if_spppsubr.c revision 138745
1/* 2 * Synchronous PPP/Cisco link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 * 5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6 * Author: Serge Vakulenko, <vak@cronyx.ru> 7 * 8 * Heavily revamped to conform to RFC 1661. 9 * Copyright (C) 1997, 2001 Joerg Wunsch. 10 * 11 * This software is distributed with NO WARRANTIES, not even the implied 12 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13 * 14 * Authors grant any other persons or organisations permission to use 15 * or modify this software as long as this message is kept with the software, 16 * all derivative works or modified versions. 17 * 18 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 19 * 20 * $FreeBSD: head/sys/net/if_spppsubr.c 138745 2004-12-12 14:54:15Z rik $ 21 */ 22 23#include <sys/param.h> 24 25#if defined(__FreeBSD__) && __FreeBSD__ >= 3 26#include "opt_inet.h" 27#include "opt_inet6.h" 28#include "opt_ipx.h" 29#endif 30 31#ifdef NetBSD1_3 32# if NetBSD1_3 > 6 33# include "opt_inet.h" 34# include "opt_inet6.h" 35# include "opt_iso.h" 36# endif 37#endif 38 39#include <sys/systm.h> 40#include <sys/kernel.h> 41#include <sys/module.h> 42#include <sys/sockio.h> 43#include <sys/socket.h> 44#include <sys/syslog.h> 45#if defined(__FreeBSD__) && __FreeBSD__ >= 3 46#include <sys/random.h> 47#endif 48#include <sys/malloc.h> 49#include <sys/mbuf.h> 50 51#if defined (__OpenBSD__) 52#include <sys/md5k.h> 53#else 54#include <sys/md5.h> 55#endif 56 57#include <net/if.h> 58#include <net/netisr.h> 59#include <net/if_types.h> 60#include <net/route.h> 61#include <netinet/in.h> 62#include <netinet/in_systm.h> 63#include <netinet/ip.h> 64#include <net/slcompress.h> 65 66#if defined (__NetBSD__) || defined (__OpenBSD__) 67#include <machine/cpu.h> /* XXX for softnet */ 68#endif 69 70#include <machine/stdarg.h> 71 72#include <netinet/in.h> 73#include <netinet/in_systm.h> 74#include <netinet/in_var.h> 75 76#ifdef INET 77#include <netinet/ip.h> 78#include <netinet/tcp.h> 79#endif 80 81#if defined (__FreeBSD__) || defined (__OpenBSD__) 82# include <netinet/if_ether.h> 83#else 84# include <net/ethertypes.h> 85#endif 86 87#ifdef IPX 88#include <netipx/ipx.h> 89#include <netipx/ipx_if.h> 90#endif 91 92#include <net/if_sppp.h> 93 94#if defined(__FreeBSD__) && __FreeBSD__ >= 3 95# define IOCTL_CMD_T u_long 96#else 97# define IOCTL_CMD_T int 98#endif 99 100#define MAXALIVECNT 3 /* max. alive packets */ 101 102/* 103 * Interface flags that can be set in an ifconfig command. 104 * 105 * Setting link0 will make the link passive, i.e. it will be marked 106 * as being administrative openable, but won't be opened to begin 107 * with. Incoming calls will be answered, or subsequent calls with 108 * -link1 will cause the administrative open of the LCP layer. 109 * 110 * Setting link1 will cause the link to auto-dial only as packets 111 * arrive to be sent. 112 * 113 * Setting IFF_DEBUG will syslog the option negotiation and state 114 * transitions at level kern.debug. Note: all logs consistently look 115 * like 116 * 117 * <if-name><unit>: <proto-name> <additional info...> 118 * 119 * with <if-name><unit> being something like "bppp0", and <proto-name> 120 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 121 */ 122 123#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 124#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 125#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 126 127#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 128#define PPP_UI 0x03 /* Unnumbered Information */ 129#define PPP_IP 0x0021 /* Internet Protocol */ 130#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 131#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 132#define PPP_IPX 0x002b /* Novell IPX Protocol */ 133#define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */ 134#define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */ 135#define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 136#define PPP_LCP 0xc021 /* Link Control Protocol */ 137#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 138#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 139#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 140#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 141 142#define CONF_REQ 1 /* PPP configure request */ 143#define CONF_ACK 2 /* PPP configure acknowledge */ 144#define CONF_NAK 3 /* PPP configure negative ack */ 145#define CONF_REJ 4 /* PPP configure reject */ 146#define TERM_REQ 5 /* PPP terminate request */ 147#define TERM_ACK 6 /* PPP terminate acknowledge */ 148#define CODE_REJ 7 /* PPP code reject */ 149#define PROTO_REJ 8 /* PPP protocol reject */ 150#define ECHO_REQ 9 /* PPP echo request */ 151#define ECHO_REPLY 10 /* PPP echo reply */ 152#define DISC_REQ 11 /* PPP discard request */ 153 154#define LCP_OPT_MRU 1 /* maximum receive unit */ 155#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 156#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 157#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 158#define LCP_OPT_MAGIC 5 /* magic number */ 159#define LCP_OPT_RESERVED 6 /* reserved */ 160#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 161#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 162 163#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 164#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 165#define IPCP_OPT_ADDRESS 3 /* local IP address */ 166 167#define IPV6CP_OPT_IFID 1 /* interface identifier */ 168#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 169 170#define IPCP_COMP_VJ 0x2d /* Code for VJ compression */ 171 172#define PAP_REQ 1 /* PAP name/password request */ 173#define PAP_ACK 2 /* PAP acknowledge */ 174#define PAP_NAK 3 /* PAP fail */ 175 176#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 177#define CHAP_RESPONSE 2 /* CHAP challenge response */ 178#define CHAP_SUCCESS 3 /* CHAP response ok */ 179#define CHAP_FAILURE 4 /* CHAP response failed */ 180 181#define CHAP_MD5 5 /* hash algorithm - MD5 */ 182 183#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 184#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 185#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 186#define CISCO_ADDR_REQ 0 /* Cisco address request */ 187#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 188#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 189 190/* states are named and numbered according to RFC 1661 */ 191#define STATE_INITIAL 0 192#define STATE_STARTING 1 193#define STATE_CLOSED 2 194#define STATE_STOPPED 3 195#define STATE_CLOSING 4 196#define STATE_STOPPING 5 197#define STATE_REQ_SENT 6 198#define STATE_ACK_RCVD 7 199#define STATE_ACK_SENT 8 200#define STATE_OPENED 9 201 202struct ppp_header { 203 u_char address; 204 u_char control; 205 u_short protocol; 206} __packed; 207#define PPP_HEADER_LEN sizeof (struct ppp_header) 208 209struct lcp_header { 210 u_char type; 211 u_char ident; 212 u_short len; 213} __packed; 214#define LCP_HEADER_LEN sizeof (struct lcp_header) 215 216struct cisco_packet { 217 u_long type; 218 u_long par1; 219 u_long par2; 220 u_short rel; 221 u_short time0; 222 u_short time1; 223} __packed; 224#define CISCO_PACKET_LEN sizeof (struct cisco_packet) 225 226/* 227 * We follow the spelling and capitalization of RFC 1661 here, to make 228 * it easier comparing with the standard. Please refer to this RFC in 229 * case you can't make sense out of these abbreviation; it will also 230 * explain the semantics related to the various events and actions. 231 */ 232struct cp { 233 u_short proto; /* PPP control protocol number */ 234 u_char protoidx; /* index into state table in struct sppp */ 235 u_char flags; 236#define CP_LCP 0x01 /* this is the LCP */ 237#define CP_AUTH 0x02 /* this is an authentication protocol */ 238#define CP_NCP 0x04 /* this is a NCP */ 239#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 240 const char *name; /* name of this control protocol */ 241 /* event handlers */ 242 void (*Up)(struct sppp *sp); 243 void (*Down)(struct sppp *sp); 244 void (*Open)(struct sppp *sp); 245 void (*Close)(struct sppp *sp); 246 void (*TO)(void *sp); 247 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 248 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 249 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 250 /* actions */ 251 void (*tlu)(struct sppp *sp); 252 void (*tld)(struct sppp *sp); 253 void (*tls)(struct sppp *sp); 254 void (*tlf)(struct sppp *sp); 255 void (*scr)(struct sppp *sp); 256}; 257 258#if defined(__FreeBSD__) && __FreeBSD__ >= 3 && __FreeBSD_version < 501113 259#define SPP_FMT "%s%d: " 260#define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 261#else 262#define SPP_FMT "%s: " 263#define SPP_ARGS(ifp) (ifp)->if_xname 264#endif 265 266#define SPPP_LOCK(sp) \ 267 do { \ 268 if (!((sp)->pp_if.if_flags & IFF_NEEDSGIANT)) \ 269 mtx_lock (&(sp)->mtx); \ 270 } while (0) 271#define SPPP_UNLOCK(sp) \ 272 do { \ 273 if (!((sp)->pp_if.if_flags & IFF_NEEDSGIANT)) \ 274 mtx_unlock (&(sp)->mtx); \ 275 } while (0) 276 277#define SPPP_LOCK_ASSERT(sp) \ 278 do { \ 279 if (!((sp)->pp_if.if_flags & IFF_NEEDSGIANT)) \ 280 mtx_assert (&(sp)->mtx, MA_OWNED); \ 281 } while (0) 282#define SPPP_LOCK_OWNED(sp) \ 283 (!((sp)->pp_if.if_flags & IFF_NEEDSGIANT) && \ 284 mtx_owned (&sp->mtx)) 285 286#ifdef INET 287/* 288 * The following disgusting hack gets around the problem that IP TOS 289 * can't be set yet. We want to put "interactive" traffic on a high 290 * priority queue. To decide if traffic is interactive, we check that 291 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 292 * 293 * XXX is this really still necessary? - joerg - 294 */ 295static const u_short interactive_ports[8] = { 296 0, 513, 0, 0, 297 0, 21, 0, 23, 298}; 299#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 300#endif 301 302/* almost every function needs these */ 303#define STDDCL \ 304 struct ifnet *ifp = &sp->pp_if; \ 305 int debug = ifp->if_flags & IFF_DEBUG 306 307static int sppp_output(struct ifnet *ifp, struct mbuf *m, 308 struct sockaddr *dst, struct rtentry *rt); 309 310static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 311static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 312 313static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 314 struct mbuf *m); 315static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 316 u_char ident, u_short len, void *data); 317/* static void sppp_cp_timeout(void *arg); */ 318static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 319 int newstate); 320static void sppp_auth_send(const struct cp *cp, 321 struct sppp *sp, unsigned int type, unsigned int id, 322 ...); 323 324static void sppp_up_event(const struct cp *cp, struct sppp *sp); 325static void sppp_down_event(const struct cp *cp, struct sppp *sp); 326static void sppp_open_event(const struct cp *cp, struct sppp *sp); 327static void sppp_close_event(const struct cp *cp, struct sppp *sp); 328static void sppp_to_event(const struct cp *cp, struct sppp *sp); 329 330static void sppp_null(struct sppp *sp); 331 332static void sppp_pp_up(struct sppp *sp); 333static void sppp_pp_down(struct sppp *sp); 334 335static void sppp_lcp_init(struct sppp *sp); 336static void sppp_lcp_up(struct sppp *sp); 337static void sppp_lcp_down(struct sppp *sp); 338static void sppp_lcp_open(struct sppp *sp); 339static void sppp_lcp_close(struct sppp *sp); 340static void sppp_lcp_TO(void *sp); 341static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 342static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 343static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 344static void sppp_lcp_tlu(struct sppp *sp); 345static void sppp_lcp_tld(struct sppp *sp); 346static void sppp_lcp_tls(struct sppp *sp); 347static void sppp_lcp_tlf(struct sppp *sp); 348static void sppp_lcp_scr(struct sppp *sp); 349static void sppp_lcp_check_and_close(struct sppp *sp); 350static int sppp_ncp_check(struct sppp *sp); 351 352static void sppp_ipcp_init(struct sppp *sp); 353static void sppp_ipcp_up(struct sppp *sp); 354static void sppp_ipcp_down(struct sppp *sp); 355static void sppp_ipcp_open(struct sppp *sp); 356static void sppp_ipcp_close(struct sppp *sp); 357static void sppp_ipcp_TO(void *sp); 358static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 359static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 360static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 361static void sppp_ipcp_tlu(struct sppp *sp); 362static void sppp_ipcp_tld(struct sppp *sp); 363static void sppp_ipcp_tls(struct sppp *sp); 364static void sppp_ipcp_tlf(struct sppp *sp); 365static void sppp_ipcp_scr(struct sppp *sp); 366 367static void sppp_ipv6cp_init(struct sppp *sp); 368static void sppp_ipv6cp_up(struct sppp *sp); 369static void sppp_ipv6cp_down(struct sppp *sp); 370static void sppp_ipv6cp_open(struct sppp *sp); 371static void sppp_ipv6cp_close(struct sppp *sp); 372static void sppp_ipv6cp_TO(void *sp); 373static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 374static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 375static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 376static void sppp_ipv6cp_tlu(struct sppp *sp); 377static void sppp_ipv6cp_tld(struct sppp *sp); 378static void sppp_ipv6cp_tls(struct sppp *sp); 379static void sppp_ipv6cp_tlf(struct sppp *sp); 380static void sppp_ipv6cp_scr(struct sppp *sp); 381 382static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 383static void sppp_pap_init(struct sppp *sp); 384static void sppp_pap_open(struct sppp *sp); 385static void sppp_pap_close(struct sppp *sp); 386static void sppp_pap_TO(void *sp); 387static void sppp_pap_my_TO(void *sp); 388static void sppp_pap_tlu(struct sppp *sp); 389static void sppp_pap_tld(struct sppp *sp); 390static void sppp_pap_scr(struct sppp *sp); 391 392static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 393static void sppp_chap_init(struct sppp *sp); 394static void sppp_chap_open(struct sppp *sp); 395static void sppp_chap_close(struct sppp *sp); 396static void sppp_chap_TO(void *sp); 397static void sppp_chap_tlu(struct sppp *sp); 398static void sppp_chap_tld(struct sppp *sp); 399static void sppp_chap_scr(struct sppp *sp); 400 401static const char *sppp_auth_type_name(u_short proto, u_char type); 402static const char *sppp_cp_type_name(u_char type); 403static const char *sppp_dotted_quad(u_long addr); 404static const char *sppp_ipcp_opt_name(u_char opt); 405#ifdef INET6 406static const char *sppp_ipv6cp_opt_name(u_char opt); 407#endif 408static const char *sppp_lcp_opt_name(u_char opt); 409static const char *sppp_phase_name(enum ppp_phase phase); 410static const char *sppp_proto_name(u_short proto); 411static const char *sppp_state_name(int state); 412static int sppp_params(struct sppp *sp, u_long cmd, void *data); 413static int sppp_strnlen(u_char *p, int max); 414static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 415 u_long *srcmask); 416static void sppp_keepalive(void *dummy); 417static void sppp_phase_network(struct sppp *sp); 418static void sppp_print_bytes(const u_char *p, u_short len); 419static void sppp_print_string(const char *p, u_short len); 420static void sppp_qflush(struct ifqueue *ifq); 421static void sppp_set_ip_addr(struct sppp *sp, u_long src); 422#ifdef INET6 423static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 424 struct in6_addr *dst, struct in6_addr *srcmask); 425#ifdef IPV6CP_MYIFID_DYN 426static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 427static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 428#endif 429static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 430#endif 431 432/* if_start () wrapper */ 433static void sppp_ifstart (struct ifnet *ifp); 434 435/* our control protocol descriptors */ 436static const struct cp lcp = { 437 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 438 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 439 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 440 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 441 sppp_lcp_scr 442}; 443 444static const struct cp ipcp = { 445 PPP_IPCP, IDX_IPCP, 446#ifdef INET /* don't run IPCP if there's no IPv4 support */ 447 CP_NCP, 448#else 449 0, 450#endif 451 "ipcp", 452 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 453 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 454 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 455 sppp_ipcp_scr 456}; 457 458static const struct cp ipv6cp = { 459 PPP_IPV6CP, IDX_IPV6CP, 460#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 461 CP_NCP, 462#else 463 0, 464#endif 465 "ipv6cp", 466 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 467 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 468 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 469 sppp_ipv6cp_scr 470}; 471 472static const struct cp pap = { 473 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 474 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 475 sppp_pap_TO, 0, 0, 0, 476 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 477 sppp_pap_scr 478}; 479 480static const struct cp chap = { 481 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 482 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 483 sppp_chap_TO, 0, 0, 0, 484 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 485 sppp_chap_scr 486}; 487 488static const struct cp *cps[IDX_COUNT] = { 489 &lcp, /* IDX_LCP */ 490 &ipcp, /* IDX_IPCP */ 491 &ipv6cp, /* IDX_IPV6CP */ 492 &pap, /* IDX_PAP */ 493 &chap, /* IDX_CHAP */ 494}; 495 496static int 497sppp_modevent(module_t mod, int type, void *unused) 498{ 499 switch (type) { 500 case MOD_LOAD: 501 break; 502 case MOD_UNLOAD: 503 return EACCES; 504 default: 505 return EOPNOTSUPP; 506 } 507 return 0; 508} 509static moduledata_t spppmod = { 510 "sppp", 511 sppp_modevent, 512 0 513}; 514MODULE_VERSION(sppp, 1); 515DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 516 517/* 518 * Exported functions, comprising our interface to the lower layer. 519 */ 520 521/* 522 * Process the received packet. 