if_spppsubr.c revision 139823
1/* 2 * Synchronous PPP/Cisco/Frame Relay link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 */ 5/*- 6 * Copyright (C) 1994-2000 Cronyx Engineering. 7 * Author: Serge Vakulenko, <vak@cronyx.ru> 8 * 9 * Heavily revamped to conform to RFC 1661. 10 * Copyright (C) 1997, 2001 Joerg Wunsch. 11 * 12 * This software is distributed with NO WARRANTIES, not even the implied 13 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 14 * 15 * Authors grant any other persons or organisations permission to use 16 * or modify this software as long as this message is kept with the software, 17 * all derivative works or modified versions. 18 * 19 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 20 * 21 * $FreeBSD: head/sys/net/if_spppsubr.c 139823 2005-01-07 01:45:51Z imp $ 22 */ 23 24#include <sys/param.h> 25 26#if defined(__FreeBSD__) && __FreeBSD__ >= 3 27#include "opt_inet.h" 28#include "opt_inet6.h" 29#include "opt_ipx.h" 30#endif 31 32#ifdef NetBSD1_3 33# if NetBSD1_3 > 6 34# include "opt_inet.h" 35# include "opt_inet6.h" 36# include "opt_iso.h" 37# endif 38#endif 39 40#include <sys/systm.h> 41#include <sys/kernel.h> 42#include <sys/module.h> 43#include <sys/sockio.h> 44#include <sys/socket.h> 45#include <sys/syslog.h> 46#if defined(__FreeBSD__) && __FreeBSD__ >= 3 47#include <sys/random.h> 48#endif 49#include <sys/malloc.h> 50#include <sys/mbuf.h> 51 52#if defined (__OpenBSD__) 53#include <sys/md5k.h> 54#else 55#include <sys/md5.h> 56#endif 57 58#include <net/if.h> 59#include <net/netisr.h> 60#include <net/if_types.h> 61#include <net/route.h> 62#include <netinet/in.h> 63#include <netinet/in_systm.h> 64#include <netinet/ip.h> 65#include <net/slcompress.h> 66 67#if defined (__NetBSD__) || defined (__OpenBSD__) 68#include <machine/cpu.h> /* XXX for softnet */ 69#endif 70 71#include <machine/stdarg.h> 72 73#include <netinet/in_var.h> 74 75#ifdef INET 76#include <netinet/ip.h> 77#include <netinet/tcp.h> 78#endif 79 80#if defined (__FreeBSD__) || defined (__OpenBSD__) 81# include <netinet/if_ether.h> 82#else 83# include <net/ethertypes.h> 84#endif 85 86#ifdef IPX 87#include <netipx/ipx.h> 88#include <netipx/ipx_if.h> 89#endif 90 91#include <net/if_sppp.h> 92 93#if defined(__FreeBSD__) && __FreeBSD__ >= 3 94# define IOCTL_CMD_T u_long 95#else 96# define IOCTL_CMD_T int 97#endif 98 99#define MAXALIVECNT 3 /* max. alive packets */ 100 101/* 102 * Interface flags that can be set in an ifconfig command. 103 * 104 * Setting link0 will make the link passive, i.e. it will be marked 105 * as being administrative openable, but won't be opened to begin 106 * with. Incoming calls will be answered, or subsequent calls with 107 * -link1 will cause the administrative open of the LCP layer. 108 * 109 * Setting link1 will cause the link to auto-dial only as packets 110 * arrive to be sent. 111 * 112 * Setting IFF_DEBUG will syslog the option negotiation and state 113 * transitions at level kern.debug. Note: all logs consistently look 114 * like 115 * 116 * <if-name><unit>: <proto-name> <additional info...> 117 * 118 * with <if-name><unit> being something like "bppp0", and <proto-name> 119 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 120 */ 121 122#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 123#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 124#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 125 126#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 127#define PPP_UI 0x03 /* Unnumbered Information */ 128#define PPP_IP 0x0021 /* Internet Protocol */ 129#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 130#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 131#define PPP_IPX 0x002b /* Novell IPX Protocol */ 132#define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */ 133#define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */ 134#define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 135#define PPP_LCP 0xc021 /* Link Control Protocol */ 136#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 137#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 138#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 139#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 140 141#define CONF_REQ 1 /* PPP configure request */ 142#define CONF_ACK 2 /* PPP configure acknowledge */ 143#define CONF_NAK 3 /* PPP configure negative ack */ 144#define CONF_REJ 4 /* PPP configure reject */ 145#define TERM_REQ 5 /* PPP terminate request */ 146#define TERM_ACK 6 /* PPP terminate acknowledge */ 147#define CODE_REJ 7 /* PPP code reject */ 148#define PROTO_REJ 8 /* PPP protocol reject */ 149#define ECHO_REQ 9 /* PPP echo request */ 150#define ECHO_REPLY 10 /* PPP echo reply */ 151#define DISC_REQ 11 /* PPP discard request */ 152 153#define LCP_OPT_MRU 1 /* maximum receive unit */ 154#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 155#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 156#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 157#define LCP_OPT_MAGIC 5 /* magic number */ 158#define LCP_OPT_RESERVED 6 /* reserved */ 159#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 160#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 161 162#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 163#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 164#define IPCP_OPT_ADDRESS 3 /* local IP address */ 165 166#define IPV6CP_OPT_IFID 1 /* interface identifier */ 167#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 168 169#define IPCP_COMP_VJ 0x2d /* Code for VJ compression */ 170 171#define PAP_REQ 1 /* PAP name/password request */ 172#define PAP_ACK 2 /* PAP acknowledge */ 173#define PAP_NAK 3 /* PAP fail */ 174 175#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 176#define CHAP_RESPONSE 2 /* CHAP challenge response */ 177#define CHAP_SUCCESS 3 /* CHAP response ok */ 178#define CHAP_FAILURE 4 /* CHAP response failed */ 179 180#define CHAP_MD5 5 /* hash algorithm - MD5 */ 181 182#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 183#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 184#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 185#define CISCO_ADDR_REQ 0 /* Cisco address request */ 186#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 187#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 188 189/* states are named and numbered according to RFC 1661 */ 190#define STATE_INITIAL 0 191#define STATE_STARTING 1 192#define STATE_CLOSED 2 193#define STATE_STOPPED 3 194#define STATE_CLOSING 4 195#define STATE_STOPPING 5 196#define STATE_REQ_SENT 6 197#define STATE_ACK_RCVD 7 198#define STATE_ACK_SENT 8 199#define STATE_OPENED 9 200 201struct ppp_header { 202 u_char address; 203 u_char control; 204 u_short protocol; 205} __packed; 206#define PPP_HEADER_LEN sizeof (struct ppp_header) 207 208struct lcp_header { 209 u_char type; 210 u_char ident; 211 u_short len; 212} __packed; 213#define LCP_HEADER_LEN sizeof (struct lcp_header) 214 215struct cisco_packet { 216 u_long type; 217 u_long par1; 218 u_long par2; 219 u_short rel; 220 u_short time0; 221 u_short time1; 222} __packed; 223#define CISCO_PACKET_LEN sizeof (struct cisco_packet) 224 225/* 226 * We follow the spelling and capitalization of RFC 1661 here, to make 227 * it easier comparing with the standard. Please refer to this RFC in 228 * case you can't make sense out of these abbreviation; it will also 229 * explain the semantics related to the various events and actions. 230 */ 231struct cp { 232 u_short proto; /* PPP control protocol number */ 233 u_char protoidx; /* index into state table in struct sppp */ 234 u_char flags; 235#define CP_LCP 0x01 /* this is the LCP */ 236#define CP_AUTH 0x02 /* this is an authentication protocol */ 237#define CP_NCP 0x04 /* this is a NCP */ 238#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 239 const char *name; /* name of this control protocol */ 240 /* event handlers */ 241 void (*Up)(struct sppp *sp); 242 void (*Down)(struct sppp *sp); 243 void (*Open)(struct sppp *sp); 244 void (*Close)(struct sppp *sp); 245 void (*TO)(void *sp); 246 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 247 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 248 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 249 /* actions */ 250 void (*tlu)(struct sppp *sp); 251 void (*tld)(struct sppp *sp); 252 void (*tls)(struct sppp *sp); 253 void (*tlf)(struct sppp *sp); 254 void (*scr)(struct sppp *sp); 255}; 256 257#if defined(__FreeBSD__) && __FreeBSD__ >= 3 && __FreeBSD_version < 501113 258#define SPP_FMT "%s%d: " 259#define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 260#else 261#define SPP_FMT "%s: " 262#define SPP_ARGS(ifp) (ifp)->if_xname 263#endif 264 265#define SPPP_LOCK(sp) \ 266 do { \ 267 if (!((sp)->pp_if.if_flags & IFF_NEEDSGIANT)) \ 268 mtx_lock (&(sp)->mtx); \ 269 } while (0) 270#define SPPP_UNLOCK(sp) \ 271 do { \ 272 if (!((sp)->pp_if.if_flags & IFF_NEEDSGIANT)) \ 273 mtx_unlock (&(sp)->mtx); \ 274 } while (0) 275 276#define SPPP_LOCK_ASSERT(sp) \ 277 do { \ 278 if (!((sp)->pp_if.if_flags & IFF_NEEDSGIANT)) \ 279 mtx_assert (&(sp)->mtx, MA_OWNED); \ 280 } while (0) 281#define SPPP_LOCK_OWNED(sp) \ 282 (!((sp)->pp_if.if_flags & IFF_NEEDSGIANT) && \ 283 mtx_owned (&sp->mtx)) 284 285#ifdef INET 286/* 287 * The following disgusting hack gets around the problem that IP TOS 288 * can't be set yet. We want to put "interactive" traffic on a high 289 * priority queue. To decide if traffic is interactive, we check that 290 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 291 * 292 * XXX is this really still necessary? - joerg - 293 */ 294static const u_short interactive_ports[8] = { 295 0, 513, 0, 0, 296 0, 21, 0, 23, 297}; 298#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 299#endif 300 301/* almost every function needs these */ 302#define STDDCL \ 303 struct ifnet *ifp = &sp->pp_if; \ 304 int debug = ifp->if_flags & IFF_DEBUG 305 306static int sppp_output(struct ifnet *ifp, struct mbuf *m, 307 struct sockaddr *dst, struct rtentry *rt); 308 309static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 310static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 311 312static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 313 struct mbuf *m); 314static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 315 u_char ident, u_short len, void *data); 316/* static void sppp_cp_timeout(void *arg); */ 317static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 318 int newstate); 319static void sppp_auth_send(const struct cp *cp, 320 struct sppp *sp, unsigned int type, unsigned int id, 321 ...); 322 323static void sppp_up_event(const struct cp *cp, struct sppp *sp); 324static void sppp_down_event(const struct cp *cp, struct sppp *sp); 325static void sppp_open_event(const struct cp *cp, struct sppp *sp); 326static void sppp_close_event(const struct cp *cp, struct sppp *sp); 327static void sppp_to_event(const struct cp *cp, struct sppp *sp); 328 329static void sppp_null(struct sppp *sp); 330 331static void sppp_pp_up(struct sppp *sp); 332static void sppp_pp_down(struct sppp *sp); 333 334static void sppp_lcp_init(struct sppp *sp); 335static void sppp_lcp_up(struct sppp *sp); 336static void sppp_lcp_down(struct sppp *sp); 337static void sppp_lcp_open(struct sppp *sp); 338static void sppp_lcp_close(struct sppp *sp); 339static void sppp_lcp_TO(void *sp); 340static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 341static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 342static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 343static void sppp_lcp_tlu(struct sppp *sp); 344static void sppp_lcp_tld(struct sppp *sp); 345static void sppp_lcp_tls(struct sppp *sp); 346static void sppp_lcp_tlf(struct sppp *sp); 347static void sppp_lcp_scr(struct sppp *sp); 348static void sppp_lcp_check_and_close(struct sppp *sp); 349static int sppp_ncp_check(struct sppp *sp); 350 351static void sppp_ipcp_init(struct sppp *sp); 352static void sppp_ipcp_up(struct sppp *sp); 353static void sppp_ipcp_down(struct sppp *sp); 354static void sppp_ipcp_open(struct sppp *sp); 355static void sppp_ipcp_close(struct sppp *sp); 356static void sppp_ipcp_TO(void *sp); 357static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 358static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 359static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 360static void sppp_ipcp_tlu(struct sppp *sp); 361static void sppp_ipcp_tld(struct sppp *sp); 362static void sppp_ipcp_tls(struct sppp *sp); 363static void sppp_ipcp_tlf(struct sppp *sp); 364static void sppp_ipcp_scr(struct sppp *sp); 365 366static void sppp_ipv6cp_init(struct sppp *sp); 367static void sppp_ipv6cp_up(struct sppp *sp); 368static void sppp_ipv6cp_down(struct sppp *sp); 369static void sppp_ipv6cp_open(struct sppp *sp); 370static void sppp_ipv6cp_close(struct sppp *sp); 371static void sppp_ipv6cp_TO(void *sp); 372static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 373static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 374static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 375static void sppp_ipv6cp_tlu(struct sppp *sp); 376static void sppp_ipv6cp_tld(struct sppp *sp); 377static void sppp_ipv6cp_tls(struct sppp *sp); 378static void sppp_ipv6cp_tlf(struct sppp *sp); 379static void sppp_ipv6cp_scr(struct sppp *sp); 380 381static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 382static void sppp_pap_init(struct sppp *sp); 383static void sppp_pap_open(struct sppp *sp); 384static void sppp_pap_close(struct sppp *sp); 385static void sppp_pap_TO(void *sp); 386static void sppp_pap_my_TO(void *sp); 387static void sppp_pap_tlu(struct sppp *sp); 388static void sppp_pap_tld(struct sppp *sp); 389static void sppp_pap_scr(struct sppp *sp); 390 391static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 392static void sppp_chap_init(struct sppp *sp); 393static void sppp_chap_open(struct sppp *sp); 394static void sppp_chap_close(struct sppp *sp); 395static void sppp_chap_TO(void *sp); 396static void sppp_chap_tlu(struct sppp *sp); 397static void sppp_chap_tld(struct sppp *sp); 398static void sppp_chap_scr(struct sppp *sp); 399 400static const char *sppp_auth_type_name(u_short proto, u_char type); 401static const char *sppp_cp_type_name(u_char type); 402static const char *sppp_dotted_quad(u_long addr); 403static const char *sppp_ipcp_opt_name(u_char opt); 404#ifdef INET6 405static const char *sppp_ipv6cp_opt_name(u_char opt); 406#endif 407static const char *sppp_lcp_opt_name(u_char opt); 408static const char *sppp_phase_name(enum ppp_phase phase); 409static const char *sppp_proto_name(u_short proto); 410static const char *sppp_state_name(int state); 411static int sppp_params(struct sppp *sp, u_long cmd, void *data); 412static int sppp_strnlen(u_char *p, int max); 413static void sppp_keepalive(void *dummy); 414static void sppp_phase_network(struct sppp *sp); 415static void sppp_print_bytes(const u_char *p, u_short len); 416static void sppp_print_string(const char *p, u_short len); 417static void sppp_qflush(struct ifqueue *ifq); 418static void sppp_set_ip_addr(struct sppp *sp, u_long src); 419#ifdef INET6 420static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 421 struct in6_addr *dst, struct in6_addr *srcmask); 422#ifdef IPV6CP_MYIFID_DYN 423static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 424static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 425#endif 426static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 427#endif 428 429/* if_start () wrapper */ 430static void sppp_ifstart (struct ifnet *ifp); 431 432/* our control protocol descriptors */ 433static const struct cp lcp = { 434 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 435 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 436 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 437 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 438 sppp_lcp_scr 439}; 440 441static const struct cp ipcp = { 442 PPP_IPCP, IDX_IPCP, 443#ifdef INET /* don't run IPCP if there's no IPv4 support */ 444 CP_NCP, 445#else 446 0, 447#endif 448 "ipcp", 449 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 450 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 451 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 452 sppp_ipcp_scr 453}; 454 455static const struct cp ipv6cp = { 456 PPP_IPV6CP, IDX_IPV6CP, 457#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 458 CP_NCP, 459#else 460 0, 461#endif 462 "ipv6cp", 463 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 464 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 465 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 466 sppp_ipv6cp_scr 467}; 468 469static const struct cp pap = { 470 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 471 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 472 sppp_pap_TO, 0, 0, 0, 473 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 474 sppp_pap_scr 475}; 476 477static const struct cp chap = { 478 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 479 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 480 sppp_chap_TO, 0, 0, 0, 481 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 482 sppp_chap_scr 483}; 484 485static const struct cp *cps[IDX_COUNT] = { 486 &lcp, /* IDX_LCP */ 487 &ipcp, /* IDX_IPCP */ 488 &ipv6cp, /* IDX_IPV6CP */ 489 &pap, /* IDX_PAP */ 490 &chap, /* IDX_CHAP */ 491}; 492 493static int 494sppp_modevent(module_t mod, int type, void *unused) 495{ 496 switch (type) { 497 case MOD_LOAD: 498 break; 499 case MOD_UNLOAD: 500 return EACCES; 501 default: 502 return EOPNOTSUPP; 503 } 504 return 0; 505} 506static moduledata_t spppmod = { 507 "sppp", 508 sppp_modevent, 509 0 510}; 511MODULE_VERSION(sppp, 1); 512DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 513 514/* 515 * Exported functions, comprising our interface to the lower layer. 516 */ 517 518/* 519 * Process the received packet. 