if_spppsubr.c revision 111888
117680Spst/* 217680Spst * Synchronous PPP/Cisco link level subroutines. 317680Spst * Keepalive protocol implemented in both Cisco and PPP modes. 417680Spst * 517680Spst * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 617680Spst * Author: Serge Vakulenko, <vak@cronyx.ru> 717680Spst * 817680Spst * Heavily revamped to conform to RFC 1661. 917680Spst * Copyright (C) 1997, 2001 Joerg Wunsch. 1017680Spst * 1117680Spst * This software is distributed with NO WARRANTIES, not even the implied 1217680Spst * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 1317680Spst * 1417680Spst * Authors grant any other persons or organisations permission to use 1517680Spst * or modify this software as long as this message is kept with the software, 1617680Spst * all derivative works or modified versions. 1717680Spst * 1817680Spst * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 1917680Spst * 2017680Spst * $FreeBSD: head/sys/net/if_spppsubr.c 111888 2003-03-04 23:19:55Z jlemon $ 2117680Spst */ 2217680Spst 2317680Spst#include <sys/param.h> 2417680Spst 2526183Sfenner#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2626183Sfenner#include "opt_inet.h" 2717680Spst#include "opt_inet6.h" 2817680Spst#include "opt_ipx.h" 2917680Spst#endif 3017680Spst 3117680Spst#ifdef NetBSD1_3 3217680Spst# if NetBSD1_3 > 6 3317680Spst# include "opt_inet.h" 3417680Spst# include "opt_inet6.h" 3517680Spst# include "opt_iso.h" 3617680Spst# endif 3717680Spst#endif 3817680Spst 3917680Spst#include <sys/systm.h> 4021262Swollman#include <sys/kernel.h> 4117680Spst#include <sys/module.h> 4217680Spst#include <sys/sockio.h> 4317680Spst#include <sys/socket.h> 4417680Spst#include <sys/syslog.h> 4517680Spst#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4617680Spst#include <sys/random.h> 4717680Spst#endif 4817680Spst#include <sys/malloc.h> 4917680Spst#include <sys/mbuf.h> 5017680Spst 5117680Spst#if defined (__OpenBSD__) 5217680Spst#include <sys/md5k.h> 5317680Spst#else 5417680Spst#include <sys/md5.h> 5517680Spst#endif 5617680Spst 5717680Spst#include <net/if.h> 5817680Spst#include <net/netisr.h> 5917680Spst#include <net/if_types.h> 6017680Spst#include <net/route.h> 6117680Spst#include <netinet/in.h> 6217680Spst#include <netinet/in_systm.h> 6317680Spst#include <netinet/ip.h> 6417680Spst#include <net/slcompress.h> 6517680Spst 6617680Spst#if defined (__NetBSD__) || defined (__OpenBSD__) 6717680Spst#include <machine/cpu.h> /* XXX for softnet */ 6817680Spst#endif 6917680Spst 7017680Spst#include <machine/stdarg.h> 7117680Spst 7217680Spst#include <netinet/in.h> 7317680Spst#include <netinet/in_systm.h> 7417680Spst#include <netinet/in_var.h> 7517680Spst 7617680Spst#ifdef INET 7717680Spst#include <netinet/ip.h> 7817680Spst#include <netinet/tcp.h> 7917680Spst#endif 8017680Spst 8117680Spst#if defined (__FreeBSD__) || defined (__OpenBSD__) 8217680Spst# include <netinet/if_ether.h> 8317680Spst#else 8417680Spst# include <net/ethertypes.h> 8517680Spst#endif 8617680Spst 8717680Spst#ifdef IPX 8817680Spst#include <netipx/ipx.h> 8917680Spst#include <netipx/ipx_if.h> 9017680Spst#endif 9117680Spst 9217680Spst#ifdef NS 9317680Spst#include <netns/ns.h> 9417680Spst#include <netns/ns_if.h> 9517680Spst#endif 9617680Spst 9717680Spst#include <net/if_sppp.h> 9817680Spst 9917680Spst#if defined(__FreeBSD__) && __FreeBSD__ >= 3 10017680Spst# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg, handle) 10117680Spst# define TIMEOUT(fun, arg1, arg2, handle) handle = timeout(fun, arg1, arg2) 10217680Spst# define IOCTL_CMD_T u_long 10317680Spst#else 10417680Spst# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg) 10517680Spst# define TIMEOUT(fun, arg1, arg2, handle) timeout(fun, arg1, arg2) 10617680Spst# define IOCTL_CMD_T int 10717680Spst#endif 10817680Spst 10917680Spst#define MAXALIVECNT 3 /* max. alive packets */ 11017680Spst 11117680Spst/* 11217680Spst * Interface flags that can be set in an ifconfig command. 11317680Spst * 11417680Spst * Setting link0 will make the link passive, i.e. it will be marked 11517680Spst * as being administrative openable, but won't be opened to begin 11617680Spst * with. Incoming calls will be answered, or subsequent calls with 11717680Spst * -link1 will cause the administrative open of the LCP layer. 11817680Spst * 11917680Spst * Setting link1 will cause the link to auto-dial only as packets 12017680Spst * arrive to be sent. 12117680Spst * 12217680Spst * Setting IFF_DEBUG will syslog the option negotiation and state 12317680Spst * transitions at level kern.debug. Note: all logs consistently look 12417680Spst * like 12517680Spst * 12617680Spst * <if-name><unit>: <proto-name> <additional info...> 12717680Spst * 12817680Spst * with <if-name><unit> being something like "bppp0", and <proto-name> 12917680Spst * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 13017680Spst */ 13117680Spst 13217680Spst#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 13317680Spst#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 13417680Spst#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 13517680Spst 13617680Spst#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 13717680Spst#define PPP_UI 0x03 /* Unnumbered Information */ 13817680Spst#define PPP_IP 0x0021 /* Internet Protocol */ 13917680Spst#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 14017680Spst#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 14117680Spst#define PPP_IPX 0x002b /* Novell IPX Protocol */ 14217680Spst#define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */ 14317680Spst#define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */ 14417680Spst#define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 14517680Spst#define PPP_LCP 0xc021 /* Link Control Protocol */ 14617680Spst#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 14717680Spst#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 14817680Spst#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 14917680Spst#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 15017680Spst 15117680Spst#define CONF_REQ 1 /* PPP configure request */ 15217680Spst#define CONF_ACK 2 /* PPP configure acknowledge */ 15317680Spst#define CONF_NAK 3 /* PPP configure negative ack */ 15417680Spst#define CONF_REJ 4 /* PPP configure reject */ 15517680Spst#define TERM_REQ 5 /* PPP terminate request */ 15617680Spst#define TERM_ACK 6 /* PPP terminate acknowledge */ 15717680Spst#define CODE_REJ 7 /* PPP code reject */ 15817680Spst#define PROTO_REJ 8 /* PPP protocol reject */ 15917680Spst#define ECHO_REQ 9 /* PPP echo request */ 16017680Spst#define ECHO_REPLY 10 /* PPP echo reply */ 16117680Spst#define DISC_REQ 11 /* PPP discard request */ 16217680Spst 16317680Spst#define LCP_OPT_MRU 1 /* maximum receive unit */ 16417680Spst#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 16517680Spst#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 16617680Spst#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 16726183Sfenner#define LCP_OPT_MAGIC 5 /* magic number */ 16817680Spst#define LCP_OPT_RESERVED 6 /* reserved */ 16917680Spst#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 17017680Spst#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 17117680Spst 17217680Spst#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 17317680Spst#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 17417680Spst#define IPCP_OPT_ADDRESS 3 /* local IP address */ 17517680Spst 17626183Sfenner#define IPV6CP_OPT_IFID 1 /* interface identifier */ 17726183Sfenner#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 17826183Sfenner 17926183Sfenner#define IPCP_COMP_VJ 0x2d /* Code for VJ compression */ 18017680Spst 18117680Spst#define PAP_REQ 1 /* PAP name/password request */ 18217680Spst#define PAP_ACK 2 /* PAP acknowledge */ 18317680Spst#define PAP_NAK 3 /* PAP fail */ 18417680Spst 18517680Spst#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 18626183Sfenner#define CHAP_RESPONSE 2 /* CHAP challenge response */ 18726183Sfenner#define CHAP_SUCCESS 3 /* CHAP response ok */ 18826183Sfenner#define CHAP_FAILURE 4 /* CHAP response failed */ 18926183Sfenner 19026183Sfenner#define CHAP_MD5 5 /* hash algorithm - MD5 */ 19126183Sfenner 19217680Spst#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 19317680Spst#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 19417680Spst#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 19517680Spst#define CISCO_ADDR_REQ 0 /* Cisco address request */ 19617680Spst#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 19717680Spst#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 19817680Spst 19917680Spst/* states are named and numbered according to RFC 1661 */ 20017680Spst#define STATE_INITIAL 0 20117680Spst#define STATE_STARTING 1 20217680Spst#define STATE_CLOSED 2 20317680Spst#define STATE_STOPPED 3 20417680Spst#define STATE_CLOSING 4 20517680Spst#define STATE_STOPPING 5 20617680Spst#define STATE_REQ_SENT 6 20717680Spst#define STATE_ACK_RCVD 7 20817680Spst#define STATE_ACK_SENT 8 20917680Spst#define STATE_OPENED 9 21017680Spst 21117680Spststruct ppp_header { 21217680Spst u_char address; 21317680Spst u_char control; 21417680Spst u_short protocol; 21517680Spst} __packed; 21617680Spst#define PPP_HEADER_LEN sizeof (struct ppp_header) 21717680Spst 21817680Spststruct lcp_header { 21917680Spst u_char type; 22017680Spst u_char ident; 22117680Spst u_short len; 22217680Spst} __packed; 22317680Spst#define LCP_HEADER_LEN sizeof (struct lcp_header) 22417680Spst 22517680Spststruct cisco_packet { 22617680Spst u_long type; 22717680Spst u_long par1; 22817680Spst u_long par2; 22917680Spst u_short rel; 23017680Spst u_short time0; 23117680Spst u_short time1; 23217680Spst} __packed; 23317680Spst#define CISCO_PACKET_LEN sizeof (struct cisco_packet) 23417680Spst 23517680Spst/* 23617680Spst * We follow the spelling and capitalization of RFC 1661 here, to make 23717680Spst * it easier comparing with the standard. Please refer to this RFC in 23817680Spst * case you can't make sense out of these abbreviation; it will also 23917680Spst * explain the semantics related to the various events and actions. 24017680Spst */ 24117680Spststruct cp { 24217680Spst u_short proto; /* PPP control protocol number */ 24317680Spst u_char protoidx; /* index into state table in struct sppp */ 24417680Spst u_char flags; 24517680Spst#define CP_LCP 0x01 /* this is the LCP */ 24617680Spst#define CP_AUTH 0x02 /* this is an authentication protocol */ 24717680Spst#define CP_NCP 0x04 /* this is a NCP */ 24817680Spst#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 24917680Spst const char *name; /* name of this control protocol */ 25017680Spst /* event handlers */ 25117680Spst void (*Up)(struct sppp *sp); 25217680Spst void (*Down)(struct sppp *sp); 25317680Spst void (*Open)(struct sppp *sp); 25417680Spst void (*Close)(struct sppp *sp); 25517680Spst void (*TO)(void *sp); 25617680Spst int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 25717680Spst void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 25817680Spst void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 25917680Spst /* actions */ 26017680Spst void (*tlu)(struct sppp *sp); 26117680Spst void (*tld)(struct sppp *sp); 26217680Spst void (*tls)(struct sppp *sp); 26317680Spst void (*tlf)(struct sppp *sp); 26417680Spst void (*scr)(struct sppp *sp); 26517680Spst}; 26617680Spst 26717680Spststatic struct sppp *spppq; 26817680Spst#if defined(__FreeBSD__) && __FreeBSD__ >= 3 26917680Spststatic struct callout_handle keepalive_ch; 27017680Spst#endif 27117680Spst 27217680Spst#if defined(__FreeBSD__) && __FreeBSD__ >= 3 27317680Spst#define SPP_FMT "%s%d: " 27417680Spst#define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 27517680Spst#else 27617680Spst#define SPP_FMT "%s: " 27717680Spst#define SPP_ARGS(ifp) (ifp)->if_xname 27817680Spst#endif 27917680Spst 28017680Spst#ifdef INET 28117680Spst/* 28217680Spst * The following disgusting hack gets around the problem that IP TOS 28317680Spst * can't be set yet. We want to put "interactive" traffic on a high 28417680Spst * priority queue. To decide if traffic is interactive, we check that 28517680Spst * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 28617680Spst * 28717680Spst * XXX is this really still necessary? - joerg - 28817680Spst */ 28917680Spststatic u_short interactive_ports[8] = { 29017680Spst 0, 513, 0, 0, 29117680Spst 0, 21, 0, 23, 29217680Spst}; 29317680Spst#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 29417680Spst#endif 29517680Spst 29617680Spst/* almost every function needs these */ 29717680Spst#define STDDCL \ 29817680Spst struct ifnet *ifp = &sp->pp_if; \ 29917680Spst int debug = ifp->if_flags & IFF_DEBUG 30017680Spst 30117680Spststatic int sppp_output(struct ifnet *ifp, struct mbuf *m, 30217680Spst struct sockaddr *dst, struct rtentry *rt); 30317680Spst 30417680Spststatic void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 30517680Spststatic void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 30617680Spst 30717680Spststatic void sppp_cp_input(const struct cp *cp, struct sppp *sp, 30817680Spst struct mbuf *m); 30917680Spststatic void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 31017680Spst u_char ident, u_short len, void *data); 31117680Spst/* static void sppp_cp_timeout(void *arg); */ 31217680Spststatic void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 31317680Spst int newstate); 31417680Spststatic void sppp_auth_send(const struct cp *cp, 31517680Spst struct sppp *sp, unsigned int type, unsigned int id, 31617680Spst ...); 31717680Spst 31817680Spststatic void sppp_up_event(const struct cp *cp, struct sppp *sp); 31917680Spststatic void sppp_down_event(const struct cp *cp, struct sppp *sp); 32017680Spststatic void sppp_open_event(const struct cp *cp, struct sppp *sp); 32117680Spststatic void sppp_close_event(const struct cp *cp, struct sppp *sp); 32217680Spststatic void sppp_to_event(const struct cp *cp, struct sppp *sp); 32317680Spst 32417680Spststatic void sppp_null(struct sppp *sp); 32517680Spst 32617680Spststatic void sppp_lcp_init(struct sppp *sp); 32717680Spststatic void sppp_lcp_up(struct sppp *sp); 32817680Spststatic void sppp_lcp_down(struct sppp *sp); 32917680Spststatic void sppp_lcp_open(struct sppp *sp); 33017680Spststatic void sppp_lcp_close(struct sppp *sp); 33117680Spststatic void sppp_lcp_TO(void *sp); 33217680Spststatic int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 33317680Spststatic void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 33417680Spststatic void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 33517680Spststatic void sppp_lcp_tlu(struct sppp *sp); 33617680Spststatic void sppp_lcp_tld(struct sppp *sp); 33717680Spststatic void sppp_lcp_tls(struct sppp *sp); 33817680Spststatic void sppp_lcp_tlf(struct sppp *sp); 33917680Spststatic void sppp_lcp_scr(struct sppp *sp); 34017680Spststatic void sppp_lcp_check_and_close(struct sppp *sp); 34117680Spststatic int sppp_ncp_check(struct sppp *sp); 34217680Spst 34317680Spststatic void sppp_ipcp_init(struct sppp *sp); 34417680Spststatic void sppp_ipcp_up(struct sppp *sp); 34517680Spststatic void sppp_ipcp_down(struct sppp *sp); 34617680Spststatic void sppp_ipcp_open(struct sppp *sp); 34717680Spststatic void sppp_ipcp_close(struct sppp *sp); 34817680Spststatic void sppp_ipcp_TO(void *sp); 34917680Spststatic int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 35017680Spststatic void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 35117680Spststatic void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 35217680Spststatic void sppp_ipcp_tlu(struct sppp *sp); 35317680Spststatic void sppp_ipcp_tld(struct sppp *sp); 35417680Spststatic void sppp_ipcp_tls(struct sppp *sp); 35517680Spststatic void sppp_ipcp_tlf(struct sppp *sp); 35617680Spststatic void sppp_ipcp_scr(struct sppp *sp); 35717680Spst 35817680Spststatic void sppp_ipv6cp_init(struct sppp *sp); 35917680Spststatic void sppp_ipv6cp_up(struct sppp *sp); 36017680Spststatic void sppp_ipv6cp_down(struct sppp *sp); 36117680Spststatic void sppp_ipv6cp_open(struct sppp *sp); 36217680Spststatic void sppp_ipv6cp_close(struct sppp *sp); 36317680Spststatic void sppp_ipv6cp_TO(void *sp); 36417680Spststatic int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 36517680Spststatic void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 36617680Spststatic void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 36717680Spststatic void sppp_ipv6cp_tlu(struct sppp *sp); 36817680Spststatic void sppp_ipv6cp_tld(struct sppp *sp); 36917680Spststatic void sppp_ipv6cp_tls(struct sppp *sp); 37017680Spststatic void sppp_ipv6cp_tlf(struct sppp *sp); 37117680Spststatic void sppp_ipv6cp_scr(struct sppp *sp); 37217680Spst 37317680Spststatic void sppp_pap_input(struct sppp *sp, struct mbuf *m); 37417680Spststatic void sppp_pap_init(struct sppp *sp); 37517680Spststatic void sppp_pap_open(struct sppp *sp); 37617680Spststatic void sppp_pap_close(struct sppp *sp); 37717680Spststatic void sppp_pap_TO(void *sp); 37817680Spststatic void sppp_pap_my_TO(void *sp); 37917680Spststatic void sppp_pap_tlu(struct sppp *sp); 38017680Spststatic void sppp_pap_tld(struct sppp *sp); 38117680Spststatic void sppp_pap_scr(struct sppp *sp); 38217680Spst 38317680Spststatic void sppp_chap_input(struct sppp *sp, struct mbuf *m); 38417680Spststatic void sppp_chap_init(struct sppp *sp); 38517680Spststatic void sppp_chap_open(struct sppp *sp); 38617680Spststatic void sppp_chap_close(struct sppp *sp); 38717680Spststatic void sppp_chap_TO(void *sp); 38817680Spststatic void sppp_chap_tlu(struct sppp *sp); 38917680Spststatic void sppp_chap_tld(struct sppp *sp); 39017680Spststatic void sppp_chap_scr(struct sppp *sp); 39117680Spst 39217680Spststatic const char *sppp_auth_type_name(u_short proto, u_char type); 39317680Spststatic const char *sppp_cp_type_name(u_char type); 39417680Spststatic const char *sppp_dotted_quad(u_long addr); 39517680Spststatic const char *sppp_ipcp_opt_name(u_char opt); 39617680Spst#ifdef INET6 39717680Spststatic const char *sppp_ipv6cp_opt_name(u_char opt); 39817680Spst#endif 39917680Spststatic const char *sppp_lcp_opt_name(u_char opt); 40017680Spststatic const char *sppp_phase_name(enum ppp_phase phase); 40117680Spststatic const char *sppp_proto_name(u_short proto); 40217680Spststatic const char *sppp_state_name(int state); 40317680Spststatic int sppp_params(struct sppp *sp, u_long cmd, void *data); 40417680Spststatic int sppp_strnlen(u_char *p, int max); 40517680Spststatic void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 40617680Spst u_long *srcmask); 40717680Spststatic void sppp_keepalive(void *dummy); 40817680Spststatic void sppp_phase_network(struct sppp *sp); 40917680Spststatic void sppp_print_bytes(const u_char *p, u_short len); 41017680Spststatic void sppp_print_string(const char *p, u_short len); 41117680Spststatic void sppp_qflush(struct ifqueue *ifq); 41217680Spststatic void sppp_set_ip_addr(struct sppp *sp, u_long src); 41317680Spst#ifdef INET6 41417680Spststatic void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 41517680Spst struct in6_addr *dst, struct in6_addr *srcmask); 41617680Spst#ifdef IPV6CP_MYIFID_DYN 41717680Spststatic void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 41817680Spststatic void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 41917680Spst#endif 42017680Spststatic void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 42117680Spst#endif 42217680Spst 