if_spppsubr.c revision 196019
1/* 2 * Synchronous PPP/Cisco/Frame Relay link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 */ 5/*- 6 * Copyright (C) 1994-2000 Cronyx Engineering. 7 * Author: Serge Vakulenko, <vak@cronyx.ru> 8 * 9 * Heavily revamped to conform to RFC 1661. 10 * Copyright (C) 1997, 2001 Joerg Wunsch. 11 * 12 * This software is distributed with NO WARRANTIES, not even the implied 13 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 14 * 15 * Authors grant any other persons or organisations permission to use 16 * or modify this software as long as this message is kept with the software, 17 * all derivative works or modified versions. 18 * 19 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 20 * 21 * $FreeBSD: head/sys/net/if_spppsubr.c 196019 2009-08-01 19:26:27Z rwatson $ 22 */ 23 24#include <sys/param.h> 25 26#include "opt_inet.h" 27#include "opt_inet6.h" 28#include "opt_ipx.h" 29 30#include <sys/systm.h> 31#include <sys/kernel.h> 32#include <sys/module.h> 33#include <sys/sockio.h> 34#include <sys/socket.h> 35#include <sys/syslog.h> 36#include <sys/random.h> 37#include <sys/malloc.h> 38#include <sys/mbuf.h> 39 40#include <sys/md5.h> 41 42#include <net/if.h> 43#include <net/netisr.h> 44#include <net/if_types.h> 45#include <net/route.h> 46#include <net/vnet.h> 47#include <netinet/in.h> 48#include <netinet/in_systm.h> 49#include <netinet/ip.h> 50#include <net/slcompress.h> 51 52#include <machine/stdarg.h> 53 54#include <netinet/in_var.h> 55 56#ifdef INET 57#include <netinet/ip.h> 58#include <netinet/tcp.h> 59#endif 60 61#ifdef INET6 62#include <netinet6/scope6_var.h> 63#endif 64 65#include <netinet/if_ether.h> 66 67#ifdef IPX 68#include <netipx/ipx.h> 69#include <netipx/ipx_if.h> 70#endif 71 72#include <net/if_sppp.h> 73 74#define IOCTL_CMD_T u_long 75#define MAXALIVECNT 3 /* max. alive packets */ 76 77/* 78 * Interface flags that can be set in an ifconfig command. 79 * 80 * Setting link0 will make the link passive, i.e. it will be marked 81 * as being administrative openable, but won't be opened to begin 82 * with. Incoming calls will be answered, or subsequent calls with 83 * -link1 will cause the administrative open of the LCP layer. 84 * 85 * Setting link1 will cause the link to auto-dial only as packets 86 * arrive to be sent. 87 * 88 * Setting IFF_DEBUG will syslog the option negotiation and state 89 * transitions at level kern.debug. Note: all logs consistently look 90 * like 91 * 92 * <if-name><unit>: <proto-name> <additional info...> 93 * 94 * with <if-name><unit> being something like "bppp0", and <proto-name> 95 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 96 */ 97 98#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 99#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 100#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 101 102#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 103#define PPP_UI 0x03 /* Unnumbered Information */ 104#define PPP_IP 0x0021 /* Internet Protocol */ 105#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 106#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 107#define PPP_IPX 0x002b /* Novell IPX Protocol */ 108#define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */ 109#define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */ 110#define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 111#define PPP_LCP 0xc021 /* Link Control Protocol */ 112#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 113#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 114#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 115#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 116 117#define CONF_REQ 1 /* PPP configure request */ 118#define CONF_ACK 2 /* PPP configure acknowledge */ 119#define CONF_NAK 3 /* PPP configure negative ack */ 120#define CONF_REJ 4 /* PPP configure reject */ 121#define TERM_REQ 5 /* PPP terminate request */ 122#define TERM_ACK 6 /* PPP terminate acknowledge */ 123#define CODE_REJ 7 /* PPP code reject */ 124#define PROTO_REJ 8 /* PPP protocol reject */ 125#define ECHO_REQ 9 /* PPP echo request */ 126#define ECHO_REPLY 10 /* PPP echo reply */ 127#define DISC_REQ 11 /* PPP discard request */ 128 129#define LCP_OPT_MRU 1 /* maximum receive unit */ 130#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 131#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 132#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 133#define LCP_OPT_MAGIC 5 /* magic number */ 134#define LCP_OPT_RESERVED 6 /* reserved */ 135#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 136#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 137 138#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 139#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 140#define IPCP_OPT_ADDRESS 3 /* local IP address */ 141 142#define IPV6CP_OPT_IFID 1 /* interface identifier */ 143#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 144 145#define IPCP_COMP_VJ 0x2d /* Code for VJ compression */ 146 147#define PAP_REQ 1 /* PAP name/password request */ 148#define PAP_ACK 2 /* PAP acknowledge */ 149#define PAP_NAK 3 /* PAP fail */ 150 151#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 152#define CHAP_RESPONSE 2 /* CHAP challenge response */ 153#define CHAP_SUCCESS 3 /* CHAP response ok */ 154#define CHAP_FAILURE 4 /* CHAP response failed */ 155 156#define CHAP_MD5 5 /* hash algorithm - MD5 */ 157 158#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 159#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 160#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 161#define CISCO_ADDR_REQ 0 /* Cisco address request */ 162#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 163#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 164 165/* states are named and numbered according to RFC 1661 */ 166#define STATE_INITIAL 0 167#define STATE_STARTING 1 168#define STATE_CLOSED 2 169#define STATE_STOPPED 3 170#define STATE_CLOSING 4 171#define STATE_STOPPING 5 172#define STATE_REQ_SENT 6 173#define STATE_ACK_RCVD 7 174#define STATE_ACK_SENT 8 175#define STATE_OPENED 9 176 177MALLOC_DEFINE(M_SPPP, "sppp", "synchronous PPP interface internals"); 178 179struct ppp_header { 180 u_char address; 181 u_char control; 182 u_short protocol; 183} __packed; 184#define PPP_HEADER_LEN sizeof (struct ppp_header) 185 186struct lcp_header { 187 u_char type; 188 u_char ident; 189 u_short len; 190} __packed; 191#define LCP_HEADER_LEN sizeof (struct lcp_header) 192 193struct cisco_packet { 194 u_long type; 195 u_long par1; 196 u_long par2; 197 u_short rel; 198 u_short time0; 199 u_short time1; 200} __packed; 201#define CISCO_PACKET_LEN sizeof (struct cisco_packet) 202 203/* 204 * We follow the spelling and capitalization of RFC 1661 here, to make 205 * it easier comparing with the standard. Please refer to this RFC in 206 * case you can't make sense out of these abbreviation; it will also 207 * explain the semantics related to the various events and actions. 208 */ 209struct cp { 210 u_short proto; /* PPP control protocol number */ 211 u_char protoidx; /* index into state table in struct sppp */ 212 u_char flags; 213#define CP_LCP 0x01 /* this is the LCP */ 214#define CP_AUTH 0x02 /* this is an authentication protocol */ 215#define CP_NCP 0x04 /* this is a NCP */ 216#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 217 const char *name; /* name of this control protocol */ 218 /* event handlers */ 219 void (*Up)(struct sppp *sp); 220 void (*Down)(struct sppp *sp); 221 void (*Open)(struct sppp *sp); 222 void (*Close)(struct sppp *sp); 223 void (*TO)(void *sp); 224 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 225 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 226 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 227 /* actions */ 228 void (*tlu)(struct sppp *sp); 229 void (*tld)(struct sppp *sp); 230 void (*tls)(struct sppp *sp); 231 void (*tlf)(struct sppp *sp); 232 void (*scr)(struct sppp *sp); 233}; 234 235#define SPP_FMT "%s: " 236#define SPP_ARGS(ifp) (ifp)->if_xname 237 238#define SPPP_LOCK(sp) mtx_lock (&(sp)->mtx) 239#define SPPP_UNLOCK(sp) mtx_unlock (&(sp)->mtx) 240#define SPPP_LOCK_ASSERT(sp) mtx_assert (&(sp)->mtx, MA_OWNED) 241#define SPPP_LOCK_OWNED(sp) mtx_owned (&(sp)->mtx) 242 243#ifdef INET 244/* 245 * The following disgusting hack gets around the problem that IP TOS 246 * can't be set yet. We want to put "interactive" traffic on a high 247 * priority queue. To decide if traffic is interactive, we check that 248 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 249 * 250 * XXX is this really still necessary? - joerg - 251 */ 252static const u_short interactive_ports[8] = { 253 0, 513, 0, 0, 254 0, 21, 0, 23, 255}; 256#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 257#endif 258 259/* almost every function needs these */ 260#define STDDCL \ 261 struct ifnet *ifp = SP2IFP(sp); \ 262 int debug = ifp->if_flags & IFF_DEBUG 263 264static int sppp_output(struct ifnet *ifp, struct mbuf *m, 265 struct sockaddr *dst, struct route *ro); 266 267static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 268static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 269 270static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 271 struct mbuf *m); 272static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 273 u_char ident, u_short len, void *data); 274/* static void sppp_cp_timeout(void *arg); */ 275static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 276 int newstate); 277static void sppp_auth_send(const struct cp *cp, 278 struct sppp *sp, unsigned int type, unsigned int id, 279 ...); 280 281static void sppp_up_event(const struct cp *cp, struct sppp *sp); 282static void sppp_down_event(const struct cp *cp, struct sppp *sp); 283static void sppp_open_event(const struct cp *cp, struct sppp *sp); 284static void sppp_close_event(const struct cp *cp, struct sppp *sp); 285static void sppp_to_event(const struct cp *cp, struct sppp *sp); 286 287static void sppp_null(struct sppp *sp); 288 289static void sppp_pp_up(struct sppp *sp); 290static void sppp_pp_down(struct sppp *sp); 291 292static void sppp_lcp_init(struct sppp *sp); 293static void sppp_lcp_up(struct sppp *sp); 294static void sppp_lcp_down(struct sppp *sp); 295static void sppp_lcp_open(struct sppp *sp); 296static void sppp_lcp_close(struct sppp *sp); 297static void sppp_lcp_TO(void *sp); 298static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 299static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 300static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 301static void sppp_lcp_tlu(struct sppp *sp); 302static void sppp_lcp_tld(struct sppp *sp); 303static void sppp_lcp_tls(struct sppp *sp); 304static void sppp_lcp_tlf(struct sppp *sp); 305static void sppp_lcp_scr(struct sppp *sp); 306static void sppp_lcp_check_and_close(struct sppp *sp); 307static int sppp_ncp_check(struct sppp *sp); 308 309static void sppp_ipcp_init(struct sppp *sp); 310static void sppp_ipcp_up(struct sppp *sp); 311static void sppp_ipcp_down(struct sppp *sp); 312static void sppp_ipcp_open(struct sppp *sp); 313static void sppp_ipcp_close(struct sppp *sp); 314static void sppp_ipcp_TO(void *sp); 315static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 316static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 317static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 318static void sppp_ipcp_tlu(struct sppp *sp); 319static void sppp_ipcp_tld(struct sppp *sp); 320static void sppp_ipcp_tls(struct sppp *sp); 321static void sppp_ipcp_tlf(struct sppp *sp); 322static void sppp_ipcp_scr(struct sppp *sp); 323 324static void sppp_ipv6cp_init(struct sppp *sp); 325static void sppp_ipv6cp_up(struct sppp *sp); 326static void sppp_ipv6cp_down(struct sppp *sp); 327static void sppp_ipv6cp_open(struct sppp *sp); 328static void sppp_ipv6cp_close(struct sppp *sp); 329static void sppp_ipv6cp_TO(void *sp); 330static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 331static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 332static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 333static void sppp_ipv6cp_tlu(struct sppp *sp); 334static void sppp_ipv6cp_tld(struct sppp *sp); 335static void sppp_ipv6cp_tls(struct sppp *sp); 336static void sppp_ipv6cp_tlf(struct sppp *sp); 337static void sppp_ipv6cp_scr(struct sppp *sp); 338 339static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 340static void sppp_pap_init(struct sppp *sp); 341static void sppp_pap_open(struct sppp *sp); 342static void sppp_pap_close(struct sppp *sp); 343static void sppp_pap_TO(void *sp); 344static void sppp_pap_my_TO(void *sp); 345static void sppp_pap_tlu(struct sppp *sp); 346static void sppp_pap_tld(struct sppp *sp); 347static void sppp_pap_scr(struct sppp *sp); 348 349static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 350static void sppp_chap_init(struct sppp *sp); 351static void sppp_chap_open(struct sppp *sp); 352static void sppp_chap_close(struct sppp *sp); 353static void sppp_chap_TO(void *sp); 354static void sppp_chap_tlu(struct sppp *sp); 355static void sppp_chap_tld(struct sppp *sp); 356static void sppp_chap_scr(struct sppp *sp); 357 358static const char *sppp_auth_type_name(u_short proto, u_char type); 359static const char *sppp_cp_type_name(u_char type); 360#ifdef INET 361static const char *sppp_dotted_quad(u_long addr); 362static const char *sppp_ipcp_opt_name(u_char opt); 363#endif 364#ifdef INET6 365static const char *sppp_ipv6cp_opt_name(u_char opt); 366#endif 367static const char *sppp_lcp_opt_name(u_char opt); 368static const char *sppp_phase_name(enum ppp_phase phase); 369static const char *sppp_proto_name(u_short proto); 370static const char *sppp_state_name(int state); 371static int sppp_params(struct sppp *sp, u_long cmd, void *data); 372static int sppp_strnlen(u_char *p, int max); 373static void sppp_keepalive(void *dummy); 374static void sppp_phase_network(struct sppp *sp); 375static void sppp_print_bytes(const u_char *p, u_short len); 376static void sppp_print_string(const char *p, u_short len); 377static void sppp_qflush(struct ifqueue *ifq); 378#ifdef INET 379static void sppp_set_ip_addr(struct sppp *sp, u_long src); 380#endif 381#ifdef INET6 382static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 383 struct in6_addr *dst, struct in6_addr *srcmask); 384#ifdef IPV6CP_MYIFID_DYN 385static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 386static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 387#endif 388static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 389#endif 390 391/* if_start () wrapper */ 392static void sppp_ifstart (struct ifnet *ifp); 393 394/* our control protocol descriptors */ 395static const struct cp lcp = { 396 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 397 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 398 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 399 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 400 sppp_lcp_scr 401}; 402 403static const struct cp ipcp = { 404 PPP_IPCP, IDX_IPCP, 405#ifdef INET /* don't run IPCP if there's no IPv4 support */ 406 CP_NCP, 407#else 408 0, 409#endif 410 "ipcp", 411 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 412 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 413 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 414 sppp_ipcp_scr 415}; 416 417static const struct cp ipv6cp = { 418 PPP_IPV6CP, IDX_IPV6CP, 419#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 420 CP_NCP, 421#else 422 0, 423#endif 424 "ipv6cp", 425 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 426 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 427 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 428 sppp_ipv6cp_scr 429}; 430 431static const struct cp pap = { 432 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 433 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 434 sppp_pap_TO, 0, 0, 0, 435 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 436 sppp_pap_scr 437}; 438 439static const struct cp chap = { 440 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 441 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 442 sppp_chap_TO, 0, 0, 0, 443 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 444 sppp_chap_scr 445}; 446 447static const struct cp *cps[IDX_COUNT] = { 448 &lcp, /* IDX_LCP */ 449 &ipcp, /* IDX_IPCP */ 450 &ipv6cp, /* IDX_IPV6CP */ 451 &pap, /* IDX_PAP */ 452 &chap, /* IDX_CHAP */ 453}; 454 455static void* 456sppp_alloc(u_char type, struct ifnet *ifp) 457{ 458 struct sppp *sp; 459 460 sp = malloc(sizeof(struct sppp), M_SPPP, M_WAITOK | M_ZERO); 461 sp->pp_ifp = ifp; 462 463 return (sp); 464} 465 466static void 467sppp_free(void *com, u_char type) 468{ 469 470 free(com, M_SPPP); 471} 472 473static int 474sppp_modevent(module_t mod, int type, void *unused) 475{ 476 switch (type) { 477 case MOD_LOAD: 478 /* 479 * XXX: should probably be IFT_SPPP, but it's fairly 480 * harmless to allocate struct sppp's for non-sppp 481 * interfaces. 482 */ 483 484 if_register_com_alloc(IFT_PPP, sppp_alloc, sppp_free); 485 break; 486 case MOD_UNLOAD: 487 /* if_deregister_com_alloc(IFT_PPP); */ 488 return EACCES; 489 default: 490 return EOPNOTSUPP; 491 } 492 return 0; 493} 494static moduledata_t spppmod = { 495 "sppp", 496 sppp_modevent, 497 0 498}; 499MODULE_VERSION(sppp, 1); 500DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 501 502/* 503 * Exported functions, comprising our interface to the lower layer. 504 */ 505 506/* 507 * Process the received packet. 