520 */ 521void 522sppp_input(struct ifnet *ifp, struct mbuf *m) 523{ 524 struct ppp_header *h; 525 int isr = -1; 526 struct sppp *sp = (struct sppp *)ifp; 527 u_char *iphdr; 528 int hlen, vjlen, do_account = 0; 529 int debug; 530 531 SPPP_LOCK(sp); 532 debug = ifp->if_flags & IFF_DEBUG; 533 534 if (ifp->if_flags & IFF_UP) 535 /* Count received bytes, add FCS and one flag */ 536 ifp->if_ibytes += m->m_pkthdr.len + 3; 537 538 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 539 /* Too small packet, drop it. */ 540 if (debug) 541 log(LOG_DEBUG, 542 SPP_FMT "input packet is too small, %d bytes\n", 543 SPP_ARGS(ifp), m->m_pkthdr.len); 544 drop: 545 m_freem (m); 546 SPPP_UNLOCK(sp); 547 drop2: 548 ++ifp->if_ierrors; 549 ++ifp->if_iqdrops; 550 return; 551 } 552 553 if (sp->pp_mode == PP_FR) { 554 sppp_fr_input (sp, m); 555 SPPP_UNLOCK(sp); 556 return; 557 } 558 559 /* Get PPP header. */ 560 h = mtod (m, struct ppp_header*); 561 m_adj (m, PPP_HEADER_LEN); 562 563 switch (h->address) { 564 case PPP_ALLSTATIONS: 565 if (h->control != PPP_UI) 566 goto invalid; 567 if (sp->pp_mode == IFF_CISCO) { 568 if (debug) 569 log(LOG_DEBUG, 570 SPP_FMT "PPP packet in Cisco mode " 571 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 572 SPP_ARGS(ifp), 573 h->address, h->control, ntohs(h->protocol)); 574 goto drop; 575 } 576 switch (ntohs (h->protocol)) { 577 default: 578 if (debug) 579 log(LOG_DEBUG, 580 SPP_FMT "rejecting protocol " 581 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 582 SPP_ARGS(ifp), 583 h->address, h->control, ntohs(h->protocol)); 584 if (sp->state[IDX_LCP] == STATE_OPENED) 585 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 586 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 587 &h->protocol); 588 ++ifp->if_noproto; 589 goto drop; 590 case PPP_LCP: 591 sppp_cp_input(&lcp, sp, m); 592 m_freem (m); 593 SPPP_UNLOCK(sp); 594 return; 595 case PPP_PAP: 596 if (sp->pp_phase >= PHASE_AUTHENTICATE) 597 sppp_pap_input(sp, m); 598 m_freem (m); 599 SPPP_UNLOCK(sp); 600 return; 601 case PPP_CHAP: 602 if (sp->pp_phase >= PHASE_AUTHENTICATE) 603 sppp_chap_input(sp, m); 604 m_freem (m); 605 SPPP_UNLOCK(sp); 606 return; 607#ifdef INET 608 case PPP_IPCP: 609 if (sp->pp_phase == PHASE_NETWORK) 610 sppp_cp_input(&ipcp, sp, m); 611 m_freem (m); 612 SPPP_UNLOCK(sp); 613 return; 614 case PPP_IP: 615 if (sp->state[IDX_IPCP] == STATE_OPENED) { 616 isr = NETISR_IP; 617 } 618 do_account++; 619 break; 620 case PPP_VJ_COMP: 621 if (sp->state[IDX_IPCP] == STATE_OPENED) { 622 if ((vjlen = 623 sl_uncompress_tcp_core(mtod(m, u_char *), 624 m->m_len, m->m_len, 625 TYPE_COMPRESSED_TCP, 626 sp->pp_comp, 627 &iphdr, &hlen)) <= 0) { 628 if (debug) 629 log(LOG_INFO, 630 SPP_FMT "VJ uncompress failed on compressed packet\n", 631 SPP_ARGS(ifp)); 632 goto drop; 633 } 634 635 /* 636 * Trim the VJ header off the packet, and prepend 637 * the uncompressed IP header (which will usually 638 * end up in two chained mbufs since there's not 639 * enough leading space in the existing mbuf). 640 */ 641 m_adj(m, vjlen); 642 M_PREPEND(m, hlen, M_DONTWAIT); 643 if (m == NULL) { 644 SPPP_UNLOCK(sp); 645 goto drop2; 646 } 647 bcopy(iphdr, mtod(m, u_char *), hlen); 648 isr = NETISR_IP; 649 } 650 do_account++; 651 break; 652 case PPP_VJ_UCOMP: 653 if (sp->state[IDX_IPCP] == STATE_OPENED) { 654 if (sl_uncompress_tcp_core(mtod(m, u_char *), 655 m->m_len, m->m_len, 656 TYPE_UNCOMPRESSED_TCP, 657 sp->pp_comp, 658 &iphdr, &hlen) != 0) { 659 if (debug) 660 log(LOG_INFO, 661 SPP_FMT "VJ uncompress failed on uncompressed packet\n", 662 SPP_ARGS(ifp)); 663 goto drop; 664 } 665 isr = NETISR_IP; 666 } 667 do_account++; 668 break; 669#endif 670#ifdef INET6 671 case PPP_IPV6CP: 672 if (sp->pp_phase == PHASE_NETWORK) 673 sppp_cp_input(&ipv6cp, sp, m); 674 m_freem (m); 675 SPPP_UNLOCK(sp); 676 return; 677 678 case PPP_IPV6: 679 if (sp->state[IDX_IPV6CP] == STATE_OPENED) 680 isr = NETISR_IPV6; 681 do_account++; 682 break; 683#endif 684#ifdef IPX 685 case PPP_IPX: 686 /* IPX IPXCP not implemented yet */ 687 if (sp->pp_phase == PHASE_NETWORK) 688 isr = NETISR_IPX; 689 do_account++; 690 break; 691#endif 692 } 693 break; 694 case CISCO_MULTICAST: 695 case CISCO_UNICAST: 696 /* Don't check the control field here (RFC 1547). */ 697 if (sp->pp_mode != IFF_CISCO) { 698 if (debug) 699 log(LOG_DEBUG, 700 SPP_FMT "Cisco packet in PPP mode " 701 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 702 SPP_ARGS(ifp), 703 h->address, h->control, ntohs(h->protocol)); 704 goto drop; 705 } 706 switch (ntohs (h->protocol)) { 707 default: 708 ++ifp->if_noproto; 709 goto invalid; 710 case CISCO_KEEPALIVE: 711 sppp_cisco_input ((struct sppp*) ifp, m); 712 m_freem (m); 713 SPPP_UNLOCK(sp); 714 return; 715#ifdef INET 716 case ETHERTYPE_IP: 717 isr = NETISR_IP; 718 do_account++; 719 break; 720#endif 721#ifdef INET6 722 case ETHERTYPE_IPV6: 723 isr = NETISR_IPV6; 724 do_account++; 725 break; 726#endif 727#ifdef IPX 728 case ETHERTYPE_IPX: 729 isr = NETISR_IPX; 730 do_account++; 731 break; 732#endif 733 } 734 break; 735 default: /* Invalid PPP packet. */ 736 invalid: 737 if (debug) 738 log(LOG_DEBUG, 739 SPP_FMT "invalid input packet " 740 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 741 SPP_ARGS(ifp), 742 h->address, h->control, ntohs(h->protocol)); 743 goto drop; 744 } 745 746 if (! (ifp->if_flags & IFF_UP) || isr == -1) 747 goto drop; 748 749 SPPP_UNLOCK(sp); 750 /* Check queue. */ 751 if (netisr_queue(isr, m)) { /* (0) on success. */ 752 if (debug) 753 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 754 SPP_ARGS(ifp)); 755 goto drop2; 756 } 757 758 if (do_account) 759 /* 760 * Do only account for network packets, not for control 761 * packets. This is used by some subsystems to detect 762 * idle lines. 763 */ 764 sp->pp_last_recv = time_second; 765} 766 767static void 768sppp_ifstart_sched(void *dummy) 769{ 770 struct sppp *sp = dummy; 771 772 sp->if_start(&sp->pp_if); 773} 774 775/* if_start () wrapper function. We use it to schedule real if_start () for 776 * execution. We can't call it directly 777 */ 778static void 779sppp_ifstart(struct ifnet *ifp) 780{ 781 struct sppp *sp = (struct sppp*) ifp; 782 783 if (SPPP_LOCK_OWNED(sp)) { 784 if (callout_pending(&sp->ifstart_callout)) 785 return; 786 callout_reset(&sp->ifstart_callout, 1, sppp_ifstart_sched, 787 (void *)sp); 788 } else { 789 sp->if_start(ifp); 790 } 791} 792 793/* 794 * Enqueue transmit packet. 795 */ 796static int 797sppp_output(struct ifnet *ifp, struct mbuf *m, 798 struct sockaddr *dst, struct rtentry *rt) 799{ 800 struct sppp *sp = (struct sppp*) ifp; 801 struct ppp_header *h; 802 struct ifqueue *ifq = NULL; 803 int s, error, rv = 0; 804 int ipproto = PPP_IP; 805 int debug = ifp->if_flags & IFF_DEBUG; 806 807 s = splimp(); 808 SPPP_LOCK(sp); 809 810 if ((ifp->if_flags & IFF_UP) == 0 || 811 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 812#ifdef INET6 813 drop: 814#endif 815 m_freem (m); 816 SPPP_UNLOCK(sp); 817 splx (s); 818 return (ENETDOWN); 819 } 820 821 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 822#ifdef INET6 823 /* 824 * XXX 825 * 826 * Hack to prevent the initialization-time generated 827 * IPv6 multicast packet to erroneously cause a 828 * dialout event in case IPv6 has been 829 * administratively disabled on that interface. 830 */ 831 if (dst->sa_family == AF_INET6 && 832 !(sp->confflags & CONF_ENABLE_IPV6)) 833 goto drop; 834#endif 835 /* 836 * Interface is not yet running, but auto-dial. Need 837 * to start LCP for it. 838 */ 839 ifp->if_flags |= IFF_RUNNING; 840 splx(s); 841 lcp.Open(sp); 842 s = splimp(); 843 } 844 845#ifdef INET 846 if (dst->sa_family == AF_INET) { 847 /* XXX Check mbuf length here? */ 848 struct ip *ip = mtod (m, struct ip*); 849 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 850 851 /* 852 * When using dynamic local IP address assignment by using 853 * 0.0.0.0 as a local address, the first TCP session will 854 * not connect because the local TCP checksum is computed 855 * using 0.0.0.0 which will later become our real IP address 856 * so the TCP checksum computed at the remote end will 857 * become invalid. So we 858 * - don't let packets with src ip addr 0 thru 859 * - we flag TCP packets with src ip 0 as an error 860 */ 861 862 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 863 { 864 m_freem(m); 865 SPPP_UNLOCK(sp); 866 splx(s); 867 if(ip->ip_p == IPPROTO_TCP) 868 return(EADDRNOTAVAIL); 869 else 870 return(0); 871 } 872 873 /* 874 * Put low delay, telnet, rlogin and ftp control packets 875 * in front of the queue or let ALTQ take care. 876 */ 877 if (ALTQ_IS_ENABLED(&ifp->if_snd)) 878 ; 879 else if (_IF_QFULL(&sp->pp_fastq)) 880 ; 881 else if (ip->ip_tos & IPTOS_LOWDELAY) 882 ifq = &sp->pp_fastq; 883 else if (m->m_len < sizeof *ip + sizeof *tcp) 884 ; 885 else if (ip->ip_p != IPPROTO_TCP) 886 ; 887 else if (INTERACTIVE (ntohs (tcp->th_sport))) 888 ifq = &sp->pp_fastq; 889 else if (INTERACTIVE (ntohs (tcp->th_dport))) 890 ifq = &sp->pp_fastq; 891 892 /* 893 * Do IP Header compression 894 */ 895 if (sp->pp_mode != IFF_CISCO && sp->pp_mode != PP_FR && 896 (sp->ipcp.flags & IPCP_VJ) && ip->ip_p == IPPROTO_TCP) 897 switch (sl_compress_tcp(m, ip, sp->pp_comp, 898 sp->ipcp.compress_cid)) { 899 case TYPE_COMPRESSED_TCP: 900 ipproto = PPP_VJ_COMP; 901 break; 902 case TYPE_UNCOMPRESSED_TCP: 903 ipproto = PPP_VJ_UCOMP; 904 break; 905 case TYPE_IP: 906 ipproto = PPP_IP; 907 break; 908 default: 909 m_freem(m); 910 SPPP_UNLOCK(sp); 911 splx(s); 912 return (EINVAL); 913 } 914 } 915#endif 916 917#ifdef INET6 918 if (dst->sa_family == AF_INET6) { 919 /* XXX do something tricky here? */ 920 } 921#endif 922 923 if (sp->pp_mode == PP_FR) { 924 /* Add frame relay header. */ 925 m = sppp_fr_header (sp, m, dst->sa_family); 926 if (! m) 927 goto nobufs; 928 goto out; 929 } 930 931 /* 932 * Prepend general data packet PPP header. For now, IP only. 933 */ 934 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 935 if (! m) { 936nobufs: if (debug) 937 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 938 SPP_ARGS(ifp)); 939 ++ifp->if_oerrors; 940 SPPP_UNLOCK(sp); 941 splx (s); 942 return (ENOBUFS); 943 } 944 /* 945 * May want to check size of packet 946 * (albeit due to the implementation it's always enough) 947 */ 948 h = mtod (m, struct ppp_header*); 949 if (sp->pp_mode == IFF_CISCO) { 950 h->address = CISCO_UNICAST; /* unicast address */ 951 h->control = 0; 952 } else { 953 h->address = PPP_ALLSTATIONS; /* broadcast address */ 954 h->control = PPP_UI; /* Unnumbered Info */ 955 } 956 957 switch (dst->sa_family) { 958#ifdef INET 959 case AF_INET: /* Internet Protocol */ 960 if (sp->pp_mode == IFF_CISCO) 961 h->protocol = htons (ETHERTYPE_IP); 962 else { 963 /* 964 * Don't choke with an ENETDOWN early. It's 965 * possible that we just started dialing out, 966 * so don't drop the packet immediately. If 967 * we notice that we run out of buffer space 968 * below, we will however remember that we are 969 * not ready to carry IP packets, and return 970 * ENETDOWN, as opposed to ENOBUFS. 971 */ 972 h->protocol = htons(ipproto); 973 if (sp->state[IDX_IPCP] != STATE_OPENED) 974 rv = ENETDOWN; 975 } 976 break; 977#endif 978#ifdef INET6 979 case AF_INET6: /* Internet Protocol */ 980 if (sp->pp_mode == IFF_CISCO) 981 h->protocol = htons (ETHERTYPE_IPV6); 982 else { 983 /* 984 * Don't choke with an ENETDOWN early. It's 985 * possible that we just started dialing out, 986 * so don't drop the packet immediately. If 987 * we notice that we run out of buffer space 988 * below, we will however remember that we are 989 * not ready to carry IP packets, and return 990 * ENETDOWN, as opposed to ENOBUFS. 991 */ 992 h->protocol = htons(PPP_IPV6); 993 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 994 rv = ENETDOWN; 995 } 996 break; 997#endif 998#ifdef IPX 999 case AF_IPX: /* Novell IPX Protocol */ 1000 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 1001 ETHERTYPE_IPX : PPP_IPX); 1002 break; 1003#endif 1004 default: 1005 m_freem (m); 1006 ++ifp->if_oerrors; 1007 SPPP_UNLOCK(sp); 1008 splx (s); 1009 return (EAFNOSUPPORT); 1010 } 1011 1012 /* 1013 * Queue message on interface, and start output if interface 1014 * not yet active. 1015 */ 1016out: 1017 if (ifq != NULL) 1018 error = !(IF_HANDOFF_ADJ(ifq, m, ifp, 3)); 1019 else 1020 IFQ_HANDOFF_ADJ(ifp, m, 3, error); 1021 if (error) { 1022 ++ifp->if_oerrors; 1023 SPPP_UNLOCK(sp); 1024 splx (s); 1025 return (rv? rv: ENOBUFS); 1026 } 1027 SPPP_UNLOCK(sp); 1028 splx (s); 1029 /* 1030 * Unlike in sppp_input(), we can always bump the timestamp 1031 * here since sppp_output() is only called on behalf of 1032 * network-layer traffic; control-layer traffic is handled 1033 * by sppp_cp_send(). 1034 */ 1035 sp->pp_last_sent = time_second; 1036 return (0); 1037} 1038 1039void 1040sppp_attach(struct ifnet *ifp) 1041{ 1042 struct sppp *sp = (struct sppp*) ifp; 1043 1044 /* Initialize mtx lock */ 1045 mtx_init(&sp->mtx, "sppp", MTX_NETWORK_LOCK, MTX_DEF | MTX_RECURSE); 1046 1047 /* Initialize keepalive handler. */ 1048 callout_init(&sp->keepalive_callout, 1049 (ifp->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 1050 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 1051 (void *)sp); 1052 1053 sp->pp_if.if_mtu = PP_MTU; 1054 sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 1055 sp->pp_if.if_type = IFT_PPP; 1056 sp->pp_if.if_output = sppp_output; 1057#if 0 1058 sp->pp_flags = PP_KEEPALIVE; 1059#endif 1060 sp->pp_if.if_snd.ifq_maxlen = 32; 1061 sp->pp_fastq.ifq_maxlen = 32; 1062 sp->pp_cpq.ifq_maxlen = 20; 1063 sp->pp_loopcnt = 0; 1064 sp->pp_alivecnt = 0; 1065 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 1066 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 1067 sp->pp_phase = PHASE_DEAD; 1068 sp->pp_up = sppp_pp_up; 1069 sp->pp_down = sppp_pp_down; 1070 if(!mtx_initialized(&sp->pp_cpq.ifq_mtx)) 1071 mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", NULL, MTX_DEF); 1072 if(!mtx_initialized(&sp->pp_fastq.ifq_mtx)) 1073 mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", NULL, MTX_DEF); 1074 sp->pp_last_recv = sp->pp_last_sent = time_second; 1075 sp->confflags = 0; 1076#ifdef INET 1077 sp->confflags |= CONF_ENABLE_VJ; 1078#endif 1079#ifdef INET6 1080 sp->confflags |= CONF_ENABLE_IPV6; 1081#endif 1082 callout_init(&sp->ifstart_callout, 1083 (ifp->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 1084 sp->if_start = ifp->if_start; 1085 ifp->if_start = sppp_ifstart; 1086 sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAITOK); 1087 sl_compress_init(sp->pp_comp, -1); 1088 sppp_lcp_init(sp); 1089 sppp_ipcp_init(sp); 1090 sppp_ipv6cp_init(sp); 1091 sppp_pap_init(sp); 1092 sppp_chap_init(sp); 1093} 1094 1095void 1096sppp_detach(struct ifnet *ifp) 1097{ 1098 struct sppp *sp = (struct sppp*) ifp; 1099 int i; 1100 1101 KASSERT(mtx_initialized(&sp->mtx), ("sppp mutex is not initialized")); 1102 1103 /* Stop keepalive handler. */ 1104 if (!callout_drain(&sp->keepalive_callout)) 1105 callout_stop(&sp->keepalive_callout); 1106 1107 for (i = 0; i < IDX_COUNT; i++) { 1108 if (!callout_drain(&sp->ch[i])) 1109 callout_stop(&sp->ch[i]); 1110 } 1111 if (!callout_drain(&sp->pap_my_to_ch)) 1112 callout_stop(&sp->pap_my_to_ch); 1113 mtx_destroy(&sp->pp_cpq.ifq_mtx); 1114 mtx_destroy(&sp->pp_fastq.ifq_mtx); 1115 mtx_destroy(&sp->mtx); 1116} 1117 1118/* 1119 * Flush the interface output queue. 1120 */ 1121static void 1122sppp_flush_unlocked(struct ifnet *ifp) 1123{ 1124 struct sppp *sp = (struct sppp*) ifp; 1125 1126 sppp_qflush ((struct ifqueue *)&sp->pp_if.if_snd); 1127 sppp_qflush (&sp->pp_fastq); 1128 sppp_qflush (&sp->pp_cpq); 1129} 1130 1131void 1132sppp_flush(struct ifnet *ifp) 1133{ 1134 struct sppp *sp = (struct sppp*) ifp; 1135 1136 SPPP_LOCK(sp); 1137 sppp_flush_unlocked (ifp); 1138 SPPP_UNLOCK(sp); 1139} 1140 1141/* 1142 * Check if the output queue is empty. 1143 */ 1144int 1145sppp_isempty(struct ifnet *ifp) 1146{ 1147 struct sppp *sp = (struct sppp*) ifp; 1148 int empty, s; 1149 1150 s = splimp(); 1151 SPPP_LOCK(sp); 1152 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 1153 !sp->pp_if.if_snd.ifq_head; 1154 SPPP_UNLOCK(sp); 1155 splx(s); 1156 return (empty); 1157} 1158 1159/* 1160 * Get next packet to send. 1161 */ 1162struct mbuf * 1163sppp_dequeue(struct ifnet *ifp) 1164{ 1165 struct sppp *sp = (struct sppp*) ifp; 1166 struct mbuf *m; 1167 int s; 1168 1169 s = splimp(); 1170 SPPP_LOCK(sp); 1171 /* 1172 * Process only the control protocol queue until we have at 1173 * least one NCP open. 1174 * 1175 * Do always serve all three queues in Cisco mode. 1176 */ 1177 IF_DEQUEUE(&sp->pp_cpq, m); 1178 if (m == NULL && 1179 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO || 1180 sp->pp_mode == PP_FR)) { 1181 IF_DEQUEUE(&sp->pp_fastq, m); 1182 if (m == NULL) 1183 IF_DEQUEUE (&sp->pp_if.if_snd, m); 1184 } 1185 SPPP_UNLOCK(sp); 1186 splx(s); 1187 return m; 1188} 1189 1190/* 1191 * Pick the next packet, do not remove it from the queue. 1192 */ 1193struct mbuf * 1194sppp_pick(struct ifnet *ifp) 1195{ 1196 struct sppp *sp = (struct sppp*)ifp; 1197 struct mbuf *m; 1198 int s; 1199 1200 s = splimp (); 1201 SPPP_LOCK(sp); 1202 1203 m = sp->pp_cpq.ifq_head; 1204 if (m == NULL && 1205 (sp->pp_phase == PHASE_NETWORK || 1206 sp->pp_mode == IFF_CISCO || 1207 sp->pp_mode == PP_FR)) 1208 if ((m = sp->pp_fastq.ifq_head) == NULL) 1209 m = sp->pp_if.if_snd.ifq_head; 1210 SPPP_UNLOCK(sp); 1211 splx (s); 1212 return (m); 1213} 1214 1215/* 1216 * Process an ioctl request. Called on low priority level. 1217 */ 1218int 1219sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1220{ 1221 struct ifreq *ifr = (struct ifreq*) data; 1222 struct sppp *sp = (struct sppp*) ifp; 1223 int s, rv, going_up, going_down, newmode; 1224 1225 s = splimp(); 1226 SPPP_LOCK(sp); 1227 rv = 0; 1228 switch (cmd) { 1229 case SIOCAIFADDR: 1230 case SIOCSIFDSTADDR: 1231 break; 1232 1233 case SIOCSIFADDR: 1234 /* set the interface "up" when assigning an IP address */ 1235 ifp->if_flags |= IFF_UP; 1236 /* FALLTHROUGH */ 1237 1238 case SIOCSIFFLAGS: 1239 going_up = ifp->if_flags & IFF_UP && 1240 (ifp->if_flags & IFF_RUNNING) == 0; 1241 going_down = (ifp->if_flags & IFF_UP) == 0 && 1242 ifp->if_flags & IFF_RUNNING; 1243 1244 newmode = ifp->if_flags & IFF_PASSIVE; 1245 if (!newmode) 1246 newmode = ifp->if_flags & IFF_AUTO; 1247 if (!newmode) 1248 newmode = ifp->if_flags & IFF_CISCO; 1249 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1250 ifp->if_flags |= newmode; 1251 1252 if (!newmode) 1253 newmode = sp->pp_flags & PP_FR; 1254 1255 if (newmode != sp->pp_mode) { 1256 going_down = 1; 1257 if (!going_up) 1258 going_up = ifp->if_flags & IFF_RUNNING; 1259 } 1260 1261 if (going_down) { 1262 if (sp->pp_mode != IFF_CISCO && 1263 sp->pp_mode != PP_FR) 1264 lcp.Close(sp); 1265 else if (sp->pp_tlf) 1266 (sp->pp_tlf)(sp); 1267 sppp_flush_unlocked(ifp); 1268 ifp->if_flags &= ~IFF_RUNNING; 1269 sp->pp_mode = newmode; 1270 } 1271 1272 if (going_up) { 1273 if (sp->pp_mode != IFF_CISCO && 1274 sp->pp_mode != PP_FR) 1275 lcp.Close(sp); 1276 sp->pp_mode = newmode; 1277 if (sp->pp_mode == 0) { 1278 ifp->if_flags |= IFF_RUNNING; 1279 lcp.Open(sp); 1280 } 1281 if ((sp->pp_mode == IFF_CISCO) || 1282 (sp->pp_mode == PP_FR)) { 1283 if (sp->pp_tls) 1284 (sp->pp_tls)(sp); 1285 ifp->if_flags |= IFF_RUNNING; 1286 } 1287 } 1288 1289 break; 1290 1291#ifdef SIOCSIFMTU 1292#ifndef ifr_mtu 1293#define ifr_mtu ifr_metric 1294#endif 1295 case SIOCSIFMTU: 1296 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1297 return (EINVAL); 1298 ifp->if_mtu = ifr->ifr_mtu; 1299 break; 1300#endif 1301#ifdef SLIOCSETMTU 1302 case SLIOCSETMTU: 1303 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1304 return (EINVAL); 1305 ifp->if_mtu = *(short*)data; 1306 break; 1307#endif 1308#ifdef SIOCGIFMTU 1309 case SIOCGIFMTU: 1310 ifr->ifr_mtu = ifp->if_mtu; 1311 break; 1312#endif 1313#ifdef SLIOCGETMTU 1314 case SLIOCGETMTU: 1315 *(short*)data = ifp->if_mtu; 1316 break; 1317#endif 1318 case SIOCADDMULTI: 1319 case SIOCDELMULTI: 1320 break; 1321 1322 case SIOCGIFGENERIC: 1323 case SIOCSIFGENERIC: 1324 rv = sppp_params(sp, cmd, data); 1325 break; 1326 1327 default: 1328 rv = ENOTTY; 1329 } 1330 SPPP_UNLOCK(sp); 1331 splx(s); 1332 return rv; 1333} 1334 1335/* 1336 * Cisco framing implementation. 