42317680Spst/* our control protocol descriptors */ 42417680Spststatic const struct cp lcp = { 42517680Spst PPP_LCP, IDX_LCP, CP_LCP, "lcp", 42617680Spst sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 42717680Spst sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 42817680Spst sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 42917680Spst sppp_lcp_scr 43017680Spst}; 43117680Spst 43217680Spststatic const struct cp ipcp = { 43317680Spst PPP_IPCP, IDX_IPCP, 43417680Spst#ifdef INET /* don't run IPCP if there's no IPv4 support */ 43517680Spst CP_NCP, 43617680Spst#else 43717680Spst 0, 43817680Spst#endif 43917680Spst "ipcp", 44017680Spst sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 44117680Spst sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 44217680Spst sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 44317680Spst sppp_ipcp_scr 44417680Spst}; 44517680Spst 44617680Spststatic const struct cp ipv6cp = { 44717680Spst PPP_IPV6CP, IDX_IPV6CP, 44817680Spst#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 44917680Spst CP_NCP, 45017680Spst#else 45117680Spst 0, 45217680Spst#endif 45317680Spst "ipv6cp", 45417680Spst sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 45517680Spst sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 45617680Spst sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 45717680Spst sppp_ipv6cp_scr 45817680Spst}; 45917680Spst 46017680Spststatic const struct cp pap = { 46117680Spst PPP_PAP, IDX_PAP, CP_AUTH, "pap", 46217680Spst sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 46317680Spst sppp_pap_TO, 0, 0, 0, 46417680Spst sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 46517680Spst sppp_pap_scr 46617680Spst}; 46717680Spst 46817680Spststatic const struct cp chap = { 46917680Spst PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 47017688Spst sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 47117680Spst sppp_chap_TO, 0, 0, 0, 47217680Spst sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 47317680Spst sppp_chap_scr 47417680Spst}; 47517688Spst 47617680Spststatic const struct cp *cps[IDX_COUNT] = { 47717680Spst &lcp, /* IDX_LCP */ 47817688Spst &ipcp, /* IDX_IPCP */ 47917688Spst &ipv6cp, /* IDX_IPV6CP */ 48017680Spst &pap, /* IDX_PAP */ 48117680Spst &chap, /* IDX_CHAP */ 48217680Spst}; 48317680Spst 48417680Spststatic int 48517680Spstsppp_modevent(module_t mod, int type, void *unused) 48617680Spst{ 48717680Spst switch (type) { 48817680Spst case MOD_LOAD: 48917680Spst break; 49017680Spst case MOD_UNLOAD: 49117680Spst return EACCES; 49217680Spst break; 49317680Spst default: 49417680Spst break; 49517680Spst } 49617680Spst return 0; 49717680Spst} 49817680Spststatic moduledata_t spppmod = { 49917680Spst "sppp", 50017680Spst sppp_modevent, 50117680Spst 0 50217680Spst}; 50317680SpstMODULE_VERSION(sppp, 1); 50417680SpstDECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 50517680Spst 50617680Spst/* 50717680Spst * Exported functions, comprising our interface to the lower layer. 50817680Spst */ 50917680Spst 51017680Spst/* 51117680Spst * Process the received packet. 51217680Spst */ 51317680Spstvoid 51417680Spstsppp_input(struct ifnet *ifp, struct mbuf *m) 51517680Spst{ 51617680Spst struct ppp_header *h; 51717680Spst int isr = -1; 51817680Spst struct sppp *sp = (struct sppp *)ifp; 51917680Spst u_char *iphdr; 52017680Spst int hlen, vjlen, do_account = 0; 52117680Spst int debug = ifp->if_flags & IFF_DEBUG; 52217680Spst 52317680Spst if (ifp->if_flags & IFF_UP) 52417680Spst /* Count received bytes, add FCS and one flag */ 52517680Spst ifp->if_ibytes += m->m_pkthdr.len + 3; 52617680Spst 52717680Spst if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 52817680Spst /* Too small packet, drop it. */ 52917680Spst if (debug) 53017680Spst log(LOG_DEBUG, 53117680Spst SPP_FMT "input packet is too small, %d bytes\n", 53217680Spst SPP_ARGS(ifp), m->m_pkthdr.len); 53317680Spst drop: 53417680Spst m_freem (m); 53517680Spst drop2: 53617680Spst ++ifp->if_ierrors; 53717680Spst ++ifp->if_iqdrops; 53817680Spst return; 53917680Spst } 54017680Spst 54117680Spst /* Get PPP header. */ 54217680Spst h = mtod (m, struct ppp_header*); 54317680Spst m_adj (m, PPP_HEADER_LEN); 54417680Spst 54517680Spst switch (h->address) { 54617680Spst case PPP_ALLSTATIONS: 54717680Spst if (h->control != PPP_UI) 54817680Spst goto invalid; 54917680Spst if (sp->pp_mode == IFF_CISCO) { 55017680Spst if (debug) 55117680Spst log(LOG_DEBUG, 55217680Spst SPP_FMT "PPP packet in Cisco mode " 55317680Spst "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 55417680Spst SPP_ARGS(ifp), 55517680Spst h->address, h->control, ntohs(h->protocol)); 55617680Spst goto drop; 55717680Spst } 55817680Spst switch (ntohs (h->protocol)) { 55917680Spst default: 56017680Spst if (debug) 56117680Spst log(LOG_DEBUG, 56217680Spst SPP_FMT "rejecting protocol " 56317680Spst "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 56417680Spst SPP_ARGS(ifp), 56517680Spst h->address, h->control, ntohs(h->protocol)); 56617680Spst if (sp->state[IDX_LCP] == STATE_OPENED) 56717680Spst sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 56817680Spst ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 56917680Spst &h->protocol); 57017680Spst ++ifp->if_noproto; 57117680Spst goto drop; 57217680Spst case PPP_LCP: 57317680Spst sppp_cp_input(&lcp, sp, m); 57417680Spst m_freem (m); 57517680Spst return; 57617680Spst case PPP_PAP: 57717680Spst if (sp->pp_phase >= PHASE_AUTHENTICATE) 57817680Spst sppp_pap_input(sp, m); 57917680Spst m_freem (m); 58017680Spst return; 58117680Spst case PPP_CHAP: 58217680Spst if (sp->pp_phase >= PHASE_AUTHENTICATE) 58317680Spst sppp_chap_input(sp, m); 58417680Spst m_freem (m); 58517680Spst return; 58617680Spst#ifdef INET 58717680Spst case PPP_IPCP: 58817680Spst if (sp->pp_phase == PHASE_NETWORK) 58917680Spst sppp_cp_input(&ipcp, sp, m); 59017680Spst m_freem (m); 59117680Spst return; 59217680Spst case PPP_IP: 59317680Spst if (sp->state[IDX_IPCP] == STATE_OPENED) { 59417680Spst isr = NETISR_IP; 59517680Spst } 59617680Spst do_account++; 59717680Spst break; 59817680Spst case PPP_VJ_COMP: 59917680Spst if (sp->state[IDX_IPCP] == STATE_OPENED) { 60017680Spst if ((vjlen = 60117680Spst sl_uncompress_tcp_core(mtod(m, u_char *), 60217680Spst m->m_len, m->m_len, 60317680Spst TYPE_COMPRESSED_TCP, 60417680Spst sp->pp_comp, 60517680Spst &iphdr, &hlen)) <= 0) { 60617680Spst if (debug) 60717680Spst log(LOG_INFO, 60817680Spst SPP_FMT "VJ uncompress failed on compressed packet\n", 60917680Spst SPP_ARGS(ifp)); 61017680Spst goto drop; 61117680Spst } 61217680Spst 61317680Spst /* 61417680Spst * Trim the VJ header off the packet, and prepend 61517680Spst * the uncompressed IP header (which will usually 61617680Spst * end up in two chained mbufs since there's not 61717680Spst * enough leading space in the existing mbuf). 61817680Spst */ 61917680Spst m_adj(m, vjlen); 62017680Spst M_PREPEND(m, hlen, M_DONTWAIT); 62117680Spst if (m == NULL) 62217680Spst goto drop2; 62317680Spst bcopy(iphdr, mtod(m, u_char *), hlen); 62417680Spst isr = NETISR_IP; 62517680Spst } 62617680Spst do_account++; 62717680Spst break; 62817680Spst case PPP_VJ_UCOMP: 62917680Spst if (sp->state[IDX_IPCP] == STATE_OPENED) { 63017680Spst if (sl_uncompress_tcp_core(mtod(m, u_char *), 63117680Spst m->m_len, m->m_len, 63217680Spst TYPE_UNCOMPRESSED_TCP, 63317680Spst sp->pp_comp, 63417680Spst &iphdr, &hlen) != 0) { 63517680Spst if (debug) 63617680Spst log(LOG_INFO, 63717680Spst SPP_FMT "VJ uncompress failed on uncompressed packet\n", 63817680Spst SPP_ARGS(ifp)); 63917680Spst goto drop; 64017680Spst } 64117680Spst isr = NETISR_IP; 64217680Spst } 64317680Spst do_account++; 64417680Spst break; 64517680Spst#endif 64617680Spst#ifdef INET6 64717680Spst case PPP_IPV6CP: 64817680Spst if (sp->pp_phase == PHASE_NETWORK) 64917680Spst sppp_cp_input(&ipv6cp, sp, m); 65017680Spst m_freem (m); 65117680Spst return; 65217680Spst 65317680Spst case PPP_IPV6: 65417680Spst if (sp->state[IDX_IPV6CP] == STATE_OPENED) 65517680Spst isr = NETISR_IPV6; 65617680Spst do_account++; 65717680Spst break; 65817680Spst#endif 65917680Spst#ifdef IPX 66017680Spst case PPP_IPX: 66117680Spst /* IPX IPXCP not implemented yet */ 66217680Spst if (sp->pp_phase == PHASE_NETWORK) 66317680Spst isr = NETISR_IPX; 66417680Spst do_account++; 66517680Spst break; 66617680Spst#endif 66717680Spst#ifdef NS 66817680Spst case PPP_XNS: 66917680Spst /* XNS IDPCP not implemented yet */ 67017680Spst if (sp->pp_phase == PHASE_NETWORK) 67117680Spst isr = NETISR_NS; 67217680Spst do_account++; 67317680Spst break; 67417680Spst#endif 67517680Spst } 67617680Spst break; 67717680Spst case CISCO_MULTICAST: 67817680Spst case CISCO_UNICAST: 67917680Spst /* Don't check the control field here (RFC 1547). */ 68017680Spst if (sp->pp_mode != IFF_CISCO) { 68117680Spst if (debug) 68217680Spst log(LOG_DEBUG, 68317680Spst SPP_FMT "Cisco packet in PPP mode " 68417680Spst "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 68517680Spst SPP_ARGS(ifp), 68617680Spst h->address, h->control, ntohs(h->protocol)); 68717680Spst goto drop; 68817680Spst } 68917680Spst switch (ntohs (h->protocol)) { 69017680Spst default: 69117680Spst ++ifp->if_noproto; 69217680Spst goto invalid; 69317680Spst case CISCO_KEEPALIVE: 69417680Spst sppp_cisco_input ((struct sppp*) ifp, m); 69517680Spst m_freem (m); 69617680Spst return; 69717680Spst#ifdef INET 69817680Spst case ETHERTYPE_IP: 69917680Spst isr = NETISR_IP; 70017680Spst do_account++; 70117680Spst break; 70217680Spst#endif 70317680Spst#ifdef INET6 70417680Spst case ETHERTYPE_IPV6: 70517680Spst isr = NETISR_IPV6; 70617680Spst do_account++; 70717680Spst break; 70817680Spst#endif 70917680Spst#ifdef IPX 71017680Spst case ETHERTYPE_IPX: 71117680Spst isr = NETISR_IPX; 71217680Spst do_account++; 71317680Spst break; 71417680Spst#endif 71517680Spst#ifdef NS 71617680Spst case ETHERTYPE_NS: 71717680Spst isr = NETISR_NS; 71817680Spst do_account++; 71917680Spst break; 72017680Spst#endif 72117680Spst } 72217680Spst break; 72317680Spst default: /* Invalid PPP packet. */ 72417680Spst invalid: 72517680Spst if (debug) 72617680Spst log(LOG_DEBUG, 72717680Spst SPP_FMT "invalid input packet " 72817680Spst "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 72917680Spst SPP_ARGS(ifp), 73017680Spst h->address, h->control, ntohs(h->protocol)); 73117680Spst goto drop; 73217680Spst } 73317680Spst 73417680Spst if (! (ifp->if_flags & IFF_UP) || isr == -1) 73517680Spst goto drop; 73617680Spst 73717680Spst /* Check queue. */ 73817680Spst if (! netisr_queue(isr, m)) { 73917680Spst if (debug) 74017680Spst log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 74117680Spst SPP_ARGS(ifp)); 74226183Sfenner goto drop; 74317680Spst } 74417680Spst if (do_account) 74517680Spst /* 74617680Spst * Do only account for network packets, not for control 74717680Spst * packets. This is used by some subsystems to detect 74817680Spst * idle lines. 74917680Spst */ 75017680Spst sp->pp_last_recv = time_second; 75117680Spst} 75217680Spst 75317680Spst/* 75417680Spst * Enqueue transmit packet. 75517680Spst */ 75617680Spststatic int 75717680Spstsppp_output(struct ifnet *ifp, struct mbuf *m, 758 struct sockaddr *dst, struct rtentry *rt) 759{ 760 struct sppp *sp = (struct sppp*) ifp; 761 struct ppp_header *h; 762 struct ifqueue *ifq = NULL; 763 int s, rv = 0; 764 int ipproto = PPP_IP; 765 int debug = ifp->if_flags & IFF_DEBUG; 766 767 s = splimp(); 768 769 if ((ifp->if_flags & IFF_UP) == 0 || 770 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 771#ifdef INET6 772 drop: 773#endif 774 m_freem (m); 775 splx (s); 776 return (ENETDOWN); 777 } 778 779 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 780#ifdef INET6 781 /* 782 * XXX 783 * 784 * Hack to prevent the initialization-time generated 785 * IPv6 multicast packet to erroneously cause a 786 * dialout event in case IPv6 has been 787 * administratively disabled on that interface. 788 */ 789 if (dst->sa_family == AF_INET6 && 790 !(sp->confflags & CONF_ENABLE_IPV6)) 791 goto drop; 792#endif 793 /* 794 * Interface is not yet running, but auto-dial. Need 795 * to start LCP for it. 796 */ 797 ifp->if_flags |= IFF_RUNNING; 798 splx(s); 799 lcp.Open(sp); 800 s = splimp(); 801 } 802 803 ifq = &ifp->if_snd; 804#ifdef INET 805 if (dst->sa_family == AF_INET) { 806 /* XXX Check mbuf length here? */ 807 struct ip *ip = mtod (m, struct ip*); 808 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 809 810 /* 811 * When using dynamic local IP address assignment by using 812 * 0.0.0.0 as a local address, the first TCP session will 813 * not connect because the local TCP checksum is computed 814 * using 0.0.0.0 which will later become our real IP address 815 * so the TCP checksum computed at the remote end will 816 * become invalid. So we 817 * - don't let packets with src ip addr 0 thru 818 * - we flag TCP packets with src ip 0 as an error 819 */ 820 821 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 822 { 823 m_freem(m); 824 splx(s); 825 if(ip->ip_p == IPPROTO_TCP) 826 return(EADDRNOTAVAIL); 827 else 828 return(0); 829 } 830 831 /* 832 * Put low delay, telnet, rlogin and ftp control packets 833 * in front of the queue. 834 */ 835 if (_IF_QFULL(&sp->pp_fastq)) 836 ; 837 else if (ip->ip_tos & IPTOS_LOWDELAY) 838 ifq = &sp->pp_fastq; 839 else if (m->m_len < sizeof *ip + sizeof *tcp) 840 ; 841 else if (ip->ip_p != IPPROTO_TCP) 842 ; 843 else if (INTERACTIVE (ntohs (tcp->th_sport))) 844 ifq = &sp->pp_fastq; 845 else if (INTERACTIVE (ntohs (tcp->th_dport))) 846 ifq = &sp->pp_fastq; 847 848 /* 849 * Do IP Header compression 850 */ 851 if (sp->pp_mode != IFF_CISCO && (sp->ipcp.flags & IPCP_VJ) && 852 ip->ip_p == IPPROTO_TCP) 853 switch (sl_compress_tcp(m, ip, sp->pp_comp, 854 sp->ipcp.compress_cid)) { 855 case TYPE_COMPRESSED_TCP: 856 ipproto = PPP_VJ_COMP; 857 break; 858 case TYPE_UNCOMPRESSED_TCP: 859 ipproto = PPP_VJ_UCOMP; 860 break; 861 case TYPE_IP: 862 ipproto = PPP_IP; 863 break; 864 default: 865 m_freem(m); 866 splx(s); 867 return (EINVAL); 868 } 869 } 870#endif 871 872#ifdef INET6 873 if (dst->sa_family == AF_INET6) { 874 /* XXX do something tricky here? */ 875 } 876#endif 877 878 /* 879 * Prepend general data packet PPP header. For now, IP only. 880 */ 881 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 882 if (! m) { 883 if (debug) 884 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 885 SPP_ARGS(ifp)); 886 ++ifp->if_oerrors; 887 splx (s); 888 return (ENOBUFS); 889 } 890 /* 891 * May want to check size of packet 892 * (albeit due to the implementation it's always enough) 893 */ 894 h = mtod (m, struct ppp_header*); 895 if (sp->pp_mode == IFF_CISCO) { 896 h->address = CISCO_UNICAST; /* unicast address */ 897 h->control = 0; 898 } else { 899 h->address = PPP_ALLSTATIONS; /* broadcast address */ 900 h->control = PPP_UI; /* Unnumbered Info */ 901 } 902 903 switch (dst->sa_family) { 904#ifdef INET 905 case AF_INET: /* Internet Protocol */ 906 if (sp->pp_mode == IFF_CISCO) 907 h->protocol = htons (ETHERTYPE_IP); 908 else { 909 /* 910 * Don't choke with an ENETDOWN early. It's 911 * possible that we just started dialing out, 912 * so don't drop the packet immediately. If 913 * we notice that we run out of buffer space 914 * below, we will however remember that we are 915 * not ready to carry IP packets, and return 916 * ENETDOWN, as opposed to ENOBUFS. 917 */ 918 h->protocol = htons(ipproto); 919 if (sp->state[IDX_IPCP] != STATE_OPENED) 920 rv = ENETDOWN; 921 } 922 break; 923#endif 924#ifdef INET6 925 case AF_INET6: /* Internet Protocol */ 926 if (sp->pp_mode == IFF_CISCO) 927 h->protocol = htons (ETHERTYPE_IPV6); 928 else { 929 /* 930 * Don't choke with an ENETDOWN early. It's 931 * possible that we just started dialing out, 932 * so don't drop the packet immediately. If 933 * we notice that we run out of buffer space 934 * below, we will however remember that we are 935 * not ready to carry IP packets, and return 936 * ENETDOWN, as opposed to ENOBUFS. 937 */ 938 h->protocol = htons(PPP_IPV6); 939 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 940 rv = ENETDOWN; 941 } 942 break; 943#endif 944#ifdef NS 945 case AF_NS: /* Xerox NS Protocol */ 946 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 947 ETHERTYPE_NS : PPP_XNS); 948 break; 949#endif 950#ifdef IPX 951 case AF_IPX: /* Novell IPX Protocol */ 952 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 953 ETHERTYPE_IPX : PPP_IPX); 954 break; 955#endif 956 default: 957 m_freem (m); 958 ++ifp->if_oerrors; 959 splx (s); 960 return (EAFNOSUPPORT); 961 } 962 963 /* 964 * Queue message on interface, and start output if interface 965 * not yet active. 966 */ 967 if (! IF_HANDOFF_ADJ(ifq, m, ifp, 3)) { 968 ++ifp->if_oerrors; 969 splx (s); 970 return (rv? rv: ENOBUFS); 971 } 972 splx (s); 973 /* 974 * Unlike in sppp_input(), we can always bump the timestamp 975 * here since sppp_output() is only called on behalf of 976 * network-layer traffic; control-layer traffic is handled 977 * by sppp_cp_send(). 978 */ 979 sp->pp_last_sent = time_second; 980 return (0); 981} 982 983void 984sppp_attach(struct ifnet *ifp) 985{ 986 struct sppp *sp = (struct sppp*) ifp; 987 988 /* Initialize keepalive handler. */ 989 if (! spppq) 990 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 991 992 /* Insert new entry into the keepalive list. */ 993 sp->pp_next = spppq; 994 spppq = sp; 995 996 sp->pp_if.if_mtu = PP_MTU; 997 sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 998 sp->pp_if.if_type = IFT_PPP; 999 sp->pp_if.if_output = sppp_output; 1000#if 0 1001 sp->pp_flags = PP_KEEPALIVE; 1002#endif 1003 sp->pp_if.if_snd.ifq_maxlen = 32; 1004 sp->pp_fastq.ifq_maxlen = 32; 1005 sp->pp_cpq.ifq_maxlen = 20; 1006 sp->pp_loopcnt = 0; 1007 sp->pp_alivecnt = 0; 1008 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 1009 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 1010 sp->pp_phase = PHASE_DEAD; 1011 sp->pp_up = lcp.Up; 1012 sp->pp_down = lcp.Down; 1013 if(!mtx_initialized(&sp->pp_cpq.ifq_mtx)) 1014 mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", NULL, MTX_DEF); 1015 if(!mtx_initialized(&sp->pp_fastq.ifq_mtx)) 1016 mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", NULL, MTX_DEF); 1017 sp->pp_last_recv = sp->pp_last_sent = time_second; 1018 sp->confflags = 0; 1019#ifdef INET 1020 sp->confflags |= CONF_ENABLE_VJ; 1021#endif 1022#ifdef INET6 1023 sp->confflags |= CONF_ENABLE_IPV6; 1024#endif 1025 sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAIT); 1026 sl_compress_init(sp->pp_comp, -1); 1027 sppp_lcp_init(sp); 1028 sppp_ipcp_init(sp); 1029 sppp_ipv6cp_init(sp); 1030 sppp_pap_init(sp); 1031 sppp_chap_init(sp); 1032} 1033 1034void 1035sppp_detach(struct ifnet *ifp) 1036{ 1037 struct sppp **q, *p, *sp = (struct sppp*) ifp; 1038 int i; 1039 1040 /* Remove the entry from the keepalive list. */ 1041 for (q = &spppq; (p = *q); q = &p->pp_next) 1042 if (p == sp) { 1043 *q = p->pp_next; 1044 break; 1045 } 1046 1047 /* Stop keepalive handler. */ 1048 if (! spppq) 1049 UNTIMEOUT(sppp_keepalive, 0, keepalive_ch); 1050 1051 for (i = 0; i < IDX_COUNT; i++) 1052 UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]); 1053 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 1054 mtx_destroy(&sp->pp_cpq.ifq_mtx); 1055 mtx_destroy(&sp->pp_fastq.ifq_mtx); 1056} 1057 1058/* 1059 * Flush the interface output queue. 