SPP_ARGS(ifp)); 3171 3172 p = (void*) (h+1); 3173 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3174 if (debug) 3175 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3176 switch (*p) { 3177 case IPCP_OPT_COMPRESSION: 3178 if (len >= 6 && p[1] == 6) { 3179 desiredcomp = p[2] << 8 | p[3]; 3180 if (debug) 3181 log(-1, "[wantcomp %#04x] ", 3182 desiredcomp); 3183 if (desiredcomp == IPCP_COMP_VJ) { 3184 sl_compress_init(sp->pp_comp, p[4]); 3185 sp->ipcp.max_state = p[4]; 3186 sp->ipcp.compress_cid = p[5]; 3187 if (debug) 3188 log(-1, "[agree] "); 3189 } else 3190 sp->ipcp.opts &= 3191 ~(1 << IPCP_OPT_COMPRESSION); 3192 } 3193 break; 3194 case IPCP_OPT_ADDRESS: 3195 /* 3196 * Peer doesn't like our local IP address. See 3197 * if we can do something for him. We'll drop 3198 * him our address then. 3199 */ 3200 if (len >= 6 && p[1] == 6) { 3201 wantaddr = p[2] << 24 | p[3] << 16 | 3202 p[4] << 8 | p[5]; 3203 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3204 if (debug) 3205 log(-1, "[wantaddr %s] ", 3206 sppp_dotted_quad(wantaddr)); 3207 /* 3208 * When doing dynamic address assignment, 3209 * we accept his offer. Otherwise, we 3210 * ignore it and thus continue to negotiate 3211 * our already existing value. 3212 * XXX: Bogus, if he said no once, he'll 3213 * just say no again, might as well die. 3214 */ 3215 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3216 sppp_set_ip_addr(sp, wantaddr); 3217 if (debug) 3218 log(-1, "[agree] "); 3219 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3220 } 3221 } 3222 break; 3223 } 3224 } 3225 if (debug) 3226 log(-1, "\n"); 3227 free (buf, M_TEMP); 3228 return; 3229} 3230 3231static void 3232sppp_ipcp_tlu(struct sppp *sp) 3233{ 3234 /* we are up - notify isdn daemon */ 3235 if (sp->pp_con) 3236 sp->pp_con(sp); 3237} 3238 3239static void 3240sppp_ipcp_tld(struct sppp *sp) 3241{ 3242} 3243 3244static void 3245sppp_ipcp_tls(struct sppp *sp) 3246{ 3247 /* indicate to LCP that it must stay alive */ 3248 sp->lcp.protos |= (1 << IDX_IPCP); 3249} 3250 3251static void 3252sppp_ipcp_tlf(struct sppp *sp) 3253{ 3254 /* we no longer need LCP */ 3255 sp->lcp.protos &= ~(1 << IDX_IPCP); 3256 sppp_lcp_check_and_close(sp); 3257} 3258 3259static void 3260sppp_ipcp_scr(struct sppp *sp) 3261{ 3262 char opt[6 /* compression */ + 6 /* address */]; 3263 u_long ouraddr; 3264 int i = 0; 3265 3266 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3267 opt[i++] = IPCP_OPT_COMPRESSION; 3268 opt[i++] = 6; 3269 opt[i++] = IPCP_COMP_VJ >> 8; 3270 opt[i++] = IPCP_COMP_VJ; 3271 opt[i++] = sp->ipcp.max_state; 3272 opt[i++] = sp->ipcp.compress_cid; 3273 } 3274 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3275 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3276 opt[i++] = IPCP_OPT_ADDRESS; 3277 opt[i++] = 6; 3278 opt[i++] = ouraddr >> 24; 3279 opt[i++] = ouraddr >> 16; 3280 opt[i++] = ouraddr >> 8; 3281 opt[i++] = ouraddr; 3282 } 3283 3284 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3285 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3286} 3287 3288/* 3289 *--------------------------------------------------------------------------* 3290 * * 3291 * The IPv6CP implementation. * 3292 * * 3293 *--------------------------------------------------------------------------* 3294 */ 3295 3296#ifdef INET6 3297static void 3298sppp_ipv6cp_init(struct sppp *sp) 3299{ 3300 sp->ipv6cp.opts = 0; 3301 sp->ipv6cp.flags = 0; 3302 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3303 sp->fail_counter[IDX_IPV6CP] = 0; 3304 sp->pp_seq[IDX_IPV6CP] = 0; 3305 sp->pp_rseq[IDX_IPV6CP] = 0; 3306#if defined(__NetBSD__) 3307 callout_init(&sp->ch[IDX_IPV6CP]); 3308#endif 3309#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3310 callout_handle_init(&sp->ch[IDX_IPV6CP]); 3311#endif 3312} 3313 3314static void 3315sppp_ipv6cp_up(struct sppp *sp) 3316{ 3317 sppp_up_event(&ipv6cp, sp); 3318} 3319 3320static void 3321sppp_ipv6cp_down(struct sppp *sp) 3322{ 3323 sppp_down_event(&ipv6cp, sp); 3324} 3325 3326static void 3327sppp_ipv6cp_open(struct sppp *sp) 3328{ 3329 STDDCL; 3330 struct in6_addr myaddr, hisaddr; 3331 3332#ifdef IPV6CP_MYIFID_DYN 3333 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3334#else 3335 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3336#endif 3337 3338 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3339 /* 3340 * If we don't have our address, this probably means our 3341 * interface doesn't want to talk IPv6 at all. (This could 3342 * be the case if somebody wants to speak only IPX, for 3343 * example.) Don't open IPv6CP in this case. 3344 */ 3345 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3346 /* XXX this message should go away */ 3347 if (debug) 3348 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3349 SPP_ARGS(ifp)); 3350 return; 3351 } 3352 3353 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3354 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3355 sppp_open_event(&ipv6cp, sp); 3356} 3357 3358static void 3359sppp_ipv6cp_close(struct sppp *sp) 3360{ 3361 sppp_close_event(&ipv6cp, sp); 3362} 3363 3364static void 3365sppp_ipv6cp_TO(void *cookie) 3366{ 3367 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3368} 3369 3370/* 3371 * Analyze a configure request. Return true if it was agreeable, and 3372 * caused action sca, false if it has been rejected or nak'ed, and 3373 * caused action scn. (The return value is used to make the state 3374 * transition decision in the state automaton.) 3375 */ 3376static int 3377sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3378{ 3379 u_char *buf, *r, *p; 3380 struct ifnet *ifp = &sp->pp_if; 3381 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3382 struct in6_addr myaddr, desiredaddr, suggestaddr; 3383 int ifidcount; 3384 int type; 3385 int collision, nohisaddr; 3386 3387 len -= 4; 3388 origlen = len; 3389 /* 3390 * Make sure to allocate a buf that can at least hold a 3391 * conf-nak with an `address' option. We might need it below. 3392 */ 3393 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3394 if (! buf) 3395 return (0); 3396 3397 /* pass 1: see if we can recognize them */ 3398 if (debug) 3399 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3400 SPP_ARGS(ifp)); 3401 p = (void*) (h+1); 3402 ifidcount = 0; 3403 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3404 if (debug) 3405 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3406 switch (*p) { 3407 case IPV6CP_OPT_IFID: 3408 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3409 /* correctly formed address option */ 3410 ifidcount++; 3411 continue; 3412 } 3413 if (debug) 3414 log(-1, " [invalid]"); 3415 break; 3416#ifdef notyet 3417 case IPV6CP_OPT_COMPRESSION: 3418 if (len >= 4 && p[1] >= 4) { 3419 /* correctly formed compress option */ 3420 continue; 3421 } 3422 if (debug) 3423 log(-1, " [invalid]"); 3424 break; 3425#endif 3426 default: 3427 /* Others not supported. */ 3428 if (debug) 3429 log(-1, " [rej]"); 3430 break; 3431 } 3432 /* Add the option to rejected list. */ 3433 bcopy (p, r, p[1]); 3434 r += p[1]; 3435 rlen += p[1]; 3436 } 3437 if (rlen) { 3438 if (debug) 3439 log(-1, " send conf-rej\n"); 3440 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3441 goto end; 3442 } else if (debug) 3443 log(-1, "\n"); 3444 3445 /* pass 2: parse option values */ 3446 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3447 if (debug) 3448 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3449 SPP_ARGS(ifp)); 3450 p = (void*) (h+1); 3451 len = origlen; 3452 type = CONF_ACK; 3453 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3454 