1337 */ 1338 1339/* 1340 * Handle incoming Cisco keepalive protocol packets. 1341 */ 1342static void 1343sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1344{ 1345 STDDCL; 1346 struct cisco_packet *h; 1347 u_long me, mymask; 1348 1349 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1350 if (debug) 1351 log(LOG_DEBUG, 1352 SPP_FMT "cisco invalid packet length: %d bytes\n", 1353 SPP_ARGS(ifp), m->m_pkthdr.len); 1354 return; 1355 } 1356 h = mtod (m, struct cisco_packet*); 1357 if (debug) 1358 log(LOG_DEBUG, 1359 SPP_FMT "cisco input: %d bytes " 1360 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1361 SPP_ARGS(ifp), m->m_pkthdr.len, 1362 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1363 (u_int)h->time0, (u_int)h->time1); 1364 switch (ntohl (h->type)) { 1365 default: 1366 if (debug) 1367 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1368 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1369 break; 1370 case CISCO_ADDR_REPLY: 1371 /* Reply on address request, ignore */ 1372 break; 1373 case CISCO_KEEPALIVE_REQ: 1374 sp->pp_alivecnt = 0; 1375 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1376 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1377 /* Local and remote sequence numbers are equal. 1378 * Probably, the line is in loopback mode. */ 1379 if (sp->pp_loopcnt >= MAXALIVECNT) { 1380 printf (SPP_FMT "loopback\n", 1381 SPP_ARGS(ifp)); 1382 sp->pp_loopcnt = 0; 1383 if (ifp->if_flags & IFF_UP) { 1384 if_down (ifp); 1385 sppp_qflush (&sp->pp_cpq); 1386 } 1387 } 1388 ++sp->pp_loopcnt; 1389 1390 /* Generate new local sequence number */ 1391#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1392 sp->pp_seq[IDX_LCP] = random(); 1393#else 1394 sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec; 1395#endif 1396 break; 1397 } 1398 sp->pp_loopcnt = 0; 1399 if (! (ifp->if_flags & IFF_UP) && 1400 (ifp->if_flags & IFF_RUNNING)) { 1401 if_up(ifp); 1402 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1403 } 1404 break; 1405 case CISCO_ADDR_REQ: 1406 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1407 if (me != 0L) 1408 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1409 break; 1410 } 1411} 1412 1413/* 1414 * Send Cisco keepalive packet. 1415 */ 1416static void 1417sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1418{ 1419 STDDCL; 1420 struct ppp_header *h; 1421 struct cisco_packet *ch; 1422 struct mbuf *m; 1423 struct timeval tv; 1424 1425 getmicrouptime(&tv); 1426 1427 MGETHDR (m, M_DONTWAIT, MT_DATA); 1428 if (! m) 1429 return; 1430 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1431 m->m_pkthdr.rcvif = 0; 1432 1433 h = mtod (m, struct ppp_header*); 1434 h->address = CISCO_MULTICAST; 1435 h->control = 0; 1436 h->protocol = htons (CISCO_KEEPALIVE); 1437 1438 ch = (struct cisco_packet*) (h + 1); 1439 ch->type = htonl (type); 1440 ch->par1 = htonl (par1); 1441 ch->par2 = htonl (par2); 1442 ch->rel = -1; 1443 1444 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1445 ch->time1 = htons ((u_short) tv.tv_sec); 1446 1447 if (debug) 1448 log(LOG_DEBUG, 1449 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1450 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1451 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1452 1453 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1454 ifp->if_oerrors++; 1455} 1456 1457/* 1458 * PPP protocol implementation. 1459 */ 1460 1461/* 1462 * Send PPP control protocol packet. 1463 */ 1464static void 1465sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1466 u_char ident, u_short len, void *data) 1467{ 1468 STDDCL; 1469 struct ppp_header *h; 1470 struct lcp_header *lh; 1471 struct mbuf *m; 1472 1473 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1474 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1475 MGETHDR (m, M_DONTWAIT, MT_DATA); 1476 if (! m) 1477 return; 1478 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1479 m->m_pkthdr.rcvif = 0; 1480 1481 h = mtod (m, struct ppp_header*); 1482 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1483 h->control = PPP_UI; /* Unnumbered Info */ 1484 h->protocol = htons (proto); /* Link Control Protocol */ 1485 1486 lh = (struct lcp_header*) (h + 1); 1487 lh->type = type; 1488 lh->ident = ident; 1489 lh->len = htons (LCP_HEADER_LEN + len); 1490 if (len) 1491 bcopy (data, lh+1, len); 1492 1493 if (debug) { 1494 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1495 SPP_ARGS(ifp), 1496 sppp_proto_name(proto), 1497 sppp_cp_type_name (lh->type), lh->ident, 1498 ntohs (lh->len)); 1499 sppp_print_bytes ((u_char*) (lh+1), len); 1500 log(-1, ">\n"); 1501 } 1502 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1503 ifp->if_oerrors++; 1504} 1505 1506/* 1507 * Handle incoming PPP control protocol packets. 1508 */ 1509static void 1510sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1511{ 1512 STDDCL; 1513 struct lcp_header *h; 1514 int len = m->m_pkthdr.len; 1515 int rv; 1516 u_char *p; 1517 1518 if (len < 4) { 1519 if (debug) 1520 log(LOG_DEBUG, 1521 SPP_FMT "%s invalid packet length: %d bytes\n", 1522 SPP_ARGS(ifp), cp->name, len); 1523 return; 1524 } 1525 h = mtod (m, struct lcp_header*); 1526 if (debug) { 1527 log(LOG_DEBUG, 1528 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1529 SPP_ARGS(ifp), cp->name, 1530 sppp_state_name(sp->state[cp->protoidx]), 1531 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1532 sppp_print_bytes ((u_char*) (h+1), len-4); 1533 log(-1, ">\n"); 1534 } 1535 if (len > ntohs (h->len)) 1536 len = ntohs (h->len); 1537 p = (u_char *)(h + 1); 1538 switch (h->type) { 1539 case CONF_REQ: 1540 if (len < 4) { 1541 if (debug) 1542 log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1543 SPP_ARGS(ifp), cp->name, 1544 len); 1545 ++ifp->if_ierrors; 1546 break; 1547 } 1548 /* handle states where RCR doesn't get a SCA/SCN */ 1549 switch (sp->state[cp->protoidx]) { 1550 case STATE_CLOSING: 1551 case STATE_STOPPING: 1552 return; 1553 case STATE_CLOSED: 1554 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1555 0, 0); 1556 return; 1557 } 1558 rv = (cp->RCR)(sp, h, len); 1559 switch (sp->state[cp->protoidx]) { 1560 case STATE_OPENED: 1561 (cp->tld)(sp); 1562 (cp->scr)(sp); 1563 /* FALLTHROUGH */ 1564 case STATE_ACK_SENT: 1565 case STATE_REQ_SENT: 1566 /* 1567 * sppp_cp_change_state() have the side effect of 1568 * restarting the timeouts. We want to avoid that 1569 * if the state don't change, otherwise we won't 1570 * ever timeout and resend a configuration request 1571 * that got lost. 1572 */ 1573 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1574 STATE_REQ_SENT)) 1575 break; 1576 sppp_cp_change_state(cp, sp, rv? 1577 STATE_ACK_SENT: STATE_REQ_SENT); 1578 break; 1579 case STATE_STOPPED: 1580 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1581 (cp->scr)(sp); 1582 sppp_cp_change_state(cp, sp, rv? 1583 STATE_ACK_SENT: STATE_REQ_SENT); 1584 break; 1585 case STATE_ACK_RCVD: 1586 if (rv) { 1587 sppp_cp_change_state(cp, sp, STATE_OPENED); 1588 if (debug) 1589 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1590 SPP_ARGS(ifp), 1591 cp->name); 1592 (cp->tlu)(sp); 1593 } else 1594 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1595 break; 1596 default: 1597 printf(SPP_FMT "%s illegal %s in state %s\n", 1598 SPP_ARGS(ifp), cp->name, 1599 sppp_cp_type_name(h->type), 1600 sppp_state_name(sp->state[cp->protoidx])); 1601 ++ifp->if_ierrors; 1602 } 1603 break; 1604 case CONF_ACK: 1605 if (h->ident != sp->confid[cp->protoidx]) { 1606 if (debug) 1607 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1608 SPP_ARGS(ifp), cp->name, 1609 h->ident, sp->confid[cp->protoidx]); 1610 ++ifp->if_ierrors; 1611 break; 1612 } 1613 switch (sp->state[cp->protoidx]) { 1614 case STATE_CLOSED: 1615 case STATE_STOPPED: 1616 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1617 break; 1618 case STATE_CLOSING: 1619 case STATE_STOPPING: 1620 break; 1621 case STATE_REQ_SENT: 1622 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1623 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1624 break; 1625 case STATE_OPENED: 1626 (cp->tld)(sp); 1627 /* FALLTHROUGH */ 1628 case STATE_ACK_RCVD: 1629 (cp->scr)(sp); 1630 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1631 break; 1632 case STATE_ACK_SENT: 1633 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1634 sppp_cp_change_state(cp, sp, STATE_OPENED); 1635 if (debug) 1636 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1637 SPP_ARGS(ifp), cp->name); 1638 (cp->tlu)(sp); 1639 break; 1640 default: 1641 printf(SPP_FMT "%s illegal %s in state %s\n", 1642 SPP_ARGS(ifp), cp->name, 1643 sppp_cp_type_name(h->type), 1644 sppp_state_name(sp->state[cp->protoidx])); 1645 ++ifp->if_ierrors; 1646 } 1647 break; 1648 case CONF_NAK: 1649 case CONF_REJ: 1650 if (h->ident != sp->confid[cp->protoidx]) { 1651 if (debug) 1652 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1653 SPP_ARGS(ifp), cp->name, 1654 h->ident, sp->confid[cp->protoidx]); 1655 ++ifp->if_ierrors; 1656 break; 1657 } 1658 if (h->type == CONF_NAK) 1659 (cp->RCN_nak)(sp, h, len); 1660 else /* CONF_REJ */ 1661 (cp->RCN_rej)(sp, h, len); 1662 1663 switch (sp->state[cp->protoidx]) { 1664 case STATE_CLOSED: 1665 case STATE_STOPPED: 1666 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1667 break; 1668 case STATE_REQ_SENT: 1669 case STATE_ACK_SENT: 1670 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1671 /* 1672 * Slow things down a bit if we think we might be 1673 * in loopback. Depend on the timeout to send the 1674 * next configuration request. 1675 */ 1676 if (sp->pp_loopcnt) 1677 break; 1678 (cp->scr)(sp); 1679 break; 1680 case STATE_OPENED: 1681 (cp->tld)(sp); 1682 /* FALLTHROUGH */ 1683 case STATE_ACK_RCVD: 1684 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1685 (cp->scr)(sp); 1686 break; 1687 case STATE_CLOSING: 1688 case STATE_STOPPING: 1689 break; 1690 default: 1691 printf(SPP_FMT "%s illegal %s in state %s\n", 1692 SPP_ARGS(ifp), cp->name, 1693 sppp_cp_type_name(h->type), 1694 sppp_state_name(sp->state[cp->protoidx])); 1695 ++ifp->if_ierrors; 1696 } 1697 break; 1698 1699 case TERM_REQ: 1700 switch (sp->state[cp->protoidx]) { 1701 case STATE_ACK_RCVD: 1702 case STATE_ACK_SENT: 1703 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1704 /* FALLTHROUGH */ 1705 case STATE_CLOSED: 1706 case STATE_STOPPED: 1707 case STATE_CLOSING: 1708 case STATE_STOPPING: 1709 case STATE_REQ_SENT: 1710 sta: 1711 /* Send Terminate-Ack packet. */ 1712 if (debug) 1713 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1714 SPP_ARGS(ifp), cp->name); 1715 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1716 break; 1717 case STATE_OPENED: 1718 (cp->tld)(sp); 1719 sp->rst_counter[cp->protoidx] = 0; 1720 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1721 goto sta; 1722 break; 1723 default: 1724 printf(SPP_FMT "%s illegal %s in state %s\n", 1725 SPP_ARGS(ifp), cp->name, 1726 sppp_cp_type_name(h->type), 1727 sppp_state_name(sp->state[cp->protoidx])); 1728 ++ifp->if_ierrors; 1729 } 1730 break; 1731 case TERM_ACK: 1732 switch (sp->state[cp->protoidx]) { 1733 case STATE_CLOSED: 1734 case STATE_STOPPED: 1735 case STATE_REQ_SENT: 1736 case STATE_ACK_SENT: 1737 break; 1738 case STATE_CLOSING: 1739 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1740 (cp->tlf)(sp); 1741 break; 1742 case STATE_STOPPING: 1743 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1744 (cp->tlf)(sp); 1745 break; 1746 case STATE_ACK_RCVD: 1747 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1748 break; 1749 case STATE_OPENED: 1750 (cp->tld)(sp); 1751 (cp->scr)(sp); 1752 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1753 break; 1754 default: 1755 printf(SPP_FMT "%s illegal %s in state %s\n", 1756 SPP_ARGS(ifp), cp->name, 1757 sppp_cp_type_name(h->type), 1758 sppp_state_name(sp->state[cp->protoidx])); 1759 ++ifp->if_ierrors; 1760 } 1761 break; 1762 case CODE_REJ: 1763 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1764 log(LOG_INFO, 1765 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1766 "danger will robinson\n", 1767 SPP_ARGS(ifp), cp->name, 1768 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1769 switch (sp->state[cp->protoidx]) { 1770 case STATE_CLOSED: 1771 case STATE_STOPPED: 1772 case STATE_REQ_SENT: 1773 case STATE_ACK_SENT: 1774 case STATE_CLOSING: 1775 case STATE_STOPPING: 1776 case STATE_OPENED: 1777 break; 1778 case STATE_ACK_RCVD: 1779 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1780 break; 1781 default: 1782 printf(SPP_FMT "%s illegal %s in state %s\n", 1783 SPP_ARGS(ifp), cp->name, 1784 sppp_cp_type_name(h->type), 1785 sppp_state_name(sp->state[cp->protoidx])); 1786 ++ifp->if_ierrors; 1787 } 1788 break; 1789 case PROTO_REJ: 1790 { 1791 int catastrophic; 1792 const struct cp *upper; 1793 int i; 1794 u_int16_t proto; 1795 1796 catastrophic = 0; 1797 upper = NULL; 1798 proto = ntohs(*((u_int16_t *)p)); 1799 for (i = 0; i < IDX_COUNT; i++) { 1800 if (cps[i]->proto == proto) { 1801 upper = cps[i]; 1802 break; 1803 } 1804 } 1805 if (upper == NULL) 1806 catastrophic++; 1807 1808 if (catastrophic || debug) 1809 log(catastrophic? LOG_INFO: LOG_DEBUG, 1810 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1811 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1812 sppp_cp_type_name(h->type), proto, 1813 upper ? upper->name : "unknown", 1814 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1815 1816 /* 1817 * if we got RXJ+ against conf-req, the peer does not implement 1818 * this particular protocol type. terminate the protocol. 1819 */ 1820 if (upper && !catastrophic) { 1821 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1822 upper->Close(sp); 1823 break; 1824 } 1825 } 1826 1827 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1828 switch (sp->state[cp->protoidx]) { 1829 case STATE_CLOSED: 1830 case STATE_STOPPED: 1831 case STATE_REQ_SENT: 1832 case STATE_ACK_SENT: 1833 case STATE_CLOSING: 1834 case STATE_STOPPING: 1835 case STATE_OPENED: 1836 break; 1837 case STATE_ACK_RCVD: 1838 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1839 break; 1840 default: 1841 printf(SPP_FMT "%s illegal %s in state %s\n", 1842 SPP_ARGS(ifp), cp->name, 1843 sppp_cp_type_name(h->type), 1844 sppp_state_name(sp->state[cp->protoidx])); 1845 ++ifp->if_ierrors; 1846 } 1847 break; 1848 } 1849 case DISC_REQ: 1850 if (cp->proto != PPP_LCP) 1851 goto illegal; 1852 /* Discard the packet. */ 1853 break; 1854 case ECHO_REQ: 1855 if (cp->proto != PPP_LCP) 1856 goto illegal; 1857 if (sp->state[cp->protoidx] != STATE_OPENED) { 1858 if (debug) 1859 log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1860 SPP_ARGS(ifp)); 1861 ++ifp->if_ierrors; 1862 break; 1863 } 1864 if (len < 8) { 1865 if (debug) 1866 log(-1, SPP_FMT "invalid lcp echo request " 1867 "packet length: %d bytes\n", 1868 SPP_ARGS(ifp), len); 1869 break; 1870 } 1871 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1872 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1873 /* Line loopback mode detected. */ 1874 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1875 sp->pp_loopcnt = MAXALIVECNT * 5; 1876 if_down (ifp); 1877 sppp_qflush (&sp->pp_cpq); 1878 1879 /* Shut down the PPP link. */ 1880 /* XXX */ 1881 lcp.Down(sp); 1882 lcp.Up(sp); 1883 break; 1884 } 1885 *(long*)(h+1) = htonl (sp->lcp.magic); 1886 if (debug) 1887 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1888 SPP_ARGS(ifp)); 1889 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1890 break; 1891 case ECHO_REPLY: 1892 if (cp->proto != PPP_LCP) 1893 goto illegal; 1894 if (h->ident != sp->lcp.echoid) { 1895 ++ifp->if_ierrors; 1896 break; 1897 } 1898 if (len < 8) { 1899 if (debug) 1900 log(-1, SPP_FMT "lcp invalid echo reply " 1901 "packet length: %d bytes\n", 1902 SPP_ARGS(ifp), len); 1903 break; 1904 } 1905 if (debug) 1906 log(-1, SPP_FMT "lcp got echo rep\n", 1907 SPP_ARGS(ifp)); 1908 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1909 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1910 sp->pp_alivecnt = 0; 1911 break; 1912 default: 1913 /* Unknown packet type -- send Code-Reject packet. */ 1914 illegal: 1915 if (debug) 1916 log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1917 SPP_ARGS(ifp), cp->name, h->type); 1918 sppp_cp_send(sp, cp->proto, CODE_REJ, 1919 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1920 ++ifp->if_ierrors; 1921 } 1922} 1923 1924 1925/* 1926 * The generic part of all Up/Down/Open/Close/TO event handlers. 1927 * Basically, the state transition handling in the automaton. 1928 */ 1929static void 1930sppp_up_event(const struct cp *cp, struct sppp *sp) 1931{ 1932 STDDCL; 1933 1934 if (debug) 1935 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1936 SPP_ARGS(ifp), cp->name, 1937 sppp_state_name(sp->state[cp->protoidx])); 1938 1939 switch (sp->state[cp->protoidx]) { 1940 case STATE_INITIAL: 1941 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1942 break; 1943 case STATE_STARTING: 1944 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1945 (cp->scr)(sp); 1946 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1947 break; 1948 default: 1949 printf(SPP_FMT "%s illegal up in state %s\n", 1950 SPP_ARGS(ifp), cp->name, 1951 sppp_state_name(sp->state[cp->protoidx])); 1952 } 1953} 1954 1955static void 1956sppp_down_event(const struct cp *cp, struct sppp *sp) 1957{ 1958 STDDCL; 1959 1960 if (debug) 1961 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1962 SPP_ARGS(ifp), cp->name, 1963 sppp_state_name(sp->state[cp->protoidx])); 1964 1965 switch (sp->state[cp->protoidx]) { 1966 case STATE_CLOSED: 1967 case STATE_CLOSING: 1968 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1969 break; 1970 case STATE_STOPPED: 1971 sppp_cp_change_state(cp, sp, STATE_STARTING); 1972 (cp->tls)(sp); 1973 break; 1974 case STATE_STOPPING: 1975 case STATE_REQ_SENT: 1976 case STATE_ACK_RCVD: 1977 case STATE_ACK_SENT: 1978 sppp_cp_change_state(cp, sp, STATE_STARTING); 1979 break; 1980 case STATE_OPENED: 1981 (cp->tld)(sp); 1982 sppp_cp_change_state(cp, sp, STATE_STARTING); 1983 break; 1984 default: 1985 printf(SPP_FMT "%s illegal down in state %s\n", 1986 SPP_ARGS(ifp), cp->name, 1987 sppp_state_name(sp->state[cp->protoidx])); 1988 } 1989} 1990 1991 1992static void 1993sppp_open_event(const struct cp *cp, struct sppp *sp) 1994{ 1995 STDDCL; 1996 1997 if (debug) 1998 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1999 SPP_ARGS(ifp), cp->name, 2000 sppp_state_name(sp->state[cp->protoidx])); 2001 2002 switch (sp->state[cp->protoidx]) { 2003 case STATE_INITIAL: 2004 sppp_cp_change_state(cp, sp, STATE_STARTING); 2005 (cp->tls)(sp); 2006 break; 2007 case STATE_STARTING: 2008 break; 2009 case STATE_CLOSED: 2010 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 2011 (cp->scr)(sp); 2012 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2013 break; 2014 case STATE_STOPPED: 2015 /* 2016 * Try escaping stopped state. This seems to bite 2017 * people occasionally, in particular for IPCP, 2018 * presumably following previous IPCP negotiation 2019 * aborts. Somehow, we must have missed a Down event 2020 * which would have caused a transition into starting 2021 * state, so as a bandaid we force the Down event now. 2022 * This effectively implements (something like the) 2023 * `restart' option mentioned in the state transition 2024 * table of RFC 1661. 