508 */ 509void 510sppp_input(struct ifnet *ifp, struct mbuf *m) 511{ 512 struct ppp_header *h; 513 int isr = -1; 514 struct sppp *sp = IFP2SP(ifp); 515 int debug, do_account = 0; 516#ifdef INET 517 int hlen, vjlen; 518 u_char *iphdr; 519#endif 520 521 SPPP_LOCK(sp); 522 debug = ifp->if_flags & IFF_DEBUG; 523 524 if (ifp->if_flags & IFF_UP) 525 /* Count received bytes, add FCS and one flag */ 526 ifp->if_ibytes += m->m_pkthdr.len + 3; 527 528 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 529 /* Too small packet, drop it. */ 530 if (debug) 531 log(LOG_DEBUG, 532 SPP_FMT "input packet is too small, %d bytes\n", 533 SPP_ARGS(ifp), m->m_pkthdr.len); 534 drop: 535 m_freem (m); 536 SPPP_UNLOCK(sp); 537 drop2: 538 ++ifp->if_ierrors; 539 ++ifp->if_iqdrops; 540 return; 541 } 542 543 if (sp->pp_mode == PP_FR) { 544 sppp_fr_input (sp, m); 545 SPPP_UNLOCK(sp); 546 return; 547 } 548 549 /* Get PPP header. */ 550 h = mtod (m, struct ppp_header*); 551 m_adj (m, PPP_HEADER_LEN); 552 553 switch (h->address) { 554 case PPP_ALLSTATIONS: 555 if (h->control != PPP_UI) 556 goto invalid; 557 if (sp->pp_mode == IFF_CISCO) { 558 if (debug) 559 log(LOG_DEBUG, 560 SPP_FMT "PPP packet in Cisco mode " 561 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 562 SPP_ARGS(ifp), 563 h->address, h->control, ntohs(h->protocol)); 564 goto drop; 565 } 566 switch (ntohs (h->protocol)) { 567 default: 568 if (debug) 569 log(LOG_DEBUG, 570 SPP_FMT "rejecting protocol " 571 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 572 SPP_ARGS(ifp), 573 h->address, h->control, ntohs(h->protocol)); 574 if (sp->state[IDX_LCP] == STATE_OPENED) 575 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 576 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 577 &h->protocol); 578 ++ifp->if_noproto; 579 goto drop; 580 case PPP_LCP: 581 sppp_cp_input(&lcp, sp, m); 582 m_freem (m); 583 SPPP_UNLOCK(sp); 584 return; 585 case PPP_PAP: 586 if (sp->pp_phase >= PHASE_AUTHENTICATE) 587 sppp_pap_input(sp, m); 588 m_freem (m); 589 SPPP_UNLOCK(sp); 590 return; 591 case PPP_CHAP: 592 if (sp->pp_phase >= PHASE_AUTHENTICATE) 593 sppp_chap_input(sp, m); 594 m_freem (m); 595 SPPP_UNLOCK(sp); 596 return; 597#ifdef INET 598 case PPP_IPCP: 599 if (sp->pp_phase == PHASE_NETWORK) 600 sppp_cp_input(&ipcp, sp, m); 601 m_freem (m); 602 SPPP_UNLOCK(sp); 603 return; 604 case PPP_IP: 605 if (sp->state[IDX_IPCP] == STATE_OPENED) { 606 isr = NETISR_IP; 607 } 608 do_account++; 609 break; 610 case PPP_VJ_COMP: 611 if (sp->state[IDX_IPCP] == STATE_OPENED) { 612 if ((vjlen = 613 sl_uncompress_tcp_core(mtod(m, u_char *), 614 m->m_len, m->m_len, 615 TYPE_COMPRESSED_TCP, 616 sp->pp_comp, 617 &iphdr, &hlen)) <= 0) { 618 if (debug) 619 log(LOG_INFO, 620 SPP_FMT "VJ uncompress failed on compressed packet\n", 621 SPP_ARGS(ifp)); 622 goto drop; 623 } 624 625 /* 626 * Trim the VJ header off the packet, and prepend 627 * the uncompressed IP header (which will usually 628 * end up in two chained mbufs since there's not 629 * enough leading space in the existing mbuf). 630 */ 631 m_adj(m, vjlen); 632 M_PREPEND(m, hlen, M_DONTWAIT); 633 if (m == NULL) { 634 SPPP_UNLOCK(sp); 635 goto drop2; 636 } 637 bcopy(iphdr, mtod(m, u_char *), hlen); 638 isr = NETISR_IP; 639 } 640 do_account++; 641 break; 642 case PPP_VJ_UCOMP: 643 if (sp->state[IDX_IPCP] == STATE_OPENED) { 644 if (sl_uncompress_tcp_core(mtod(m, u_char *), 645 m->m_len, m->m_len, 646 TYPE_UNCOMPRESSED_TCP, 647 sp->pp_comp, 648 &iphdr, &hlen) != 0) { 649 if (debug) 650 log(LOG_INFO, 651 SPP_FMT "VJ uncompress failed on uncompressed packet\n", 652 SPP_ARGS(ifp)); 653 goto drop; 654 } 655 isr = NETISR_IP; 656 } 657 do_account++; 658 break; 659#endif 660#ifdef INET6 661 case PPP_IPV6CP: 662 if (sp->pp_phase == PHASE_NETWORK) 663 sppp_cp_input(&ipv6cp, sp, m); 664 m_freem (m); 665 SPPP_UNLOCK(sp); 666 return; 667 668 case PPP_IPV6: 669 if (sp->state[IDX_IPV6CP] == STATE_OPENED) 670 isr = NETISR_IPV6; 671 do_account++; 672 break; 673#endif 674#ifdef IPX 675 case PPP_IPX: 676 /* IPX IPXCP not implemented yet */ 677 if (sp->pp_phase == PHASE_NETWORK) 678 isr = NETISR_IPX; 679 do_account++; 680 break; 681#endif 682 } 683 break; 684 case CISCO_MULTICAST: 685 case CISCO_UNICAST: 686 /* Don't check the control field here (RFC 1547). */ 687 if (sp->pp_mode != IFF_CISCO) { 688 if (debug) 689 log(LOG_DEBUG, 690 SPP_FMT "Cisco packet in PPP mode " 691 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 692 SPP_ARGS(ifp), 693 h->address, h->control, ntohs(h->protocol)); 694 goto drop; 695 } 696 switch (ntohs (h->protocol)) { 697 default: 698 ++ifp->if_noproto; 699 goto invalid; 700 case CISCO_KEEPALIVE: 701 sppp_cisco_input (sp, m); 702 m_freem (m); 703 SPPP_UNLOCK(sp); 704 return; 705#ifdef INET 706 case ETHERTYPE_IP: 707 isr = NETISR_IP; 708 do_account++; 709 break; 710#endif 711#ifdef INET6 712 case ETHERTYPE_IPV6: 713 isr = NETISR_IPV6; 714 do_account++; 715 break; 716#endif 717#ifdef IPX 718 case ETHERTYPE_IPX: 719 isr = NETISR_IPX; 720 do_account++; 721 break; 722#endif 723 } 724 break; 725 default: /* Invalid PPP packet. */ 726 invalid: 727 if (debug) 728 log(LOG_DEBUG, 729 SPP_FMT "invalid input packet " 730 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 731 SPP_ARGS(ifp), 732 h->address, h->control, ntohs(h->protocol)); 733 goto drop; 734 } 735 736 if (! (ifp->if_flags & IFF_UP) || isr == -1) 737 goto drop; 738 739 SPPP_UNLOCK(sp); 740 /* Check queue. */ 741 if (netisr_queue(isr, m)) { /* (0) on success. */ 742 if (debug) 743 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 744 SPP_ARGS(ifp)); 745 goto drop2; 746 } 747 748 if (do_account) 749 /* 750 * Do only account for network packets, not for control 751 * packets. This is used by some subsystems to detect 752 * idle lines. 753 */ 754 sp->pp_last_recv = time_uptime; 755} 756 757static void 758sppp_ifstart_sched(void *dummy) 759{ 760 struct sppp *sp = dummy; 761 762 sp->if_start(SP2IFP(sp)); 763} 764 765/* if_start () wrapper function. We use it to schedule real if_start () for 766 * execution. We can't call it directly 767 */ 768static void 769sppp_ifstart(struct ifnet *ifp) 770{ 771 struct sppp *sp = IFP2SP(ifp); 772 773 if (SPPP_LOCK_OWNED(sp)) { 774 if (callout_pending(&sp->ifstart_callout)) 775 return; 776 callout_reset(&sp->ifstart_callout, 1, sppp_ifstart_sched, 777 (void *)sp); 778 } else { 779 sp->if_start(ifp); 780 } 781} 782 783/* 784 * Enqueue transmit packet. 785 */ 786static int 787sppp_output(struct ifnet *ifp, struct mbuf *m, 788 struct sockaddr *dst, struct route *ro) 789{ 790 struct sppp *sp = IFP2SP(ifp); 791 struct ppp_header *h; 792 struct ifqueue *ifq = NULL; 793 int s, error, rv = 0; 794#ifdef INET 795 int ipproto = PPP_IP; 796#endif 797 int debug = ifp->if_flags & IFF_DEBUG; 798 799 s = splimp(); 800 SPPP_LOCK(sp); 801 802 if (!(ifp->if_flags & IFF_UP) || 803 (!(ifp->if_flags & IFF_AUTO) && 804 !(ifp->if_drv_flags & IFF_DRV_RUNNING))) { 805#ifdef INET6 806 drop: 807#endif 808 m_freem (m); 809 SPPP_UNLOCK(sp); 810 splx (s); 811 return (ENETDOWN); 812 } 813 814 if ((ifp->if_flags & IFF_AUTO) && 815 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 816#ifdef INET6 817 /* 818 * XXX 819 * 820 * Hack to prevent the initialization-time generated 821 * IPv6 multicast packet to erroneously cause a 822 * dialout event in case IPv6 has been 823 * administratively disabled on that interface. 824 */ 825 if (dst->sa_family == AF_INET6 && 826 !(sp->confflags & CONF_ENABLE_IPV6)) 827 goto drop; 828#endif 829 /* 830 * Interface is not yet running, but auto-dial. Need 831 * to start LCP for it. 832 */ 833 ifp->if_drv_flags |= IFF_DRV_RUNNING; 834 splx(s); 835 lcp.Open(sp); 836 s = splimp(); 837 } 838 839#ifdef INET 840 if (dst->sa_family == AF_INET) { 841 /* XXX Check mbuf length here? */ 842 struct ip *ip = mtod (m, struct ip*); 843 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 844 845 /* 846 * When using dynamic local IP address assignment by using 847 * 0.0.0.0 as a local address, the first TCP session will 848 * not connect because the local TCP checksum is computed 849 * using 0.0.0.0 which will later become our real IP address 850 * so the TCP checksum computed at the remote end will 851 * become invalid. So we 852 * - don't let packets with src ip addr 0 thru 853 * - we flag TCP packets with src ip 0 as an error 854 */ 855 856 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 857 { 858 m_freem(m); 859 SPPP_UNLOCK(sp); 860 splx(s); 861 if(ip->ip_p == IPPROTO_TCP) 862 return(EADDRNOTAVAIL); 863 else 864 return(0); 865 } 866 867 /* 868 * Put low delay, telnet, rlogin and ftp control packets 869 * in front of the queue or let ALTQ take care. 870 */ 871 if (ALTQ_IS_ENABLED(&ifp->if_snd)) 872 ; 873 else if (_IF_QFULL(&sp->pp_fastq)) 874 ; 875 else if (ip->ip_tos & IPTOS_LOWDELAY) 876 ifq = &sp->pp_fastq; 877 else if (m->m_len < sizeof *ip + sizeof *tcp) 878 ; 879 else if (ip->ip_p != IPPROTO_TCP) 880 ; 881 else if (INTERACTIVE (ntohs (tcp->th_sport))) 882 ifq = &sp->pp_fastq; 883 else if (INTERACTIVE (ntohs (tcp->th_dport))) 884 ifq = &sp->pp_fastq; 885 886 /* 887 * Do IP Header compression 888 */ 889 if (sp->pp_mode != IFF_CISCO && sp->pp_mode != PP_FR && 890 (sp->ipcp.flags & IPCP_VJ) && ip->ip_p == IPPROTO_TCP) 891 switch (sl_compress_tcp(m, ip, sp->pp_comp, 892 sp->ipcp.compress_cid)) { 893 case TYPE_COMPRESSED_TCP: 894 ipproto = PPP_VJ_COMP; 895 break; 896 case TYPE_UNCOMPRESSED_TCP: 897 ipproto = PPP_VJ_UCOMP; 898 break; 899 case TYPE_IP: 900 ipproto = PPP_IP; 901 break; 902 default: 903 m_freem(m); 904 SPPP_UNLOCK(sp); 905 splx(s); 906 return (EINVAL); 907 } 908 } 909#endif 910 911#ifdef INET6 912 if (dst->sa_family == AF_INET6) { 913 /* XXX do something tricky here? */ 914 } 915#endif 916 917 if (sp->pp_mode == PP_FR) { 918 /* Add frame relay header. */ 919 m = sppp_fr_header (sp, m, dst->sa_family); 920 if (! m) 921 goto nobufs; 922 goto out; 923 } 924 925 /* 926 * Prepend general data packet PPP header. For now, IP only. 927 */ 928 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 929 if (! m) { 930nobufs: if (debug) 931 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 932 SPP_ARGS(ifp)); 933 ++ifp->if_oerrors; 934 SPPP_UNLOCK(sp); 935 splx (s); 936 return (ENOBUFS); 937 } 938 /* 939 * May want to check size of packet 940 * (albeit due to the implementation it's always enough) 941 */ 942 h = mtod (m, struct ppp_header*); 943 if (sp->pp_mode == IFF_CISCO) { 944 h->address = CISCO_UNICAST; /* unicast address */ 945 h->control = 0; 946 } else { 947 h->address = PPP_ALLSTATIONS; /* broadcast address */ 948 h->control = PPP_UI; /* Unnumbered Info */ 949 } 950 951 switch (dst->sa_family) { 952#ifdef INET 953 case AF_INET: /* Internet Protocol */ 954 if (sp->pp_mode == IFF_CISCO) 955 h->protocol = htons (ETHERTYPE_IP); 956 else { 957 /* 958 * Don't choke with an ENETDOWN early. It's 959 * possible that we just started dialing out, 960 * so don't drop the packet immediately. If 961 * we notice that we run out of buffer space 962 * below, we will however remember that we are 963 * not ready to carry IP packets, and return 964 * ENETDOWN, as opposed to ENOBUFS. 965 */ 966 h->protocol = htons(ipproto); 967 if (sp->state[IDX_IPCP] != STATE_OPENED) 968 rv = ENETDOWN; 969 } 970 break; 971#endif 972#ifdef INET6 973 case AF_INET6: /* Internet Protocol */ 974 if (sp->pp_mode == IFF_CISCO) 975 h->protocol = htons (ETHERTYPE_IPV6); 976 else { 977 /* 978 * Don't choke with an ENETDOWN early. It's 979 * possible that we just started dialing out, 980 * so don't drop the packet immediately. If 981 * we notice that we run out of buffer space 982 * below, we will however remember that we are 983 * not ready to carry IP packets, and return 984 * ENETDOWN, as opposed to ENOBUFS. 985 */ 986 h->protocol = htons(PPP_IPV6); 987 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 988 rv = ENETDOWN; 989 } 990 break; 991#endif 992#ifdef IPX 993 case AF_IPX: /* Novell IPX Protocol */ 994 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 995 ETHERTYPE_IPX : PPP_IPX); 996 break; 997#endif 998 default: 999 m_freem (m); 1000 ++ifp->if_oerrors; 1001 SPPP_UNLOCK(sp); 1002 splx (s); 1003 return (EAFNOSUPPORT); 1004 } 1005 1006 /* 1007 * Queue message on interface, and start output if interface 1008 * not yet active. 1009 */ 1010out: 1011 if (ifq != NULL) 1012 error = !(IF_HANDOFF_ADJ(ifq, m, ifp, 3)); 1013 else 1014 IFQ_HANDOFF_ADJ(ifp, m, 3, error); 1015 if (error) { 1016 ++ifp->if_oerrors; 1017 SPPP_UNLOCK(sp); 1018 splx (s); 1019 return (rv? rv: ENOBUFS); 1020 } 1021 SPPP_UNLOCK(sp); 1022 splx (s); 1023 /* 1024 * Unlike in sppp_input(), we can always bump the timestamp 1025 * here since sppp_output() is only called on behalf of 1026 * network-layer traffic; control-layer traffic is handled 1027 * by sppp_cp_send(). 1028 */ 1029 sp->pp_last_sent = time_uptime; 1030 return (0); 1031} 1032 1033void 1034sppp_attach(struct ifnet *ifp) 1035{ 1036 struct sppp *sp = IFP2SP(ifp); 1037 1038 /* Initialize mtx lock */ 1039 mtx_init(&sp->mtx, "sppp", MTX_NETWORK_LOCK, MTX_DEF | MTX_RECURSE); 1040 1041 /* Initialize keepalive handler. */ 1042 callout_init(&sp->keepalive_callout, CALLOUT_MPSAFE); 1043 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 1044 (void *)sp); 1045 1046 ifp->if_mtu = PP_MTU; 1047 ifp->if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 1048 ifp->if_output = sppp_output; 1049#if 0 1050 sp->pp_flags = PP_KEEPALIVE; 1051#endif 1052 ifp->if_snd.ifq_maxlen = 32; 1053 sp->pp_fastq.ifq_maxlen = 32; 1054 sp->pp_cpq.ifq_maxlen = 20; 1055 sp->pp_loopcnt = 0; 1056 sp->pp_alivecnt = 0; 1057 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 1058 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 1059 sp->pp_phase = PHASE_DEAD; 1060 sp->pp_up = sppp_pp_up; 1061 sp->pp_down = sppp_pp_down; 1062 if(!mtx_initialized(&sp->pp_cpq.ifq_mtx)) 1063 mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", NULL, MTX_DEF); 1064 if(!mtx_initialized(&sp->pp_fastq.ifq_mtx)) 1065 mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", NULL, MTX_DEF); 1066 sp->pp_last_recv = sp->pp_last_sent = time_uptime; 1067 sp->confflags = 0; 1068#ifdef INET 1069 sp->confflags |= CONF_ENABLE_VJ; 1070#endif 1071#ifdef INET6 1072 sp->confflags |= CONF_ENABLE_IPV6; 1073#endif 1074 callout_init(&sp->ifstart_callout, CALLOUT_MPSAFE); 1075 sp->if_start = ifp->if_start; 1076 ifp->if_start = sppp_ifstart; 1077 sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAITOK); 1078 sl_compress_init(sp->pp_comp, -1); 1079 sppp_lcp_init(sp); 1080 sppp_ipcp_init(sp); 1081 sppp_ipv6cp_init(sp); 1082 sppp_pap_init(sp); 1083 sppp_chap_init(sp); 1084} 1085 1086void 1087sppp_detach(struct ifnet *ifp) 1088{ 1089 struct sppp *sp = IFP2SP(ifp); 1090 int i; 1091 1092 KASSERT(mtx_initialized(&sp->mtx), ("sppp mutex is not initialized")); 1093 1094 /* Stop keepalive handler. */ 1095 if (!callout_drain(&sp->keepalive_callout)) 1096 callout_stop(&sp->keepalive_callout); 1097 1098 for (i = 0; i < IDX_COUNT; i++) { 1099 if (!callout_drain(&sp->ch[i])) 1100 callout_stop(&sp->ch[i]); 1101 } 1102 if (!callout_drain(&sp->pap_my_to_ch)) 1103 callout_stop(&sp->pap_my_to_ch); 1104 mtx_destroy(&sp->pp_cpq.ifq_mtx); 1105 mtx_destroy(&sp->pp_fastq.ifq_mtx); 1106 mtx_destroy(&sp->mtx); 1107} 1108 1109/* 1110 * Flush the interface output queue. 1111 */ 1112static void 1113sppp_flush_unlocked(struct ifnet *ifp) 1114{ 1115 struct sppp *sp = IFP2SP(ifp); 1116 1117 sppp_qflush ((struct ifqueue *)&SP2IFP(sp)->if_snd); 1118 sppp_qflush (&sp->pp_fastq); 1119 sppp_qflush (&sp->pp_cpq); 1120} 1121 1122void 1123sppp_flush(struct ifnet *ifp) 1124{ 1125 struct sppp *sp = IFP2SP(ifp); 1126 1127 SPPP_LOCK(sp); 1128 sppp_flush_unlocked (ifp); 1129 SPPP_UNLOCK(sp); 1130} 1131 1132/* 1133 * Check if the output queue is empty. 1134 */ 1135int 1136sppp_isempty(struct ifnet *ifp) 1137{ 1138 struct sppp *sp = IFP2SP(ifp); 1139 int empty, s; 1140 1141 s = splimp(); 1142 SPPP_LOCK(sp); 1143 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 1144 !SP2IFP(sp)->if_snd.ifq_head; 1145 SPPP_UNLOCK(sp); 1146 splx(s); 1147 return (empty); 1148} 1149 1150/* 1151 * Get next packet to send. 1152 */ 1153struct mbuf * 1154sppp_dequeue(struct ifnet *ifp) 1155{ 1156 struct sppp *sp = IFP2SP(ifp); 1157 struct mbuf *m; 1158 int s; 1159 1160 s = splimp(); 1161 SPPP_LOCK(sp); 1162 /* 1163 * Process only the control protocol queue until we have at 1164 * least one NCP open. 1165 * 1166 * Do always serve all three queues in Cisco mode. 1167 */ 1168 IF_DEQUEUE(&sp->pp_cpq, m); 1169 if (m == NULL && 1170 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO || 1171 sp->pp_mode == PP_FR)) { 1172 IF_DEQUEUE(&sp->pp_fastq, m); 1173 if (m == NULL) 1174 IF_DEQUEUE (&SP2IFP(sp)->if_snd, m); 1175 } 1176 SPPP_UNLOCK(sp); 1177 splx(s); 1178 return m; 1179} 1180 1181/* 1182 * Pick the next packet, do not remove it from the queue. 1183 */ 1184struct mbuf * 1185sppp_pick(struct ifnet *ifp) 1186{ 1187 struct sppp *sp = IFP2SP(ifp); 1188 struct mbuf *m; 1189 int s; 1190 1191 s = splimp (); 1192 SPPP_LOCK(sp); 1193 1194 m = sp->pp_cpq.ifq_head; 1195 if (m == NULL && 1196 (sp->pp_phase == PHASE_NETWORK || 1197 sp->pp_mode == IFF_CISCO || 1198 sp->pp_mode == PP_FR)) 1199 if ((m = sp->pp_fastq.ifq_head) == NULL) 1200 m = SP2IFP(sp)->if_snd.ifq_head; 1201 SPPP_UNLOCK(sp); 1202 splx (s); 1203 return (m); 1204} 1205 1206/* 1207 * Process an ioctl request. Called on low priority level. 1208 */ 1209int 1210sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1211{ 1212 struct ifreq *ifr = (struct ifreq*) data; 1213 struct sppp *sp = IFP2SP(ifp); 1214 int s, rv, going_up, going_down, newmode; 1215 1216 s = splimp(); 1217 SPPP_LOCK(sp); 1218 rv = 0; 1219 switch (cmd) { 1220 case SIOCAIFADDR: 1221 case SIOCSIFDSTADDR: 1222 break; 1223 1224 case SIOCSIFADDR: 1225 /* set the interface "up" when assigning an IP address */ 1226 ifp->if_flags |= IFF_UP; 1227 /* FALLTHROUGH */ 1228 1229 case SIOCSIFFLAGS: 1230 going_up = ifp->if_flags & IFF_UP && 1231 (ifp->if_drv_flags & IFF_DRV_RUNNING) == 0; 1232 going_down = (ifp->if_flags & IFF_UP) == 0 && 1233 ifp->if_drv_flags & IFF_DRV_RUNNING; 1234 1235 newmode = ifp->if_flags & IFF_PASSIVE; 1236 if (!newmode) 1237 newmode = ifp->if_flags & IFF_AUTO; 1238 if (!newmode) 1239 newmode = ifp->if_flags & IFF_CISCO; 1240 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1241 ifp->if_flags |= newmode; 1242 1243 if (!newmode) 1244 newmode = sp->pp_flags & PP_FR; 1245 1246 if (newmode != sp->pp_mode) { 1247 going_down = 1; 1248 if (!going_up) 1249 going_up = ifp->if_drv_flags & IFF_DRV_RUNNING; 1250 } 1251 1252 if (going_down) { 1253 if (sp->pp_mode != IFF_CISCO && 1254 sp->pp_mode != PP_FR) 1255 lcp.Close(sp); 1256 else if (sp->pp_tlf) 1257 (sp->pp_tlf)(sp); 1258 sppp_flush_unlocked(ifp); 1259 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1260 sp->pp_mode = newmode; 1261 } 1262 1263 if (going_up) { 1264 if (sp->pp_mode != IFF_CISCO && 1265 sp->pp_mode != PP_FR) 1266 lcp.Close(sp); 1267 sp->pp_mode = newmode; 1268 if (sp->pp_mode == 0) { 1269 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1270 lcp.Open(sp); 1271 } 1272 if ((sp->pp_mode == IFF_CISCO) || 1273 (sp->pp_mode == PP_FR)) { 1274 if (sp->pp_tls) 1275 (sp->pp_tls)(sp); 1276 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1277 } 1278 } 1279 1280 break; 1281 1282#ifdef SIOCSIFMTU 1283#ifndef ifr_mtu 1284#define ifr_mtu ifr_metric 1285#endif 1286 case SIOCSIFMTU: 1287 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1288 return (EINVAL); 1289 ifp->if_mtu = ifr->ifr_mtu; 1290 break; 1291#endif 1292#ifdef SLIOCSETMTU 1293 case SLIOCSETMTU: 1294 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1295 return (EINVAL); 1296 ifp->if_mtu = *(short*)data; 1297 break; 1298#endif 1299#ifdef SIOCGIFMTU 1300 case SIOCGIFMTU: 1301 ifr->ifr_mtu = ifp->if_mtu; 1302 break; 1303#endif 1304#ifdef SLIOCGETMTU 1305 case SLIOCGETMTU: 1306 *(short*)data = ifp->if_mtu; 1307 break; 1308#endif 1309 case SIOCADDMULTI: 1310 case SIOCDELMULTI: 1311 break; 1312 1313 case SIOCGIFGENERIC: 1314 case SIOCSIFGENERIC: 1315 rv = sppp_params(sp, cmd, data); 1316 break; 1317 1318 default: 1319 rv = ENOTTY; 1320 } 1321 SPPP_UNLOCK(sp); 1322 splx(s); 1323 return rv; 1324} 1325 1326/* 1327 * Cisco framing implementation. 