1060 */ 1061void 1062sppp_flush(struct ifnet *ifp) 1063{ 1064 struct sppp *sp = (struct sppp*) ifp; 1065 1066 sppp_qflush (&sp->pp_if.if_snd); 1067 sppp_qflush (&sp->pp_fastq); 1068 sppp_qflush (&sp->pp_cpq); 1069} 1070 1071/* 1072 * Check if the output queue is empty. 1073 */ 1074int 1075sppp_isempty(struct ifnet *ifp) 1076{ 1077 struct sppp *sp = (struct sppp*) ifp; 1078 int empty, s; 1079 1080 s = splimp(); 1081 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 1082 !sp->pp_if.if_snd.ifq_head; 1083 splx(s); 1084 return (empty); 1085} 1086 1087/* 1088 * Get next packet to send. 1089 */ 1090struct mbuf * 1091sppp_dequeue(struct ifnet *ifp) 1092{ 1093 struct sppp *sp = (struct sppp*) ifp; 1094 struct mbuf *m; 1095 int s; 1096 1097 s = splimp(); 1098 /* 1099 * Process only the control protocol queue until we have at 1100 * least one NCP open. 1101 * 1102 * Do always serve all three queues in Cisco mode. 1103 */ 1104 IF_DEQUEUE(&sp->pp_cpq, m); 1105 if (m == NULL && 1106 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO)) { 1107 IF_DEQUEUE(&sp->pp_fastq, m); 1108 if (m == NULL) 1109 IF_DEQUEUE (&sp->pp_if.if_snd, m); 1110 } 1111 splx(s); 1112 return m; 1113} 1114 1115/* 1116 * Pick the next packet, do not remove it from the queue. 1117 */ 1118struct mbuf * 1119sppp_pick(struct ifnet *ifp) 1120{ 1121 struct sppp *sp = (struct sppp*)ifp; 1122 struct mbuf *m; 1123 int s; 1124 1125 s= splimp (); 1126 1127 m = sp->pp_cpq.ifq_head; 1128 if (m == NULL && 1129 (sp->pp_phase == PHASE_NETWORK || sp->pp_mode == IFF_CISCO)) 1130 if ((m = sp->pp_fastq.ifq_head) == NULL) 1131 m = sp->pp_if.if_snd.ifq_head; 1132 splx (s); 1133 return (m); 1134} 1135 1136/* 1137 * Process an ioctl request. Called on low priority level. 1138 */ 1139int 1140sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1141{ 1142 struct ifreq *ifr = (struct ifreq*) data; 1143 struct sppp *sp = (struct sppp*) ifp; 1144 int s, rv, going_up, going_down, newmode; 1145 1146 s = splimp(); 1147 rv = 0; 1148 switch (cmd) { 1149 case SIOCAIFADDR: 1150 case SIOCSIFDSTADDR: 1151 break; 1152 1153 case SIOCSIFADDR: 1154 /* set the interface "up" when assigning an IP address */ 1155 ifp->if_flags |= IFF_UP; 1156 /* FALLTHROUGH */ 1157 1158 case SIOCSIFFLAGS: 1159 going_up = ifp->if_flags & IFF_UP && 1160 (ifp->if_flags & IFF_RUNNING) == 0; 1161 going_down = (ifp->if_flags & IFF_UP) == 0 && 1162 ifp->if_flags & IFF_RUNNING; 1163 1164 newmode = ifp->if_flags & IFF_PASSIVE; 1165 if (!newmode) 1166 newmode = ifp->if_flags & IFF_AUTO; 1167 if (!newmode) 1168 newmode = ifp->if_flags & IFF_CISCO; 1169 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1170 ifp->if_flags |= newmode; 1171 1172 if (newmode != sp->pp_mode) { 1173 going_down = 1; 1174 if (!going_up) 1175 going_up = ifp->if_flags & IFF_RUNNING; 1176 } 1177 1178 if (going_down) { 1179 if (sp->pp_mode != IFF_CISCO) 1180 lcp.Close(sp); 1181 else if (sp->pp_tlf) 1182 (sp->pp_tlf)(sp); 1183 sppp_flush(ifp); 1184 ifp->if_flags &= ~IFF_RUNNING; 1185 sp->pp_mode = newmode; 1186 } 1187 1188 if (going_up) { 1189 if (sp->pp_mode != IFF_CISCO) 1190 lcp.Close(sp); 1191 sp->pp_mode = newmode; 1192 if (sp->pp_mode == 0) { 1193 ifp->if_flags |= IFF_RUNNING; 1194 lcp.Open(sp); 1195 } 1196 if (sp->pp_mode == IFF_CISCO) { 1197 if (sp->pp_tls) 1198 (sp->pp_tls)(sp); 1199 ifp->if_flags |= IFF_RUNNING; 1200 } 1201 } 1202 1203 break; 1204 1205#ifdef SIOCSIFMTU 1206#ifndef ifr_mtu 1207#define ifr_mtu ifr_metric 1208#endif 1209 case SIOCSIFMTU: 1210 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1211 return (EINVAL); 1212 ifp->if_mtu = ifr->ifr_mtu; 1213 break; 1214#endif 1215#ifdef SLIOCSETMTU 1216 case SLIOCSETMTU: 1217 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1218 return (EINVAL); 1219 ifp->if_mtu = *(short*)data; 1220 break; 1221#endif 1222#ifdef SIOCGIFMTU 1223 case SIOCGIFMTU: 1224 ifr->ifr_mtu = ifp->if_mtu; 1225 break; 1226#endif 1227#ifdef SLIOCGETMTU 1228 case SLIOCGETMTU: 1229 *(short*)data = ifp->if_mtu; 1230 break; 1231#endif 1232 case SIOCADDMULTI: 1233 case SIOCDELMULTI: 1234 break; 1235 1236 case SIOCGIFGENERIC: 1237 case SIOCSIFGENERIC: 1238 rv = sppp_params(sp, cmd, data); 1239 break; 1240 1241 default: 1242 rv = ENOTTY; 1243 } 1244 splx(s); 1245 return rv; 1246} 1247 1248/* 1249 * Cisco framing implementation. 1250 */ 1251 1252/* 1253 * Handle incoming Cisco keepalive protocol packets. 1254 */ 1255static void 1256sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1257{ 1258 STDDCL; 1259 struct cisco_packet *h; 1260 u_long me, mymask; 1261 1262 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1263 if (debug) 1264 log(LOG_DEBUG, 1265 SPP_FMT "cisco invalid packet length: %d bytes\n", 1266 SPP_ARGS(ifp), m->m_pkthdr.len); 1267 return; 1268 } 1269 h = mtod (m, struct cisco_packet*); 1270 if (debug) 1271 log(LOG_DEBUG, 1272 SPP_FMT "cisco input: %d bytes " 1273 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1274 SPP_ARGS(ifp), m->m_pkthdr.len, 1275 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1276 (u_int)h->time0, (u_int)h->time1); 1277 switch (ntohl (h->type)) { 1278 default: 1279 if (debug) 1280 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1281 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1282 break; 1283 case CISCO_ADDR_REPLY: 1284 /* Reply on address request, ignore */ 1285 break; 1286 case CISCO_KEEPALIVE_REQ: 1287 sp->pp_alivecnt = 0; 1288 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1289 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1290 /* Local and remote sequence numbers are equal. 1291 * Probably, the line is in loopback mode. */ 1292 if (sp->pp_loopcnt >= MAXALIVECNT) { 1293 printf (SPP_FMT "loopback\n", 1294 SPP_ARGS(ifp)); 1295 sp->pp_loopcnt = 0; 1296 if (ifp->if_flags & IFF_UP) { 1297 if_down (ifp); 1298 sppp_qflush (&sp->pp_cpq); 1299 } 1300 } 1301 ++sp->pp_loopcnt; 1302 1303 /* Generate new local sequence number */ 1304#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1305 sp->pp_seq[IDX_LCP] = random(); 1306#else 1307 sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec; 1308#endif 1309 break; 1310 } 1311 sp->pp_loopcnt = 0; 1312 if (! (ifp->if_flags & IFF_UP) && 1313 (ifp->if_flags & IFF_RUNNING)) { 1314 if_up(ifp); 1315 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1316 } 1317 break; 1318 case CISCO_ADDR_REQ: 1319 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1320 if (me != 0L) 1321 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1322 break; 1323 } 1324} 1325 1326/* 1327 * Send Cisco keepalive packet. 1328 */ 1329static void 1330sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1331{ 1332 STDDCL; 1333 struct ppp_header *h; 1334 struct cisco_packet *ch; 1335 struct mbuf *m; 1336#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1337 struct timeval tv; 1338#else 1339 u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1340#endif 1341 1342#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1343 getmicrouptime(&tv); 1344#endif 1345 1346 MGETHDR (m, M_DONTWAIT, MT_DATA); 1347 if (! m) 1348 return; 1349 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1350 m->m_pkthdr.rcvif = 0; 1351 1352 h = mtod (m, struct ppp_header*); 1353 h->address = CISCO_MULTICAST; 1354 h->control = 0; 1355 h->protocol = htons (CISCO_KEEPALIVE); 1356 1357 ch = (struct cisco_packet*) (h + 1); 1358 ch->type = htonl (type); 1359 ch->par1 = htonl (par1); 1360 ch->par2 = htonl (par2); 1361 ch->rel = -1; 1362 1363#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1364 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1365 ch->time1 = htons ((u_short) tv.tv_sec); 1366#else 1367 ch->time0 = htons ((u_short) (t >> 16)); 1368 ch->time1 = htons ((u_short) t); 1369#endif 1370 1371 if (debug) 1372 log(LOG_DEBUG, 1373 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1374 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1375 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1376 1377 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1378 ifp->if_oerrors++; 1379} 1380 1381/* 1382 * PPP protocol implementation. 1383 */ 1384 1385/* 1386 * Send PPP control protocol packet. 1387 */ 1388static void 1389sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1390 u_char ident, u_short len, void *data) 1391{ 1392 STDDCL; 1393 struct ppp_header *h; 1394 struct lcp_header *lh; 1395 struct mbuf *m; 1396 1397 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1398 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1399 MGETHDR (m, M_DONTWAIT, MT_DATA); 1400 if (! m) 1401 return; 1402 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1403 m->m_pkthdr.rcvif = 0; 1404 1405 h = mtod (m, struct ppp_header*); 1406 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1407 h->control = PPP_UI; /* Unnumbered Info */ 1408 h->protocol = htons (proto); /* Link Control Protocol */ 1409 1410 lh = (struct lcp_header*) (h + 1); 1411 lh->type = type; 1412 lh->ident = ident; 1413 lh->len = htons (LCP_HEADER_LEN + len); 1414 if (len) 1415 bcopy (data, lh+1, len); 1416 1417 if (debug) { 1418 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1419 SPP_ARGS(ifp), 1420 sppp_proto_name(proto), 1421 sppp_cp_type_name (lh->type), lh->ident, 1422 ntohs (lh->len)); 1423 sppp_print_bytes ((u_char*) (lh+1), len); 1424 log(-1, ">\n"); 1425 } 1426 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1427 ifp->if_oerrors++; 1428} 1429 1430/* 1431 * Handle incoming PPP control protocol packets. 1432 */ 1433static void 1434sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1435{ 1436 STDDCL; 1437 struct lcp_header *h; 1438 int len = m->m_pkthdr.len; 1439 int rv; 1440 u_char *p; 1441 1442 if (len < 4) { 1443 if (debug) 1444 log(LOG_DEBUG, 1445 SPP_FMT "%s invalid packet length: %d bytes\n", 1446 SPP_ARGS(ifp), cp->name, len); 1447 return; 1448 } 1449 h = mtod (m, struct lcp_header*); 1450 if (debug) { 1451 log(LOG_DEBUG, 1452 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1453 SPP_ARGS(ifp), cp->name, 1454 sppp_state_name(sp->state[cp->protoidx]), 1455 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1456 sppp_print_bytes ((u_char*) (h+1), len-4); 1457 log(-1, ">\n"); 1458 } 1459 if (len > ntohs (h->len)) 1460 len = ntohs (h->len); 1461 p = (u_char *)(h + 1); 1462 switch (h->type) { 1463 case CONF_REQ: 1464 if (len < 4) { 1465 if (debug) 1466 log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1467 SPP_ARGS(ifp), cp->name, 1468 len); 1469 ++ifp->if_ierrors; 1470 break; 1471 } 1472 /* handle states where RCR doesn't get a SCA/SCN */ 1473 switch (sp->state[cp->protoidx]) { 1474 case STATE_CLOSING: 1475 case STATE_STOPPING: 1476 return; 1477 case STATE_CLOSED: 1478 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1479 0, 0); 1480 return; 1481 } 1482 rv = (cp->RCR)(sp, h, len); 1483 switch (sp->state[cp->protoidx]) { 1484 case STATE_OPENED: 1485 (cp->tld)(sp); 1486 (cp->scr)(sp); 1487 /* FALLTHROUGH */ 1488 case STATE_ACK_SENT: 1489 case STATE_REQ_SENT: 1490 /* 1491 * sppp_cp_change_state() have the side effect of 1492 * restarting the timeouts. We want to avoid that 1493 * if the state don't change, otherwise we won't 1494 * ever timeout and resend a configuration request 1495 * that got lost. 1496 */ 1497 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1498 STATE_REQ_SENT)) 1499 break; 1500 sppp_cp_change_state(cp, sp, rv? 1501 STATE_ACK_SENT: STATE_REQ_SENT); 1502 break; 1503 case STATE_STOPPED: 1504 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1505 (cp->scr)(sp); 1506 sppp_cp_change_state(cp, sp, rv? 1507 STATE_ACK_SENT: STATE_REQ_SENT); 1508 break; 1509 case STATE_ACK_RCVD: 1510 if (rv) { 1511 sppp_cp_change_state(cp, sp, STATE_OPENED); 1512 if (debug) 1513 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1514 SPP_ARGS(ifp), 1515 cp->name); 1516 (cp->tlu)(sp); 1517 } else 1518 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1519 break; 1520 default: 1521 printf(SPP_FMT "%s illegal %s in state %s\n", 1522 SPP_ARGS(ifp), cp->name, 1523 sppp_cp_type_name(h->type), 1524 sppp_state_name(sp->state[cp->protoidx])); 1525 ++ifp->if_ierrors; 1526 } 1527 break; 1528 case CONF_ACK: 1529 if (h->ident != sp->confid[cp->protoidx]) { 1530 if (debug) 1531 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1532 SPP_ARGS(ifp), cp->name, 1533 h->ident, sp->confid[cp->protoidx]); 1534 ++ifp->if_ierrors; 1535 break; 1536 } 1537 switch (sp->state[cp->protoidx]) { 1538 case STATE_CLOSED: 1539 case STATE_STOPPED: 1540 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1541 break; 1542 case STATE_CLOSING: 1543 case STATE_STOPPING: 1544 break; 1545 case STATE_REQ_SENT: 1546 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1547 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1548 break; 1549 case STATE_OPENED: 1550 (cp->tld)(sp); 1551 /* FALLTHROUGH */ 1552 case STATE_ACK_RCVD: 1553 (cp->scr)(sp); 1554 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1555 break; 1556 case STATE_ACK_SENT: 1557 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1558 sppp_cp_change_state(cp, sp, STATE_OPENED); 1559 if (debug) 1560 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1561 SPP_ARGS(ifp), cp->name); 1562 (cp->tlu)(sp); 1563 break; 1564 default: 1565 printf(SPP_FMT "%s illegal %s in state %s\n", 1566 SPP_ARGS(ifp), cp->name, 1567 sppp_cp_type_name(h->type), 1568 sppp_state_name(sp->state[cp->protoidx])); 1569 ++ifp->if_ierrors; 1570 } 1571 break; 1572 case CONF_NAK: 1573 case CONF_REJ: 1574 if (h->ident != sp->confid[cp->protoidx]) { 1575 if (debug) 1576 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1577 SPP_ARGS(ifp), cp->name, 1578 h->ident, sp->confid[cp->protoidx]); 1579 ++ifp->if_ierrors; 1580 break; 1581 } 1582 if (h->type == CONF_NAK) 1583 (cp->RCN_nak)(sp, h, len); 1584 else /* CONF_REJ */ 1585 (cp->RCN_rej)(sp, h, len); 1586 1587 switch (sp->state[cp->protoidx]) { 1588 case STATE_CLOSED: 1589 case STATE_STOPPED: 1590 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1591 break; 1592 case STATE_REQ_SENT: 1593 case STATE_ACK_SENT: 1594 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1595 /* 1596 * Slow things down a bit if we think we might be 1597 * in loopback. Depend on the timeout to send the 1598 * next configuration request. 1599 */ 1600 if (sp->pp_loopcnt) 1601 break; 1602 (cp->scr)(sp); 1603 break; 1604 case STATE_OPENED: 1605 (cp->tld)(sp); 1606 /* FALLTHROUGH */ 1607 case STATE_ACK_RCVD: 1608 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1609 (cp->scr)(sp); 1610 break; 1611 case STATE_CLOSING: 1612 case STATE_STOPPING: 1613 break; 1614 default: 1615 printf(SPP_FMT "%s illegal %s in state %s\n", 1616 SPP_ARGS(ifp), cp->name, 1617 sppp_cp_type_name(h->type), 1618 sppp_state_name(sp->state[cp->protoidx])); 1619 ++ifp->if_ierrors; 1620 } 1621 break; 1622 1623 case TERM_REQ: 1624 switch (sp->state[cp->protoidx]) { 1625 case STATE_ACK_RCVD: 1626 case STATE_ACK_SENT: 1627 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1628 /* FALLTHROUGH */ 1629 case STATE_CLOSED: 1630 case STATE_STOPPED: 1631 case STATE_CLOSING: 1632 case STATE_STOPPING: 1633 case STATE_REQ_SENT: 1634 sta: 1635 /* Send Terminate-Ack packet. */ 1636 if (debug) 1637 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1638 SPP_ARGS(ifp), cp->name); 1639 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1640 break; 1641 case STATE_OPENED: 1642 (cp->tld)(sp); 1643 sp->rst_counter[cp->protoidx] = 0; 1644 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1645 goto sta; 1646 break; 1647 default: 1648 printf(SPP_FMT "%s illegal %s in state %s\n", 1649 SPP_ARGS(ifp), cp->name, 1650 sppp_cp_type_name(h->type), 1651 sppp_state_name(sp->state[cp->protoidx])); 1652 ++ifp->if_ierrors; 1653 } 1654 break; 1655 case TERM_ACK: 1656 switch (sp->state[cp->protoidx]) { 1657 case STATE_CLOSED: 1658 case STATE_STOPPED: 1659 case STATE_REQ_SENT: 1660 case STATE_ACK_SENT: 1661 break; 1662 case STATE_CLOSING: 1663 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1664 (cp->tlf)(sp); 1665 break; 1666 case STATE_STOPPING: 1667 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1668 (cp->tlf)(sp); 1669 break; 1670 case STATE_ACK_RCVD: 1671 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1672 break; 1673 case STATE_OPENED: 1674 (cp->tld)(sp); 1675 (cp->scr)(sp); 1676 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1677 break; 1678 default: 1679 printf(SPP_FMT "%s illegal %s in state %s\n", 1680 SPP_ARGS(ifp), cp->name, 1681 sppp_cp_type_name(h->type), 1682 sppp_state_name(sp->state[cp->protoidx])); 1683 ++ifp->if_ierrors; 1684 } 1685 break; 1686 case CODE_REJ: 1687 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1688 log(LOG_INFO, 1689 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1690 "danger will robinson\n", 1691 SPP_ARGS(ifp), cp->name, 1692 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1693 switch (sp->state[cp->protoidx]) { 1694 case STATE_CLOSED: 1695 case STATE_STOPPED: 1696 case STATE_REQ_SENT: 1697 case STATE_ACK_SENT: 1698 case STATE_CLOSING: 1699 case STATE_STOPPING: 1700 case STATE_OPENED: 1701 break; 1702 case STATE_ACK_RCVD: 1703 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1704 break; 1705 default: 1706 printf(SPP_FMT "%s illegal %s in state %s\n", 1707 SPP_ARGS(ifp), cp->name, 1708 sppp_cp_type_name(h->type), 1709 sppp_state_name(sp->state[cp->protoidx])); 1710 ++ifp->if_ierrors; 1711 } 1712 break; 1713 case PROTO_REJ: 1714 { 1715 int catastrophic; 1716 const struct cp *upper; 1717 int i; 1718 u_int16_t proto; 1719 1720 catastrophic = 0; 1721 upper = NULL; 1722 proto = ntohs(*((u_int16_t *)p)); 1723 for (i = 0; i < IDX_COUNT; i++) { 1724 if (cps[i]->proto == proto) { 1725 upper = cps[i]; 1726 break; 1727 } 1728 } 1729 if (upper == NULL) 1730 catastrophic++; 1731 1732 if (catastrophic || debug) 1733 log(catastrophic? LOG_INFO: LOG_DEBUG, 1734 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1735 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1736 sppp_cp_type_name(h->type), proto, 1737 upper ? upper->name : "unknown", 1738 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1739 1740 /* 1741 * if we got RXJ+ against conf-req, the peer does not implement 1742 * this particular protocol type. terminate the protocol. 