2025 */ 2026 sppp_cp_change_state(cp, sp, STATE_STARTING); 2027 (cp->tls)(sp); 2028 break; 2029 case STATE_STOPPING: 2030 case STATE_REQ_SENT: 2031 case STATE_ACK_RCVD: 2032 case STATE_ACK_SENT: 2033 case STATE_OPENED: 2034 break; 2035 case STATE_CLOSING: 2036 sppp_cp_change_state(cp, sp, STATE_STOPPING); 2037 break; 2038 } 2039} 2040 2041 2042static void 2043sppp_close_event(const struct cp *cp, struct sppp *sp) 2044{ 2045 STDDCL; 2046 2047 if (debug) 2048 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 2049 SPP_ARGS(ifp), cp->name, 2050 sppp_state_name(sp->state[cp->protoidx])); 2051 2052 switch (sp->state[cp->protoidx]) { 2053 case STATE_INITIAL: 2054 case STATE_CLOSED: 2055 case STATE_CLOSING: 2056 break; 2057 case STATE_STARTING: 2058 sppp_cp_change_state(cp, sp, STATE_INITIAL); 2059 (cp->tlf)(sp); 2060 break; 2061 case STATE_STOPPED: 2062 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2063 break; 2064 case STATE_STOPPING: 2065 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2066 break; 2067 case STATE_OPENED: 2068 (cp->tld)(sp); 2069 /* FALLTHROUGH */ 2070 case STATE_REQ_SENT: 2071 case STATE_ACK_RCVD: 2072 case STATE_ACK_SENT: 2073 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 2074 sppp_cp_send(sp, cp->proto, TERM_REQ, 2075 ++sp->pp_seq[cp->protoidx], 0, 0); 2076 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2077 break; 2078 } 2079} 2080 2081static void 2082sppp_to_event(const struct cp *cp, struct sppp *sp) 2083{ 2084 STDDCL; 2085 int s; 2086 2087 s = splimp(); 2088 SPPP_LOCK(sp); 2089 if (debug) 2090 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 2091 SPP_ARGS(ifp), cp->name, 2092 sppp_state_name(sp->state[cp->protoidx]), 2093 sp->rst_counter[cp->protoidx]); 2094 2095 if (--sp->rst_counter[cp->protoidx] < 0) 2096 /* TO- event */ 2097 switch (sp->state[cp->protoidx]) { 2098 case STATE_CLOSING: 2099 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2100 (cp->tlf)(sp); 2101 break; 2102 case STATE_STOPPING: 2103 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2104 (cp->tlf)(sp); 2105 break; 2106 case STATE_REQ_SENT: 2107 case STATE_ACK_RCVD: 2108 case STATE_ACK_SENT: 2109 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2110 (cp->tlf)(sp); 2111 break; 2112 } 2113 else 2114 /* TO+ event */ 2115 switch (sp->state[cp->protoidx]) { 2116 case STATE_CLOSING: 2117 case STATE_STOPPING: 2118 sppp_cp_send(sp, cp->proto, TERM_REQ, 2119 ++sp->pp_seq[cp->protoidx], 0, 0); 2120 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2121 cp->TO, (void *)sp); 2122 break; 2123 case STATE_REQ_SENT: 2124 case STATE_ACK_RCVD: 2125 (cp->scr)(sp); 2126 /* sppp_cp_change_state() will restart the timer */ 2127 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2128 break; 2129 case STATE_ACK_SENT: 2130 (cp->scr)(sp); 2131 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2132 cp->TO, (void *)sp); 2133 break; 2134 } 2135 2136 SPPP_UNLOCK(sp); 2137 splx(s); 2138} 2139 2140/* 2141 * Change the state of a control protocol in the state automaton. 2142 * Takes care of starting/stopping the restart timer. 2143 */ 2144static void 2145sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2146{ 2147 sp->state[cp->protoidx] = newstate; 2148 2149 callout_stop (&sp->ch[cp->protoidx]); 2150 2151 switch (newstate) { 2152 case STATE_INITIAL: 2153 case STATE_STARTING: 2154 case STATE_CLOSED: 2155 case STATE_STOPPED: 2156 case STATE_OPENED: 2157 break; 2158 case STATE_CLOSING: 2159 case STATE_STOPPING: 2160 case STATE_REQ_SENT: 2161 case STATE_ACK_RCVD: 2162 case STATE_ACK_SENT: 2163 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2164 cp->TO, (void *)sp); 2165 break; 2166 } 2167} 2168 2169/* 2170 *--------------------------------------------------------------------------* 2171 * * 2172 * The LCP implementation. * 2173 * * 2174 *--------------------------------------------------------------------------* 2175 */ 2176static void 2177sppp_pp_up(struct sppp *sp) 2178{ 2179 SPPP_LOCK(sp); 2180 lcp.Up(sp); 2181 SPPP_UNLOCK(sp); 2182} 2183 2184static void 2185sppp_pp_down(struct sppp *sp) 2186{ 2187 SPPP_LOCK(sp); 2188 lcp.Down(sp); 2189 SPPP_UNLOCK(sp); 2190} 2191 2192static void 2193sppp_lcp_init(struct sppp *sp) 2194{ 2195 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2196 sp->lcp.magic = 0; 2197 sp->state[IDX_LCP] = STATE_INITIAL; 2198 sp->fail_counter[IDX_LCP] = 0; 2199 sp->pp_seq[IDX_LCP] = 0; 2200 sp->pp_rseq[IDX_LCP] = 0; 2201 sp->lcp.protos = 0; 2202 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2203 2204 /* Note that these values are relevant for all control protocols */ 2205 sp->lcp.timeout = 3 * hz; 2206 sp->lcp.max_terminate = 2; 2207 sp->lcp.max_configure = 10; 2208 sp->lcp.max_failure = 10; 2209 callout_init(&sp->ch[IDX_LCP], 2210 (sp->pp_if.if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 2211} 2212 2213static void 2214sppp_lcp_up(struct sppp *sp) 2215{ 2216 STDDCL; 2217 2218 sp->pp_alivecnt = 0; 2219 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2220 sp->lcp.magic = 0; 2221 sp->lcp.protos = 0; 2222 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2223 /* 2224 * If we are authenticator, negotiate LCP_AUTH 2225 */ 2226 if (sp->hisauth.proto != 0) 2227 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2228 else 2229 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2230 sp->pp_flags &= ~PP_NEEDAUTH; 2231 /* 2232 * If this interface is passive or dial-on-demand, and we are 2233 * still in Initial state, it means we've got an incoming 2234 * call. Activate the interface. 2235 */ 2236 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2237 if (debug) 2238 log(LOG_DEBUG, 2239 SPP_FMT "Up event", SPP_ARGS(ifp)); 2240 ifp->if_flags |= IFF_RUNNING; 2241 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2242 if (debug) 2243 log(-1, "(incoming call)\n"); 2244 sp->pp_flags |= PP_CALLIN; 2245 lcp.Open(sp); 2246 } else if (debug) 2247 log(-1, "\n"); 2248 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2249 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2250 ifp->if_flags |= IFF_RUNNING; 2251 lcp.Open(sp); 2252 } 2253 2254 sppp_up_event(&lcp, sp); 2255} 2256 2257static void 2258sppp_lcp_down(struct sppp *sp) 2259{ 2260 STDDCL; 2261 2262 sppp_down_event(&lcp, sp); 2263 2264 /* 2265 * If this is neither a dial-on-demand nor a passive 2266 * interface, simulate an ``ifconfig down'' action, so the 2267 * administrator can force a redial by another ``ifconfig 2268 * up''. XXX For leased line operation, should we immediately 2269 * try to reopen the connection here? 2270 */ 2271 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2272 log(LOG_INFO, 2273 SPP_FMT "Down event, taking interface down.\n", 2274 SPP_ARGS(ifp)); 2275 if_down(ifp); 2276 } else { 2277 if (debug) 2278 log(LOG_DEBUG, 2279 SPP_FMT "Down event (carrier loss)\n", 2280 SPP_ARGS(ifp)); 2281 sp->pp_flags &= ~PP_CALLIN; 2282 if (sp->state[IDX_LCP] != STATE_INITIAL) 2283 lcp.Close(sp); 2284 ifp->if_flags &= ~IFF_RUNNING; 2285 } 2286} 2287 2288static void 2289sppp_lcp_open(struct sppp *sp) 2290{ 2291 sppp_open_event(&lcp, sp); 2292} 2293 2294static void 2295sppp_lcp_close(struct sppp *sp) 2296{ 2297 sppp_close_event(&lcp, sp); 2298} 2299 2300static void 2301sppp_lcp_TO(void *cookie) 2302{ 2303 sppp_to_event(&lcp, (struct sppp *)cookie); 2304} 2305 2306/* 2307 * Analyze a configure request. Return true if it was agreeable, and 2308 * caused action sca, false if it has been rejected or nak'ed, and 2309 * caused action scn. (The return value is used to make the state 2310 * transition decision in the state automaton.) 2311 */ 2312static int 2313sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2314{ 2315 STDDCL; 2316 u_char *buf, *r, *p; 2317 int origlen, rlen; 2318 u_long nmagic; 2319 u_short authproto; 2320 2321 len -= 4; 2322 origlen = len; 2323 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2324 if (! buf) 2325 return (0); 2326 2327 if (debug) 2328 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2329 SPP_ARGS(ifp)); 2330 2331 /* pass 1: check for things that need to be rejected */ 2332 p = (void*) (h+1); 2333 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2334 if (debug) 2335 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2336 switch (*p) { 2337 case LCP_OPT_MAGIC: 2338 /* Magic number. */ 2339 if (len >= 6 && p[1] == 6) 2340 continue; 2341 if (debug) 2342 log(-1, "[invalid] "); 2343 break; 2344 case LCP_OPT_ASYNC_MAP: 2345 /* Async control character map. */ 2346 if (len >= 6 && p[1] == 6) 2347 continue; 2348 if (debug) 2349 log(-1, "[invalid] "); 2350 break; 2351 case LCP_OPT_MRU: 2352 /* Maximum receive unit. */ 2353 if (len >= 4 && p[1] == 4) 2354 continue; 2355 if (debug) 2356 log(-1, "[invalid] "); 2357 break; 2358 case LCP_OPT_AUTH_PROTO: 2359 if (len < 4) { 2360 if (debug) 2361 log(-1, "[invalid] "); 2362 break; 2363 } 2364 authproto = (p[2] << 8) + p[3]; 2365 if (authproto == PPP_CHAP && p[1] != 5) { 2366 if (debug) 2367 log(-1, "[invalid chap len] "); 2368 break; 2369 } 2370 if (sp->myauth.proto == 0) { 2371 /* we are not configured to do auth */ 2372 if (debug) 2373 log(-1, "[not configured] "); 2374 break; 2375 } 2376 /* 2377 * Remote want us to authenticate, remember this, 2378 * so we stay in PHASE_AUTHENTICATE after LCP got 2379 * up. 2380 */ 2381 sp->pp_flags |= PP_NEEDAUTH; 2382 continue; 2383 default: 2384 /* Others not supported. */ 2385 if (debug) 2386 log(-1, "[rej] "); 2387 break; 2388 } 2389 /* Add the option to rejected list. */ 2390 bcopy (p, r, p[1]); 2391 r += p[1]; 2392 rlen += p[1]; 2393 } 2394 if (rlen) { 2395 if (debug) 2396 log(-1, " send conf-rej\n"); 2397 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2398 return 0; 2399 } else if (debug) 2400 log(-1, "\n"); 2401 2402 /* 2403 * pass 2: check for option values that are unacceptable and 2404 * thus require to be nak'ed. 2405 */ 2406 if (debug) 2407 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2408 SPP_ARGS(ifp)); 2409 2410 p = (void*) (h+1); 2411 len = origlen; 2412 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2413 if (debug) 2414 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2415 switch (*p) { 2416 case LCP_OPT_MAGIC: 2417 /* Magic number -- extract. */ 2418 nmagic = (u_long)p[2] << 24 | 2419 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2420 if (nmagic != sp->lcp.magic) { 2421 sp->pp_loopcnt = 0; 2422 if (debug) 2423 log(-1, "0x%lx ", nmagic); 2424 continue; 2425 } 2426 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2427 log(-1, "[glitch] "); 2428 ++sp->pp_loopcnt; 2429 /* 2430 * We negate our magic here, and NAK it. If 2431 * we see it later in an NAK packet, we 2432 * suggest a new one. 2433 */ 2434 nmagic = ~sp->lcp.magic; 2435 /* Gonna NAK it. */ 2436 p[2] = nmagic >> 24; 2437 p[3] = nmagic >> 16; 2438 p[4] = nmagic >> 8; 2439 p[5] = nmagic; 2440 break; 2441 2442 case LCP_OPT_ASYNC_MAP: 2443 /* 2444 * Async control character map -- just ignore it. 2445 * 2446 * Quote from RFC 1662, chapter 6: 2447 * To enable this functionality, synchronous PPP 2448 * implementations MUST always respond to the 2449 * Async-Control-Character-Map Configuration 2450 * Option with the LCP Configure-Ack. However, 2451 * acceptance of the Configuration Option does 2452 * not imply that the synchronous implementation 2453 * will do any ACCM mapping. Instead, all such 2454 * octet mapping will be performed by the 2455 * asynchronous-to-synchronous converter. 2456 */ 2457 continue; 2458 2459 case LCP_OPT_MRU: 2460 /* 2461 * Maximum receive unit. Always agreeable, 2462 * but ignored by now. 2463 */ 2464 sp->lcp.their_mru = p[2] * 256 + p[3]; 2465 if (debug) 2466 log(-1, "%lu ", sp->lcp.their_mru); 2467 continue; 2468 2469 case LCP_OPT_AUTH_PROTO: 2470 authproto = (p[2] << 8) + p[3]; 2471 if (sp->myauth.proto != authproto) { 2472 /* not agreed, nak */ 2473 if (debug) 2474 log(-1, "[mine %s != his %s] ", 2475 sppp_proto_name(sp->hisauth.proto), 2476 sppp_proto_name(authproto)); 2477 p[2] = sp->myauth.proto >> 8; 2478 p[3] = sp->myauth.proto; 2479 break; 2480 } 2481 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2482 if (debug) 2483 log(-1, "[chap not MD5] "); 2484 p[4] = CHAP_MD5; 2485 break; 2486 } 2487 continue; 2488 } 2489 /* Add the option to nak'ed list. */ 2490 bcopy (p, r, p[1]); 2491 r += p[1]; 2492 rlen += p[1]; 2493 } 2494 if (rlen) { 2495 /* 2496 * Local and remote magics equal -- loopback? 2497 */ 2498 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2499 if (sp->pp_loopcnt == MAXALIVECNT*5) 2500 printf (SPP_FMT "loopback\n", 2501 SPP_ARGS(ifp)); 2502 if (ifp->if_flags & IFF_UP) { 2503 if_down(ifp); 2504 sppp_qflush(&sp->pp_cpq); 2505 /* XXX ? */ 2506 lcp.Down(sp); 2507 lcp.Up(sp); 2508 } 2509 } else if (!sp->pp_loopcnt && 2510 ++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2511 if (debug) 2512 log(-1, " max_failure (%d) exceeded, " 2513 "send conf-rej\n", 2514 sp->lcp.max_failure); 2515 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2516 } else { 2517 if (debug) 2518 log(-1, " send conf-nak\n"); 2519 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2520 } 2521 } else { 2522 if (debug) 2523 log(-1, " send conf-ack\n"); 2524 sp->fail_counter[IDX_LCP] = 0; 2525 sp->pp_loopcnt = 0; 2526 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2527 h->ident, origlen, h+1); 2528 } 2529 2530 free (buf, M_TEMP); 2531 return (rlen == 0); 2532} 2533 2534/* 2535 * Analyze the LCP Configure-Reject option list, and adjust our 2536 * negotiation. 2537 */ 2538static void 2539sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2540{ 2541 STDDCL; 2542 u_char *buf, *p; 2543 2544 len -= 4; 2545 buf = malloc (len, M_TEMP, M_NOWAIT); 2546 if (!buf) 2547 return; 2548 2549 if (debug) 2550 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2551 SPP_ARGS(ifp)); 2552 2553 p = (void*) (h+1); 2554 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2555 if (debug) 2556 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2557 switch (*p) { 2558 case LCP_OPT_MAGIC: 2559 /* Magic number -- can't use it, use 0 */ 2560 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2561 sp->lcp.magic = 0; 2562 break; 2563 case LCP_OPT_MRU: 2564 /* 2565 * Should not be rejected anyway, since we only 2566 * negotiate a MRU if explicitly requested by 2567 * peer. 2568 */ 2569 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2570 break; 2571 case LCP_OPT_AUTH_PROTO: 2572 /* 2573 * Peer doesn't want to authenticate himself, 2574 * deny unless this is a dialout call, and 2575 * AUTHFLAG_NOCALLOUT is set. 2576 */ 2577 if ((sp->pp_flags & PP_CALLIN) == 0 && 2578 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2579 if (debug) 2580 log(-1, "[don't insist on auth " 2581 "for callout]"); 2582 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2583 break; 2584 } 2585 if (debug) 2586 log(-1, "[access denied]\n"); 2587 lcp.Close(sp); 2588 break; 2589 } 2590 } 2591 if (debug) 2592 log(-1, "\n"); 2593 free (buf, M_TEMP); 2594 return; 2595} 2596 2597/* 2598 * Analyze the LCP Configure-NAK option list, and adjust our 2599 * negotiation. 2600 */ 2601static void 2602sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2603{ 2604 STDDCL; 2605 u_char *buf, *p; 2606 u_long magic; 2607 2608 len -= 4; 2609 buf = malloc (len, M_TEMP, M_NOWAIT); 2610 if (!buf) 2611 return; 2612 2613 if (debug) 2614 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2615 SPP_ARGS(ifp)); 2616 2617 p = (void*) (h+1); 2618 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2619 if (debug) 2620 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2621 switch (*p) { 2622 case LCP_OPT_MAGIC: 2623 /* Magic number -- renegotiate */ 2624 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2625 len >= 6 && p[1] == 6) { 2626 magic = (u_long)p[2] << 24 | 2627 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2628 /* 2629 * If the remote magic is our negated one, 2630 * this looks like a loopback problem. 2631 * Suggest a new magic to make sure. 2632 */ 2633 if (magic == ~sp->lcp.magic) { 2634 if (debug) 2635 log(-1, "magic glitch "); 2636#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2637 sp->lcp.magic = random(); 2638#else 2639 sp->lcp.magic = time.tv_sec + time.tv_usec; 2640#endif 2641 } else { 2642 sp->lcp.magic = magic; 2643 if (debug) 2644 log(-1, "%lu ", magic); 2645 } 2646 } 2647 break; 2648 case LCP_OPT_MRU: 2649 /* 2650 * Peer wants to advise us to negotiate an MRU. 2651 * Agree on it if it's reasonable, or use 2652 * default otherwise. 2653 */ 2654 if (len >= 4 && p[1] == 4) { 2655 u_int mru = p[2] * 256 + p[3]; 2656 if (debug) 2657 log(-1, "%d ", mru); 2658 if (mru < PP_MTU || mru > PP_MAX_MRU) 2659 mru = PP_MTU; 2660 sp->lcp.mru = mru; 2661 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2662 } 2663 break; 2664 case LCP_OPT_AUTH_PROTO: 2665 /* 2666 * Peer doesn't like our authentication method, 2667 * deny. 2668 */ 2669 if (debug) 2670 log(-1, "[access denied]\n"); 2671 lcp.Close(sp); 2672 break; 2673 } 2674 } 2675 if (debug) 2676 log(-1, "\n"); 2677 free (buf, M_TEMP); 2678 return; 2679} 2680 2681static void 2682sppp_lcp_tlu(struct sppp *sp) 2683{ 2684 STDDCL; 2685 int i; 2686 u_long mask; 2687 2688 /* XXX ? */ 2689 if (! (ifp->if_flags & IFF_UP) && 2690 (ifp->if_flags & IFF_RUNNING)) { 2691 /* Coming out of loopback mode. */ 2692 if_up(ifp); 2693 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2694 } 2695 2696 for (i = 0; i < IDX_COUNT; i++) 2697 if ((cps[i])->flags & CP_QUAL) 2698 (cps[i])->Open(sp); 2699 2700 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2701 (sp->pp_flags & PP_NEEDAUTH) != 0) 2702 sp->pp_phase = PHASE_AUTHENTICATE; 2703 else 2704 sp->pp_phase = PHASE_NETWORK; 2705 2706 if (debug) 2707 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2708 sppp_phase_name(sp->pp_phase)); 2709 2710 /* 2711 * Open all authentication protocols. This is even required 2712 * if we already proceeded to network phase, since it might be 2713 * that remote wants us to authenticate, so we might have to 2714 * send a PAP request. Undesired authentication protocols 2715 * don't do anything when they get an Open event. 