1328 */ 1329 1330/* 1331 * Handle incoming Cisco keepalive protocol packets. 1332 */ 1333static void 1334sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1335{ 1336 STDDCL; 1337 struct cisco_packet *h; 1338 u_long me, mymask; 1339 1340 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1341 if (debug) 1342 log(LOG_DEBUG, 1343 SPP_FMT "cisco invalid packet length: %d bytes\n", 1344 SPP_ARGS(ifp), m->m_pkthdr.len); 1345 return; 1346 } 1347 h = mtod (m, struct cisco_packet*); 1348 if (debug) 1349 log(LOG_DEBUG, 1350 SPP_FMT "cisco input: %d bytes " 1351 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1352 SPP_ARGS(ifp), m->m_pkthdr.len, 1353 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1354 (u_int)h->time0, (u_int)h->time1); 1355 switch (ntohl (h->type)) { 1356 default: 1357 if (debug) 1358 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1359 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1360 break; 1361 case CISCO_ADDR_REPLY: 1362 /* Reply on address request, ignore */ 1363 break; 1364 case CISCO_KEEPALIVE_REQ: 1365 sp->pp_alivecnt = 0; 1366 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1367 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1368 /* Local and remote sequence numbers are equal. 1369 * Probably, the line is in loopback mode. */ 1370 if (sp->pp_loopcnt >= MAXALIVECNT) { 1371 printf (SPP_FMT "loopback\n", 1372 SPP_ARGS(ifp)); 1373 sp->pp_loopcnt = 0; 1374 if (ifp->if_flags & IFF_UP) { 1375 if_down (ifp); 1376 sppp_qflush (&sp->pp_cpq); 1377 } 1378 } 1379 ++sp->pp_loopcnt; 1380 1381 /* Generate new local sequence number */ 1382 sp->pp_seq[IDX_LCP] = random(); 1383 break; 1384 } 1385 sp->pp_loopcnt = 0; 1386 if (! (ifp->if_flags & IFF_UP) && 1387 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 1388 if_up(ifp); 1389 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1390 } 1391 break; 1392 case CISCO_ADDR_REQ: 1393 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1394 if (me != 0L) 1395 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1396 break; 1397 } 1398} 1399 1400/* 1401 * Send Cisco keepalive packet. 1402 */ 1403static void 1404sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1405{ 1406 STDDCL; 1407 struct ppp_header *h; 1408 struct cisco_packet *ch; 1409 struct mbuf *m; 1410 struct timeval tv; 1411 1412 getmicrouptime(&tv); 1413 1414 MGETHDR (m, M_DONTWAIT, MT_DATA); 1415 if (! m) 1416 return; 1417 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1418 m->m_pkthdr.rcvif = 0; 1419 1420 h = mtod (m, struct ppp_header*); 1421 h->address = CISCO_MULTICAST; 1422 h->control = 0; 1423 h->protocol = htons (CISCO_KEEPALIVE); 1424 1425 ch = (struct cisco_packet*) (h + 1); 1426 ch->type = htonl (type); 1427 ch->par1 = htonl (par1); 1428 ch->par2 = htonl (par2); 1429 ch->rel = -1; 1430 1431 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1432 ch->time1 = htons ((u_short) tv.tv_sec); 1433 1434 if (debug) 1435 log(LOG_DEBUG, 1436 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1437 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1438 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1439 1440 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1441 ifp->if_oerrors++; 1442} 1443 1444/* 1445 * PPP protocol implementation. 1446 */ 1447 1448/* 1449 * Send PPP control protocol packet. 1450 */ 1451static void 1452sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1453 u_char ident, u_short len, void *data) 1454{ 1455 STDDCL; 1456 struct ppp_header *h; 1457 struct lcp_header *lh; 1458 struct mbuf *m; 1459 1460 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1461 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1462 MGETHDR (m, M_DONTWAIT, MT_DATA); 1463 if (! m) 1464 return; 1465 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1466 m->m_pkthdr.rcvif = 0; 1467 1468 h = mtod (m, struct ppp_header*); 1469 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1470 h->control = PPP_UI; /* Unnumbered Info */ 1471 h->protocol = htons (proto); /* Link Control Protocol */ 1472 1473 lh = (struct lcp_header*) (h + 1); 1474 lh->type = type; 1475 lh->ident = ident; 1476 lh->len = htons (LCP_HEADER_LEN + len); 1477 if (len) 1478 bcopy (data, lh+1, len); 1479 1480 if (debug) { 1481 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1482 SPP_ARGS(ifp), 1483 sppp_proto_name(proto), 1484 sppp_cp_type_name (lh->type), lh->ident, 1485 ntohs (lh->len)); 1486 sppp_print_bytes ((u_char*) (lh+1), len); 1487 log(-1, ">\n"); 1488 } 1489 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1490 ifp->if_oerrors++; 1491} 1492 1493/* 1494 * Handle incoming PPP control protocol packets. 1495 */ 1496static void 1497sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1498{ 1499 STDDCL; 1500 struct lcp_header *h; 1501 int len = m->m_pkthdr.len; 1502 int rv; 1503 u_char *p; 1504 1505 if (len < 4) { 1506 if (debug) 1507 log(LOG_DEBUG, 1508 SPP_FMT "%s invalid packet length: %d bytes\n", 1509 SPP_ARGS(ifp), cp->name, len); 1510 return; 1511 } 1512 h = mtod (m, struct lcp_header*); 1513 if (debug) { 1514 log(LOG_DEBUG, 1515 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1516 SPP_ARGS(ifp), cp->name, 1517 sppp_state_name(sp->state[cp->protoidx]), 1518 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1519 sppp_print_bytes ((u_char*) (h+1), len-4); 1520 log(-1, ">\n"); 1521 } 1522 if (len > ntohs (h->len)) 1523 len = ntohs (h->len); 1524 p = (u_char *)(h + 1); 1525 switch (h->type) { 1526 case CONF_REQ: 1527 if (len < 4) { 1528 if (debug) 1529 log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1530 SPP_ARGS(ifp), cp->name, 1531 len); 1532 ++ifp->if_ierrors; 1533 break; 1534 } 1535 /* handle states where RCR doesn't get a SCA/SCN */ 1536 switch (sp->state[cp->protoidx]) { 1537 case STATE_CLOSING: 1538 case STATE_STOPPING: 1539 return; 1540 case STATE_CLOSED: 1541 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1542 0, 0); 1543 return; 1544 } 1545 rv = (cp->RCR)(sp, h, len); 1546 switch (sp->state[cp->protoidx]) { 1547 case STATE_OPENED: 1548 (cp->tld)(sp); 1549 (cp->scr)(sp); 1550 /* FALLTHROUGH */ 1551 case STATE_ACK_SENT: 1552 case STATE_REQ_SENT: 1553 /* 1554 * sppp_cp_change_state() have the side effect of 1555 * restarting the timeouts. We want to avoid that 1556 * if the state don't change, otherwise we won't 1557 * ever timeout and resend a configuration request 1558 * that got lost. 1559 */ 1560 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1561 STATE_REQ_SENT)) 1562 break; 1563 sppp_cp_change_state(cp, sp, rv? 1564 STATE_ACK_SENT: STATE_REQ_SENT); 1565 break; 1566 case STATE_STOPPED: 1567 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1568 (cp->scr)(sp); 1569 sppp_cp_change_state(cp, sp, rv? 1570 STATE_ACK_SENT: STATE_REQ_SENT); 1571 break; 1572 case STATE_ACK_RCVD: 1573 if (rv) { 1574 sppp_cp_change_state(cp, sp, STATE_OPENED); 1575 if (debug) 1576 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1577 SPP_ARGS(ifp), 1578 cp->name); 1579 (cp->tlu)(sp); 1580 } else 1581 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1582 break; 1583 default: 1584 printf(SPP_FMT "%s illegal %s in state %s\n", 1585 SPP_ARGS(ifp), cp->name, 1586 sppp_cp_type_name(h->type), 1587 sppp_state_name(sp->state[cp->protoidx])); 1588 ++ifp->if_ierrors; 1589 } 1590 break; 1591 case CONF_ACK: 1592 if (h->ident != sp->confid[cp->protoidx]) { 1593 if (debug) 1594 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1595 SPP_ARGS(ifp), cp->name, 1596 h->ident, sp->confid[cp->protoidx]); 1597 ++ifp->if_ierrors; 1598 break; 1599 } 1600 switch (sp->state[cp->protoidx]) { 1601 case STATE_CLOSED: 1602 case STATE_STOPPED: 1603 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1604 break; 1605 case STATE_CLOSING: 1606 case STATE_STOPPING: 1607 break; 1608 case STATE_REQ_SENT: 1609 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1610 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1611 break; 1612 case STATE_OPENED: 1613 (cp->tld)(sp); 1614 /* FALLTHROUGH */ 1615 case STATE_ACK_RCVD: 1616 (cp->scr)(sp); 1617 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1618 break; 1619 case STATE_ACK_SENT: 1620 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1621 sppp_cp_change_state(cp, sp, STATE_OPENED); 1622 if (debug) 1623 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1624 SPP_ARGS(ifp), cp->name); 1625 (cp->tlu)(sp); 1626 break; 1627 default: 1628 printf(SPP_FMT "%s illegal %s in state %s\n", 1629 SPP_ARGS(ifp), cp->name, 1630 sppp_cp_type_name(h->type), 1631 sppp_state_name(sp->state[cp->protoidx])); 1632 ++ifp->if_ierrors; 1633 } 1634 break; 1635 case CONF_NAK: 1636 case CONF_REJ: 1637 if (h->ident != sp->confid[cp->protoidx]) { 1638 if (debug) 1639 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1640 SPP_ARGS(ifp), cp->name, 1641 h->ident, sp->confid[cp->protoidx]); 1642 ++ifp->if_ierrors; 1643 break; 1644 } 1645 if (h->type == CONF_NAK) 1646 (cp->RCN_nak)(sp, h, len); 1647 else /* CONF_REJ */ 1648 (cp->RCN_rej)(sp, h, len); 1649 1650 switch (sp->state[cp->protoidx]) { 1651 case STATE_CLOSED: 1652 case STATE_STOPPED: 1653 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1654 break; 1655 case STATE_REQ_SENT: 1656 case STATE_ACK_SENT: 1657 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1658 /* 1659 * Slow things down a bit if we think we might be 1660 * in loopback. Depend on the timeout to send the 1661 * next configuration request. 1662 */ 1663 if (sp->pp_loopcnt) 1664 break; 1665 (cp->scr)(sp); 1666 break; 1667 case STATE_OPENED: 1668 (cp->tld)(sp); 1669 /* FALLTHROUGH */ 1670 case STATE_ACK_RCVD: 1671 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1672 (cp->scr)(sp); 1673 break; 1674 case STATE_CLOSING: 1675 case STATE_STOPPING: 1676 break; 1677 default: 1678 printf(SPP_FMT "%s illegal %s in state %s\n", 1679 SPP_ARGS(ifp), cp->name, 1680 sppp_cp_type_name(h->type), 1681 sppp_state_name(sp->state[cp->protoidx])); 1682 ++ifp->if_ierrors; 1683 } 1684 break; 1685 1686 case TERM_REQ: 1687 switch (sp->state[cp->protoidx]) { 1688 case STATE_ACK_RCVD: 1689 case STATE_ACK_SENT: 1690 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1691 /* FALLTHROUGH */ 1692 case STATE_CLOSED: 1693 case STATE_STOPPED: 1694 case STATE_CLOSING: 1695 case STATE_STOPPING: 1696 case STATE_REQ_SENT: 1697 sta: 1698 /* Send Terminate-Ack packet. */ 1699 if (debug) 1700 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1701 SPP_ARGS(ifp), cp->name); 1702 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1703 break; 1704 case STATE_OPENED: 1705 (cp->tld)(sp); 1706 sp->rst_counter[cp->protoidx] = 0; 1707 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1708 goto sta; 1709 break; 1710 default: 1711 printf(SPP_FMT "%s illegal %s in state %s\n", 1712 SPP_ARGS(ifp), cp->name, 1713 sppp_cp_type_name(h->type), 1714 sppp_state_name(sp->state[cp->protoidx])); 1715 ++ifp->if_ierrors; 1716 } 1717 break; 1718 case TERM_ACK: 1719 switch (sp->state[cp->protoidx]) { 1720 case STATE_CLOSED: 1721 case STATE_STOPPED: 1722 case STATE_REQ_SENT: 1723 case STATE_ACK_SENT: 1724 break; 1725 case STATE_CLOSING: 1726 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1727 (cp->tlf)(sp); 1728 break; 1729 case STATE_STOPPING: 1730 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1731 (cp->tlf)(sp); 1732 break; 1733 case STATE_ACK_RCVD: 1734 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1735 break; 1736 case STATE_OPENED: 1737 (cp->tld)(sp); 1738 (cp->scr)(sp); 1739 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1740 break; 1741 default: 1742 printf(SPP_FMT "%s illegal %s in state %s\n", 1743 SPP_ARGS(ifp), cp->name, 1744 sppp_cp_type_name(h->type), 1745 sppp_state_name(sp->state[cp->protoidx])); 1746 ++ifp->if_ierrors; 1747 } 1748 break; 1749 case CODE_REJ: 1750 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1751 log(LOG_INFO, 1752 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1753 "danger will robinson\n", 1754 SPP_ARGS(ifp), cp->name, 1755 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1756 switch (sp->state[cp->protoidx]) { 1757 case STATE_CLOSED: 1758 case STATE_STOPPED: 1759 case STATE_REQ_SENT: 1760 case STATE_ACK_SENT: 1761 case STATE_CLOSING: 1762 case STATE_STOPPING: 1763 case STATE_OPENED: 1764 break; 1765 case STATE_ACK_RCVD: 1766 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1767 break; 1768 default: 1769 printf(SPP_FMT "%s illegal %s in state %s\n", 1770 SPP_ARGS(ifp), cp->name, 1771 sppp_cp_type_name(h->type), 1772 sppp_state_name(sp->state[cp->protoidx])); 1773 ++ifp->if_ierrors; 1774 } 1775 break; 1776 case PROTO_REJ: 1777 { 1778 int catastrophic; 1779 const struct cp *upper; 1780 int i; 1781 u_int16_t proto; 1782 1783 catastrophic = 0; 1784 upper = NULL; 1785 proto = ntohs(*((u_int16_t *)p)); 1786 for (i = 0; i < IDX_COUNT; i++) { 1787 if (cps[i]->proto == proto) { 1788 upper = cps[i]; 1789 break; 1790 } 1791 } 1792 if (upper == NULL) 1793 catastrophic++; 1794 1795 if (catastrophic || debug) 1796 log(catastrophic? LOG_INFO: LOG_DEBUG, 1797 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1798 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1799 sppp_cp_type_name(h->type), proto, 1800 upper ? upper->name : "unknown", 1801 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1802 1803 /* 1804 * if we got RXJ+ against conf-req, the peer does not implement 1805 * this particular protocol type. terminate the protocol. 1806 */ 1807 if (upper && !catastrophic) { 1808 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1809 upper->Close(sp); 1810 break; 1811 } 1812 } 1813 1814 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1815 switch (sp->state[cp->protoidx]) { 1816 case STATE_CLOSED: 1817 case STATE_STOPPED: 1818 case STATE_REQ_SENT: 1819 case STATE_ACK_SENT: 1820 case STATE_CLOSING: 1821 case STATE_STOPPING: 1822 case STATE_OPENED: 1823 break; 1824 case STATE_ACK_RCVD: 1825 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1826 break; 1827 default: 1828 printf(SPP_FMT "%s illegal %s in state %s\n", 1829 SPP_ARGS(ifp), cp->name, 1830 sppp_cp_type_name(h->type), 1831 sppp_state_name(sp->state[cp->protoidx])); 1832 ++ifp->if_ierrors; 1833 } 1834 break; 1835 } 1836 case DISC_REQ: 1837 if (cp->proto != PPP_LCP) 1838 goto illegal; 1839 /* Discard the packet. */ 1840 break; 1841 case ECHO_REQ: 1842 if (cp->proto != PPP_LCP) 1843 goto illegal; 1844 if (sp->state[cp->protoidx] != STATE_OPENED) { 1845 if (debug) 1846 log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1847 SPP_ARGS(ifp)); 1848 ++ifp->if_ierrors; 1849 break; 1850 } 1851 if (len < 8) { 1852 if (debug) 1853 log(-1, SPP_FMT "invalid lcp echo request " 1854 "packet length: %d bytes\n", 1855 SPP_ARGS(ifp), len); 1856 break; 1857 } 1858 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1859 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1860 /* Line loopback mode detected. */ 1861 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1862 sp->pp_loopcnt = MAXALIVECNT * 5; 1863 if_down (ifp); 1864 sppp_qflush (&sp->pp_cpq); 1865 1866 /* Shut down the PPP link. */ 1867 /* XXX */ 1868 lcp.Down(sp); 1869 lcp.Up(sp); 1870 break; 1871 } 1872 *(long*)(h+1) = htonl (sp->lcp.magic); 1873 if (debug) 1874 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1875 SPP_ARGS(ifp)); 1876 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1877 break; 1878 case ECHO_REPLY: 1879 if (cp->proto != PPP_LCP) 1880 goto illegal; 1881 if (h->ident != sp->lcp.echoid) { 1882 ++ifp->if_ierrors; 1883 break; 1884 } 1885 if (len < 8) { 1886 if (debug) 1887 log(-1, SPP_FMT "lcp invalid echo reply " 1888 "packet length: %d bytes\n", 1889 SPP_ARGS(ifp), len); 1890 break; 1891 } 1892 if (debug) 1893 log(-1, SPP_FMT "lcp got echo rep\n", 1894 SPP_ARGS(ifp)); 1895 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1896 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1897 sp->pp_alivecnt = 0; 1898 break; 1899 default: 1900 /* Unknown packet type -- send Code-Reject packet. */ 1901 illegal: 1902 if (debug) 1903 log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1904 SPP_ARGS(ifp), cp->name, h->type); 1905 sppp_cp_send(sp, cp->proto, CODE_REJ, 1906 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1907 ++ifp->if_ierrors; 1908 } 1909} 1910 1911 1912/* 1913 * The generic part of all Up/Down/Open/Close/TO event handlers. 1914 * Basically, the state transition handling in the automaton. 1915 */ 1916static void 1917sppp_up_event(const struct cp *cp, struct sppp *sp) 1918{ 1919 STDDCL; 1920 1921 if (debug) 1922 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1923 SPP_ARGS(ifp), cp->name, 1924 sppp_state_name(sp->state[cp->protoidx])); 1925 1926 switch (sp->state[cp->protoidx]) { 1927 case STATE_INITIAL: 1928 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1929 break; 1930 case STATE_STARTING: 1931 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1932 (cp->scr)(sp); 1933 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1934 break; 1935 default: 1936 printf(SPP_FMT "%s illegal up in state %s\n", 1937 SPP_ARGS(ifp), cp->name, 1938 sppp_state_name(sp->state[cp->protoidx])); 1939 } 1940} 1941 1942static void 1943sppp_down_event(const struct cp *cp, struct sppp *sp) 1944{ 1945 STDDCL; 1946 1947 if (debug) 1948 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1949 SPP_ARGS(ifp), cp->name, 1950 sppp_state_name(sp->state[cp->protoidx])); 1951 1952 switch (sp->state[cp->protoidx]) { 1953 case STATE_CLOSED: 1954 case STATE_CLOSING: 1955 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1956 break; 1957 case STATE_STOPPED: 1958 sppp_cp_change_state(cp, sp, STATE_STARTING); 1959 (cp->tls)(sp); 1960 break; 1961 case STATE_STOPPING: 1962 case STATE_REQ_SENT: 1963 case STATE_ACK_RCVD: 1964 case STATE_ACK_SENT: 1965 sppp_cp_change_state(cp, sp, STATE_STARTING); 1966 break; 1967 case STATE_OPENED: 1968 (cp->tld)(sp); 1969 sppp_cp_change_state(cp, sp, STATE_STARTING); 1970 break; 1971 default: 1972 printf(SPP_FMT "%s illegal down in state %s\n", 1973 SPP_ARGS(ifp), cp->name, 1974 sppp_state_name(sp->state[cp->protoidx])); 1975 } 1976} 1977 1978 1979static void 1980sppp_open_event(const struct cp *cp, struct sppp *sp) 1981{ 1982 STDDCL; 1983 1984 if (debug) 1985 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1986 SPP_ARGS(ifp), cp->name, 1987 sppp_state_name(sp->state[cp->protoidx])); 1988 1989 switch (sp->state[cp->protoidx]) { 1990 case STATE_INITIAL: 1991 sppp_cp_change_state(cp, sp, STATE_STARTING); 1992 (cp->tls)(sp); 1993 break; 1994 case STATE_STARTING: 1995 break; 1996 case STATE_CLOSED: 1997 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1998 (cp->scr)(sp); 1999 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2000 break; 2001 case STATE_STOPPED: 2002 /* 2003 * Try escaping stopped state. This seems to bite 2004 * people occasionally, in particular for IPCP, 2005 * presumably following previous IPCP negotiation 2006 * aborts. Somehow, we must have missed a Down event 2007 * which would have caused a transition into starting 2008 * state, so as a bandaid we force the Down event now. 2009 * This effectively implements (something like the) 2010 * `restart' option mentioned in the state transition 2011 * table of RFC 1661. 