1743 */ 1744 if (upper && !catastrophic) { 1745 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1746 upper->Close(sp); 1747 break; 1748 } 1749 } 1750 1751 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1752 switch (sp->state[cp->protoidx]) { 1753 case STATE_CLOSED: 1754 case STATE_STOPPED: 1755 case STATE_REQ_SENT: 1756 case STATE_ACK_SENT: 1757 case STATE_CLOSING: 1758 case STATE_STOPPING: 1759 case STATE_OPENED: 1760 break; 1761 case STATE_ACK_RCVD: 1762 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1763 break; 1764 default: 1765 printf(SPP_FMT "%s illegal %s in state %s\n", 1766 SPP_ARGS(ifp), cp->name, 1767 sppp_cp_type_name(h->type), 1768 sppp_state_name(sp->state[cp->protoidx])); 1769 ++ifp->if_ierrors; 1770 } 1771 break; 1772 } 1773 case DISC_REQ: 1774 if (cp->proto != PPP_LCP) 1775 goto illegal; 1776 /* Discard the packet. */ 1777 break; 1778 case ECHO_REQ: 1779 if (cp->proto != PPP_LCP) 1780 goto illegal; 1781 if (sp->state[cp->protoidx] != STATE_OPENED) { 1782 if (debug) 1783 log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1784 SPP_ARGS(ifp)); 1785 ++ifp->if_ierrors; 1786 break; 1787 } 1788 if (len < 8) { 1789 if (debug) 1790 log(-1, SPP_FMT "invalid lcp echo request " 1791 "packet length: %d bytes\n", 1792 SPP_ARGS(ifp), len); 1793 break; 1794 } 1795 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1796 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1797 /* Line loopback mode detected. */ 1798 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1799 sp->pp_loopcnt = MAXALIVECNT * 5; 1800 if_down (ifp); 1801 sppp_qflush (&sp->pp_cpq); 1802 1803 /* Shut down the PPP link. */ 1804 /* XXX */ 1805 lcp.Down(sp); 1806 lcp.Up(sp); 1807 break; 1808 } 1809 *(long*)(h+1) = htonl (sp->lcp.magic); 1810 if (debug) 1811 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1812 SPP_ARGS(ifp)); 1813 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1814 break; 1815 case ECHO_REPLY: 1816 if (cp->proto != PPP_LCP) 1817 goto illegal; 1818 if (h->ident != sp->lcp.echoid) { 1819 ++ifp->if_ierrors; 1820 break; 1821 } 1822 if (len < 8) { 1823 if (debug) 1824 log(-1, SPP_FMT "lcp invalid echo reply " 1825 "packet length: %d bytes\n", 1826 SPP_ARGS(ifp), len); 1827 break; 1828 } 1829 if (debug) 1830 log(-1, SPP_FMT "lcp got echo rep\n", 1831 SPP_ARGS(ifp)); 1832 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1833 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1834 sp->pp_alivecnt = 0; 1835 break; 1836 default: 1837 /* Unknown packet type -- send Code-Reject packet. */ 1838 illegal: 1839 if (debug) 1840 log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1841 SPP_ARGS(ifp), cp->name, h->type); 1842 sppp_cp_send(sp, cp->proto, CODE_REJ, 1843 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1844 ++ifp->if_ierrors; 1845 } 1846} 1847 1848 1849/* 1850 * The generic part of all Up/Down/Open/Close/TO event handlers. 1851 * Basically, the state transition handling in the automaton. 1852 */ 1853static void 1854sppp_up_event(const struct cp *cp, struct sppp *sp) 1855{ 1856 STDDCL; 1857 1858 if (debug) 1859 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1860 SPP_ARGS(ifp), cp->name, 1861 sppp_state_name(sp->state[cp->protoidx])); 1862 1863 switch (sp->state[cp->protoidx]) { 1864 case STATE_INITIAL: 1865 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1866 break; 1867 case STATE_STARTING: 1868 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1869 (cp->scr)(sp); 1870 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1871 break; 1872 default: 1873 printf(SPP_FMT "%s illegal up in state %s\n", 1874 SPP_ARGS(ifp), cp->name, 1875 sppp_state_name(sp->state[cp->protoidx])); 1876 } 1877} 1878 1879static void 1880sppp_down_event(const struct cp *cp, struct sppp *sp) 1881{ 1882 STDDCL; 1883 1884 if (debug) 1885 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1886 SPP_ARGS(ifp), cp->name, 1887 sppp_state_name(sp->state[cp->protoidx])); 1888 1889 switch (sp->state[cp->protoidx]) { 1890 case STATE_CLOSED: 1891 case STATE_CLOSING: 1892 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1893 break; 1894 case STATE_STOPPED: 1895 sppp_cp_change_state(cp, sp, STATE_STARTING); 1896 (cp->tls)(sp); 1897 break; 1898 case STATE_STOPPING: 1899 case STATE_REQ_SENT: 1900 case STATE_ACK_RCVD: 1901 case STATE_ACK_SENT: 1902 sppp_cp_change_state(cp, sp, STATE_STARTING); 1903 break; 1904 case STATE_OPENED: 1905 (cp->tld)(sp); 1906 sppp_cp_change_state(cp, sp, STATE_STARTING); 1907 break; 1908 default: 1909 printf(SPP_FMT "%s illegal down in state %s\n", 1910 SPP_ARGS(ifp), cp->name, 1911 sppp_state_name(sp->state[cp->protoidx])); 1912 } 1913} 1914 1915 1916static void 1917sppp_open_event(const struct cp *cp, struct sppp *sp) 1918{ 1919 STDDCL; 1920 1921 if (debug) 1922 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1923 SPP_ARGS(ifp), cp->name, 1924 sppp_state_name(sp->state[cp->protoidx])); 1925 1926 switch (sp->state[cp->protoidx]) { 1927 case STATE_INITIAL: 1928 sppp_cp_change_state(cp, sp, STATE_STARTING); 1929 (cp->tls)(sp); 1930 break; 1931 case STATE_STARTING: 1932 break; 1933 case STATE_CLOSED: 1934 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1935 (cp->scr)(sp); 1936 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1937 break; 1938 case STATE_STOPPED: 1939 /* 1940 * Try escaping stopped state. This seems to bite 1941 * people occasionally, in particular for IPCP, 1942 * presumably following previous IPCP negotiation 1943 * aborts. Somehow, we must have missed a Down event 1944 * which would have caused a transition into starting 1945 * state, so as a bandaid we force the Down event now. 1946 * This effectively implements (something like the) 1947 * `restart' option mentioned in the state transition 1948 * table of RFC 1661. 1949 */ 1950 sppp_cp_change_state(cp, sp, STATE_STARTING); 1951 (cp->tls)(sp); 1952 break; 1953 case STATE_STOPPING: 1954 case STATE_REQ_SENT: 1955 case STATE_ACK_RCVD: 1956 case STATE_ACK_SENT: 1957 case STATE_OPENED: 1958 break; 1959 case STATE_CLOSING: 1960 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1961 break; 1962 } 1963} 1964 1965 1966static void 1967sppp_close_event(const struct cp *cp, struct sppp *sp) 1968{ 1969 STDDCL; 1970 1971 if (debug) 1972 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1973 SPP_ARGS(ifp), cp->name, 1974 sppp_state_name(sp->state[cp->protoidx])); 1975 1976 switch (sp->state[cp->protoidx]) { 1977 case STATE_INITIAL: 1978 case STATE_CLOSED: 1979 case STATE_CLOSING: 1980 break; 1981 case STATE_STARTING: 1982 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1983 (cp->tlf)(sp); 1984 break; 1985 case STATE_STOPPED: 1986 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1987 break; 1988 case STATE_STOPPING: 1989 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1990 break; 1991 case STATE_OPENED: 1992 (cp->tld)(sp); 1993 /* FALLTHROUGH */ 1994 case STATE_REQ_SENT: 1995 case STATE_ACK_RCVD: 1996 case STATE_ACK_SENT: 1997 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1998 sppp_cp_send(sp, cp->proto, TERM_REQ, 1999 ++sp->pp_seq[cp->protoidx], 0, 0); 2000 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2001 break; 2002 } 2003} 2004 2005static void 2006sppp_to_event(const struct cp *cp, struct sppp *sp) 2007{ 2008 STDDCL; 2009 int s; 2010 2011 s = splimp(); 2012 if (debug) 2013 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 2014 SPP_ARGS(ifp), cp->name, 2015 sppp_state_name(sp->state[cp->protoidx]), 2016 sp->rst_counter[cp->protoidx]); 2017 2018 if (--sp->rst_counter[cp->protoidx] < 0) 2019 /* TO- event */ 2020 switch (sp->state[cp->protoidx]) { 2021 case STATE_CLOSING: 2022 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2023 (cp->tlf)(sp); 2024 break; 2025 case STATE_STOPPING: 2026 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2027 (cp->tlf)(sp); 2028 break; 2029 case STATE_REQ_SENT: 2030 case STATE_ACK_RCVD: 2031 case STATE_ACK_SENT: 2032 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2033 (cp->tlf)(sp); 2034 break; 2035 } 2036 else 2037 /* TO+ event */ 2038 switch (sp->state[cp->protoidx]) { 2039 case STATE_CLOSING: 2040 case STATE_STOPPING: 2041 sppp_cp_send(sp, cp->proto, TERM_REQ, 2042 ++sp->pp_seq[cp->protoidx], 0, 0); 2043 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 2044 sp->ch[cp->protoidx]); 2045 break; 2046 case STATE_REQ_SENT: 2047 case STATE_ACK_RCVD: 2048 (cp->scr)(sp); 2049 /* sppp_cp_change_state() will restart the timer */ 2050 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2051 break; 2052 case STATE_ACK_SENT: 2053 (cp->scr)(sp); 2054 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 2055 sp->ch[cp->protoidx]); 2056 break; 2057 } 2058 2059 splx(s); 2060} 2061 2062/* 2063 * Change the state of a control protocol in the state automaton. 2064 * Takes care of starting/stopping the restart timer. 2065 */ 2066static void 2067sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2068{ 2069 sp->state[cp->protoidx] = newstate; 2070 2071 UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 2072 switch (newstate) { 2073 case STATE_INITIAL: 2074 case STATE_STARTING: 2075 case STATE_CLOSED: 2076 case STATE_STOPPED: 2077 case STATE_OPENED: 2078 break; 2079 case STATE_CLOSING: 2080 case STATE_STOPPING: 2081 case STATE_REQ_SENT: 2082 case STATE_ACK_RCVD: 2083 case STATE_ACK_SENT: 2084 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 2085 sp->ch[cp->protoidx]); 2086 break; 2087 } 2088} 2089 2090/* 2091 *--------------------------------------------------------------------------* 2092 * * 2093 * The LCP implementation. * 2094 * * 2095 *--------------------------------------------------------------------------* 2096 */ 2097static void 2098sppp_lcp_init(struct sppp *sp) 2099{ 2100 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2101 sp->lcp.magic = 0; 2102 sp->state[IDX_LCP] = STATE_INITIAL; 2103 sp->fail_counter[IDX_LCP] = 0; 2104 sp->pp_seq[IDX_LCP] = 0; 2105 sp->pp_rseq[IDX_LCP] = 0; 2106 sp->lcp.protos = 0; 2107 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2108 2109 /* Note that these values are relevant for all control protocols */ 2110 sp->lcp.timeout = 3 * hz; 2111 sp->lcp.max_terminate = 2; 2112 sp->lcp.max_configure = 10; 2113 sp->lcp.max_failure = 10; 2114#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2115 callout_handle_init(&sp->ch[IDX_LCP]); 2116#endif 2117} 2118 2119static void 2120sppp_lcp_up(struct sppp *sp) 2121{ 2122 STDDCL; 2123 2124 sp->pp_alivecnt = 0; 2125 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2126 sp->lcp.magic = 0; 2127 sp->lcp.protos = 0; 2128 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2129 /* 2130 * If we are authenticator, negotiate LCP_AUTH 2131 */ 2132 if (sp->hisauth.proto != 0) 2133 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2134 else 2135 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2136 sp->pp_flags &= ~PP_NEEDAUTH; 2137 /* 2138 * If this interface is passive or dial-on-demand, and we are 2139 * still in Initial state, it means we've got an incoming 2140 * call. Activate the interface. 2141 */ 2142 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2143 if (debug) 2144 log(LOG_DEBUG, 2145 SPP_FMT "Up event", SPP_ARGS(ifp)); 2146 ifp->if_flags |= IFF_RUNNING; 2147 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2148 if (debug) 2149 log(-1, "(incoming call)\n"); 2150 sp->pp_flags |= PP_CALLIN; 2151 lcp.Open(sp); 2152 } else if (debug) 2153 log(-1, "\n"); 2154 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2155 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2156 ifp->if_flags |= IFF_RUNNING; 2157 lcp.Open(sp); 2158 } 2159 2160 sppp_up_event(&lcp, sp); 2161} 2162 2163static void 2164sppp_lcp_down(struct sppp *sp) 2165{ 2166 STDDCL; 2167 2168 sppp_down_event(&lcp, sp); 2169 2170 /* 2171 * If this is neither a dial-on-demand nor a passive 2172 * interface, simulate an ``ifconfig down'' action, so the 2173 * administrator can force a redial by another ``ifconfig 2174 * up''. XXX For leased line operation, should we immediately 2175 * try to reopen the connection here? 2176 */ 2177 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2178 log(LOG_INFO, 2179 SPP_FMT "Down event, taking interface down.\n", 2180 SPP_ARGS(ifp)); 2181 if_down(ifp); 2182 } else { 2183 if (debug) 2184 log(LOG_DEBUG, 2185 SPP_FMT "Down event (carrier loss)\n", 2186 SPP_ARGS(ifp)); 2187 sp->pp_flags &= ~PP_CALLIN; 2188 if (sp->state[IDX_LCP] != STATE_INITIAL) 2189 lcp.Close(sp); 2190 ifp->if_flags &= ~IFF_RUNNING; 2191 } 2192} 2193 2194static void 2195sppp_lcp_open(struct sppp *sp) 2196{ 2197 sppp_open_event(&lcp, sp); 2198} 2199 2200static void 2201sppp_lcp_close(struct sppp *sp) 2202{ 2203 sppp_close_event(&lcp, sp); 2204} 2205 2206static void 2207sppp_lcp_TO(void *cookie) 2208{ 2209 sppp_to_event(&lcp, (struct sppp *)cookie); 2210} 2211 2212/* 2213 * Analyze a configure request. Return true if it was agreeable, and 2214 * caused action sca, false if it has been rejected or nak'ed, and 2215 * caused action scn. (The return value is used to make the state 2216 * transition decision in the state automaton.) 2217 */ 2218static int 2219sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2220{ 2221 STDDCL; 2222 u_char *buf, *r, *p; 2223 int origlen, rlen; 2224 u_long nmagic; 2225 u_short authproto; 2226 2227 len -= 4; 2228 origlen = len; 2229 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2230 if (! buf) 2231 return (0); 2232 2233 if (debug) 2234 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2235 SPP_ARGS(ifp)); 2236 2237 /* pass 1: check for things that need to be rejected */ 2238 p = (void*) (h+1); 2239 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2240 if (debug) 2241 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2242 switch (*p) { 2243 case LCP_OPT_MAGIC: 2244 /* Magic number. */ 2245 if (len >= 6 && p[1] == 6) 2246 continue; 2247 if (debug) 2248 log(-1, "[invalid] "); 2249 break; 2250 case LCP_OPT_ASYNC_MAP: 2251 /* Async control character map. */ 2252 if (len >= 6 && p[1] == 6) 2253 continue; 2254 if (debug) 2255 log(-1, "[invalid] "); 2256 break; 2257 case LCP_OPT_MRU: 2258 /* Maximum receive unit. */ 2259 if (len >= 4 && p[1] == 4) 2260 continue; 2261 if (debug) 2262 log(-1, "[invalid] "); 2263 break; 2264 case LCP_OPT_AUTH_PROTO: 2265 if (len < 4) { 2266 if (debug) 2267 log(-1, "[invalid] "); 2268 break; 2269 } 2270 authproto = (p[2] << 8) + p[3]; 2271 if (authproto == PPP_CHAP && p[1] != 5) { 2272 if (debug) 2273 log(-1, "[invalid chap len] "); 2274 break; 2275 } 2276 if (sp->myauth.proto == 0) { 2277 /* we are not configured to do auth */ 2278 if (debug) 2279 log(-1, "[not configured] "); 2280 break; 2281 } 2282 /* 2283 * Remote want us to authenticate, remember this, 2284 * so we stay in PHASE_AUTHENTICATE after LCP got 2285 * up. 2286 */ 2287 sp->pp_flags |= PP_NEEDAUTH; 2288 continue; 2289 default: 2290 /* Others not supported. */ 2291 if (debug) 2292 log(-1, "[rej] "); 2293 break; 2294 } 2295 /* Add the option to rejected list. */ 2296 bcopy (p, r, p[1]); 2297 r += p[1]; 2298 rlen += p[1]; 2299 } 2300 if (rlen) { 2301 if (debug) 2302 log(-1, " send conf-rej\n"); 2303 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2304 return 0; 2305 } else if (debug) 2306 log(-1, "\n"); 2307 2308 /* 2309 * pass 2: check for option values that are unacceptable and 2310 * thus require to be nak'ed. 2311 */ 2312 if (debug) 2313 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2314 SPP_ARGS(ifp)); 2315 2316 p = (void*) (h+1); 2317 len = origlen; 2318 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2319 if (debug) 2320 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2321 switch (*p) { 2322 case LCP_OPT_MAGIC: 2323 /* Magic number -- extract. */ 2324 nmagic = (u_long)p[2] << 24 | 2325 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2326 if (nmagic != sp->lcp.magic) { 2327 sp->pp_loopcnt = 0; 2328 if (debug) 2329 log(-1, "0x%lx ", nmagic); 2330 continue; 2331 } 2332 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2333 log(-1, "[glitch] "); 2334 ++sp->pp_loopcnt; 2335 /* 2336 * We negate our magic here, and NAK it. If 2337 * we see it later in an NAK packet, we 2338 * suggest a new one. 2339 */ 2340 nmagic = ~sp->lcp.magic; 2341 /* Gonna NAK it. */ 2342 p[2] = nmagic >> 24; 2343 p[3] = nmagic >> 16; 2344 p[4] = nmagic >> 8; 2345 p[5] = nmagic; 2346 break; 2347 2348 case LCP_OPT_ASYNC_MAP: 2349 /* 2350 * Async control character map -- just ignore it. 2351 * 2352 * Quote from RFC 1662, chapter 6: 2353 * To enable this functionality, synchronous PPP 2354 * implementations MUST always respond to the 2355 * Async-Control-Character-Map Configuration 2356 * Option with the LCP Configure-Ack. However, 2357 * acceptance of the Configuration Option does 2358 * not imply that the synchronous implementation 2359 * will do any ACCM mapping. Instead, all such 2360 * octet mapping will be performed by the 2361 * asynchronous-to-synchronous converter. 2362 */ 2363 continue; 2364 2365 case LCP_OPT_MRU: 2366 /* 2367 * Maximum receive unit. Always agreeable, 2368 * but ignored by now. 2369 */ 2370 sp->lcp.their_mru = p[2] * 256 + p[3]; 2371 if (debug) 2372 log(-1, "%lu ", sp->lcp.their_mru); 2373 continue; 2374 2375 case LCP_OPT_AUTH_PROTO: 2376 authproto = (p[2] << 8) + p[3]; 2377 if (sp->myauth.proto != authproto) { 2378 /* not agreed, nak */ 2379 if (debug) 2380 log(-1, "[mine %s != his %s] ", 2381 sppp_proto_name(sp->hisauth.proto), 2382 sppp_proto_name(authproto)); 2383 p[2] = sp->myauth.proto >> 8; 2384 p[3] = sp->myauth.proto; 2385 break; 2386 } 2387 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2388 if (debug) 2389 log(-1, "[chap not MD5] "); 2390 p[4] = CHAP_MD5; 2391 break; 2392 } 2393 continue; 2394 } 2395 /* Add the option to nak'ed list. */ 2396 bcopy (p, r, p[1]); 2397 r += p[1]; 2398 rlen += p[1]; 2399 } 2400 if (rlen) { 2401 /* 2402 * Local and remote magics equal -- loopback? 2403 */ 2404 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2405 if (sp->pp_loopcnt == MAXALIVECNT*5) 2406 printf (SPP_FMT "loopback\n", 2407 SPP_ARGS(ifp)); 2408 if (ifp->if_flags & IFF_UP) { 2409 if_down(ifp); 2410 sppp_qflush(&sp->pp_cpq); 2411 /* XXX ? */ 2412 lcp.Down(sp); 2413 lcp.Up(sp); 2414 } 2415 } else if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2416 if (debug) 2417 log(-1, " max_failure (%d) exceeded, " 2418 "send conf-rej\n", 2419 sp->lcp.max_failure); 2420 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2421 } else { 2422 if (debug) 2423 log(-1, " send conf-nak\n"); 2424 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2425 } 2426 } else { 2427 if (debug) 2428 log(-1, " send conf-ack\n"); 2429 sp->fail_counter[IDX_LCP] = 0; 2430 sp->pp_loopcnt = 0; 2431 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2432 h->ident, origlen, h+1); 2433 } 2434 2435 free (buf, M_TEMP); 2436 return (rlen == 0); 2437} 2438 2439/* 2440 * Analyze the LCP Configure-Reject option list, and adjust our 2441 * negotiation. 2442 */ 2443static void 2444sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2445{ 2446 STDDCL; 2447 u_char *buf, *p; 2448 2449 len -= 4; 2450 buf = malloc (len, M_TEMP, M_NOWAIT); 2451 if (!buf) 2452 return; 2453 2454 if (debug) 2455 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2456 SPP_ARGS(ifp)); 2457 2458 p = (void*) (h+1); 2459 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2460 if (debug) 2461 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2462 switch (*p) { 2463 case LCP_OPT_MAGIC: 2464 /* Magic number -- can't use it, use 0 */ 2465 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2466 sp->lcp.magic = 0; 2467 break; 2468 case LCP_OPT_MRU: 2469 /* 2470 * Should not be rejected anyway, since we only 2471 * negotiate a MRU if explicitly requested by 2472 * peer. 2473 */ 2474 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2475 break; 2476 case LCP_OPT_AUTH_PROTO: 2477 /* 2478 * Peer doesn't want to authenticate himself, 2479 * deny unless this is a dialout call, and 2480 * AUTHFLAG_NOCALLOUT is set. 2481 */ 2482 if ((sp->pp_flags & PP_CALLIN) == 0 && 2483 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2484 if (debug) 2485 log(-1, "[don't insist on auth " 2486 "for callout]"); 2487 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2488 break; 2489 } 2490 if (debug) 2491 log(-1, "[access denied]\n"); 2492 lcp.Close(sp); 2493 break; 2494 } 2495 } 2496 if (debug) 2497 log(-1, "\n"); 2498 free (buf, M_TEMP); 2499 return; 2500} 2501 2502/* 2503 * Analyze the LCP Configure-NAK option list, and adjust our 2504 * negotiation. 