523 */ 524void 525sppp_input(struct ifnet *ifp, struct mbuf *m) 526{ 527 struct ppp_header *h; 528 int isr = -1; 529 struct sppp *sp = (struct sppp *)ifp; 530 u_char *iphdr; 531 int hlen, vjlen, do_account = 0; 532 int debug; 533 534 SPPP_LOCK(sp); 535 debug = ifp->if_flags & IFF_DEBUG; 536 537 if (ifp->if_flags & IFF_UP) 538 /* Count received bytes, add FCS and one flag */ 539 ifp->if_ibytes += m->m_pkthdr.len + 3; 540 541 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 542 /* Too small packet, drop it. */ 543 if (debug) 544 log(LOG_DEBUG, 545 SPP_FMT "input packet is too small, %d bytes\n", 546 SPP_ARGS(ifp), m->m_pkthdr.len); 547 drop: 548 m_freem (m); 549 SPPP_UNLOCK(sp); 550 drop2: 551 ++ifp->if_ierrors; 552 ++ifp->if_iqdrops; 553 return; 554 } 555 556 /* Get PPP header. */ 557 h = mtod (m, struct ppp_header*); 558 m_adj (m, PPP_HEADER_LEN); 559 560 switch (h->address) { 561 case PPP_ALLSTATIONS: 562 if (h->control != PPP_UI) 563 goto invalid; 564 if (sp->pp_mode == IFF_CISCO) { 565 if (debug) 566 log(LOG_DEBUG, 567 SPP_FMT "PPP packet in Cisco mode " 568 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 569 SPP_ARGS(ifp), 570 h->address, h->control, ntohs(h->protocol)); 571 goto drop; 572 } 573 switch (ntohs (h->protocol)) { 574 default: 575 if (debug) 576 log(LOG_DEBUG, 577 SPP_FMT "rejecting protocol " 578 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 579 SPP_ARGS(ifp), 580 h->address, h->control, ntohs(h->protocol)); 581 if (sp->state[IDX_LCP] == STATE_OPENED) 582 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 583 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 584 &h->protocol); 585 ++ifp->if_noproto; 586 goto drop; 587 case PPP_LCP: 588 sppp_cp_input(&lcp, sp, m); 589 m_freem (m); 590 SPPP_UNLOCK(sp); 591 return; 592 case PPP_PAP: 593 if (sp->pp_phase >= PHASE_AUTHENTICATE) 594 sppp_pap_input(sp, m); 595 m_freem (m); 596 SPPP_UNLOCK(sp); 597 return; 598 case PPP_CHAP: 599 if (sp->pp_phase >= PHASE_AUTHENTICATE) 600 sppp_chap_input(sp, m); 601 m_freem (m); 602 SPPP_UNLOCK(sp); 603 return; 604#ifdef INET 605 case PPP_IPCP: 606 if (sp->pp_phase == PHASE_NETWORK) 607 sppp_cp_input(&ipcp, sp, m); 608 m_freem (m); 609 SPPP_UNLOCK(sp); 610 return; 611 case PPP_IP: 612 if (sp->state[IDX_IPCP] == STATE_OPENED) { 613 isr = NETISR_IP; 614 } 615 do_account++; 616 break; 617 case PPP_VJ_COMP: 618 if (sp->state[IDX_IPCP] == STATE_OPENED) { 619 if ((vjlen = 620 sl_uncompress_tcp_core(mtod(m, u_char *), 621 m->m_len, m->m_len, 622 TYPE_COMPRESSED_TCP, 623 sp->pp_comp, 624 &iphdr, &hlen)) <= 0) { 625 if (debug) 626 log(LOG_INFO, 627 SPP_FMT "VJ uncompress failed on compressed packet\n", 628 SPP_ARGS(ifp)); 629 goto drop; 630 } 631 632 /* 633 * Trim the VJ header off the packet, and prepend 634 * the uncompressed IP header (which will usually 635 * end up in two chained mbufs since there's not 636 * enough leading space in the existing mbuf). 637 */ 638 m_adj(m, vjlen); 639 M_PREPEND(m, hlen, M_DONTWAIT); 640 if (m == NULL) { 641 SPPP_UNLOCK(sp); 642 goto drop2; 643 } 644 bcopy(iphdr, mtod(m, u_char *), hlen); 645 isr = NETISR_IP; 646 } 647 do_account++; 648 break; 649 case PPP_VJ_UCOMP: 650 if (sp->state[IDX_IPCP] == STATE_OPENED) { 651 if (sl_uncompress_tcp_core(mtod(m, u_char *), 652 m->m_len, m->m_len, 653 TYPE_UNCOMPRESSED_TCP, 654 sp->pp_comp, 655 &iphdr, &hlen) != 0) { 656 if (debug) 657 log(LOG_INFO, 658 SPP_FMT "VJ uncompress failed on uncompressed packet\n", 659 SPP_ARGS(ifp)); 660 goto drop; 661 } 662 isr = NETISR_IP; 663 } 664 do_account++; 665 break; 666#endif 667#ifdef INET6 668 case PPP_IPV6CP: 669 if (sp->pp_phase == PHASE_NETWORK) 670 sppp_cp_input(&ipv6cp, sp, m); 671 m_freem (m); 672 SPPP_UNLOCK(sp); 673 return; 674 675 case PPP_IPV6: 676 if (sp->state[IDX_IPV6CP] == STATE_OPENED) 677 isr = NETISR_IPV6; 678 do_account++; 679 break; 680#endif 681#ifdef IPX 682 case PPP_IPX: 683 /* IPX IPXCP not implemented yet */ 684 if (sp->pp_phase == PHASE_NETWORK) 685 isr = NETISR_IPX; 686 do_account++; 687 break; 688#endif 689 } 690 break; 691 case CISCO_MULTICAST: 692 case CISCO_UNICAST: 693 /* Don't check the control field here (RFC 1547). */ 694 if (sp->pp_mode != IFF_CISCO) { 695 if (debug) 696 log(LOG_DEBUG, 697 SPP_FMT "Cisco packet in PPP mode " 698 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 699 SPP_ARGS(ifp), 700 h->address, h->control, ntohs(h->protocol)); 701 goto drop; 702 } 703 switch (ntohs (h->protocol)) { 704 default: 705 ++ifp->if_noproto; 706 goto invalid; 707 case CISCO_KEEPALIVE: 708 sppp_cisco_input ((struct sppp*) ifp, m); 709 m_freem (m); 710 SPPP_UNLOCK(sp); 711 return; 712#ifdef INET 713 case ETHERTYPE_IP: 714 isr = NETISR_IP; 715 do_account++; 716 break; 717#endif 718#ifdef INET6 719 case ETHERTYPE_IPV6: 720 isr = NETISR_IPV6; 721 do_account++; 722 break; 723#endif 724#ifdef IPX 725 case ETHERTYPE_IPX: 726 isr = NETISR_IPX; 727 do_account++; 728 break; 729#endif 730 } 731 break; 732 default: /* Invalid PPP packet. */ 733 invalid: 734 if (debug) 735 log(LOG_DEBUG, 736 SPP_FMT "invalid input packet " 737 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 738 SPP_ARGS(ifp), 739 h->address, h->control, ntohs(h->protocol)); 740 goto drop; 741 } 742 743 if (! (ifp->if_flags & IFF_UP) || isr == -1) 744 goto drop; 745 746 SPPP_UNLOCK(sp); 747 /* Check queue. */ 748 if (netisr_queue(isr, m)) { /* (0) on success. */ 749 if (debug) 750 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 751 SPP_ARGS(ifp)); 752 goto drop2; 753 } 754 755 if (do_account) 756 /* 757 * Do only account for network packets, not for control 758 * packets. This is used by some subsystems to detect 759 * idle lines. 760 */ 761 sp->pp_last_recv = time_second; 762} 763 764static void 765sppp_ifstart_sched(void *dummy) 766{ 767 struct sppp *sp = dummy; 768 769 sp->if_start(&sp->pp_if); 770} 771 772/* if_start () wrapper function. We use it to schedule real if_start () for 773 * execution. We can't call it directly 774 */ 775static void 776sppp_ifstart(struct ifnet *ifp) 777{ 778 struct sppp *sp = (struct sppp*) ifp; 779 780 if (SPPP_LOCK_OWNED(sp)) { 781 if (callout_pending(&sp->ifstart_callout)) 782 return; 783 callout_reset(&sp->ifstart_callout, 1, sppp_ifstart_sched, 784 (void *)sp); 785 } else { 786 sp->if_start(ifp); 787 } 788} 789 790/* 791 * Enqueue transmit packet. 792 */ 793static int 794sppp_output(struct ifnet *ifp, struct mbuf *m, 795 struct sockaddr *dst, struct rtentry *rt) 796{ 797 struct sppp *sp = (struct sppp*) ifp; 798 struct ppp_header *h; 799 struct ifqueue *ifq = NULL; 800 int s, error, rv = 0; 801 int ipproto = PPP_IP; 802 int debug = ifp->if_flags & IFF_DEBUG; 803 804 s = splimp(); 805 SPPP_LOCK(sp); 806 807 if ((ifp->if_flags & IFF_UP) == 0 || 808 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 809#ifdef INET6 810 drop: 811#endif 812 m_freem (m); 813 SPPP_UNLOCK(sp); 814 splx (s); 815 return (ENETDOWN); 816 } 817 818 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 819#ifdef INET6 820 /* 821 * XXX 822 * 823 * Hack to prevent the initialization-time generated 824 * IPv6 multicast packet to erroneously cause a 825 * dialout event in case IPv6 has been 826 * administratively disabled on that interface. 827 */ 828 if (dst->sa_family == AF_INET6 && 829 !(sp->confflags & CONF_ENABLE_IPV6)) 830 goto drop; 831#endif 832 /* 833 * Interface is not yet running, but auto-dial. Need 834 * to start LCP for it. 835 */ 836 ifp->if_flags |= IFF_RUNNING; 837 splx(s); 838 lcp.Open(sp); 839 s = splimp(); 840 } 841 842#ifdef INET 843 if (dst->sa_family == AF_INET) { 844 /* XXX Check mbuf length here? */ 845 struct ip *ip = mtod (m, struct ip*); 846 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 847 848 /* 849 * When using dynamic local IP address assignment by using 850 * 0.0.0.0 as a local address, the first TCP session will 851 * not connect because the local TCP checksum is computed 852 * using 0.0.0.0 which will later become our real IP address 853 * so the TCP checksum computed at the remote end will 854 * become invalid. So we 855 * - don't let packets with src ip addr 0 thru 856 * - we flag TCP packets with src ip 0 as an error 857 */ 858 859 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 860 { 861 m_freem(m); 862 SPPP_UNLOCK(sp); 863 splx(s); 864 if(ip->ip_p == IPPROTO_TCP) 865 return(EADDRNOTAVAIL); 866 else 867 return(0); 868 } 869 870 /* 871 * Put low delay, telnet, rlogin and ftp control packets 872 * in front of the queue or let ALTQ take care. 873 */ 874 if (ALTQ_IS_ENABLED(&ifp->if_snd)) 875 ; 876 else if (_IF_QFULL(&sp->pp_fastq)) 877 ; 878 else if (ip->ip_tos & IPTOS_LOWDELAY) 879 ifq = &sp->pp_fastq; 880 else if (m->m_len < sizeof *ip + sizeof *tcp) 881 ; 882 else if (ip->ip_p != IPPROTO_TCP) 883 ; 884 else if (INTERACTIVE (ntohs (tcp->th_sport))) 885 ifq = &sp->pp_fastq; 886 else if (INTERACTIVE (ntohs (tcp->th_dport))) 887 ifq = &sp->pp_fastq; 888 889 /* 890 * Do IP Header compression 891 */ 892 if (sp->pp_mode != IFF_CISCO && 893 (sp->ipcp.flags & IPCP_VJ) && ip->ip_p == IPPROTO_TCP) 894 switch (sl_compress_tcp(m, ip, sp->pp_comp, 895 sp->ipcp.compress_cid)) { 896 case TYPE_COMPRESSED_TCP: 897 ipproto = PPP_VJ_COMP; 898 break; 899 case TYPE_UNCOMPRESSED_TCP: 900 ipproto = PPP_VJ_UCOMP; 901 break; 902 case TYPE_IP: 903 ipproto = PPP_IP; 904 break; 905 default: 906 m_freem(m); 907 SPPP_UNLOCK(sp); 908 splx(s); 909 return (EINVAL); 910 } 911 } 912#endif 913 914#ifdef INET6 915 if (dst->sa_family == AF_INET6) { 916 /* XXX do something tricky here? */ 917 } 918#endif 919 920 /* 921 * Prepend general data packet PPP header. For now, IP only. 922 */ 923 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 924 if (! m) { 925 if (debug) 926 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 927 SPP_ARGS(ifp)); 928 ++ifp->if_oerrors; 929 SPPP_UNLOCK(sp); 930 splx (s); 931 return (ENOBUFS); 932 } 933 /* 934 * May want to check size of packet 935 * (albeit due to the implementation it's always enough) 936 */ 937 h = mtod (m, struct ppp_header*); 938 if (sp->pp_mode == IFF_CISCO) { 939 h->address = CISCO_UNICAST; /* unicast address */ 940 h->control = 0; 941 } else { 942 h->address = PPP_ALLSTATIONS; /* broadcast address */ 943 h->control = PPP_UI; /* Unnumbered Info */ 944 } 945 946 switch (dst->sa_family) { 947#ifdef INET 948 case AF_INET: /* Internet Protocol */ 949 if (sp->pp_mode == IFF_CISCO) 950 h->protocol = htons (ETHERTYPE_IP); 951 else { 952 /* 953 * Don't choke with an ENETDOWN early. It's 954 * possible that we just started dialing out, 955 * so don't drop the packet immediately. If 956 * we notice that we run out of buffer space 957 * below, we will however remember that we are 958 * not ready to carry IP packets, and return 959 * ENETDOWN, as opposed to ENOBUFS. 960 */ 961 h->protocol = htons(ipproto); 962 if (sp->state[IDX_IPCP] != STATE_OPENED) 963 rv = ENETDOWN; 964 } 965 break; 966#endif 967#ifdef INET6 968 case AF_INET6: /* Internet Protocol */ 969 if (sp->pp_mode == IFF_CISCO) 970 h->protocol = htons (ETHERTYPE_IPV6); 971 else { 972 /* 973 * Don't choke with an ENETDOWN early. It's 974 * possible that we just started dialing out, 975 * so don't drop the packet immediately. If 976 * we notice that we run out of buffer space 977 * below, we will however remember that we are 978 * not ready to carry IP packets, and return 979 * ENETDOWN, as opposed to ENOBUFS. 980 */ 981 h->protocol = htons(PPP_IPV6); 982 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 983 rv = ENETDOWN; 984 } 985 break; 986#endif 987#ifdef IPX 988 case AF_IPX: /* Novell IPX Protocol */ 989 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 990 ETHERTYPE_IPX : PPP_IPX); 991 break; 992#endif 993 default: 994 m_freem (m); 995 ++ifp->if_oerrors; 996 SPPP_UNLOCK(sp); 997 splx (s); 998 return (EAFNOSUPPORT); 999 } 1000 1001 /* 1002 * Queue message on interface, and start output if interface 1003 * not yet active. 1004 */ 1005 if (ifq != NULL) 1006 error = !(IF_HANDOFF_ADJ(ifq, m, ifp, 3)); 1007 else 1008 IFQ_HANDOFF_ADJ(ifp, m, 3, error); 1009 if (error) { 1010 ++ifp->if_oerrors; 1011 SPPP_UNLOCK(sp); 1012 splx (s); 1013 return (rv? rv: ENOBUFS); 1014 } 1015 SPPP_UNLOCK(sp); 1016 splx (s); 1017 /* 1018 * Unlike in sppp_input(), we can always bump the timestamp 1019 * here since sppp_output() is only called on behalf of 1020 * network-layer traffic; control-layer traffic is handled 1021 * by sppp_cp_send(). 1022 */ 1023 sp->pp_last_sent = time_second; 1024 return (0); 1025} 1026 1027void 1028sppp_attach(struct ifnet *ifp) 1029{ 1030 struct sppp *sp = (struct sppp*) ifp; 1031 1032 /* Initialize mtx lock */ 1033 mtx_init(&sp->mtx, "sppp", MTX_NETWORK_LOCK, MTX_DEF | MTX_RECURSE); 1034 1035 /* Initialize keepalive handler. */ 1036 callout_init(&sp->keepalive_callout, 1037 (ifp->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 1038 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 1039 (void *)sp); 1040 1041 sp->pp_if.if_mtu = PP_MTU; 1042 sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 1043 sp->pp_if.if_type = IFT_PPP; 1044 sp->pp_if.if_output = sppp_output; 1045#if 0 1046 sp->pp_flags = PP_KEEPALIVE; 1047#endif 1048 sp->pp_if.if_snd.ifq_maxlen = 32; 1049 sp->pp_fastq.ifq_maxlen = 32; 1050 sp->pp_cpq.ifq_maxlen = 20; 1051 sp->pp_loopcnt = 0; 1052 sp->pp_alivecnt = 0; 1053 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 1054 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 1055 sp->pp_phase = PHASE_DEAD; 1056 sp->pp_up = sppp_pp_up; 1057 sp->pp_down = sppp_pp_down; 1058 if(!mtx_initialized(&sp->pp_cpq.ifq_mtx)) 1059 mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", NULL, MTX_DEF); 1060 if(!mtx_initialized(&sp->pp_fastq.ifq_mtx)) 1061 mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", NULL, MTX_DEF); 1062 sp->pp_last_recv = sp->pp_last_sent = time_second; 1063 sp->confflags = 0; 1064#ifdef INET 1065 sp->confflags |= CONF_ENABLE_VJ; 1066#endif 1067#ifdef INET6 1068 sp->confflags |= CONF_ENABLE_IPV6; 1069#endif 1070 callout_init(&sp->ifstart_callout, 1071 (ifp->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 1072 sp->if_start = ifp->if_start; 1073 ifp->if_start = sppp_ifstart; 1074 sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAITOK); 1075 sl_compress_init(sp->pp_comp, -1); 1076 sppp_lcp_init(sp); 1077 sppp_ipcp_init(sp); 1078 sppp_ipv6cp_init(sp); 1079 sppp_pap_init(sp); 1080 sppp_chap_init(sp); 1081} 1082 1083void 1084sppp_detach(struct ifnet *ifp) 1085{ 1086 struct sppp *sp = (struct sppp*) ifp; 1087 int i; 1088 1089 KASSERT(mtx_initialized(&sp->mtx), ("sppp mutex is not initialized")); 1090 1091 /* Stop keepalive handler. */ 1092 if (!callout_drain(&sp->keepalive_callout)) 1093 callout_stop(&sp->keepalive_callout); 1094 1095 for (i = 0; i < IDX_COUNT; i++) { 1096 if (!callout_drain(&sp->ch[i])) 1097 callout_stop(&sp->ch[i]); 1098 } 1099 if (!callout_drain(&sp->pap_my_to_ch)) 1100 callout_stop(&sp->pap_my_to_ch); 1101 mtx_destroy(&sp->pp_cpq.ifq_mtx); 1102 mtx_destroy(&sp->pp_fastq.ifq_mtx); 1103 mtx_destroy(&sp->mtx); 1104} 1105 1106/* 1107 * Flush the interface output queue. 1108 */ 1109static void 1110sppp_flush_unlocked(struct ifnet *ifp) 1111{ 1112 struct sppp *sp = (struct sppp*) ifp; 1113 1114 sppp_qflush ((struct ifqueue *)&sp->pp_if.if_snd); 1115 sppp_qflush (&sp->pp_fastq); 1116 sppp_qflush (&sp->pp_cpq); 1117} 1118 1119void 1120sppp_flush(struct ifnet *ifp) 1121{ 1122 struct sppp *sp = (struct sppp*) ifp; 1123 1124 SPPP_LOCK(sp); 1125 sppp_flush_unlocked (ifp); 1126 SPPP_UNLOCK(sp); 1127} 1128 1129/* 1130 * Check if the output queue is empty. 1131 */ 1132int 1133sppp_isempty(struct ifnet *ifp) 1134{ 1135 struct sppp *sp = (struct sppp*) ifp; 1136 int empty, s; 1137 1138 s = splimp(); 1139 SPPP_LOCK(sp); 1140 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 1141 !sp->pp_if.if_snd.ifq_head; 1142 SPPP_UNLOCK(sp); 1143 splx(s); 1144 return (empty); 1145} 1146 1147/* 1148 * Get next packet to send. 1149 */ 1150struct mbuf * 1151sppp_dequeue(struct ifnet *ifp) 1152{ 1153 struct sppp *sp = (struct sppp*) ifp; 1154 struct mbuf *m; 1155 int s; 1156 1157 s = splimp(); 1158 SPPP_LOCK(sp); 1159 /* 1160 * Process only the control protocol queue until we have at 1161 * least one NCP open. 1162 * 1163 * Do always serve all three queues in Cisco mode. 1164 */ 1165 IF_DEQUEUE(&sp->pp_cpq, m); 1166 if (m == NULL && 1167 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO)) { 1168 IF_DEQUEUE(&sp->pp_fastq, m); 1169 if (m == NULL) 1170 IF_DEQUEUE (&sp->pp_if.if_snd, m); 1171 } 1172 SPPP_UNLOCK(sp); 1173 splx(s); 1174 return m; 1175} 1176 1177/* 1178 * Pick the next packet, do not remove it from the queue. 1179 */ 1180struct mbuf * 1181sppp_pick(struct ifnet *ifp) 1182{ 1183 struct sppp *sp = (struct sppp*)ifp; 1184 struct mbuf *m; 1185 int s; 1186 1187 s = splimp (); 1188 SPPP_LOCK(sp); 1189 1190 m = sp->pp_cpq.ifq_head; 1191 if (m == NULL && 1192 (sp->pp_phase == PHASE_NETWORK || 1193 sp->pp_mode == IFF_CISCO)) 1194 if ((m = sp->pp_fastq.ifq_head) == NULL) 1195 m = sp->pp_if.if_snd.ifq_head; 1196 SPPP_UNLOCK(sp); 1197 splx (s); 1198 return (m); 1199} 1200 1201/* 1202 * Process an ioctl request. Called on low priority level. 1203 */ 1204int 1205sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1206{ 1207 struct ifreq *ifr = (struct ifreq*) data; 1208 struct sppp *sp = (struct sppp*) ifp; 1209 int s, rv, going_up, going_down, newmode; 1210 1211 s = splimp(); 1212 SPPP_LOCK(sp); 1213 rv = 0; 1214 switch (cmd) { 1215 case SIOCAIFADDR: 1216 case SIOCSIFDSTADDR: 1217 break; 1218 1219 case SIOCSIFADDR: 1220 /* set the interface "up" when assigning an IP address */ 1221 ifp->if_flags |= IFF_UP; 1222 /* FALLTHROUGH */ 1223 1224 case SIOCSIFFLAGS: 1225 going_up = ifp->if_flags & IFF_UP && 1226 (ifp->if_flags & IFF_RUNNING) == 0; 1227 going_down = (ifp->if_flags & IFF_UP) == 0 && 1228 ifp->if_flags & IFF_RUNNING; 1229 1230 newmode = ifp->if_flags & IFF_PASSIVE; 1231 if (!newmode) 1232 newmode = ifp->if_flags & IFF_AUTO; 1233 if (!newmode) 1234 newmode = ifp->if_flags & IFF_CISCO; 1235 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1236 ifp->if_flags |= newmode; 1237 1238 if (newmode != sp->pp_mode) { 1239 going_down = 1; 1240 if (!going_up) 1241 going_up = ifp->if_flags & IFF_RUNNING; 1242 } 1243 1244 if (going_down) { 1245 if (sp->pp_mode != IFF_CISCO) 1246 lcp.Close(sp); 1247 else if (sp->pp_tlf) 1248 (sp->pp_tlf)(sp); 1249 sppp_flush_unlocked(ifp); 1250 ifp->if_flags &= ~IFF_RUNNING; 1251 sp->pp_mode = newmode; 1252 } 1253 1254 if (going_up) { 1255 if (sp->pp_mode != IFF_CISCO) 1256 lcp.Close(sp); 1257 sp->pp_mode = newmode; 1258 if (sp->pp_mode == 0) { 1259 ifp->if_flags |= IFF_RUNNING; 1260 lcp.Open(sp); 1261 } 1262 if (sp->pp_mode == IFF_CISCO) { 1263 if (sp->pp_tls) 1264 (sp->pp_tls)(sp); 1265 ifp->if_flags |= IFF_RUNNING; 1266 } 1267 } 1268 1269 break; 1270 1271#ifdef SIOCSIFMTU 1272#ifndef ifr_mtu 1273#define ifr_mtu ifr_metric 1274#endif 1275 case SIOCSIFMTU: 1276 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1277 return (EINVAL); 1278 ifp->if_mtu = ifr->ifr_mtu; 1279 break; 1280#endif 1281#ifdef SLIOCSETMTU 1282 case SLIOCSETMTU: 1283 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1284 return (EINVAL); 1285 ifp->if_mtu = *(short*)data; 1286 break; 1287#endif 1288#ifdef SIOCGIFMTU 1289 case SIOCGIFMTU: 1290 ifr->ifr_mtu = ifp->if_mtu; 1291 break; 1292#endif 1293#ifdef SLIOCGETMTU 1294 case SLIOCGETMTU: 1295 *(short*)data = ifp->if_mtu; 1296 break; 1297#endif 1298 case SIOCADDMULTI: 1299 case SIOCDELMULTI: 1300 break; 1301 1302 case SIOCGIFGENERIC: 1303 case SIOCSIFGENERIC: 1304 rv = sppp_params(sp, cmd, data); 1305 break; 1306 1307 default: 1308 rv = ENOTTY; 1309 } 1310 SPPP_UNLOCK(sp); 1311 splx(s); 1312 return rv; 1313} 1314 1315/* 1316 * Cisco framing implementation. 