2012 */ 2013 sppp_cp_change_state(cp, sp, STATE_STARTING); 2014 (cp->tls)(sp); 2015 break; 2016 case STATE_STOPPING: 2017 case STATE_REQ_SENT: 2018 case STATE_ACK_RCVD: 2019 case STATE_ACK_SENT: 2020 case STATE_OPENED: 2021 break; 2022 case STATE_CLOSING: 2023 sppp_cp_change_state(cp, sp, STATE_STOPPING); 2024 break; 2025 } 2026} 2027 2028 2029static void 2030sppp_close_event(const struct cp *cp, struct sppp *sp) 2031{ 2032 STDDCL; 2033 2034 if (debug) 2035 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 2036 SPP_ARGS(ifp), cp->name, 2037 sppp_state_name(sp->state[cp->protoidx])); 2038 2039 switch (sp->state[cp->protoidx]) { 2040 case STATE_INITIAL: 2041 case STATE_CLOSED: 2042 case STATE_CLOSING: 2043 break; 2044 case STATE_STARTING: 2045 sppp_cp_change_state(cp, sp, STATE_INITIAL); 2046 (cp->tlf)(sp); 2047 break; 2048 case STATE_STOPPED: 2049 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2050 break; 2051 case STATE_STOPPING: 2052 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2053 break; 2054 case STATE_OPENED: 2055 (cp->tld)(sp); 2056 /* FALLTHROUGH */ 2057 case STATE_REQ_SENT: 2058 case STATE_ACK_RCVD: 2059 case STATE_ACK_SENT: 2060 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 2061 sppp_cp_send(sp, cp->proto, TERM_REQ, 2062 ++sp->pp_seq[cp->protoidx], 0, 0); 2063 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2064 break; 2065 } 2066} 2067 2068static void 2069sppp_to_event(const struct cp *cp, struct sppp *sp) 2070{ 2071 STDDCL; 2072 int s; 2073 2074 s = splimp(); 2075 SPPP_LOCK(sp); 2076 if (debug) 2077 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 2078 SPP_ARGS(ifp), cp->name, 2079 sppp_state_name(sp->state[cp->protoidx]), 2080 sp->rst_counter[cp->protoidx]); 2081 2082 if (--sp->rst_counter[cp->protoidx] < 0) 2083 /* TO- event */ 2084 switch (sp->state[cp->protoidx]) { 2085 case STATE_CLOSING: 2086 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2087 (cp->tlf)(sp); 2088 break; 2089 case STATE_STOPPING: 2090 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2091 (cp->tlf)(sp); 2092 break; 2093 case STATE_REQ_SENT: 2094 case STATE_ACK_RCVD: 2095 case STATE_ACK_SENT: 2096 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2097 (cp->tlf)(sp); 2098 break; 2099 } 2100 else 2101 /* TO+ event */ 2102 switch (sp->state[cp->protoidx]) { 2103 case STATE_CLOSING: 2104 case STATE_STOPPING: 2105 sppp_cp_send(sp, cp->proto, TERM_REQ, 2106 ++sp->pp_seq[cp->protoidx], 0, 0); 2107 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2108 cp->TO, (void *)sp); 2109 break; 2110 case STATE_REQ_SENT: 2111 case STATE_ACK_RCVD: 2112 (cp->scr)(sp); 2113 /* sppp_cp_change_state() will restart the timer */ 2114 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2115 break; 2116 case STATE_ACK_SENT: 2117 (cp->scr)(sp); 2118 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2119 cp->TO, (void *)sp); 2120 break; 2121 } 2122 2123 SPPP_UNLOCK(sp); 2124 splx(s); 2125} 2126 2127/* 2128 * Change the state of a control protocol in the state automaton. 2129 * Takes care of starting/stopping the restart timer. 2130 */ 2131static void 2132sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2133{ 2134 sp->state[cp->protoidx] = newstate; 2135 2136 callout_stop (&sp->ch[cp->protoidx]); 2137 2138 switch (newstate) { 2139 case STATE_INITIAL: 2140 case STATE_STARTING: 2141 case STATE_CLOSED: 2142 case STATE_STOPPED: 2143 case STATE_OPENED: 2144 break; 2145 case STATE_CLOSING: 2146 case STATE_STOPPING: 2147 case STATE_REQ_SENT: 2148 case STATE_ACK_RCVD: 2149 case STATE_ACK_SENT: 2150 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2151 cp->TO, (void *)sp); 2152 break; 2153 } 2154} 2155 2156/* 2157 *--------------------------------------------------------------------------* 2158 * * 2159 * The LCP implementation. * 2160 * * 2161 *--------------------------------------------------------------------------* 2162 */ 2163static void 2164sppp_pp_up(struct sppp *sp) 2165{ 2166 SPPP_LOCK(sp); 2167 lcp.Up(sp); 2168 SPPP_UNLOCK(sp); 2169} 2170 2171static void 2172sppp_pp_down(struct sppp *sp) 2173{ 2174 SPPP_LOCK(sp); 2175 lcp.Down(sp); 2176 SPPP_UNLOCK(sp); 2177} 2178 2179static void 2180sppp_lcp_init(struct sppp *sp) 2181{ 2182 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2183 sp->lcp.magic = 0; 2184 sp->state[IDX_LCP] = STATE_INITIAL; 2185 sp->fail_counter[IDX_LCP] = 0; 2186 sp->pp_seq[IDX_LCP] = 0; 2187 sp->pp_rseq[IDX_LCP] = 0; 2188 sp->lcp.protos = 0; 2189 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2190 2191 /* Note that these values are relevant for all control protocols */ 2192 sp->lcp.timeout = 3 * hz; 2193 sp->lcp.max_terminate = 2; 2194 sp->lcp.max_configure = 10; 2195 sp->lcp.max_failure = 10; 2196 callout_init(&sp->ch[IDX_LCP], CALLOUT_MPSAFE); 2197} 2198 2199static void 2200sppp_lcp_up(struct sppp *sp) 2201{ 2202 STDDCL; 2203 2204 sp->pp_alivecnt = 0; 2205 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2206 sp->lcp.magic = 0; 2207 sp->lcp.protos = 0; 2208 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2209 /* 2210 * If we are authenticator, negotiate LCP_AUTH 2211 */ 2212 if (sp->hisauth.proto != 0) 2213 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2214 else 2215 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2216 sp->pp_flags &= ~PP_NEEDAUTH; 2217 /* 2218 * If this interface is passive or dial-on-demand, and we are 2219 * still in Initial state, it means we've got an incoming 2220 * call. Activate the interface. 2221 */ 2222 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2223 if (debug) 2224 log(LOG_DEBUG, 2225 SPP_FMT "Up event", SPP_ARGS(ifp)); 2226 ifp->if_drv_flags |= IFF_DRV_RUNNING; 2227 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2228 if (debug) 2229 log(-1, "(incoming call)\n"); 2230 sp->pp_flags |= PP_CALLIN; 2231 lcp.Open(sp); 2232 } else if (debug) 2233 log(-1, "\n"); 2234 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2235 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2236 ifp->if_drv_flags |= IFF_DRV_RUNNING; 2237 lcp.Open(sp); 2238 } 2239 2240 sppp_up_event(&lcp, sp); 2241} 2242 2243static void 2244sppp_lcp_down(struct sppp *sp) 2245{ 2246 STDDCL; 2247 2248 sppp_down_event(&lcp, sp); 2249 2250 /* 2251 * If this is neither a dial-on-demand nor a passive 2252 * interface, simulate an ``ifconfig down'' action, so the 2253 * administrator can force a redial by another ``ifconfig 2254 * up''. XXX For leased line operation, should we immediately 2255 * try to reopen the connection here? 2256 */ 2257 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2258 log(LOG_INFO, 2259 SPP_FMT "Down event, taking interface down.\n", 2260 SPP_ARGS(ifp)); 2261 if_down(ifp); 2262 } else { 2263 if (debug) 2264 log(LOG_DEBUG, 2265 SPP_FMT "Down event (carrier loss)\n", 2266 SPP_ARGS(ifp)); 2267 sp->pp_flags &= ~PP_CALLIN; 2268 if (sp->state[IDX_LCP] != STATE_INITIAL) 2269 lcp.Close(sp); 2270 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 2271 } 2272} 2273 2274static void 2275sppp_lcp_open(struct sppp *sp) 2276{ 2277 sppp_open_event(&lcp, sp); 2278} 2279 2280static void 2281sppp_lcp_close(struct sppp *sp) 2282{ 2283 sppp_close_event(&lcp, sp); 2284} 2285 2286static void 2287sppp_lcp_TO(void *cookie) 2288{ 2289 sppp_to_event(&lcp, (struct sppp *)cookie); 2290} 2291 2292/* 2293 * Analyze a configure request. Return true if it was agreeable, and 2294 * caused action sca, false if it has been rejected or nak'ed, and 2295 * caused action scn. (The return value is used to make the state 2296 * transition decision in the state automaton.) 2297 */ 2298static int 2299sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2300{ 2301 STDDCL; 2302 u_char *buf, *r, *p; 2303 int origlen, rlen; 2304 u_long nmagic; 2305 u_short authproto; 2306 2307 len -= 4; 2308 origlen = len; 2309 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2310 if (! buf) 2311 return (0); 2312 2313 if (debug) 2314 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2315 SPP_ARGS(ifp)); 2316 2317 /* pass 1: check for things that need to be rejected */ 2318 p = (void*) (h+1); 2319 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2320 len-=p[1], p+=p[1]) { 2321 if (debug) 2322 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2323 switch (*p) { 2324 case LCP_OPT_MAGIC: 2325 /* Magic number. */ 2326 if (len >= 6 && p[1] == 6) 2327 continue; 2328 if (debug) 2329 log(-1, "[invalid] "); 2330 break; 2331 case LCP_OPT_ASYNC_MAP: 2332 /* Async control character map. */ 2333 if (len >= 6 && p[1] == 6) 2334 continue; 2335 if (debug) 2336 log(-1, "[invalid] "); 2337 break; 2338 case LCP_OPT_MRU: 2339 /* Maximum receive unit. */ 2340 if (len >= 4 && p[1] == 4) 2341 continue; 2342 if (debug) 2343 log(-1, "[invalid] "); 2344 break; 2345 case LCP_OPT_AUTH_PROTO: 2346 if (len < 4) { 2347 if (debug) 2348 log(-1, "[invalid] "); 2349 break; 2350 } 2351 authproto = (p[2] << 8) + p[3]; 2352 if (authproto == PPP_CHAP && p[1] != 5) { 2353 if (debug) 2354 log(-1, "[invalid chap len] "); 2355 break; 2356 } 2357 if (sp->myauth.proto == 0) { 2358 /* we are not configured to do auth */ 2359 if (debug) 2360 log(-1, "[not configured] "); 2361 break; 2362 } 2363 /* 2364 * Remote want us to authenticate, remember this, 2365 * so we stay in PHASE_AUTHENTICATE after LCP got 2366 * up. 2367 */ 2368 sp->pp_flags |= PP_NEEDAUTH; 2369 continue; 2370 default: 2371 /* Others not supported. */ 2372 if (debug) 2373 log(-1, "[rej] "); 2374 break; 2375 } 2376 /* Add the option to rejected list. */ 2377 bcopy (p, r, p[1]); 2378 r += p[1]; 2379 rlen += p[1]; 2380 } 2381 if (rlen) { 2382 if (debug) 2383 log(-1, " send conf-rej\n"); 2384 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2385 return 0; 2386 } else if (debug) 2387 log(-1, "\n"); 2388 2389 /* 2390 * pass 2: check for option values that are unacceptable and 2391 * thus require to be nak'ed. 2392 */ 2393 if (debug) 2394 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2395 SPP_ARGS(ifp)); 2396 2397 p = (void*) (h+1); 2398 len = origlen; 2399 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2400 len-=p[1], p+=p[1]) { 2401 if (debug) 2402 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2403 switch (*p) { 2404 case LCP_OPT_MAGIC: 2405 /* Magic number -- extract. */ 2406 nmagic = (u_long)p[2] << 24 | 2407 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2408 if (nmagic != sp->lcp.magic) { 2409 sp->pp_loopcnt = 0; 2410 if (debug) 2411 log(-1, "0x%lx ", nmagic); 2412 continue; 2413 } 2414 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2415 log(-1, "[glitch] "); 2416 ++sp->pp_loopcnt; 2417 /* 2418 * We negate our magic here, and NAK it. If 2419 * we see it later in an NAK packet, we 2420 * suggest a new one. 2421 */ 2422 nmagic = ~sp->lcp.magic; 2423 /* Gonna NAK it. */ 2424 p[2] = nmagic >> 24; 2425 p[3] = nmagic >> 16; 2426 p[4] = nmagic >> 8; 2427 p[5] = nmagic; 2428 break; 2429 2430 case LCP_OPT_ASYNC_MAP: 2431 /* 2432 * Async control character map -- just ignore it. 2433 * 2434 * Quote from RFC 1662, chapter 6: 2435 * To enable this functionality, synchronous PPP 2436 * implementations MUST always respond to the 2437 * Async-Control-Character-Map Configuration 2438 * Option with the LCP Configure-Ack. However, 2439 * acceptance of the Configuration Option does 2440 * not imply that the synchronous implementation 2441 * will do any ACCM mapping. Instead, all such 2442 * octet mapping will be performed by the 2443 * asynchronous-to-synchronous converter. 2444 */ 2445 continue; 2446 2447 case LCP_OPT_MRU: 2448 /* 2449 * Maximum receive unit. Always agreeable, 2450 * but ignored by now. 2451 */ 2452 sp->lcp.their_mru = p[2] * 256 + p[3]; 2453 if (debug) 2454 log(-1, "%lu ", sp->lcp.their_mru); 2455 continue; 2456 2457 case LCP_OPT_AUTH_PROTO: 2458 authproto = (p[2] << 8) + p[3]; 2459 if (sp->myauth.proto != authproto) { 2460 /* not agreed, nak */ 2461 if (debug) 2462 log(-1, "[mine %s != his %s] ", 2463 sppp_proto_name(sp->hisauth.proto), 2464 sppp_proto_name(authproto)); 2465 p[2] = sp->myauth.proto >> 8; 2466 p[3] = sp->myauth.proto; 2467 break; 2468 } 2469 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2470 if (debug) 2471 log(-1, "[chap not MD5] "); 2472 p[4] = CHAP_MD5; 2473 break; 2474 } 2475 continue; 2476 } 2477 /* Add the option to nak'ed list. */ 2478 bcopy (p, r, p[1]); 2479 r += p[1]; 2480 rlen += p[1]; 2481 } 2482 if (rlen) { 2483 /* 2484 * Local and remote magics equal -- loopback? 2485 */ 2486 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2487 if (sp->pp_loopcnt == MAXALIVECNT*5) 2488 printf (SPP_FMT "loopback\n", 2489 SPP_ARGS(ifp)); 2490 if (ifp->if_flags & IFF_UP) { 2491 if_down(ifp); 2492 sppp_qflush(&sp->pp_cpq); 2493 /* XXX ? */ 2494 lcp.Down(sp); 2495 lcp.Up(sp); 2496 } 2497 } else if (!sp->pp_loopcnt && 2498 ++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2499 if (debug) 2500 log(-1, " max_failure (%d) exceeded, " 2501 "send conf-rej\n", 2502 sp->lcp.max_failure); 2503 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2504 } else { 2505 if (debug) 2506 log(-1, " send conf-nak\n"); 2507 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2508 } 2509 } else { 2510 if (debug) 2511 log(-1, " send conf-ack\n"); 2512 sp->fail_counter[IDX_LCP] = 0; 2513 sp->pp_loopcnt = 0; 2514 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2515 h->ident, origlen, h+1); 2516 } 2517 2518 free (buf, M_TEMP); 2519 return (rlen == 0); 2520} 2521 2522/* 2523 * Analyze the LCP Configure-Reject option list, and adjust our 2524 * negotiation. 2525 */ 2526static void 2527sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2528{ 2529 STDDCL; 2530 u_char *buf, *p; 2531 2532 len -= 4; 2533 buf = malloc (len, M_TEMP, M_NOWAIT); 2534 if (!buf) 2535 return; 2536 2537 if (debug) 2538 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2539 SPP_ARGS(ifp)); 2540 2541 p = (void*) (h+1); 2542 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 2543 len -= p[1], p += p[1]) { 2544 if (debug) 2545 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2546 switch (*p) { 2547 case LCP_OPT_MAGIC: 2548 /* Magic number -- can't use it, use 0 */ 2549 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2550 sp->lcp.magic = 0; 2551 break; 2552 case LCP_OPT_MRU: 2553 /* 2554 * Should not be rejected anyway, since we only 2555 * negotiate a MRU if explicitly requested by 2556 * peer. 2557 */ 2558 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2559 break; 2560 case LCP_OPT_AUTH_PROTO: 2561 /* 2562 * Peer doesn't want to authenticate himself, 2563 * deny unless this is a dialout call, and 2564 * AUTHFLAG_NOCALLOUT is set. 2565 */ 2566 if ((sp->pp_flags & PP_CALLIN) == 0 && 2567 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2568 if (debug) 2569 log(-1, "[don't insist on auth " 2570 "for callout]"); 2571 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2572 break; 2573 } 2574 if (debug) 2575 log(-1, "[access denied]\n"); 2576 lcp.Close(sp); 2577 break; 2578 } 2579 } 2580 if (debug) 2581 log(-1, "\n"); 2582 free (buf, M_TEMP); 2583 return; 2584} 2585 2586/* 2587 * Analyze the LCP Configure-NAK option list, and adjust our 2588 * negotiation. 2589 */ 2590static void 2591sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2592{ 2593 STDDCL; 2594 u_char *buf, *p; 2595 u_long magic; 2596 2597 len -= 4; 2598 buf = malloc (len, M_TEMP, M_NOWAIT); 2599 if (!buf) 2600 return; 2601 2602 if (debug) 2603 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2604 SPP_ARGS(ifp)); 2605 2606 p = (void*) (h+1); 2607 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 2608 len -= p[1], p += p[1]) { 2609 if (debug) 2610 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2611 switch (*p) { 2612 case LCP_OPT_MAGIC: 2613 /* Magic number -- renegotiate */ 2614 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2615 len >= 6 && p[1] == 6) { 2616 magic = (u_long)p[2] << 24 | 2617 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2618 /* 2619 * If the remote magic is our negated one, 2620 * this looks like a loopback problem. 2621 * Suggest a new magic to make sure. 2622 */ 2623 if (magic == ~sp->lcp.magic) { 2624 if (debug) 2625 log(-1, "magic glitch "); 2626 sp->lcp.magic = random(); 2627 } else { 2628 sp->lcp.magic = magic; 2629 if (debug) 2630 log(-1, "%lu ", magic); 2631 } 2632 } 2633 break; 2634 case LCP_OPT_MRU: 2635 /* 2636 * Peer wants to advise us to negotiate an MRU. 2637 * Agree on it if it's reasonable, or use 2638 * default otherwise. 2639 */ 2640 if (len >= 4 && p[1] == 4) { 2641 u_int mru = p[2] * 256 + p[3]; 2642 if (debug) 2643 log(-1, "%d ", mru); 2644 if (mru < PP_MTU || mru > PP_MAX_MRU) 2645 mru = PP_MTU; 2646 sp->lcp.mru = mru; 2647 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2648 } 2649 break; 2650 case LCP_OPT_AUTH_PROTO: 2651 /* 2652 * Peer doesn't like our authentication method, 2653 * deny. 2654 */ 2655 if (debug) 2656 log(-1, "[access denied]\n"); 2657 lcp.Close(sp); 2658 break; 2659 } 2660 } 2661 if (debug) 2662 log(-1, "\n"); 2663 free (buf, M_TEMP); 2664 return; 2665} 2666 2667static void 2668sppp_lcp_tlu(struct sppp *sp) 2669{ 2670 STDDCL; 2671 int i; 2672 u_long mask; 2673 2674 /* XXX ? */ 2675 if (! (ifp->if_flags & IFF_UP) && 2676 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 2677 /* Coming out of loopback mode. */ 2678 if_up(ifp); 2679 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2680 } 2681 2682 for (i = 0; i < IDX_COUNT; i++) 2683 if ((cps[i])->flags & CP_QUAL) 2684 (cps[i])->Open(sp); 2685 2686 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2687 (sp->pp_flags & PP_NEEDAUTH) != 0) 2688 sp->pp_phase = PHASE_AUTHENTICATE; 2689 else 2690 sp->pp_phase = PHASE_NETWORK; 2691 2692 if (debug) 2693 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2694 sppp_phase_name(sp->pp_phase)); 2695 2696 /* 2697 * Open all authentication protocols. This is even required 2698 * if we already proceeded to network phase, since it might be 2699 * that remote wants us to authenticate, so we might have to 2700 * send a PAP request. Undesired authentication protocols 2701 * don't do anything when they get an Open event. 