2505 */ 2506static void 2507sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2508{ 2509 STDDCL; 2510 u_char *buf, *p; 2511 u_long magic; 2512 2513 len -= 4; 2514 buf = malloc (len, M_TEMP, M_NOWAIT); 2515 if (!buf) 2516 return; 2517 2518 if (debug) 2519 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2520 SPP_ARGS(ifp)); 2521 2522 p = (void*) (h+1); 2523 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2524 if (debug) 2525 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2526 switch (*p) { 2527 case LCP_OPT_MAGIC: 2528 /* Magic number -- renegotiate */ 2529 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2530 len >= 6 && p[1] == 6) { 2531 magic = (u_long)p[2] << 24 | 2532 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2533 /* 2534 * If the remote magic is our negated one, 2535 * this looks like a loopback problem. 2536 * Suggest a new magic to make sure. 2537 */ 2538 if (magic == ~sp->lcp.magic) { 2539 if (debug) 2540 log(-1, "magic glitch "); 2541#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2542 sp->lcp.magic = random(); 2543#else 2544 sp->lcp.magic = time.tv_sec + time.tv_usec; 2545#endif 2546 } else { 2547 sp->lcp.magic = magic; 2548 if (debug) 2549 log(-1, "%lu ", magic); 2550 } 2551 } 2552 break; 2553 case LCP_OPT_MRU: 2554 /* 2555 * Peer wants to advise us to negotiate an MRU. 2556 * Agree on it if it's reasonable, or use 2557 * default otherwise. 2558 */ 2559 if (len >= 4 && p[1] == 4) { 2560 u_int mru = p[2] * 256 + p[3]; 2561 if (debug) 2562 log(-1, "%d ", mru); 2563 if (mru < PP_MTU || mru > PP_MAX_MRU) 2564 mru = PP_MTU; 2565 sp->lcp.mru = mru; 2566 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2567 } 2568 break; 2569 case LCP_OPT_AUTH_PROTO: 2570 /* 2571 * Peer doesn't like our authentication method, 2572 * deny. 2573 */ 2574 if (debug) 2575 log(-1, "[access denied]\n"); 2576 lcp.Close(sp); 2577 break; 2578 } 2579 } 2580 if (debug) 2581 log(-1, "\n"); 2582 free (buf, M_TEMP); 2583 return; 2584} 2585 2586static void 2587sppp_lcp_tlu(struct sppp *sp) 2588{ 2589 STDDCL; 2590 int i; 2591 u_long mask; 2592 2593 /* XXX ? */ 2594 if (! (ifp->if_flags & IFF_UP) && 2595 (ifp->if_flags & IFF_RUNNING)) { 2596 /* Coming out of loopback mode. */ 2597 if_up(ifp); 2598 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2599 } 2600 2601 for (i = 0; i < IDX_COUNT; i++) 2602 if ((cps[i])->flags & CP_QUAL) 2603 (cps[i])->Open(sp); 2604 2605 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2606 (sp->pp_flags & PP_NEEDAUTH) != 0) 2607 sp->pp_phase = PHASE_AUTHENTICATE; 2608 else 2609 sp->pp_phase = PHASE_NETWORK; 2610 2611 if (debug) 2612 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2613 sppp_phase_name(sp->pp_phase)); 2614 2615 /* 2616 * Open all authentication protocols. This is even required 2617 * if we already proceeded to network phase, since it might be 2618 * that remote wants us to authenticate, so we might have to 2619 * send a PAP request. Undesired authentication protocols 2620 * don't do anything when they get an Open event. 2621 */ 2622 for (i = 0; i < IDX_COUNT; i++) 2623 if ((cps[i])->flags & CP_AUTH) 2624 (cps[i])->Open(sp); 2625 2626 if (sp->pp_phase == PHASE_NETWORK) { 2627 /* Notify all NCPs. */ 2628 for (i = 0; i < IDX_COUNT; i++) 2629 if (((cps[i])->flags & CP_NCP) && 2630 /* 2631 * XXX 2632 * Hack to administratively disable IPv6 if 2633 * not desired. Perhaps we should have another 2634 * flag for this, but right now, we can make 2635 * all struct cp's read/only. 2636 */ 2637 (cps[i] != &ipv6cp || 2638 (sp->confflags & CONF_ENABLE_IPV6))) 2639 (cps[i])->Open(sp); 2640 } 2641 2642 /* Send Up events to all started protos. */ 2643 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2644 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2645 (cps[i])->Up(sp); 2646 2647 /* notify low-level driver of state change */ 2648 if (sp->pp_chg) 2649 sp->pp_chg(sp, (int)sp->pp_phase); 2650 2651 if (sp->pp_phase == PHASE_NETWORK) 2652 /* if no NCP is starting, close down */ 2653 sppp_lcp_check_and_close(sp); 2654} 2655 2656static void 2657sppp_lcp_tld(struct sppp *sp) 2658{ 2659 STDDCL; 2660 int i; 2661 u_long mask; 2662 2663 sp->pp_phase = PHASE_TERMINATE; 2664 2665 if (debug) 2666 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2667 sppp_phase_name(sp->pp_phase)); 2668 2669 /* 2670 * Take upper layers down. We send the Down event first and 2671 * the Close second to prevent the upper layers from sending 2672 * ``a flurry of terminate-request packets'', as the RFC 2673 * describes it. 2674 */ 2675 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2676 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2677 (cps[i])->Down(sp); 2678 (cps[i])->Close(sp); 2679 } 2680} 2681 2682static void 2683sppp_lcp_tls(struct sppp *sp) 2684{ 2685 STDDCL; 2686 2687 sp->pp_phase = PHASE_ESTABLISH; 2688 2689 if (debug) 2690 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2691 sppp_phase_name(sp->pp_phase)); 2692 2693 /* Notify lower layer if desired. */ 2694 if (sp->pp_tls) 2695 (sp->pp_tls)(sp); 2696 else 2697 (sp->pp_up)(sp); 2698} 2699 2700static void 2701sppp_lcp_tlf(struct sppp *sp) 2702{ 2703 STDDCL; 2704 2705 sp->pp_phase = PHASE_DEAD; 2706 if (debug) 2707 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2708 sppp_phase_name(sp->pp_phase)); 2709 2710 /* Notify lower layer if desired. */ 2711 if (sp->pp_tlf) 2712 (sp->pp_tlf)(sp); 2713 else 2714 (sp->pp_down)(sp); 2715} 2716 2717static void 2718sppp_lcp_scr(struct sppp *sp) 2719{ 2720 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2721 int i = 0; 2722 u_short authproto; 2723 2724 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2725 if (! sp->lcp.magic) 2726#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2727 sp->lcp.magic = random(); 2728#else 2729 sp->lcp.magic = time.tv_sec + time.tv_usec; 2730#endif 2731 opt[i++] = LCP_OPT_MAGIC; 2732 opt[i++] = 6; 2733 opt[i++] = sp->lcp.magic >> 24; 2734 opt[i++] = sp->lcp.magic >> 16; 2735 opt[i++] = sp->lcp.magic >> 8; 2736 opt[i++] = sp->lcp.magic; 2737 } 2738 2739 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2740 opt[i++] = LCP_OPT_MRU; 2741 opt[i++] = 4; 2742 opt[i++] = sp->lcp.mru >> 8; 2743 opt[i++] = sp->lcp.mru; 2744 } 2745 2746 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2747 authproto = sp->hisauth.proto; 2748 opt[i++] = LCP_OPT_AUTH_PROTO; 2749 opt[i++] = authproto == PPP_CHAP? 5: 4; 2750 opt[i++] = authproto >> 8; 2751 opt[i++] = authproto; 2752 if (authproto == PPP_CHAP) 2753 opt[i++] = CHAP_MD5; 2754 } 2755 2756 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2757 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2758} 2759 2760/* 2761 * Check the open NCPs, return true if at least one NCP is open. 2762 */ 2763static int 2764sppp_ncp_check(struct sppp *sp) 2765{ 2766 int i, mask; 2767 2768 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2769 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2770 return 1; 2771 return 0; 2772} 2773 2774/* 2775 * Re-check the open NCPs and see if we should terminate the link. 2776 * Called by the NCPs during their tlf action handling. 2777 */ 2778static void 2779sppp_lcp_check_and_close(struct sppp *sp) 2780{ 2781 2782 if (sp->pp_phase < PHASE_NETWORK) 2783 /* don't bother, we are already going down */ 2784 return; 2785 2786 if (sppp_ncp_check(sp)) 2787 return; 2788 2789 lcp.Close(sp); 2790} 2791 2792/* 2793 *--------------------------------------------------------------------------* 2794 * * 2795 * The IPCP implementation. * 2796 * * 2797 *--------------------------------------------------------------------------* 2798 */ 2799 2800static void 2801sppp_ipcp_init(struct sppp *sp) 2802{ 2803 sp->ipcp.opts = 0; 2804 sp->ipcp.flags = 0; 2805 sp->state[IDX_IPCP] = STATE_INITIAL; 2806 sp->fail_counter[IDX_IPCP] = 0; 2807 sp->pp_seq[IDX_IPCP] = 0; 2808 sp->pp_rseq[IDX_IPCP] = 0; 2809#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2810 callout_handle_init(&sp->ch[IDX_IPCP]); 2811#endif 2812} 2813 2814static void 2815sppp_ipcp_up(struct sppp *sp) 2816{ 2817 sppp_up_event(&ipcp, sp); 2818} 2819 2820static void 2821sppp_ipcp_down(struct sppp *sp) 2822{ 2823 sppp_down_event(&ipcp, sp); 2824} 2825 2826static void 2827sppp_ipcp_open(struct sppp *sp) 2828{ 2829 STDDCL; 2830 u_long myaddr, hisaddr; 2831 2832 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN | 2833 IPCP_MYADDR_DYN | IPCP_VJ); 2834 sp->ipcp.opts = 0; 2835 2836 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2837 /* 2838 * If we don't have his address, this probably means our 2839 * interface doesn't want to talk IP at all. (This could 2840 * be the case if somebody wants to speak only IPX, for 2841 * example.) Don't open IPCP in this case. 2842 */ 2843 if (hisaddr == 0L) { 2844 /* XXX this message should go away */ 2845 if (debug) 2846 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2847 SPP_ARGS(ifp)); 2848 return; 2849 } 2850 if (myaddr == 0L) { 2851 /* 2852 * I don't have an assigned address, so i need to 2853 * negotiate my address. 2854 */ 2855 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2856 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2857 } else 2858 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2859 if (sp->confflags & CONF_ENABLE_VJ) { 2860 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION); 2861 sp->ipcp.max_state = MAX_STATES - 1; 2862 sp->ipcp.compress_cid = 1; 2863 } 2864 sppp_open_event(&ipcp, sp); 2865} 2866 2867static void 2868sppp_ipcp_close(struct sppp *sp) 2869{ 2870 sppp_close_event(&ipcp, sp); 2871 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2872 /* 2873 * My address was dynamic, clear it again. 2874 */ 2875 sppp_set_ip_addr(sp, 0L); 2876} 2877 2878static void 2879sppp_ipcp_TO(void *cookie) 2880{ 2881 sppp_to_event(&ipcp, (struct sppp *)cookie); 2882} 2883 2884/* 2885 * Analyze a configure request. Return true if it was agreeable, and 2886 * caused action sca, false if it has been rejected or nak'ed, and 2887 * caused action scn. (The return value is used to make the state 2888 * transition decision in the state automaton.) 2889 */ 2890static int 2891sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2892{ 2893 u_char *buf, *r, *p; 2894 struct ifnet *ifp = &sp->pp_if; 2895 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2896 u_long hisaddr, desiredaddr; 2897 int gotmyaddr = 0; 2898 int desiredcomp; 2899 2900 len -= 4; 2901 origlen = len; 2902 /* 2903 * Make sure to allocate a buf that can at least hold a 2904 * conf-nak with an `address' option. We might need it below. 2905 */ 2906 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2907 if (! buf) 2908 return (0); 2909 2910 /* pass 1: see if we can recognize them */ 2911 if (debug) 2912 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2913 SPP_ARGS(ifp)); 2914 p = (void*) (h+1); 2915 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2916 if (debug) 2917 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2918 switch (*p) { 2919 case IPCP_OPT_COMPRESSION: 2920 if (!(sp->confflags & CONF_ENABLE_VJ)) { 2921 /* VJ compression administratively disabled */ 2922 if (debug) 2923 log(-1, "[locally disabled] "); 2924 break; 2925 } 2926 /* 2927 * In theory, we should only conf-rej an 2928 * option that is shorter than RFC 1618 2929 * requires (i.e. < 4), and should conf-nak 2930 * anything else that is not VJ. However, 2931 * since our algorithm always uses the 2932 * original option to NAK it with new values, 2933 * things would become more complicated. In 2934 * pratice, the only commonly implemented IP 2935 * compression option is VJ anyway, so the 2936 * difference is negligible. 2937 */ 2938 if (len >= 6 && p[1] == 6) { 2939 /* 2940 * correctly formed compression option 2941 * that could be VJ compression 2942 */ 2943 continue; 2944 } 2945 if (debug) 2946 log(-1, 2947 "optlen %d [invalid/unsupported] ", 2948 p[1]); 2949 break; 2950 case IPCP_OPT_ADDRESS: 2951 if (len >= 6 && p[1] == 6) { 2952 /* correctly formed address option */ 2953 continue; 2954 } 2955 if (debug) 2956 log(-1, "[invalid] "); 2957 break; 2958 default: 2959 /* Others not supported. */ 2960 if (debug) 2961 log(-1, "[rej] "); 2962 break; 2963 } 2964 /* Add the option to rejected list. */ 2965 bcopy (p, r, p[1]); 2966 r += p[1]; 2967 rlen += p[1]; 2968 } 2969 if (rlen) { 2970 if (debug) 2971 log(-1, " send conf-rej\n"); 2972 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2973 return 0; 2974 } else if (debug) 2975 log(-1, "\n"); 2976 2977 /* pass 2: parse option values */ 2978 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2979 if (debug) 2980 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2981 SPP_ARGS(ifp)); 2982 p = (void*) (h+1); 2983 len = origlen; 2984 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2985 if (debug) 2986 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2987 switch (*p) { 2988 case IPCP_OPT_COMPRESSION: 2989 desiredcomp = p[2] << 8 | p[3]; 2990 /* We only support VJ */ 2991 if (desiredcomp == IPCP_COMP_VJ) { 2992 if (debug) 2993 log(-1, "VJ [ack] "); 2994 sp->ipcp.flags |= IPCP_VJ; 2995 sl_compress_init(sp->pp_comp, p[4]); 2996 sp->ipcp.max_state = p[4]; 2997 sp->ipcp.compress_cid = p[5]; 2998 continue; 2999 } 3000 if (debug) 3001 log(-1, 3002 "compproto %#04x [not supported] ", 3003 desiredcomp); 3004 p[2] = IPCP_COMP_VJ >> 8; 3005 p[3] = IPCP_COMP_VJ; 3006 p[4] = sp->ipcp.max_state; 3007 p[5] = sp->ipcp.compress_cid; 3008 break; 3009 case IPCP_OPT_ADDRESS: 3010 /* This is the address he wants in his end */ 3011 desiredaddr = p[2] << 24 | p[3] << 16 | 3012 p[4] << 8 | p[5]; 3013 if (desiredaddr == hisaddr || 3014 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) { 3015 /* 3016 * Peer's address is same as our value, 3017 * or we have set it to 0.0.0.* to 3018 * indicate that we do not really care, 3019 * this is agreeable. Gonna conf-ack 3020 * it. 3021 */ 3022 if (debug) 3023 log(-1, "%s [ack] ", 3024 sppp_dotted_quad(hisaddr)); 3025 /* record that we've seen it already */ 3026 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3027 continue; 3028 } 3029 /* 3030 * The address wasn't agreeable. This is either 3031 * he sent us 0.0.0.0, asking to assign him an 3032 * address, or he send us another address not 3033 * matching our value. Either case, we gonna 3034 * conf-nak it with our value. 3035 * XXX: we should "rej" if hisaddr == 0 3036 */ 3037 if (debug) { 3038 if (desiredaddr == 0) 3039 log(-1, "[addr requested] "); 3040 else 3041 log(-1, "%s [not agreed] ", 3042 sppp_dotted_quad(desiredaddr)); 3043 3044 } 3045 p[2] = hisaddr >> 24; 3046 p[3] = hisaddr >> 16; 3047 p[4] = hisaddr >> 8; 3048 p[5] = hisaddr; 3049 break; 3050 } 3051 /* Add the option to nak'ed list. */ 3052 bcopy (p, r, p[1]); 3053 r += p[1]; 3054 rlen += p[1]; 3055 } 3056 3057 /* 3058 * If we are about to conf-ack the request, but haven't seen 3059 * his address so far, gonna conf-nak it instead, with the 3060 * `address' option present and our idea of his address being 3061 * filled in there, to request negotiation of both addresses. 3062 * 3063 * XXX This can result in an endless req - nak loop if peer 3064 * doesn't want to send us his address. Q: What should we do 3065 * about it? XXX A: implement the max-failure counter. 3066 */ 3067 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 3068 buf[0] = IPCP_OPT_ADDRESS; 3069 buf[1] = 6; 3070 buf[2] = hisaddr >> 24; 3071 buf[3] = hisaddr >> 16; 3072 buf[4] = hisaddr >> 8; 3073 buf[5] = hisaddr; 3074 rlen = 6; 3075 if (debug) 3076 log(-1, "still need hisaddr "); 3077 } 3078 3079 if (rlen) { 3080 if (debug) 3081 log(-1, " send conf-nak\n"); 3082 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3083 } else { 3084 if (debug) 3085 log(-1, " send conf-ack\n"); 3086 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 3087 h->ident, origlen, h+1); 3088 } 3089 3090 free (buf, M_TEMP); 3091 return (rlen == 0); 3092} 3093 3094/* 3095 * Analyze the IPCP Configure-Reject option list, and adjust our 3096 * negotiation. 3097 */ 3098static void 3099sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3100{ 3101 u_char *buf, *p; 3102 struct ifnet *ifp = &sp->pp_if; 3103 int debug = ifp->if_flags & IFF_DEBUG; 3104 3105 len -= 4; 3106 buf = malloc (len, M_TEMP, M_NOWAIT); 3107 if (!buf) 3108 return; 3109 3110 if (debug) 3111 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 3112 SPP_ARGS(ifp)); 3113 3114 p = (void*) (h+1); 3115 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3116 if (debug) 3117 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3118 switch (*p) { 3119 case IPCP_OPT_COMPRESSION: 3120 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION); 3121 break; 3122 case IPCP_OPT_ADDRESS: 3123 /* 3124 * Peer doesn't grok address option. This is 3125 * bad. XXX Should we better give up here? 3126 * XXX We could try old "addresses" option... 3127 */ 3128 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3129 break; 3130 } 3131 } 3132 if (debug) 3133 log(-1, "\n"); 3134 free (buf, M_TEMP); 3135 return; 3136} 3137 3138/* 3139 * Analyze the IPCP Configure-NAK option list, and adjust our 3140 * negotiation. 3141 */ 3142static void 3143sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3144{ 3145 u_char *buf, *p; 3146 struct ifnet *ifp = &sp->pp_if; 3147 int debug = ifp->if_flags & IFF_DEBUG; 3148 int desiredcomp; 3149 u_long wantaddr; 3150 3151 len -= 4; 3152 buf = malloc (len, M_TEMP, M_NOWAIT); 3153 if (!buf) 3154 return; 3155 3156 if (debug) 3157 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 3158 SPP_ARGS(ifp)); 3159 3160 p = (void*) (h+1); 3161 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3162 if (debug) 3163 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3164 switch (*p) { 3165 case IPCP_OPT_COMPRESSION: 3166 if (len >= 6 && p[1] == 6) { 3167 desiredcomp = p[2] << 8 | p[3]; 3168 if (debug) 3169 log(-1, "[wantcomp %#04x] ", 3170 desiredcomp); 3171 if (desiredcomp == IPCP_COMP_VJ) { 3172 sl_compress_init(sp->pp_comp, p[4]); 3173 sp->ipcp.max_state = p[4]; 3174 sp->ipcp.compress_cid = p[5]; 3175 if (debug) 3176 log(-1, "[agree] "); 3177 } else 3178 sp->ipcp.opts &= 3179 ~(1 << IPCP_OPT_COMPRESSION); 3180 } 3181 break; 3182 case IPCP_OPT_ADDRESS: 3183 /* 3184 * Peer doesn't like our local IP address. See 3185 * if we can do something for him. We'll drop 3186 * him our address then. 3187 */ 3188 if (len >= 6 && p[1] == 6) { 3189 wantaddr = p[2] << 24 | p[3] << 16 | 3190 p[4] << 8 | p[5]; 3191 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3192 if (debug) 3193 log(-1, "[wantaddr %s] ", 3194 sppp_dotted_quad(wantaddr)); 3195 /* 3196 * When doing dynamic address assignment, 3197 * we accept his offer. Otherwise, we 3198 * ignore it and thus continue to negotiate 3199 * our already existing value. 