1317 */ 1318 1319/* 1320 * Handle incoming Cisco keepalive protocol packets. 1321 */ 1322static void 1323sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1324{ 1325 STDDCL; 1326 struct cisco_packet *h; 1327 u_long me, mymask; 1328 1329 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1330 if (debug) 1331 log(LOG_DEBUG, 1332 SPP_FMT "cisco invalid packet length: %d bytes\n", 1333 SPP_ARGS(ifp), m->m_pkthdr.len); 1334 return; 1335 } 1336 h = mtod (m, struct cisco_packet*); 1337 if (debug) 1338 log(LOG_DEBUG, 1339 SPP_FMT "cisco input: %d bytes " 1340 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1341 SPP_ARGS(ifp), m->m_pkthdr.len, 1342 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1343 (u_int)h->time0, (u_int)h->time1); 1344 switch (ntohl (h->type)) { 1345 default: 1346 if (debug) 1347 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1348 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1349 break; 1350 case CISCO_ADDR_REPLY: 1351 /* Reply on address request, ignore */ 1352 break; 1353 case CISCO_KEEPALIVE_REQ: 1354 sp->pp_alivecnt = 0; 1355 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1356 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1357 /* Local and remote sequence numbers are equal. 1358 * Probably, the line is in loopback mode. */ 1359 if (sp->pp_loopcnt >= MAXALIVECNT) { 1360 printf (SPP_FMT "loopback\n", 1361 SPP_ARGS(ifp)); 1362 sp->pp_loopcnt = 0; 1363 if (ifp->if_flags & IFF_UP) { 1364 if_down (ifp); 1365 sppp_qflush (&sp->pp_cpq); 1366 } 1367 } 1368 ++sp->pp_loopcnt; 1369 1370 /* Generate new local sequence number */ 1371#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1372 sp->pp_seq[IDX_LCP] = random(); 1373#else 1374 sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec; 1375#endif 1376 break; 1377 } 1378 sp->pp_loopcnt = 0; 1379 if (! (ifp->if_flags & IFF_UP) && 1380 (ifp->if_flags & IFF_RUNNING)) { 1381 if_up(ifp); 1382 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1383 } 1384 break; 1385 case CISCO_ADDR_REQ: 1386 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1387 if (me != 0L) 1388 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1389 break; 1390 } 1391} 1392 1393/* 1394 * Send Cisco keepalive packet. 1395 */ 1396static void 1397sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1398{ 1399 STDDCL; 1400 struct ppp_header *h; 1401 struct cisco_packet *ch; 1402 struct mbuf *m; 1403 struct timeval tv; 1404 1405 getmicrouptime(&tv); 1406 1407 MGETHDR (m, M_DONTWAIT, MT_DATA); 1408 if (! m) 1409 return; 1410 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1411 m->m_pkthdr.rcvif = 0; 1412 1413 h = mtod (m, struct ppp_header*); 1414 h->address = CISCO_MULTICAST; 1415 h->control = 0; 1416 h->protocol = htons (CISCO_KEEPALIVE); 1417 1418 ch = (struct cisco_packet*) (h + 1); 1419 ch->type = htonl (type); 1420 ch->par1 = htonl (par1); 1421 ch->par2 = htonl (par2); 1422 ch->rel = -1; 1423 1424 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1425 ch->time1 = htons ((u_short) tv.tv_sec); 1426 1427 if (debug) 1428 log(LOG_DEBUG, 1429 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1430 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1431 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1432 1433 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1434 ifp->if_oerrors++; 1435} 1436 1437/* 1438 * PPP protocol implementation. 1439 */ 1440 1441/* 1442 * Send PPP control protocol packet. 1443 */ 1444static void 1445sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1446 u_char ident, u_short len, void *data) 1447{ 1448 STDDCL; 1449 struct ppp_header *h; 1450 struct lcp_header *lh; 1451 struct mbuf *m; 1452 1453 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1454 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1455 MGETHDR (m, M_DONTWAIT, MT_DATA); 1456 if (! m) 1457 return; 1458 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1459 m->m_pkthdr.rcvif = 0; 1460 1461 h = mtod (m, struct ppp_header*); 1462 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1463 h->control = PPP_UI; /* Unnumbered Info */ 1464 h->protocol = htons (proto); /* Link Control Protocol */ 1465 1466 lh = (struct lcp_header*) (h + 1); 1467 lh->type = type; 1468 lh->ident = ident; 1469 lh->len = htons (LCP_HEADER_LEN + len); 1470 if (len) 1471 bcopy (data, lh+1, len); 1472 1473 if (debug) { 1474 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1475 SPP_ARGS(ifp), 1476 sppp_proto_name(proto), 1477 sppp_cp_type_name (lh->type), lh->ident, 1478 ntohs (lh->len)); 1479 sppp_print_bytes ((u_char*) (lh+1), len); 1480 log(-1, ">\n"); 1481 } 1482 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1483 ifp->if_oerrors++; 1484} 1485 1486/* 1487 * Handle incoming PPP control protocol packets. 1488 */ 1489static void 1490sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1491{ 1492 STDDCL; 1493 struct lcp_header *h; 1494 int len = m->m_pkthdr.len; 1495 int rv; 1496 u_char *p; 1497 1498 if (len < 4) { 1499 if (debug) 1500 log(LOG_DEBUG, 1501 SPP_FMT "%s invalid packet length: %d bytes\n", 1502 SPP_ARGS(ifp), cp->name, len); 1503 return; 1504 } 1505 h = mtod (m, struct lcp_header*); 1506 if (debug) { 1507 log(LOG_DEBUG, 1508 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1509 SPP_ARGS(ifp), cp->name, 1510 sppp_state_name(sp->state[cp->protoidx]), 1511 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1512 sppp_print_bytes ((u_char*) (h+1), len-4); 1513 log(-1, ">\n"); 1514 } 1515 if (len > ntohs (h->len)) 1516 len = ntohs (h->len); 1517 p = (u_char *)(h + 1); 1518 switch (h->type) { 1519 case CONF_REQ: 1520 if (len < 4) { 1521 if (debug) 1522 log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1523 SPP_ARGS(ifp), cp->name, 1524 len); 1525 ++ifp->if_ierrors; 1526 break; 1527 } 1528 /* handle states where RCR doesn't get a SCA/SCN */ 1529 switch (sp->state[cp->protoidx]) { 1530 case STATE_CLOSING: 1531 case STATE_STOPPING: 1532 return; 1533 case STATE_CLOSED: 1534 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1535 0, 0); 1536 return; 1537 } 1538 rv = (cp->RCR)(sp, h, len); 1539 switch (sp->state[cp->protoidx]) { 1540 case STATE_OPENED: 1541 (cp->tld)(sp); 1542 (cp->scr)(sp); 1543 /* FALLTHROUGH */ 1544 case STATE_ACK_SENT: 1545 case STATE_REQ_SENT: 1546 /* 1547 * sppp_cp_change_state() have the side effect of 1548 * restarting the timeouts. We want to avoid that 1549 * if the state don't change, otherwise we won't 1550 * ever timeout and resend a configuration request 1551 * that got lost. 1552 */ 1553 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1554 STATE_REQ_SENT)) 1555 break; 1556 sppp_cp_change_state(cp, sp, rv? 1557 STATE_ACK_SENT: STATE_REQ_SENT); 1558 break; 1559 case STATE_STOPPED: 1560 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1561 (cp->scr)(sp); 1562 sppp_cp_change_state(cp, sp, rv? 1563 STATE_ACK_SENT: STATE_REQ_SENT); 1564 break; 1565 case STATE_ACK_RCVD: 1566 if (rv) { 1567 sppp_cp_change_state(cp, sp, STATE_OPENED); 1568 if (debug) 1569 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1570 SPP_ARGS(ifp), 1571 cp->name); 1572 (cp->tlu)(sp); 1573 } else 1574 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1575 break; 1576 default: 1577 printf(SPP_FMT "%s illegal %s in state %s\n", 1578 SPP_ARGS(ifp), cp->name, 1579 sppp_cp_type_name(h->type), 1580 sppp_state_name(sp->state[cp->protoidx])); 1581 ++ifp->if_ierrors; 1582 } 1583 break; 1584 case CONF_ACK: 1585 if (h->ident != sp->confid[cp->protoidx]) { 1586 if (debug) 1587 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1588 SPP_ARGS(ifp), cp->name, 1589 h->ident, sp->confid[cp->protoidx]); 1590 ++ifp->if_ierrors; 1591 break; 1592 } 1593 switch (sp->state[cp->protoidx]) { 1594 case STATE_CLOSED: 1595 case STATE_STOPPED: 1596 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1597 break; 1598 case STATE_CLOSING: 1599 case STATE_STOPPING: 1600 break; 1601 case STATE_REQ_SENT: 1602 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1603 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1604 break; 1605 case STATE_OPENED: 1606 (cp->tld)(sp); 1607 /* FALLTHROUGH */ 1608 case STATE_ACK_RCVD: 1609 (cp->scr)(sp); 1610 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1611 break; 1612 case STATE_ACK_SENT: 1613 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1614 sppp_cp_change_state(cp, sp, STATE_OPENED); 1615 if (debug) 1616 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1617 SPP_ARGS(ifp), cp->name); 1618 (cp->tlu)(sp); 1619 break; 1620 default: 1621 printf(SPP_FMT "%s illegal %s in state %s\n", 1622 SPP_ARGS(ifp), cp->name, 1623 sppp_cp_type_name(h->type), 1624 sppp_state_name(sp->state[cp->protoidx])); 1625 ++ifp->if_ierrors; 1626 } 1627 break; 1628 case CONF_NAK: 1629 case CONF_REJ: 1630 if (h->ident != sp->confid[cp->protoidx]) { 1631 if (debug) 1632 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1633 SPP_ARGS(ifp), cp->name, 1634 h->ident, sp->confid[cp->protoidx]); 1635 ++ifp->if_ierrors; 1636 break; 1637 } 1638 if (h->type == CONF_NAK) 1639 (cp->RCN_nak)(sp, h, len); 1640 else /* CONF_REJ */ 1641 (cp->RCN_rej)(sp, h, len); 1642 1643 switch (sp->state[cp->protoidx]) { 1644 case STATE_CLOSED: 1645 case STATE_STOPPED: 1646 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1647 break; 1648 case STATE_REQ_SENT: 1649 case STATE_ACK_SENT: 1650 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1651 /* 1652 * Slow things down a bit if we think we might be 1653 * in loopback. Depend on the timeout to send the 1654 * next configuration request. 1655 */ 1656 if (sp->pp_loopcnt) 1657 break; 1658 (cp->scr)(sp); 1659 break; 1660 case STATE_OPENED: 1661 (cp->tld)(sp); 1662 /* FALLTHROUGH */ 1663 case STATE_ACK_RCVD: 1664 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1665 (cp->scr)(sp); 1666 break; 1667 case STATE_CLOSING: 1668 case STATE_STOPPING: 1669 break; 1670 default: 1671 printf(SPP_FMT "%s illegal %s in state %s\n", 1672 SPP_ARGS(ifp), cp->name, 1673 sppp_cp_type_name(h->type), 1674 sppp_state_name(sp->state[cp->protoidx])); 1675 ++ifp->if_ierrors; 1676 } 1677 break; 1678 1679 case TERM_REQ: 1680 switch (sp->state[cp->protoidx]) { 1681 case STATE_ACK_RCVD: 1682 case STATE_ACK_SENT: 1683 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1684 /* FALLTHROUGH */ 1685 case STATE_CLOSED: 1686 case STATE_STOPPED: 1687 case STATE_CLOSING: 1688 case STATE_STOPPING: 1689 case STATE_REQ_SENT: 1690 sta: 1691 /* Send Terminate-Ack packet. */ 1692 if (debug) 1693 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1694 SPP_ARGS(ifp), cp->name); 1695 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1696 break; 1697 case STATE_OPENED: 1698 (cp->tld)(sp); 1699 sp->rst_counter[cp->protoidx] = 0; 1700 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1701 goto sta; 1702 break; 1703 default: 1704 printf(SPP_FMT "%s illegal %s in state %s\n", 1705 SPP_ARGS(ifp), cp->name, 1706 sppp_cp_type_name(h->type), 1707 sppp_state_name(sp->state[cp->protoidx])); 1708 ++ifp->if_ierrors; 1709 } 1710 break; 1711 case TERM_ACK: 1712 switch (sp->state[cp->protoidx]) { 1713 case STATE_CLOSED: 1714 case STATE_STOPPED: 1715 case STATE_REQ_SENT: 1716 case STATE_ACK_SENT: 1717 break; 1718 case STATE_CLOSING: 1719 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1720 (cp->tlf)(sp); 1721 break; 1722 case STATE_STOPPING: 1723 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1724 (cp->tlf)(sp); 1725 break; 1726 case STATE_ACK_RCVD: 1727 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1728 break; 1729 case STATE_OPENED: 1730 (cp->tld)(sp); 1731 (cp->scr)(sp); 1732 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1733 break; 1734 default: 1735 printf(SPP_FMT "%s illegal %s in state %s\n", 1736 SPP_ARGS(ifp), cp->name, 1737 sppp_cp_type_name(h->type), 1738 sppp_state_name(sp->state[cp->protoidx])); 1739 ++ifp->if_ierrors; 1740 } 1741 break; 1742 case CODE_REJ: 1743 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1744 log(LOG_INFO, 1745 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1746 "danger will robinson\n", 1747 SPP_ARGS(ifp), cp->name, 1748 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1749 switch (sp->state[cp->protoidx]) { 1750 case STATE_CLOSED: 1751 case STATE_STOPPED: 1752 case STATE_REQ_SENT: 1753 case STATE_ACK_SENT: 1754 case STATE_CLOSING: 1755 case STATE_STOPPING: 1756 case STATE_OPENED: 1757 break; 1758 case STATE_ACK_RCVD: 1759 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1760 break; 1761 default: 1762 printf(SPP_FMT "%s illegal %s in state %s\n", 1763 SPP_ARGS(ifp), cp->name, 1764 sppp_cp_type_name(h->type), 1765 sppp_state_name(sp->state[cp->protoidx])); 1766 ++ifp->if_ierrors; 1767 } 1768 break; 1769 case PROTO_REJ: 1770 { 1771 int catastrophic; 1772 const struct cp *upper; 1773 int i; 1774 u_int16_t proto; 1775 1776 catastrophic = 0; 1777 upper = NULL; 1778 proto = ntohs(*((u_int16_t *)p)); 1779 for (i = 0; i < IDX_COUNT; i++) { 1780 if (cps[i]->proto == proto) { 1781 upper = cps[i]; 1782 break; 1783 } 1784 } 1785 if (upper == NULL) 1786 catastrophic++; 1787 1788 if (catastrophic || debug) 1789 log(catastrophic? LOG_INFO: LOG_DEBUG, 1790 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1791 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1792 sppp_cp_type_name(h->type), proto, 1793 upper ? upper->name : "unknown", 1794 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1795 1796 /* 1797 * if we got RXJ+ against conf-req, the peer does not implement 1798 * this particular protocol type. terminate the protocol. 1799 */ 1800 if (upper && !catastrophic) { 1801 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1802 upper->Close(sp); 1803 break; 1804 } 1805 } 1806 1807 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1808 switch (sp->state[cp->protoidx]) { 1809 case STATE_CLOSED: 1810 case STATE_STOPPED: 1811 case STATE_REQ_SENT: 1812 case STATE_ACK_SENT: 1813 case STATE_CLOSING: 1814 case STATE_STOPPING: 1815 case STATE_OPENED: 1816 break; 1817 case STATE_ACK_RCVD: 1818 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1819 break; 1820 default: 1821 printf(SPP_FMT "%s illegal %s in state %s\n", 1822 SPP_ARGS(ifp), cp->name, 1823 sppp_cp_type_name(h->type), 1824 sppp_state_name(sp->state[cp->protoidx])); 1825 ++ifp->if_ierrors; 1826 } 1827 break; 1828 } 1829 case DISC_REQ: 1830 if (cp->proto != PPP_LCP) 1831 goto illegal; 1832 /* Discard the packet. */ 1833 break; 1834 case ECHO_REQ: 1835 if (cp->proto != PPP_LCP) 1836 goto illegal; 1837 if (sp->state[cp->protoidx] != STATE_OPENED) { 1838 if (debug) 1839 log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1840 SPP_ARGS(ifp)); 1841 ++ifp->if_ierrors; 1842 break; 1843 } 1844 if (len < 8) { 1845 if (debug) 1846 log(-1, SPP_FMT "invalid lcp echo request " 1847 "packet length: %d bytes\n", 1848 SPP_ARGS(ifp), len); 1849 break; 1850 } 1851 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1852 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1853 /* Line loopback mode detected. */ 1854 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1855 sp->pp_loopcnt = MAXALIVECNT * 5; 1856 if_down (ifp); 1857 sppp_qflush (&sp->pp_cpq); 1858 1859 /* Shut down the PPP link. */ 1860 /* XXX */ 1861 lcp.Down(sp); 1862 lcp.Up(sp); 1863 break; 1864 } 1865 *(long*)(h+1) = htonl (sp->lcp.magic); 1866 if (debug) 1867 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1868 SPP_ARGS(ifp)); 1869 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1870 break; 1871 case ECHO_REPLY: 1872 if (cp->proto != PPP_LCP) 1873 goto illegal; 1874 if (h->ident != sp->lcp.echoid) { 1875 ++ifp->if_ierrors; 1876 break; 1877 } 1878 if (len < 8) { 1879 if (debug) 1880 log(-1, SPP_FMT "lcp invalid echo reply " 1881 "packet length: %d bytes\n", 1882 SPP_ARGS(ifp), len); 1883 break; 1884 } 1885 if (debug) 1886 log(-1, SPP_FMT "lcp got echo rep\n", 1887 SPP_ARGS(ifp)); 1888 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1889 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1890 sp->pp_alivecnt = 0; 1891 break; 1892 default: 1893 /* Unknown packet type -- send Code-Reject packet. */ 1894 illegal: 1895 if (debug) 1896 log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1897 SPP_ARGS(ifp), cp->name, h->type); 1898 sppp_cp_send(sp, cp->proto, CODE_REJ, 1899 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1900 ++ifp->if_ierrors; 1901 } 1902} 1903 1904 1905/* 1906 * The generic part of all Up/Down/Open/Close/TO event handlers. 1907 * Basically, the state transition handling in the automaton. 1908 */ 1909static void 1910sppp_up_event(const struct cp *cp, struct sppp *sp) 1911{ 1912 STDDCL; 1913 1914 if (debug) 1915 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1916 SPP_ARGS(ifp), cp->name, 1917 sppp_state_name(sp->state[cp->protoidx])); 1918 1919 switch (sp->state[cp->protoidx]) { 1920 case STATE_INITIAL: 1921 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1922 break; 1923 case STATE_STARTING: 1924 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1925 (cp->scr)(sp); 1926 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1927 break; 1928 default: 1929 printf(SPP_FMT "%s illegal up in state %s\n", 1930 SPP_ARGS(ifp), cp->name, 1931 sppp_state_name(sp->state[cp->protoidx])); 1932 } 1933} 1934 1935static void 1936sppp_down_event(const struct cp *cp, struct sppp *sp) 1937{ 1938 STDDCL; 1939 1940 if (debug) 1941 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1942 SPP_ARGS(ifp), cp->name, 1943 sppp_state_name(sp->state[cp->protoidx])); 1944 1945 switch (sp->state[cp->protoidx]) { 1946 case STATE_CLOSED: 1947 case STATE_CLOSING: 1948 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1949 break; 1950 case STATE_STOPPED: 1951 sppp_cp_change_state(cp, sp, STATE_STARTING); 1952 (cp->tls)(sp); 1953 break; 1954 case STATE_STOPPING: 1955 case STATE_REQ_SENT: 1956 case STATE_ACK_RCVD: 1957 case STATE_ACK_SENT: 1958 sppp_cp_change_state(cp, sp, STATE_STARTING); 1959 break; 1960 case STATE_OPENED: 1961 (cp->tld)(sp); 1962 sppp_cp_change_state(cp, sp, STATE_STARTING); 1963 break; 1964 default: 1965 printf(SPP_FMT "%s illegal down in state %s\n", 1966 SPP_ARGS(ifp), cp->name, 1967 sppp_state_name(sp->state[cp->protoidx])); 1968 } 1969} 1970 1971 1972static void 1973sppp_open_event(const struct cp *cp, struct sppp *sp) 1974{ 1975 STDDCL; 1976 1977 if (debug) 1978 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1979 SPP_ARGS(ifp), cp->name, 1980 sppp_state_name(sp->state[cp->protoidx])); 1981 1982 switch (sp->state[cp->protoidx]) { 1983 case STATE_INITIAL: 1984 sppp_cp_change_state(cp, sp, STATE_STARTING); 1985 (cp->tls)(sp); 1986 break; 1987 case STATE_STARTING: 1988 break; 1989 case STATE_CLOSED: 1990 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1991 (cp->scr)(sp); 1992 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1993 break; 1994 case STATE_STOPPED: 1995 /* 1996 * Try escaping stopped state. This seems to bite 1997 * people occasionally, in particular for IPCP, 1998 * presumably following previous IPCP negotiation 1999 * aborts. Somehow, we must have missed a Down event 2000 * which would have caused a transition into starting 2001 * state, so as a bandaid we force the Down event now. 2002 * This effectively implements (something like the) 2003 * `restart' option mentioned in the state transition 2004 * table of RFC 1661. 