2702 */ 2703 for (i = 0; i < IDX_COUNT; i++) 2704 if ((cps[i])->flags & CP_AUTH) 2705 (cps[i])->Open(sp); 2706 2707 if (sp->pp_phase == PHASE_NETWORK) { 2708 /* Notify all NCPs. */ 2709 for (i = 0; i < IDX_COUNT; i++) 2710 if (((cps[i])->flags & CP_NCP) && 2711 /* 2712 * XXX 2713 * Hack to administratively disable IPv6 if 2714 * not desired. Perhaps we should have another 2715 * flag for this, but right now, we can make 2716 * all struct cp's read/only. 2717 */ 2718 (cps[i] != &ipv6cp || 2719 (sp->confflags & CONF_ENABLE_IPV6))) 2720 (cps[i])->Open(sp); 2721 } 2722 2723 /* Send Up events to all started protos. */ 2724 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2725 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2726 (cps[i])->Up(sp); 2727 2728 /* notify low-level driver of state change */ 2729 if (sp->pp_chg) 2730 sp->pp_chg(sp, (int)sp->pp_phase); 2731 2732 if (sp->pp_phase == PHASE_NETWORK) 2733 /* if no NCP is starting, close down */ 2734 sppp_lcp_check_and_close(sp); 2735} 2736 2737static void 2738sppp_lcp_tld(struct sppp *sp) 2739{ 2740 STDDCL; 2741 int i; 2742 u_long mask; 2743 2744 sp->pp_phase = PHASE_TERMINATE; 2745 2746 if (debug) 2747 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2748 sppp_phase_name(sp->pp_phase)); 2749 2750 /* 2751 * Take upper layers down. We send the Down event first and 2752 * the Close second to prevent the upper layers from sending 2753 * ``a flurry of terminate-request packets'', as the RFC 2754 * describes it. 2755 */ 2756 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2757 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2758 (cps[i])->Down(sp); 2759 (cps[i])->Close(sp); 2760 } 2761} 2762 2763static void 2764sppp_lcp_tls(struct sppp *sp) 2765{ 2766 STDDCL; 2767 2768 sp->pp_phase = PHASE_ESTABLISH; 2769 2770 if (debug) 2771 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2772 sppp_phase_name(sp->pp_phase)); 2773 2774 /* Notify lower layer if desired. */ 2775 if (sp->pp_tls) 2776 (sp->pp_tls)(sp); 2777 else 2778 (sp->pp_up)(sp); 2779} 2780 2781static void 2782sppp_lcp_tlf(struct sppp *sp) 2783{ 2784 STDDCL; 2785 2786 sp->pp_phase = PHASE_DEAD; 2787 if (debug) 2788 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2789 sppp_phase_name(sp->pp_phase)); 2790 2791 /* Notify lower layer if desired. */ 2792 if (sp->pp_tlf) 2793 (sp->pp_tlf)(sp); 2794 else 2795 (sp->pp_down)(sp); 2796} 2797 2798static void 2799sppp_lcp_scr(struct sppp *sp) 2800{ 2801 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2802 int i = 0; 2803 u_short authproto; 2804 2805 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2806 if (! sp->lcp.magic) 2807 sp->lcp.magic = random(); 2808 opt[i++] = LCP_OPT_MAGIC; 2809 opt[i++] = 6; 2810 opt[i++] = sp->lcp.magic >> 24; 2811 opt[i++] = sp->lcp.magic >> 16; 2812 opt[i++] = sp->lcp.magic >> 8; 2813 opt[i++] = sp->lcp.magic; 2814 } 2815 2816 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2817 opt[i++] = LCP_OPT_MRU; 2818 opt[i++] = 4; 2819 opt[i++] = sp->lcp.mru >> 8; 2820 opt[i++] = sp->lcp.mru; 2821 } 2822 2823 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2824 authproto = sp->hisauth.proto; 2825 opt[i++] = LCP_OPT_AUTH_PROTO; 2826 opt[i++] = authproto == PPP_CHAP? 5: 4; 2827 opt[i++] = authproto >> 8; 2828 opt[i++] = authproto; 2829 if (authproto == PPP_CHAP) 2830 opt[i++] = CHAP_MD5; 2831 } 2832 2833 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2834 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2835} 2836 2837/* 2838 * Check the open NCPs, return true if at least one NCP is open. 2839 */ 2840static int 2841sppp_ncp_check(struct sppp *sp) 2842{ 2843 int i, mask; 2844 2845 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2846 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2847 return 1; 2848 return 0; 2849} 2850 2851/* 2852 * Re-check the open NCPs and see if we should terminate the link. 2853 * Called by the NCPs during their tlf action handling. 2854 */ 2855static void 2856sppp_lcp_check_and_close(struct sppp *sp) 2857{ 2858 2859 if (sp->pp_phase < PHASE_NETWORK) 2860 /* don't bother, we are already going down */ 2861 return; 2862 2863 if (sppp_ncp_check(sp)) 2864 return; 2865 2866 lcp.Close(sp); 2867} 2868 2869/* 2870 *--------------------------------------------------------------------------* 2871 * * 2872 * The IPCP implementation. * 2873 * * 2874 *--------------------------------------------------------------------------* 2875 */ 2876 2877#ifdef INET 2878static void 2879sppp_ipcp_init(struct sppp *sp) 2880{ 2881 sp->ipcp.opts = 0; 2882 sp->ipcp.flags = 0; 2883 sp->state[IDX_IPCP] = STATE_INITIAL; 2884 sp->fail_counter[IDX_IPCP] = 0; 2885 sp->pp_seq[IDX_IPCP] = 0; 2886 sp->pp_rseq[IDX_IPCP] = 0; 2887 callout_init(&sp->ch[IDX_IPCP], CALLOUT_MPSAFE); 2888} 2889 2890static void 2891sppp_ipcp_up(struct sppp *sp) 2892{ 2893 sppp_up_event(&ipcp, sp); 2894} 2895 2896static void 2897sppp_ipcp_down(struct sppp *sp) 2898{ 2899 sppp_down_event(&ipcp, sp); 2900} 2901 2902static void 2903sppp_ipcp_open(struct sppp *sp) 2904{ 2905 STDDCL; 2906 u_long myaddr, hisaddr; 2907 2908 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN | 2909 IPCP_MYADDR_DYN | IPCP_VJ); 2910 sp->ipcp.opts = 0; 2911 2912 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2913 /* 2914 * If we don't have his address, this probably means our 2915 * interface doesn't want to talk IP at all. (This could 2916 * be the case if somebody wants to speak only IPX, for 2917 * example.) Don't open IPCP in this case. 2918 */ 2919 if (hisaddr == 0L) { 2920 /* XXX this message should go away */ 2921 if (debug) 2922 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2923 SPP_ARGS(ifp)); 2924 return; 2925 } 2926 if (myaddr == 0L) { 2927 /* 2928 * I don't have an assigned address, so i need to 2929 * negotiate my address. 2930 */ 2931 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2932 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2933 } else 2934 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2935 if (sp->confflags & CONF_ENABLE_VJ) { 2936 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION); 2937 sp->ipcp.max_state = MAX_STATES - 1; 2938 sp->ipcp.compress_cid = 1; 2939 } 2940 sppp_open_event(&ipcp, sp); 2941} 2942 2943static void 2944sppp_ipcp_close(struct sppp *sp) 2945{ 2946 sppp_close_event(&ipcp, sp); 2947 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2948 /* 2949 * My address was dynamic, clear it again. 2950 */ 2951 sppp_set_ip_addr(sp, 0L); 2952} 2953 2954static void 2955sppp_ipcp_TO(void *cookie) 2956{ 2957 sppp_to_event(&ipcp, (struct sppp *)cookie); 2958} 2959 2960/* 2961 * Analyze a configure request. Return true if it was agreeable, and 2962 * caused action sca, false if it has been rejected or nak'ed, and 2963 * caused action scn. (The return value is used to make the state 2964 * transition decision in the state automaton.) 2965 */ 2966static int 2967sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2968{ 2969 u_char *buf, *r, *p; 2970 struct ifnet *ifp = SP2IFP(sp); 2971 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2972 u_long hisaddr, desiredaddr; 2973 int gotmyaddr = 0; 2974 int desiredcomp; 2975 2976 len -= 4; 2977 origlen = len; 2978 /* 2979 * Make sure to allocate a buf that can at least hold a 2980 * conf-nak with an `address' option. We might need it below. 2981 */ 2982 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2983 if (! buf) 2984 return (0); 2985 2986 /* pass 1: see if we can recognize them */ 2987 if (debug) 2988 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2989 SPP_ARGS(ifp)); 2990 p = (void*) (h+1); 2991 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2992 len-=p[1], p+=p[1]) { 2993 if (debug) 2994 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2995 switch (*p) { 2996 case IPCP_OPT_COMPRESSION: 2997 if (!(sp->confflags & CONF_ENABLE_VJ)) { 2998 /* VJ compression administratively disabled */ 2999 if (debug) 3000 log(-1, "[locally disabled] "); 3001 break; 3002 } 3003 /* 3004 * In theory, we should only conf-rej an 3005 * option that is shorter than RFC 1618 3006 * requires (i.e. < 4), and should conf-nak 3007 * anything else that is not VJ. However, 3008 * since our algorithm always uses the 3009 * original option to NAK it with new values, 3010 * things would become more complicated. In 3011 * pratice, the only commonly implemented IP 3012 * compression option is VJ anyway, so the 3013 * difference is negligible. 3014 */ 3015 if (len >= 6 && p[1] == 6) { 3016 /* 3017 * correctly formed compression option 3018 * that could be VJ compression 3019 */ 3020 continue; 3021 } 3022 if (debug) 3023 log(-1, 3024 "optlen %d [invalid/unsupported] ", 3025 p[1]); 3026 break; 3027 case IPCP_OPT_ADDRESS: 3028 if (len >= 6 && p[1] == 6) { 3029 /* correctly formed address option */ 3030 continue; 3031 } 3032 if (debug) 3033 log(-1, "[invalid] "); 3034 break; 3035 default: 3036 /* Others not supported. */ 3037 if (debug) 3038 log(-1, "[rej] "); 3039 break; 3040 } 3041 /* Add the option to rejected list. */ 3042 bcopy (p, r, p[1]); 3043 r += p[1]; 3044 rlen += p[1]; 3045 } 3046 if (rlen) { 3047 if (debug) 3048 log(-1, " send conf-rej\n"); 3049 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 3050 return 0; 3051 } else if (debug) 3052 log(-1, "\n"); 3053 3054 /* pass 2: parse option values */ 3055 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 3056 if (debug) 3057 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 3058 SPP_ARGS(ifp)); 3059 p = (void*) (h+1); 3060 len = origlen; 3061 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3062 len-=p[1], p+=p[1]) { 3063 if (debug) 3064 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3065 switch (*p) { 3066 case IPCP_OPT_COMPRESSION: 3067 desiredcomp = p[2] << 8 | p[3]; 3068 /* We only support VJ */ 3069 if (desiredcomp == IPCP_COMP_VJ) { 3070 if (debug) 3071 log(-1, "VJ [ack] "); 3072 sp->ipcp.flags |= IPCP_VJ; 3073 sl_compress_init(sp->pp_comp, p[4]); 3074 sp->ipcp.max_state = p[4]; 3075 sp->ipcp.compress_cid = p[5]; 3076 continue; 3077 } 3078 if (debug) 3079 log(-1, 3080 "compproto %#04x [not supported] ", 3081 desiredcomp); 3082 p[2] = IPCP_COMP_VJ >> 8; 3083 p[3] = IPCP_COMP_VJ; 3084 p[4] = sp->ipcp.max_state; 3085 p[5] = sp->ipcp.compress_cid; 3086 break; 3087 case IPCP_OPT_ADDRESS: 3088 /* This is the address he wants in his end */ 3089 desiredaddr = p[2] << 24 | p[3] << 16 | 3090 p[4] << 8 | p[5]; 3091 if (desiredaddr == hisaddr || 3092 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) { 3093 /* 3094 * Peer's address is same as our value, 3095 * or we have set it to 0.0.0.* to 3096 * indicate that we do not really care, 3097 * this is agreeable. Gonna conf-ack 3098 * it. 3099 */ 3100 if (debug) 3101 log(-1, "%s [ack] ", 3102 sppp_dotted_quad(hisaddr)); 3103 /* record that we've seen it already */ 3104 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3105 continue; 3106 } 3107 /* 3108 * The address wasn't agreeable. This is either 3109 * he sent us 0.0.0.0, asking to assign him an 3110 * address, or he send us another address not 3111 * matching our value. Either case, we gonna 3112 * conf-nak it with our value. 3113 * XXX: we should "rej" if hisaddr == 0 3114 */ 3115 if (debug) { 3116 if (desiredaddr == 0) 3117 log(-1, "[addr requested] "); 3118 else 3119 log(-1, "%s [not agreed] ", 3120 sppp_dotted_quad(desiredaddr)); 3121 3122 } 3123 p[2] = hisaddr >> 24; 3124 p[3] = hisaddr >> 16; 3125 p[4] = hisaddr >> 8; 3126 p[5] = hisaddr; 3127 break; 3128 } 3129 /* Add the option to nak'ed list. */ 3130 bcopy (p, r, p[1]); 3131 r += p[1]; 3132 rlen += p[1]; 3133 } 3134 3135 /* 3136 * If we are about to conf-ack the request, but haven't seen 3137 * his address so far, gonna conf-nak it instead, with the 3138 * `address' option present and our idea of his address being 3139 * filled in there, to request negotiation of both addresses. 3140 * 3141 * XXX This can result in an endless req - nak loop if peer 3142 * doesn't want to send us his address. Q: What should we do 3143 * about it? XXX A: implement the max-failure counter. 3144 */ 3145 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 3146 buf[0] = IPCP_OPT_ADDRESS; 3147 buf[1] = 6; 3148 buf[2] = hisaddr >> 24; 3149 buf[3] = hisaddr >> 16; 3150 buf[4] = hisaddr >> 8; 3151 buf[5] = hisaddr; 3152 rlen = 6; 3153 if (debug) 3154 log(-1, "still need hisaddr "); 3155 } 3156 3157 if (rlen) { 3158 if (debug) 3159 log(-1, " send conf-nak\n"); 3160 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3161 } else { 3162 if (debug) 3163 log(-1, " send conf-ack\n"); 3164 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 3165 h->ident, origlen, h+1); 3166 } 3167 3168 free (buf, M_TEMP); 3169 return (rlen == 0); 3170} 3171 3172/* 3173 * Analyze the IPCP Configure-Reject option list, and adjust our 3174 * negotiation. 3175 */ 3176static void 3177sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3178{ 3179 u_char *buf, *p; 3180 struct ifnet *ifp = SP2IFP(sp); 3181 int debug = ifp->if_flags & IFF_DEBUG; 3182 3183 len -= 4; 3184 buf = malloc (len, M_TEMP, M_NOWAIT); 3185 if (!buf) 3186 return; 3187 3188 if (debug) 3189 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 3190 SPP_ARGS(ifp)); 3191 3192 p = (void*) (h+1); 3193 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3194 len -= p[1], p += p[1]) { 3195 if (debug) 3196 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3197 switch (*p) { 3198 case IPCP_OPT_COMPRESSION: 3199 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION); 3200 break; 3201 case IPCP_OPT_ADDRESS: 3202 /* 3203 * Peer doesn't grok address option. This is 3204 * bad. XXX Should we better give up here? 3205 * XXX We could try old "addresses" option... 3206 */ 3207 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3208 break; 3209 } 3210 } 3211 if (debug) 3212 log(-1, "\n"); 3213 free (buf, M_TEMP); 3214 return; 3215} 3216 3217/* 3218 * Analyze the IPCP Configure-NAK option list, and adjust our 3219 * negotiation. 3220 */ 3221static void 3222sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3223{ 3224 u_char *buf, *p; 3225 struct ifnet *ifp = SP2IFP(sp); 3226 int debug = ifp->if_flags & IFF_DEBUG; 3227 int desiredcomp; 3228 u_long wantaddr; 3229 3230 len -= 4; 3231 buf = malloc (len, M_TEMP, M_NOWAIT); 3232 if (!buf) 3233 return; 3234 3235 if (debug) 3236 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 3237 SPP_ARGS(ifp)); 3238 3239 p = (void*) (h+1); 3240 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3241 len -= p[1], p += p[1]) { 3242 if (debug) 3243 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3244 switch (*p) { 3245 case IPCP_OPT_COMPRESSION: 3246 if (len >= 6 && p[1] == 6) { 3247 desiredcomp = p[2] << 8 | p[3]; 3248 if (debug) 3249 log(-1, "[wantcomp %#04x] ", 3250 desiredcomp); 3251 if (desiredcomp == IPCP_COMP_VJ) { 3252 sl_compress_init(sp->pp_comp, p[4]); 3253 sp->ipcp.max_state = p[4]; 3254 sp->ipcp.compress_cid = p[5]; 3255 if (debug) 3256 log(-1, "[agree] "); 3257 } else 3258 sp->ipcp.opts &= 3259 ~(1 << IPCP_OPT_COMPRESSION); 3260 } 3261 break; 3262 case IPCP_OPT_ADDRESS: 3263 /* 3264 * Peer doesn't like our local IP address. See 3265 * if we can do something for him. We'll drop 3266 * him our address then. 3267 */ 3268 if (len >= 6 && p[1] == 6) { 3269 wantaddr = p[2] << 24 | p[3] << 16 | 3270 p[4] << 8 | p[5]; 3271 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3272 if (debug) 3273 log(-1, "[wantaddr %s] ", 3274 sppp_dotted_quad(wantaddr)); 3275 /* 3276 * When doing dynamic address assignment, 3277 * we accept his offer. Otherwise, we 3278 * ignore it and thus continue to negotiate 3279 * our already existing value. 3280 * XXX: Bogus, if he said no once, he'll 3281 * just say no again, might as well die. 3282 */ 3283 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3284 sppp_set_ip_addr(sp, wantaddr); 3285 if (debug) 3286 log(-1, "[agree] "); 3287 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3288 } 3289 } 3290 break; 3291 } 3292 } 3293 if (debug) 3294 log(-1, "\n"); 3295 free (buf, M_TEMP); 3296 return; 3297} 3298 3299static void 3300sppp_ipcp_tlu(struct sppp *sp) 3301{ 3302 /* we are up - notify isdn daemon */ 3303 if (sp->pp_con) 3304 sp->pp_con(sp); 3305} 3306 3307static void 3308sppp_ipcp_tld(struct sppp *sp) 3309{ 3310} 3311 3312static void 3313sppp_ipcp_tls(struct sppp *sp) 3314{ 3315 /* indicate to LCP that it must stay alive */ 3316 sp->lcp.protos |= (1 << IDX_IPCP); 3317} 3318 3319static void 3320sppp_ipcp_tlf(struct sppp *sp) 3321{ 3322 /* we no longer need LCP */ 3323 sp->lcp.protos &= ~(1 << IDX_IPCP); 3324 sppp_lcp_check_and_close(sp); 3325} 3326 3327static void 3328sppp_ipcp_scr(struct sppp *sp) 3329{ 3330 char opt[6 /* compression */ + 6 /* address */]; 3331 u_long ouraddr; 3332 int i = 0; 3333 3334 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3335 opt[i++] = IPCP_OPT_COMPRESSION; 3336 opt[i++] = 6; 3337 opt[i++] = IPCP_COMP_VJ >> 8; 3338 opt[i++] = IPCP_COMP_VJ; 3339 opt[i++] = sp->ipcp.max_state; 3340 opt[i++] = sp->ipcp.compress_cid; 3341 } 3342 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3343 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3344 opt[i++] = IPCP_OPT_ADDRESS; 3345 opt[i++] = 6; 3346 opt[i++] = ouraddr >> 24; 3347 opt[i++] = ouraddr >> 16; 3348 opt[i++] = ouraddr >> 8; 3349 opt[i++] = ouraddr; 3350 } 3351 3352 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3353 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3354} 3355#else /* !INET */ 3356static void 3357sppp_ipcp_init(struct sppp *sp) 3358{ 3359} 3360 3361static void 3362sppp_ipcp_up(struct sppp *sp) 3363{ 3364} 3365 3366static void 3367sppp_ipcp_down(struct sppp *sp) 3368{ 3369} 3370 3371static void 3372sppp_ipcp_open(struct sppp *sp) 3373{ 3374} 3375 3376static void 3377sppp_ipcp_close(struct sppp *sp) 3378{ 3379} 3380 3381static void 3382sppp_ipcp_TO(void *cookie) 3383{ 3384} 3385 3386static int 3387sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3388{ 3389 return (0); 3390} 3391 3392static void 3393sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3394{ 3395} 3396 3397static void 3398sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3399{ 3400} 3401 3402static void 3403sppp_ipcp_tlu(struct sppp *sp) 3404{ 3405} 3406 3407static void 3408sppp_ipcp_tld(struct sppp *sp) 3409{ 3410} 3411 3412static void 3413sppp_ipcp_tls(struct sppp *sp) 3414{ 3415} 3416 3417static void 3418sppp_ipcp_tlf(struct sppp *sp) 3419{ 3420} 3421 3422static void 3423sppp_ipcp_scr(struct sppp *sp) 3424{ 3425} 3426#endif 3427 3428/* 3429 *--------------------------------------------------------------------------* 3430 * * 3431 * The IPv6CP implementation. * 3432 * * 3433 *--------------------------------------------------------------------------* 3434 */ 3435 3436#ifdef INET6 3437static void 3438sppp_ipv6cp_init(struct sppp *sp) 3439{ 3440 sp->ipv6cp.opts = 0; 3441 sp->ipv6cp.flags = 0; 3442 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3443 sp->fail_counter[IDX_IPV6CP] = 0; 3444 sp->pp_seq[IDX_IPV6CP] = 0; 3445 sp->pp_rseq[IDX_IPV6CP] = 0; 3446 callout_init(&sp->ch[IDX_IPV6CP], CALLOUT_MPSAFE); 3447} 3448 3449static void 3450sppp_ipv6cp_up(struct sppp *sp) 3451{ 3452 sppp_up_event(&ipv6cp, sp); 3453} 3454 3455static void 3456sppp_ipv6cp_down(struct sppp *sp) 3457{ 3458 sppp_down_event(&ipv6cp, sp); 3459} 3460 3461static void 3462sppp_ipv6cp_open(struct sppp *sp) 3463{ 3464 STDDCL; 3465 struct in6_addr myaddr, hisaddr; 3466 3467#ifdef IPV6CP_MYIFID_DYN 3468 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3469#else 3470 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3471#endif 3472 3473 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3474 /* 3475 * If we don't have our address, this probably means our 3476 * interface doesn't want to talk IPv6 at all. (This could 3477 * be the case if somebody wants to speak only IPX, for 3478 * example.) Don't open IPv6CP in this case. 3479 */ 3480 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3481 /* XXX this message should go away */ 3482 if (debug) 3483 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3484 SPP_ARGS(ifp)); 3485 return; 3486 } 3487 3488 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3489 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3490 sppp_open_event(&ipv6cp, sp); 3491} 3492 3493static void 3494sppp_ipv6cp_close(struct sppp *sp) 3495{ 3496 sppp_close_event(&ipv6cp, sp); 3497} 3498 3499static void 3500sppp_ipv6cp_TO(void *cookie) 3501{ 3502 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3503} 3504 3505/* 3506 * Analyze a configure request. Return true if it was agreeable, and 3507 * caused action sca, false if it has been rejected or nak'ed, and 3508 * caused action scn. (The return value is used to make the state 3509 * transition decision in the state automaton.) 