3200 * XXX: Bogus, if he said no once, he'll 3201 * just say no again, might as well die. 3202 */ 3203 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3204 sppp_set_ip_addr(sp, wantaddr); 3205 if (debug) 3206 log(-1, "[agree] "); 3207 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3208 } 3209 } 3210 break; 3211 } 3212 } 3213 if (debug) 3214 log(-1, "\n"); 3215 free (buf, M_TEMP); 3216 return; 3217} 3218 3219static void 3220sppp_ipcp_tlu(struct sppp *sp) 3221{ 3222 /* we are up - notify isdn daemon */ 3223 if (sp->pp_con) 3224 sp->pp_con(sp); 3225} 3226 3227static void 3228sppp_ipcp_tld(struct sppp *sp) 3229{ 3230} 3231 3232static void 3233sppp_ipcp_tls(struct sppp *sp) 3234{ 3235 /* indicate to LCP that it must stay alive */ 3236 sp->lcp.protos |= (1 << IDX_IPCP); 3237} 3238 3239static void 3240sppp_ipcp_tlf(struct sppp *sp) 3241{ 3242 /* we no longer need LCP */ 3243 sp->lcp.protos &= ~(1 << IDX_IPCP); 3244 sppp_lcp_check_and_close(sp); 3245} 3246 3247static void 3248sppp_ipcp_scr(struct sppp *sp) 3249{ 3250 char opt[6 /* compression */ + 6 /* address */]; 3251 u_long ouraddr; 3252 int i = 0; 3253 3254 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3255 opt[i++] = IPCP_OPT_COMPRESSION; 3256 opt[i++] = 6; 3257 opt[i++] = IPCP_COMP_VJ >> 8; 3258 opt[i++] = IPCP_COMP_VJ; 3259 opt[i++] = sp->ipcp.max_state; 3260 opt[i++] = sp->ipcp.compress_cid; 3261 } 3262 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3263 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3264 opt[i++] = IPCP_OPT_ADDRESS; 3265 opt[i++] = 6; 3266 opt[i++] = ouraddr >> 24; 3267 opt[i++] = ouraddr >> 16; 3268 opt[i++] = ouraddr >> 8; 3269 opt[i++] = ouraddr; 3270 } 3271 3272 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3273 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3274} 3275 3276/* 3277 *--------------------------------------------------------------------------* 3278 * * 3279 * The IPv6CP implementation. * 3280 * * 3281 *--------------------------------------------------------------------------* 3282 */ 3283 3284#ifdef INET6 3285static void 3286sppp_ipv6cp_init(struct sppp *sp) 3287{ 3288 sp->ipv6cp.opts = 0; 3289 sp->ipv6cp.flags = 0; 3290 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3291 sp->fail_counter[IDX_IPV6CP] = 0; 3292 sp->pp_seq[IDX_IPV6CP] = 0; 3293 sp->pp_rseq[IDX_IPV6CP] = 0; 3294#if defined(__NetBSD__) 3295 callout_init(&sp->ch[IDX_IPV6CP]); 3296#endif 3297#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3298 callout_handle_init(&sp->ch[IDX_IPV6CP]); 3299#endif 3300} 3301 3302static void 3303sppp_ipv6cp_up(struct sppp *sp) 3304{ 3305 sppp_up_event(&ipv6cp, sp); 3306} 3307 3308static void 3309sppp_ipv6cp_down(struct sppp *sp) 3310{ 3311 sppp_down_event(&ipv6cp, sp); 3312} 3313 3314static void 3315sppp_ipv6cp_open(struct sppp *sp) 3316{ 3317 STDDCL; 3318 struct in6_addr myaddr, hisaddr; 3319 3320#ifdef IPV6CP_MYIFID_DYN 3321 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3322#else 3323 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3324#endif 3325 3326 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3327 /* 3328 * If we don't have our address, this probably means our 3329 * interface doesn't want to talk IPv6 at all. (This could 3330 * be the case if somebody wants to speak only IPX, for 3331 * example.) Don't open IPv6CP in this case. 3332 */ 3333 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3334 /* XXX this message should go away */ 3335 if (debug) 3336 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3337 SPP_ARGS(ifp)); 3338 return; 3339 } 3340 3341 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3342 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3343 sppp_open_event(&ipv6cp, sp); 3344} 3345 3346static void 3347sppp_ipv6cp_close(struct sppp *sp) 3348{ 3349 sppp_close_event(&ipv6cp, sp); 3350} 3351 3352static void 3353sppp_ipv6cp_TO(void *cookie) 3354{ 3355 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3356} 3357 3358/* 3359 * Analyze a configure request. Return true if it was agreeable, and 3360 * caused action sca, false if it has been rejected or nak'ed, and 3361 * caused action scn. (The return value is used to make the state 3362 * transition decision in the state automaton.) 3363 */ 3364static int 3365sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3366{ 3367 u_char *buf, *r, *p; 3368 struct ifnet *ifp = &sp->pp_if; 3369 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3370 struct in6_addr myaddr, desiredaddr, suggestaddr; 3371 int ifidcount; 3372 int type; 3373 int collision, nohisaddr; 3374 3375 len -= 4; 3376 origlen = len; 3377 /* 3378 * Make sure to allocate a buf that can at least hold a 3379 * conf-nak with an `address' option. We might need it below. 3380 */ 3381 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3382 if (! buf) 3383 return (0); 3384 3385 /* pass 1: see if we can recognize them */ 3386 if (debug) 3387 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3388 SPP_ARGS(ifp)); 3389 p = (void*) (h+1); 3390 ifidcount = 0; 3391 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3392 if (debug) 3393 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3394 switch (*p) { 3395 case IPV6CP_OPT_IFID: 3396 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3397 /* correctly formed address option */ 3398 ifidcount++; 3399 continue; 3400 } 3401 if (debug) 3402 log(-1, " [invalid]"); 3403 break; 3404#ifdef notyet 3405 case IPV6CP_OPT_COMPRESSION: 3406 if (len >= 4 && p[1] >= 4) { 3407 /* correctly formed compress option */ 3408 continue; 3409 } 3410 if (debug) 3411 log(-1, " [invalid]"); 3412 break; 3413#endif 3414 default: 3415 /* Others not supported. */ 3416 if (debug) 3417 log(-1, " [rej]"); 3418 break; 3419 } 3420 /* Add the option to rejected list. */ 3421 bcopy (p, r, p[1]); 3422 r += p[1]; 3423 rlen += p[1]; 3424 } 3425 if (rlen) { 3426 if (debug) 3427 log(-1, " send conf-rej\n"); 3428 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3429 goto end; 3430 } else if (debug) 3431 log(-1, "\n"); 3432 3433 /* pass 2: parse option values */ 3434 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3435 if (debug) 3436 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3437 SPP_ARGS(ifp)); 3438 p = (void*) (h+1); 3439 len = origlen; 3440 type = CONF_ACK; 3441 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3442 if (debug) 3443 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3444 switch (*p) { 3445#ifdef notyet 3446 case IPV6CP_OPT_COMPRESSION: 3447 continue; 3448#endif 3449 case IPV6CP_OPT_IFID: 3450 bzero(&desiredaddr, sizeof(desiredaddr)); 3451 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3452 collision = (bcmp(&desiredaddr.s6_addr[8], 3453 &myaddr.s6_addr[8], 8) == 0); 3454 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3455 3456 desiredaddr.s6_addr16[0] = htons(0xfe80); 3457 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3458 3459 if (!collision && !nohisaddr) { 3460 /* no collision, hisaddr known - Conf-Ack */ 3461 type = CONF_ACK; 3462 3463 if (debug) { 3464 log(-1, " %s [%s]", 3465 ip6_sprintf(&desiredaddr), 3466 sppp_cp_type_name(type)); 3467 } 3468 continue; 3469 } 3470 3471 bzero(&suggestaddr, sizeof(&suggestaddr)); 3472 if (collision && nohisaddr) { 3473 /* collision, hisaddr unknown - Conf-Rej */ 3474 type = CONF_REJ; 3475 bzero(&p[2], 8); 3476 } else { 3477 /* 3478 * - no collision, hisaddr unknown, or 3479 * - collision, hisaddr known 3480 * Conf-Nak, suggest hisaddr 3481 */ 3482 type = CONF_NAK; 3483 sppp_suggest_ip6_addr(sp, &suggestaddr); 3484 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3485 } 3486 if (debug) 3487 log(-1, " %s [%s]", ip6_sprintf(&desiredaddr), 3488 sppp_cp_type_name(type)); 3489 break; 3490 } 3491 /* Add the option to nak'ed list. */ 3492 bcopy (p, r, p[1]); 3493 r += p[1]; 3494 rlen += p[1]; 3495 } 3496 3497 if (rlen == 0 && type == CONF_ACK) { 3498 if (debug) 3499 log(-1, " send %s\n", sppp_cp_type_name(type)); 3500 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3501 } else { 3502#ifdef DIAGNOSTIC 3503 if (type == CONF_ACK) 3504 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3505#endif 3506 3507 if (debug) { 3508 log(-1, " send %s suggest %s\n", 3509 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3510 } 3511 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3512 } 3513 3514 end: 3515 free (buf, M_TEMP); 3516 return (rlen == 0); 3517} 3518 3519/* 3520 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3521 * negotiation. 3522 */ 3523static void 3524sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3525{ 3526 u_char *buf, *p; 3527 struct ifnet *ifp = &sp->pp_if; 3528 int debug = ifp->if_flags & IFF_DEBUG; 3529 3530 len -= 4; 3531 buf = malloc (len, M_TEMP, M_NOWAIT); 3532 if (!buf) 3533 return; 3534 3535 if (debug) 3536 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3537 SPP_ARGS(ifp)); 3538 3539 p = (void*) (h+1); 3540 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3541 if (debug) 3542 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3543 switch (*p) { 3544 case IPV6CP_OPT_IFID: 3545 /* 3546 * Peer doesn't grok address option. This is 3547 * bad. XXX Should we better give up here? 3548 */ 3549 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3550 break; 3551#ifdef notyet 3552 case IPV6CP_OPT_COMPRESS: 3553 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3554 break; 3555#endif 3556 } 3557 } 3558 if (debug) 3559 log(-1, "\n"); 3560 free (buf, M_TEMP); 3561 return; 3562} 3563 3564/* 3565 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3566 * negotiation. 3567 */ 3568static void 3569sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3570{ 3571 u_char *buf, *p; 3572 struct ifnet *ifp = &sp->pp_if; 3573 int debug = ifp->if_flags & IFF_DEBUG; 3574 struct in6_addr suggestaddr; 3575 3576 len -= 4; 3577 buf = malloc (len, M_TEMP, M_NOWAIT); 3578 if (!buf) 3579 return; 3580 3581 if (debug) 3582 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3583 SPP_ARGS(ifp)); 3584 3585 p = (void*) (h+1); 3586 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3587 if (debug) 3588 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3589 switch (*p) { 3590 case IPV6CP_OPT_IFID: 3591 /* 3592 * Peer doesn't like our local ifid. See 3593 * if we can do something for him. We'll drop 3594 * him our address then. 3595 */ 3596 if (len < 10 || p[1] != 10) 3597 break; 3598 bzero(&suggestaddr, sizeof(suggestaddr)); 3599 suggestaddr.s6_addr16[0] = htons(0xfe80); 3600 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3601 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3602 3603 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3604 if (debug) 3605 log(-1, " [suggestaddr %s]", 3606 ip6_sprintf(&suggestaddr)); 3607#ifdef IPV6CP_MYIFID_DYN 3608 /* 3609 * When doing dynamic address assignment, 3610 * we accept his offer. 3611 */ 3612 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3613 struct in6_addr lastsuggest; 3614 /* 3615 * If <suggested myaddr from peer> equals to 3616 * <hisaddr we have suggested last time>, 3617 * we have a collision. generate new random 3618 * ifid. 3619 */ 3620 sppp_suggest_ip6_addr(&lastsuggest); 3621 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3622 lastsuggest)) { 3623 if (debug) 3624 log(-1, " [random]"); 3625 sppp_gen_ip6_addr(sp, &suggestaddr); 3626 } 3627 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3628 if (debug) 3629 log(-1, " [agree]"); 3630 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3631 } 3632#else 3633 /* 3634 * Since we do not do dynamic address assignment, 3635 * we ignore it and thus continue to negotiate 3636 * our already existing value. This can possibly 3637 * go into infinite request-reject loop. 3638 * 3639 * This is not likely because we normally use 3640 * ifid based on MAC-address. 3641 * If you have no ethernet card on the node, too bad. 3642 * XXX should we use fail_counter? 3643 */ 3644#endif 3645 break; 3646#ifdef notyet 3647 case IPV6CP_OPT_COMPRESS: 3648 /* 3649 * Peer wants different compression parameters. 3650 */ 3651 break; 3652#endif 3653 } 3654 } 3655 if (debug) 3656 log(-1, "\n"); 3657 free (buf, M_TEMP); 3658 return; 3659} 3660static void 3661sppp_ipv6cp_tlu(struct sppp *sp) 3662{ 3663 /* we are up - notify isdn daemon */ 3664 if (sp->pp_con) 3665 sp->pp_con(sp); 3666} 3667 3668static void 3669sppp_ipv6cp_tld(struct sppp *sp) 3670{ 3671} 3672 3673static void 3674sppp_ipv6cp_tls(struct sppp *sp) 3675{ 3676 /* indicate to LCP that it must stay alive */ 3677 sp->lcp.protos |= (1 << IDX_IPV6CP); 3678} 3679 3680static void 3681sppp_ipv6cp_tlf(struct sppp *sp) 3682{ 3683 3684#if 0 /* need #if 0 to close IPv6CP properly */ 3685 /* we no longer need LCP */ 3686 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3687 sppp_lcp_check_and_close(sp); 3688#endif 3689} 3690 3691static void 3692sppp_ipv6cp_scr(struct sppp *sp) 3693{ 3694 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3695 struct in6_addr ouraddr; 3696 int i = 0; 3697 3698 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3699 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3700 opt[i++] = IPV6CP_OPT_IFID; 3701 opt[i++] = 10; 3702 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3703 i += 8; 3704 } 3705 3706#ifdef notyet 3707 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3708 opt[i++] = IPV6CP_OPT_COMPRESSION; 3709 opt[i++] = 4; 3710 opt[i++] = 0; /* TBD */ 3711 opt[i++] = 0; /* TBD */ 3712 /* variable length data may follow */ 3713 } 3714#endif 3715 3716 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3717 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3718} 3719#else /*INET6*/ 3720static void sppp_ipv6cp_init(struct sppp *sp) 3721{ 3722} 3723 3724static void sppp_ipv6cp_up(struct sppp *sp) 3725{ 3726} 3727 3728static void sppp_ipv6cp_down(struct sppp *sp) 3729{ 3730} 3731 3732 3733static void sppp_ipv6cp_open(struct sppp *sp) 3734{ 3735} 3736 3737static void sppp_ipv6cp_close(struct sppp *sp) 3738{ 3739} 3740 3741static void sppp_ipv6cp_TO(void *sp) 3742{ 3743} 3744 3745static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3746{ 3747 return 0; 3748} 3749 3750static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3751{ 3752} 3753 3754static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3755{ 3756} 3757 3758static void sppp_ipv6cp_tlu(struct sppp *sp) 3759{ 3760} 3761 3762static void sppp_ipv6cp_tld(struct sppp *sp) 3763{ 3764} 3765 3766static void sppp_ipv6cp_tls(struct sppp *sp) 3767{ 3768} 3769 3770static void sppp_ipv6cp_tlf(struct sppp *sp) 3771{ 3772} 3773 3774static void sppp_ipv6cp_scr(struct sppp *sp) 3775{ 3776} 3777#endif /*INET6*/ 3778 3779/* 3780 *--------------------------------------------------------------------------* 3781 * * 3782 * The CHAP implementation. * 3783 * * 3784 *--------------------------------------------------------------------------* 3785 */ 3786 3787/* 3788 * The authentication protocols don't employ a full-fledged state machine as 3789 * the control protocols do, since they do have Open and Close events, but 3790 * not Up and Down, nor are they explicitly terminated. Also, use of the 3791 * authentication protocols may be different in both directions (this makes 3792 * sense, think of a machine that never accepts incoming calls but only 3793 * calls out, it doesn't require the called party to authenticate itself). 3794 * 3795 * Our state machine for the local authentication protocol (we are requesting 3796 * the peer to authenticate) looks like: 3797 * 3798 * RCA- 3799 * +--------------------------------------------+ 3800 * V scn,tld| 3801 * +--------+ Close +---------+ RCA+ 3802 * | |<----------------------------------| |------+ 3803 * +--->| Closed | TO* | Opened | sca | 3804 * | | |-----+ +-------| |<-----+ 3805 * | +--------+ irc | | +---------+ 3806 * | ^ | | ^ 3807 * | | | | | 3808 * | | | | | 3809 * | TO-| | | | 3810 * | |tld TO+ V | | 3811 * | | +------->+ | | 3812 * | | | | | | 3813 * | +--------+ V | | 3814 * | | |<----+<--------------------+ | 3815 * | | Req- | scr | 3816 * | | Sent | | 3817 * | | | | 3818 * | +--------+ | 3819 * | RCA- | | RCA+ | 3820 * +------+ +------------------------------------------+ 3821 * scn,tld sca,irc,ict,tlu 3822 * 3823 * 3824 * with: 3825 * 3826 * Open: LCP reached authentication phase 3827 * Close: LCP reached terminate phase 3828 * 3829 * RCA+: received reply (pap-req, chap-response), acceptable 3830 * RCN: received reply (pap-req, chap-response), not acceptable 3831 * TO+: timeout with restart counter >= 0 3832 * TO-: timeout with restart counter < 0 3833 * TO*: reschedule timeout for CHAP 3834 * 3835 * scr: send request packet (none for PAP, chap-challenge) 3836 * sca: send ack packet (pap-ack, chap-success) 3837 * scn: send nak packet (pap-nak, chap-failure) 3838 * ict: initialize re-challenge timer (CHAP only) 3839 * 3840 * tlu: this-layer-up, LCP reaches network phase 3841 * tld: this-layer-down, LCP enters terminate phase 3842 * 3843 * Note that in CHAP mode, after sending a new challenge, while the state 3844 * automaton falls back into Req-Sent state, it doesn't signal a tld 3845 * event to LCP, so LCP remains in network phase. Only after not getting 3846 * any response (or after getting an unacceptable response), CHAP closes, 3847 * causing LCP to enter terminate phase. 3848 * 3849 * With PAP, there is no initial request that can be sent. The peer is 3850 * expected to send one based on the successful negotiation of PAP as 3851 * the authentication protocol during the LCP option negotiation. 3852 * 3853 * Incoming authentication protocol requests (remote requests 3854 * authentication, we are peer) don't employ a state machine at all, 3855 * they are simply answered. Some peers [Ascend P50 firmware rev 3856 * 4.50] react allergically when sending IPCP requests while they are 3857 * still in authentication phase (thereby violating the standard that 3858 * demands that these NCP packets are to be discarded), so we keep 3859 * track of the peer demanding us to authenticate, and only proceed to 3860 * phase network once we've seen a positive acknowledge for the 3861 * authentication. 3862 */ 3863 3864/* 3865 * Handle incoming CHAP packets. 3866 */ 3867static void 3868sppp_chap_input(struct sppp *sp, struct mbuf *m) 3869{ 3870 STDDCL; 3871 struct lcp_header *h; 3872 int len, x; 3873 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3874 int value_len, name_len; 3875 MD5_CTX ctx; 3876 3877 len = m->m_pkthdr.len; 3878 if (len < 4) { 3879 if (debug) 3880 log(LOG_DEBUG, 3881 SPP_FMT "chap invalid packet length: %d bytes\n", 3882 SPP_ARGS(ifp), len); 3883 return; 3884 } 3885 h = mtod (m, struct lcp_header*); 3886 if (len > ntohs (h->len)) 3887 len = ntohs (h->len); 3888 3889 switch (h->type) { 3890 /* challenge, failure and success are his authproto */ 3891 case CHAP_CHALLENGE: 3892 value = 1 + (u_char*)(h+1); 3893 value_len = value[-1]; 3894 name = value + value_len; 3895 name_len = len - value_len - 5; 3896 if (name_len < 0) { 3897 if (debug) { 3898 log(LOG_DEBUG, 3899 SPP_FMT "chap corrupted challenge " 3900 "<%s id=0x%x len=%d", 3901 SPP_ARGS(ifp), 3902 sppp_auth_type_name(PPP_CHAP, h->type), 3903 h->ident, ntohs(h->len)); 3904 sppp_print_bytes((u_char*) (h+1), len-4); 3905 log(-1, ">\n"); 3906 } 3907 break; 3908 } 3909 3910 if (debug) { 3911 log(LOG_DEBUG, 3912 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3913 SPP_ARGS(ifp), 3914 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3915 ntohs(h->len)); 3916 sppp_print_string((char*) name, name_len); 3917 log(-1, " value-size=%d value=", value_len); 3918 sppp_print_bytes(value, value_len); 3919 log(-1, ">\n"); 3920 } 3921 3922 /* Compute reply value. */ 3923 MD5Init(&ctx); 3924 MD5Update(&ctx, &h->ident, 1); 3925 MD5Update(&ctx, sp->myauth.secret, 3926 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3927 MD5Update(&ctx, value, value_len); 3928 MD5Final(digest, &ctx); 3929 dsize = sizeof digest; 3930 3931 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3932 sizeof dsize, (const char *)&dsize, 3933 sizeof digest, digest, 3934 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3935 sp->myauth.name, 3936 0); 3937 break; 3938 3939 case CHAP_SUCCESS: 3940 if (debug) { 3941 log(LOG_DEBUG, SPP_FMT "chap success", 3942 SPP_ARGS(ifp)); 3943 if (len > 4) { 3944 log(-1, ": "); 3945 sppp_print_string((char*)(h + 1), len - 4); 3946 } 3947 log(-1, "\n"); 3948 } 3949 x = splimp(); 3950 sp->pp_flags &= ~PP_NEEDAUTH; 3951 if (sp->myauth.proto == PPP_CHAP && 3952 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3953 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3954 /* 3955 * We are authenticator for CHAP but didn't 3956 * complete yet. Leave it to tlu to proceed 3957 * to network phase. 