if (debug) 3455 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3456 switch (*p) { 3457#ifdef notyet 3458 case IPV6CP_OPT_COMPRESSION: 3459 continue; 3460#endif 3461 case IPV6CP_OPT_IFID: 3462 bzero(&desiredaddr, sizeof(desiredaddr)); 3463 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3464 collision = (bcmp(&desiredaddr.s6_addr[8], 3465 &myaddr.s6_addr[8], 8) == 0); 3466 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3467 3468 desiredaddr.s6_addr16[0] = htons(0xfe80); 3469 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3470 3471 if (!collision && !nohisaddr) { 3472 /* no collision, hisaddr known - Conf-Ack */ 3473 type = CONF_ACK; 3474 3475 if (debug) { 3476 log(-1, " %s [%s]", 3477 ip6_sprintf(&desiredaddr), 3478 sppp_cp_type_name(type)); 3479 } 3480 continue; 3481 } 3482 3483 bzero(&suggestaddr, sizeof(&suggestaddr)); 3484 if (collision && nohisaddr) { 3485 /* collision, hisaddr unknown - Conf-Rej */ 3486 type = CONF_REJ; 3487 bzero(&p[2], 8); 3488 } else { 3489 /* 3490 * - no collision, hisaddr unknown, or 3491 * - collision, hisaddr known 3492 * Conf-Nak, suggest hisaddr 3493 */ 3494 type = CONF_NAK; 3495 sppp_suggest_ip6_addr(sp, &suggestaddr); 3496 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3497 } 3498 if (debug) 3499 log(-1, " %s [%s]", ip6_sprintf(&desiredaddr), 3500 sppp_cp_type_name(type)); 3501 break; 3502 } 3503 /* Add the option to nak'ed list. */ 3504 bcopy (p, r, p[1]); 3505 r += p[1]; 3506 rlen += p[1]; 3507 } 3508 3509 if (rlen == 0 && type == CONF_ACK) { 3510 if (debug) 3511 log(-1, " send %s\n", sppp_cp_type_name(type)); 3512 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3513 } else { 3514#ifdef DIAGNOSTIC 3515 if (type == CONF_ACK) 3516 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3517#endif 3518 3519 if (debug) { 3520 log(-1, " send %s suggest %s\n", 3521 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3522 } 3523 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3524 } 3525 3526 end: 3527 free (buf, M_TEMP); 3528 return (rlen == 0); 3529} 3530 3531/* 3532 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3533 * negotiation. 3534 */ 3535static void 3536sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3537{ 3538 u_char *buf, *p; 3539 struct ifnet *ifp = &sp->pp_if; 3540 int debug = ifp->if_flags & IFF_DEBUG; 3541 3542 len -= 4; 3543 buf = malloc (len, M_TEMP, M_NOWAIT); 3544 if (!buf) 3545 return; 3546 3547 if (debug) 3548 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3549 SPP_ARGS(ifp)); 3550 3551 p = (void*) (h+1); 3552 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3553 if (debug) 3554 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3555 switch (*p) { 3556 case IPV6CP_OPT_IFID: 3557 /* 3558 * Peer doesn't grok address option. This is 3559 * bad. XXX Should we better give up here? 3560 */ 3561 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3562 break; 3563#ifdef notyet 3564 case IPV6CP_OPT_COMPRESS: 3565 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3566 break; 3567#endif 3568 } 3569 } 3570 if (debug) 3571 log(-1, "\n"); 3572 free (buf, M_TEMP); 3573 return; 3574} 3575 3576/* 3577 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3578 * negotiation. 3579 */ 3580static void 3581sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3582{ 3583 u_char *buf, *p; 3584 struct ifnet *ifp = &sp->pp_if; 3585 int debug = ifp->if_flags & IFF_DEBUG; 3586 struct in6_addr suggestaddr; 3587 3588 len -= 4; 3589 buf = malloc (len, M_TEMP, M_NOWAIT); 3590 if (!buf) 3591 return; 3592 3593 if (debug) 3594 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3595 SPP_ARGS(ifp)); 3596 3597 p = (void*) (h+1); 3598 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3599 if (debug) 3600 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3601 switch (*p) { 3602 case IPV6CP_OPT_IFID: 3603 /* 3604 * Peer doesn't like our local ifid. See 3605 * if we can do something for him. We'll drop 3606 * him our address then. 3607 */ 3608 if (len < 10 || p[1] != 10) 3609 break; 3610 bzero(&suggestaddr, sizeof(suggestaddr)); 3611 suggestaddr.s6_addr16[0] = htons(0xfe80); 3612 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3613 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3614 3615 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3616 if (debug) 3617 log(-1, " [suggestaddr %s]", 3618 ip6_sprintf(&suggestaddr)); 3619#ifdef IPV6CP_MYIFID_DYN 3620 /* 3621 * When doing dynamic address assignment, 3622 * we accept his offer. 3623 */ 3624 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3625 struct in6_addr lastsuggest; 3626 /* 3627 * If <suggested myaddr from peer> equals to 3628 * <hisaddr we have suggested last time>, 3629 * we have a collision. generate new random 3630 * ifid. 3631 */ 3632 sppp_suggest_ip6_addr(&lastsuggest); 3633 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3634 lastsuggest)) { 3635 if (debug) 3636 log(-1, " [random]"); 3637 sppp_gen_ip6_addr(sp, &suggestaddr); 3638 } 3639 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3640 if (debug) 3641 log(-1, " [agree]"); 3642 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3643 } 3644#else 3645 /* 3646 * Since we do not do dynamic address assignment, 3647 * we ignore it and thus continue to negotiate 3648 * our already existing value. This can possibly 3649 * go into infinite request-reject loop. 3650 * 3651 * This is not likely because we normally use 3652 * ifid based on MAC-address. 3653 * If you have no ethernet card on the node, too bad. 3654 * XXX should we use fail_counter? 3655 */ 3656#endif 3657 break; 3658#ifdef notyet 3659 case IPV6CP_OPT_COMPRESS: 3660 /* 3661 * Peer wants different compression parameters. 3662 */ 3663 break; 3664#endif 3665 } 3666 } 3667 if (debug) 3668 log(-1, "\n"); 3669 free (buf, M_TEMP); 3670 return; 3671} 3672static void 3673sppp_ipv6cp_tlu(struct sppp *sp) 3674{ 3675 /* we are up - notify isdn daemon */ 3676 if (sp->pp_con) 3677 sp->pp_con(sp); 3678} 3679 3680static void 3681sppp_ipv6cp_tld(struct sppp *sp) 3682{ 3683} 3684 3685static void 3686sppp_ipv6cp_tls(struct sppp *sp) 3687{ 3688 /* indicate to LCP that it must stay alive */ 3689 sp->lcp.protos |= (1 << IDX_IPV6CP); 3690} 3691 3692static void 3693sppp_ipv6cp_tlf(struct sppp *sp) 3694{ 3695 3696#if 0 /* need #if 0 to close IPv6CP properly */ 3697 /* we no longer need LCP */ 3698 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3699 sppp_lcp_check_and_close(sp); 3700#endif 3701} 3702 3703static void 3704sppp_ipv6cp_scr(struct sppp *sp) 3705{ 3706 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3707 struct in6_addr ouraddr; 3708 int i = 0; 3709 3710 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3711 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3712 opt[i++] = IPV6CP_OPT_IFID; 3713 opt[i++] = 10; 3714 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3715 i += 8; 3716 } 3717 3718#ifdef notyet 3719 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3720 opt[i++] = IPV6CP_OPT_COMPRESSION; 3721 opt[i++] = 4; 3722 opt[i++] = 0; /* TBD */ 3723 opt[i++] = 0; /* TBD */ 3724 /* variable length data may follow */ 3725 } 3726#endif 3727 3728 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3729 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3730} 3731#else /*INET6*/ 3732static void sppp_ipv6cp_init(struct sppp *sp) 3733{ 3734} 3735 3736static void sppp_ipv6cp_up(struct sppp *sp) 3737{ 3738} 3739 3740static void sppp_ipv6cp_down(struct sppp *sp) 3741{ 3742} 3743 3744 3745static void sppp_ipv6cp_open(struct sppp *sp) 3746{ 3747} 3748 3749static void sppp_ipv6cp_close(struct sppp *sp) 3750{ 3751} 3752 3753static void sppp_ipv6cp_TO(void *sp) 3754{ 3755} 3756 3757static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3758{ 3759 return 0; 3760} 3761 3762static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3763{ 3764} 3765 3766static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3767{ 3768} 3769 3770static void sppp_ipv6cp_tlu(struct sppp *sp) 3771{ 3772} 3773 3774static void sppp_ipv6cp_tld(struct sppp *sp) 3775{ 3776} 3777 3778static void sppp_ipv6cp_tls(struct sppp *sp) 3779{ 3780} 3781 3782static void sppp_ipv6cp_tlf(struct sppp *sp) 3783{ 3784} 3785 3786static void sppp_ipv6cp_scr(struct sppp *sp) 3787{ 3788} 3789#endif /*INET6*/ 3790 3791/* 3792 *--------------------------------------------------------------------------* 3793 * * 3794 * The CHAP implementation. * 3795 * * 3796 *--------------------------------------------------------------------------* 3797 */ 3798 3799/* 3800 * The authentication protocols don't employ a full-fledged state machine as 3801 * the control protocols do, since they do have Open and Close events, but 3802 * not Up and Down, nor are they explicitly terminated. Also, use of the 3803 * authentication protocols may be different in both directions (this makes 3804 * sense, think of a machine that never accepts incoming calls but only 3805 * calls out, it doesn't require the called party to authenticate itself). 3806 * 3807 * Our state machine for the local authentication protocol (we are requesting 3808 * the peer to authenticate) looks like: 3809 * 3810 * RCA- 3811 * +--------------------------------------------+ 3812 * V scn,tld| 3813 * +--------+ Close +---------+ RCA+ 3814 * | |<----------------------------------| |------+ 3815 * +--->| Closed | TO* | Opened | sca | 3816 * | | |-----+ +-------| |<-----+ 3817 * | +--------+ irc | | +---------+ 3818 * | ^ | | ^ 3819 * | | | | | 3820 * | | | | | 3821 * | TO-| | | | 3822 * | |tld TO+ V | | 3823 * | | +------->+ | | 3824 * | | | | | | 3825 * | +--------+ V | | 3826 * | | |<----+<--------------------+ | 3827 * | | Req- | scr | 3828 * | | Sent | | 3829 * | | | | 3830 * | +--------+ | 3831 * | RCA- | | RCA+ | 3832 * +------+ +------------------------------------------+ 3833 * scn,tld sca,irc,ict,tlu 3834 * 3835 * 3836 * with: 3837 * 3838 * Open: LCP reached authentication phase 3839 * Close: LCP reached terminate phase 3840 * 3841 * RCA+: received reply (pap-req, chap-response), acceptable 3842 * RCN: received reply (pap-req, chap-response), not acceptable 3843 * TO+: timeout with restart counter >= 0 3844 * TO-: timeout with restart counter < 0 3845 * TO*: reschedule timeout for CHAP 3846 * 3847 * scr: send request packet (none for PAP, chap-challenge) 3848 * sca: send ack packet (pap-ack, chap-success) 3849 * scn: send nak packet (pap-nak, chap-failure) 3850 * ict: initialize re-challenge timer (CHAP only) 3851 * 3852 * tlu: this-layer-up, LCP reaches network phase 3853 * tld: this-layer-down, LCP enters terminate phase 3854 * 3855 * Note that in CHAP mode, after sending a new challenge, while the state 3856 * automaton falls back into Req-Sent state, it doesn't signal a tld 3857 * event to LCP, so LCP remains in network phase. Only after not getting 3858 * any response (or after getting an unacceptable response), CHAP closes, 3859 * causing LCP to enter terminate phase. 3860 * 3861 * With PAP, there is no initial request that can be sent. The peer is 3862 * expected to send one based on the successful negotiation of PAP as 3863 * the authentication protocol during the LCP option negotiation. 3864 * 3865 * Incoming authentication protocol requests (remote requests 3866 * authentication, we are peer) don't employ a state machine at all, 3867 * they are simply answered. Some peers [Ascend P50 firmware rev 3868 * 4.50] react allergically when sending IPCP requests while they are 3869 * still in authentication phase (thereby violating the standard that 3870 * demands that these NCP packets are to be discarded), so we keep 3871 * track of the peer demanding us to authenticate, and only proceed to 3872 * phase network once we've seen a positive acknowledge for the 3873 * authentication. 3874 */ 3875 3876/* 3877 * Handle incoming CHAP packets. 3878 */ 3879void 3880sppp_chap_input(struct sppp *sp, struct mbuf *m) 3881{ 3882 STDDCL; 3883 struct lcp_header *h; 3884 int len, x; 3885 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3886 int value_len, name_len; 3887 MD5_CTX ctx; 3888 3889 len = m->m_pkthdr.len; 3890 if (len < 4) { 3891 if (debug) 3892 log(LOG_DEBUG, 3893 SPP_FMT "chap invalid packet length: %d bytes\n", 3894 SPP_ARGS(ifp), len); 3895 return; 3896 } 3897 h = mtod (m, struct lcp_header*); 3898 if (len > ntohs (h->len)) 3899 len = ntohs (h->len); 3900 3901 switch (h->type) { 3902 /* challenge, failure and success are his authproto */ 3903 case CHAP_CHALLENGE: 3904 value = 1 + (u_char*)(h+1); 3905 value_len = value[-1]; 3906 name = value + value_len; 3907 name_len = len - value_len - 5; 3908 if (name_len < 0) { 3909 if (debug) { 3910 log(LOG_DEBUG, 3911 SPP_FMT "chap corrupted challenge " 3912 "<%s id=0x%x len=%d", 3913 SPP_ARGS(ifp), 3914 sppp_auth_type_name(PPP_CHAP, h->type), 3915 h->ident, ntohs(h->len)); 3916 sppp_print_bytes((u_char*) (h+1), len-4); 3917 log(-1, ">\n"); 3918 } 3919 break; 3920 } 3921 3922 if (debug) { 3923 log(LOG_DEBUG, 3924 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3925 SPP_ARGS(ifp), 3926 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3927 ntohs(h->len)); 3928 sppp_print_string((char*) name, name_len); 3929 log(-1, " value-size=%d value=", value_len); 3930 sppp_print_bytes(value, value_len); 3931 log(-1, ">\n"); 3932 } 3933 3934 /* Compute reply value. */ 3935 MD5Init(&ctx); 3936 MD5Update(&ctx, &h->ident, 1); 3937 MD5Update(&ctx, sp->myauth.secret, 3938 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3939 MD5Update(&ctx, value, value_len); 3940 MD5Final(digest, &ctx); 3941 dsize = sizeof digest; 3942 3943 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3944 sizeof dsize, (const char *)&dsize, 3945 sizeof digest, digest, 3946 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3947 sp->myauth.name, 3948 0); 3949 break; 3950 3951 case CHAP_SUCCESS: 3952 if (debug) { 3953 log(LOG_DEBUG, SPP_FMT "chap success", 3954 SPP_ARGS(ifp)); 3955 if (len > 4) { 3956 log(-1, ": "); 3957 sppp_print_string((char*)(h + 1), len - 4); 3958 } 3959 log(-1, "\n"); 3960 } 3961 x = splimp(); 3962 sp->pp_flags &= ~PP_NEEDAUTH; 3963 if (sp->myauth.proto == PPP_CHAP && 3964 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3965 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3966 /* 3967 * We are authenticator for CHAP but didn't 3968 * complete yet. Leave it to tlu to proceed 3969 * to network phase. 