2716 */ 2717 for (i = 0; i < IDX_COUNT; i++) 2718 if ((cps[i])->flags & CP_AUTH) 2719 (cps[i])->Open(sp); 2720 2721 if (sp->pp_phase == PHASE_NETWORK) { 2722 /* Notify all NCPs. */ 2723 for (i = 0; i < IDX_COUNT; i++) 2724 if (((cps[i])->flags & CP_NCP) && 2725 /* 2726 * XXX 2727 * Hack to administratively disable IPv6 if 2728 * not desired. Perhaps we should have another 2729 * flag for this, but right now, we can make 2730 * all struct cp's read/only. 2731 */ 2732 (cps[i] != &ipv6cp || 2733 (sp->confflags & CONF_ENABLE_IPV6))) 2734 (cps[i])->Open(sp); 2735 } 2736 2737 /* Send Up events to all started protos. */ 2738 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2739 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2740 (cps[i])->Up(sp); 2741 2742 /* notify low-level driver of state change */ 2743 if (sp->pp_chg) 2744 sp->pp_chg(sp, (int)sp->pp_phase); 2745 2746 if (sp->pp_phase == PHASE_NETWORK) 2747 /* if no NCP is starting, close down */ 2748 sppp_lcp_check_and_close(sp); 2749} 2750 2751static void 2752sppp_lcp_tld(struct sppp *sp) 2753{ 2754 STDDCL; 2755 int i; 2756 u_long mask; 2757 2758 sp->pp_phase = PHASE_TERMINATE; 2759 2760 if (debug) 2761 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2762 sppp_phase_name(sp->pp_phase)); 2763 2764 /* 2765 * Take upper layers down. We send the Down event first and 2766 * the Close second to prevent the upper layers from sending 2767 * ``a flurry of terminate-request packets'', as the RFC 2768 * describes it. 2769 */ 2770 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2771 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2772 (cps[i])->Down(sp); 2773 (cps[i])->Close(sp); 2774 } 2775} 2776 2777static void 2778sppp_lcp_tls(struct sppp *sp) 2779{ 2780 STDDCL; 2781 2782 sp->pp_phase = PHASE_ESTABLISH; 2783 2784 if (debug) 2785 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2786 sppp_phase_name(sp->pp_phase)); 2787 2788 /* Notify lower layer if desired. */ 2789 if (sp->pp_tls) 2790 (sp->pp_tls)(sp); 2791 else 2792 (sp->pp_up)(sp); 2793} 2794 2795static void 2796sppp_lcp_tlf(struct sppp *sp) 2797{ 2798 STDDCL; 2799 2800 sp->pp_phase = PHASE_DEAD; 2801 if (debug) 2802 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2803 sppp_phase_name(sp->pp_phase)); 2804 2805 /* Notify lower layer if desired. */ 2806 if (sp->pp_tlf) 2807 (sp->pp_tlf)(sp); 2808 else 2809 (sp->pp_down)(sp); 2810} 2811 2812static void 2813sppp_lcp_scr(struct sppp *sp) 2814{ 2815 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2816 int i = 0; 2817 u_short authproto; 2818 2819 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2820 if (! sp->lcp.magic) 2821#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2822 sp->lcp.magic = random(); 2823#else 2824 sp->lcp.magic = time.tv_sec + time.tv_usec; 2825#endif 2826 opt[i++] = LCP_OPT_MAGIC; 2827 opt[i++] = 6; 2828 opt[i++] = sp->lcp.magic >> 24; 2829 opt[i++] = sp->lcp.magic >> 16; 2830 opt[i++] = sp->lcp.magic >> 8; 2831 opt[i++] = sp->lcp.magic; 2832 } 2833 2834 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2835 opt[i++] = LCP_OPT_MRU; 2836 opt[i++] = 4; 2837 opt[i++] = sp->lcp.mru >> 8; 2838 opt[i++] = sp->lcp.mru; 2839 } 2840 2841 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2842 authproto = sp->hisauth.proto; 2843 opt[i++] = LCP_OPT_AUTH_PROTO; 2844 opt[i++] = authproto == PPP_CHAP? 5: 4; 2845 opt[i++] = authproto >> 8; 2846 opt[i++] = authproto; 2847 if (authproto == PPP_CHAP) 2848 opt[i++] = CHAP_MD5; 2849 } 2850 2851 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2852 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2853} 2854 2855/* 2856 * Check the open NCPs, return true if at least one NCP is open. 2857 */ 2858static int 2859sppp_ncp_check(struct sppp *sp) 2860{ 2861 int i, mask; 2862 2863 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2864 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2865 return 1; 2866 return 0; 2867} 2868 2869/* 2870 * Re-check the open NCPs and see if we should terminate the link. 2871 * Called by the NCPs during their tlf action handling. 2872 */ 2873static void 2874sppp_lcp_check_and_close(struct sppp *sp) 2875{ 2876 2877 if (sp->pp_phase < PHASE_NETWORK) 2878 /* don't bother, we are already going down */ 2879 return; 2880 2881 if (sppp_ncp_check(sp)) 2882 return; 2883 2884 lcp.Close(sp); 2885} 2886 2887/* 2888 *--------------------------------------------------------------------------* 2889 * * 2890 * The IPCP implementation. * 2891 * * 2892 *--------------------------------------------------------------------------* 2893 */ 2894 2895static void 2896sppp_ipcp_init(struct sppp *sp) 2897{ 2898 sp->ipcp.opts = 0; 2899 sp->ipcp.flags = 0; 2900 sp->state[IDX_IPCP] = STATE_INITIAL; 2901 sp->fail_counter[IDX_IPCP] = 0; 2902 sp->pp_seq[IDX_IPCP] = 0; 2903 sp->pp_rseq[IDX_IPCP] = 0; 2904 callout_init(&sp->ch[IDX_IPCP], 2905 (sp->pp_if.if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 2906} 2907 2908static void 2909sppp_ipcp_up(struct sppp *sp) 2910{ 2911 sppp_up_event(&ipcp, sp); 2912} 2913 2914static void 2915sppp_ipcp_down(struct sppp *sp) 2916{ 2917 sppp_down_event(&ipcp, sp); 2918} 2919 2920static void 2921sppp_ipcp_open(struct sppp *sp) 2922{ 2923 STDDCL; 2924 u_long myaddr, hisaddr; 2925 2926 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN | 2927 IPCP_MYADDR_DYN | IPCP_VJ); 2928 sp->ipcp.opts = 0; 2929 2930 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2931 /* 2932 * If we don't have his address, this probably means our 2933 * interface doesn't want to talk IP at all. (This could 2934 * be the case if somebody wants to speak only IPX, for 2935 * example.) Don't open IPCP in this case. 2936 */ 2937 if (hisaddr == 0L) { 2938 /* XXX this message should go away */ 2939 if (debug) 2940 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2941 SPP_ARGS(ifp)); 2942 return; 2943 } 2944 if (myaddr == 0L) { 2945 /* 2946 * I don't have an assigned address, so i need to 2947 * negotiate my address. 2948 */ 2949 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2950 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2951 } else 2952 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2953 if (sp->confflags & CONF_ENABLE_VJ) { 2954 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION); 2955 sp->ipcp.max_state = MAX_STATES - 1; 2956 sp->ipcp.compress_cid = 1; 2957 } 2958 sppp_open_event(&ipcp, sp); 2959} 2960 2961static void 2962sppp_ipcp_close(struct sppp *sp) 2963{ 2964 sppp_close_event(&ipcp, sp); 2965 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2966 /* 2967 * My address was dynamic, clear it again. 2968 */ 2969 sppp_set_ip_addr(sp, 0L); 2970} 2971 2972static void 2973sppp_ipcp_TO(void *cookie) 2974{ 2975 sppp_to_event(&ipcp, (struct sppp *)cookie); 2976} 2977 2978/* 2979 * Analyze a configure request. Return true if it was agreeable, and 2980 * caused action sca, false if it has been rejected or nak'ed, and 2981 * caused action scn. (The return value is used to make the state 2982 * transition decision in the state automaton.) 2983 */ 2984static int 2985sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2986{ 2987 u_char *buf, *r, *p; 2988 struct ifnet *ifp = &sp->pp_if; 2989 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2990 u_long hisaddr, desiredaddr; 2991 int gotmyaddr = 0; 2992 int desiredcomp; 2993 2994 len -= 4; 2995 origlen = len; 2996 /* 2997 * Make sure to allocate a buf that can at least hold a 2998 * conf-nak with an `address' option. We might need it below. 2999 */ 3000 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3001 if (! buf) 3002 return (0); 3003 3004 /* pass 1: see if we can recognize them */ 3005 if (debug) 3006 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 3007 SPP_ARGS(ifp)); 3008 p = (void*) (h+1); 3009 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3010 if (debug) 3011 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3012 switch (*p) { 3013 case IPCP_OPT_COMPRESSION: 3014 if (!(sp->confflags & CONF_ENABLE_VJ)) { 3015 /* VJ compression administratively disabled */ 3016 if (debug) 3017 log(-1, "[locally disabled] "); 3018 break; 3019 } 3020 /* 3021 * In theory, we should only conf-rej an 3022 * option that is shorter than RFC 1618 3023 * requires (i.e. < 4), and should conf-nak 3024 * anything else that is not VJ. However, 3025 * since our algorithm always uses the 3026 * original option to NAK it with new values, 3027 * things would become more complicated. In 3028 * pratice, the only commonly implemented IP 3029 * compression option is VJ anyway, so the 3030 * difference is negligible. 3031 */ 3032 if (len >= 6 && p[1] == 6) { 3033 /* 3034 * correctly formed compression option 3035 * that could be VJ compression 3036 */ 3037 continue; 3038 } 3039 if (debug) 3040 log(-1, 3041 "optlen %d [invalid/unsupported] ", 3042 p[1]); 3043 break; 3044 case IPCP_OPT_ADDRESS: 3045 if (len >= 6 && p[1] == 6) { 3046 /* correctly formed address option */ 3047 continue; 3048 } 3049 if (debug) 3050 log(-1, "[invalid] "); 3051 break; 3052 default: 3053 /* Others not supported. */ 3054 if (debug) 3055 log(-1, "[rej] "); 3056 break; 3057 } 3058 /* Add the option to rejected list. */ 3059 bcopy (p, r, p[1]); 3060 r += p[1]; 3061 rlen += p[1]; 3062 } 3063 if (rlen) { 3064 if (debug) 3065 log(-1, " send conf-rej\n"); 3066 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 3067 return 0; 3068 } else if (debug) 3069 log(-1, "\n"); 3070 3071 /* pass 2: parse option values */ 3072 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 3073 if (debug) 3074 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 3075 SPP_ARGS(ifp)); 3076 p = (void*) (h+1); 3077 len = origlen; 3078 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3079 if (debug) 3080 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3081 switch (*p) { 3082 case IPCP_OPT_COMPRESSION: 3083 desiredcomp = p[2] << 8 | p[3]; 3084 /* We only support VJ */ 3085 if (desiredcomp == IPCP_COMP_VJ) { 3086 if (debug) 3087 log(-1, "VJ [ack] "); 3088 sp->ipcp.flags |= IPCP_VJ; 3089 sl_compress_init(sp->pp_comp, p[4]); 3090 sp->ipcp.max_state = p[4]; 3091 sp->ipcp.compress_cid = p[5]; 3092 continue; 3093 } 3094 if (debug) 3095 log(-1, 3096 "compproto %#04x [not supported] ", 3097 desiredcomp); 3098 p[2] = IPCP_COMP_VJ >> 8; 3099 p[3] = IPCP_COMP_VJ; 3100 p[4] = sp->ipcp.max_state; 3101 p[5] = sp->ipcp.compress_cid; 3102 break; 3103 case IPCP_OPT_ADDRESS: 3104 /* This is the address he wants in his end */ 3105 desiredaddr = p[2] << 24 | p[3] << 16 | 3106 p[4] << 8 | p[5]; 3107 if (desiredaddr == hisaddr || 3108 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) { 3109 /* 3110 * Peer's address is same as our value, 3111 * or we have set it to 0.0.0.* to 3112 * indicate that we do not really care, 3113 * this is agreeable. Gonna conf-ack 3114 * it. 3115 */ 3116 if (debug) 3117 log(-1, "%s [ack] ", 3118 sppp_dotted_quad(hisaddr)); 3119 /* record that we've seen it already */ 3120 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3121 continue; 3122 } 3123 /* 3124 * The address wasn't agreeable. This is either 3125 * he sent us 0.0.0.0, asking to assign him an 3126 * address, or he send us another address not 3127 * matching our value. Either case, we gonna 3128 * conf-nak it with our value. 3129 * XXX: we should "rej" if hisaddr == 0 3130 */ 3131 if (debug) { 3132 if (desiredaddr == 0) 3133 log(-1, "[addr requested] "); 3134 else 3135 log(-1, "%s [not agreed] ", 3136 sppp_dotted_quad(desiredaddr)); 3137 3138 } 3139 p[2] = hisaddr >> 24; 3140 p[3] = hisaddr >> 16; 3141 p[4] = hisaddr >> 8; 3142 p[5] = hisaddr; 3143 break; 3144 } 3145 /* Add the option to nak'ed list. */ 3146 bcopy (p, r, p[1]); 3147 r += p[1]; 3148 rlen += p[1]; 3149 } 3150 3151 /* 3152 * If we are about to conf-ack the request, but haven't seen 3153 * his address so far, gonna conf-nak it instead, with the 3154 * `address' option present and our idea of his address being 3155 * filled in there, to request negotiation of both addresses. 3156 * 3157 * XXX This can result in an endless req - nak loop if peer 3158 * doesn't want to send us his address. Q: What should we do 3159 * about it? XXX A: implement the max-failure counter. 3160 */ 3161 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 3162 buf[0] = IPCP_OPT_ADDRESS; 3163 buf[1] = 6; 3164 buf[2] = hisaddr >> 24; 3165 buf[3] = hisaddr >> 16; 3166 buf[4] = hisaddr >> 8; 3167 buf[5] = hisaddr; 3168 rlen = 6; 3169 if (debug) 3170 log(-1, "still need hisaddr "); 3171 } 3172 3173 if (rlen) { 3174 if (debug) 3175 log(-1, " send conf-nak\n"); 3176 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3177 } else { 3178 if (debug) 3179 log(-1, " send conf-ack\n"); 3180 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 3181 h->ident, origlen, h+1); 3182 } 3183 3184 free (buf, M_TEMP); 3185 return (rlen == 0); 3186} 3187 3188/* 3189 * Analyze the IPCP Configure-Reject option list, and adjust our 3190 * negotiation. 3191 */ 3192static void 3193sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3194{ 3195 u_char *buf, *p; 3196 struct ifnet *ifp = &sp->pp_if; 3197 int debug = ifp->if_flags & IFF_DEBUG; 3198 3199 len -= 4; 3200 buf = malloc (len, M_TEMP, M_NOWAIT); 3201 if (!buf) 3202 return; 3203 3204 if (debug) 3205 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 3206 SPP_ARGS(ifp)); 3207 3208 p = (void*) (h+1); 3209 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3210 if (debug) 3211 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3212 switch (*p) { 3213 case IPCP_OPT_COMPRESSION: 3214 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION); 3215 break; 3216 case IPCP_OPT_ADDRESS: 3217 /* 3218 * Peer doesn't grok address option. This is 3219 * bad. XXX Should we better give up here? 3220 * XXX We could try old "addresses" option... 3221 */ 3222 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3223 break; 3224 } 3225 } 3226 if (debug) 3227 log(-1, "\n"); 3228 free (buf, M_TEMP); 3229 return; 3230} 3231 3232/* 3233 * Analyze the IPCP Configure-NAK option list, and adjust our 3234 * negotiation. 3235 */ 3236static void 3237sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3238{ 3239 u_char *buf, *p; 3240 struct ifnet *ifp = &sp->pp_if; 3241 int debug = ifp->if_flags & IFF_DEBUG; 3242 int desiredcomp; 3243 u_long wantaddr; 3244 3245 len -= 4; 3246 buf = malloc (len, M_TEMP, M_NOWAIT); 3247 if (!buf) 3248 return; 3249 3250 if (debug) 3251 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 3252 SPP_ARGS(ifp)); 3253 3254 p = (void*) (h+1); 3255 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3256 if (debug) 3257 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3258 switch (*p) { 3259 case IPCP_OPT_COMPRESSION: 3260 if (len >= 6 && p[1] == 6) { 3261 desiredcomp = p[2] << 8 | p[3]; 3262 if (debug) 3263 log(-1, "[wantcomp %#04x] ", 3264 desiredcomp); 3265 if (desiredcomp == IPCP_COMP_VJ) { 3266 sl_compress_init(sp->pp_comp, p[4]); 3267 sp->ipcp.max_state = p[4]; 3268 sp->ipcp.compress_cid = p[5]; 3269 if (debug) 3270 log(-1, "[agree] "); 3271 } else 3272 sp->ipcp.opts &= 3273 ~(1 << IPCP_OPT_COMPRESSION); 3274 } 3275 break; 3276 case IPCP_OPT_ADDRESS: 3277 /* 3278 * Peer doesn't like our local IP address. See 3279 * if we can do something for him. We'll drop 3280 * him our address then. 3281 */ 3282 if (len >= 6 && p[1] == 6) { 3283 wantaddr = p[2] << 24 | p[3] << 16 | 3284 p[4] << 8 | p[5]; 3285 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3286 if (debug) 3287 log(-1, "[wantaddr %s] ", 3288 sppp_dotted_quad(wantaddr)); 3289 /* 3290 * When doing dynamic address assignment, 3291 * we accept his offer. Otherwise, we 3292 * ignore it and thus continue to negotiate 3293 * our already existing value. 3294 * XXX: Bogus, if he said no once, he'll 3295 * just say no again, might as well die. 3296 */ 3297 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3298 sppp_set_ip_addr(sp, wantaddr); 3299 if (debug) 3300 log(-1, "[agree] "); 3301 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3302 } 3303 } 3304 break; 3305 } 3306 } 3307 if (debug) 3308 log(-1, "\n"); 3309 free (buf, M_TEMP); 3310 return; 3311} 3312 3313static void 3314sppp_ipcp_tlu(struct sppp *sp) 3315{ 3316 /* we are up - notify isdn daemon */ 3317 if (sp->pp_con) 3318 sp->pp_con(sp); 3319} 3320 3321static void 3322sppp_ipcp_tld(struct sppp *sp) 3323{ 3324} 3325 3326static void 3327sppp_ipcp_tls(struct sppp *sp) 3328{ 3329 /* indicate to LCP that it must stay alive */ 3330 sp->lcp.protos |= (1 << IDX_IPCP); 3331} 3332 3333static void 3334sppp_ipcp_tlf(struct sppp *sp) 3335{ 3336 /* we no longer need LCP */ 3337 sp->lcp.protos &= ~(1 << IDX_IPCP); 3338 sppp_lcp_check_and_close(sp); 3339} 3340 3341static void 3342sppp_ipcp_scr(struct sppp *sp) 3343{ 3344 char opt[6 /* compression */ + 6 /* address */]; 3345 u_long ouraddr; 3346 int i = 0; 3347 3348 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3349 opt[i++] = IPCP_OPT_COMPRESSION; 3350 opt[i++] = 6; 3351 opt[i++] = IPCP_COMP_VJ >> 8; 3352 opt[i++] = IPCP_COMP_VJ; 3353 opt[i++] = sp->ipcp.max_state; 3354 opt[i++] = sp->ipcp.compress_cid; 3355 } 3356 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3357 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3358 opt[i++] = IPCP_OPT_ADDRESS; 3359 opt[i++] = 6; 3360 opt[i++] = ouraddr >> 24; 3361 opt[i++] = ouraddr >> 16; 3362 opt[i++] = ouraddr >> 8; 3363 opt[i++] = ouraddr; 3364 } 3365 3366 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3367 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3368} 3369 3370/* 3371 *--------------------------------------------------------------------------* 3372 * * 3373 * The IPv6CP implementation. * 3374 * * 3375 *--------------------------------------------------------------------------* 3376 */ 3377 3378#ifdef INET6 3379static void 3380sppp_ipv6cp_init(struct sppp *sp) 3381{ 3382 sp->ipv6cp.opts = 0; 3383 sp->ipv6cp.flags = 0; 3384 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3385 sp->fail_counter[IDX_IPV6CP] = 0; 3386 sp->pp_seq[IDX_IPV6CP] = 0; 3387 sp->pp_rseq[IDX_IPV6CP] = 0; 3388 callout_init(&sp->ch[IDX_IPV6CP], 3389 (sp->pp_if.if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 3390} 3391 3392static void 3393sppp_ipv6cp_up(struct sppp *sp) 3394{ 3395 sppp_up_event(&ipv6cp, sp); 3396} 3397 3398static void 3399sppp_ipv6cp_down(struct sppp *sp) 3400{ 3401 sppp_down_event(&ipv6cp, sp); 3402} 3403 3404static void 3405sppp_ipv6cp_open(struct sppp *sp) 3406{ 3407 STDDCL; 3408 struct in6_addr myaddr, hisaddr; 3409 3410#ifdef IPV6CP_MYIFID_DYN 3411 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3412#else 3413 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3414#endif 3415 3416 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3417 /* 3418 * If we don't have our address, this probably means our 3419 * interface doesn't want to talk IPv6 at all. (This could 3420 * be the case if somebody wants to speak only IPX, for 3421 * example.) Don't open IPv6CP in this case. 3422 */ 3423 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3424 /* XXX this message should go away */ 3425 if (debug) 3426 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3427 SPP_ARGS(ifp)); 3428 return; 3429 } 3430 3431 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3432 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3433 sppp_open_event(&ipv6cp, sp); 3434} 3435 3436static void 3437sppp_ipv6cp_close(struct sppp *sp) 3438{ 3439 sppp_close_event(&ipv6cp, sp); 3440} 3441 3442static void 3443sppp_ipv6cp_TO(void *cookie) 3444{ 3445 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3446} 3447 3448/* 3449 * Analyze a configure request. Return true if it was agreeable, and 3450 * caused action sca, false if it has been rejected or nak'ed, and 3451 * caused action scn. (The return value is used to make the state 3452 * transition decision in the state automaton.) 