3958 */ 3959 splx(x); 3960 break; 3961 } 3962 splx(x); 3963 sppp_phase_network(sp); 3964 break; 3965 3966 case CHAP_FAILURE: 3967 if (debug) { 3968 log(LOG_INFO, SPP_FMT "chap failure", 3969 SPP_ARGS(ifp)); 3970 if (len > 4) { 3971 log(-1, ": "); 3972 sppp_print_string((char*)(h + 1), len - 4); 3973 } 3974 log(-1, "\n"); 3975 } else 3976 log(LOG_INFO, SPP_FMT "chap failure\n", 3977 SPP_ARGS(ifp)); 3978 /* await LCP shutdown by authenticator */ 3979 break; 3980 3981 /* response is my authproto */ 3982 case CHAP_RESPONSE: 3983 value = 1 + (u_char*)(h+1); 3984 value_len = value[-1]; 3985 name = value + value_len; 3986 name_len = len - value_len - 5; 3987 if (name_len < 0) { 3988 if (debug) { 3989 log(LOG_DEBUG, 3990 SPP_FMT "chap corrupted response " 3991 "<%s id=0x%x len=%d", 3992 SPP_ARGS(ifp), 3993 sppp_auth_type_name(PPP_CHAP, h->type), 3994 h->ident, ntohs(h->len)); 3995 sppp_print_bytes((u_char*)(h+1), len-4); 3996 log(-1, ">\n"); 3997 } 3998 break; 3999 } 4000 if (h->ident != sp->confid[IDX_CHAP]) { 4001 if (debug) 4002 log(LOG_DEBUG, 4003 SPP_FMT "chap dropping response for old ID " 4004 "(got %d, expected %d)\n", 4005 SPP_ARGS(ifp), 4006 h->ident, sp->confid[IDX_CHAP]); 4007 break; 4008 } 4009 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 4010 || bcmp(name, sp->hisauth.name, name_len) != 0) { 4011 log(LOG_INFO, SPP_FMT "chap response, his name ", 4012 SPP_ARGS(ifp)); 4013 sppp_print_string(name, name_len); 4014 log(-1, " != expected "); 4015 sppp_print_string(sp->hisauth.name, 4016 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 4017 log(-1, "\n"); 4018 } 4019 if (debug) { 4020 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 4021 "<%s id=0x%x len=%d name=", 4022 SPP_ARGS(ifp), 4023 sppp_state_name(sp->state[IDX_CHAP]), 4024 sppp_auth_type_name(PPP_CHAP, h->type), 4025 h->ident, ntohs (h->len)); 4026 sppp_print_string((char*)name, name_len); 4027 log(-1, " value-size=%d value=", value_len); 4028 sppp_print_bytes(value, value_len); 4029 log(-1, ">\n"); 4030 } 4031 if (value_len != AUTHKEYLEN) { 4032 if (debug) 4033 log(LOG_DEBUG, 4034 SPP_FMT "chap bad hash value length: " 4035 "%d bytes, should be %d\n", 4036 SPP_ARGS(ifp), value_len, 4037 AUTHKEYLEN); 4038 break; 4039 } 4040 4041 MD5Init(&ctx); 4042 MD5Update(&ctx, &h->ident, 1); 4043 MD5Update(&ctx, sp->hisauth.secret, 4044 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 4045 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 4046 MD5Final(digest, &ctx); 4047 4048#define FAILMSG "Failed..." 4049#define SUCCMSG "Welcome!" 4050 4051 if (value_len != sizeof digest || 4052 bcmp(digest, value, value_len) != 0) { 4053 /* action scn, tld */ 4054 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4055 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4056 0); 4057 chap.tld(sp); 4058 break; 4059 } 4060 /* action sca, perhaps tlu */ 4061 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4062 sp->state[IDX_CHAP] == STATE_OPENED) 4063 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4064 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4065 0); 4066 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4067 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4068 chap.tlu(sp); 4069 } 4070 break; 4071 4072 default: 4073 /* Unknown CHAP packet type -- ignore. */ 4074 if (debug) { 4075 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4076 "<0x%x id=0x%xh len=%d", 4077 SPP_ARGS(ifp), 4078 sppp_state_name(sp->state[IDX_CHAP]), 4079 h->type, h->ident, ntohs(h->len)); 4080 sppp_print_bytes((u_char*)(h+1), len-4); 4081 log(-1, ">\n"); 4082 } 4083 break; 4084 4085 } 4086} 4087 4088static void 4089sppp_chap_init(struct sppp *sp) 4090{ 4091 /* Chap doesn't have STATE_INITIAL at all. */ 4092 sp->state[IDX_CHAP] = STATE_CLOSED; 4093 sp->fail_counter[IDX_CHAP] = 0; 4094 sp->pp_seq[IDX_CHAP] = 0; 4095 sp->pp_rseq[IDX_CHAP] = 0; 4096#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4097 callout_handle_init(&sp->ch[IDX_CHAP]); 4098#endif 4099} 4100 4101static void 4102sppp_chap_open(struct sppp *sp) 4103{ 4104 if (sp->myauth.proto == PPP_CHAP && 4105 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4106 /* we are authenticator for CHAP, start it */ 4107 chap.scr(sp); 4108 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4109 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4110 } 4111 /* nothing to be done if we are peer, await a challenge */ 4112} 4113 4114static void 4115sppp_chap_close(struct sppp *sp) 4116{ 4117 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4118 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4119} 4120 4121static void 4122sppp_chap_TO(void *cookie) 4123{ 4124 struct sppp *sp = (struct sppp *)cookie; 4125 STDDCL; 4126 int s; 4127 4128 s = splimp(); 4129 if (debug) 4130 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4131 SPP_ARGS(ifp), 4132 sppp_state_name(sp->state[IDX_CHAP]), 4133 sp->rst_counter[IDX_CHAP]); 4134 4135 if (--sp->rst_counter[IDX_CHAP] < 0) 4136 /* TO- event */ 4137 switch (sp->state[IDX_CHAP]) { 4138 case STATE_REQ_SENT: 4139 chap.tld(sp); 4140 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4141 break; 4142 } 4143 else 4144 /* TO+ (or TO*) event */ 4145 switch (sp->state[IDX_CHAP]) { 4146 case STATE_OPENED: 4147 /* TO* event */ 4148 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4149 /* FALLTHROUGH */ 4150 case STATE_REQ_SENT: 4151 chap.scr(sp); 4152 /* sppp_cp_change_state() will restart the timer */ 4153 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4154 break; 4155 } 4156 4157 splx(s); 4158} 4159 4160static void 4161sppp_chap_tlu(struct sppp *sp) 4162{ 4163 STDDCL; 4164 int i, x; 4165 4166 i = 0; 4167 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4168 4169 /* 4170 * Some broken CHAP implementations (Conware CoNet, firmware 4171 * 4.0.?) don't want to re-authenticate their CHAP once the 4172 * initial challenge-response exchange has taken place. 4173 * Provide for an option to avoid rechallenges. 4174 */ 4175 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4176 /* 4177 * Compute the re-challenge timeout. This will yield 4178 * a number between 300 and 810 seconds. 4179 */ 4180 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4181 TIMEOUT(chap.TO, (void *)sp, i * hz, sp->ch[IDX_CHAP]); 4182 } 4183 4184 if (debug) { 4185 log(LOG_DEBUG, 4186 SPP_FMT "chap %s, ", 4187 SPP_ARGS(ifp), 4188 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4189 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4190 log(-1, "next re-challenge in %d seconds\n", i); 4191 else 4192 log(-1, "re-challenging supressed\n"); 4193 } 4194 4195 x = splimp(); 4196 /* indicate to LCP that we need to be closed down */ 4197 sp->lcp.protos |= (1 << IDX_CHAP); 4198 4199 if (sp->pp_flags & PP_NEEDAUTH) { 4200 /* 4201 * Remote is authenticator, but his auth proto didn't 4202 * complete yet. Defer the transition to network 4203 * phase. 4204 */ 4205 splx(x); 4206 return; 4207 } 4208 splx(x); 4209 4210 /* 4211 * If we are already in phase network, we are done here. This 4212 * is the case if this is a dummy tlu event after a re-challenge. 4213 */ 4214 if (sp->pp_phase != PHASE_NETWORK) 4215 sppp_phase_network(sp); 4216} 4217 4218static void 4219sppp_chap_tld(struct sppp *sp) 4220{ 4221 STDDCL; 4222 4223 if (debug) 4224 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4225 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 4226 sp->lcp.protos &= ~(1 << IDX_CHAP); 4227 4228 lcp.Close(sp); 4229} 4230 4231static void 4232sppp_chap_scr(struct sppp *sp) 4233{ 4234 u_long *ch, seed; 4235 u_char clen; 4236 4237 /* Compute random challenge. */ 4238 ch = (u_long *)sp->myauth.challenge; 4239#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4240 read_random(&seed, sizeof seed); 4241#else 4242 { 4243 struct timeval tv; 4244 microtime(&tv); 4245 seed = tv.tv_sec ^ tv.tv_usec; 4246 } 4247#endif 4248 ch[0] = seed ^ random(); 4249 ch[1] = seed ^ random(); 4250 ch[2] = seed ^ random(); 4251 ch[3] = seed ^ random(); 4252 clen = AUTHKEYLEN; 4253 4254 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4255 4256 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4257 sizeof clen, (const char *)&clen, 4258 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4259 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4260 sp->myauth.name, 4261 0); 4262} 4263 4264/* 4265 *--------------------------------------------------------------------------* 4266 * * 4267 * The PAP implementation. * 4268 * * 4269 *--------------------------------------------------------------------------* 4270 */ 4271/* 4272 * For PAP, we need to keep a little state also if we are the peer, not the 4273 * authenticator. This is since we don't get a request to authenticate, but 4274 * have to repeatedly authenticate ourself until we got a response (or the 4275 * retry counter is expired). 4276 */ 4277 4278/* 4279 * Handle incoming PAP packets. */ 4280static void 4281sppp_pap_input(struct sppp *sp, struct mbuf *m) 4282{ 4283 STDDCL; 4284 struct lcp_header *h; 4285 int len, x; 4286 u_char *name, *passwd, mlen; 4287 int name_len, passwd_len; 4288 4289 len = m->m_pkthdr.len; 4290 if (len < 5) { 4291 if (debug) 4292 log(LOG_DEBUG, 4293 SPP_FMT "pap invalid packet length: %d bytes\n", 4294 SPP_ARGS(ifp), len); 4295 return; 4296 } 4297 h = mtod (m, struct lcp_header*); 4298 if (len > ntohs (h->len)) 4299 len = ntohs (h->len); 4300 switch (h->type) { 4301 /* PAP request is my authproto */ 4302 case PAP_REQ: 4303 name = 1 + (u_char*)(h+1); 4304 name_len = name[-1]; 4305 passwd = name + name_len + 1; 4306 if (name_len > len - 6 || 4307 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4308 if (debug) { 4309 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4310 "<%s id=0x%x len=%d", 4311 SPP_ARGS(ifp), 4312 sppp_auth_type_name(PPP_PAP, h->type), 4313 h->ident, ntohs(h->len)); 4314 sppp_print_bytes((u_char*)(h+1), len-4); 4315 log(-1, ">\n"); 4316 } 4317 break; 4318 } 4319 if (debug) { 4320 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4321 "<%s id=0x%x len=%d name=", 4322 SPP_ARGS(ifp), 4323 sppp_state_name(sp->state[IDX_PAP]), 4324 sppp_auth_type_name(PPP_PAP, h->type), 4325 h->ident, ntohs(h->len)); 4326 sppp_print_string((char*)name, name_len); 4327 log(-1, " passwd="); 4328 sppp_print_string((char*)passwd, passwd_len); 4329 log(-1, ">\n"); 4330 } 4331 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4332 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4333 bcmp(name, sp->hisauth.name, name_len) != 0 || 4334 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4335 /* action scn, tld */ 4336 mlen = sizeof(FAILMSG) - 1; 4337 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4338 sizeof mlen, (const char *)&mlen, 4339 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4340 0); 4341 pap.tld(sp); 4342 break; 4343 } 4344 /* action sca, perhaps tlu */ 4345 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4346 sp->state[IDX_PAP] == STATE_OPENED) { 4347 mlen = sizeof(SUCCMSG) - 1; 4348 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4349 sizeof mlen, (const char *)&mlen, 4350 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4351 0); 4352 } 4353 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4354 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4355 pap.tlu(sp); 4356 } 4357 break; 4358 4359 /* ack and nak are his authproto */ 4360 case PAP_ACK: 4361 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4362 if (debug) { 4363 log(LOG_DEBUG, SPP_FMT "pap success", 4364 SPP_ARGS(ifp)); 4365 name_len = *((char *)h); 4366 if (len > 5 && name_len) { 4367 log(-1, ": "); 4368 sppp_print_string((char*)(h+1), name_len); 4369 } 4370 log(-1, "\n"); 4371 } 4372 x = splimp(); 4373 sp->pp_flags &= ~PP_NEEDAUTH; 4374 if (sp->myauth.proto == PPP_PAP && 4375 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4376 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4377 /* 4378 * We are authenticator for PAP but didn't 4379 * complete yet. Leave it to tlu to proceed 4380 * to network phase. 4381 */ 4382 splx(x); 4383 break; 4384 } 4385 splx(x); 4386 sppp_phase_network(sp); 4387 break; 4388 4389 case PAP_NAK: 4390 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4391 if (debug) { 4392 log(LOG_INFO, SPP_FMT "pap failure", 4393 SPP_ARGS(ifp)); 4394 name_len = *((char *)h); 4395 if (len > 5 && name_len) { 4396 log(-1, ": "); 4397 sppp_print_string((char*)(h+1), name_len); 4398 } 4399 log(-1, "\n"); 4400 } else 4401 log(LOG_INFO, SPP_FMT "pap failure\n", 4402 SPP_ARGS(ifp)); 4403 /* await LCP shutdown by authenticator */ 4404 break; 4405 4406 default: 4407 /* Unknown PAP packet type -- ignore. */ 4408 if (debug) { 4409 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4410 "<0x%x id=0x%x len=%d", 4411 SPP_ARGS(ifp), 4412 h->type, h->ident, ntohs(h->len)); 4413 sppp_print_bytes((u_char*)(h+1), len-4); 4414 log(-1, ">\n"); 4415 } 4416 break; 4417 4418 } 4419} 4420 4421static void 4422sppp_pap_init(struct sppp *sp) 4423{ 4424 /* PAP doesn't have STATE_INITIAL at all. */ 4425 sp->state[IDX_PAP] = STATE_CLOSED; 4426 sp->fail_counter[IDX_PAP] = 0; 4427 sp->pp_seq[IDX_PAP] = 0; 4428 sp->pp_rseq[IDX_PAP] = 0; 4429#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4430 callout_handle_init(&sp->ch[IDX_PAP]); 4431 callout_handle_init(&sp->pap_my_to_ch); 4432#endif 4433} 4434 4435static void 4436sppp_pap_open(struct sppp *sp) 4437{ 4438 if (sp->hisauth.proto == PPP_PAP && 4439 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4440 /* we are authenticator for PAP, start our timer */ 4441 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4442 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4443 } 4444 if (sp->myauth.proto == PPP_PAP) { 4445 /* we are peer, send a request, and start a timer */ 4446 pap.scr(sp); 4447 TIMEOUT(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout, 4448 sp->pap_my_to_ch); 4449 } 4450} 4451 4452static void 4453sppp_pap_close(struct sppp *sp) 4454{ 4455 if (sp->state[IDX_PAP] != STATE_CLOSED) 4456 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4457} 4458 4459/* 4460 * That's the timeout routine if we are authenticator. Since the 4461 * authenticator is basically passive in PAP, we can't do much here. 4462 */ 4463static void 4464sppp_pap_TO(void *cookie) 4465{ 4466 struct sppp *sp = (struct sppp *)cookie; 4467 STDDCL; 4468 int s; 4469 4470 s = splimp(); 4471 if (debug) 4472 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4473 SPP_ARGS(ifp), 4474 sppp_state_name(sp->state[IDX_PAP]), 4475 sp->rst_counter[IDX_PAP]); 4476 4477 if (--sp->rst_counter[IDX_PAP] < 0) 4478 /* TO- event */ 4479 switch (sp->state[IDX_PAP]) { 4480 case STATE_REQ_SENT: 4481 pap.tld(sp); 4482 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4483 break; 4484 } 4485 else 4486 /* TO+ event, not very much we could do */ 4487 switch (sp->state[IDX_PAP]) { 4488 case STATE_REQ_SENT: 4489 /* sppp_cp_change_state() will restart the timer */ 4490 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4491 break; 4492 } 4493 4494 splx(s); 4495} 4496 4497/* 4498 * That's the timeout handler if we are peer. Since the peer is active, 4499 * we need to retransmit our PAP request since it is apparently lost. 4500 * XXX We should impose a max counter. 4501 */ 4502static void 4503sppp_pap_my_TO(void *cookie) 4504{ 4505 struct sppp *sp = (struct sppp *)cookie; 4506 STDDCL; 4507 4508 if (debug) 4509 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4510 SPP_ARGS(ifp)); 4511 4512 pap.scr(sp); 4513} 4514 4515static void 4516sppp_pap_tlu(struct sppp *sp) 4517{ 4518 STDDCL; 4519 int x; 4520 4521 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4522 4523 if (debug) 4524 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4525 SPP_ARGS(ifp), pap.name); 4526 4527 x = splimp(); 4528 /* indicate to LCP that we need to be closed down */ 4529 sp->lcp.protos |= (1 << IDX_PAP); 4530 4531 if (sp->pp_flags & PP_NEEDAUTH) { 4532 /* 4533 * Remote is authenticator, but his auth proto didn't 4534 * complete yet. Defer the transition to network 4535 * phase. 4536 */ 4537 splx(x); 4538 return; 4539 } 4540 splx(x); 4541 sppp_phase_network(sp); 4542} 4543 4544static void 4545sppp_pap_tld(struct sppp *sp) 4546{ 4547 STDDCL; 4548 4549 if (debug) 4550 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4551 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 4552 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4553 sp->lcp.protos &= ~(1 << IDX_PAP); 4554 4555 lcp.Close(sp); 4556} 4557 4558static void 4559sppp_pap_scr(struct sppp *sp) 4560{ 4561 u_char idlen, pwdlen; 4562 4563 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4564 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4565 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4566 4567 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4568 sizeof idlen, (const char *)&idlen, 4569 (size_t)idlen, sp->myauth.name, 4570 sizeof pwdlen, (const char *)&pwdlen, 4571 (size_t)pwdlen, sp->myauth.secret, 4572 0); 4573} 4574 4575/* 4576 * Random miscellaneous functions. 4577 */ 4578 4579/* 4580 * Send a PAP or CHAP proto packet. 4581 * 4582 * Varadic function, each of the elements for the ellipsis is of type 4583 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4584 * mlen == 0. 4585 * NOTE: never declare variadic functions with types subject to type 4586 * promotion (i.e. u_char). This is asking for big trouble depending 4587 * on the architecture you are on... 4588 */ 4589 4590static void 4591sppp_auth_send(const struct cp *cp, struct sppp *sp, 4592 unsigned int type, unsigned int id, 4593 ...) 4594{ 4595 STDDCL; 4596 struct ppp_header *h; 4597 struct lcp_header *lh; 4598 struct mbuf *m; 4599 u_char *p; 4600 int len; 4601 unsigned int mlen; 4602 const char *msg; 4603 va_list ap; 4604 4605 MGETHDR (m, M_DONTWAIT, MT_DATA); 4606 if (! m) 4607 return; 4608 m->m_pkthdr.rcvif = 0; 4609 4610 h = mtod (m, struct ppp_header*); 4611 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4612 h->control = PPP_UI; /* Unnumbered Info */ 4613 h->protocol = htons(cp->proto); 4614 4615 lh = (struct lcp_header*)(h + 1); 4616 lh->type = type; 4617 lh->ident = id; 4618 p = (u_char*) (lh+1); 4619 4620 va_start(ap, id); 4621 len = 0; 4622 4623 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4624 msg = va_arg(ap, const char *); 4625 len += mlen; 4626 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4627 va_end(ap); 4628 m_freem(m); 4629 return; 4630 } 4631 4632 bcopy(msg, p, mlen); 4633 p += mlen; 4634 } 4635 va_end(ap); 4636 4637 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4638 lh->len = htons (LCP_HEADER_LEN + len); 4639 4640 if (debug) { 4641 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4642 SPP_ARGS(ifp), cp->name, 4643 sppp_auth_type_name(cp->proto, lh->type), 4644 lh->ident, ntohs(lh->len)); 4645 sppp_print_bytes((u_char*) (lh+1), len); 4646 log(-1, ">\n"); 4647 } 4648 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 4649 ifp->if_oerrors++; 4650} 4651 4652/* 4653 * Flush interface queue. 