3970 */ 3971 splx(x); 3972 break; 3973 } 3974 splx(x); 3975 sppp_phase_network(sp); 3976 break; 3977 3978 case CHAP_FAILURE: 3979 if (debug) { 3980 log(LOG_INFO, SPP_FMT "chap failure", 3981 SPP_ARGS(ifp)); 3982 if (len > 4) { 3983 log(-1, ": "); 3984 sppp_print_string((char*)(h + 1), len - 4); 3985 } 3986 log(-1, "\n"); 3987 } else 3988 log(LOG_INFO, SPP_FMT "chap failure\n", 3989 SPP_ARGS(ifp)); 3990 /* await LCP shutdown by authenticator */ 3991 break; 3992 3993 /* response is my authproto */ 3994 case CHAP_RESPONSE: 3995 value = 1 + (u_char*)(h+1); 3996 value_len = value[-1]; 3997 name = value + value_len; 3998 name_len = len - value_len - 5; 3999 if (name_len < 0) { 4000 if (debug) { 4001 log(LOG_DEBUG, 4002 SPP_FMT "chap corrupted response " 4003 "<%s id=0x%x len=%d", 4004 SPP_ARGS(ifp), 4005 sppp_auth_type_name(PPP_CHAP, h->type), 4006 h->ident, ntohs(h->len)); 4007 sppp_print_bytes((u_char*)(h+1), len-4); 4008 log(-1, ">\n"); 4009 } 4010 break; 4011 } 4012 if (h->ident != sp->confid[IDX_CHAP]) { 4013 if (debug) 4014 log(LOG_DEBUG, 4015 SPP_FMT "chap dropping response for old ID " 4016 "(got %d, expected %d)\n", 4017 SPP_ARGS(ifp), 4018 h->ident, sp->confid[IDX_CHAP]); 4019 break; 4020 } 4021 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 4022 || bcmp(name, sp->hisauth.name, name_len) != 0) { 4023 log(LOG_INFO, SPP_FMT "chap response, his name ", 4024 SPP_ARGS(ifp)); 4025 sppp_print_string(name, name_len); 4026 log(-1, " != expected "); 4027 sppp_print_string(sp->hisauth.name, 4028 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 4029 log(-1, "\n"); 4030 } 4031 if (debug) { 4032 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 4033 "<%s id=0x%x len=%d name=", 4034 SPP_ARGS(ifp), 4035 sppp_state_name(sp->state[IDX_CHAP]), 4036 sppp_auth_type_name(PPP_CHAP, h->type), 4037 h->ident, ntohs (h->len)); 4038 sppp_print_string((char*)name, name_len); 4039 log(-1, " value-size=%d value=", value_len); 4040 sppp_print_bytes(value, value_len); 4041 log(-1, ">\n"); 4042 } 4043 if (value_len != AUTHKEYLEN) { 4044 if (debug) 4045 log(LOG_DEBUG, 4046 SPP_FMT "chap bad hash value length: " 4047 "%d bytes, should be %d\n", 4048 SPP_ARGS(ifp), value_len, 4049 AUTHKEYLEN); 4050 break; 4051 } 4052 4053 MD5Init(&ctx); 4054 MD5Update(&ctx, &h->ident, 1); 4055 MD5Update(&ctx, sp->hisauth.secret, 4056 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 4057 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 4058 MD5Final(digest, &ctx); 4059 4060#define FAILMSG "Failed..." 4061#define SUCCMSG "Welcome!" 4062 4063 if (value_len != sizeof digest || 4064 bcmp(digest, value, value_len) != 0) { 4065 /* action scn, tld */ 4066 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4067 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4068 0); 4069 chap.tld(sp); 4070 break; 4071 } 4072 /* action sca, perhaps tlu */ 4073 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4074 sp->state[IDX_CHAP] == STATE_OPENED) 4075 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4076 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4077 0); 4078 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4079 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4080 chap.tlu(sp); 4081 } 4082 break; 4083 4084 default: 4085 /* Unknown CHAP packet type -- ignore. */ 4086 if (debug) { 4087 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4088 "<0x%x id=0x%xh len=%d", 4089 SPP_ARGS(ifp), 4090 sppp_state_name(sp->state[IDX_CHAP]), 4091 h->type, h->ident, ntohs(h->len)); 4092 sppp_print_bytes((u_char*)(h+1), len-4); 4093 log(-1, ">\n"); 4094 } 4095 break; 4096 4097 } 4098} 4099 4100static void 4101sppp_chap_init(struct sppp *sp) 4102{ 4103 /* Chap doesn't have STATE_INITIAL at all. */ 4104 sp->state[IDX_CHAP] = STATE_CLOSED; 4105 sp->fail_counter[IDX_CHAP] = 0; 4106 sp->pp_seq[IDX_CHAP] = 0; 4107 sp->pp_rseq[IDX_CHAP] = 0; 4108#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4109 callout_handle_init(&sp->ch[IDX_CHAP]); 4110#endif 4111} 4112 4113static void 4114sppp_chap_open(struct sppp *sp) 4115{ 4116 if (sp->myauth.proto == PPP_CHAP && 4117 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4118 /* we are authenticator for CHAP, start it */ 4119 chap.scr(sp); 4120 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4121 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4122 } 4123 /* nothing to be done if we are peer, await a challenge */ 4124} 4125 4126static void 4127sppp_chap_close(struct sppp *sp) 4128{ 4129 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4130 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4131} 4132 4133static void 4134sppp_chap_TO(void *cookie) 4135{ 4136 struct sppp *sp = (struct sppp *)cookie; 4137 STDDCL; 4138 int s; 4139 4140 s = splimp(); 4141 if (debug) 4142 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4143 SPP_ARGS(ifp), 4144 sppp_state_name(sp->state[IDX_CHAP]), 4145 sp->rst_counter[IDX_CHAP]); 4146 4147 if (--sp->rst_counter[IDX_CHAP] < 0) 4148 /* TO- event */ 4149 switch (sp->state[IDX_CHAP]) { 4150 case STATE_REQ_SENT: 4151 chap.tld(sp); 4152 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4153 break; 4154 } 4155 else 4156 /* TO+ (or TO*) event */ 4157 switch (sp->state[IDX_CHAP]) { 4158 case STATE_OPENED: 4159 /* TO* event */ 4160 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4161 /* FALLTHROUGH */ 4162 case STATE_REQ_SENT: 4163 chap.scr(sp); 4164 /* sppp_cp_change_state() will restart the timer */ 4165 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4166 break; 4167 } 4168 4169 splx(s); 4170} 4171 4172static void 4173sppp_chap_tlu(struct sppp *sp) 4174{ 4175 STDDCL; 4176 int i, x; 4177 4178 i = 0; 4179 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4180 4181 /* 4182 * Some broken CHAP implementations (Conware CoNet, firmware 4183 * 4.0.?) don't want to re-authenticate their CHAP once the 4184 * initial challenge-response exchange has taken place. 4185 * Provide for an option to avoid rechallenges. 4186 */ 4187 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4188 /* 4189 * Compute the re-challenge timeout. This will yield 4190 * a number between 300 and 810 seconds. 4191 */ 4192 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4193 TIMEOUT(chap.TO, (void *)sp, i * hz, sp->ch[IDX_CHAP]); 4194 } 4195 4196 if (debug) { 4197 log(LOG_DEBUG, 4198 SPP_FMT "chap %s, ", 4199 SPP_ARGS(ifp), 4200 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4201 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4202 log(-1, "next re-challenge in %d seconds\n", i); 4203 else 4204 log(-1, "re-challenging supressed\n"); 4205 } 4206 4207 x = splimp(); 4208 /* indicate to LCP that we need to be closed down */ 4209 sp->lcp.protos |= (1 << IDX_CHAP); 4210 4211 if (sp->pp_flags & PP_NEEDAUTH) { 4212 /* 4213 * Remote is authenticator, but his auth proto didn't 4214 * complete yet. Defer the transition to network 4215 * phase. 4216 */ 4217 splx(x); 4218 return; 4219 } 4220 splx(x); 4221 4222 /* 4223 * If we are already in phase network, we are done here. This 4224 * is the case if this is a dummy tlu event after a re-challenge. 4225 */ 4226 if (sp->pp_phase != PHASE_NETWORK) 4227 sppp_phase_network(sp); 4228} 4229 4230static void 4231sppp_chap_tld(struct sppp *sp) 4232{ 4233 STDDCL; 4234 4235 if (debug) 4236 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4237 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 4238 sp->lcp.protos &= ~(1 << IDX_CHAP); 4239 4240 lcp.Close(sp); 4241} 4242 4243static void 4244sppp_chap_scr(struct sppp *sp) 4245{ 4246 u_long *ch, seed; 4247 u_char clen; 4248 4249 /* Compute random challenge. */ 4250 ch = (u_long *)sp->myauth.challenge; 4251#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4252 read_random(&seed, sizeof seed); 4253#else 4254 { 4255 struct timeval tv; 4256 microtime(&tv); 4257 seed = tv.tv_sec ^ tv.tv_usec; 4258 } 4259#endif 4260 ch[0] = seed ^ random(); 4261 ch[1] = seed ^ random(); 4262 ch[2] = seed ^ random(); 4263 ch[3] = seed ^ random(); 4264 clen = AUTHKEYLEN; 4265 4266 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4267 4268 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4269 sizeof clen, (const char *)&clen, 4270 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4271 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4272 sp->myauth.name, 4273 0); 4274} 4275 4276/* 4277 *--------------------------------------------------------------------------* 4278 * * 4279 * The PAP implementation. * 4280 * * 4281 *--------------------------------------------------------------------------* 4282 */ 4283/* 4284 * For PAP, we need to keep a little state also if we are the peer, not the 4285 * authenticator. This is since we don't get a request to authenticate, but 4286 * have to repeatedly authenticate ourself until we got a response (or the 4287 * retry counter is expired). 