2005 */ 2006 sppp_cp_change_state(cp, sp, STATE_STARTING); 2007 (cp->tls)(sp); 2008 break; 2009 case STATE_STOPPING: 2010 case STATE_REQ_SENT: 2011 case STATE_ACK_RCVD: 2012 case STATE_ACK_SENT: 2013 case STATE_OPENED: 2014 break; 2015 case STATE_CLOSING: 2016 sppp_cp_change_state(cp, sp, STATE_STOPPING); 2017 break; 2018 } 2019} 2020 2021 2022static void 2023sppp_close_event(const struct cp *cp, struct sppp *sp) 2024{ 2025 STDDCL; 2026 2027 if (debug) 2028 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 2029 SPP_ARGS(ifp), cp->name, 2030 sppp_state_name(sp->state[cp->protoidx])); 2031 2032 switch (sp->state[cp->protoidx]) { 2033 case STATE_INITIAL: 2034 case STATE_CLOSED: 2035 case STATE_CLOSING: 2036 break; 2037 case STATE_STARTING: 2038 sppp_cp_change_state(cp, sp, STATE_INITIAL); 2039 (cp->tlf)(sp); 2040 break; 2041 case STATE_STOPPED: 2042 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2043 break; 2044 case STATE_STOPPING: 2045 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2046 break; 2047 case STATE_OPENED: 2048 (cp->tld)(sp); 2049 /* FALLTHROUGH */ 2050 case STATE_REQ_SENT: 2051 case STATE_ACK_RCVD: 2052 case STATE_ACK_SENT: 2053 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 2054 sppp_cp_send(sp, cp->proto, TERM_REQ, 2055 ++sp->pp_seq[cp->protoidx], 0, 0); 2056 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2057 break; 2058 } 2059} 2060 2061static void 2062sppp_to_event(const struct cp *cp, struct sppp *sp) 2063{ 2064 STDDCL; 2065 int s; 2066 2067 s = splimp(); 2068 SPPP_LOCK(sp); 2069 if (debug) 2070 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 2071 SPP_ARGS(ifp), cp->name, 2072 sppp_state_name(sp->state[cp->protoidx]), 2073 sp->rst_counter[cp->protoidx]); 2074 2075 if (--sp->rst_counter[cp->protoidx] < 0) 2076 /* TO- event */ 2077 switch (sp->state[cp->protoidx]) { 2078 case STATE_CLOSING: 2079 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2080 (cp->tlf)(sp); 2081 break; 2082 case STATE_STOPPING: 2083 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2084 (cp->tlf)(sp); 2085 break; 2086 case STATE_REQ_SENT: 2087 case STATE_ACK_RCVD: 2088 case STATE_ACK_SENT: 2089 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2090 (cp->tlf)(sp); 2091 break; 2092 } 2093 else 2094 /* TO+ event */ 2095 switch (sp->state[cp->protoidx]) { 2096 case STATE_CLOSING: 2097 case STATE_STOPPING: 2098 sppp_cp_send(sp, cp->proto, TERM_REQ, 2099 ++sp->pp_seq[cp->protoidx], 0, 0); 2100 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2101 cp->TO, (void *)sp); 2102 break; 2103 case STATE_REQ_SENT: 2104 case STATE_ACK_RCVD: 2105 (cp->scr)(sp); 2106 /* sppp_cp_change_state() will restart the timer */ 2107 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2108 break; 2109 case STATE_ACK_SENT: 2110 (cp->scr)(sp); 2111 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2112 cp->TO, (void *)sp); 2113 break; 2114 } 2115 2116 SPPP_UNLOCK(sp); 2117 splx(s); 2118} 2119 2120/* 2121 * Change the state of a control protocol in the state automaton. 2122 * Takes care of starting/stopping the restart timer. 2123 */ 2124static void 2125sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2126{ 2127 sp->state[cp->protoidx] = newstate; 2128 2129 callout_stop (&sp->ch[cp->protoidx]); 2130 2131 switch (newstate) { 2132 case STATE_INITIAL: 2133 case STATE_STARTING: 2134 case STATE_CLOSED: 2135 case STATE_STOPPED: 2136 case STATE_OPENED: 2137 break; 2138 case STATE_CLOSING: 2139 case STATE_STOPPING: 2140 case STATE_REQ_SENT: 2141 case STATE_ACK_RCVD: 2142 case STATE_ACK_SENT: 2143 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2144 cp->TO, (void *)sp); 2145 break; 2146 } 2147} 2148 2149/* 2150 *--------------------------------------------------------------------------* 2151 * * 2152 * The LCP implementation. * 2153 * * 2154 *--------------------------------------------------------------------------* 2155 */ 2156static void 2157sppp_pp_up(struct sppp *sp) 2158{ 2159 SPPP_LOCK(sp); 2160 lcp.Up(sp); 2161 SPPP_UNLOCK(sp); 2162} 2163 2164static void 2165sppp_pp_down(struct sppp *sp) 2166{ 2167 SPPP_LOCK(sp); 2168 lcp.Down(sp); 2169 SPPP_UNLOCK(sp); 2170} 2171 2172static void 2173sppp_lcp_init(struct sppp *sp) 2174{ 2175 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2176 sp->lcp.magic = 0; 2177 sp->state[IDX_LCP] = STATE_INITIAL; 2178 sp->fail_counter[IDX_LCP] = 0; 2179 sp->pp_seq[IDX_LCP] = 0; 2180 sp->pp_rseq[IDX_LCP] = 0; 2181 sp->lcp.protos = 0; 2182 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2183 2184 /* Note that these values are relevant for all control protocols */ 2185 sp->lcp.timeout = 3 * hz; 2186 sp->lcp.max_terminate = 2; 2187 sp->lcp.max_configure = 10; 2188 sp->lcp.max_failure = 10; 2189 callout_init(&sp->ch[IDX_LCP], 2190 (sp->pp_if.if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 2191} 2192 2193static void 2194sppp_lcp_up(struct sppp *sp) 2195{ 2196 STDDCL; 2197 2198 sp->pp_alivecnt = 0; 2199 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2200 sp->lcp.magic = 0; 2201 sp->lcp.protos = 0; 2202 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2203 /* 2204 * If we are authenticator, negotiate LCP_AUTH 2205 */ 2206 if (sp->hisauth.proto != 0) 2207 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2208 else 2209 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2210 sp->pp_flags &= ~PP_NEEDAUTH; 2211 /* 2212 * If this interface is passive or dial-on-demand, and we are 2213 * still in Initial state, it means we've got an incoming 2214 * call. Activate the interface. 2215 */ 2216 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2217 if (debug) 2218 log(LOG_DEBUG, 2219 SPP_FMT "Up event", SPP_ARGS(ifp)); 2220 ifp->if_flags |= IFF_RUNNING; 2221 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2222 if (debug) 2223 log(-1, "(incoming call)\n"); 2224 sp->pp_flags |= PP_CALLIN; 2225 lcp.Open(sp); 2226 } else if (debug) 2227 log(-1, "\n"); 2228 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2229 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2230 ifp->if_flags |= IFF_RUNNING; 2231 lcp.Open(sp); 2232 } 2233 2234 sppp_up_event(&lcp, sp); 2235} 2236 2237static void 2238sppp_lcp_down(struct sppp *sp) 2239{ 2240 STDDCL; 2241 2242 sppp_down_event(&lcp, sp); 2243 2244 /* 2245 * If this is neither a dial-on-demand nor a passive 2246 * interface, simulate an ``ifconfig down'' action, so the 2247 * administrator can force a redial by another ``ifconfig 2248 * up''. XXX For leased line operation, should we immediately 2249 * try to reopen the connection here? 2250 */ 2251 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2252 log(LOG_INFO, 2253 SPP_FMT "Down event, taking interface down.\n", 2254 SPP_ARGS(ifp)); 2255 if_down(ifp); 2256 } else { 2257 if (debug) 2258 log(LOG_DEBUG, 2259 SPP_FMT "Down event (carrier loss)\n", 2260 SPP_ARGS(ifp)); 2261 sp->pp_flags &= ~PP_CALLIN; 2262 if (sp->state[IDX_LCP] != STATE_INITIAL) 2263 lcp.Close(sp); 2264 ifp->if_flags &= ~IFF_RUNNING; 2265 } 2266} 2267 2268static void 2269sppp_lcp_open(struct sppp *sp) 2270{ 2271 sppp_open_event(&lcp, sp); 2272} 2273 2274static void 2275sppp_lcp_close(struct sppp *sp) 2276{ 2277 sppp_close_event(&lcp, sp); 2278} 2279 2280static void 2281sppp_lcp_TO(void *cookie) 2282{ 2283 sppp_to_event(&lcp, (struct sppp *)cookie); 2284} 2285 2286/* 2287 * Analyze a configure request. Return true if it was agreeable, and 2288 * caused action sca, false if it has been rejected or nak'ed, and 2289 * caused action scn. (The return value is used to make the state 2290 * transition decision in the state automaton.) 2291 */ 2292static int 2293sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2294{ 2295 STDDCL; 2296 u_char *buf, *r, *p; 2297 int origlen, rlen; 2298 u_long nmagic; 2299 u_short authproto; 2300 2301 len -= 4; 2302 origlen = len; 2303 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2304 if (! buf) 2305 return (0); 2306 2307 if (debug) 2308 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2309 SPP_ARGS(ifp)); 2310 2311 /* pass 1: check for things that need to be rejected */ 2312 p = (void*) (h+1); 2313 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2314 if (debug) 2315 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2316 switch (*p) { 2317 case LCP_OPT_MAGIC: 2318 /* Magic number. */ 2319 if (len >= 6 && p[1] == 6) 2320 continue; 2321 if (debug) 2322 log(-1, "[invalid] "); 2323 break; 2324 case LCP_OPT_ASYNC_MAP: 2325 /* Async control character map. */ 2326 if (len >= 6 && p[1] == 6) 2327 continue; 2328 if (debug) 2329 log(-1, "[invalid] "); 2330 break; 2331 case LCP_OPT_MRU: 2332 /* Maximum receive unit. */ 2333 if (len >= 4 && p[1] == 4) 2334 continue; 2335 if (debug) 2336 log(-1, "[invalid] "); 2337 break; 2338 case LCP_OPT_AUTH_PROTO: 2339 if (len < 4) { 2340 if (debug) 2341 log(-1, "[invalid] "); 2342 break; 2343 } 2344 authproto = (p[2] << 8) + p[3]; 2345 if (authproto == PPP_CHAP && p[1] != 5) { 2346 if (debug) 2347 log(-1, "[invalid chap len] "); 2348 break; 2349 } 2350 if (sp->myauth.proto == 0) { 2351 /* we are not configured to do auth */ 2352 if (debug) 2353 log(-1, "[not configured] "); 2354 break; 2355 } 2356 /* 2357 * Remote want us to authenticate, remember this, 2358 * so we stay in PHASE_AUTHENTICATE after LCP got 2359 * up. 2360 */ 2361 sp->pp_flags |= PP_NEEDAUTH; 2362 continue; 2363 default: 2364 /* Others not supported. */ 2365 if (debug) 2366 log(-1, "[rej] "); 2367 break; 2368 } 2369 /* Add the option to rejected list. */ 2370 bcopy (p, r, p[1]); 2371 r += p[1]; 2372 rlen += p[1]; 2373 } 2374 if (rlen) { 2375 if (debug) 2376 log(-1, " send conf-rej\n"); 2377 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2378 return 0; 2379 } else if (debug) 2380 log(-1, "\n"); 2381 2382 /* 2383 * pass 2: check for option values that are unacceptable and 2384 * thus require to be nak'ed. 2385 */ 2386 if (debug) 2387 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2388 SPP_ARGS(ifp)); 2389 2390 p = (void*) (h+1); 2391 len = origlen; 2392 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2393 if (debug) 2394 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2395 switch (*p) { 2396 case LCP_OPT_MAGIC: 2397 /* Magic number -- extract. */ 2398 nmagic = (u_long)p[2] << 24 | 2399 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2400 if (nmagic != sp->lcp.magic) { 2401 sp->pp_loopcnt = 0; 2402 if (debug) 2403 log(-1, "0x%lx ", nmagic); 2404 continue; 2405 } 2406 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2407 log(-1, "[glitch] "); 2408 ++sp->pp_loopcnt; 2409 /* 2410 * We negate our magic here, and NAK it. If 2411 * we see it later in an NAK packet, we 2412 * suggest a new one. 2413 */ 2414 nmagic = ~sp->lcp.magic; 2415 /* Gonna NAK it. */ 2416 p[2] = nmagic >> 24; 2417 p[3] = nmagic >> 16; 2418 p[4] = nmagic >> 8; 2419 p[5] = nmagic; 2420 break; 2421 2422 case LCP_OPT_ASYNC_MAP: 2423 /* 2424 * Async control character map -- just ignore it. 2425 * 2426 * Quote from RFC 1662, chapter 6: 2427 * To enable this functionality, synchronous PPP 2428 * implementations MUST always respond to the 2429 * Async-Control-Character-Map Configuration 2430 * Option with the LCP Configure-Ack. However, 2431 * acceptance of the Configuration Option does 2432 * not imply that the synchronous implementation 2433 * will do any ACCM mapping. Instead, all such 2434 * octet mapping will be performed by the 2435 * asynchronous-to-synchronous converter. 2436 */ 2437 continue; 2438 2439 case LCP_OPT_MRU: 2440 /* 2441 * Maximum receive unit. Always agreeable, 2442 * but ignored by now. 2443 */ 2444 sp->lcp.their_mru = p[2] * 256 + p[3]; 2445 if (debug) 2446 log(-1, "%lu ", sp->lcp.their_mru); 2447 continue; 2448 2449 case LCP_OPT_AUTH_PROTO: 2450 authproto = (p[2] << 8) + p[3]; 2451 if (sp->myauth.proto != authproto) { 2452 /* not agreed, nak */ 2453 if (debug) 2454 log(-1, "[mine %s != his %s] ", 2455 sppp_proto_name(sp->hisauth.proto), 2456 sppp_proto_name(authproto)); 2457 p[2] = sp->myauth.proto >> 8; 2458 p[3] = sp->myauth.proto; 2459 break; 2460 } 2461 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2462 if (debug) 2463 log(-1, "[chap not MD5] "); 2464 p[4] = CHAP_MD5; 2465 break; 2466 } 2467 continue; 2468 } 2469 /* Add the option to nak'ed list. */ 2470 bcopy (p, r, p[1]); 2471 r += p[1]; 2472 rlen += p[1]; 2473 } 2474 if (rlen) { 2475 /* 2476 * Local and remote magics equal -- loopback? 2477 */ 2478 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2479 if (sp->pp_loopcnt == MAXALIVECNT*5) 2480 printf (SPP_FMT "loopback\n", 2481 SPP_ARGS(ifp)); 2482 if (ifp->if_flags & IFF_UP) { 2483 if_down(ifp); 2484 sppp_qflush(&sp->pp_cpq); 2485 /* XXX ? */ 2486 lcp.Down(sp); 2487 lcp.Up(sp); 2488 } 2489 } else if (!sp->pp_loopcnt && 2490 ++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2491 if (debug) 2492 log(-1, " max_failure (%d) exceeded, " 2493 "send conf-rej\n", 2494 sp->lcp.max_failure); 2495 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2496 } else { 2497 if (debug) 2498 log(-1, " send conf-nak\n"); 2499 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2500 } 2501 } else { 2502 if (debug) 2503 log(-1, " send conf-ack\n"); 2504 sp->fail_counter[IDX_LCP] = 0; 2505 sp->pp_loopcnt = 0; 2506 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2507 h->ident, origlen, h+1); 2508 } 2509 2510 free (buf, M_TEMP); 2511 return (rlen == 0); 2512} 2513 2514/* 2515 * Analyze the LCP Configure-Reject option list, and adjust our 2516 * negotiation. 2517 */ 2518static void 2519sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2520{ 2521 STDDCL; 2522 u_char *buf, *p; 2523 2524 len -= 4; 2525 buf = malloc (len, M_TEMP, M_NOWAIT); 2526 if (!buf) 2527 return; 2528 2529 if (debug) 2530 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2531 SPP_ARGS(ifp)); 2532 2533 p = (void*) (h+1); 2534 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2535 if (debug) 2536 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2537 switch (*p) { 2538 case LCP_OPT_MAGIC: 2539 /* Magic number -- can't use it, use 0 */ 2540 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2541 sp->lcp.magic = 0; 2542 break; 2543 case LCP_OPT_MRU: 2544 /* 2545 * Should not be rejected anyway, since we only 2546 * negotiate a MRU if explicitly requested by 2547 * peer. 2548 */ 2549 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2550 break; 2551 case LCP_OPT_AUTH_PROTO: 2552 /* 2553 * Peer doesn't want to authenticate himself, 2554 * deny unless this is a dialout call, and 2555 * AUTHFLAG_NOCALLOUT is set. 2556 */ 2557 if ((sp->pp_flags & PP_CALLIN) == 0 && 2558 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2559 if (debug) 2560 log(-1, "[don't insist on auth " 2561 "for callout]"); 2562 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2563 break; 2564 } 2565 if (debug) 2566 log(-1, "[access denied]\n"); 2567 lcp.Close(sp); 2568 break; 2569 } 2570 } 2571 if (debug) 2572 log(-1, "\n"); 2573 free (buf, M_TEMP); 2574 return; 2575} 2576 2577/* 2578 * Analyze the LCP Configure-NAK option list, and adjust our 2579 * negotiation. 2580 */ 2581static void 2582sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2583{ 2584 STDDCL; 2585 u_char *buf, *p; 2586 u_long magic; 2587 2588 len -= 4; 2589 buf = malloc (len, M_TEMP, M_NOWAIT); 2590 if (!buf) 2591 return; 2592 2593 if (debug) 2594 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2595 SPP_ARGS(ifp)); 2596 2597 p = (void*) (h+1); 2598 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2599 if (debug) 2600 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2601 switch (*p) { 2602 case LCP_OPT_MAGIC: 2603 /* Magic number -- renegotiate */ 2604 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2605 len >= 6 && p[1] == 6) { 2606 magic = (u_long)p[2] << 24 | 2607 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2608 /* 2609 * If the remote magic is our negated one, 2610 * this looks like a loopback problem. 2611 * Suggest a new magic to make sure. 2612 */ 2613 if (magic == ~sp->lcp.magic) { 2614 if (debug) 2615 log(-1, "magic glitch "); 2616#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2617 sp->lcp.magic = random(); 2618#else 2619 sp->lcp.magic = time.tv_sec + time.tv_usec; 2620#endif 2621 } else { 2622 sp->lcp.magic = magic; 2623 if (debug) 2624 log(-1, "%lu ", magic); 2625 } 2626 } 2627 break; 2628 case LCP_OPT_MRU: 2629 /* 2630 * Peer wants to advise us to negotiate an MRU. 2631 * Agree on it if it's reasonable, or use 2632 * default otherwise. 2633 */ 2634 if (len >= 4 && p[1] == 4) { 2635 u_int mru = p[2] * 256 + p[3]; 2636 if (debug) 2637 log(-1, "%d ", mru); 2638 if (mru < PP_MTU || mru > PP_MAX_MRU) 2639 mru = PP_MTU; 2640 sp->lcp.mru = mru; 2641 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2642 } 2643 break; 2644 case LCP_OPT_AUTH_PROTO: 2645 /* 2646 * Peer doesn't like our authentication method, 2647 * deny. 2648 */ 2649 if (debug) 2650 log(-1, "[access denied]\n"); 2651 lcp.Close(sp); 2652 break; 2653 } 2654 } 2655 if (debug) 2656 log(-1, "\n"); 2657 free (buf, M_TEMP); 2658 return; 2659} 2660 2661static void 2662sppp_lcp_tlu(struct sppp *sp) 2663{ 2664 STDDCL; 2665 int i; 2666 u_long mask; 2667 2668 /* XXX ? */ 2669 if (! (ifp->if_flags & IFF_UP) && 2670 (ifp->if_flags & IFF_RUNNING)) { 2671 /* Coming out of loopback mode. */ 2672 if_up(ifp); 2673 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2674 } 2675 2676 for (i = 0; i < IDX_COUNT; i++) 2677 if ((cps[i])->flags & CP_QUAL) 2678 (cps[i])->Open(sp); 2679 2680 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2681 (sp->pp_flags & PP_NEEDAUTH) != 0) 2682 sp->pp_phase = PHASE_AUTHENTICATE; 2683 else 2684 sp->pp_phase = PHASE_NETWORK; 2685 2686 if (debug) 2687 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2688 sppp_phase_name(sp->pp_phase)); 2689 2690 /* 2691 * Open all authentication protocols. This is even required 2692 * if we already proceeded to network phase, since it might be 2693 * that remote wants us to authenticate, so we might have to 2694 * send a PAP request. Undesired authentication protocols 2695 * don't do anything when they get an Open event. 