4654 */ 4655static void 4656sppp_qflush(struct ifqueue *ifq) 4657{ 4658 struct mbuf *m, *n; 4659 4660 n = ifq->ifq_head; 4661 while ((m = n)) { 4662 n = m->m_act; 4663 m_freem (m); 4664 } 4665 ifq->ifq_head = 0; 4666 ifq->ifq_tail = 0; 4667 ifq->ifq_len = 0; 4668} 4669 4670/* 4671 * Send keepalive packets, every 10 seconds. 4672 */ 4673static void 4674sppp_keepalive(void *dummy) 4675{ 4676 struct sppp *sp; 4677 int s; 4678 4679 s = splimp(); 4680 for (sp=spppq; sp; sp=sp->pp_next) { 4681 struct ifnet *ifp = &sp->pp_if; 4682 4683 /* Keepalive mode disabled or channel down? */ 4684 if (! (sp->pp_flags & PP_KEEPALIVE) || 4685 ! (ifp->if_flags & IFF_RUNNING)) 4686 continue; 4687 4688 /* No keepalive in PPP mode if LCP not opened yet. */ 4689 if (sp->pp_mode != IFF_CISCO && 4690 sp->pp_phase < PHASE_AUTHENTICATE) 4691 continue; 4692 4693 if (sp->pp_alivecnt == MAXALIVECNT) { 4694 /* No keepalive packets got. Stop the interface. */ 4695 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4696 if_down (ifp); 4697 sppp_qflush (&sp->pp_cpq); 4698 if (sp->pp_mode != IFF_CISCO) { 4699 /* XXX */ 4700 /* Shut down the PPP link. */ 4701 lcp.Down(sp); 4702 /* Initiate negotiation. XXX */ 4703 lcp.Up(sp); 4704 } 4705 } 4706 if (sp->pp_alivecnt <= MAXALIVECNT) 4707 ++sp->pp_alivecnt; 4708 if (sp->pp_mode == IFF_CISCO) 4709 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4710 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4711 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4712 long nmagic = htonl (sp->lcp.magic); 4713 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4714 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4715 sp->lcp.echoid, 4, &nmagic); 4716 } 4717 } 4718 splx(s); 4719 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 4720} 4721 4722/* 4723 * Get both IP addresses. 4724 */ 4725static void 4726sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4727{ 4728 struct ifnet *ifp = &sp->pp_if; 4729 struct ifaddr *ifa; 4730 struct sockaddr_in *si, *sm; 4731 u_long ssrc, ddst; 4732 4733 sm = NULL; 4734 ssrc = ddst = 0L; 4735 /* 4736 * Pick the first AF_INET address from the list, 4737 * aliases don't make any sense on a p2p link anyway. 4738 */ 4739 si = 0; 4740#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4741 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4742#elif defined(__NetBSD__) || defined (__OpenBSD__) 4743 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4744 ifa; 4745 ifa = TAILQ_NEXT(ifa, ifa_list)) 4746#else 4747 for (ifa = ifp->if_addrlist; 4748 ifa; 4749 ifa = ifa->ifa_next) 4750#endif 4751 if (ifa->ifa_addr->sa_family == AF_INET) { 4752 si = (struct sockaddr_in *)ifa->ifa_addr; 4753 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4754 if (si) 4755 break; 4756 } 4757 if (ifa) { 4758 if (si && si->sin_addr.s_addr) { 4759 ssrc = si->sin_addr.s_addr; 4760 if (srcmask) 4761 *srcmask = ntohl(sm->sin_addr.s_addr); 4762 } 4763 4764 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4765 if (si && si->sin_addr.s_addr) 4766 ddst = si->sin_addr.s_addr; 4767 } 4768 4769 if (dst) *dst = ntohl(ddst); 4770 if (src) *src = ntohl(ssrc); 4771} 4772 4773/* 4774 * Set my IP address. Must be called at splimp. 4775 */ 4776static void 4777sppp_set_ip_addr(struct sppp *sp, u_long src) 4778{ 4779 STDDCL; 4780 struct ifaddr *ifa; 4781 struct sockaddr_in *si; 4782 struct in_ifaddr *ia; 4783 4784 /* 4785 * Pick the first AF_INET address from the list, 4786 * aliases don't make any sense on a p2p link anyway. 4787 */ 4788 si = 0; 4789#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4790 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4791#elif defined(__NetBSD__) || defined (__OpenBSD__) 4792 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4793 ifa; 4794 ifa = TAILQ_NEXT(ifa, ifa_list)) 4795#else 4796 for (ifa = ifp->if_addrlist; 4797 ifa; 4798 ifa = ifa->ifa_next) 4799#endif 4800 { 4801 if (ifa->ifa_addr->sa_family == AF_INET) 4802 { 4803 si = (struct sockaddr_in *)ifa->ifa_addr; 4804 if (si) 4805 break; 4806 } 4807 } 4808 4809 if (ifa && si) 4810 { 4811 int error; 4812#if __NetBSD_Version__ >= 103080000 4813 struct sockaddr_in new_sin = *si; 4814 4815 new_sin.sin_addr.s_addr = htonl(src); 4816 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4817 if(debug && error) 4818 { 4819 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4820 " failed, error=%d\n", SPP_ARGS(ifp), error); 4821 } 4822#else 4823 /* delete old route */ 4824 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4825 if(debug && error) 4826 { 4827 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4828 SPP_ARGS(ifp), error); 4829 } 4830 4831 /* set new address */ 4832 si->sin_addr.s_addr = htonl(src); 4833 ia = ifatoia(ifa); 4834 LIST_REMOVE(ia, ia_hash); 4835 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4836 4837 /* add new route */ 4838 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4839 if (debug && error) 4840 { 4841 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4842 SPP_ARGS(ifp), error); 4843 } 4844#endif 4845 } 4846} 4847 4848#ifdef INET6 4849/* 4850 * Get both IPv6 addresses. 4851 */ 4852static void 4853sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4854 struct in6_addr *srcmask) 4855{ 4856 struct ifnet *ifp = &sp->pp_if; 4857 struct ifaddr *ifa; 4858 struct sockaddr_in6 *si, *sm; 4859 struct in6_addr ssrc, ddst; 4860 4861 sm = NULL; 4862 bzero(&ssrc, sizeof(ssrc)); 4863 bzero(&ddst, sizeof(ddst)); 4864 /* 4865 * Pick the first link-local AF_INET6 address from the list, 4866 * aliases don't make any sense on a p2p link anyway. 4867 */ 4868#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4869 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 4870 ifa; 4871 ifa = ifa->ifa_link.tqe_next) 4872#elif defined(__NetBSD__) || defined (__OpenBSD__) 4873 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 4874 ifa; 4875 ifa = ifa->ifa_list.tqe_next) 4876#else 4877 for (ifa = ifp->if_addrlist, si = 0; 4878 ifa; 4879 ifa = ifa->ifa_next) 4880#endif 4881 if (ifa->ifa_addr->sa_family == AF_INET6) { 4882 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4883 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4884 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4885 break; 4886 } 4887 if (ifa) { 4888 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4889 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4890 if (srcmask) { 4891 bcopy(&sm->sin6_addr, srcmask, 4892 sizeof(*srcmask)); 4893 } 4894 } 4895 4896 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4897 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4898 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4899 } 4900 4901 if (dst) 4902 bcopy(&ddst, dst, sizeof(*dst)); 4903 if (src) 4904 bcopy(&ssrc, src, sizeof(*src)); 4905} 4906 4907#ifdef IPV6CP_MYIFID_DYN 4908/* 4909 * Generate random ifid. 4910 */ 4911static void 4912sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4913{ 4914 /* TBD */ 4915} 4916 4917/* 4918 * Set my IPv6 address. Must be called at splimp. 4919 */ 4920static void 4921sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4922{ 4923 STDDCL; 4924 struct ifaddr *ifa; 4925 struct sockaddr_in6 *sin6; 4926 4927 /* 4928 * Pick the first link-local AF_INET6 address from the list, 4929 * aliases don't make any sense on a p2p link anyway. 4930 */ 4931 4932 sin6 = NULL; 4933#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4934 for (ifa = ifp->if_addrhead.tqh_first; 4935 ifa; 4936 ifa = ifa->ifa_link.tqe_next) 4937#elif defined(__NetBSD__) || defined (__OpenBSD__) 4938 for (ifa = ifp->if_addrlist.tqh_first; 4939 ifa; 4940 ifa = ifa->ifa_list.tqe_next) 4941#else 4942 for (ifa = ifp->if_addrlist; ifa; ifa = ifa->ifa_next) 4943#endif 4944 { 4945 if (ifa->ifa_addr->sa_family == AF_INET6) 4946 { 4947 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 4948 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 4949 break; 4950 } 4951 } 4952 4953 if (ifa && sin6) 4954 { 4955 int error; 4956 struct sockaddr_in6 new_sin6 = *sin6; 4957 4958 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 4959 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 4960 if (debug && error) 4961 { 4962 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 4963 " failed, error=%d\n", SPP_ARGS(ifp), error); 4964 } 4965 } 4966} 4967#endif 4968 4969/* 4970 * Suggest a candidate address to be used by peer. 4971 */ 4972static void 4973sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4974{ 4975 struct in6_addr myaddr; 4976 struct timeval tv; 4977 4978 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4979 4980 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4981 microtime(&tv); 4982 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 4983 myaddr.s6_addr[14] ^= 0xff; 4984 myaddr.s6_addr[15] ^= 0xff; 4985 } else { 4986 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 4987 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 4988 } 4989 if (suggest) 4990 bcopy(&myaddr, suggest, sizeof(myaddr)); 4991} 4992#endif /*INET6*/ 4993 4994static int 4995sppp_params(struct sppp *sp, u_long cmd, void *data) 4996{ 4997 u_long subcmd; 4998 struct ifreq *ifr = (struct ifreq *)data; 4999 struct spppreq *spr; 5000 int rv = 0; 5001 5002 if ((spr = malloc(sizeof(struct spppreq), M_TEMP, M_NOWAIT)) == 0) 5003 return (EAGAIN); 5004 /* 5005 * ifr->ifr_data is supposed to point to a struct spppreq. 5006 * Check the cmd word first before attempting to fetch all the 5007 * data. 5008 */ 5009 if ((subcmd = fuword(ifr->ifr_data)) == -1) { 5010 rv = EFAULT; 5011 goto quit; 5012 } 5013 5014 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(struct spppreq)) != 0) { 5015 rv = EFAULT; 5016 goto quit; 5017 } 5018 5019 switch (subcmd) { 5020 case (int)SPPPIOGDEFS: 5021 if (cmd != SIOCGIFGENERIC) { 5022 rv = EINVAL; 5023 break; 5024 } 5025 /* 5026 * We copy over the entire current state, but clean 5027 * out some of the stuff we don't wanna pass up. 5028 * Remember, SIOCGIFGENERIC is unprotected, and can be 5029 * called by any user. No need to ever get PAP or 5030 * CHAP secrets back to userland anyway. 5031 */ 5032 spr->defs.pp_phase = sp->pp_phase; 5033 spr->defs.enable_vj = (sp->confflags & CONF_ENABLE_VJ) != 0; 5034 spr->defs.enable_ipv6 = (sp->confflags & CONF_ENABLE_IPV6) != 0; 5035 spr->defs.lcp = sp->lcp; 5036 spr->defs.ipcp = sp->ipcp; 5037 spr->defs.ipv6cp = sp->ipv6cp; 5038 spr->defs.myauth = sp->myauth; 5039 spr->defs.hisauth = sp->hisauth; 5040 bzero(spr->defs.myauth.secret, AUTHKEYLEN); 5041 bzero(spr->defs.myauth.challenge, AUTHKEYLEN); 5042 bzero(spr->defs.hisauth.secret, AUTHKEYLEN); 5043 bzero(spr->defs.hisauth.challenge, AUTHKEYLEN); 5044 /* 5045 * Fixup the LCP timeout value to milliseconds so 5046 * spppcontrol doesn't need to bother about the value 5047 * of "hz". We do the reverse calculation below when 5048 * setting it. 5049 */ 5050 spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz; 5051 rv = copyout(spr, (caddr_t)ifr->ifr_data, 5052 sizeof(struct spppreq)); 5053 break; 5054 5055 case (int)SPPPIOSDEFS: 5056 if (cmd != SIOCSIFGENERIC) { 5057 rv = EINVAL; 5058 break; 5059 } 5060 /* 5061 * We have a very specific idea of which fields we 5062 * allow being passed back from userland, so to not 5063 * clobber our current state. For one, we only allow 5064 * setting anything if LCP is in dead or establish 5065 * phase. Once the authentication negotiations 5066 * started, the authentication settings must not be 5067 * changed again. (The administrator can force an 5068 * ifconfig down in order to get LCP back into dead 5069 * phase.) 5070 * 5071 * Also, we only allow for authentication parameters to be 5072 * specified. 5073 * 5074 * XXX Should allow to set or clear pp_flags. 5075 * 5076 * Finally, if the respective authentication protocol to 5077 * be used is set differently than 0, but the secret is 5078 * passed as all zeros, we don't trash the existing secret. 5079 * This allows an administrator to change the system name 5080 * only without clobbering the secret (which he didn't get 5081 * back in a previous SPPPIOGDEFS call). However, the 5082 * secrets are cleared if the authentication protocol is 5083 * reset to 0. */ 5084 if (sp->pp_phase != PHASE_DEAD && 5085 sp->pp_phase != PHASE_ESTABLISH) { 5086 rv = EBUSY; 5087 break; 5088 } 5089 5090 if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP && 5091 spr->defs.myauth.proto != PPP_CHAP) || 5092 (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP && 5093 spr->defs.hisauth.proto != PPP_CHAP)) { 5094 rv = EINVAL; 5095 break; 5096 } 5097 5098 if (spr->defs.myauth.proto == 0) 5099 /* resetting myauth */ 5100 bzero(&sp->myauth, sizeof sp->myauth); 5101 else { 5102 /* setting/changing myauth */ 5103 sp->myauth.proto = spr->defs.myauth.proto; 5104 bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 5105 if (spr->defs.myauth.secret[0] != '\0') 5106 bcopy(spr->defs.myauth.secret, sp->myauth.secret, 5107 AUTHKEYLEN); 5108 } 5109 if (spr->defs.hisauth.proto == 0) 5110 /* resetting hisauth */ 5111 bzero(&sp->hisauth, sizeof sp->hisauth); 5112 else { 5113 /* setting/changing hisauth */ 5114 sp->hisauth.proto = spr->defs.hisauth.proto; 5115 sp->hisauth.flags = spr->defs.hisauth.flags; 5116 bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5117 if (spr->defs.hisauth.secret[0] != '\0') 5118 bcopy(spr->defs.hisauth.secret, sp->hisauth.secret, 5119 AUTHKEYLEN); 5120 } 5121 /* set LCP restart timer timeout */ 5122 if (spr->defs.lcp.timeout != 0) 5123 sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000; 5124 /* set VJ enable and IPv6 disable flags */ 5125#ifdef INET 5126 if (spr->defs.enable_vj) 5127 sp->confflags |= CONF_ENABLE_VJ; 5128 else 5129 sp->confflags &= ~CONF_ENABLE_VJ; 5130#endif 5131#ifdef INET6 5132 if (spr->defs.enable_ipv6) 5133 sp->confflags |= CONF_ENABLE_IPV6; 5134 else 5135 sp->confflags &= ~CONF_ENABLE_IPV6; 5136#endif 5137 break; 5138 5139 default: 5140 rv = EINVAL; 5141 } 5142 5143 quit: 5144 free(spr, M_TEMP); 5145 5146 return (rv); 5147} 5148 5149static void 5150sppp_phase_network(struct sppp *sp) 5151{ 5152 STDDCL; 5153 int i; 5154 u_long mask; 5155 5156 sp->pp_phase = PHASE_NETWORK; 5157 5158 if (debug) 5159 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5160 sppp_phase_name(sp->pp_phase)); 5161 5162 /* Notify NCPs now. */ 5163 for (i = 0; i < IDX_COUNT; i++) 5164 if ((cps[i])->flags & CP_NCP) 5165 (cps[i])->Open(sp); 5166 5167 /* Send Up events to all NCPs. */ 5168 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5169 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5170 (cps[i])->Up(sp); 5171 5172 /* if no NCP is starting, all this was in vain, close down */ 5173 sppp_lcp_check_and_close(sp); 5174} 5175 5176 5177static const char * 5178sppp_cp_type_name(u_char type) 5179{ 5180 static char buf[12]; 5181 switch (type) { 5182 case CONF_REQ: return "conf-req"; 5183 case CONF_ACK: return "conf-ack"; 5184 case CONF_NAK: return "conf-nak"; 5185 case CONF_REJ: return "conf-rej"; 5186 case TERM_REQ: return "term-req"; 5187 case TERM_ACK: return "term-ack"; 5188 case CODE_REJ: return "code-rej"; 5189 case PROTO_REJ: return "proto-rej"; 5190 case ECHO_REQ: return "echo-req"; 5191 case ECHO_REPLY: return "echo-reply"; 5192 case DISC_REQ: return "discard-req"; 5193 } 5194 snprintf (buf, sizeof(buf), "cp/0x%x", type); 5195 return buf; 5196} 5197 5198static const char * 5199sppp_auth_type_name(u_short proto, u_char type) 5200{ 5201 static char buf[12]; 5202 switch (proto) { 5203 case PPP_CHAP: 5204 switch (type) { 5205 case CHAP_CHALLENGE: return "challenge"; 5206 case CHAP_RESPONSE: return "response"; 5207 case CHAP_SUCCESS: return "success"; 5208 case CHAP_FAILURE: return "failure"; 5209 } 5210 case PPP_PAP: 5211 switch (type) { 5212 case PAP_REQ: return "req"; 5213 case PAP_ACK: return "ack"; 5214 case PAP_NAK: return "nak"; 5215 } 5216 } 5217 snprintf (buf, sizeof(buf), "auth/0x%x", type); 5218 return buf; 5219} 5220 5221static const char * 5222sppp_lcp_opt_name(u_char opt) 5223{ 5224 static char buf[12]; 5225 switch (opt) { 5226 case LCP_OPT_MRU: return "mru"; 5227 case LCP_OPT_ASYNC_MAP: return "async-map"; 5228 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5229 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5230 case LCP_OPT_MAGIC: return "magic"; 5231 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5232 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5233 } 5234 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 5235 return buf; 5236} 5237 5238static const char * 5239sppp_ipcp_opt_name(u_char opt) 5240{ 5241 static char buf[12]; 5242 switch (opt) { 5243 case IPCP_OPT_ADDRESSES: return "addresses"; 5244 case IPCP_OPT_COMPRESSION: return "compression"; 5245 case IPCP_OPT_ADDRESS: return "address"; 5246 } 5247 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 5248 return buf; 5249} 5250 5251#ifdef INET6 5252static const char * 5253sppp_ipv6cp_opt_name(u_char opt) 5254{ 5255 static char buf[12]; 5256 switch (opt) { 5257 case IPV6CP_OPT_IFID: return "ifid"; 5258 case IPV6CP_OPT_COMPRESSION: return "compression"; 5259 } 5260 sprintf (buf, "0x%x", opt); 5261 return buf; 5262} 5263#endif 5264 5265static const char * 5266sppp_state_name(int state) 5267{ 5268 switch (state) { 5269 case STATE_INITIAL: return "initial"; 5270 case STATE_STARTING: return "starting"; 5271 case STATE_CLOSED: return "closed"; 5272 case STATE_STOPPED: return "stopped"; 5273 case STATE_CLOSING: return "closing"; 5274 case STATE_STOPPING: return "stopping"; 5275 case STATE_REQ_SENT: return "req-sent"; 5276 case STATE_ACK_RCVD: return "ack-rcvd"; 5277 case STATE_ACK_SENT: return "ack-sent"; 5278 case STATE_OPENED: return "opened"; 5279 } 5280 return "illegal"; 5281} 5282 5283static const char * 5284sppp_phase_name(enum ppp_phase phase) 5285{ 5286 switch (phase) { 5287 case PHASE_DEAD: return "dead"; 5288 case PHASE_ESTABLISH: return "establish"; 5289 case PHASE_TERMINATE: return "terminate"; 5290 case PHASE_AUTHENTICATE: return "authenticate"; 5291 case PHASE_NETWORK: return "network"; 5292 } 5293 return "illegal"; 5294} 5295 5296static const char * 5297sppp_proto_name(u_short proto) 5298{ 5299 static char buf[12]; 5300 switch (proto) { 5301 case PPP_LCP: return "lcp"; 5302 case PPP_IPCP: return "ipcp"; 5303 case PPP_PAP: return "pap"; 5304 case PPP_CHAP: return "chap"; 5305 case PPP_IPV6CP: return "ipv6cp"; 5306 } 5307 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5308 return buf; 5309} 5310 5311static void 5312sppp_print_bytes(const u_char *p, u_short len) 5313{ 5314 if (len) 5315 log(-1, " %*D", len, p, "-"); 5316} 5317 5318static void 5319sppp_print_string(const char *p, u_short len) 5320{ 5321 u_char c; 5322 5323 while (len-- > 0) { 5324 c = *p++; 5325 /* 5326 * Print only ASCII chars directly. RFC 1994 recommends 5327 * using only them, but we don't rely on it. */ 5328 if (c < ' ' || c > '~') 5329 log(-1, "\\x%x", c); 5330 else 5331 log(-1, "%c", c); 5332 } 5333} 5334 5335static const char * 5336sppp_dotted_quad(u_long addr) 5337{ 5338 static char s[16]; 5339 sprintf(s, "%d.%d.%d.%d", 5340 (int)((addr >> 24) & 0xff), 5341 (int)((addr >> 16) & 0xff), 5342 (int)((addr >> 8) & 0xff), 5343 (int)(addr & 0xff)); 5344 return s; 5345} 5346 5347static int 5348sppp_strnlen(u_char *p, int max) 5349{ 5350 int len; 5351 5352 for (len = 0; len < max && *p; ++p) 5353 ++len; 5354 return len; 5355} 5356 5357/* a dummy, used to drop uninteresting events */ 5358static void 5359sppp_null(struct sppp *unused) 5360{ 5361 /* do just nothing */ 5362} 5363