4288 */ 4289 4290/* 4291 * Handle incoming PAP packets. */ 4292static void 4293sppp_pap_input(struct sppp *sp, struct mbuf *m) 4294{ 4295 STDDCL; 4296 struct lcp_header *h; 4297 int len, x; 4298 u_char *name, *passwd, mlen; 4299 int name_len, passwd_len; 4300 4301 len = m->m_pkthdr.len; 4302 if (len < 5) { 4303 if (debug) 4304 log(LOG_DEBUG, 4305 SPP_FMT "pap invalid packet length: %d bytes\n", 4306 SPP_ARGS(ifp), len); 4307 return; 4308 } 4309 h = mtod (m, struct lcp_header*); 4310 if (len > ntohs (h->len)) 4311 len = ntohs (h->len); 4312 switch (h->type) { 4313 /* PAP request is my authproto */ 4314 case PAP_REQ: 4315 name = 1 + (u_char*)(h+1); 4316 name_len = name[-1]; 4317 passwd = name + name_len + 1; 4318 if (name_len > len - 6 || 4319 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4320 if (debug) { 4321 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4322 "<%s id=0x%x len=%d", 4323 SPP_ARGS(ifp), 4324 sppp_auth_type_name(PPP_PAP, h->type), 4325 h->ident, ntohs(h->len)); 4326 sppp_print_bytes((u_char*)(h+1), len-4); 4327 log(-1, ">\n"); 4328 } 4329 break; 4330 } 4331 if (debug) { 4332 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4333 "<%s id=0x%x len=%d name=", 4334 SPP_ARGS(ifp), 4335 sppp_state_name(sp->state[IDX_PAP]), 4336 sppp_auth_type_name(PPP_PAP, h->type), 4337 h->ident, ntohs(h->len)); 4338 sppp_print_string((char*)name, name_len); 4339 log(-1, " passwd="); 4340 sppp_print_string((char*)passwd, passwd_len); 4341 log(-1, ">\n"); 4342 } 4343 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4344 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4345 bcmp(name, sp->hisauth.name, name_len) != 0 || 4346 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4347 /* action scn, tld */ 4348 mlen = sizeof(FAILMSG) - 1; 4349 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4350 sizeof mlen, (const char *)&mlen, 4351 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4352 0); 4353 pap.tld(sp); 4354 break; 4355 } 4356 /* action sca, perhaps tlu */ 4357 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4358 sp->state[IDX_PAP] == STATE_OPENED) { 4359 mlen = sizeof(SUCCMSG) - 1; 4360 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4361 sizeof mlen, (const char *)&mlen, 4362 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4363 0); 4364 } 4365 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4366 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4367 pap.tlu(sp); 4368 } 4369 break; 4370 4371 /* ack and nak are his authproto */ 4372 case PAP_ACK: 4373 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4374 if (debug) { 4375 log(LOG_DEBUG, SPP_FMT "pap success", 4376 SPP_ARGS(ifp)); 4377 name_len = *((char *)h); 4378 if (len > 5 && name_len) { 4379 log(-1, ": "); 4380 sppp_print_string((char*)(h+1), name_len); 4381 } 4382 log(-1, "\n"); 4383 } 4384 x = splimp(); 4385 sp->pp_flags &= ~PP_NEEDAUTH; 4386 if (sp->myauth.proto == PPP_PAP && 4387 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4388 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4389 /* 4390 * We are authenticator for PAP but didn't 4391 * complete yet. Leave it to tlu to proceed 4392 * to network phase. 4393 */ 4394 splx(x); 4395 break; 4396 } 4397 splx(x); 4398 sppp_phase_network(sp); 4399 break; 4400 4401 case PAP_NAK: 4402 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4403 if (debug) { 4404 log(LOG_INFO, SPP_FMT "pap failure", 4405 SPP_ARGS(ifp)); 4406 name_len = *((char *)h); 4407 if (len > 5 && name_len) { 4408 log(-1, ": "); 4409 sppp_print_string((char*)(h+1), name_len); 4410 } 4411 log(-1, "\n"); 4412 } else 4413 log(LOG_INFO, SPP_FMT "pap failure\n", 4414 SPP_ARGS(ifp)); 4415 /* await LCP shutdown by authenticator */ 4416 break; 4417 4418 default: 4419 /* Unknown PAP packet type -- ignore. */ 4420 if (debug) { 4421 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4422 "<0x%x id=0x%x len=%d", 4423 SPP_ARGS(ifp), 4424 h->type, h->ident, ntohs(h->len)); 4425 sppp_print_bytes((u_char*)(h+1), len-4); 4426 log(-1, ">\n"); 4427 } 4428 break; 4429 4430 } 4431} 4432 4433static void 4434sppp_pap_init(struct sppp *sp) 4435{ 4436 /* PAP doesn't have STATE_INITIAL at all. */ 4437 sp->state[IDX_PAP] = STATE_CLOSED; 4438 sp->fail_counter[IDX_PAP] = 0; 4439 sp->pp_seq[IDX_PAP] = 0; 4440 sp->pp_rseq[IDX_PAP] = 0; 4441#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4442 callout_handle_init(&sp->ch[IDX_PAP]); 4443 callout_handle_init(&sp->pap_my_to_ch); 4444#endif 4445} 4446 4447static void 4448sppp_pap_open(struct sppp *sp) 4449{ 4450 if (sp->hisauth.proto == PPP_PAP && 4451 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4452 /* we are authenticator for PAP, start our timer */ 4453 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4454 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4455 } 4456 if (sp->myauth.proto == PPP_PAP) { 4457 /* we are peer, send a request, and start a timer */ 4458 pap.scr(sp); 4459 TIMEOUT(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout, 4460 sp->pap_my_to_ch); 4461 } 4462} 4463 4464static void 4465sppp_pap_close(struct sppp *sp) 4466{ 4467 if (sp->state[IDX_PAP] != STATE_CLOSED) 4468 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4469} 4470 4471/* 4472 * That's the timeout routine if we are authenticator. Since the 4473 * authenticator is basically passive in PAP, we can't do much here. 4474 */ 4475static void 4476sppp_pap_TO(void *cookie) 4477{ 4478 struct sppp *sp = (struct sppp *)cookie; 4479 STDDCL; 4480 int s; 4481 4482 s = splimp(); 4483 if (debug) 4484 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4485 SPP_ARGS(ifp), 4486 sppp_state_name(sp->state[IDX_PAP]), 4487 sp->rst_counter[IDX_PAP]); 4488 4489 if (--sp->rst_counter[IDX_PAP] < 0) 4490 /* TO- event */ 4491 switch (sp->state[IDX_PAP]) { 4492 case STATE_REQ_SENT: 4493 pap.tld(sp); 4494 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4495 break; 4496 } 4497 else 4498 /* TO+ event, not very much we could do */ 4499 switch (sp->state[IDX_PAP]) { 4500 case STATE_REQ_SENT: 4501 /* sppp_cp_change_state() will restart the timer */ 4502 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4503 break; 4504 } 4505 4506 splx(s); 4507} 4508 4509/* 4510 * That's the timeout handler if we are peer. Since the peer is active, 4511 * we need to retransmit our PAP request since it is apparently lost. 4512 * XXX We should impose a max counter. 4513 */ 4514static void 4515sppp_pap_my_TO(void *cookie) 4516{ 4517 struct sppp *sp = (struct sppp *)cookie; 4518 STDDCL; 4519 4520 if (debug) 4521 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4522 SPP_ARGS(ifp)); 4523 4524 pap.scr(sp); 4525} 4526 4527static void 4528sppp_pap_tlu(struct sppp *sp) 4529{ 4530 STDDCL; 4531 int x; 4532 4533 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4534 4535 if (debug) 4536 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4537 SPP_ARGS(ifp), pap.name); 4538 4539 x = splimp(); 4540 /* indicate to LCP that we need to be closed down */ 4541 sp->lcp.protos |= (1 << IDX_PAP); 4542 4543 if (sp->pp_flags & PP_NEEDAUTH) { 4544 /* 4545 * Remote is authenticator, but his auth proto didn't 4546 * complete yet. Defer the transition to network 4547 * phase. 