3510 */ 3511static int 3512sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3513{ 3514 u_char *buf, *r, *p; 3515 struct ifnet *ifp = SP2IFP(sp); 3516 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3517 struct in6_addr myaddr, desiredaddr, suggestaddr; 3518 int ifidcount; 3519 int type; 3520 int collision, nohisaddr; 3521 char ip6buf[INET6_ADDRSTRLEN]; 3522 3523 len -= 4; 3524 origlen = len; 3525 /* 3526 * Make sure to allocate a buf that can at least hold a 3527 * conf-nak with an `address' option. We might need it below. 3528 */ 3529 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3530 if (! buf) 3531 return (0); 3532 3533 /* pass 1: see if we can recognize them */ 3534 if (debug) 3535 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3536 SPP_ARGS(ifp)); 3537 p = (void*) (h+1); 3538 ifidcount = 0; 3539 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3540 len-=p[1], p+=p[1]) { 3541 if (debug) 3542 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3543 switch (*p) { 3544 case IPV6CP_OPT_IFID: 3545 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3546 /* correctly formed address option */ 3547 ifidcount++; 3548 continue; 3549 } 3550 if (debug) 3551 log(-1, " [invalid]"); 3552 break; 3553#ifdef notyet 3554 case IPV6CP_OPT_COMPRESSION: 3555 if (len >= 4 && p[1] >= 4) { 3556 /* correctly formed compress option */ 3557 continue; 3558 } 3559 if (debug) 3560 log(-1, " [invalid]"); 3561 break; 3562#endif 3563 default: 3564 /* Others not supported. */ 3565 if (debug) 3566 log(-1, " [rej]"); 3567 break; 3568 } 3569 /* Add the option to rejected list. */ 3570 bcopy (p, r, p[1]); 3571 r += p[1]; 3572 rlen += p[1]; 3573 } 3574 if (rlen) { 3575 if (debug) 3576 log(-1, " send conf-rej\n"); 3577 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3578 goto end; 3579 } else if (debug) 3580 log(-1, "\n"); 3581 3582 /* pass 2: parse option values */ 3583 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3584 if (debug) 3585 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3586 SPP_ARGS(ifp)); 3587 p = (void*) (h+1); 3588 len = origlen; 3589 type = CONF_ACK; 3590 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3591 len-=p[1], p+=p[1]) { 3592 if (debug) 3593 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3594 switch (*p) { 3595#ifdef notyet 3596 case IPV6CP_OPT_COMPRESSION: 3597 continue; 3598#endif 3599 case IPV6CP_OPT_IFID: 3600 bzero(&desiredaddr, sizeof(desiredaddr)); 3601 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3602 collision = (bcmp(&desiredaddr.s6_addr[8], 3603 &myaddr.s6_addr[8], 8) == 0); 3604 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3605 3606 desiredaddr.s6_addr16[0] = htons(0xfe80); 3607 (void)in6_setscope(&desiredaddr, SP2IFP(sp), NULL); 3608 3609 if (!collision && !nohisaddr) { 3610 /* no collision, hisaddr known - Conf-Ack */ 3611 type = CONF_ACK; 3612 3613 if (debug) { 3614 log(-1, " %s [%s]", 3615 ip6_sprintf(ip6buf, &desiredaddr), 3616 sppp_cp_type_name(type)); 3617 } 3618 continue; 3619 } 3620 3621 bzero(&suggestaddr, sizeof(&suggestaddr)); 3622 if (collision && nohisaddr) { 3623 /* collision, hisaddr unknown - Conf-Rej */ 3624 type = CONF_REJ; 3625 bzero(&p[2], 8); 3626 } else { 3627 /* 3628 * - no collision, hisaddr unknown, or 3629 * - collision, hisaddr known 3630 * Conf-Nak, suggest hisaddr 3631 */ 3632 type = CONF_NAK; 3633 sppp_suggest_ip6_addr(sp, &suggestaddr); 3634 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3635 } 3636 if (debug) 3637 log(-1, " %s [%s]", 3638 ip6_sprintf(ip6buf, &desiredaddr), 3639 sppp_cp_type_name(type)); 3640 break; 3641 } 3642 /* Add the option to nak'ed list. */ 3643 bcopy (p, r, p[1]); 3644 r += p[1]; 3645 rlen += p[1]; 3646 } 3647 3648 if (rlen == 0 && type == CONF_ACK) { 3649 if (debug) 3650 log(-1, " send %s\n", sppp_cp_type_name(type)); 3651 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3652 } else { 3653#ifdef DIAGNOSTIC 3654 if (type == CONF_ACK) 3655 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3656#endif 3657 3658 if (debug) { 3659 log(-1, " send %s suggest %s\n", 3660 sppp_cp_type_name(type), 3661 ip6_sprintf(ip6buf, &suggestaddr)); 3662 } 3663 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3664 } 3665 3666 end: 3667 free (buf, M_TEMP); 3668 return (rlen == 0); 3669} 3670 3671/* 3672 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3673 * negotiation. 3674 */ 3675static void 3676sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3677{ 3678 u_char *buf, *p; 3679 struct ifnet *ifp = SP2IFP(sp); 3680 int debug = ifp->if_flags & IFF_DEBUG; 3681 3682 len -= 4; 3683 buf = malloc (len, M_TEMP, M_NOWAIT); 3684 if (!buf) 3685 return; 3686 3687 if (debug) 3688 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3689 SPP_ARGS(ifp)); 3690 3691 p = (void*) (h+1); 3692 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3693 len -= p[1], p += p[1]) { 3694 if (debug) 3695 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3696 switch (*p) { 3697 case IPV6CP_OPT_IFID: 3698 /* 3699 * Peer doesn't grok address option. This is 3700 * bad. XXX Should we better give up here? 3701 */ 3702 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3703 break; 3704#ifdef notyet 3705 case IPV6CP_OPT_COMPRESS: 3706 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3707 break; 3708#endif 3709 } 3710 } 3711 if (debug) 3712 log(-1, "\n"); 3713 free (buf, M_TEMP); 3714 return; 3715} 3716 3717/* 3718 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3719 * negotiation. 3720 */ 3721static void 3722sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3723{ 3724 u_char *buf, *p; 3725 struct ifnet *ifp = SP2IFP(sp); 3726 int debug = ifp->if_flags & IFF_DEBUG; 3727 struct in6_addr suggestaddr; 3728 char ip6buf[INET6_ADDRSTRLEN]; 3729 3730 len -= 4; 3731 buf = malloc (len, M_TEMP, M_NOWAIT); 3732 if (!buf) 3733 return; 3734 3735 if (debug) 3736 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3737 SPP_ARGS(ifp)); 3738 3739 p = (void*) (h+1); 3740 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3741 len -= p[1], p += p[1]) { 3742 if (debug) 3743 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3744 switch (*p) { 3745 case IPV6CP_OPT_IFID: 3746 /* 3747 * Peer doesn't like our local ifid. See 3748 * if we can do something for him. We'll drop 3749 * him our address then. 3750 */ 3751 if (len < 10 || p[1] != 10) 3752 break; 3753 bzero(&suggestaddr, sizeof(suggestaddr)); 3754 suggestaddr.s6_addr16[0] = htons(0xfe80); 3755 (void)in6_setscope(&suggestaddr, SP2IFP(sp), NULL); 3756 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3757 3758 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3759 if (debug) 3760 log(-1, " [suggestaddr %s]", 3761 ip6_sprintf(ip6buf, &suggestaddr)); 3762#ifdef IPV6CP_MYIFID_DYN 3763 /* 3764 * When doing dynamic address assignment, 3765 * we accept his offer. 3766 */ 3767 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3768 struct in6_addr lastsuggest; 3769 /* 3770 * If <suggested myaddr from peer> equals to 3771 * <hisaddr we have suggested last time>, 3772 * we have a collision. generate new random 3773 * ifid. 3774 */ 3775 sppp_suggest_ip6_addr(&lastsuggest); 3776 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3777 lastsuggest)) { 3778 if (debug) 3779 log(-1, " [random]"); 3780 sppp_gen_ip6_addr(sp, &suggestaddr); 3781 } 3782 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3783 if (debug) 3784 log(-1, " [agree]"); 3785 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3786 } 3787#else 3788 /* 3789 * Since we do not do dynamic address assignment, 3790 * we ignore it and thus continue to negotiate 3791 * our already existing value. This can possibly 3792 * go into infinite request-reject loop. 3793 * 3794 * This is not likely because we normally use 3795 * ifid based on MAC-address. 3796 * If you have no ethernet card on the node, too bad. 3797 * XXX should we use fail_counter? 3798 */ 3799#endif 3800 break; 3801#ifdef notyet 3802 case IPV6CP_OPT_COMPRESS: 3803 /* 3804 * Peer wants different compression parameters. 3805 */ 3806 break; 3807#endif 3808 } 3809 } 3810 if (debug) 3811 log(-1, "\n"); 3812 free (buf, M_TEMP); 3813 return; 3814} 3815static void 3816sppp_ipv6cp_tlu(struct sppp *sp) 3817{ 3818 /* we are up - notify isdn daemon */ 3819 if (sp->pp_con) 3820 sp->pp_con(sp); 3821} 3822 3823static void 3824sppp_ipv6cp_tld(struct sppp *sp) 3825{ 3826} 3827 3828static void 3829sppp_ipv6cp_tls(struct sppp *sp) 3830{ 3831 /* indicate to LCP that it must stay alive */ 3832 sp->lcp.protos |= (1 << IDX_IPV6CP); 3833} 3834 3835static void 3836sppp_ipv6cp_tlf(struct sppp *sp) 3837{ 3838 3839#if 0 /* need #if 0 to close IPv6CP properly */ 3840 /* we no longer need LCP */ 3841 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3842 sppp_lcp_check_and_close(sp); 3843#endif 3844} 3845 3846static void 3847sppp_ipv6cp_scr(struct sppp *sp) 3848{ 3849 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3850 struct in6_addr ouraddr; 3851 int i = 0; 3852 3853 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3854 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3855 opt[i++] = IPV6CP_OPT_IFID; 3856 opt[i++] = 10; 3857 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3858 i += 8; 3859 } 3860 3861#ifdef notyet 3862 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3863 opt[i++] = IPV6CP_OPT_COMPRESSION; 3864 opt[i++] = 4; 3865 opt[i++] = 0; /* TBD */ 3866 opt[i++] = 0; /* TBD */ 3867 /* variable length data may follow */ 3868 } 3869#endif 3870 3871 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3872 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3873} 3874#else /*INET6*/ 3875static void sppp_ipv6cp_init(struct sppp *sp) 3876{ 3877} 3878 3879static void sppp_ipv6cp_up(struct sppp *sp) 3880{ 3881} 3882 3883static void sppp_ipv6cp_down(struct sppp *sp) 3884{ 3885} 3886 3887 3888static void sppp_ipv6cp_open(struct sppp *sp) 3889{ 3890} 3891 3892static void sppp_ipv6cp_close(struct sppp *sp) 3893{ 3894} 3895 3896static void sppp_ipv6cp_TO(void *sp) 3897{ 3898} 3899 3900static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3901{ 3902 return 0; 3903} 3904 3905static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3906{ 3907} 3908 3909static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3910{ 3911} 3912 3913static void sppp_ipv6cp_tlu(struct sppp *sp) 3914{ 3915} 3916 3917static void sppp_ipv6cp_tld(struct sppp *sp) 3918{ 3919} 3920 3921static void sppp_ipv6cp_tls(struct sppp *sp) 3922{ 3923} 3924 3925static void sppp_ipv6cp_tlf(struct sppp *sp) 3926{ 3927} 3928 3929static void sppp_ipv6cp_scr(struct sppp *sp) 3930{ 3931} 3932#endif /*INET6*/ 3933 3934/* 3935 *--------------------------------------------------------------------------* 3936 * * 3937 * The CHAP implementation. * 3938 * * 3939 *--------------------------------------------------------------------------* 3940 */ 3941 3942/* 3943 * The authentication protocols don't employ a full-fledged state machine as 3944 * the control protocols do, since they do have Open and Close events, but 3945 * not Up and Down, nor are they explicitly terminated. Also, use of the 3946 * authentication protocols may be different in both directions (this makes 3947 * sense, think of a machine that never accepts incoming calls but only 3948 * calls out, it doesn't require the called party to authenticate itself). 3949 * 3950 * Our state machine for the local authentication protocol (we are requesting 3951 * the peer to authenticate) looks like: 3952 * 3953 * RCA- 3954 * +--------------------------------------------+ 3955 * V scn,tld| 3956 * +--------+ Close +---------+ RCA+ 3957 * | |<----------------------------------| |------+ 3958 * +--->| Closed | TO* | Opened | sca | 3959 * | | |-----+ +-------| |<-----+ 3960 * | +--------+ irc | | +---------+ 3961 * | ^ | | ^ 3962 * | | | | | 3963 * | | | | | 3964 * | TO-| | | | 3965 * | |tld TO+ V | | 3966 * | | +------->+ | | 3967 * | | | | | | 3968 * | +--------+ V | | 3969 * | | |<----+<--------------------+ | 3970 * | | Req- | scr | 3971 * | | Sent | | 3972 * | | | | 3973 * | +--------+ | 3974 * | RCA- | | RCA+ | 3975 * +------+ +------------------------------------------+ 3976 * scn,tld sca,irc,ict,tlu 3977 * 3978 * 3979 * with: 3980 * 3981 * Open: LCP reached authentication phase 3982 * Close: LCP reached terminate phase 3983 * 3984 * RCA+: received reply (pap-req, chap-response), acceptable 3985 * RCN: received reply (pap-req, chap-response), not acceptable 3986 * TO+: timeout with restart counter >= 0 3987 * TO-: timeout with restart counter < 0 3988 * TO*: reschedule timeout for CHAP 3989 * 3990 * scr: send request packet (none for PAP, chap-challenge) 3991 * sca: send ack packet (pap-ack, chap-success) 3992 * scn: send nak packet (pap-nak, chap-failure) 3993 * ict: initialize re-challenge timer (CHAP only) 3994 * 3995 * tlu: this-layer-up, LCP reaches network phase 3996 * tld: this-layer-down, LCP enters terminate phase 3997 * 3998 * Note that in CHAP mode, after sending a new challenge, while the state 3999 * automaton falls back into Req-Sent state, it doesn't signal a tld 4000 * event to LCP, so LCP remains in network phase. Only after not getting 4001 * any response (or after getting an unacceptable response), CHAP closes, 4002 * causing LCP to enter terminate phase. 4003 * 4004 * With PAP, there is no initial request that can be sent. The peer is 4005 * expected to send one based on the successful negotiation of PAP as 4006 * the authentication protocol during the LCP option negotiation. 4007 * 4008 * Incoming authentication protocol requests (remote requests 4009 * authentication, we are peer) don't employ a state machine at all, 4010 * they are simply answered. Some peers [Ascend P50 firmware rev 4011 * 4.50] react allergically when sending IPCP requests while they are 4012 * still in authentication phase (thereby violating the standard that 4013 * demands that these NCP packets are to be discarded), so we keep 4014 * track of the peer demanding us to authenticate, and only proceed to 4015 * phase network once we've seen a positive acknowledge for the 4016 * authentication. 4017 */ 4018 4019/* 4020 * Handle incoming CHAP packets. 4021 */ 4022static void 4023sppp_chap_input(struct sppp *sp, struct mbuf *m) 4024{ 4025 STDDCL; 4026 struct lcp_header *h; 4027 int len, x; 4028 u_char *value, *name, digest[AUTHKEYLEN], dsize; 4029 int value_len, name_len; 4030 MD5_CTX ctx; 4031 4032 len = m->m_pkthdr.len; 4033 if (len < 4) { 4034 if (debug) 4035 log(LOG_DEBUG, 4036 SPP_FMT "chap invalid packet length: %d bytes\n", 4037 SPP_ARGS(ifp), len); 4038 return; 4039 } 4040 h = mtod (m, struct lcp_header*); 4041 if (len > ntohs (h->len)) 4042 len = ntohs (h->len); 4043 4044 switch (h->type) { 4045 /* challenge, failure and success are his authproto */ 4046 case CHAP_CHALLENGE: 4047 value = 1 + (u_char*)(h+1); 4048 value_len = value[-1]; 4049 name = value + value_len; 4050 name_len = len - value_len - 5; 4051 if (name_len < 0) { 4052 if (debug) { 4053 log(LOG_DEBUG, 4054 SPP_FMT "chap corrupted challenge " 4055 "<%s id=0x%x len=%d", 4056 SPP_ARGS(ifp), 4057 sppp_auth_type_name(PPP_CHAP, h->type), 4058 h->ident, ntohs(h->len)); 4059 sppp_print_bytes((u_char*) (h+1), len-4); 4060 log(-1, ">\n"); 4061 } 4062 break; 4063 } 4064 4065 if (debug) { 4066 log(LOG_DEBUG, 4067 SPP_FMT "chap input <%s id=0x%x len=%d name=", 4068 SPP_ARGS(ifp), 4069 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 4070 ntohs(h->len)); 4071 sppp_print_string((char*) name, name_len); 4072 log(-1, " value-size=%d value=", value_len); 4073 sppp_print_bytes(value, value_len); 4074 log(-1, ">\n"); 4075 } 4076 4077 /* Compute reply value. */ 4078 MD5Init(&ctx); 4079 MD5Update(&ctx, &h->ident, 1); 4080 MD5Update(&ctx, sp->myauth.secret, 4081 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 4082 MD5Update(&ctx, value, value_len); 4083 MD5Final(digest, &ctx); 4084 dsize = sizeof digest; 4085 4086 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 4087 sizeof dsize, (const char *)&dsize, 4088 sizeof digest, digest, 4089 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4090 sp->myauth.name, 4091 0); 4092 break; 4093 4094 case CHAP_SUCCESS: 4095 if (debug) { 4096 log(LOG_DEBUG, SPP_FMT "chap success", 4097 SPP_ARGS(ifp)); 4098 if (len > 4) { 4099 log(-1, ": "); 4100 sppp_print_string((char*)(h + 1), len - 4); 4101 } 4102 log(-1, "\n"); 4103 } 4104 x = splimp(); 4105 SPPP_LOCK(sp); 4106 sp->pp_flags &= ~PP_NEEDAUTH; 4107 if (sp->myauth.proto == PPP_CHAP && 4108 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4109 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 4110 /* 4111 * We are authenticator for CHAP but didn't 4112 * complete yet. Leave it to tlu to proceed 4113 * to network phase. 