3453 */ 3454static int 3455sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3456{ 3457 u_char *buf, *r, *p; 3458 struct ifnet *ifp = &sp->pp_if; 3459 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3460 struct in6_addr myaddr, desiredaddr, suggestaddr; 3461 int ifidcount; 3462 int type; 3463 int collision, nohisaddr; 3464 3465 len -= 4; 3466 origlen = len; 3467 /* 3468 * Make sure to allocate a buf that can at least hold a 3469 * conf-nak with an `address' option. We might need it below. 3470 */ 3471 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3472 if (! buf) 3473 return (0); 3474 3475 /* pass 1: see if we can recognize them */ 3476 if (debug) 3477 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3478 SPP_ARGS(ifp)); 3479 p = (void*) (h+1); 3480 ifidcount = 0; 3481 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3482 if (debug) 3483 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3484 switch (*p) { 3485 case IPV6CP_OPT_IFID: 3486 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3487 /* correctly formed address option */ 3488 ifidcount++; 3489 continue; 3490 } 3491 if (debug) 3492 log(-1, " [invalid]"); 3493 break; 3494#ifdef notyet 3495 case IPV6CP_OPT_COMPRESSION: 3496 if (len >= 4 && p[1] >= 4) { 3497 /* correctly formed compress option */ 3498 continue; 3499 } 3500 if (debug) 3501 log(-1, " [invalid]"); 3502 break; 3503#endif 3504 default: 3505 /* Others not supported. */ 3506 if (debug) 3507 log(-1, " [rej]"); 3508 break; 3509 } 3510 /* Add the option to rejected list. */ 3511 bcopy (p, r, p[1]); 3512 r += p[1]; 3513 rlen += p[1]; 3514 } 3515 if (rlen) { 3516 if (debug) 3517 log(-1, " send conf-rej\n"); 3518 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3519 goto end; 3520 } else if (debug) 3521 log(-1, "\n"); 3522 3523 /* pass 2: parse option values */ 3524 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3525 if (debug) 3526 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3527 SPP_ARGS(ifp)); 3528 p = (void*) (h+1); 3529 len = origlen; 3530 type = CONF_ACK; 3531 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3532 if (debug) 3533 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3534 switch (*p) { 3535#ifdef notyet 3536 case IPV6CP_OPT_COMPRESSION: 3537 continue; 3538#endif 3539 case IPV6CP_OPT_IFID: 3540 bzero(&desiredaddr, sizeof(desiredaddr)); 3541 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3542 collision = (bcmp(&desiredaddr.s6_addr[8], 3543 &myaddr.s6_addr[8], 8) == 0); 3544 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3545 3546 desiredaddr.s6_addr16[0] = htons(0xfe80); 3547 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3548 3549 if (!collision && !nohisaddr) { 3550 /* no collision, hisaddr known - Conf-Ack */ 3551 type = CONF_ACK; 3552 3553 if (debug) { 3554 log(-1, " %s [%s]", 3555 ip6_sprintf(&desiredaddr), 3556 sppp_cp_type_name(type)); 3557 } 3558 continue; 3559 } 3560 3561 bzero(&suggestaddr, sizeof(&suggestaddr)); 3562 if (collision && nohisaddr) { 3563 /* collision, hisaddr unknown - Conf-Rej */ 3564 type = CONF_REJ; 3565 bzero(&p[2], 8); 3566 } else { 3567 /* 3568 * - no collision, hisaddr unknown, or 3569 * - collision, hisaddr known 3570 * Conf-Nak, suggest hisaddr 3571 */ 3572 type = CONF_NAK; 3573 sppp_suggest_ip6_addr(sp, &suggestaddr); 3574 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3575 } 3576 if (debug) 3577 log(-1, " %s [%s]", ip6_sprintf(&desiredaddr), 3578 sppp_cp_type_name(type)); 3579 break; 3580 } 3581 /* Add the option to nak'ed list. */ 3582 bcopy (p, r, p[1]); 3583 r += p[1]; 3584 rlen += p[1]; 3585 } 3586 3587 if (rlen == 0 && type == CONF_ACK) { 3588 if (debug) 3589 log(-1, " send %s\n", sppp_cp_type_name(type)); 3590 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3591 } else { 3592#ifdef DIAGNOSTIC 3593 if (type == CONF_ACK) 3594 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3595#endif 3596 3597 if (debug) { 3598 log(-1, " send %s suggest %s\n", 3599 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3600 } 3601 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3602 } 3603 3604 end: 3605 free (buf, M_TEMP); 3606 return (rlen == 0); 3607} 3608 3609/* 3610 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3611 * negotiation. 3612 */ 3613static void 3614sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3615{ 3616 u_char *buf, *p; 3617 struct ifnet *ifp = &sp->pp_if; 3618 int debug = ifp->if_flags & IFF_DEBUG; 3619 3620 len -= 4; 3621 buf = malloc (len, M_TEMP, M_NOWAIT); 3622 if (!buf) 3623 return; 3624 3625 if (debug) 3626 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3627 SPP_ARGS(ifp)); 3628 3629 p = (void*) (h+1); 3630 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3631 if (debug) 3632 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3633 switch (*p) { 3634 case IPV6CP_OPT_IFID: 3635 /* 3636 * Peer doesn't grok address option. This is 3637 * bad. XXX Should we better give up here? 3638 */ 3639 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3640 break; 3641#ifdef notyet 3642 case IPV6CP_OPT_COMPRESS: 3643 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3644 break; 3645#endif 3646 } 3647 } 3648 if (debug) 3649 log(-1, "\n"); 3650 free (buf, M_TEMP); 3651 return; 3652} 3653 3654/* 3655 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3656 * negotiation. 3657 */ 3658static void 3659sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3660{ 3661 u_char *buf, *p; 3662 struct ifnet *ifp = &sp->pp_if; 3663 int debug = ifp->if_flags & IFF_DEBUG; 3664 struct in6_addr suggestaddr; 3665 3666 len -= 4; 3667 buf = malloc (len, M_TEMP, M_NOWAIT); 3668 if (!buf) 3669 return; 3670 3671 if (debug) 3672 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3673 SPP_ARGS(ifp)); 3674 3675 p = (void*) (h+1); 3676 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3677 if (debug) 3678 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3679 switch (*p) { 3680 case IPV6CP_OPT_IFID: 3681 /* 3682 * Peer doesn't like our local ifid. See 3683 * if we can do something for him. We'll drop 3684 * him our address then. 3685 */ 3686 if (len < 10 || p[1] != 10) 3687 break; 3688 bzero(&suggestaddr, sizeof(suggestaddr)); 3689 suggestaddr.s6_addr16[0] = htons(0xfe80); 3690 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3691 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3692 3693 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3694 if (debug) 3695 log(-1, " [suggestaddr %s]", 3696 ip6_sprintf(&suggestaddr)); 3697#ifdef IPV6CP_MYIFID_DYN 3698 /* 3699 * When doing dynamic address assignment, 3700 * we accept his offer. 3701 */ 3702 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3703 struct in6_addr lastsuggest; 3704 /* 3705 * If <suggested myaddr from peer> equals to 3706 * <hisaddr we have suggested last time>, 3707 * we have a collision. generate new random 3708 * ifid. 3709 */ 3710 sppp_suggest_ip6_addr(&lastsuggest); 3711 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3712 lastsuggest)) { 3713 if (debug) 3714 log(-1, " [random]"); 3715 sppp_gen_ip6_addr(sp, &suggestaddr); 3716 } 3717 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3718 if (debug) 3719 log(-1, " [agree]"); 3720 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3721 } 3722#else 3723 /* 3724 * Since we do not do dynamic address assignment, 3725 * we ignore it and thus continue to negotiate 3726 * our already existing value. This can possibly 3727 * go into infinite request-reject loop. 3728 * 3729 * This is not likely because we normally use 3730 * ifid based on MAC-address. 3731 * If you have no ethernet card on the node, too bad. 3732 * XXX should we use fail_counter? 3733 */ 3734#endif 3735 break; 3736#ifdef notyet 3737 case IPV6CP_OPT_COMPRESS: 3738 /* 3739 * Peer wants different compression parameters. 3740 */ 3741 break; 3742#endif 3743 } 3744 } 3745 if (debug) 3746 log(-1, "\n"); 3747 free (buf, M_TEMP); 3748 return; 3749} 3750static void 3751sppp_ipv6cp_tlu(struct sppp *sp) 3752{ 3753 /* we are up - notify isdn daemon */ 3754 if (sp->pp_con) 3755 sp->pp_con(sp); 3756} 3757 3758static void 3759sppp_ipv6cp_tld(struct sppp *sp) 3760{ 3761} 3762 3763static void 3764sppp_ipv6cp_tls(struct sppp *sp) 3765{ 3766 /* indicate to LCP that it must stay alive */ 3767 sp->lcp.protos |= (1 << IDX_IPV6CP); 3768} 3769 3770static void 3771sppp_ipv6cp_tlf(struct sppp *sp) 3772{ 3773 3774#if 0 /* need #if 0 to close IPv6CP properly */ 3775 /* we no longer need LCP */ 3776 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3777 sppp_lcp_check_and_close(sp); 3778#endif 3779} 3780 3781static void 3782sppp_ipv6cp_scr(struct sppp *sp) 3783{ 3784 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3785 struct in6_addr ouraddr; 3786 int i = 0; 3787 3788 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3789 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3790 opt[i++] = IPV6CP_OPT_IFID; 3791 opt[i++] = 10; 3792 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3793 i += 8; 3794 } 3795 3796#ifdef notyet 3797 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3798 opt[i++] = IPV6CP_OPT_COMPRESSION; 3799 opt[i++] = 4; 3800 opt[i++] = 0; /* TBD */ 3801 opt[i++] = 0; /* TBD */ 3802 /* variable length data may follow */ 3803 } 3804#endif 3805 3806 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3807 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3808} 3809#else /*INET6*/ 3810static void sppp_ipv6cp_init(struct sppp *sp) 3811{ 3812} 3813 3814static void sppp_ipv6cp_up(struct sppp *sp) 3815{ 3816} 3817 3818static void sppp_ipv6cp_down(struct sppp *sp) 3819{ 3820} 3821 3822 3823static void sppp_ipv6cp_open(struct sppp *sp) 3824{ 3825} 3826 3827static void sppp_ipv6cp_close(struct sppp *sp) 3828{ 3829} 3830 3831static void sppp_ipv6cp_TO(void *sp) 3832{ 3833} 3834 3835static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3836{ 3837 return 0; 3838} 3839 3840static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3841{ 3842} 3843 3844static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3845{ 3846} 3847 3848static void sppp_ipv6cp_tlu(struct sppp *sp) 3849{ 3850} 3851 3852static void sppp_ipv6cp_tld(struct sppp *sp) 3853{ 3854} 3855 3856static void sppp_ipv6cp_tls(struct sppp *sp) 3857{ 3858} 3859 3860static void sppp_ipv6cp_tlf(struct sppp *sp) 3861{ 3862} 3863 3864static void sppp_ipv6cp_scr(struct sppp *sp) 3865{ 3866} 3867#endif /*INET6*/ 3868 3869/* 3870 *--------------------------------------------------------------------------* 3871 * * 3872 * The CHAP implementation. * 3873 * * 3874 *--------------------------------------------------------------------------* 3875 */ 3876 3877/* 3878 * The authentication protocols don't employ a full-fledged state machine as 3879 * the control protocols do, since they do have Open and Close events, but 3880 * not Up and Down, nor are they explicitly terminated. Also, use of the 3881 * authentication protocols may be different in both directions (this makes 3882 * sense, think of a machine that never accepts incoming calls but only 3883 * calls out, it doesn't require the called party to authenticate itself). 3884 * 3885 * Our state machine for the local authentication protocol (we are requesting 3886 * the peer to authenticate) looks like: 3887 * 3888 * RCA- 3889 * +--------------------------------------------+ 3890 * V scn,tld| 3891 * +--------+ Close +---------+ RCA+ 3892 * | |<----------------------------------| |------+ 3893 * +--->| Closed | TO* | Opened | sca | 3894 * | | |-----+ +-------| |<-----+ 3895 * | +--------+ irc | | +---------+ 3896 * | ^ | | ^ 3897 * | | | | | 3898 * | | | | | 3899 * | TO-| | | | 3900 * | |tld TO+ V | | 3901 * | | +------->+ | | 3902 * | | | | | | 3903 * | +--------+ V | | 3904 * | | |<----+<--------------------+ | 3905 * | | Req- | scr | 3906 * | | Sent | | 3907 * | | | | 3908 * | +--------+ | 3909 * | RCA- | | RCA+ | 3910 * +------+ +------------------------------------------+ 3911 * scn,tld sca,irc,ict,tlu 3912 * 3913 * 3914 * with: 3915 * 3916 * Open: LCP reached authentication phase 3917 * Close: LCP reached terminate phase 3918 * 3919 * RCA+: received reply (pap-req, chap-response), acceptable 3920 * RCN: received reply (pap-req, chap-response), not acceptable 3921 * TO+: timeout with restart counter >= 0 3922 * TO-: timeout with restart counter < 0 3923 * TO*: reschedule timeout for CHAP 3924 * 3925 * scr: send request packet (none for PAP, chap-challenge) 3926 * sca: send ack packet (pap-ack, chap-success) 3927 * scn: send nak packet (pap-nak, chap-failure) 3928 * ict: initialize re-challenge timer (CHAP only) 3929 * 3930 * tlu: this-layer-up, LCP reaches network phase 3931 * tld: this-layer-down, LCP enters terminate phase 3932 * 3933 * Note that in CHAP mode, after sending a new challenge, while the state 3934 * automaton falls back into Req-Sent state, it doesn't signal a tld 3935 * event to LCP, so LCP remains in network phase. Only after not getting 3936 * any response (or after getting an unacceptable response), CHAP closes, 3937 * causing LCP to enter terminate phase. 3938 * 3939 * With PAP, there is no initial request that can be sent. The peer is 3940 * expected to send one based on the successful negotiation of PAP as 3941 * the authentication protocol during the LCP option negotiation. 3942 * 3943 * Incoming authentication protocol requests (remote requests 3944 * authentication, we are peer) don't employ a state machine at all, 3945 * they are simply answered. Some peers [Ascend P50 firmware rev 3946 * 4.50] react allergically when sending IPCP requests while they are 3947 * still in authentication phase (thereby violating the standard that 3948 * demands that these NCP packets are to be discarded), so we keep 3949 * track of the peer demanding us to authenticate, and only proceed to 3950 * phase network once we've seen a positive acknowledge for the 3951 * authentication. 3952 */ 3953 3954/* 3955 * Handle incoming CHAP packets. 3956 */ 3957static void 3958sppp_chap_input(struct sppp *sp, struct mbuf *m) 3959{ 3960 STDDCL; 3961 struct lcp_header *h; 3962 int len, x; 3963 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3964 int value_len, name_len; 3965 MD5_CTX ctx; 3966 3967 len = m->m_pkthdr.len; 3968 if (len < 4) { 3969 if (debug) 3970 log(LOG_DEBUG, 3971 SPP_FMT "chap invalid packet length: %d bytes\n", 3972 SPP_ARGS(ifp), len); 3973 return; 3974 } 3975 h = mtod (m, struct lcp_header*); 3976 if (len > ntohs (h->len)) 3977 len = ntohs (h->len); 3978 3979 switch (h->type) { 3980 /* challenge, failure and success are his authproto */ 3981 case CHAP_CHALLENGE: 3982 value = 1 + (u_char*)(h+1); 3983 value_len = value[-1]; 3984 name = value + value_len; 3985 name_len = len - value_len - 5; 3986 if (name_len < 0) { 3987 if (debug) { 3988 log(LOG_DEBUG, 3989 SPP_FMT "chap corrupted challenge " 3990 "<%s id=0x%x len=%d", 3991 SPP_ARGS(ifp), 3992 sppp_auth_type_name(PPP_CHAP, h->type), 3993 h->ident, ntohs(h->len)); 3994 sppp_print_bytes((u_char*) (h+1), len-4); 3995 log(-1, ">\n"); 3996 } 3997 break; 3998 } 3999 4000 if (debug) { 4001 log(LOG_DEBUG, 4002 SPP_FMT "chap input <%s id=0x%x len=%d name=", 4003 SPP_ARGS(ifp), 4004 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 4005 ntohs(h->len)); 4006 sppp_print_string((char*) name, name_len); 4007 log(-1, " value-size=%d value=", value_len); 4008 sppp_print_bytes(value, value_len); 4009 log(-1, ">\n"); 4010 } 4011 4012 /* Compute reply value. */ 4013 MD5Init(&ctx); 4014 MD5Update(&ctx, &h->ident, 1); 4015 MD5Update(&ctx, sp->myauth.secret, 4016 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 4017 MD5Update(&ctx, value, value_len); 4018 MD5Final(digest, &ctx); 4019 dsize = sizeof digest; 4020 4021 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 4022 sizeof dsize, (const char *)&dsize, 4023 sizeof digest, digest, 4024 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4025 sp->myauth.name, 4026 0); 4027 break; 4028 4029 case CHAP_SUCCESS: 4030 if (debug) { 4031 log(LOG_DEBUG, SPP_FMT "chap success", 4032 SPP_ARGS(ifp)); 4033 if (len > 4) { 4034 log(-1, ": "); 4035 sppp_print_string((char*)(h + 1), len - 4); 4036 } 4037 log(-1, "\n"); 4038 } 4039 x = splimp(); 4040 SPPP_LOCK(sp); 4041 sp->pp_flags &= ~PP_NEEDAUTH; 4042 if (sp->myauth.proto == PPP_CHAP && 4043 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4044 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 4045 /* 4046 * We are authenticator for CHAP but didn't 4047 * complete yet. Leave it to tlu to proceed 4048 * to network phase. 