4548 */ 4549 splx(x); 4550 return; 4551 } 4552 splx(x); 4553 sppp_phase_network(sp); 4554} 4555 4556static void 4557sppp_pap_tld(struct sppp *sp) 4558{ 4559 STDDCL; 4560 4561 if (debug) 4562 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4563 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 4564 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4565 sp->lcp.protos &= ~(1 << IDX_PAP); 4566 4567 lcp.Close(sp); 4568} 4569 4570static void 4571sppp_pap_scr(struct sppp *sp) 4572{ 4573 u_char idlen, pwdlen; 4574 4575 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4576 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4577 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4578 4579 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4580 sizeof idlen, (const char *)&idlen, 4581 (size_t)idlen, sp->myauth.name, 4582 sizeof pwdlen, (const char *)&pwdlen, 4583 (size_t)pwdlen, sp->myauth.secret, 4584 0); 4585} 4586 4587/* 4588 * Random miscellaneous functions. 4589 */ 4590 4591/* 4592 * Send a PAP or CHAP proto packet. 4593 * 4594 * Varadic function, each of the elements for the ellipsis is of type 4595 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4596 * mlen == 0. 4597 * NOTE: never declare variadic functions with types subject to type 4598 * promotion (i.e. u_char). This is asking for big trouble depending 4599 * on the architecture you are on... 4600 */ 4601 4602static void 4603sppp_auth_send(const struct cp *cp, struct sppp *sp, 4604 unsigned int type, unsigned int id, 4605 ...) 4606{ 4607 STDDCL; 4608 struct ppp_header *h; 4609 struct lcp_header *lh; 4610 struct mbuf *m; 4611 u_char *p; 4612 int len; 4613 unsigned int mlen; 4614 const char *msg; 4615 va_list ap; 4616 4617 MGETHDR (m, M_DONTWAIT, MT_DATA); 4618 if (! m) 4619 return; 4620 m->m_pkthdr.rcvif = 0; 4621 4622 h = mtod (m, struct ppp_header*); 4623 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4624 h->control = PPP_UI; /* Unnumbered Info */ 4625 h->protocol = htons(cp->proto); 4626 4627 lh = (struct lcp_header*)(h + 1); 4628 lh->type = type; 4629 lh->ident = id; 4630 p = (u_char*) (lh+1); 4631 4632 va_start(ap, id); 4633 len = 0; 4634 4635 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4636 msg = va_arg(ap, const char *); 4637 len += mlen; 4638 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4639 va_end(ap); 4640 m_freem(m); 4641 return; 4642 } 4643 4644 bcopy(msg, p, mlen); 4645 p += mlen; 4646 } 4647 va_end(ap); 4648 4649 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4650 lh->len = htons (LCP_HEADER_LEN + len); 4651 4652 if (debug) { 4653 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4654 SPP_ARGS(ifp), cp->name, 4655 sppp_auth_type_name(cp->proto, lh->type), 4656 lh->ident, ntohs(lh->len)); 4657 sppp_print_bytes((u_char*) (lh+1), len); 4658 log(-1, ">\n"); 4659 } 4660 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 4661 ifp->if_oerrors++; 4662} 4663 4664/* 4665 * Flush interface queue. 4666 */ 4667static void 4668sppp_qflush(struct ifqueue *ifq) 4669{ 4670 struct mbuf *m, *n; 4671 4672 n = ifq->ifq_head; 4673 while ((m = n)) { 4674 n = m->m_act; 4675 m_freem (m); 4676 } 4677 ifq->ifq_head = 0; 4678 ifq->ifq_tail = 0; 4679 ifq->ifq_len = 0; 4680} 4681 4682/* 4683 * Send keepalive packets, every 10 seconds. 4684 */ 4685static void 4686sppp_keepalive(void *dummy) 4687{ 4688 struct sppp *sp; 4689 int s; 4690 4691 s = splimp(); 4692 for (sp=spppq; sp; sp=sp->pp_next) { 4693 struct ifnet *ifp = &sp->pp_if; 4694 4695 /* Keepalive mode disabled or channel down? */ 4696 if (! (sp->pp_flags & PP_KEEPALIVE) || 4697 ! (ifp->if_flags & IFF_RUNNING)) 4698 continue; 4699 4700 /* No keepalive in PPP mode if LCP not opened yet. */ 4701 if (sp->pp_mode != IFF_CISCO && 4702 sp->pp_phase < PHASE_AUTHENTICATE) 4703 continue; 4704 4705 if (sp->pp_alivecnt == MAXALIVECNT) { 4706 /* No keepalive packets got. Stop the interface. */ 4707 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4708 if_down (ifp); 4709 sppp_qflush (&sp->pp_cpq); 4710 if (sp->pp_mode != IFF_CISCO) { 4711 /* XXX */ 4712 /* Shut down the PPP link. */ 4713 lcp.Down(sp); 4714 /* Initiate negotiation. XXX */ 4715 lcp.Up(sp); 4716 } 4717 } 4718 if (sp->pp_alivecnt <= MAXALIVECNT) 4719 ++sp->pp_alivecnt; 4720 if (sp->pp_mode == IFF_CISCO) 4721 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4722 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4723 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4724 long nmagic = htonl (sp->lcp.magic); 4725 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4726 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4727 sp->lcp.echoid, 4, &nmagic); 4728 } 4729 } 4730 splx(s); 4731 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 4732} 4733 4734/* 4735 * Get both IP addresses. 4736 */ 4737static void 4738sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4739{ 4740 struct ifnet *ifp = &sp->pp_if; 4741 struct ifaddr *ifa; 4742 struct sockaddr_in *si, *sm; 4743 u_long ssrc, ddst; 4744 4745 sm = NULL; 4746 ssrc = ddst = 0L; 4747 /* 4748 * Pick the first AF_INET address from the list, 4749 * aliases don't make any sense on a p2p link anyway. 4750 */ 4751 si = 0; 4752#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4753 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4754#elif defined(__NetBSD__) || defined (__OpenBSD__) 4755 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4756 ifa; 4757 ifa = TAILQ_NEXT(ifa, ifa_list)) 4758#else 4759 for (ifa = ifp->if_addrlist; 4760 ifa; 4761 ifa = ifa->ifa_next) 4762#endif 4763 if (ifa->ifa_addr->sa_family == AF_INET) { 4764 si = (struct sockaddr_in *)ifa->ifa_addr; 4765 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4766 if (si) 4767 break; 4768 } 4769 if (ifa) { 4770 if (si && si->sin_addr.s_addr) { 4771 ssrc = si->sin_addr.s_addr; 4772 if (srcmask) 4773 *srcmask = ntohl(sm->sin_addr.s_addr); 4774 } 4775 4776 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4777 if (si && si->sin_addr.s_addr) 4778 ddst = si->sin_addr.s_addr; 4779 } 4780 4781 if (dst) *dst = ntohl(ddst); 4782 if (src) *src = ntohl(ssrc); 4783} 4784 4785/* 4786 * Set my IP address. Must be called at splimp. 4787 */ 4788static void 4789sppp_set_ip_addr(struct sppp *sp, u_long src) 4790{ 4791 STDDCL; 4792 struct ifaddr *ifa; 4793 struct sockaddr_in *si; 4794 struct in_ifaddr *ia; 4795 4796 /* 4797 * Pick the first AF_INET address from the list, 4798 * aliases don't make any sense on a p2p link anyway. 4799 */ 4800 si = 0; 4801#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4802 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4803#elif defined(__NetBSD__) || defined (__OpenBSD__) 4804 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4805 ifa; 4806 ifa = TAILQ_NEXT(ifa, ifa_list)) 4807#else 4808 for (ifa = ifp->if_addrlist; 4809 ifa; 4810 ifa = ifa->ifa_next) 4811#endif 4812 { 4813 if (ifa->ifa_addr->sa_family == AF_INET) 4814 { 4815 si = (struct sockaddr_in *)ifa->ifa_addr; 4816 if (si) 4817 break; 4818 } 4819 } 4820 4821 if (ifa && si) 4822 { 4823 int error; 4824#if __NetBSD_Version__ >= 103080000 4825 struct sockaddr_in new_sin = *si; 4826 4827 new_sin.sin_addr.s_addr = htonl(src); 4828 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4829 if(debug && error) 4830 { 4831 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4832 " failed, error=%d\n", SPP_ARGS(ifp), error); 4833 } 4834#else 4835 /* delete old route */ 4836 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4837 if(debug && error) 4838 { 4839 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4840 SPP_ARGS(ifp), error); 4841 } 4842 4843 /* set new address */ 4844 si->sin_addr.s_addr = htonl(src); 4845 ia = ifatoia(ifa); 4846 LIST_REMOVE(ia, ia_hash); 4847 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4848 4849 /* add new route */ 4850 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4851 if (debug && error) 4852 { 4853 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4854 SPP_ARGS(ifp), error); 4855 } 4856#endif 4857 } 4858} 4859 4860#ifdef INET6 4861/* 4862 * Get both IPv6 addresses. 