2696 */ 2697 for (i = 0; i < IDX_COUNT; i++) 2698 if ((cps[i])->flags & CP_AUTH) 2699 (cps[i])->Open(sp); 2700 2701 if (sp->pp_phase == PHASE_NETWORK) { 2702 /* Notify all NCPs. */ 2703 for (i = 0; i < IDX_COUNT; i++) 2704 if (((cps[i])->flags & CP_NCP) && 2705 /* 2706 * XXX 2707 * Hack to administratively disable IPv6 if 2708 * not desired. Perhaps we should have another 2709 * flag for this, but right now, we can make 2710 * all struct cp's read/only. 2711 */ 2712 (cps[i] != &ipv6cp || 2713 (sp->confflags & CONF_ENABLE_IPV6))) 2714 (cps[i])->Open(sp); 2715 } 2716 2717 /* Send Up events to all started protos. */ 2718 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2719 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2720 (cps[i])->Up(sp); 2721 2722 /* notify low-level driver of state change */ 2723 if (sp->pp_chg) 2724 sp->pp_chg(sp, (int)sp->pp_phase); 2725 2726 if (sp->pp_phase == PHASE_NETWORK) 2727 /* if no NCP is starting, close down */ 2728 sppp_lcp_check_and_close(sp); 2729} 2730 2731static void 2732sppp_lcp_tld(struct sppp *sp) 2733{ 2734 STDDCL; 2735 int i; 2736 u_long mask; 2737 2738 sp->pp_phase = PHASE_TERMINATE; 2739 2740 if (debug) 2741 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2742 sppp_phase_name(sp->pp_phase)); 2743 2744 /* 2745 * Take upper layers down. We send the Down event first and 2746 * the Close second to prevent the upper layers from sending 2747 * ``a flurry of terminate-request packets'', as the RFC 2748 * describes it. 2749 */ 2750 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2751 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2752 (cps[i])->Down(sp); 2753 (cps[i])->Close(sp); 2754 } 2755} 2756 2757static void 2758sppp_lcp_tls(struct sppp *sp) 2759{ 2760 STDDCL; 2761 2762 sp->pp_phase = PHASE_ESTABLISH; 2763 2764 if (debug) 2765 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2766 sppp_phase_name(sp->pp_phase)); 2767 2768 /* Notify lower layer if desired. */ 2769 if (sp->pp_tls) 2770 (sp->pp_tls)(sp); 2771 else 2772 (sp->pp_up)(sp); 2773} 2774 2775static void 2776sppp_lcp_tlf(struct sppp *sp) 2777{ 2778 STDDCL; 2779 2780 sp->pp_phase = PHASE_DEAD; 2781 if (debug) 2782 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2783 sppp_phase_name(sp->pp_phase)); 2784 2785 /* Notify lower layer if desired. */ 2786 if (sp->pp_tlf) 2787 (sp->pp_tlf)(sp); 2788 else 2789 (sp->pp_down)(sp); 2790} 2791 2792static void 2793sppp_lcp_scr(struct sppp *sp) 2794{ 2795 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2796 int i = 0; 2797 u_short authproto; 2798 2799 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2800 if (! sp->lcp.magic) 2801#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2802 sp->lcp.magic = random(); 2803#else 2804 sp->lcp.magic = time.tv_sec + time.tv_usec; 2805#endif 2806 opt[i++] = LCP_OPT_MAGIC; 2807 opt[i++] = 6; 2808 opt[i++] = sp->lcp.magic >> 24; 2809 opt[i++] = sp->lcp.magic >> 16; 2810 opt[i++] = sp->lcp.magic >> 8; 2811 opt[i++] = sp->lcp.magic; 2812 } 2813 2814 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2815 opt[i++] = LCP_OPT_MRU; 2816 opt[i++] = 4; 2817 opt[i++] = sp->lcp.mru >> 8; 2818 opt[i++] = sp->lcp.mru; 2819 } 2820 2821 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2822 authproto = sp->hisauth.proto; 2823 opt[i++] = LCP_OPT_AUTH_PROTO; 2824 opt[i++] = authproto == PPP_CHAP? 5: 4; 2825 opt[i++] = authproto >> 8; 2826 opt[i++] = authproto; 2827 if (authproto == PPP_CHAP) 2828 opt[i++] = CHAP_MD5; 2829 } 2830 2831 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2832 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2833} 2834 2835/* 2836 * Check the open NCPs, return true if at least one NCP is open. 2837 */ 2838static int 2839sppp_ncp_check(struct sppp *sp) 2840{ 2841 int i, mask; 2842 2843 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2844 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2845 return 1; 2846 return 0; 2847} 2848 2849/* 2850 * Re-check the open NCPs and see if we should terminate the link. 2851 * Called by the NCPs during their tlf action handling. 2852 */ 2853static void 2854sppp_lcp_check_and_close(struct sppp *sp) 2855{ 2856 2857 if (sp->pp_phase < PHASE_NETWORK) 2858 /* don't bother, we are already going down */ 2859 return; 2860 2861 if (sppp_ncp_check(sp)) 2862 return; 2863 2864 lcp.Close(sp); 2865} 2866 2867/* 2868 *--------------------------------------------------------------------------* 2869 * * 2870 * The IPCP implementation. * 2871 * * 2872 *--------------------------------------------------------------------------* 2873 */ 2874 2875static void 2876sppp_ipcp_init(struct sppp *sp) 2877{ 2878 sp->ipcp.opts = 0; 2879 sp->ipcp.flags = 0; 2880 sp->state[IDX_IPCP] = STATE_INITIAL; 2881 sp->fail_counter[IDX_IPCP] = 0; 2882 sp->pp_seq[IDX_IPCP] = 0; 2883 sp->pp_rseq[IDX_IPCP] = 0; 2884 callout_init(&sp->ch[IDX_IPCP], 2885 (sp->pp_if.if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 2886} 2887 2888static void 2889sppp_ipcp_up(struct sppp *sp) 2890{ 2891 sppp_up_event(&ipcp, sp); 2892} 2893 2894static void 2895sppp_ipcp_down(struct sppp *sp) 2896{ 2897 sppp_down_event(&ipcp, sp); 2898} 2899 2900static void 2901sppp_ipcp_open(struct sppp *sp) 2902{ 2903 STDDCL; 2904 u_long myaddr, hisaddr; 2905 2906 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN | 2907 IPCP_MYADDR_DYN | IPCP_VJ); 2908 sp->ipcp.opts = 0; 2909 2910 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2911 /* 2912 * If we don't have his address, this probably means our 2913 * interface doesn't want to talk IP at all. (This could 2914 * be the case if somebody wants to speak only IPX, for 2915 * example.) Don't open IPCP in this case. 2916 */ 2917 if (hisaddr == 0L) { 2918 /* XXX this message should go away */ 2919 if (debug) 2920 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2921 SPP_ARGS(ifp)); 2922 return; 2923 } 2924 if (myaddr == 0L) { 2925 /* 2926 * I don't have an assigned address, so i need to 2927 * negotiate my address. 2928 */ 2929 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2930 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2931 } else 2932 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2933 if (sp->confflags & CONF_ENABLE_VJ) { 2934 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION); 2935 sp->ipcp.max_state = MAX_STATES - 1; 2936 sp->ipcp.compress_cid = 1; 2937 } 2938 sppp_open_event(&ipcp, sp); 2939} 2940 2941static void 2942sppp_ipcp_close(struct sppp *sp) 2943{ 2944 sppp_close_event(&ipcp, sp); 2945 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2946 /* 2947 * My address was dynamic, clear it again. 2948 */ 2949 sppp_set_ip_addr(sp, 0L); 2950} 2951 2952static void 2953sppp_ipcp_TO(void *cookie) 2954{ 2955 sppp_to_event(&ipcp, (struct sppp *)cookie); 2956} 2957 2958/* 2959 * Analyze a configure request. Return true if it was agreeable, and 2960 * caused action sca, false if it has been rejected or nak'ed, and 2961 * caused action scn. (The return value is used to make the state 2962 * transition decision in the state automaton.) 2963 */ 2964static int 2965sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2966{ 2967 u_char *buf, *r, *p; 2968 struct ifnet *ifp = &sp->pp_if; 2969 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2970 u_long hisaddr, desiredaddr; 2971 int gotmyaddr = 0; 2972 int desiredcomp; 2973 2974 len -= 4; 2975 origlen = len; 2976 /* 2977 * Make sure to allocate a buf that can at least hold a 2978 * conf-nak with an `address' option. We might need it below. 2979 */ 2980 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2981 if (! buf) 2982 return (0); 2983 2984 /* pass 1: see if we can recognize them */ 2985 if (debug) 2986 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2987 SPP_ARGS(ifp)); 2988 p = (void*) (h+1); 2989 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2990 if (debug) 2991 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2992 switch (*p) { 2993 case IPCP_OPT_COMPRESSION: 2994 if (!(sp->confflags & CONF_ENABLE_VJ)) { 2995 /* VJ compression administratively disabled */ 2996 if (debug) 2997 log(-1, "[locally disabled] "); 2998 break; 2999 } 3000 /* 3001 * In theory, we should only conf-rej an 3002 * option that is shorter than RFC 1618 3003 * requires (i.e. < 4), and should conf-nak 3004 * anything else that is not VJ. However, 3005 * since our algorithm always uses the 3006 * original option to NAK it with new values, 3007 * things would become more complicated. In 3008 * pratice, the only commonly implemented IP 3009 * compression option is VJ anyway, so the 3010 * difference is negligible. 3011 */ 3012 if (len >= 6 && p[1] == 6) { 3013 /* 3014 * correctly formed compression option 3015 * that could be VJ compression 3016 */ 3017 continue; 3018 } 3019 if (debug) 3020 log(-1, 3021 "optlen %d [invalid/unsupported] ", 3022 p[1]); 3023 break; 3024 case IPCP_OPT_ADDRESS: 3025 if (len >= 6 && p[1] == 6) { 3026 /* correctly formed address option */ 3027 continue; 3028 } 3029 if (debug) 3030 log(-1, "[invalid] "); 3031 break; 3032 default: 3033 /* Others not supported. */ 3034 if (debug) 3035 log(-1, "[rej] "); 3036 break; 3037 } 3038 /* Add the option to rejected list. */ 3039 bcopy (p, r, p[1]); 3040 r += p[1]; 3041 rlen += p[1]; 3042 } 3043 if (rlen) { 3044 if (debug) 3045 log(-1, " send conf-rej\n"); 3046 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 3047 return 0; 3048 } else if (debug) 3049 log(-1, "\n"); 3050 3051 /* pass 2: parse option values */ 3052 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 3053 if (debug) 3054 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 3055 SPP_ARGS(ifp)); 3056 p = (void*) (h+1); 3057 len = origlen; 3058 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3059 if (debug) 3060 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3061 switch (*p) { 3062 case IPCP_OPT_COMPRESSION: 3063 desiredcomp = p[2] << 8 | p[3]; 3064 /* We only support VJ */ 3065 if (desiredcomp == IPCP_COMP_VJ) { 3066 if (debug) 3067 log(-1, "VJ [ack] "); 3068 sp->ipcp.flags |= IPCP_VJ; 3069 sl_compress_init(sp->pp_comp, p[4]); 3070 sp->ipcp.max_state = p[4]; 3071 sp->ipcp.compress_cid = p[5]; 3072 continue; 3073 } 3074 if (debug) 3075 log(-1, 3076 "compproto %#04x [not supported] ", 3077 desiredcomp); 3078 p[2] = IPCP_COMP_VJ >> 8; 3079 p[3] = IPCP_COMP_VJ; 3080 p[4] = sp->ipcp.max_state; 3081 p[5] = sp->ipcp.compress_cid; 3082 break; 3083 case IPCP_OPT_ADDRESS: 3084 /* This is the address he wants in his end */ 3085 desiredaddr = p[2] << 24 | p[3] << 16 | 3086 p[4] << 8 | p[5]; 3087 if (desiredaddr == hisaddr || 3088 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) { 3089 /* 3090 * Peer's address is same as our value, 3091 * or we have set it to 0.0.0.* to 3092 * indicate that we do not really care, 3093 * this is agreeable. Gonna conf-ack 3094 * it. 3095 */ 3096 if (debug) 3097 log(-1, "%s [ack] ", 3098 sppp_dotted_quad(hisaddr)); 3099 /* record that we've seen it already */ 3100 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3101 continue; 3102 } 3103 /* 3104 * The address wasn't agreeable. This is either 3105 * he sent us 0.0.0.0, asking to assign him an 3106 * address, or he send us another address not 3107 * matching our value. Either case, we gonna 3108 * conf-nak it with our value. 3109 * XXX: we should "rej" if hisaddr == 0 3110 */ 3111 if (debug) { 3112 if (desiredaddr == 0) 3113 log(-1, "[addr requested] "); 3114 else 3115 log(-1, "%s [not agreed] ", 3116 sppp_dotted_quad(desiredaddr)); 3117 3118 } 3119 p[2] = hisaddr >> 24; 3120 p[3] = hisaddr >> 16; 3121 p[4] = hisaddr >> 8; 3122 p[5] = hisaddr; 3123 break; 3124 } 3125 /* Add the option to nak'ed list. */ 3126 bcopy (p, r, p[1]); 3127 r += p[1]; 3128 rlen += p[1]; 3129 } 3130 3131 /* 3132 * If we are about to conf-ack the request, but haven't seen 3133 * his address so far, gonna conf-nak it instead, with the 3134 * `address' option present and our idea of his address being 3135 * filled in there, to request negotiation of both addresses. 3136 * 3137 * XXX This can result in an endless req - nak loop if peer 3138 * doesn't want to send us his address. Q: What should we do 3139 * about it? XXX A: implement the max-failure counter. 3140 */ 3141 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 3142 buf[0] = IPCP_OPT_ADDRESS; 3143 buf[1] = 6; 3144 buf[2] = hisaddr >> 24; 3145 buf[3] = hisaddr >> 16; 3146 buf[4] = hisaddr >> 8; 3147 buf[5] = hisaddr; 3148 rlen = 6; 3149 if (debug) 3150 log(-1, "still need hisaddr "); 3151 } 3152 3153 if (rlen) { 3154 if (debug) 3155 log(-1, " send conf-nak\n"); 3156 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3157 } else { 3158 if (debug) 3159 log(-1, " send conf-ack\n"); 3160 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 3161 h->ident, origlen, h+1); 3162 } 3163 3164 free (buf, M_TEMP); 3165 return (rlen == 0); 3166} 3167 3168/* 3169 * Analyze the IPCP Configure-Reject option list, and adjust our 3170 * negotiation. 3171 */ 3172static void 3173sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3174{ 3175 u_char *buf, *p; 3176 struct ifnet *ifp = &sp->pp_if; 3177 int debug = ifp->if_flags & IFF_DEBUG; 3178 3179 len -= 4; 3180 buf = malloc (len, M_TEMP, M_NOWAIT); 3181 if (!buf) 3182 return; 3183 3184 if (debug) 3185 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 3186 SPP_ARGS(ifp)); 3187 3188 p = (void*) (h+1); 3189 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3190 if (debug) 3191 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3192 switch (*p) { 3193 case IPCP_OPT_COMPRESSION: 3194 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION); 3195 break; 3196 case IPCP_OPT_ADDRESS: 3197 /* 3198 * Peer doesn't grok address option. This is 3199 * bad. XXX Should we better give up here? 3200 * XXX We could try old "addresses" option... 3201 */ 3202 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3203 break; 3204 } 3205 } 3206 if (debug) 3207 log(-1, "\n"); 3208 free (buf, M_TEMP); 3209 return; 3210} 3211 3212/* 3213 * Analyze the IPCP Configure-NAK option list, and adjust our 3214 * negotiation. 3215 */ 3216static void 3217sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3218{ 3219 u_char *buf, *p; 3220 struct ifnet *ifp = &sp->pp_if; 3221 int debug = ifp->if_flags & IFF_DEBUG; 3222 int desiredcomp; 3223 u_long wantaddr; 3224 3225 len -= 4; 3226 buf = malloc (len, M_TEMP, M_NOWAIT); 3227 if (!buf) 3228 return; 3229 3230 if (debug) 3231 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 3232 SPP_ARGS(ifp)); 3233 3234 p = (void*) (h+1); 3235 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3236 if (debug) 3237 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3238 switch (*p) { 3239 case IPCP_OPT_COMPRESSION: 3240 if (len >= 6 && p[1] == 6) { 3241 desiredcomp = p[2] << 8 | p[3]; 3242 if (debug) 3243 log(-1, "[wantcomp %#04x] ", 3244 desiredcomp); 3245 if (desiredcomp == IPCP_COMP_VJ) { 3246 sl_compress_init(sp->pp_comp, p[4]); 3247 sp->ipcp.max_state = p[4]; 3248 sp->ipcp.compress_cid = p[5]; 3249 if (debug) 3250 log(-1, "[agree] "); 3251 } else 3252 sp->ipcp.opts &= 3253 ~(1 << IPCP_OPT_COMPRESSION); 3254 } 3255 break; 3256 case IPCP_OPT_ADDRESS: 3257 /* 3258 * Peer doesn't like our local IP address. See 3259 * if we can do something for him. We'll drop 3260 * him our address then. 3261 */ 3262 if (len >= 6 && p[1] == 6) { 3263 wantaddr = p[2] << 24 | p[3] << 16 | 3264 p[4] << 8 | p[5]; 3265 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3266 if (debug) 3267 log(-1, "[wantaddr %s] ", 3268 sppp_dotted_quad(wantaddr)); 3269 /* 3270 * When doing dynamic address assignment, 3271 * we accept his offer. Otherwise, we 3272 * ignore it and thus continue to negotiate 3273 * our already existing value. 3274 * XXX: Bogus, if he said no once, he'll 3275 * just say no again, might as well die. 3276 */ 3277 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3278 sppp_set_ip_addr(sp, wantaddr); 3279 if (debug) 3280 log(-1, "[agree] "); 3281 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3282 } 3283 } 3284 break; 3285 } 3286 } 3287 if (debug) 3288 log(-1, "\n"); 3289 free (buf, M_TEMP); 3290 return; 3291} 3292 3293static void 3294sppp_ipcp_tlu(struct sppp *sp) 3295{ 3296 /* we are up - notify isdn daemon */ 3297 if (sp->pp_con) 3298 sp->pp_con(sp); 3299} 3300 3301static void 3302sppp_ipcp_tld(struct sppp *sp) 3303{ 3304} 3305 3306static void 3307sppp_ipcp_tls(struct sppp *sp) 3308{ 3309 /* indicate to LCP that it must stay alive */ 3310 sp->lcp.protos |= (1 << IDX_IPCP); 3311} 3312 3313static void 3314sppp_ipcp_tlf(struct sppp *sp) 3315{ 3316 /* we no longer need LCP */ 3317 sp->lcp.protos &= ~(1 << IDX_IPCP); 3318 sppp_lcp_check_and_close(sp); 3319} 3320 3321static void 3322sppp_ipcp_scr(struct sppp *sp) 3323{ 3324 char opt[6 /* compression */ + 6 /* address */]; 3325 u_long ouraddr; 3326 int i = 0; 3327 3328 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3329 opt[i++] = IPCP_OPT_COMPRESSION; 3330 opt[i++] = 6; 3331 opt[i++] = IPCP_COMP_VJ >> 8; 3332 opt[i++] = IPCP_COMP_VJ; 3333 opt[i++] = sp->ipcp.max_state; 3334 opt[i++] = sp->ipcp.compress_cid; 3335 } 3336 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3337 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3338 opt[i++] = IPCP_OPT_ADDRESS; 3339 opt[i++] = 6; 3340 opt[i++] = ouraddr >> 24; 3341 opt[i++] = ouraddr >> 16; 3342 opt[i++] = ouraddr >> 8; 3343 opt[i++] = ouraddr; 3344 } 3345 3346 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3347 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3348} 3349 3350/* 3351 *--------------------------------------------------------------------------* 3352 * * 3353 * The IPv6CP implementation. * 3354 * * 3355 *--------------------------------------------------------------------------* 3356 */ 3357 3358#ifdef INET6 3359static void 3360sppp_ipv6cp_init(struct sppp *sp) 3361{ 3362 sp->ipv6cp.opts = 0; 3363 sp->ipv6cp.flags = 0; 3364 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3365 sp->fail_counter[IDX_IPV6CP] = 0; 3366 sp->pp_seq[IDX_IPV6CP] = 0; 3367 sp->pp_rseq[IDX_IPV6CP] = 0; 3368 callout_init(&sp->ch[IDX_IPV6CP], 3369 (sp->pp_if.if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 3370} 3371 3372static void 3373sppp_ipv6cp_up(struct sppp *sp) 3374{ 3375 sppp_up_event(&ipv6cp, sp); 3376} 3377 3378static void 3379sppp_ipv6cp_down(struct sppp *sp) 3380{ 3381 sppp_down_event(&ipv6cp, sp); 3382} 3383 3384static void 3385sppp_ipv6cp_open(struct sppp *sp) 3386{ 3387 STDDCL; 3388 struct in6_addr myaddr, hisaddr; 3389 3390#ifdef IPV6CP_MYIFID_DYN 3391 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3392#else 3393 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3394#endif 3395 3396 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3397 /* 3398 * If we don't have our address, this probably means our 3399 * interface doesn't want to talk IPv6 at all. (This could 3400 * be the case if somebody wants to speak only IPX, for 3401 * example.) Don't open IPv6CP in this case. 3402 */ 3403 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3404 /* XXX this message should go away */ 3405 if (debug) 3406 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3407 SPP_ARGS(ifp)); 3408 return; 3409 } 3410 3411 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3412 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3413 sppp_open_event(&ipv6cp, sp); 3414} 3415 3416static void 3417sppp_ipv6cp_close(struct sppp *sp) 3418{ 3419 sppp_close_event(&ipv6cp, sp); 3420} 3421 3422static void 3423sppp_ipv6cp_TO(void *cookie) 3424{ 3425 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3426} 3427 3428/* 3429 * Analyze a configure request. Return true if it was agreeable, and 3430 * caused action sca, false if it has been rejected or nak'ed, and 3431 * caused action scn. (The return value is used to make the state 3432 * transition decision in the state automaton.) 