4049 */ 4050 SPPP_UNLOCK(sp); 4051 splx(x); 4052 break; 4053 } 4054 SPPP_UNLOCK(sp); 4055 splx(x); 4056 sppp_phase_network(sp); 4057 break; 4058 4059 case CHAP_FAILURE: 4060 if (debug) { 4061 log(LOG_INFO, SPP_FMT "chap failure", 4062 SPP_ARGS(ifp)); 4063 if (len > 4) { 4064 log(-1, ": "); 4065 sppp_print_string((char*)(h + 1), len - 4); 4066 } 4067 log(-1, "\n"); 4068 } else 4069 log(LOG_INFO, SPP_FMT "chap failure\n", 4070 SPP_ARGS(ifp)); 4071 /* await LCP shutdown by authenticator */ 4072 break; 4073 4074 /* response is my authproto */ 4075 case CHAP_RESPONSE: 4076 value = 1 + (u_char*)(h+1); 4077 value_len = value[-1]; 4078 name = value + value_len; 4079 name_len = len - value_len - 5; 4080 if (name_len < 0) { 4081 if (debug) { 4082 log(LOG_DEBUG, 4083 SPP_FMT "chap corrupted response " 4084 "<%s id=0x%x len=%d", 4085 SPP_ARGS(ifp), 4086 sppp_auth_type_name(PPP_CHAP, h->type), 4087 h->ident, ntohs(h->len)); 4088 sppp_print_bytes((u_char*)(h+1), len-4); 4089 log(-1, ">\n"); 4090 } 4091 break; 4092 } 4093 if (h->ident != sp->confid[IDX_CHAP]) { 4094 if (debug) 4095 log(LOG_DEBUG, 4096 SPP_FMT "chap dropping response for old ID " 4097 "(got %d, expected %d)\n", 4098 SPP_ARGS(ifp), 4099 h->ident, sp->confid[IDX_CHAP]); 4100 break; 4101 } 4102 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 4103 || bcmp(name, sp->hisauth.name, name_len) != 0) { 4104 log(LOG_INFO, SPP_FMT "chap response, his name ", 4105 SPP_ARGS(ifp)); 4106 sppp_print_string(name, name_len); 4107 log(-1, " != expected "); 4108 sppp_print_string(sp->hisauth.name, 4109 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 4110 log(-1, "\n"); 4111 } 4112 if (debug) { 4113 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 4114 "<%s id=0x%x len=%d name=", 4115 SPP_ARGS(ifp), 4116 sppp_state_name(sp->state[IDX_CHAP]), 4117 sppp_auth_type_name(PPP_CHAP, h->type), 4118 h->ident, ntohs (h->len)); 4119 sppp_print_string((char*)name, name_len); 4120 log(-1, " value-size=%d value=", value_len); 4121 sppp_print_bytes(value, value_len); 4122 log(-1, ">\n"); 4123 } 4124 if (value_len != AUTHKEYLEN) { 4125 if (debug) 4126 log(LOG_DEBUG, 4127 SPP_FMT "chap bad hash value length: " 4128 "%d bytes, should be %d\n", 4129 SPP_ARGS(ifp), value_len, 4130 AUTHKEYLEN); 4131 break; 4132 } 4133 4134 MD5Init(&ctx); 4135 MD5Update(&ctx, &h->ident, 1); 4136 MD5Update(&ctx, sp->hisauth.secret, 4137 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 4138 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 4139 MD5Final(digest, &ctx); 4140 4141#define FAILMSG "Failed..." 4142#define SUCCMSG "Welcome!" 4143 4144 if (value_len != sizeof digest || 4145 bcmp(digest, value, value_len) != 0) { 4146 /* action scn, tld */ 4147 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4148 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4149 0); 4150 chap.tld(sp); 4151 break; 4152 } 4153 /* action sca, perhaps tlu */ 4154 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4155 sp->state[IDX_CHAP] == STATE_OPENED) 4156 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4157 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4158 0); 4159 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4160 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4161 chap.tlu(sp); 4162 } 4163 break; 4164 4165 default: 4166 /* Unknown CHAP packet type -- ignore. */ 4167 if (debug) { 4168 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4169 "<0x%x id=0x%xh len=%d", 4170 SPP_ARGS(ifp), 4171 sppp_state_name(sp->state[IDX_CHAP]), 4172 h->type, h->ident, ntohs(h->len)); 4173 sppp_print_bytes((u_char*)(h+1), len-4); 4174 log(-1, ">\n"); 4175 } 4176 break; 4177 4178 } 4179} 4180 4181static void 4182sppp_chap_init(struct sppp *sp) 4183{ 4184 /* Chap doesn't have STATE_INITIAL at all. */ 4185 sp->state[IDX_CHAP] = STATE_CLOSED; 4186 sp->fail_counter[IDX_CHAP] = 0; 4187 sp->pp_seq[IDX_CHAP] = 0; 4188 sp->pp_rseq[IDX_CHAP] = 0; 4189 callout_init(&sp->ch[IDX_CHAP], 4190 (sp->pp_if.if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 4191} 4192 4193static void 4194sppp_chap_open(struct sppp *sp) 4195{ 4196 if (sp->myauth.proto == PPP_CHAP && 4197 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4198 /* we are authenticator for CHAP, start it */ 4199 chap.scr(sp); 4200 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4201 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4202 } 4203 /* nothing to be done if we are peer, await a challenge */ 4204} 4205 4206static void 4207sppp_chap_close(struct sppp *sp) 4208{ 4209 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4210 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4211} 4212 4213static void 4214sppp_chap_TO(void *cookie) 4215{ 4216 struct sppp *sp = (struct sppp *)cookie; 4217 STDDCL; 4218 int s; 4219 4220 s = splimp(); 4221 SPPP_LOCK(sp); 4222 if (debug) 4223 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4224 SPP_ARGS(ifp), 4225 sppp_state_name(sp->state[IDX_CHAP]), 4226 sp->rst_counter[IDX_CHAP]); 4227 4228 if (--sp->rst_counter[IDX_CHAP] < 0) 4229 /* TO- event */ 4230 switch (sp->state[IDX_CHAP]) { 4231 case STATE_REQ_SENT: 4232 chap.tld(sp); 4233 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4234 break; 4235 } 4236 else 4237 /* TO+ (or TO*) event */ 4238 switch (sp->state[IDX_CHAP]) { 4239 case STATE_OPENED: 4240 /* TO* event */ 4241 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4242 /* FALLTHROUGH */ 4243 case STATE_REQ_SENT: 4244 chap.scr(sp); 4245 /* sppp_cp_change_state() will restart the timer */ 4246 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4247 break; 4248 } 4249 4250 SPPP_UNLOCK(sp); 4251 splx(s); 4252} 4253 4254static void 4255sppp_chap_tlu(struct sppp *sp) 4256{ 4257 STDDCL; 4258 int i, x; 4259 4260 i = 0; 4261 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4262 4263 /* 4264 * Some broken CHAP implementations (Conware CoNet, firmware 4265 * 4.0.?) don't want to re-authenticate their CHAP once the 4266 * initial challenge-response exchange has taken place. 4267 * Provide for an option to avoid rechallenges. 4268 */ 4269 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4270 /* 4271 * Compute the re-challenge timeout. This will yield 4272 * a number between 300 and 810 seconds. 4273 */ 4274 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4275 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, (void *)sp); 4276 } 4277 4278 if (debug) { 4279 log(LOG_DEBUG, 4280 SPP_FMT "chap %s, ", 4281 SPP_ARGS(ifp), 4282 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4283 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4284 log(-1, "next re-challenge in %d seconds\n", i); 4285 else 4286 log(-1, "re-challenging supressed\n"); 4287 } 4288 4289 x = splimp(); 4290 SPPP_LOCK(sp); 4291 /* indicate to LCP that we need to be closed down */ 4292 sp->lcp.protos |= (1 << IDX_CHAP); 4293 4294 if (sp->pp_flags & PP_NEEDAUTH) { 4295 /* 4296 * Remote is authenticator, but his auth proto didn't 4297 * complete yet. Defer the transition to network 4298 * phase. 4299 */ 4300 SPPP_UNLOCK(sp); 4301 splx(x); 4302 return; 4303 } 4304 SPPP_UNLOCK(sp); 4305 splx(x); 4306 4307 /* 4308 * If we are already in phase network, we are done here. This 4309 * is the case if this is a dummy tlu event after a re-challenge. 4310 */ 4311 if (sp->pp_phase != PHASE_NETWORK) 4312 sppp_phase_network(sp); 4313} 4314 4315static void 4316sppp_chap_tld(struct sppp *sp) 4317{ 4318 STDDCL; 4319 4320 if (debug) 4321 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4322 callout_stop(&sp->ch[IDX_CHAP]); 4323 sp->lcp.protos &= ~(1 << IDX_CHAP); 4324 4325 lcp.Close(sp); 4326} 4327 4328static void 4329sppp_chap_scr(struct sppp *sp) 4330{ 4331 u_long *ch, seed; 4332 u_char clen; 4333 4334 /* Compute random challenge. */ 4335 ch = (u_long *)sp->myauth.challenge; 4336#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4337 read_random(&seed, sizeof seed); 4338#else 4339 { 4340 struct timeval tv; 4341 microtime(&tv); 4342 seed = tv.tv_sec ^ tv.tv_usec; 4343 } 4344#endif 4345 ch[0] = seed ^ random(); 4346 ch[1] = seed ^ random(); 4347 ch[2] = seed ^ random(); 4348 ch[3] = seed ^ random(); 4349 clen = AUTHKEYLEN; 4350 4351 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4352 4353 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4354 sizeof clen, (const char *)&clen, 4355 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4356 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4357 sp->myauth.name, 4358 0); 4359} 4360 4361/* 4362 *--------------------------------------------------------------------------* 4363 * * 4364 * The PAP implementation. * 4365 * * 4366 *--------------------------------------------------------------------------* 4367 */ 4368/* 4369 * For PAP, we need to keep a little state also if we are the peer, not the 4370 * authenticator. This is since we don't get a request to authenticate, but 4371 * have to repeatedly authenticate ourself until we got a response (or the 4372 * retry counter is expired). 4373 */ 4374 4375/* 4376 * Handle incoming PAP packets. */ 4377static void 4378sppp_pap_input(struct sppp *sp, struct mbuf *m) 4379{ 4380 STDDCL; 4381 struct lcp_header *h; 4382 int len, x; 4383 u_char *name, *passwd, mlen; 4384 int name_len, passwd_len; 4385 4386 len = m->m_pkthdr.len; 4387 if (len < 5) { 4388 if (debug) 4389 log(LOG_DEBUG, 4390 SPP_FMT "pap invalid packet length: %d bytes\n", 4391 SPP_ARGS(ifp), len); 4392 return; 4393 } 4394 h = mtod (m, struct lcp_header*); 4395 if (len > ntohs (h->len)) 4396 len = ntohs (h->len); 4397 switch (h->type) { 4398 /* PAP request is my authproto */ 4399 case PAP_REQ: 4400 name = 1 + (u_char*)(h+1); 4401 name_len = name[-1]; 4402 passwd = name + name_len + 1; 4403 if (name_len > len - 6 || 4404 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4405 if (debug) { 4406 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4407 "<%s id=0x%x len=%d", 4408 SPP_ARGS(ifp), 4409 sppp_auth_type_name(PPP_PAP, h->type), 4410 h->ident, ntohs(h->len)); 4411 sppp_print_bytes((u_char*)(h+1), len-4); 4412 log(-1, ">\n"); 4413 } 4414 break; 4415 } 4416 if (debug) { 4417 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4418 "<%s id=0x%x len=%d name=", 4419 SPP_ARGS(ifp), 4420 sppp_state_name(sp->state[IDX_PAP]), 4421 sppp_auth_type_name(PPP_PAP, h->type), 4422 h->ident, ntohs(h->len)); 4423 sppp_print_string((char*)name, name_len); 4424 log(-1, " passwd="); 4425 sppp_print_string((char*)passwd, passwd_len); 4426 log(-1, ">\n"); 4427 } 4428 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4429 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4430 bcmp(name, sp->hisauth.name, name_len) != 0 || 4431 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4432 /* action scn, tld */ 4433 mlen = sizeof(FAILMSG) - 1; 4434 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4435 sizeof mlen, (const char *)&mlen, 4436 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4437 0); 4438 pap.tld(sp); 4439 break; 4440 } 4441 /* action sca, perhaps tlu */ 4442 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4443 sp->state[IDX_PAP] == STATE_OPENED) { 4444 mlen = sizeof(SUCCMSG) - 1; 4445 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4446 sizeof mlen, (const char *)&mlen, 4447 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4448 0); 4449 } 4450 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4451 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4452 pap.tlu(sp); 4453 } 4454 break; 4455 4456 /* ack and nak are his authproto */ 4457 case PAP_ACK: 4458 callout_stop(&sp->pap_my_to_ch); 4459 if (debug) { 4460 log(LOG_DEBUG, SPP_FMT "pap success", 4461 SPP_ARGS(ifp)); 4462 name_len = *((char *)h); 4463 if (len > 5 && name_len) { 4464 log(-1, ": "); 4465 sppp_print_string((char*)(h+1), name_len); 4466 } 4467 log(-1, "\n"); 4468 } 4469 x = splimp(); 4470 SPPP_LOCK(sp); 4471 sp->pp_flags &= ~PP_NEEDAUTH; 4472 if (sp->myauth.proto == PPP_PAP && 4473 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4474 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4475 /* 4476 * We are authenticator for PAP but didn't 4477 * complete yet. Leave it to tlu to proceed 4478 * to network phase. 4479 */ 4480 SPPP_UNLOCK(sp); 4481 splx(x); 4482 break; 4483 } 4484 SPPP_UNLOCK(sp); 4485 splx(x); 4486 sppp_phase_network(sp); 4487 break; 4488 4489 case PAP_NAK: 4490 callout_stop (&sp->pap_my_to_ch); 4491 if (debug) { 4492 log(LOG_INFO, SPP_FMT "pap failure", 4493 SPP_ARGS(ifp)); 4494 name_len = *((char *)h); 4495 if (len > 5 && name_len) { 4496 log(-1, ": "); 4497 sppp_print_string((char*)(h+1), name_len); 4498 } 4499 log(-1, "\n"); 4500 } else 4501 log(LOG_INFO, SPP_FMT "pap failure\n", 4502 SPP_ARGS(ifp)); 4503 /* await LCP shutdown by authenticator */ 4504 break; 4505 4506 default: 4507 /* Unknown PAP packet type -- ignore. */ 4508 if (debug) { 4509 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4510 "<0x%x id=0x%x len=%d", 4511 SPP_ARGS(ifp), 4512 h->type, h->ident, ntohs(h->len)); 4513 sppp_print_bytes((u_char*)(h+1), len-4); 4514 log(-1, ">\n"); 4515 } 4516 break; 4517 4518 } 4519} 4520 4521static void 4522sppp_pap_init(struct sppp *sp) 4523{ 4524 /* PAP doesn't have STATE_INITIAL at all. */ 4525 sp->state[IDX_PAP] = STATE_CLOSED; 4526 sp->fail_counter[IDX_PAP] = 0; 4527 sp->pp_seq[IDX_PAP] = 0; 4528 sp->pp_rseq[IDX_PAP] = 0; 4529 callout_init(&sp->ch[IDX_PAP], 4530 (sp->pp_if.if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 4531 callout_init(&sp->pap_my_to_ch, 4532 (sp->pp_if.if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 4533} 4534 4535static void 4536sppp_pap_open(struct sppp *sp) 4537{ 4538 if (sp->hisauth.proto == PPP_PAP && 4539 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4540 /* we are authenticator for PAP, start our timer */ 4541 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4542 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4543 } 4544 if (sp->myauth.proto == PPP_PAP) { 4545 /* we are peer, send a request, and start a timer */ 4546 pap.scr(sp); 4547 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 4548 sppp_pap_my_TO, (void *)sp); 4549 } 4550} 4551 4552static void 4553sppp_pap_close(struct sppp *sp) 4554{ 4555 if (sp->state[IDX_PAP] != STATE_CLOSED) 4556 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4557} 4558 4559/* 4560 * That's the timeout routine if we are authenticator. Since the 4561 * authenticator is basically passive in PAP, we can't do much here. 4562 */ 4563static void 4564sppp_pap_TO(void *cookie) 4565{ 4566 struct sppp *sp = (struct sppp *)cookie; 4567 STDDCL; 4568 int s; 4569 4570 s = splimp(); 4571 SPPP_LOCK(sp); 4572 if (debug) 4573 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4574 SPP_ARGS(ifp), 4575 sppp_state_name(sp->state[IDX_PAP]), 4576 sp->rst_counter[IDX_PAP]); 4577 4578 if (--sp->rst_counter[IDX_PAP] < 0) 4579 /* TO- event */ 4580 switch (sp->state[IDX_PAP]) { 4581 case STATE_REQ_SENT: 4582 pap.tld(sp); 4583 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4584 break; 4585 } 4586 else 4587 /* TO+ event, not very much we could do */ 4588 switch (sp->state[IDX_PAP]) { 4589 case STATE_REQ_SENT: 4590 /* sppp_cp_change_state() will restart the timer */ 4591 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4592 break; 4593 } 4594 4595 SPPP_UNLOCK(sp); 4596 splx(s); 4597} 4598 4599/* 4600 * That's the timeout handler if we are peer. Since the peer is active, 4601 * we need to retransmit our PAP request since it is apparently lost. 4602 * XXX We should impose a max counter. 4603 */ 4604static void 4605sppp_pap_my_TO(void *cookie) 4606{ 4607 struct sppp *sp = (struct sppp *)cookie; 4608 STDDCL; 4609 4610 if (debug) 4611 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4612 SPP_ARGS(ifp)); 4613 4614 SPPP_LOCK(sp); 4615 pap.scr(sp); 4616 SPPP_UNLOCK(sp); 4617} 4618 4619static void 4620sppp_pap_tlu(struct sppp *sp) 4621{ 4622 STDDCL; 4623 int x; 4624 4625 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4626 4627 if (debug) 4628 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4629 SPP_ARGS(ifp), pap.name); 4630 4631 x = splimp(); 4632 SPPP_LOCK(sp); 4633 /* indicate to LCP that we need to be closed down */ 4634 sp->lcp.protos |= (1 << IDX_PAP); 4635 4636 if (sp->pp_flags & PP_NEEDAUTH) { 4637 /* 4638 * Remote is authenticator, but his auth proto didn't 4639 * complete yet. Defer the transition to network 4640 * phase. 4641 */ 4642 SPPP_UNLOCK(sp); 4643 splx(x); 4644 return; 4645 } 4646 SPPP_UNLOCK(sp); 4647 splx(x); 4648 sppp_phase_network(sp); 4649} 4650 4651static void 4652sppp_pap_tld(struct sppp *sp) 4653{ 4654 STDDCL; 4655 4656 if (debug) 4657 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4658 callout_stop (&sp->ch[IDX_PAP]); 4659 callout_stop (&sp->pap_my_to_ch); 4660 sp->lcp.protos &= ~(1 << IDX_PAP); 4661 4662 lcp.Close(sp); 4663} 4664 4665static void 4666sppp_pap_scr(struct sppp *sp) 4667{ 4668 u_char idlen, pwdlen; 4669 4670 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4671 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4672 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4673 4674 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4675 sizeof idlen, (const char *)&idlen, 4676 (size_t)idlen, sp->myauth.name, 4677 sizeof pwdlen, (const char *)&pwdlen, 4678 (size_t)pwdlen, sp->myauth.secret, 4679 0); 4680} 4681 4682/* 4683 * Random miscellaneous functions. 4684 */ 4685 4686/* 4687 * Send a PAP or CHAP proto packet. 4688 * 4689 * Varadic function, each of the elements for the ellipsis is of type 4690 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4691 * mlen == 0. 4692 * NOTE: never declare variadic functions with types subject to type 4693 * promotion (i.e. u_char). This is asking for big trouble depending 4694 * on the architecture you are on... 4695 */ 4696 4697static void 4698sppp_auth_send(const struct cp *cp, struct sppp *sp, 4699 unsigned int type, unsigned int id, 4700 ...) 4701{ 4702 STDDCL; 4703 struct ppp_header *h; 4704 struct lcp_header *lh; 4705 struct mbuf *m; 4706 u_char *p; 4707 int len; 4708 unsigned int mlen; 4709 const char *msg; 4710 va_list ap; 4711 4712 MGETHDR (m, M_DONTWAIT, MT_DATA); 4713 if (! m) 4714 return; 4715 m->m_pkthdr.rcvif = 0; 4716 4717 h = mtod (m, struct ppp_header*); 4718 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4719 h->control = PPP_UI; /* Unnumbered Info */ 4720 h->protocol = htons(cp->proto); 4721 4722 lh = (struct lcp_header*)(h + 1); 4723 lh->type = type; 4724 lh->ident = id; 4725 p = (u_char*) (lh+1); 4726 4727 va_start(ap, id); 4728 len = 0; 4729 4730 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4731 msg = va_arg(ap, const char *); 4732 len += mlen; 4733 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4734 va_end(ap); 4735 m_freem(m); 4736 return; 4737 } 4738 4739 bcopy(msg, p, mlen); 4740 p += mlen; 4741 } 4742 va_end(ap); 4743 4744 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4745 lh->len = htons (LCP_HEADER_LEN + len); 4746 4747 if (debug) { 4748 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4749 SPP_ARGS(ifp), cp->name, 4750 sppp_auth_type_name(cp->proto, lh->type), 4751 lh->ident, ntohs(lh->len)); 4752 sppp_print_bytes((u_char*) (lh+1), len); 4753 log(-1, ">\n"); 4754 } 4755 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 4756 ifp->if_oerrors++; 4757} 4758 4759/* 4760 * Flush interface queue. 4761 */ 4762static void 4763sppp_qflush(struct ifqueue *ifq) 4764{ 4765 struct mbuf *m, *n; 4766 4767 n = ifq->ifq_head; 4768 while ((m = n)) { 4769 n = m->m_act; 4770 m_freem (m); 4771 } 4772 ifq->ifq_head = 0; 4773 ifq->ifq_tail = 0; 4774 ifq->ifq_len = 0; 4775} 4776 4777/* 4778 * Send keepalive packets, every 10 seconds. 