4114 */ 4115 SPPP_UNLOCK(sp); 4116 splx(x); 4117 break; 4118 } 4119 SPPP_UNLOCK(sp); 4120 splx(x); 4121 sppp_phase_network(sp); 4122 break; 4123 4124 case CHAP_FAILURE: 4125 if (debug) { 4126 log(LOG_INFO, SPP_FMT "chap failure", 4127 SPP_ARGS(ifp)); 4128 if (len > 4) { 4129 log(-1, ": "); 4130 sppp_print_string((char*)(h + 1), len - 4); 4131 } 4132 log(-1, "\n"); 4133 } else 4134 log(LOG_INFO, SPP_FMT "chap failure\n", 4135 SPP_ARGS(ifp)); 4136 /* await LCP shutdown by authenticator */ 4137 break; 4138 4139 /* response is my authproto */ 4140 case CHAP_RESPONSE: 4141 value = 1 + (u_char*)(h+1); 4142 value_len = value[-1]; 4143 name = value + value_len; 4144 name_len = len - value_len - 5; 4145 if (name_len < 0) { 4146 if (debug) { 4147 log(LOG_DEBUG, 4148 SPP_FMT "chap corrupted response " 4149 "<%s id=0x%x len=%d", 4150 SPP_ARGS(ifp), 4151 sppp_auth_type_name(PPP_CHAP, h->type), 4152 h->ident, ntohs(h->len)); 4153 sppp_print_bytes((u_char*)(h+1), len-4); 4154 log(-1, ">\n"); 4155 } 4156 break; 4157 } 4158 if (h->ident != sp->confid[IDX_CHAP]) { 4159 if (debug) 4160 log(LOG_DEBUG, 4161 SPP_FMT "chap dropping response for old ID " 4162 "(got %d, expected %d)\n", 4163 SPP_ARGS(ifp), 4164 h->ident, sp->confid[IDX_CHAP]); 4165 break; 4166 } 4167 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 4168 || bcmp(name, sp->hisauth.name, name_len) != 0) { 4169 log(LOG_INFO, SPP_FMT "chap response, his name ", 4170 SPP_ARGS(ifp)); 4171 sppp_print_string(name, name_len); 4172 log(-1, " != expected "); 4173 sppp_print_string(sp->hisauth.name, 4174 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 4175 log(-1, "\n"); 4176 } 4177 if (debug) { 4178 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 4179 "<%s id=0x%x len=%d name=", 4180 SPP_ARGS(ifp), 4181 sppp_state_name(sp->state[IDX_CHAP]), 4182 sppp_auth_type_name(PPP_CHAP, h->type), 4183 h->ident, ntohs (h->len)); 4184 sppp_print_string((char*)name, name_len); 4185 log(-1, " value-size=%d value=", value_len); 4186 sppp_print_bytes(value, value_len); 4187 log(-1, ">\n"); 4188 } 4189 if (value_len != AUTHKEYLEN) { 4190 if (debug) 4191 log(LOG_DEBUG, 4192 SPP_FMT "chap bad hash value length: " 4193 "%d bytes, should be %d\n", 4194 SPP_ARGS(ifp), value_len, 4195 AUTHKEYLEN); 4196 break; 4197 } 4198 4199 MD5Init(&ctx); 4200 MD5Update(&ctx, &h->ident, 1); 4201 MD5Update(&ctx, sp->hisauth.secret, 4202 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 4203 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 4204 MD5Final(digest, &ctx); 4205 4206#define FAILMSG "Failed..." 4207#define SUCCMSG "Welcome!" 4208 4209 if (value_len != sizeof digest || 4210 bcmp(digest, value, value_len) != 0) { 4211 /* action scn, tld */ 4212 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4213 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4214 0); 4215 chap.tld(sp); 4216 break; 4217 } 4218 /* action sca, perhaps tlu */ 4219 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4220 sp->state[IDX_CHAP] == STATE_OPENED) 4221 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4222 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4223 0); 4224 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4225 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4226 chap.tlu(sp); 4227 } 4228 break; 4229 4230 default: 4231 /* Unknown CHAP packet type -- ignore. */ 4232 if (debug) { 4233 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4234 "<0x%x id=0x%xh len=%d", 4235 SPP_ARGS(ifp), 4236 sppp_state_name(sp->state[IDX_CHAP]), 4237 h->type, h->ident, ntohs(h->len)); 4238 sppp_print_bytes((u_char*)(h+1), len-4); 4239 log(-1, ">\n"); 4240 } 4241 break; 4242 4243 } 4244} 4245 4246static void 4247sppp_chap_init(struct sppp *sp) 4248{ 4249 /* Chap doesn't have STATE_INITIAL at all. */ 4250 sp->state[IDX_CHAP] = STATE_CLOSED; 4251 sp->fail_counter[IDX_CHAP] = 0; 4252 sp->pp_seq[IDX_CHAP] = 0; 4253 sp->pp_rseq[IDX_CHAP] = 0; 4254 callout_init(&sp->ch[IDX_CHAP], CALLOUT_MPSAFE); 4255} 4256 4257static void 4258sppp_chap_open(struct sppp *sp) 4259{ 4260 if (sp->myauth.proto == PPP_CHAP && 4261 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4262 /* we are authenticator for CHAP, start it */ 4263 chap.scr(sp); 4264 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4265 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4266 } 4267 /* nothing to be done if we are peer, await a challenge */ 4268} 4269 4270static void 4271sppp_chap_close(struct sppp *sp) 4272{ 4273 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4274 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4275} 4276 4277static void 4278sppp_chap_TO(void *cookie) 4279{ 4280 struct sppp *sp = (struct sppp *)cookie; 4281 STDDCL; 4282 int s; 4283 4284 s = splimp(); 4285 SPPP_LOCK(sp); 4286 if (debug) 4287 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4288 SPP_ARGS(ifp), 4289 sppp_state_name(sp->state[IDX_CHAP]), 4290 sp->rst_counter[IDX_CHAP]); 4291 4292 if (--sp->rst_counter[IDX_CHAP] < 0) 4293 /* TO- event */ 4294 switch (sp->state[IDX_CHAP]) { 4295 case STATE_REQ_SENT: 4296 chap.tld(sp); 4297 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4298 break; 4299 } 4300 else 4301 /* TO+ (or TO*) event */ 4302 switch (sp->state[IDX_CHAP]) { 4303 case STATE_OPENED: 4304 /* TO* event */ 4305 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4306 /* FALLTHROUGH */ 4307 case STATE_REQ_SENT: 4308 chap.scr(sp); 4309 /* sppp_cp_change_state() will restart the timer */ 4310 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4311 break; 4312 } 4313 4314 SPPP_UNLOCK(sp); 4315 splx(s); 4316} 4317 4318static void 4319sppp_chap_tlu(struct sppp *sp) 4320{ 4321 STDDCL; 4322 int i, x; 4323 4324 i = 0; 4325 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4326 4327 /* 4328 * Some broken CHAP implementations (Conware CoNet, firmware 4329 * 4.0.?) don't want to re-authenticate their CHAP once the 4330 * initial challenge-response exchange has taken place. 4331 * Provide for an option to avoid rechallenges. 4332 */ 4333 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4334 /* 4335 * Compute the re-challenge timeout. This will yield 4336 * a number between 300 and 810 seconds. 4337 */ 4338 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4339 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, (void *)sp); 4340 } 4341 4342 if (debug) { 4343 log(LOG_DEBUG, 4344 SPP_FMT "chap %s, ", 4345 SPP_ARGS(ifp), 4346 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4347 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4348 log(-1, "next re-challenge in %d seconds\n", i); 4349 else 4350 log(-1, "re-challenging supressed\n"); 4351 } 4352 4353 x = splimp(); 4354 SPPP_LOCK(sp); 4355 /* indicate to LCP that we need to be closed down */ 4356 sp->lcp.protos |= (1 << IDX_CHAP); 4357 4358 if (sp->pp_flags & PP_NEEDAUTH) { 4359 /* 4360 * Remote is authenticator, but his auth proto didn't 4361 * complete yet. Defer the transition to network 4362 * phase. 4363 */ 4364 SPPP_UNLOCK(sp); 4365 splx(x); 4366 return; 4367 } 4368 SPPP_UNLOCK(sp); 4369 splx(x); 4370 4371 /* 4372 * If we are already in phase network, we are done here. This 4373 * is the case if this is a dummy tlu event after a re-challenge. 4374 */ 4375 if (sp->pp_phase != PHASE_NETWORK) 4376 sppp_phase_network(sp); 4377} 4378 4379static void 4380sppp_chap_tld(struct sppp *sp) 4381{ 4382 STDDCL; 4383 4384 if (debug) 4385 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4386 callout_stop(&sp->ch[IDX_CHAP]); 4387 sp->lcp.protos &= ~(1 << IDX_CHAP); 4388 4389 lcp.Close(sp); 4390} 4391 4392static void 4393sppp_chap_scr(struct sppp *sp) 4394{ 4395 u_long *ch, seed; 4396 u_char clen; 4397 4398 /* Compute random challenge. */ 4399 ch = (u_long *)sp->myauth.challenge; 4400 read_random(&seed, sizeof seed); 4401 ch[0] = seed ^ random(); 4402 ch[1] = seed ^ random(); 4403 ch[2] = seed ^ random(); 4404 ch[3] = seed ^ random(); 4405 clen = AUTHKEYLEN; 4406 4407 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4408 4409 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4410 sizeof clen, (const char *)&clen, 4411 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4412 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4413 sp->myauth.name, 4414 0); 4415} 4416 4417/* 4418 *--------------------------------------------------------------------------* 4419 * * 4420 * The PAP implementation. * 4421 * * 4422 *--------------------------------------------------------------------------* 4423 */ 4424/* 4425 * For PAP, we need to keep a little state also if we are the peer, not the 4426 * authenticator. This is since we don't get a request to authenticate, but 4427 * have to repeatedly authenticate ourself until we got a response (or the 4428 * retry counter is expired). 4429 */ 4430 4431/* 4432 * Handle incoming PAP packets. */ 4433static void 4434sppp_pap_input(struct sppp *sp, struct mbuf *m) 4435{ 4436 STDDCL; 4437 struct lcp_header *h; 4438 int len, x; 4439 u_char *name, *passwd, mlen; 4440 int name_len, passwd_len; 4441 4442 len = m->m_pkthdr.len; 4443 if (len < 5) { 4444 if (debug) 4445 log(LOG_DEBUG, 4446 SPP_FMT "pap invalid packet length: %d bytes\n", 4447 SPP_ARGS(ifp), len); 4448 return; 4449 } 4450 h = mtod (m, struct lcp_header*); 4451 if (len > ntohs (h->len)) 4452 len = ntohs (h->len); 4453 switch (h->type) { 4454 /* PAP request is my authproto */ 4455 case PAP_REQ: 4456 name = 1 + (u_char*)(h+1); 4457 name_len = name[-1]; 4458 passwd = name + name_len + 1; 4459 if (name_len > len - 6 || 4460 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4461 if (debug) { 4462 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4463 "<%s id=0x%x len=%d", 4464 SPP_ARGS(ifp), 4465 sppp_auth_type_name(PPP_PAP, h->type), 4466 h->ident, ntohs(h->len)); 4467 sppp_print_bytes((u_char*)(h+1), len-4); 4468 log(-1, ">\n"); 4469 } 4470 break; 4471 } 4472 if (debug) { 4473 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4474 "<%s id=0x%x len=%d name=", 4475 SPP_ARGS(ifp), 4476 sppp_state_name(sp->state[IDX_PAP]), 4477 sppp_auth_type_name(PPP_PAP, h->type), 4478 h->ident, ntohs(h->len)); 4479 sppp_print_string((char*)name, name_len); 4480 log(-1, " passwd="); 4481 sppp_print_string((char*)passwd, passwd_len); 4482 log(-1, ">\n"); 4483 } 4484 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4485 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4486 bcmp(name, sp->hisauth.name, name_len) != 0 || 4487 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4488 /* action scn, tld */ 4489 mlen = sizeof(FAILMSG) - 1; 4490 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4491 sizeof mlen, (const char *)&mlen, 4492 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4493 0); 4494 pap.tld(sp); 4495 break; 4496 } 4497 /* action sca, perhaps tlu */ 4498 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4499 sp->state[IDX_PAP] == STATE_OPENED) { 4500 mlen = sizeof(SUCCMSG) - 1; 4501 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4502 sizeof mlen, (const char *)&mlen, 4503 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4504 0); 4505 } 4506 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4507 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4508 pap.tlu(sp); 4509 } 4510 break; 4511 4512 /* ack and nak are his authproto */ 4513 case PAP_ACK: 4514 callout_stop(&sp->pap_my_to_ch); 4515 if (debug) { 4516 log(LOG_DEBUG, SPP_FMT "pap success", 4517 SPP_ARGS(ifp)); 4518 name_len = *((char *)h); 4519 if (len > 5 && name_len) { 4520 log(-1, ": "); 4521 sppp_print_string((char*)(h+1), name_len); 4522 } 4523 log(-1, "\n"); 4524 } 4525 x = splimp(); 4526 SPPP_LOCK(sp); 4527 sp->pp_flags &= ~PP_NEEDAUTH; 4528 if (sp->myauth.proto == PPP_PAP && 4529 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4530 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4531 /* 4532 * We are authenticator for PAP but didn't 4533 * complete yet. Leave it to tlu to proceed 4534 * to network phase. 4535 */ 4536 SPPP_UNLOCK(sp); 4537 splx(x); 4538 break; 4539 } 4540 SPPP_UNLOCK(sp); 4541 splx(x); 4542 sppp_phase_network(sp); 4543 break; 4544 4545 case PAP_NAK: 4546 callout_stop (&sp->pap_my_to_ch); 4547 if (debug) { 4548 log(LOG_INFO, SPP_FMT "pap failure", 4549 SPP_ARGS(ifp)); 4550 name_len = *((char *)h); 4551 if (len > 5 && name_len) { 4552 log(-1, ": "); 4553 sppp_print_string((char*)(h+1), name_len); 4554 } 4555 log(-1, "\n"); 4556 } else 4557 log(LOG_INFO, SPP_FMT "pap failure\n", 4558 SPP_ARGS(ifp)); 4559 /* await LCP shutdown by authenticator */ 4560 break; 4561 4562 default: 4563 /* Unknown PAP packet type -- ignore. */ 4564 if (debug) { 4565 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4566 "<0x%x id=0x%x len=%d", 4567 SPP_ARGS(ifp), 4568 h->type, h->ident, ntohs(h->len)); 4569 sppp_print_bytes((u_char*)(h+1), len-4); 4570 log(-1, ">\n"); 4571 } 4572 break; 4573 4574 } 4575} 4576 4577static void 4578sppp_pap_init(struct sppp *sp) 4579{ 4580 /* PAP doesn't have STATE_INITIAL at all. */ 4581 sp->state[IDX_PAP] = STATE_CLOSED; 4582 sp->fail_counter[IDX_PAP] = 0; 4583 sp->pp_seq[IDX_PAP] = 0; 4584 sp->pp_rseq[IDX_PAP] = 0; 4585 callout_init(&sp->ch[IDX_PAP], CALLOUT_MPSAFE); 4586 callout_init(&sp->pap_my_to_ch, CALLOUT_MPSAFE); 4587} 4588 4589static void 4590sppp_pap_open(struct sppp *sp) 4591{ 4592 if (sp->hisauth.proto == PPP_PAP && 4593 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4594 /* we are authenticator for PAP, start our timer */ 4595 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4596 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4597 } 4598 if (sp->myauth.proto == PPP_PAP) { 4599 /* we are peer, send a request, and start a timer */ 4600 pap.scr(sp); 4601 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 4602 sppp_pap_my_TO, (void *)sp); 4603 } 4604} 4605 4606static void 4607sppp_pap_close(struct sppp *sp) 4608{ 4609 if (sp->state[IDX_PAP] != STATE_CLOSED) 4610 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4611} 4612 4613/* 4614 * That's the timeout routine if we are authenticator. Since the 4615 * authenticator is basically passive in PAP, we can't do much here. 4616 */ 4617static void 4618sppp_pap_TO(void *cookie) 4619{ 4620 struct sppp *sp = (struct sppp *)cookie; 4621 STDDCL; 4622 int s; 4623 4624 s = splimp(); 4625 SPPP_LOCK(sp); 4626 if (debug) 4627 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4628 SPP_ARGS(ifp), 4629 sppp_state_name(sp->state[IDX_PAP]), 4630 sp->rst_counter[IDX_PAP]); 4631 4632 if (--sp->rst_counter[IDX_PAP] < 0) 4633 /* TO- event */ 4634 switch (sp->state[IDX_PAP]) { 4635 case STATE_REQ_SENT: 4636 pap.tld(sp); 4637 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4638 break; 4639 } 4640 else 4641 /* TO+ event, not very much we could do */ 4642 switch (sp->state[IDX_PAP]) { 4643 case STATE_REQ_SENT: 4644 /* sppp_cp_change_state() will restart the timer */ 4645 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4646 break; 4647 } 4648 4649 SPPP_UNLOCK(sp); 4650 splx(s); 4651} 4652 4653/* 4654 * That's the timeout handler if we are peer. Since the peer is active, 4655 * we need to retransmit our PAP request since it is apparently lost. 4656 * XXX We should impose a max counter. 4657 */ 4658static void 4659sppp_pap_my_TO(void *cookie) 4660{ 4661 struct sppp *sp = (struct sppp *)cookie; 4662 STDDCL; 4663 4664 if (debug) 4665 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4666 SPP_ARGS(ifp)); 4667 4668 SPPP_LOCK(sp); 4669 pap.scr(sp); 4670 SPPP_UNLOCK(sp); 4671} 4672 4673static void 4674sppp_pap_tlu(struct sppp *sp) 4675{ 4676 STDDCL; 4677 int x; 4678 4679 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4680 4681 if (debug) 4682 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4683 SPP_ARGS(ifp), pap.name); 4684 4685 x = splimp(); 4686 SPPP_LOCK(sp); 4687 /* indicate to LCP that we need to be closed down */ 4688 sp->lcp.protos |= (1 << IDX_PAP); 4689 4690 if (sp->pp_flags & PP_NEEDAUTH) { 4691 /* 4692 * Remote is authenticator, but his auth proto didn't 4693 * complete yet. Defer the transition to network 4694 * phase. 4695 */ 4696 SPPP_UNLOCK(sp); 4697 splx(x); 4698 return; 4699 } 4700 SPPP_UNLOCK(sp); 4701 splx(x); 4702 sppp_phase_network(sp); 4703} 4704 4705static void 4706sppp_pap_tld(struct sppp *sp) 4707{ 4708 STDDCL; 4709 4710 if (debug) 4711 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4712 callout_stop (&sp->ch[IDX_PAP]); 4713 callout_stop (&sp->pap_my_to_ch); 4714 sp->lcp.protos &= ~(1 << IDX_PAP); 4715 4716 lcp.Close(sp); 4717} 4718 4719static void 4720sppp_pap_scr(struct sppp *sp) 4721{ 4722 u_char idlen, pwdlen; 4723 4724 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4725 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4726 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4727 4728 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4729 sizeof idlen, (const char *)&idlen, 4730 (size_t)idlen, sp->myauth.name, 4731 sizeof pwdlen, (const char *)&pwdlen, 4732 (size_t)pwdlen, sp->myauth.secret, 4733 0); 4734} 4735 4736/* 4737 * Random miscellaneous functions. 4738 */ 4739 4740/* 4741 * Send a PAP or CHAP proto packet. 4742 * 4743 * Varadic function, each of the elements for the ellipsis is of type 4744 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4745 * mlen == 0. 4746 * NOTE: never declare variadic functions with types subject to type 4747 * promotion (i.e. u_char). This is asking for big trouble depending 4748 * on the architecture you are on... 4749 */ 4750 4751static void 4752sppp_auth_send(const struct cp *cp, struct sppp *sp, 4753 unsigned int type, unsigned int id, 4754 ...) 4755{ 4756 STDDCL; 4757 struct ppp_header *h; 4758 struct lcp_header *lh; 4759 struct mbuf *m; 4760 u_char *p; 4761 int len; 4762 unsigned int mlen; 4763 const char *msg; 4764 va_list ap; 4765 4766 MGETHDR (m, M_DONTWAIT, MT_DATA); 4767 if (! m) 4768 return; 4769 m->m_pkthdr.rcvif = 0; 4770 4771 h = mtod (m, struct ppp_header*); 4772 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4773 h->control = PPP_UI; /* Unnumbered Info */ 4774 h->protocol = htons(cp->proto); 4775 4776 lh = (struct lcp_header*)(h + 1); 4777 lh->type = type; 4778 lh->ident = id; 4779 p = (u_char*) (lh+1); 4780 4781 va_start(ap, id); 4782 len = 0; 4783 4784 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4785 msg = va_arg(ap, const char *); 4786 len += mlen; 4787 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4788 va_end(ap); 4789 m_freem(m); 4790 return; 4791 } 4792 4793 bcopy(msg, p, mlen); 4794 p += mlen; 4795 } 4796 va_end(ap); 4797 4798 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4799 lh->len = htons (LCP_HEADER_LEN + len); 4800 4801 if (debug) { 4802 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4803 SPP_ARGS(ifp), cp->name, 4804 sppp_auth_type_name(cp->proto, lh->type), 4805 lh->ident, ntohs(lh->len)); 4806 sppp_print_bytes((u_char*) (lh+1), len); 4807 log(-1, ">\n"); 4808 } 4809 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 4810 ifp->if_oerrors++; 4811} 4812 4813/* 4814 * Flush interface queue. 