3433 */ 3434static int 3435sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3436{ 3437 u_char *buf, *r, *p; 3438 struct ifnet *ifp = &sp->pp_if; 3439 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3440 struct in6_addr myaddr, desiredaddr, suggestaddr; 3441 int ifidcount; 3442 int type; 3443 int collision, nohisaddr; 3444 3445 len -= 4; 3446 origlen = len; 3447 /* 3448 * Make sure to allocate a buf that can at least hold a 3449 * conf-nak with an `address' option. We might need it below. 3450 */ 3451 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3452 if (! buf) 3453 return (0); 3454 3455 /* pass 1: see if we can recognize them */ 3456 if (debug) 3457 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3458 SPP_ARGS(ifp)); 3459 p = (void*) (h+1); 3460 ifidcount = 0; 3461 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3462 if (debug) 3463 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3464 switch (*p) { 3465 case IPV6CP_OPT_IFID: 3466 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3467 /* correctly formed address option */ 3468 ifidcount++; 3469 continue; 3470 } 3471 if (debug) 3472 log(-1, " [invalid]"); 3473 break; 3474#ifdef notyet 3475 case IPV6CP_OPT_COMPRESSION: 3476 if (len >= 4 && p[1] >= 4) { 3477 /* correctly formed compress option */ 3478 continue; 3479 } 3480 if (debug) 3481 log(-1, " [invalid]"); 3482 break; 3483#endif 3484 default: 3485 /* Others not supported. */ 3486 if (debug) 3487 log(-1, " [rej]"); 3488 break; 3489 } 3490 /* Add the option to rejected list. */ 3491 bcopy (p, r, p[1]); 3492 r += p[1]; 3493 rlen += p[1]; 3494 } 3495 if (rlen) { 3496 if (debug) 3497 log(-1, " send conf-rej\n"); 3498 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3499 goto end; 3500 } else if (debug) 3501 log(-1, "\n"); 3502 3503 /* pass 2: parse option values */ 3504 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3505 if (debug) 3506 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3507 SPP_ARGS(ifp)); 3508 p = (void*) (h+1); 3509 len = origlen; 3510 type = CONF_ACK; 3511 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3512 if (debug) 3513 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3514 switch (*p) { 3515#ifdef notyet 3516 case IPV6CP_OPT_COMPRESSION: 3517 continue; 3518#endif 3519 case IPV6CP_OPT_IFID: 3520 bzero(&desiredaddr, sizeof(desiredaddr)); 3521 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3522 collision = (bcmp(&desiredaddr.s6_addr[8], 3523 &myaddr.s6_addr[8], 8) == 0); 3524 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3525 3526 desiredaddr.s6_addr16[0] = htons(0xfe80); 3527 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3528 3529 if (!collision && !nohisaddr) { 3530 /* no collision, hisaddr known - Conf-Ack */ 3531 type = CONF_ACK; 3532 3533 if (debug) { 3534 log(-1, " %s [%s]", 3535 ip6_sprintf(&desiredaddr), 3536 sppp_cp_type_name(type)); 3537 } 3538 continue; 3539 } 3540 3541 bzero(&suggestaddr, sizeof(&suggestaddr)); 3542 if (collision && nohisaddr) { 3543 /* collision, hisaddr unknown - Conf-Rej */ 3544 type = CONF_REJ; 3545 bzero(&p[2], 8); 3546 } else { 3547 /* 3548 * - no collision, hisaddr unknown, or 3549 * - collision, hisaddr known 3550 * Conf-Nak, suggest hisaddr 3551 */ 3552 type = CONF_NAK; 3553 sppp_suggest_ip6_addr(sp, &suggestaddr); 3554 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3555 } 3556 if (debug) 3557 log(-1, " %s [%s]", ip6_sprintf(&desiredaddr), 3558 sppp_cp_type_name(type)); 3559 break; 3560 } 3561 /* Add the option to nak'ed list. */ 3562 bcopy (p, r, p[1]); 3563 r += p[1]; 3564 rlen += p[1]; 3565 } 3566 3567 if (rlen == 0 && type == CONF_ACK) { 3568 if (debug) 3569 log(-1, " send %s\n", sppp_cp_type_name(type)); 3570 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3571 } else { 3572#ifdef DIAGNOSTIC 3573 if (type == CONF_ACK) 3574 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3575#endif 3576 3577 if (debug) { 3578 log(-1, " send %s suggest %s\n", 3579 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3580 } 3581 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3582 } 3583 3584 end: 3585 free (buf, M_TEMP); 3586 return (rlen == 0); 3587} 3588 3589/* 3590 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3591 * negotiation. 3592 */ 3593static void 3594sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3595{ 3596 u_char *buf, *p; 3597 struct ifnet *ifp = &sp->pp_if; 3598 int debug = ifp->if_flags & IFF_DEBUG; 3599 3600 len -= 4; 3601 buf = malloc (len, M_TEMP, M_NOWAIT); 3602 if (!buf) 3603 return; 3604 3605 if (debug) 3606 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3607 SPP_ARGS(ifp)); 3608 3609 p = (void*) (h+1); 3610 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3611 if (debug) 3612 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3613 switch (*p) { 3614 case IPV6CP_OPT_IFID: 3615 /* 3616 * Peer doesn't grok address option. This is 3617 * bad. XXX Should we better give up here? 3618 */ 3619 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3620 break; 3621#ifdef notyet 3622 case IPV6CP_OPT_COMPRESS: 3623 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3624 break; 3625#endif 3626 } 3627 } 3628 if (debug) 3629 log(-1, "\n"); 3630 free (buf, M_TEMP); 3631 return; 3632} 3633 3634/* 3635 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3636 * negotiation. 3637 */ 3638static void 3639sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3640{ 3641 u_char *buf, *p; 3642 struct ifnet *ifp = &sp->pp_if; 3643 int debug = ifp->if_flags & IFF_DEBUG; 3644 struct in6_addr suggestaddr; 3645 3646 len -= 4; 3647 buf = malloc (len, M_TEMP, M_NOWAIT); 3648 if (!buf) 3649 return; 3650 3651 if (debug) 3652 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3653 SPP_ARGS(ifp)); 3654 3655 p = (void*) (h+1); 3656 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3657 if (debug) 3658 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3659 switch (*p) { 3660 case IPV6CP_OPT_IFID: 3661 /* 3662 * Peer doesn't like our local ifid. See 3663 * if we can do something for him. We'll drop 3664 * him our address then. 3665 */ 3666 if (len < 10 || p[1] != 10) 3667 break; 3668 bzero(&suggestaddr, sizeof(suggestaddr)); 3669 suggestaddr.s6_addr16[0] = htons(0xfe80); 3670 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3671 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3672 3673 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3674 if (debug) 3675 log(-1, " [suggestaddr %s]", 3676 ip6_sprintf(&suggestaddr)); 3677#ifdef IPV6CP_MYIFID_DYN 3678 /* 3679 * When doing dynamic address assignment, 3680 * we accept his offer. 3681 */ 3682 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3683 struct in6_addr lastsuggest; 3684 /* 3685 * If <suggested myaddr from peer> equals to 3686 * <hisaddr we have suggested last time>, 3687 * we have a collision. generate new random 3688 * ifid. 3689 */ 3690 sppp_suggest_ip6_addr(&lastsuggest); 3691 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3692 lastsuggest)) { 3693 if (debug) 3694 log(-1, " [random]"); 3695 sppp_gen_ip6_addr(sp, &suggestaddr); 3696 } 3697 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3698 if (debug) 3699 log(-1, " [agree]"); 3700 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3701 } 3702#else 3703 /* 3704 * Since we do not do dynamic address assignment, 3705 * we ignore it and thus continue to negotiate 3706 * our already existing value. This can possibly 3707 * go into infinite request-reject loop. 3708 * 3709 * This is not likely because we normally use 3710 * ifid based on MAC-address. 3711 * If you have no ethernet card on the node, too bad. 3712 * XXX should we use fail_counter? 3713 */ 3714#endif 3715 break; 3716#ifdef notyet 3717 case IPV6CP_OPT_COMPRESS: 3718 /* 3719 * Peer wants different compression parameters. 3720 */ 3721 break; 3722#endif 3723 } 3724 } 3725 if (debug) 3726 log(-1, "\n"); 3727 free (buf, M_TEMP); 3728 return; 3729} 3730static void 3731sppp_ipv6cp_tlu(struct sppp *sp) 3732{ 3733 /* we are up - notify isdn daemon */ 3734 if (sp->pp_con) 3735 sp->pp_con(sp); 3736} 3737 3738static void 3739sppp_ipv6cp_tld(struct sppp *sp) 3740{ 3741} 3742 3743static void 3744sppp_ipv6cp_tls(struct sppp *sp) 3745{ 3746 /* indicate to LCP that it must stay alive */ 3747 sp->lcp.protos |= (1 << IDX_IPV6CP); 3748} 3749 3750static void 3751sppp_ipv6cp_tlf(struct sppp *sp) 3752{ 3753 3754#if 0 /* need #if 0 to close IPv6CP properly */ 3755 /* we no longer need LCP */ 3756 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3757 sppp_lcp_check_and_close(sp); 3758#endif 3759} 3760 3761static void 3762sppp_ipv6cp_scr(struct sppp *sp) 3763{ 3764 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3765 struct in6_addr ouraddr; 3766 int i = 0; 3767 3768 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3769 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3770 opt[i++] = IPV6CP_OPT_IFID; 3771 opt[i++] = 10; 3772 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3773 i += 8; 3774 } 3775 3776#ifdef notyet 3777 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3778 opt[i++] = IPV6CP_OPT_COMPRESSION; 3779 opt[i++] = 4; 3780 opt[i++] = 0; /* TBD */ 3781 opt[i++] = 0; /* TBD */ 3782 /* variable length data may follow */ 3783 } 3784#endif 3785 3786 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3787 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3788} 3789#else /*INET6*/ 3790static void sppp_ipv6cp_init(struct sppp *sp) 3791{ 3792} 3793 3794static void sppp_ipv6cp_up(struct sppp *sp) 3795{ 3796} 3797 3798static void sppp_ipv6cp_down(struct sppp *sp) 3799{ 3800} 3801 3802 3803static void sppp_ipv6cp_open(struct sppp *sp) 3804{ 3805} 3806 3807static void sppp_ipv6cp_close(struct sppp *sp) 3808{ 3809} 3810 3811static void sppp_ipv6cp_TO(void *sp) 3812{ 3813} 3814 3815static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3816{ 3817 return 0; 3818} 3819 3820static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3821{ 3822} 3823 3824static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3825{ 3826} 3827 3828static void sppp_ipv6cp_tlu(struct sppp *sp) 3829{ 3830} 3831 3832static void sppp_ipv6cp_tld(struct sppp *sp) 3833{ 3834} 3835 3836static void sppp_ipv6cp_tls(struct sppp *sp) 3837{ 3838} 3839 3840static void sppp_ipv6cp_tlf(struct sppp *sp) 3841{ 3842} 3843 3844static void sppp_ipv6cp_scr(struct sppp *sp) 3845{ 3846} 3847#endif /*INET6*/ 3848 3849/* 3850 *--------------------------------------------------------------------------* 3851 * * 3852 * The CHAP implementation. * 3853 * * 3854 *--------------------------------------------------------------------------* 3855 */ 3856 3857/* 3858 * The authentication protocols don't employ a full-fledged state machine as 3859 * the control protocols do, since they do have Open and Close events, but 3860 * not Up and Down, nor are they explicitly terminated. Also, use of the 3861 * authentication protocols may be different in both directions (this makes 3862 * sense, think of a machine that never accepts incoming calls but only 3863 * calls out, it doesn't require the called party to authenticate itself). 3864 * 3865 * Our state machine for the local authentication protocol (we are requesting 3866 * the peer to authenticate) looks like: 3867 * 3868 * RCA- 3869 * +--------------------------------------------+ 3870 * V scn,tld| 3871 * +--------+ Close +---------+ RCA+ 3872 * | |<----------------------------------| |------+ 3873 * +--->| Closed | TO* | Opened | sca | 3874 * | | |-----+ +-------| |<-----+ 3875 * | +--------+ irc | | +---------+ 3876 * | ^ | | ^ 3877 * | | | | | 3878 * | | | | | 3879 * | TO-| | | | 3880 * | |tld TO+ V | | 3881 * | | +------->+ | | 3882 * | | | | | | 3883 * | +--------+ V | | 3884 * | | |<----+<--------------------+ | 3885 * | | Req- | scr | 3886 * | | Sent | | 3887 * | | | | 3888 * | +--------+ | 3889 * | RCA- | | RCA+ | 3890 * +------+ +------------------------------------------+ 3891 * scn,tld sca,irc,ict,tlu 3892 * 3893 * 3894 * with: 3895 * 3896 * Open: LCP reached authentication phase 3897 * Close: LCP reached terminate phase 3898 * 3899 * RCA+: received reply (pap-req, chap-response), acceptable 3900 * RCN: received reply (pap-req, chap-response), not acceptable 3901 * TO+: timeout with restart counter >= 0 3902 * TO-: timeout with restart counter < 0 3903 * TO*: reschedule timeout for CHAP 3904 * 3905 * scr: send request packet (none for PAP, chap-challenge) 3906 * sca: send ack packet (pap-ack, chap-success) 3907 * scn: send nak packet (pap-nak, chap-failure) 3908 * ict: initialize re-challenge timer (CHAP only) 3909 * 3910 * tlu: this-layer-up, LCP reaches network phase 3911 * tld: this-layer-down, LCP enters terminate phase 3912 * 3913 * Note that in CHAP mode, after sending a new challenge, while the state 3914 * automaton falls back into Req-Sent state, it doesn't signal a tld 3915 * event to LCP, so LCP remains in network phase. Only after not getting 3916 * any response (or after getting an unacceptable response), CHAP closes, 3917 * causing LCP to enter terminate phase. 3918 * 3919 * With PAP, there is no initial request that can be sent. The peer is 3920 * expected to send one based on the successful negotiation of PAP as 3921 * the authentication protocol during the LCP option negotiation. 3922 * 3923 * Incoming authentication protocol requests (remote requests 3924 * authentication, we are peer) don't employ a state machine at all, 3925 * they are simply answered. Some peers [Ascend P50 firmware rev 3926 * 4.50] react allergically when sending IPCP requests while they are 3927 * still in authentication phase (thereby violating the standard that 3928 * demands that these NCP packets are to be discarded), so we keep 3929 * track of the peer demanding us to authenticate, and only proceed to 3930 * phase network once we've seen a positive acknowledge for the 3931 * authentication. 3932 */ 3933 3934/* 3935 * Handle incoming CHAP packets. 3936 */ 3937static void 3938sppp_chap_input(struct sppp *sp, struct mbuf *m) 3939{ 3940 STDDCL; 3941 struct lcp_header *h; 3942 int len, x; 3943 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3944 int value_len, name_len; 3945 MD5_CTX ctx; 3946 3947 len = m->m_pkthdr.len; 3948 if (len < 4) { 3949 if (debug) 3950 log(LOG_DEBUG, 3951 SPP_FMT "chap invalid packet length: %d bytes\n", 3952 SPP_ARGS(ifp), len); 3953 return; 3954 } 3955 h = mtod (m, struct lcp_header*); 3956 if (len > ntohs (h->len)) 3957 len = ntohs (h->len); 3958 3959 switch (h->type) { 3960 /* challenge, failure and success are his authproto */ 3961 case CHAP_CHALLENGE: 3962 value = 1 + (u_char*)(h+1); 3963 value_len = value[-1]; 3964 name = value + value_len; 3965 name_len = len - value_len - 5; 3966 if (name_len < 0) { 3967 if (debug) { 3968 log(LOG_DEBUG, 3969 SPP_FMT "chap corrupted challenge " 3970 "<%s id=0x%x len=%d", 3971 SPP_ARGS(ifp), 3972 sppp_auth_type_name(PPP_CHAP, h->type), 3973 h->ident, ntohs(h->len)); 3974 sppp_print_bytes((u_char*) (h+1), len-4); 3975 log(-1, ">\n"); 3976 } 3977 break; 3978 } 3979 3980 if (debug) { 3981 log(LOG_DEBUG, 3982 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3983 SPP_ARGS(ifp), 3984 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3985 ntohs(h->len)); 3986 sppp_print_string((char*) name, name_len); 3987 log(-1, " value-size=%d value=", value_len); 3988 sppp_print_bytes(value, value_len); 3989 log(-1, ">\n"); 3990 } 3991 3992 /* Compute reply value. */ 3993 MD5Init(&ctx); 3994 MD5Update(&ctx, &h->ident, 1); 3995 MD5Update(&ctx, sp->myauth.secret, 3996 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3997 MD5Update(&ctx, value, value_len); 3998 MD5Final(digest, &ctx); 3999 dsize = sizeof digest; 4000 4001 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 4002 sizeof dsize, (const char *)&dsize, 4003 sizeof digest, digest, 4004 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4005 sp->myauth.name, 4006 0); 4007 break; 4008 4009 case CHAP_SUCCESS: 4010 if (debug) { 4011 log(LOG_DEBUG, SPP_FMT "chap success", 4012 SPP_ARGS(ifp)); 4013 if (len > 4) { 4014 log(-1, ": "); 4015 sppp_print_string((char*)(h + 1), len - 4); 4016 } 4017 log(-1, "\n"); 4018 } 4019 x = splimp(); 4020 SPPP_LOCK(sp); 4021 sp->pp_flags &= ~PP_NEEDAUTH; 4022 if (sp->myauth.proto == PPP_CHAP && 4023 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4024 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 4025 /* 4026 * We are authenticator for CHAP but didn't 4027 * complete yet. Leave it to tlu to proceed 4028 * to network phase. 