4779 */ 4780static void 4781sppp_keepalive(void *dummy) 4782{ 4783 struct sppp *sp = (struct sppp*)dummy; 4784 struct ifnet *ifp = &sp->pp_if; 4785 int s; 4786 4787 s = splimp(); 4788 SPPP_LOCK(sp); 4789 /* Keepalive mode disabled or channel down? */ 4790 if (! (sp->pp_flags & PP_KEEPALIVE) || 4791 ! (ifp->if_flags & IFF_RUNNING)) 4792 goto out; 4793 4794 if (sp->pp_mode == PP_FR) { 4795 sppp_fr_keepalive (sp); 4796 goto out; 4797 } 4798 4799 /* No keepalive in PPP mode if LCP not opened yet. */ 4800 if (sp->pp_mode != IFF_CISCO && 4801 sp->pp_phase < PHASE_AUTHENTICATE) 4802 goto out; 4803 4804 if (sp->pp_alivecnt == MAXALIVECNT) { 4805 /* No keepalive packets got. Stop the interface. */ 4806 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4807 if_down (ifp); 4808 sppp_qflush (&sp->pp_cpq); 4809 if (sp->pp_mode != IFF_CISCO) { 4810 /* XXX */ 4811 /* Shut down the PPP link. */ 4812 lcp.Down(sp); 4813 /* Initiate negotiation. XXX */ 4814 lcp.Up(sp); 4815 } 4816 } 4817 if (sp->pp_alivecnt <= MAXALIVECNT) 4818 ++sp->pp_alivecnt; 4819 if (sp->pp_mode == IFF_CISCO) 4820 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4821 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4822 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4823 long nmagic = htonl (sp->lcp.magic); 4824 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4825 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4826 sp->lcp.echoid, 4, &nmagic); 4827 } 4828out: 4829 SPPP_UNLOCK(sp); 4830 splx(s); 4831 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 4832 (void *)sp); 4833} 4834 4835/* 4836 * Get both IP addresses. 4837 */ 4838void 4839sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4840{ 4841 struct ifnet *ifp = &sp->pp_if; 4842 struct ifaddr *ifa; 4843 struct sockaddr_in *si, *sm; 4844 u_long ssrc, ddst; 4845 4846 sm = NULL; 4847 ssrc = ddst = 0L; 4848 /* 4849 * Pick the first AF_INET address from the list, 4850 * aliases don't make any sense on a p2p link anyway. 4851 */ 4852 si = 0; 4853#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4854 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4855#elif defined(__NetBSD__) || defined (__OpenBSD__) 4856 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4857 ifa; 4858 ifa = TAILQ_NEXT(ifa, ifa_list)) 4859#else 4860 for (ifa = ifp->if_addrlist; 4861 ifa; 4862 ifa = ifa->ifa_next) 4863#endif 4864 if (ifa->ifa_addr->sa_family == AF_INET) { 4865 si = (struct sockaddr_in *)ifa->ifa_addr; 4866 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4867 if (si) 4868 break; 4869 } 4870 if (ifa) { 4871 if (si && si->sin_addr.s_addr) { 4872 ssrc = si->sin_addr.s_addr; 4873 if (srcmask) 4874 *srcmask = ntohl(sm->sin_addr.s_addr); 4875 } 4876 4877 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4878 if (si && si->sin_addr.s_addr) 4879 ddst = si->sin_addr.s_addr; 4880 } 4881 4882 if (dst) *dst = ntohl(ddst); 4883 if (src) *src = ntohl(ssrc); 4884} 4885 4886/* 4887 * Set my IP address. Must be called at splimp. 4888 */ 4889static void 4890sppp_set_ip_addr(struct sppp *sp, u_long src) 4891{ 4892 STDDCL; 4893 struct ifaddr *ifa; 4894 struct sockaddr_in *si; 4895 struct in_ifaddr *ia; 4896 4897 /* 4898 * Pick the first AF_INET address from the list, 4899 * aliases don't make any sense on a p2p link anyway. 4900 */ 4901 si = 0; 4902#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4903 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4904#elif defined(__NetBSD__) || defined (__OpenBSD__) 4905 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4906 ifa; 4907 ifa = TAILQ_NEXT(ifa, ifa_list)) 4908#else 4909 for (ifa = ifp->if_addrlist; 4910 ifa; 4911 ifa = ifa->ifa_next) 4912#endif 4913 { 4914 if (ifa->ifa_addr->sa_family == AF_INET) 4915 { 4916 si = (struct sockaddr_in *)ifa->ifa_addr; 4917 if (si) 4918 break; 4919 } 4920 } 4921 4922 if (ifa && si) 4923 { 4924 int error; 4925#if __NetBSD_Version__ >= 103080000 4926 struct sockaddr_in new_sin = *si; 4927 4928 new_sin.sin_addr.s_addr = htonl(src); 4929 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4930 if(debug && error) 4931 { 4932 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4933 " failed, error=%d\n", SPP_ARGS(ifp), error); 4934 } 4935#else 4936 /* delete old route */ 4937 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4938 if(debug && error) 4939 { 4940 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4941 SPP_ARGS(ifp), error); 4942 } 4943 4944 /* set new address */ 4945 si->sin_addr.s_addr = htonl(src); 4946 ia = ifatoia(ifa); 4947 LIST_REMOVE(ia, ia_hash); 4948 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4949 4950 /* add new route */ 4951 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4952 if (debug && error) 4953 { 4954 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4955 SPP_ARGS(ifp), error); 4956 } 4957#endif 4958 } 4959} 4960 4961#ifdef INET6 4962/* 4963 * Get both IPv6 addresses. 4964 */ 4965static void 4966sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4967 struct in6_addr *srcmask) 4968{ 4969 struct ifnet *ifp = &sp->pp_if; 4970 struct ifaddr *ifa; 4971 struct sockaddr_in6 *si, *sm; 4972 struct in6_addr ssrc, ddst; 4973 4974 sm = NULL; 4975 bzero(&ssrc, sizeof(ssrc)); 4976 bzero(&ddst, sizeof(ddst)); 4977 /* 4978 * Pick the first link-local AF_INET6 address from the list, 4979 * aliases don't make any sense on a p2p link anyway. 4980 */ 4981#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4982 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 4983 ifa; 4984 ifa = ifa->ifa_link.tqe_next) 4985#elif defined(__NetBSD__) || defined (__OpenBSD__) 4986 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 4987 ifa; 4988 ifa = ifa->ifa_list.tqe_next) 4989#else 4990 for (ifa = ifp->if_addrlist, si = 0; 4991 ifa; 4992 ifa = ifa->ifa_next) 4993#endif 4994 if (ifa->ifa_addr->sa_family == AF_INET6) { 4995 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4996 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4997 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4998 break; 4999 } 5000 if (ifa) { 5001 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 5002 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 5003 if (srcmask) { 5004 bcopy(&sm->sin6_addr, srcmask, 5005 sizeof(*srcmask)); 5006 } 5007 } 5008 5009 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 5010 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 5011 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 5012 } 5013 5014 if (dst) 5015 bcopy(&ddst, dst, sizeof(*dst)); 5016 if (src) 5017 bcopy(&ssrc, src, sizeof(*src)); 5018} 5019 5020#ifdef IPV6CP_MYIFID_DYN 5021/* 5022 * Generate random ifid. 5023 */ 5024static void 5025sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 5026{ 5027 /* TBD */ 5028} 5029 5030/* 5031 * Set my IPv6 address. Must be called at splimp. 5032 */ 5033static void 5034sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 5035{ 5036 STDDCL; 5037 struct ifaddr *ifa; 5038 struct sockaddr_in6 *sin6; 5039 5040 /* 5041 * Pick the first link-local AF_INET6 address from the list, 5042 * aliases don't make any sense on a p2p link anyway. 5043 */ 5044 5045 sin6 = NULL; 5046#if defined(__FreeBSD__) && __FreeBSD__ >= 3 5047 for (ifa = ifp->if_addrhead.tqh_first; 5048 ifa; 5049 ifa = ifa->ifa_link.tqe_next) 5050#elif defined(__NetBSD__) || defined (__OpenBSD__) 5051 for (ifa = ifp->if_addrlist.tqh_first; 5052 ifa; 5053 ifa = ifa->ifa_list.tqe_next) 5054#else 5055 for (ifa = ifp->if_addrlist; ifa; ifa = ifa->ifa_next) 5056#endif 5057 { 5058 if (ifa->ifa_addr->sa_family == AF_INET6) 5059 { 5060 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 5061 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 5062 break; 5063 } 5064 } 5065 5066 if (ifa && sin6) 5067 { 5068 int error; 5069 struct sockaddr_in6 new_sin6 = *sin6; 5070 5071 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 5072 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 5073 if (debug && error) 5074 { 5075 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 5076 " failed, error=%d\n", SPP_ARGS(ifp), error); 5077 } 5078 } 5079} 5080#endif 5081 5082/* 5083 * Suggest a candidate address to be used by peer. 5084 */ 5085static void 5086sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5087{ 5088 struct in6_addr myaddr; 5089 struct timeval tv; 5090 5091 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5092 5093 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5094 microtime(&tv); 5095 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5096 myaddr.s6_addr[14] ^= 0xff; 5097 myaddr.s6_addr[15] ^= 0xff; 5098 } else { 5099 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5100 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5101 } 5102 if (suggest) 5103 bcopy(&myaddr, suggest, sizeof(myaddr)); 5104} 5105#endif /*INET6*/ 5106 5107static int 5108sppp_params(struct sppp *sp, u_long cmd, void *data) 5109{ 5110 u_long subcmd; 5111 struct ifreq *ifr = (struct ifreq *)data; 5112 struct spppreq *spr; 5113 int rv = 0; 5114 5115 if ((spr = malloc(sizeof(struct spppreq), M_TEMP, M_NOWAIT)) == 0) 5116 return (EAGAIN); 5117 /* 5118 * ifr->ifr_data is supposed to point to a struct spppreq. 5119 * Check the cmd word first before attempting to fetch all the 5120 * data. 5121 */ 5122 if ((subcmd = fuword(ifr->ifr_data)) == -1) { 5123 rv = EFAULT; 5124 goto quit; 5125 } 5126 5127 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(struct spppreq)) != 0) { 5128 rv = EFAULT; 5129 goto quit; 5130 } 5131 5132 switch (subcmd) { 5133 case (int)SPPPIOGDEFS: 5134 if (cmd != SIOCGIFGENERIC) { 5135 rv = EINVAL; 5136 break; 5137 } 5138 /* 5139 * We copy over the entire current state, but clean 5140 * out some of the stuff we don't wanna pass up. 5141 * Remember, SIOCGIFGENERIC is unprotected, and can be 5142 * called by any user. No need to ever get PAP or 5143 * CHAP secrets back to userland anyway. 5144 */ 5145 spr->defs.pp_phase = sp->pp_phase; 5146 spr->defs.enable_vj = (sp->confflags & CONF_ENABLE_VJ) != 0; 5147 spr->defs.enable_ipv6 = (sp->confflags & CONF_ENABLE_IPV6) != 0; 5148 spr->defs.lcp = sp->lcp; 5149 spr->defs.ipcp = sp->ipcp; 5150 spr->defs.ipv6cp = sp->ipv6cp; 5151 spr->defs.myauth = sp->myauth; 5152 spr->defs.hisauth = sp->hisauth; 5153 bzero(spr->defs.myauth.secret, AUTHKEYLEN); 5154 bzero(spr->defs.myauth.challenge, AUTHKEYLEN); 5155 bzero(spr->defs.hisauth.secret, AUTHKEYLEN); 5156 bzero(spr->defs.hisauth.challenge, AUTHKEYLEN); 5157 /* 5158 * Fixup the LCP timeout value to milliseconds so 5159 * spppcontrol doesn't need to bother about the value 5160 * of "hz". We do the reverse calculation below when 5161 * setting it. 5162 */ 5163 spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz; 5164 rv = copyout(spr, (caddr_t)ifr->ifr_data, 5165 sizeof(struct spppreq)); 5166 break; 5167 5168 case (int)SPPPIOSDEFS: 5169 if (cmd != SIOCSIFGENERIC) { 5170 rv = EINVAL; 5171 break; 5172 } 5173 /* 5174 * We have a very specific idea of which fields we 5175 * allow being passed back from userland, so to not 5176 * clobber our current state. For one, we only allow 5177 * setting anything if LCP is in dead or establish 5178 * phase. Once the authentication negotiations 5179 * started, the authentication settings must not be 5180 * changed again. (The administrator can force an 5181 * ifconfig down in order to get LCP back into dead 5182 * phase.) 5183 * 5184 * Also, we only allow for authentication parameters to be 5185 * specified. 5186 * 5187 * XXX Should allow to set or clear pp_flags. 5188 * 5189 * Finally, if the respective authentication protocol to 5190 * be used is set differently than 0, but the secret is 5191 * passed as all zeros, we don't trash the existing secret. 5192 * This allows an administrator to change the system name 5193 * only without clobbering the secret (which he didn't get 5194 * back in a previous SPPPIOGDEFS call). However, the 5195 * secrets are cleared if the authentication protocol is 5196 * reset to 0. */ 5197 if (sp->pp_phase != PHASE_DEAD && 5198 sp->pp_phase != PHASE_ESTABLISH) { 5199 rv = EBUSY; 5200 break; 5201 } 5202 5203 if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP && 5204 spr->defs.myauth.proto != PPP_CHAP) || 5205 (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP && 5206 spr->defs.hisauth.proto != PPP_CHAP)) { 5207 rv = EINVAL; 5208 break; 5209 } 5210 5211 if (spr->defs.myauth.proto == 0) 5212 /* resetting myauth */ 5213 bzero(&sp->myauth, sizeof sp->myauth); 5214 else { 5215 /* setting/changing myauth */ 5216 sp->myauth.proto = spr->defs.myauth.proto; 5217 bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 5218 if (spr->defs.myauth.secret[0] != '\0') 5219 bcopy(spr->defs.myauth.secret, sp->myauth.secret, 5220 AUTHKEYLEN); 5221 } 5222 if (spr->defs.hisauth.proto == 0) 5223 /* resetting hisauth */ 5224 bzero(&sp->hisauth, sizeof sp->hisauth); 5225 else { 5226 /* setting/changing hisauth */ 5227 sp->hisauth.proto = spr->defs.hisauth.proto; 5228 sp->hisauth.flags = spr->defs.hisauth.flags; 5229 bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5230 if (spr->defs.hisauth.secret[0] != '\0') 5231 bcopy(spr->defs.hisauth.secret, sp->hisauth.secret, 5232 AUTHKEYLEN); 5233 } 5234 /* set LCP restart timer timeout */ 5235 if (spr->defs.lcp.timeout != 0) 5236 sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000; 5237 /* set VJ enable and IPv6 disable flags */ 5238#ifdef INET 5239 if (spr->defs.enable_vj) 5240 sp->confflags |= CONF_ENABLE_VJ; 5241 else 5242 sp->confflags &= ~CONF_ENABLE_VJ; 5243#endif 5244#ifdef INET6 5245 if (spr->defs.enable_ipv6) 5246 sp->confflags |= CONF_ENABLE_IPV6; 5247 else 5248 sp->confflags &= ~CONF_ENABLE_IPV6; 5249#endif 5250 break; 5251 5252 default: 5253 rv = EINVAL; 5254 } 5255 5256 quit: 5257 free(spr, M_TEMP); 5258 5259 return (rv); 5260} 5261 5262static void 5263sppp_phase_network(struct sppp *sp) 5264{ 5265 STDDCL; 5266 int i; 5267 u_long mask; 5268 5269 sp->pp_phase = PHASE_NETWORK; 5270 5271 if (debug) 5272 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5273 sppp_phase_name(sp->pp_phase)); 5274 5275 /* Notify NCPs now. */ 5276 for (i = 0; i < IDX_COUNT; i++) 5277 if ((cps[i])->flags & CP_NCP) 5278 (cps[i])->Open(sp); 5279 5280 /* Send Up events to all NCPs. */ 5281 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5282 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5283 (cps[i])->Up(sp); 5284 5285 /* if no NCP is starting, all this was in vain, close down */ 5286 sppp_lcp_check_and_close(sp); 5287} 5288 5289 5290static const char * 5291sppp_cp_type_name(u_char type) 5292{ 5293 static char buf[12]; 5294 switch (type) { 5295 case CONF_REQ: return "conf-req"; 5296 case CONF_ACK: return "conf-ack"; 5297 case CONF_NAK: return "conf-nak"; 5298 case CONF_REJ: return "conf-rej"; 5299 case TERM_REQ: return "term-req"; 5300 case TERM_ACK: return "term-ack"; 5301 case CODE_REJ: return "code-rej"; 5302 case PROTO_REJ: return "proto-rej"; 5303 case ECHO_REQ: return "echo-req"; 5304 case ECHO_REPLY: return "echo-reply"; 5305 case DISC_REQ: return "discard-req"; 5306 } 5307 snprintf (buf, sizeof(buf), "cp/0x%x", type); 5308 return buf; 5309} 5310 5311static const char * 5312sppp_auth_type_name(u_short proto, u_char type) 5313{ 5314 static char buf[12]; 5315 switch (proto) { 5316 case PPP_CHAP: 5317 switch (type) { 5318 case CHAP_CHALLENGE: return "challenge"; 5319 case CHAP_RESPONSE: return "response"; 5320 case CHAP_SUCCESS: return "success"; 5321 case CHAP_FAILURE: return "failure"; 5322 } 5323 case PPP_PAP: 5324 switch (type) { 5325 case PAP_REQ: return "req"; 5326 case PAP_ACK: return "ack"; 5327 case PAP_NAK: return "nak"; 5328 } 5329 } 5330 snprintf (buf, sizeof(buf), "auth/0x%x", type); 5331 return buf; 5332} 5333 5334static const char * 5335sppp_lcp_opt_name(u_char opt) 5336{ 5337 static char buf[12]; 5338 switch (opt) { 5339 case LCP_OPT_MRU: return "mru"; 5340 case LCP_OPT_ASYNC_MAP: return "async-map"; 5341 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5342 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5343 case LCP_OPT_MAGIC: return "magic"; 5344 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5345 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5346 } 5347 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 5348 return buf; 5349} 5350 5351static const char * 5352sppp_ipcp_opt_name(u_char opt) 5353{ 5354 static char buf[12]; 5355 switch (opt) { 5356 case IPCP_OPT_ADDRESSES: return "addresses"; 5357 case IPCP_OPT_COMPRESSION: return "compression"; 5358 case IPCP_OPT_ADDRESS: return "address"; 5359 } 5360 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 5361 return buf; 5362} 5363 5364#ifdef INET6 5365static const char * 5366sppp_ipv6cp_opt_name(u_char opt) 5367{ 5368 static char buf[12]; 5369 switch (opt) { 5370 case IPV6CP_OPT_IFID: return "ifid"; 5371 case IPV6CP_OPT_COMPRESSION: return "compression"; 5372 } 5373 sprintf (buf, "0x%x", opt); 5374 return buf; 5375} 5376#endif 5377 5378static const char * 5379sppp_state_name(int state) 5380{ 5381 switch (state) { 5382 case STATE_INITIAL: return "initial"; 5383 case STATE_STARTING: return "starting"; 5384 case STATE_CLOSED: return "closed"; 5385 case STATE_STOPPED: return "stopped"; 5386 case STATE_CLOSING: return "closing"; 5387 case STATE_STOPPING: return "stopping"; 5388 case STATE_REQ_SENT: return "req-sent"; 5389 case STATE_ACK_RCVD: return "ack-rcvd"; 5390 case STATE_ACK_SENT: return "ack-sent"; 5391 case STATE_OPENED: return "opened"; 5392 } 5393 return "illegal"; 5394} 5395 5396static const char * 5397sppp_phase_name(enum ppp_phase phase) 5398{ 5399 switch (phase) { 5400 case PHASE_DEAD: return "dead"; 5401 case PHASE_ESTABLISH: return "establish"; 5402 case PHASE_TERMINATE: return "terminate"; 5403 case PHASE_AUTHENTICATE: return "authenticate"; 5404 case PHASE_NETWORK: return "network"; 5405 } 5406 return "illegal"; 5407} 5408 5409static const char * 5410sppp_proto_name(u_short proto) 5411{ 5412 static char buf[12]; 5413 switch (proto) { 5414 case PPP_LCP: return "lcp"; 5415 case PPP_IPCP: return "ipcp"; 5416 case PPP_PAP: return "pap"; 5417 case PPP_CHAP: return "chap"; 5418 case PPP_IPV6CP: return "ipv6cp"; 5419 } 5420 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5421 return buf; 5422} 5423 5424static void 5425sppp_print_bytes(const u_char *p, u_short len) 5426{ 5427 if (len) 5428 log(-1, " %*D", len, p, "-"); 5429} 5430 5431static void 5432sppp_print_string(const char *p, u_short len) 5433{ 5434 u_char c; 5435 5436 while (len-- > 0) { 5437 c = *p++; 5438 /* 5439 * Print only ASCII chars directly. RFC 1994 recommends 5440 * using only them, but we don't rely on it. */ 5441 if (c < ' ' || c > '~') 5442 log(-1, "\\x%x", c); 5443 else 5444 log(-1, "%c", c); 5445 } 5446} 5447 5448static const char * 5449sppp_dotted_quad(u_long addr) 5450{ 5451 static char s[16]; 5452 sprintf(s, "%d.%d.%d.%d", 5453 (int)((addr >> 24) & 0xff), 5454 (int)((addr >> 16) & 0xff), 5455 (int)((addr >> 8) & 0xff), 5456 (int)(addr & 0xff)); 5457 return s; 5458} 5459 5460static int 5461sppp_strnlen(u_char *p, int max) 5462{ 5463 int len; 5464 5465 for (len = 0; len < max && *p; ++p) 5466 ++len; 5467 return len; 5468} 5469 5470/* a dummy, used to drop uninteresting events */ 5471static void 5472sppp_null(struct sppp *unused) 5473{ 5474 /* do just nothing */ 5475} 5476