4863 */ 4864static void 4865sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4866 struct in6_addr *srcmask) 4867{ 4868 struct ifnet *ifp = &sp->pp_if; 4869 struct ifaddr *ifa; 4870 struct sockaddr_in6 *si, *sm; 4871 struct in6_addr ssrc, ddst; 4872 4873 sm = NULL; 4874 bzero(&ssrc, sizeof(ssrc)); 4875 bzero(&ddst, sizeof(ddst)); 4876 /* 4877 * Pick the first link-local AF_INET6 address from the list, 4878 * aliases don't make any sense on a p2p link anyway. 4879 */ 4880#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4881 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 4882 ifa; 4883 ifa = ifa->ifa_link.tqe_next) 4884#elif defined(__NetBSD__) || defined (__OpenBSD__) 4885 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 4886 ifa; 4887 ifa = ifa->ifa_list.tqe_next) 4888#else 4889 for (ifa = ifp->if_addrlist, si = 0; 4890 ifa; 4891 ifa = ifa->ifa_next) 4892#endif 4893 if (ifa->ifa_addr->sa_family == AF_INET6) { 4894 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4895 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4896 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4897 break; 4898 } 4899 if (ifa) { 4900 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4901 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4902 if (srcmask) { 4903 bcopy(&sm->sin6_addr, srcmask, 4904 sizeof(*srcmask)); 4905 } 4906 } 4907 4908 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4909 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4910 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4911 } 4912 4913 if (dst) 4914 bcopy(&ddst, dst, sizeof(*dst)); 4915 if (src) 4916 bcopy(&ssrc, src, sizeof(*src)); 4917} 4918 4919#ifdef IPV6CP_MYIFID_DYN 4920/* 4921 * Generate random ifid. 4922 */ 4923static void 4924sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4925{ 4926 /* TBD */ 4927} 4928 4929/* 4930 * Set my IPv6 address. Must be called at splimp. 4931 */ 4932static void 4933sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4934{ 4935 STDDCL; 4936 struct ifaddr *ifa; 4937 struct sockaddr_in6 *sin6; 4938 4939 /* 4940 * Pick the first link-local AF_INET6 address from the list, 4941 * aliases don't make any sense on a p2p link anyway. 4942 */ 4943 4944 sin6 = NULL; 4945#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4946 for (ifa = ifp->if_addrhead.tqh_first; 4947 ifa; 4948 ifa = ifa->ifa_link.tqe_next) 4949#elif defined(__NetBSD__) || defined (__OpenBSD__) 4950 for (ifa = ifp->if_addrlist.tqh_first; 4951 ifa; 4952 ifa = ifa->ifa_list.tqe_next) 4953#else 4954 for (ifa = ifp->if_addrlist; ifa; ifa = ifa->ifa_next) 4955#endif 4956 { 4957 if (ifa->ifa_addr->sa_family == AF_INET6) 4958 { 4959 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 4960 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 4961 break; 4962 } 4963 } 4964 4965 if (ifa && sin6) 4966 { 4967 int error; 4968 struct sockaddr_in6 new_sin6 = *sin6; 4969 4970 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 4971 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 4972 if (debug && error) 4973 { 4974 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 4975 " failed, error=%d\n", SPP_ARGS(ifp), error); 4976 } 4977 } 4978} 4979#endif 4980 4981/* 4982 * Suggest a candidate address to be used by peer. 4983 */ 4984static void 4985sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4986{ 4987 struct in6_addr myaddr; 4988 struct timeval tv; 4989 4990 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4991 4992 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4993 microtime(&tv); 4994 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 4995 myaddr.s6_addr[14] ^= 0xff; 4996 myaddr.s6_addr[15] ^= 0xff; 4997 } else { 4998 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 4999 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5000 } 5001 if (suggest) 5002 bcopy(&myaddr, suggest, sizeof(myaddr)); 5003} 5004#endif /*INET6*/ 5005 5006static int 5007sppp_params(struct sppp *sp, u_long cmd, void *data) 5008{ 5009 u_long subcmd; 5010 struct ifreq *ifr = (struct ifreq *)data; 5011 struct spppreq *spr; 5012 int rv = 0; 5013 5014 if ((spr = malloc(sizeof(struct spppreq), M_TEMP, M_NOWAIT)) == 0) 5015 return (EAGAIN); 5016 /* 5017 * ifr->ifr_data is supposed to point to a struct spppreq. 5018 * Check the cmd word first before attempting to fetch all the 5019 * data. 5020 */ 5021 if ((subcmd = fuword(ifr->ifr_data)) == -1) { 5022 rv = EFAULT; 5023 goto quit; 5024 } 5025 5026 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(struct spppreq)) != 0) { 5027 rv = EFAULT; 5028 goto quit; 5029 } 5030 5031 switch (subcmd) { 5032 case (int)SPPPIOGDEFS: 5033 if (cmd != SIOCGIFGENERIC) { 5034 rv = EINVAL; 5035 break; 5036 } 5037 /* 5038 * We copy over the entire current state, but clean 5039 * out some of the stuff we don't wanna pass up. 5040 * Remember, SIOCGIFGENERIC is unprotected, and can be 5041 * called by any user. No need to ever get PAP or 5042 * CHAP secrets back to userland anyway. 5043 */ 5044 spr->defs.pp_phase = sp->pp_phase; 5045 spr->defs.enable_vj = (sp->confflags & CONF_ENABLE_VJ) != 0; 5046 spr->defs.enable_ipv6 = (sp->confflags & CONF_ENABLE_IPV6) != 0; 5047 spr->defs.lcp = sp->lcp; 5048 spr->defs.ipcp = sp->ipcp; 5049 spr->defs.ipv6cp = sp->ipv6cp; 5050 spr->defs.myauth = sp->myauth; 5051 spr->defs.hisauth = sp->hisauth; 5052 bzero(spr->defs.myauth.secret, AUTHKEYLEN); 5053 bzero(spr->defs.myauth.challenge, AUTHKEYLEN); 5054 bzero(spr->defs.hisauth.secret, AUTHKEYLEN); 5055 bzero(spr->defs.hisauth.challenge, AUTHKEYLEN); 5056 /* 5057 * Fixup the LCP timeout value to milliseconds so 5058 * spppcontrol doesn't need to bother about the value 5059 * of "hz". We do the reverse calculation below when 5060 * setting it. 5061 */ 5062 spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz; 5063 rv = copyout(spr, (caddr_t)ifr->ifr_data, 5064 sizeof(struct spppreq)); 5065 break; 5066 5067 case (int)SPPPIOSDEFS: 5068 if (cmd != SIOCSIFGENERIC) { 5069 rv = EINVAL; 5070 break; 5071 } 5072 /* 5073 * We have a very specific idea of which fields we 5074 * allow being passed back from userland, so to not 5075 * clobber our current state. For one, we only allow 5076 * setting anything if LCP is in dead or establish 5077 * phase. Once the authentication negotiations 5078 * started, the authentication settings must not be 5079 * changed again. (The administrator can force an 5080 * ifconfig down in order to get LCP back into dead 5081 * phase.) 5082 * 5083 * Also, we only allow for authentication parameters to be 5084 * specified. 5085 * 5086 * XXX Should allow to set or clear pp_flags. 5087 * 5088 * Finally, if the respective authentication protocol to 5089 * be used is set differently than 0, but the secret is 5090 * passed as all zeros, we don't trash the existing secret. 