4029 */ 4030 SPPP_UNLOCK(sp); 4031 splx(x); 4032 break; 4033 } 4034 SPPP_UNLOCK(sp); 4035 splx(x); 4036 sppp_phase_network(sp); 4037 break; 4038 4039 case CHAP_FAILURE: 4040 if (debug) { 4041 log(LOG_INFO, SPP_FMT "chap failure", 4042 SPP_ARGS(ifp)); 4043 if (len > 4) { 4044 log(-1, ": "); 4045 sppp_print_string((char*)(h + 1), len - 4); 4046 } 4047 log(-1, "\n"); 4048 } else 4049 log(LOG_INFO, SPP_FMT "chap failure\n", 4050 SPP_ARGS(ifp)); 4051 /* await LCP shutdown by authenticator */ 4052 break; 4053 4054 /* response is my authproto */ 4055 case CHAP_RESPONSE: 4056 value = 1 + (u_char*)(h+1); 4057 value_len = value[-1]; 4058 name = value + value_len; 4059 name_len = len - value_len - 5; 4060 if (name_len < 0) { 4061 if (debug) { 4062 log(LOG_DEBUG, 4063 SPP_FMT "chap corrupted response " 4064 "<%s id=0x%x len=%d", 4065 SPP_ARGS(ifp), 4066 sppp_auth_type_name(PPP_CHAP, h->type), 4067 h->ident, ntohs(h->len)); 4068 sppp_print_bytes((u_char*)(h+1), len-4); 4069 log(-1, ">\n"); 4070 } 4071 break; 4072 } 4073 if (h->ident != sp->confid[IDX_CHAP]) { 4074 if (debug) 4075 log(LOG_DEBUG, 4076 SPP_FMT "chap dropping response for old ID " 4077 "(got %d, expected %d)\n", 4078 SPP_ARGS(ifp), 4079 h->ident, sp->confid[IDX_CHAP]); 4080 break; 4081 } 4082 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 4083 || bcmp(name, sp->hisauth.name, name_len) != 0) { 4084 log(LOG_INFO, SPP_FMT "chap response, his name ", 4085 SPP_ARGS(ifp)); 4086 sppp_print_string(name, name_len); 4087 log(-1, " != expected "); 4088 sppp_print_string(sp->hisauth.name, 4089 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 4090 log(-1, "\n"); 4091 } 4092 if (debug) { 4093 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 4094 "<%s id=0x%x len=%d name=", 4095 SPP_ARGS(ifp), 4096 sppp_state_name(sp->state[IDX_CHAP]), 4097 sppp_auth_type_name(PPP_CHAP, h->type), 4098 h->ident, ntohs (h->len)); 4099 sppp_print_string((char*)name, name_len); 4100 log(-1, " value-size=%d value=", value_len); 4101 sppp_print_bytes(value, value_len); 4102 log(-1, ">\n"); 4103 } 4104 if (value_len != AUTHKEYLEN) { 4105 if (debug) 4106 log(LOG_DEBUG, 4107 SPP_FMT "chap bad hash value length: " 4108 "%d bytes, should be %d\n", 4109 SPP_ARGS(ifp), value_len, 4110 AUTHKEYLEN); 4111 break; 4112 } 4113 4114 MD5Init(&ctx); 4115 MD5Update(&ctx, &h->ident, 1); 4116 MD5Update(&ctx, sp->hisauth.secret, 4117 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 4118 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 4119 MD5Final(digest, &ctx); 4120 4121#define FAILMSG "Failed..." 4122#define SUCCMSG "Welcome!" 4123 4124 if (value_len != sizeof digest || 4125 bcmp(digest, value, value_len) != 0) { 4126 /* action scn, tld */ 4127 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4128 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4129 0); 4130 chap.tld(sp); 4131 break; 4132 } 4133 /* action sca, perhaps tlu */ 4134 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4135 sp->state[IDX_CHAP] == STATE_OPENED) 4136 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4137 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4138 0); 4139 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4140 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4141 chap.tlu(sp); 4142 } 4143 break; 4144 4145 default: 4146 /* Unknown CHAP packet type -- ignore. */ 4147 if (debug) { 4148 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4149 "<0x%x id=0x%xh len=%d", 4150 SPP_ARGS(ifp), 4151 sppp_state_name(sp->state[IDX_CHAP]), 4152 h->type, h->ident, ntohs(h->len)); 4153 sppp_print_bytes((u_char*)(h+1), len-4); 4154 log(-1, ">\n"); 4155 } 4156 break; 4157 4158 } 4159} 4160 4161static void 4162sppp_chap_init(struct sppp *sp) 4163{ 4164 /* Chap doesn't have STATE_INITIAL at all. */ 4165 sp->state[IDX_CHAP] = STATE_CLOSED; 4166 sp->fail_counter[IDX_CHAP] = 0; 4167 sp->pp_seq[IDX_CHAP] = 0; 4168 sp->pp_rseq[IDX_CHAP] = 0; 4169 callout_init(&sp->ch[IDX_CHAP], 4170 (sp->pp_if.if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 4171} 4172 4173static void 4174sppp_chap_open(struct sppp *sp) 4175{ 4176 if (sp->myauth.proto == PPP_CHAP && 4177 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4178 /* we are authenticator for CHAP, start it */ 4179 chap.scr(sp); 4180 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4181 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4182 } 4183 /* nothing to be done if we are peer, await a challenge */ 4184} 4185 4186static void 4187sppp_chap_close(struct sppp *sp) 4188{ 4189 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4190 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4191} 4192 4193static void 4194sppp_chap_TO(void *cookie) 4195{ 4196 struct sppp *sp = (struct sppp *)cookie; 4197 STDDCL; 4198 int s; 4199 4200 s = splimp(); 4201 SPPP_LOCK(sp); 4202 if (debug) 4203 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4204 SPP_ARGS(ifp), 4205 sppp_state_name(sp->state[IDX_CHAP]), 4206 sp->rst_counter[IDX_CHAP]); 4207 4208 if (--sp->rst_counter[IDX_CHAP] < 0) 4209 /* TO- event */ 4210 switch (sp->state[IDX_CHAP]) { 4211 case STATE_REQ_SENT: 4212 chap.tld(sp); 4213 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4214 break; 4215 } 4216 else 4217 /* TO+ (or TO*) event */ 4218 switch (sp->state[IDX_CHAP]) { 4219 case STATE_OPENED: 4220 /* TO* event */ 4221 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4222 /* FALLTHROUGH */ 4223 case STATE_REQ_SENT: 4224 chap.scr(sp); 4225 /* sppp_cp_change_state() will restart the timer */ 4226 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4227 break; 4228 } 4229 4230 SPPP_UNLOCK(sp); 4231 splx(s); 4232} 4233 4234static void 4235sppp_chap_tlu(struct sppp *sp) 4236{ 4237 STDDCL; 4238 int i, x; 4239 4240 i = 0; 4241 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4242 4243 /* 4244 * Some broken CHAP implementations (Conware CoNet, firmware 4245 * 4.0.?) don't want to re-authenticate their CHAP once the 4246 * initial challenge-response exchange has taken place. 4247 * Provide for an option to avoid rechallenges. 4248 */ 4249 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4250 /* 4251 * Compute the re-challenge timeout. This will yield 4252 * a number between 300 and 810 seconds. 4253 */ 4254 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4255 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, (void *)sp); 4256 } 4257 4258 if (debug) { 4259 log(LOG_DEBUG, 4260 SPP_FMT "chap %s, ", 4261 SPP_ARGS(ifp), 4262 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4263 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4264 log(-1, "next re-challenge in %d seconds\n", i); 4265 else 4266 log(-1, "re-challenging supressed\n"); 4267 } 4268 4269 x = splimp(); 4270 SPPP_LOCK(sp); 4271 /* indicate to LCP that we need to be closed down */ 4272 sp->lcp.protos |= (1 << IDX_CHAP); 4273 4274 if (sp->pp_flags & PP_NEEDAUTH) { 4275 /* 4276 * Remote is authenticator, but his auth proto didn't 4277 * complete yet. Defer the transition to network 4278 * phase. 4279 */ 4280 SPPP_UNLOCK(sp); 4281 splx(x); 4282 return; 4283 } 4284 SPPP_UNLOCK(sp); 4285 splx(x); 4286 4287 /* 4288 * If we are already in phase network, we are done here. This 4289 * is the case if this is a dummy tlu event after a re-challenge. 4290 */ 4291 if (sp->pp_phase != PHASE_NETWORK) 4292 sppp_phase_network(sp); 4293} 4294 4295static void 4296sppp_chap_tld(struct sppp *sp) 4297{ 4298 STDDCL; 4299 4300 if (debug) 4301 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4302 callout_stop(&sp->ch[IDX_CHAP]); 4303 sp->lcp.protos &= ~(1 << IDX_CHAP); 4304 4305 lcp.Close(sp); 4306} 4307 4308static void 4309sppp_chap_scr(struct sppp *sp) 4310{ 4311 u_long *ch, seed; 4312 u_char clen; 4313 4314 /* Compute random challenge. */ 4315 ch = (u_long *)sp->myauth.challenge; 4316#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4317 read_random(&seed, sizeof seed); 4318#else 4319 { 4320 struct timeval tv; 4321 microtime(&tv); 4322 seed = tv.tv_sec ^ tv.tv_usec; 4323 } 4324#endif 4325 ch[0] = seed ^ random(); 4326 ch[1] = seed ^ random(); 4327 ch[2] = seed ^ random(); 4328 ch[3] = seed ^ random(); 4329 clen = AUTHKEYLEN; 4330 4331 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4332 4333 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4334 sizeof clen, (const char *)&clen, 4335 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4336 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4337 sp->myauth.name, 4338 0); 4339} 4340 4341/* 4342 *--------------------------------------------------------------------------* 4343 * * 4344 * The PAP implementation. * 4345 * * 4346 *--------------------------------------------------------------------------* 4347 */ 4348/* 4349 * For PAP, we need to keep a little state also if we are the peer, not the 4350 * authenticator. This is since we don't get a request to authenticate, but 4351 * have to repeatedly authenticate ourself until we got a response (or the 4352 * retry counter is expired). 4353 */ 4354 4355/* 4356 * Handle incoming PAP packets. */ 4357static void 4358sppp_pap_input(struct sppp *sp, struct mbuf *m) 4359{ 4360 STDDCL; 4361 struct lcp_header *h; 4362 int len, x; 4363 u_char *name, *passwd, mlen; 4364 int name_len, passwd_len; 4365 4366 len = m->m_pkthdr.len; 4367 if (len < 5) { 4368 if (debug) 4369 log(LOG_DEBUG, 4370 SPP_FMT "pap invalid packet length: %d bytes\n", 4371 SPP_ARGS(ifp), len); 4372 return; 4373 } 4374 h = mtod (m, struct lcp_header*); 4375 if (len > ntohs (h->len)) 4376 len = ntohs (h->len); 4377 switch (h->type) { 4378 /* PAP request is my authproto */ 4379 case PAP_REQ: 4380 name = 1 + (u_char*)(h+1); 4381 name_len = name[-1]; 4382 passwd = name + name_len + 1; 4383 if (name_len > len - 6 || 4384 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4385 if (debug) { 4386 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4387 "<%s id=0x%x len=%d", 4388 SPP_ARGS(ifp), 4389 sppp_auth_type_name(PPP_PAP, h->type), 4390 h->ident, ntohs(h->len)); 4391 sppp_print_bytes((u_char*)(h+1), len-4); 4392 log(-1, ">\n"); 4393 } 4394 break; 4395 } 4396 if (debug) { 4397 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4398 "<%s id=0x%x len=%d name=", 4399 SPP_ARGS(ifp), 4400 sppp_state_name(sp->state[IDX_PAP]), 4401 sppp_auth_type_name(PPP_PAP, h->type), 4402 h->ident, ntohs(h->len)); 4403 sppp_print_string((char*)name, name_len); 4404 log(-1, " passwd="); 4405 sppp_print_string((char*)passwd, passwd_len); 4406 log(-1, ">\n"); 4407 } 4408 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4409 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4410 bcmp(name, sp->hisauth.name, name_len) != 0 || 4411 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4412 /* action scn, tld */ 4413 mlen = sizeof(FAILMSG) - 1; 4414 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4415 sizeof mlen, (const char *)&mlen, 4416 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4417 0); 4418 pap.tld(sp); 4419 break; 4420 } 4421 /* action sca, perhaps tlu */ 4422 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4423 sp->state[IDX_PAP] == STATE_OPENED) { 4424 mlen = sizeof(SUCCMSG) - 1; 4425 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4426 sizeof mlen, (const char *)&mlen, 4427 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4428 0); 4429 } 4430 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4431 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4432 pap.tlu(sp); 4433 } 4434 break; 4435 4436 /* ack and nak are his authproto */ 4437 case PAP_ACK: 4438 callout_stop(&sp->pap_my_to_ch); 4439 if (debug) { 4440 log(LOG_DEBUG, SPP_FMT "pap success", 4441 SPP_ARGS(ifp)); 4442 name_len = *((char *)h); 4443 if (len > 5 && name_len) { 4444 log(-1, ": "); 4445 sppp_print_string((char*)(h+1), name_len); 4446 } 4447 log(-1, "\n"); 4448 } 4449 x = splimp(); 4450 SPPP_LOCK(sp); 4451 sp->pp_flags &= ~PP_NEEDAUTH; 4452 if (sp->myauth.proto == PPP_PAP && 4453 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4454 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4455 /* 4456 * We are authenticator for PAP but didn't 4457 * complete yet. Leave it to tlu to proceed 4458 * to network phase. 4459 */ 4460 SPPP_UNLOCK(sp); 4461 splx(x); 4462 break; 4463 } 4464 SPPP_UNLOCK(sp); 4465 splx(x); 4466 sppp_phase_network(sp); 4467 break; 4468 4469 case PAP_NAK: 4470 callout_stop (&sp->pap_my_to_ch); 4471 if (debug) { 4472 log(LOG_INFO, SPP_FMT "pap failure", 4473 SPP_ARGS(ifp)); 4474 name_len = *((char *)h); 4475 if (len > 5 && name_len) { 4476 log(-1, ": "); 4477 sppp_print_string((char*)(h+1), name_len); 4478 } 4479 log(-1, "\n"); 4480 } else 4481 log(LOG_INFO, SPP_FMT "pap failure\n", 4482 SPP_ARGS(ifp)); 4483 /* await LCP shutdown by authenticator */ 4484 break; 4485 4486 default: 4487 /* Unknown PAP packet type -- ignore. */ 4488 if (debug) { 4489 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4490 "<0x%x id=0x%x len=%d", 4491 SPP_ARGS(ifp), 4492 h->type, h->ident, ntohs(h->len)); 4493 sppp_print_bytes((u_char*)(h+1), len-4); 4494 log(-1, ">\n"); 4495 } 4496 break; 4497 4498 } 4499} 4500 4501static void 4502sppp_pap_init(struct sppp *sp) 4503{ 4504 /* PAP doesn't have STATE_INITIAL at all. */ 4505 sp->state[IDX_PAP] = STATE_CLOSED; 4506 sp->fail_counter[IDX_PAP] = 0; 4507 sp->pp_seq[IDX_PAP] = 0; 4508 sp->pp_rseq[IDX_PAP] = 0; 4509 callout_init(&sp->ch[IDX_PAP], 4510 (sp->pp_if.if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 4511 callout_init(&sp->pap_my_to_ch, 4512 (sp->pp_if.if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 4513} 4514 4515static void 4516sppp_pap_open(struct sppp *sp) 4517{ 4518 if (sp->hisauth.proto == PPP_PAP && 4519 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4520 /* we are authenticator for PAP, start our timer */ 4521 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4522 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4523 } 4524 if (sp->myauth.proto == PPP_PAP) { 4525 /* we are peer, send a request, and start a timer */ 4526 pap.scr(sp); 4527 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 4528 sppp_pap_my_TO, (void *)sp); 4529 } 4530} 4531 4532static void 4533sppp_pap_close(struct sppp *sp) 4534{ 4535 if (sp->state[IDX_PAP] != STATE_CLOSED) 4536 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4537} 4538 4539/* 4540 * That's the timeout routine if we are authenticator. Since the 4541 * authenticator is basically passive in PAP, we can't do much here. 4542 */ 4543static void 4544sppp_pap_TO(void *cookie) 4545{ 4546 struct sppp *sp = (struct sppp *)cookie; 4547 STDDCL; 4548 int s; 4549 4550 s = splimp(); 4551 SPPP_LOCK(sp); 4552 if (debug) 4553 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4554 SPP_ARGS(ifp), 4555 sppp_state_name(sp->state[IDX_PAP]), 4556 sp->rst_counter[IDX_PAP]); 4557 4558 if (--sp->rst_counter[IDX_PAP] < 0) 4559 /* TO- event */ 4560 switch (sp->state[IDX_PAP]) { 4561 case STATE_REQ_SENT: 4562 pap.tld(sp); 4563 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4564 break; 4565 } 4566 else 4567 /* TO+ event, not very much we could do */ 4568 switch (sp->state[IDX_PAP]) { 4569 case STATE_REQ_SENT: 4570 /* sppp_cp_change_state() will restart the timer */ 4571 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4572 break; 4573 } 4574 4575 SPPP_UNLOCK(sp); 4576 splx(s); 4577} 4578 4579/* 4580 * That's the timeout handler if we are peer. Since the peer is active, 4581 * we need to retransmit our PAP request since it is apparently lost. 4582 * XXX We should impose a max counter. 4583 */ 4584static void 4585sppp_pap_my_TO(void *cookie) 4586{ 4587 struct sppp *sp = (struct sppp *)cookie; 4588 STDDCL; 4589 4590 if (debug) 4591 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4592 SPP_ARGS(ifp)); 4593 4594 SPPP_LOCK(sp); 4595 pap.scr(sp); 4596 SPPP_UNLOCK(sp); 4597} 4598 4599static void 4600sppp_pap_tlu(struct sppp *sp) 4601{ 4602 STDDCL; 4603 int x; 4604 4605 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4606 4607 if (debug) 4608 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4609 SPP_ARGS(ifp), pap.name); 4610 4611 x = splimp(); 4612 SPPP_LOCK(sp); 4613 /* indicate to LCP that we need to be closed down */ 4614 sp->lcp.protos |= (1 << IDX_PAP); 4615 4616 if (sp->pp_flags & PP_NEEDAUTH) { 4617 /* 4618 * Remote is authenticator, but his auth proto didn't 4619 * complete yet. Defer the transition to network 4620 * phase. 4621 */ 4622 SPPP_UNLOCK(sp); 4623 splx(x); 4624 return; 4625 } 4626 SPPP_UNLOCK(sp); 4627 splx(x); 4628 sppp_phase_network(sp); 4629} 4630 4631static void 4632sppp_pap_tld(struct sppp *sp) 4633{ 4634 STDDCL; 4635 4636 if (debug) 4637 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4638 callout_stop (&sp->ch[IDX_PAP]); 4639 callout_stop (&sp->pap_my_to_ch); 4640 sp->lcp.protos &= ~(1 << IDX_PAP); 4641 4642 lcp.Close(sp); 4643} 4644 4645static void 4646sppp_pap_scr(struct sppp *sp) 4647{ 4648 u_char idlen, pwdlen; 4649 4650 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4651 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4652 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4653 4654 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4655 sizeof idlen, (const char *)&idlen, 4656 (size_t)idlen, sp->myauth.name, 4657 sizeof pwdlen, (const char *)&pwdlen, 4658 (size_t)pwdlen, sp->myauth.secret, 4659 0); 4660} 4661 4662/* 4663 * Random miscellaneous functions. 4664 */ 4665 4666/* 4667 * Send a PAP or CHAP proto packet. 4668 * 4669 * Varadic function, each of the elements for the ellipsis is of type 4670 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4671 * mlen == 0. 4672 * NOTE: never declare variadic functions with types subject to type 4673 * promotion (i.e. u_char). This is asking for big trouble depending 4674 * on the architecture you are on... 4675 */ 4676 4677static void 4678sppp_auth_send(const struct cp *cp, struct sppp *sp, 4679 unsigned int type, unsigned int id, 4680 ...) 4681{ 4682 STDDCL; 4683 struct ppp_header *h; 4684 struct lcp_header *lh; 4685 struct mbuf *m; 4686 u_char *p; 4687 int len; 4688 unsigned int mlen; 4689 const char *msg; 4690 va_list ap; 4691 4692 MGETHDR (m, M_DONTWAIT, MT_DATA); 4693 if (! m) 4694 return; 4695 m->m_pkthdr.rcvif = 0; 4696 4697 h = mtod (m, struct ppp_header*); 4698 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4699 h->control = PPP_UI; /* Unnumbered Info */ 4700 h->protocol = htons(cp->proto); 4701 4702 lh = (struct lcp_header*)(h + 1); 4703 lh->type = type; 4704 lh->ident = id; 4705 p = (u_char*) (lh+1); 4706 4707 va_start(ap, id); 4708 len = 0; 4709 4710 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4711 msg = va_arg(ap, const char *); 4712 len += mlen; 4713 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4714 va_end(ap); 4715 m_freem(m); 4716 return; 4717 } 4718 4719 bcopy(msg, p, mlen); 4720 p += mlen; 4721 } 4722 va_end(ap); 4723 4724 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4725 lh->len = htons (LCP_HEADER_LEN + len); 4726 4727 if (debug) { 4728 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4729 SPP_ARGS(ifp), cp->name, 4730 sppp_auth_type_name(cp->proto, lh->type), 4731 lh->ident, ntohs(lh->len)); 4732 sppp_print_bytes((u_char*) (lh+1), len); 4733 log(-1, ">\n"); 4734 } 4735 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 4736 ifp->if_oerrors++; 4737} 4738 4739/* 4740 * Flush interface queue. 4741 */ 4742static void 4743sppp_qflush(struct ifqueue *ifq) 4744{ 4745 struct mbuf *m, *n; 4746 4747 n = ifq->ifq_head; 4748 while ((m = n)) { 4749 n = m->m_act; 4750 m_freem (m); 4751 } 4752 ifq->ifq_head = 0; 4753 ifq->ifq_tail = 0; 4754 ifq->ifq_len = 0; 4755} 4756 4757/* 4758 * Send keepalive packets, every 10 seconds. 