4815 */ 4816static void 4817sppp_qflush(struct ifqueue *ifq) 4818{ 4819 struct mbuf *m, *n; 4820 4821 n = ifq->ifq_head; 4822 while ((m = n)) { 4823 n = m->m_act; 4824 m_freem (m); 4825 } 4826 ifq->ifq_head = 0; 4827 ifq->ifq_tail = 0; 4828 ifq->ifq_len = 0; 4829} 4830 4831/* 4832 * Send keepalive packets, every 10 seconds. 4833 */ 4834static void 4835sppp_keepalive(void *dummy) 4836{ 4837 struct sppp *sp = (struct sppp*)dummy; 4838 struct ifnet *ifp = SP2IFP(sp); 4839 int s; 4840 4841 s = splimp(); 4842 SPPP_LOCK(sp); 4843 /* Keepalive mode disabled or channel down? */ 4844 if (! (sp->pp_flags & PP_KEEPALIVE) || 4845 ! (ifp->if_drv_flags & IFF_DRV_RUNNING)) 4846 goto out; 4847 4848 if (sp->pp_mode == PP_FR) { 4849 sppp_fr_keepalive (sp); 4850 goto out; 4851 } 4852 4853 /* No keepalive in PPP mode if LCP not opened yet. */ 4854 if (sp->pp_mode != IFF_CISCO && 4855 sp->pp_phase < PHASE_AUTHENTICATE) 4856 goto out; 4857 4858 if (sp->pp_alivecnt == MAXALIVECNT) { 4859 /* No keepalive packets got. Stop the interface. */ 4860 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4861 if_down (ifp); 4862 sppp_qflush (&sp->pp_cpq); 4863 if (sp->pp_mode != IFF_CISCO) { 4864 /* XXX */ 4865 /* Shut down the PPP link. */ 4866 lcp.Down(sp); 4867 /* Initiate negotiation. XXX */ 4868 lcp.Up(sp); 4869 } 4870 } 4871 if (sp->pp_alivecnt <= MAXALIVECNT) 4872 ++sp->pp_alivecnt; 4873 if (sp->pp_mode == IFF_CISCO) 4874 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4875 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4876 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4877 long nmagic = htonl (sp->lcp.magic); 4878 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4879 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4880 sp->lcp.echoid, 4, &nmagic); 4881 } 4882out: 4883 SPPP_UNLOCK(sp); 4884 splx(s); 4885 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 4886 (void *)sp); 4887} 4888 4889/* 4890 * Get both IP addresses. 4891 */ 4892void 4893sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4894{ 4895 struct ifnet *ifp = SP2IFP(sp); 4896 struct ifaddr *ifa; 4897 struct sockaddr_in *si, *sm; 4898 u_long ssrc, ddst; 4899 4900 sm = NULL; 4901 ssrc = ddst = 0L; 4902 /* 4903 * Pick the first AF_INET address from the list, 4904 * aliases don't make any sense on a p2p link anyway. 4905 */ 4906 si = 0; 4907 if_addr_rlock(ifp); 4908 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4909 if (ifa->ifa_addr->sa_family == AF_INET) { 4910 si = (struct sockaddr_in *)ifa->ifa_addr; 4911 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4912 if (si) 4913 break; 4914 } 4915 if (ifa) { 4916 if (si && si->sin_addr.s_addr) { 4917 ssrc = si->sin_addr.s_addr; 4918 if (srcmask) 4919 *srcmask = ntohl(sm->sin_addr.s_addr); 4920 } 4921 4922 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4923 if (si && si->sin_addr.s_addr) 4924 ddst = si->sin_addr.s_addr; 4925 } 4926 if_addr_runlock(ifp); 4927 4928 if (dst) *dst = ntohl(ddst); 4929 if (src) *src = ntohl(ssrc); 4930} 4931 4932#ifdef INET 4933/* 4934 * Set my IP address. Must be called at splimp. 4935 */ 4936static void 4937sppp_set_ip_addr(struct sppp *sp, u_long src) 4938{ 4939 STDDCL; 4940 struct ifaddr *ifa; 4941 struct sockaddr_in *si; 4942 struct in_ifaddr *ia; 4943 4944 /* 4945 * Pick the first AF_INET address from the list, 4946 * aliases don't make any sense on a p2p link anyway. 4947 */ 4948 si = 0; 4949 if_addr_rlock(ifp); 4950 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 4951 if (ifa->ifa_addr->sa_family == AF_INET) { 4952 si = (struct sockaddr_in *)ifa->ifa_addr; 4953 if (si != NULL) { 4954 ifa_ref(ifa); 4955 break; 4956 } 4957 } 4958 } 4959 if_addr_runlock(ifp); 4960 4961 if (ifa != NULL) { 4962 int error; 4963 4964 /* delete old route */ 4965 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4966 if (debug && error) { 4967 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4968 SPP_ARGS(ifp), error); 4969 } 4970 4971 /* set new address */ 4972 si->sin_addr.s_addr = htonl(src); 4973 ia = ifatoia(ifa); 4974 IN_IFADDR_WLOCK(); 4975 LIST_REMOVE(ia, ia_hash); 4976 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4977 IN_IFADDR_WUNLOCK(); 4978 4979 /* add new route */ 4980 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4981 if (debug && error) { 4982 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4983 SPP_ARGS(ifp), error); 4984 } 4985 ifa_free(ifa); 4986 } 4987} 4988#endif 4989 4990#ifdef INET6 4991/* 4992 * Get both IPv6 addresses. 4993 */ 4994static void 4995sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4996 struct in6_addr *srcmask) 4997{ 4998 struct ifnet *ifp = SP2IFP(sp); 4999 struct ifaddr *ifa; 5000 struct sockaddr_in6 *si, *sm; 5001 struct in6_addr ssrc, ddst; 5002 5003 sm = NULL; 5004 bzero(&ssrc, sizeof(ssrc)); 5005 bzero(&ddst, sizeof(ddst)); 5006 /* 5007 * Pick the first link-local AF_INET6 address from the list, 5008 * aliases don't make any sense on a p2p link anyway. 5009 */ 5010 si = NULL; 5011 if_addr_rlock(ifp); 5012 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 5013 if (ifa->ifa_addr->sa_family == AF_INET6) { 5014 si = (struct sockaddr_in6 *)ifa->ifa_addr; 5015 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 5016 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 5017 break; 5018 } 5019 if (ifa) { 5020 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 5021 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 5022 if (srcmask) { 5023 bcopy(&sm->sin6_addr, srcmask, 5024 sizeof(*srcmask)); 5025 } 5026 } 5027 5028 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 5029 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 5030 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 5031 } 5032 5033 if (dst) 5034 bcopy(&ddst, dst, sizeof(*dst)); 5035 if (src) 5036 bcopy(&ssrc, src, sizeof(*src)); 5037 if_addr_runlock(ifp); 5038} 5039 5040#ifdef IPV6CP_MYIFID_DYN 5041/* 5042 * Generate random ifid. 5043 */ 5044static void 5045sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 5046{ 5047 /* TBD */ 5048} 5049 5050/* 5051 * Set my IPv6 address. Must be called at splimp. 5052 */ 5053static void 5054sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 5055{ 5056 STDDCL; 5057 struct ifaddr *ifa; 5058 struct sockaddr_in6 *sin6; 5059 5060 /* 5061 * Pick the first link-local AF_INET6 address from the list, 5062 * aliases don't make any sense on a p2p link anyway. 5063 */ 5064 5065 sin6 = NULL; 5066 if_addr_rlock(ifp); 5067 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 5068 if (ifa->ifa_addr->sa_family == AF_INET6) { 5069 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 5070 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 5071 ifa_ref(ifa); 5072 break; 5073 } 5074 } 5075 } 5076 if_addr_runlock(ifp); 5077 5078 if (ifa != NULL) { 5079 int error; 5080 struct sockaddr_in6 new_sin6 = *sin6; 5081 5082 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 5083 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 5084 if (debug && error) { 5085 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 5086 " failed, error=%d\n", SPP_ARGS(ifp), error); 5087 } 5088 ifa_free(ifa); 5089 } 5090} 5091#endif 5092 5093/* 5094 * Suggest a candidate address to be used by peer. 5095 */ 5096static void 5097sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5098{ 5099 struct in6_addr myaddr; 5100 struct timeval tv; 5101 5102 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5103 5104 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5105 microtime(&tv); 5106 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5107 myaddr.s6_addr[14] ^= 0xff; 5108 myaddr.s6_addr[15] ^= 0xff; 5109 } else { 5110 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5111 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5112 } 5113 if (suggest) 5114 bcopy(&myaddr, suggest, sizeof(myaddr)); 5115} 5116#endif /*INET6*/ 5117 5118static int 5119sppp_params(struct sppp *sp, u_long cmd, void *data) 5120{ 5121 u_long subcmd; 5122 struct ifreq *ifr = (struct ifreq *)data; 5123 struct spppreq *spr; 5124 int rv = 0; 5125 5126 if ((spr = malloc(sizeof(struct spppreq), M_TEMP, M_NOWAIT)) == 0) 5127 return (EAGAIN); 5128 /* 5129 * ifr->ifr_data is supposed to point to a struct spppreq. 5130 * Check the cmd word first before attempting to fetch all the 5131 * data. 5132 */ 5133 if ((subcmd = fuword(ifr->ifr_data)) == -1) { 5134 rv = EFAULT; 5135 goto quit; 5136 } 5137 5138 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(struct spppreq)) != 0) { 5139 rv = EFAULT; 5140 goto quit; 5141 } 5142 5143 switch (subcmd) { 5144 case (u_long)SPPPIOGDEFS: 5145 if (cmd != SIOCGIFGENERIC) { 5146 rv = EINVAL; 5147 break; 5148 } 5149 /* 5150 * We copy over the entire current state, but clean 5151 * out some of the stuff we don't wanna pass up. 5152 * Remember, SIOCGIFGENERIC is unprotected, and can be 5153 * called by any user. No need to ever get PAP or 5154 * CHAP secrets back to userland anyway. 5155 */ 5156 spr->defs.pp_phase = sp->pp_phase; 5157 spr->defs.enable_vj = (sp->confflags & CONF_ENABLE_VJ) != 0; 5158 spr->defs.enable_ipv6 = (sp->confflags & CONF_ENABLE_IPV6) != 0; 5159 spr->defs.lcp = sp->lcp; 5160 spr->defs.ipcp = sp->ipcp; 5161 spr->defs.ipv6cp = sp->ipv6cp; 5162 spr->defs.myauth = sp->myauth; 5163 spr->defs.hisauth = sp->hisauth; 5164 bzero(spr->defs.myauth.secret, AUTHKEYLEN); 5165 bzero(spr->defs.myauth.challenge, AUTHKEYLEN); 5166 bzero(spr->defs.hisauth.secret, AUTHKEYLEN); 5167 bzero(spr->defs.hisauth.challenge, AUTHKEYLEN); 5168 /* 5169 * Fixup the LCP timeout value to milliseconds so 5170 * spppcontrol doesn't need to bother about the value 5171 * of "hz". We do the reverse calculation below when 5172 * setting it. 5173 */ 5174 spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz; 5175 rv = copyout(spr, (caddr_t)ifr->ifr_data, 5176 sizeof(struct spppreq)); 5177 break; 5178 5179 case (u_long)SPPPIOSDEFS: 5180 if (cmd != SIOCSIFGENERIC) { 5181 rv = EINVAL; 5182 break; 5183 } 5184 /* 5185 * We have a very specific idea of which fields we 5186 * allow being passed back from userland, so to not 5187 * clobber our current state. For one, we only allow 5188 * setting anything if LCP is in dead or establish 5189 * phase. Once the authentication negotiations 5190 * started, the authentication settings must not be 5191 * changed again. (The administrator can force an 5192 * ifconfig down in order to get LCP back into dead 5193 * phase.) 5194 * 5195 * Also, we only allow for authentication parameters to be 5196 * specified. 5197 * 5198 * XXX Should allow to set or clear pp_flags. 5199 * 5200 * Finally, if the respective authentication protocol to 5201 * be used is set differently than 0, but the secret is 5202 * passed as all zeros, we don't trash the existing secret. 5203 * This allows an administrator to change the system name 5204 * only without clobbering the secret (which he didn't get 5205 * back in a previous SPPPIOGDEFS call). However, the 5206 * secrets are cleared if the authentication protocol is 5207 * reset to 0. */ 5208 if (sp->pp_phase != PHASE_DEAD && 5209 sp->pp_phase != PHASE_ESTABLISH) { 5210 rv = EBUSY; 5211 break; 5212 } 5213 5214 if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP && 5215 spr->defs.myauth.proto != PPP_CHAP) || 5216 (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP && 5217 spr->defs.hisauth.proto != PPP_CHAP)) { 5218 rv = EINVAL; 5219 break; 5220 } 5221 5222 if (spr->defs.myauth.proto == 0) 5223 /* resetting myauth */ 5224 bzero(&sp->myauth, sizeof sp->myauth); 5225 else { 5226 /* setting/changing myauth */ 5227 sp->myauth.proto = spr->defs.myauth.proto; 5228 bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 5229 if (spr->defs.myauth.secret[0] != '\0') 5230 bcopy(spr->defs.myauth.secret, sp->myauth.secret, 5231 AUTHKEYLEN); 5232 } 5233 if (spr->defs.hisauth.proto == 0) 5234 /* resetting hisauth */ 5235 bzero(&sp->hisauth, sizeof sp->hisauth); 5236 else { 5237 /* setting/changing hisauth */ 5238 sp->hisauth.proto = spr->defs.hisauth.proto; 5239 sp->hisauth.flags = spr->defs.hisauth.flags; 5240 bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5241 if (spr->defs.hisauth.secret[0] != '\0') 5242 bcopy(spr->defs.hisauth.secret, sp->hisauth.secret, 5243 AUTHKEYLEN); 5244 } 5245 /* set LCP restart timer timeout */ 5246 if (spr->defs.lcp.timeout != 0) 5247 sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000; 5248 /* set VJ enable and IPv6 disable flags */ 5249#ifdef INET 5250 if (spr->defs.enable_vj) 5251 sp->confflags |= CONF_ENABLE_VJ; 5252 else 5253 sp->confflags &= ~CONF_ENABLE_VJ; 5254#endif 5255#ifdef INET6 5256 if (spr->defs.enable_ipv6) 5257 sp->confflags |= CONF_ENABLE_IPV6; 5258 else 5259 sp->confflags &= ~CONF_ENABLE_IPV6; 5260#endif 5261 break; 5262 5263 default: 5264 rv = EINVAL; 5265 } 5266 5267 quit: 5268 free(spr, M_TEMP); 5269 5270 return (rv); 5271} 5272 5273static void 5274sppp_phase_network(struct sppp *sp) 5275{ 5276 STDDCL; 5277 int i; 5278 u_long mask; 5279 5280 sp->pp_phase = PHASE_NETWORK; 5281 5282 if (debug) 5283 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5284 sppp_phase_name(sp->pp_phase)); 5285 5286 /* Notify NCPs now. */ 5287 for (i = 0; i < IDX_COUNT; i++) 5288 if ((cps[i])->flags & CP_NCP) 5289 (cps[i])->Open(sp); 5290 5291 /* Send Up events to all NCPs. */ 5292 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5293 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5294 (cps[i])->Up(sp); 5295 5296 /* if no NCP is starting, all this was in vain, close down */ 5297 sppp_lcp_check_and_close(sp); 5298} 5299 5300 5301static const char * 5302sppp_cp_type_name(u_char type) 5303{ 5304 static char buf[12]; 5305 switch (type) { 5306 case CONF_REQ: return "conf-req"; 5307 case CONF_ACK: return "conf-ack"; 5308 case CONF_NAK: return "conf-nak"; 5309 case CONF_REJ: return "conf-rej"; 5310 case TERM_REQ: return "term-req"; 5311 case TERM_ACK: return "term-ack"; 5312 case CODE_REJ: return "code-rej"; 5313 case PROTO_REJ: return "proto-rej"; 5314 case ECHO_REQ: return "echo-req"; 5315 case ECHO_REPLY: return "echo-reply"; 5316 case DISC_REQ: return "discard-req"; 5317 } 5318 snprintf (buf, sizeof(buf), "cp/0x%x", type); 5319 return buf; 5320} 5321 5322static const char * 5323sppp_auth_type_name(u_short proto, u_char type) 5324{ 5325 static char buf[12]; 5326 switch (proto) { 5327 case PPP_CHAP: 5328 switch (type) { 5329 case CHAP_CHALLENGE: return "challenge"; 5330 case CHAP_RESPONSE: return "response"; 5331 case CHAP_SUCCESS: return "success"; 5332 case CHAP_FAILURE: return "failure"; 5333 } 5334 case PPP_PAP: 5335 switch (type) { 5336 case PAP_REQ: return "req"; 5337 case PAP_ACK: return "ack"; 5338 case PAP_NAK: return "nak"; 5339 } 5340 } 5341 snprintf (buf, sizeof(buf), "auth/0x%x", type); 5342 return buf; 5343} 5344 5345static const char * 5346sppp_lcp_opt_name(u_char opt) 5347{ 5348 static char buf[12]; 5349 switch (opt) { 5350 case LCP_OPT_MRU: return "mru"; 5351 case LCP_OPT_ASYNC_MAP: return "async-map"; 5352 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5353 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5354 case LCP_OPT_MAGIC: return "magic"; 5355 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5356 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5357 } 5358 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 5359 return buf; 5360} 5361 5362#ifdef INET 5363static const char * 5364sppp_ipcp_opt_name(u_char opt) 5365{ 5366 static char buf[12]; 5367 switch (opt) { 5368 case IPCP_OPT_ADDRESSES: return "addresses"; 5369 case IPCP_OPT_COMPRESSION: return "compression"; 5370 case IPCP_OPT_ADDRESS: return "address"; 5371 } 5372 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 5373 return buf; 5374} 5375#endif 5376 5377#ifdef INET6 5378static const char * 5379sppp_ipv6cp_opt_name(u_char opt) 5380{ 5381 static char buf[12]; 5382 switch (opt) { 5383 case IPV6CP_OPT_IFID: return "ifid"; 5384 case IPV6CP_OPT_COMPRESSION: return "compression"; 5385 } 5386 sprintf (buf, "0x%x", opt); 5387 return buf; 5388} 5389#endif 5390 5391static const char * 5392sppp_state_name(int state) 5393{ 5394 switch (state) { 5395 case STATE_INITIAL: return "initial"; 5396 case STATE_STARTING: return "starting"; 5397 case STATE_CLOSED: return "closed"; 5398 case STATE_STOPPED: return "stopped"; 5399 case STATE_CLOSING: return "closing"; 5400 case STATE_STOPPING: return "stopping"; 5401 case STATE_REQ_SENT: return "req-sent"; 5402 case STATE_ACK_RCVD: return "ack-rcvd"; 5403 case STATE_ACK_SENT: return "ack-sent"; 5404 case STATE_OPENED: return "opened"; 5405 } 5406 return "illegal"; 5407} 5408 5409static const char * 5410sppp_phase_name(enum ppp_phase phase) 5411{ 5412 switch (phase) { 5413 case PHASE_DEAD: return "dead"; 5414 case PHASE_ESTABLISH: return "establish"; 5415 case PHASE_TERMINATE: return "terminate"; 5416 case PHASE_AUTHENTICATE: return "authenticate"; 5417 case PHASE_NETWORK: return "network"; 5418 } 5419 return "illegal"; 5420} 5421 5422static const char * 5423sppp_proto_name(u_short proto) 5424{ 5425 static char buf[12]; 5426 switch (proto) { 5427 case PPP_LCP: return "lcp"; 5428 case PPP_IPCP: return "ipcp"; 5429 case PPP_PAP: return "pap"; 5430 case PPP_CHAP: return "chap"; 5431 case PPP_IPV6CP: return "ipv6cp"; 5432 } 5433 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5434 return buf; 5435} 5436 5437static void 5438sppp_print_bytes(const u_char *p, u_short len) 5439{ 5440 if (len) 5441 log(-1, " %*D", len, p, "-"); 5442} 5443 5444static void 5445sppp_print_string(const char *p, u_short len) 5446{ 5447 u_char c; 5448 5449 while (len-- > 0) { 5450 c = *p++; 5451 /* 5452 * Print only ASCII chars directly. RFC 1994 recommends 5453 * using only them, but we don't rely on it. */ 5454 if (c < ' ' || c > '~') 5455 log(-1, "\\x%x", c); 5456 else 5457 log(-1, "%c", c); 5458 } 5459} 5460 5461#ifdef INET 5462static const char * 5463sppp_dotted_quad(u_long addr) 5464{ 5465 static char s[16]; 5466 sprintf(s, "%d.%d.%d.%d", 5467 (int)((addr >> 24) & 0xff), 5468 (int)((addr >> 16) & 0xff), 5469 (int)((addr >> 8) & 0xff), 5470 (int)(addr & 0xff)); 5471 return s; 5472} 5473#endif 5474 5475static int 5476sppp_strnlen(u_char *p, int max) 5477{ 5478 int len; 5479 5480 for (len = 0; len < max && *p; ++p) 5481 ++len; 5482 return len; 5483} 5484 5485/* a dummy, used to drop uninteresting events */ 5486static void 5487sppp_null(struct sppp *unused) 5488{ 5489 /* do just nothing */ 5490} 5491