5091 * This allows an administrator to change the system name 5092 * only without clobbering the secret (which he didn't get 5093 * back in a previous SPPPIOGDEFS call). However, the 5094 * secrets are cleared if the authentication protocol is 5095 * reset to 0. */ 5096 if (sp->pp_phase != PHASE_DEAD && 5097 sp->pp_phase != PHASE_ESTABLISH) { 5098 rv = EBUSY; 5099 break; 5100 } 5101 5102 if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP && 5103 spr->defs.myauth.proto != PPP_CHAP) || 5104 (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP && 5105 spr->defs.hisauth.proto != PPP_CHAP)) { 5106 rv = EINVAL; 5107 break; 5108 } 5109 5110 if (spr->defs.myauth.proto == 0) 5111 /* resetting myauth */ 5112 bzero(&sp->myauth, sizeof sp->myauth); 5113 else { 5114 /* setting/changing myauth */ 5115 sp->myauth.proto = spr->defs.myauth.proto; 5116 bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 5117 if (spr->defs.myauth.secret[0] != '\0') 5118 bcopy(spr->defs.myauth.secret, sp->myauth.secret, 5119 AUTHKEYLEN); 5120 } 5121 if (spr->defs.hisauth.proto == 0) 5122 /* resetting hisauth */ 5123 bzero(&sp->hisauth, sizeof sp->hisauth); 5124 else { 5125 /* setting/changing hisauth */ 5126 sp->hisauth.proto = spr->defs.hisauth.proto; 5127 sp->hisauth.flags = spr->defs.hisauth.flags; 5128 bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5129 if (spr->defs.hisauth.secret[0] != '\0') 5130 bcopy(spr->defs.hisauth.secret, sp->hisauth.secret, 5131 AUTHKEYLEN); 5132 } 5133 /* set LCP restart timer timeout */ 5134 if (spr->defs.lcp.timeout != 0) 5135 sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000; 5136 /* set VJ enable and IPv6 disable flags */ 5137#ifdef INET 5138 if (spr->defs.enable_vj) 5139 sp->confflags |= CONF_ENABLE_VJ; 5140 else 5141 sp->confflags &= ~CONF_ENABLE_VJ; 5142#endif 5143#ifdef INET6 5144 if (spr->defs.enable_ipv6) 5145 sp->confflags |= CONF_ENABLE_IPV6; 5146 else 5147 sp->confflags &= ~CONF_ENABLE_IPV6; 5148#endif 5149 break; 5150 5151 default: 5152 rv = EINVAL; 5153 } 5154 5155 quit: 5156 free(spr, M_TEMP); 5157 5158 return (rv); 5159} 5160 5161static void 5162sppp_phase_network(struct sppp *sp) 5163{ 5164 STDDCL; 5165 int i; 5166 u_long mask; 5167 5168 sp->pp_phase = PHASE_NETWORK; 5169 5170 if (debug) 5171 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5172 sppp_phase_name(sp->pp_phase)); 5173 5174 /* Notify NCPs now. */ 5175 for (i = 0; i < IDX_COUNT; i++) 5176 if ((cps[i])->flags & CP_NCP) 5177 (cps[i])->Open(sp); 5178 5179 /* Send Up events to all NCPs. */ 5180 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5181 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5182 (cps[i])->Up(sp); 5183 5184 /* if no NCP is starting, all this was in vain, close down */ 5185 sppp_lcp_check_and_close(sp); 5186} 5187 5188 5189static const char * 5190sppp_cp_type_name(u_char type) 5191{ 5192 static char buf[12]; 5193 switch (type) { 5194 case CONF_REQ: return "conf-req"; 5195 case CONF_ACK: return "conf-ack"; 5196 case CONF_NAK: return "conf-nak"; 5197 case CONF_REJ: return "conf-rej"; 5198 case TERM_REQ: return "term-req"; 5199 case TERM_ACK: return "term-ack"; 5200 case CODE_REJ: return "code-rej"; 5201 case PROTO_REJ: return "proto-rej"; 5202 case ECHO_REQ: return "echo-req"; 5203 case ECHO_REPLY: return "echo-reply"; 5204 case DISC_REQ: return "discard-req"; 5205 } 5206 snprintf (buf, sizeof(buf), "cp/0x%x", type); 5207 return buf; 5208} 5209 5210static const char * 5211sppp_auth_type_name(u_short proto, u_char type) 5212{ 5213 static char buf[12]; 5214 switch (proto) { 5215 case PPP_CHAP: 5216 switch (type) { 5217 case CHAP_CHALLENGE: return "challenge"; 5218 case CHAP_RESPONSE: return "response"; 5219 case CHAP_SUCCESS: return "success"; 5220 case CHAP_FAILURE: return "failure"; 5221 } 5222 case PPP_PAP: 5223 switch (type) { 5224 case PAP_REQ: return "req"; 5225 case PAP_ACK: return "ack"; 5226 case PAP_NAK: return "nak"; 5227 } 5228 } 5229 snprintf (buf, sizeof(buf), "auth/0x%x", type); 5230 return buf; 5231} 5232 5233static const char * 5234sppp_lcp_opt_name(u_char opt) 5235{ 5236 static char buf[12]; 5237 switch (opt) { 5238 case LCP_OPT_MRU: return "mru"; 5239 case LCP_OPT_ASYNC_MAP: return "async-map"; 5240 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5241 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5242 case LCP_OPT_MAGIC: return "magic"; 5243 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5244 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5245 } 5246 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 5247 return buf; 5248} 5249 5250static const char * 5251sppp_ipcp_opt_name(u_char opt) 5252{ 5253 static char buf[12]; 5254 switch (opt) { 5255 case IPCP_OPT_ADDRESSES: return "addresses"; 5256 case IPCP_OPT_COMPRESSION: return "compression"; 5257 case IPCP_OPT_ADDRESS: return "address"; 5258 } 5259 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 5260 return buf; 5261} 5262 5263#ifdef INET6 5264static const char * 5265sppp_ipv6cp_opt_name(u_char opt) 5266{ 5267 static char buf[12]; 5268 switch (opt) { 5269 case IPV6CP_OPT_IFID: return "ifid"; 5270 case IPV6CP_OPT_COMPRESSION: return "compression"; 5271 } 5272 sprintf (buf, "0x%x", opt); 5273 return buf; 5274} 5275#endif 5276 5277static const char * 5278sppp_state_name(int state) 5279{ 5280 switch (state) { 5281 case STATE_INITIAL: return "initial"; 5282 case STATE_STARTING: return "starting"; 5283 case STATE_CLOSED: return "closed"; 5284 case STATE_STOPPED: return "stopped"; 5285 case STATE_CLOSING: return "closing"; 5286 case STATE_STOPPING: return "stopping"; 5287 case STATE_REQ_SENT: return "req-sent"; 5288 case STATE_ACK_RCVD: return "ack-rcvd"; 5289 case STATE_ACK_SENT: return "ack-sent"; 5290 case STATE_OPENED: return "opened"; 5291 } 5292 return "illegal"; 5293} 5294 5295static const char * 5296sppp_phase_name(enum ppp_phase phase) 5297{ 5298 switch (phase) { 5299 case PHASE_DEAD: return "dead"; 5300 case PHASE_ESTABLISH: return "establish"; 5301 case PHASE_TERMINATE: return "terminate"; 5302 case PHASE_AUTHENTICATE: return "authenticate"; 5303 case PHASE_NETWORK: return "network"; 5304 } 5305 return "illegal"; 5306} 5307 5308static const char * 5309sppp_proto_name(u_short proto) 5310{ 5311 static char buf[12]; 5312 switch (proto) { 5313 case PPP_LCP: return "lcp"; 5314 case PPP_IPCP: return "ipcp"; 5315 case PPP_PAP: return "pap"; 5316 case PPP_CHAP: return "chap"; 5317 case PPP_IPV6CP: return "ipv6cp"; 5318 } 5319 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5320 return buf; 5321} 5322 5323static void 5324sppp_print_bytes(const u_char *p, u_short len) 5325{ 5326 if (len) 5327 log(-1, " %*D", len, p, "-"); 5328} 5329 5330static void 5331sppp_print_string(const char *p, u_short len) 5332{ 5333 u_char c; 5334 5335 while (len-- > 0) { 5336 c = *p++; 5337 /* 5338 * Print only ASCII chars directly. RFC 1994 recommends 5339 * using only them, but we don't rely on it. */ 5340 if (c < ' ' || c > '~') 5341 log(-1, "\\x%x", c); 5342 else 5343 log(-1, "%c", c); 5344 } 5345} 5346 5347static const char * 5348sppp_dotted_quad(u_long addr) 5349{ 5350 static char s[16]; 5351 sprintf(s, "%d.%d.%d.%d", 5352 (int)((addr >> 24) & 0xff), 5353 (int)((addr >> 16) & 0xff), 5354 (int)((addr >> 8) & 0xff), 5355 (int)(addr & 0xff)); 5356 return s; 5357} 5358 5359static int 5360sppp_strnlen(u_char *p, int max) 5361{ 5362 int len; 5363 5364 for (len = 0; len < max && *p; ++p) 5365 ++len; 5366 return len; 5367} 5368 5369/* a dummy, used to drop uninteresting events */ 5370static void 5371sppp_null(struct sppp *unused) 5372{ 5373 /* do just nothing */ 5374} 5375