4759 */ 4760static void 4761sppp_keepalive(void *dummy) 4762{ 4763 struct sppp *sp = (struct sppp*)dummy; 4764 struct ifnet *ifp = &sp->pp_if; 4765 int s; 4766 4767 s = splimp(); 4768 SPPP_LOCK(sp); 4769 /* Keepalive mode disabled or channel down? */ 4770 if (! (sp->pp_flags & PP_KEEPALIVE) || 4771 ! (ifp->if_flags & IFF_RUNNING)) 4772 goto out; 4773 4774 /* No keepalive in PPP mode if LCP not opened yet. */ 4775 if (sp->pp_mode != IFF_CISCO && 4776 sp->pp_phase < PHASE_AUTHENTICATE) 4777 goto out; 4778 4779 if (sp->pp_alivecnt == MAXALIVECNT) { 4780 /* No keepalive packets got. Stop the interface. */ 4781 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4782 if_down (ifp); 4783 sppp_qflush (&sp->pp_cpq); 4784 if (sp->pp_mode != IFF_CISCO) { 4785 /* XXX */ 4786 /* Shut down the PPP link. */ 4787 lcp.Down(sp); 4788 /* Initiate negotiation. XXX */ 4789 lcp.Up(sp); 4790 } 4791 } 4792 if (sp->pp_alivecnt <= MAXALIVECNT) 4793 ++sp->pp_alivecnt; 4794 if (sp->pp_mode == IFF_CISCO) 4795 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4796 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4797 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4798 long nmagic = htonl (sp->lcp.magic); 4799 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4800 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4801 sp->lcp.echoid, 4, &nmagic); 4802 } 4803out: 4804 SPPP_UNLOCK(sp); 4805 splx(s); 4806 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 4807 (void *)sp); 4808} 4809 4810/* 4811 * Get both IP addresses. 4812 */ 4813static void 4814sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4815{ 4816 struct ifnet *ifp = &sp->pp_if; 4817 struct ifaddr *ifa; 4818 struct sockaddr_in *si, *sm; 4819 u_long ssrc, ddst; 4820 4821 sm = NULL; 4822 ssrc = ddst = 0L; 4823 /* 4824 * Pick the first AF_INET address from the list, 4825 * aliases don't make any sense on a p2p link anyway. 4826 */ 4827 si = 0; 4828#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4829 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4830#elif defined(__NetBSD__) || defined (__OpenBSD__) 4831 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4832 ifa; 4833 ifa = TAILQ_NEXT(ifa, ifa_list)) 4834#else 4835 for (ifa = ifp->if_addrlist; 4836 ifa; 4837 ifa = ifa->ifa_next) 4838#endif 4839 if (ifa->ifa_addr->sa_family == AF_INET) { 4840 si = (struct sockaddr_in *)ifa->ifa_addr; 4841 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4842 if (si) 4843 break; 4844 } 4845 if (ifa) { 4846 if (si && si->sin_addr.s_addr) { 4847 ssrc = si->sin_addr.s_addr; 4848 if (srcmask) 4849 *srcmask = ntohl(sm->sin_addr.s_addr); 4850 } 4851 4852 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4853 if (si && si->sin_addr.s_addr) 4854 ddst = si->sin_addr.s_addr; 4855 } 4856 4857 if (dst) *dst = ntohl(ddst); 4858 if (src) *src = ntohl(ssrc); 4859} 4860 4861/* 4862 * Set my IP address. Must be called at splimp. 4863 */ 4864static void 4865sppp_set_ip_addr(struct sppp *sp, u_long src) 4866{ 4867 STDDCL; 4868 struct ifaddr *ifa; 4869 struct sockaddr_in *si; 4870 struct in_ifaddr *ia; 4871 4872 /* 4873 * Pick the first AF_INET address from the list, 4874 * aliases don't make any sense on a p2p link anyway. 4875 */ 4876 si = 0; 4877#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4878 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4879#elif defined(__NetBSD__) || defined (__OpenBSD__) 4880 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4881 ifa; 4882 ifa = TAILQ_NEXT(ifa, ifa_list)) 4883#else 4884 for (ifa = ifp->if_addrlist; 4885 ifa; 4886 ifa = ifa->ifa_next) 4887#endif 4888 { 4889 if (ifa->ifa_addr->sa_family == AF_INET) 4890 { 4891 si = (struct sockaddr_in *)ifa->ifa_addr; 4892 if (si) 4893 break; 4894 } 4895 } 4896 4897 if (ifa && si) 4898 { 4899 int error; 4900#if __NetBSD_Version__ >= 103080000 4901 struct sockaddr_in new_sin = *si; 4902 4903 new_sin.sin_addr.s_addr = htonl(src); 4904 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4905 if(debug && error) 4906 { 4907 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4908 " failed, error=%d\n", SPP_ARGS(ifp), error); 4909 } 4910#else 4911 /* delete old route */ 4912 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4913 if(debug && error) 4914 { 4915 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4916 SPP_ARGS(ifp), error); 4917 } 4918 4919 /* set new address */ 4920 si->sin_addr.s_addr = htonl(src); 4921 ia = ifatoia(ifa); 4922 LIST_REMOVE(ia, ia_hash); 4923 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4924 4925 /* add new route */ 4926 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4927 if (debug && error) 4928 { 4929 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4930 SPP_ARGS(ifp), error); 4931 } 4932#endif 4933 } 4934} 4935 4936#ifdef INET6 4937/* 4938 * Get both IPv6 addresses. 4939 */ 4940static void 4941sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4942 struct in6_addr *srcmask) 4943{ 4944 struct ifnet *ifp = &sp->pp_if; 4945 struct ifaddr *ifa; 4946 struct sockaddr_in6 *si, *sm; 4947 struct in6_addr ssrc, ddst; 4948 4949 sm = NULL; 4950 bzero(&ssrc, sizeof(ssrc)); 4951 bzero(&ddst, sizeof(ddst)); 4952 /* 4953 * Pick the first link-local AF_INET6 address from the list, 4954 * aliases don't make any sense on a p2p link anyway. 4955 */ 4956#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4957 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 4958 ifa; 4959 ifa = ifa->ifa_link.tqe_next) 4960#elif defined(__NetBSD__) || defined (__OpenBSD__) 4961 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 4962 ifa; 4963 ifa = ifa->ifa_list.tqe_next) 4964#else 4965 for (ifa = ifp->if_addrlist, si = 0; 4966 ifa; 4967 ifa = ifa->ifa_next) 4968#endif 4969 if (ifa->ifa_addr->sa_family == AF_INET6) { 4970 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4971 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4972 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4973 break; 4974 } 4975 if (ifa) { 4976 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4977 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4978 if (srcmask) { 4979 bcopy(&sm->sin6_addr, srcmask, 4980 sizeof(*srcmask)); 4981 } 4982 } 4983 4984 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4985 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4986 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4987 } 4988 4989 if (dst) 4990 bcopy(&ddst, dst, sizeof(*dst)); 4991 if (src) 4992 bcopy(&ssrc, src, sizeof(*src)); 4993} 4994 4995#ifdef IPV6CP_MYIFID_DYN 4996/* 4997 * Generate random ifid. 4998 */ 4999static void 5000sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 5001{ 5002 /* TBD */ 5003} 5004 5005/* 5006 * Set my IPv6 address. Must be called at splimp. 5007 */ 5008static void 5009sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 5010{ 5011 STDDCL; 5012 struct ifaddr *ifa; 5013 struct sockaddr_in6 *sin6; 5014 5015 /* 5016 * Pick the first link-local AF_INET6 address from the list, 5017 * aliases don't make any sense on a p2p link anyway. 5018 */ 5019 5020 sin6 = NULL; 5021#if defined(__FreeBSD__) && __FreeBSD__ >= 3 5022 for (ifa = ifp->if_addrhead.tqh_first; 5023 ifa; 5024 ifa = ifa->ifa_link.tqe_next) 5025#elif defined(__NetBSD__) || defined (__OpenBSD__) 5026 for (ifa = ifp->if_addrlist.tqh_first; 5027 ifa; 5028 ifa = ifa->ifa_list.tqe_next) 5029#else 5030 for (ifa = ifp->if_addrlist; ifa; ifa = ifa->ifa_next) 5031#endif 5032 { 5033 if (ifa->ifa_addr->sa_family == AF_INET6) 5034 { 5035 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 5036 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 5037 break; 5038 } 5039 } 5040 5041 if (ifa && sin6) 5042 { 5043 int error; 5044 struct sockaddr_in6 new_sin6 = *sin6; 5045 5046 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 5047 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 5048 if (debug && error) 5049 { 5050 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 5051 " failed, error=%d\n", SPP_ARGS(ifp), error); 5052 } 5053 } 5054} 5055#endif 5056 5057/* 5058 * Suggest a candidate address to be used by peer. 5059 */ 5060static void 5061sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5062{ 5063 struct in6_addr myaddr; 5064 struct timeval tv; 5065 5066 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5067 5068 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5069 microtime(&tv); 5070 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5071 myaddr.s6_addr[14] ^= 0xff; 5072 myaddr.s6_addr[15] ^= 0xff; 5073 } else { 5074 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5075 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5076 } 5077 if (suggest) 5078 bcopy(&myaddr, suggest, sizeof(myaddr)); 5079} 5080#endif /*INET6*/ 5081 5082static int 5083sppp_params(struct sppp *sp, u_long cmd, void *data) 5084{ 5085 u_long subcmd; 5086 struct ifreq *ifr = (struct ifreq *)data; 5087 struct spppreq *spr; 5088 int rv = 0; 5089 5090 if ((spr = malloc(sizeof(struct spppreq), M_TEMP, M_NOWAIT)) == 0) 5091 return (EAGAIN); 5092 /* 5093 * ifr->ifr_data is supposed to point to a struct spppreq. 5094 * Check the cmd word first before attempting to fetch all the 5095 * data. 5096 */ 5097 if ((subcmd = fuword(ifr->ifr_data)) == -1) { 5098 rv = EFAULT; 5099 goto quit; 5100 } 5101 5102 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(struct spppreq)) != 0) { 5103 rv = EFAULT; 5104 goto quit; 5105 } 5106 5107 switch (subcmd) { 5108 case (int)SPPPIOGDEFS: 5109 if (cmd != SIOCGIFGENERIC) { 5110 rv = EINVAL; 5111 break; 5112 } 5113 /* 5114 * We copy over the entire current state, but clean 5115 * out some of the stuff we don't wanna pass up. 5116 * Remember, SIOCGIFGENERIC is unprotected, and can be 5117 * called by any user. No need to ever get PAP or 5118 * CHAP secrets back to userland anyway. 5119 */ 5120 spr->defs.pp_phase = sp->pp_phase; 5121 spr->defs.enable_vj = (sp->confflags & CONF_ENABLE_VJ) != 0; 5122 spr->defs.enable_ipv6 = (sp->confflags & CONF_ENABLE_IPV6) != 0; 5123 spr->defs.lcp = sp->lcp; 5124 spr->defs.ipcp = sp->ipcp; 5125 spr->defs.ipv6cp = sp->ipv6cp; 5126 spr->defs.myauth = sp->myauth; 5127 spr->defs.hisauth = sp->hisauth; 5128 bzero(spr->defs.myauth.secret, AUTHKEYLEN); 5129 bzero(spr->defs.myauth.challenge, AUTHKEYLEN); 5130 bzero(spr->defs.hisauth.secret, AUTHKEYLEN); 5131 bzero(spr->defs.hisauth.challenge, AUTHKEYLEN); 5132 /* 5133 * Fixup the LCP timeout value to milliseconds so 5134 * spppcontrol doesn't need to bother about the value 5135 * of "hz". We do the reverse calculation below when 5136 * setting it. 5137 */ 5138 spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz; 5139 rv = copyout(spr, (caddr_t)ifr->ifr_data, 5140 sizeof(struct spppreq)); 5141 break; 5142 5143 case (int)SPPPIOSDEFS: 5144 if (cmd != SIOCSIFGENERIC) { 5145 rv = EINVAL; 5146 break; 5147 } 5148 /* 5149 * We have a very specific idea of which fields we 5150 * allow being passed back from userland, so to not 5151 * clobber our current state. For one, we only allow 5152 * setting anything if LCP is in dead or establish 5153 * phase. Once the authentication negotiations 5154 * started, the authentication settings must not be 5155 * changed again. (The administrator can force an 5156 * ifconfig down in order to get LCP back into dead 5157 * phase.) 5158 * 5159 * Also, we only allow for authentication parameters to be 5160 * specified. 5161 * 5162 * XXX Should allow to set or clear pp_flags. 5163 * 5164 * Finally, if the respective authentication protocol to 5165 * be used is set differently than 0, but the secret is 5166 * passed as all zeros, we don't trash the existing secret. 5167 * This allows an administrator to change the system name 5168 * only without clobbering the secret (which he didn't get 5169 * back in a previous SPPPIOGDEFS call). However, the 5170 * secrets are cleared if the authentication protocol is 5171 * reset to 0. */ 5172 if (sp->pp_phase != PHASE_DEAD && 5173 sp->pp_phase != PHASE_ESTABLISH) { 5174 rv = EBUSY; 5175 break; 5176 } 5177 5178 if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP && 5179 spr->defs.myauth.proto != PPP_CHAP) || 5180 (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP && 5181 spr->defs.hisauth.proto != PPP_CHAP)) { 5182 rv = EINVAL; 5183 break; 5184 } 5185 5186 if (spr->defs.myauth.proto == 0) 5187 /* resetting myauth */ 5188 bzero(&sp->myauth, sizeof sp->myauth); 5189 else { 5190 /* setting/changing myauth */ 5191 sp->myauth.proto = spr->defs.myauth.proto; 5192 bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 5193 if (spr->defs.myauth.secret[0] != '\0') 5194 bcopy(spr->defs.myauth.secret, sp->myauth.secret, 5195 AUTHKEYLEN); 5196 } 5197 if (spr->defs.hisauth.proto == 0) 5198 /* resetting hisauth */ 5199 bzero(&sp->hisauth, sizeof sp->hisauth); 5200 else { 5201 /* setting/changing hisauth */ 5202 sp->hisauth.proto = spr->defs.hisauth.proto; 5203 sp->hisauth.flags = spr->defs.hisauth.flags; 5204 bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5205 if (spr->defs.hisauth.secret[0] != '\0') 5206 bcopy(spr->defs.hisauth.secret, sp->hisauth.secret, 5207 AUTHKEYLEN); 5208 } 5209 /* set LCP restart timer timeout */ 5210 if (spr->defs.lcp.timeout != 0) 5211 sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000; 5212 /* set VJ enable and IPv6 disable flags */ 5213#ifdef INET 5214 if (spr->defs.enable_vj) 5215 sp->confflags |= CONF_ENABLE_VJ; 5216 else 5217 sp->confflags &= ~CONF_ENABLE_VJ; 5218#endif 5219#ifdef INET6 5220 if (spr->defs.enable_ipv6) 5221 sp->confflags |= CONF_ENABLE_IPV6; 5222 else 5223 sp->confflags &= ~CONF_ENABLE_IPV6; 5224#endif 5225 break; 5226 5227 default: 5228 rv = EINVAL; 5229 } 5230 5231 quit: 5232 free(spr, M_TEMP); 5233 5234 return (rv); 5235} 5236 5237static void 5238sppp_phase_network(struct sppp *sp) 5239{ 5240 STDDCL; 5241 int i; 5242 u_long mask; 5243 5244 sp->pp_phase = PHASE_NETWORK; 5245 5246 if (debug) 5247 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5248 sppp_phase_name(sp->pp_phase)); 5249 5250 /* Notify NCPs now. */ 5251 for (i = 0; i < IDX_COUNT; i++) 5252 if ((cps[i])->flags & CP_NCP) 5253 (cps[i])->Open(sp); 5254 5255 /* Send Up events to all NCPs. */ 5256 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5257 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5258 (cps[i])->Up(sp); 5259 5260 /* if no NCP is starting, all this was in vain, close down */ 5261 sppp_lcp_check_and_close(sp); 5262} 5263 5264 5265static const char * 5266sppp_cp_type_name(u_char type) 5267{ 5268 static char buf[12]; 5269 switch (type) { 5270 case CONF_REQ: return "conf-req"; 5271 case CONF_ACK: return "conf-ack"; 5272 case CONF_NAK: return "conf-nak"; 5273 case CONF_REJ: return "conf-rej"; 5274 case TERM_REQ: return "term-req"; 5275 case TERM_ACK: return "term-ack"; 5276 case CODE_REJ: return "code-rej"; 5277 case PROTO_REJ: return "proto-rej"; 5278 case ECHO_REQ: return "echo-req"; 5279 case ECHO_REPLY: return "echo-reply"; 5280 case DISC_REQ: return "discard-req"; 5281 } 5282 snprintf (buf, sizeof(buf), "cp/0x%x", type); 5283 return buf; 5284} 5285 5286static const char * 5287sppp_auth_type_name(u_short proto, u_char type) 5288{ 5289 static char buf[12]; 5290 switch (proto) { 5291 case PPP_CHAP: 5292 switch (type) { 5293 case CHAP_CHALLENGE: return "challenge"; 5294 case CHAP_RESPONSE: return "response"; 5295 case CHAP_SUCCESS: return "success"; 5296 case CHAP_FAILURE: return "failure"; 5297 } 5298 case PPP_PAP: 5299 switch (type) { 5300 case PAP_REQ: return "req"; 5301 case PAP_ACK: return "ack"; 5302 case PAP_NAK: return "nak"; 5303 } 5304 } 5305 snprintf (buf, sizeof(buf), "auth/0x%x", type); 5306 return buf; 5307} 5308 5309static const char * 5310sppp_lcp_opt_name(u_char opt) 5311{ 5312 static char buf[12]; 5313 switch (opt) { 5314 case LCP_OPT_MRU: return "mru"; 5315 case LCP_OPT_ASYNC_MAP: return "async-map"; 5316 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5317 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5318 case LCP_OPT_MAGIC: return "magic"; 5319 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5320 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5321 } 5322 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 5323 return buf; 5324} 5325 5326static const char * 5327sppp_ipcp_opt_name(u_char opt) 5328{ 5329 static char buf[12]; 5330 switch (opt) { 5331 case IPCP_OPT_ADDRESSES: return "addresses"; 5332 case IPCP_OPT_COMPRESSION: return "compression"; 5333 case IPCP_OPT_ADDRESS: return "address"; 5334 } 5335 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 5336 return buf; 5337} 5338 5339#ifdef INET6 5340static const char * 5341sppp_ipv6cp_opt_name(u_char opt) 5342{ 5343 static char buf[12]; 5344 switch (opt) { 5345 case IPV6CP_OPT_IFID: return "ifid"; 5346 case IPV6CP_OPT_COMPRESSION: return "compression"; 5347 } 5348 sprintf (buf, "0x%x", opt); 5349 return buf; 5350} 5351#endif 5352 5353static const char * 5354sppp_state_name(int state) 5355{ 5356 switch (state) { 5357 case STATE_INITIAL: return "initial"; 5358 case STATE_STARTING: return "starting"; 5359 case STATE_CLOSED: return "closed"; 5360 case STATE_STOPPED: return "stopped"; 5361 case STATE_CLOSING: return "closing"; 5362 case STATE_STOPPING: return "stopping"; 5363 case STATE_REQ_SENT: return "req-sent"; 5364 case STATE_ACK_RCVD: return "ack-rcvd"; 5365 case STATE_ACK_SENT: return "ack-sent"; 5366 case STATE_OPENED: return "opened"; 5367 } 5368 return "illegal"; 5369} 5370 5371static const char * 5372sppp_phase_name(enum ppp_phase phase) 5373{ 5374 switch (phase) { 5375 case PHASE_DEAD: return "dead"; 5376 case PHASE_ESTABLISH: return "establish"; 5377 case PHASE_TERMINATE: return "terminate"; 5378 case PHASE_AUTHENTICATE: return "authenticate"; 5379 case PHASE_NETWORK: return "network"; 5380 } 5381 return "illegal"; 5382} 5383 5384static const char * 5385sppp_proto_name(u_short proto) 5386{ 5387 static char buf[12]; 5388 switch (proto) { 5389 case PPP_LCP: return "lcp"; 5390 case PPP_IPCP: return "ipcp"; 5391 case PPP_PAP: return "pap"; 5392 case PPP_CHAP: return "chap"; 5393 case PPP_IPV6CP: return "ipv6cp"; 5394 } 5395 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5396 return buf; 5397} 5398 5399static void 5400sppp_print_bytes(const u_char *p, u_short len) 5401{ 5402 if (len) 5403 log(-1, " %*D", len, p, "-"); 5404} 5405 5406static void 5407sppp_print_string(const char *p, u_short len) 5408{ 5409 u_char c; 5410 5411 while (len-- > 0) { 5412 c = *p++; 5413 /* 5414 * Print only ASCII chars directly. RFC 1994 recommends 5415 * using only them, but we don't rely on it. */ 5416 if (c < ' ' || c > '~') 5417 log(-1, "\\x%x", c); 5418 else 5419 log(-1, "%c", c); 5420 } 5421} 5422 5423static const char * 5424sppp_dotted_quad(u_long addr) 5425{ 5426 static char s[16]; 5427 sprintf(s, "%d.%d.%d.%d", 5428 (int)((addr >> 24) & 0xff), 5429 (int)((addr >> 16) & 0xff), 5430 (int)((addr >> 8) & 0xff), 5431 (int)(addr & 0xff)); 5432 return s; 5433} 5434 5435static int 5436sppp_strnlen(u_char *p, int max) 5437{ 5438 int len; 5439 5440 for (len = 0; len < max && *p; ++p) 5441 ++len; 5442 return len; 5443} 5444 5445/* a dummy, used to drop uninteresting events */ 5446static void 5447sppp_null(struct sppp *unused) 5448{ 5449 /* do just nothing */ 5450} 5451