if_spppsubr.c revision 88534
1/* 2 * Synchronous PPP/Cisco link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 * 5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6 * Author: Serge Vakulenko, <vak@cronyx.ru> 7 * 8 * Heavily revamped to conform to RFC 1661. 9 * Copyright (C) 1997, 2001 Joerg Wunsch. 10 * 11 * This software is distributed with NO WARRANTIES, not even the implied 12 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13 * 14 * Authors grant any other persons or organisations permission to use 15 * or modify this software as long as this message is kept with the software, 16 * all derivative works or modified versions. 17 * 18 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 19 * 20 * $FreeBSD: head/sys/net/if_spppsubr.c 88534 2001-12-27 16:49:31Z joerg $ 21 */ 22 23#include <sys/param.h> 24 25#if defined(__FreeBSD__) && __FreeBSD__ >= 3 26#include "opt_inet.h" 27#include "opt_inet6.h" 28#include "opt_ipx.h" 29#endif 30 31#ifdef NetBSD1_3 32# if NetBSD1_3 > 6 33# include "opt_inet.h" 34# include "opt_inet6.h" 35# include "opt_iso.h" 36# endif 37#endif 38 39#include <sys/systm.h> 40#include <sys/kernel.h> 41#include <sys/module.h> 42#include <sys/sockio.h> 43#include <sys/socket.h> 44#include <sys/syslog.h> 45#if defined(__FreeBSD__) && __FreeBSD__ >= 3 46#include <sys/random.h> 47#endif 48#include <sys/malloc.h> 49#include <sys/mbuf.h> 50 51#if defined (__OpenBSD__) 52#include <sys/md5k.h> 53#else 54#include <sys/md5.h> 55#endif 56 57#include <net/if.h> 58#include <net/netisr.h> 59#include <net/if_types.h> 60#include <net/route.h> 61#include <netinet/in.h> 62#include <netinet/in_systm.h> 63#include <netinet/ip.h> 64#include <net/slcompress.h> 65 66#if defined (__NetBSD__) || defined (__OpenBSD__) 67#include <machine/cpu.h> /* XXX for softnet */ 68#endif 69 70#include <machine/stdarg.h> 71 72#ifdef INET 73#include <netinet/in.h> 74#include <netinet/in_systm.h> 75#include <netinet/in_var.h> 76#include <netinet/ip.h> 77#include <netinet/tcp.h> 78# if defined (__FreeBSD__) || defined (__OpenBSD__) 79# include <netinet/if_ether.h> 80# else 81# include <net/ethertypes.h> 82# endif 83#else 84# error Huh? sppp without INET? 85#endif 86 87#ifdef IPX 88#include <netipx/ipx.h> 89#include <netipx/ipx_if.h> 90#endif 91 92#ifdef NS 93#include <netns/ns.h> 94#include <netns/ns_if.h> 95#endif 96 97#include <net/if_sppp.h> 98 99#if defined(__FreeBSD__) && __FreeBSD__ >= 3 100# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg, handle) 101# define TIMEOUT(fun, arg1, arg2, handle) handle = timeout(fun, arg1, arg2) 102# define IOCTL_CMD_T u_long 103#else 104# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg) 105# define TIMEOUT(fun, arg1, arg2, handle) timeout(fun, arg1, arg2) 106# define IOCTL_CMD_T int 107#endif 108 109#define MAXALIVECNT 3 /* max. alive packets */ 110 111/* 112 * Interface flags that can be set in an ifconfig command. 113 * 114 * Setting link0 will make the link passive, i.e. it will be marked 115 * as being administrative openable, but won't be opened to begin 116 * with. Incoming calls will be answered, or subsequent calls with 117 * -link1 will cause the administrative open of the LCP layer. 118 * 119 * Setting link1 will cause the link to auto-dial only as packets 120 * arrive to be sent. 121 * 122 * Setting IFF_DEBUG will syslog the option negotiation and state 123 * transitions at level kern.debug. Note: all logs consistently look 124 * like 125 * 126 * <if-name><unit>: <proto-name> <additional info...> 127 * 128 * with <if-name><unit> being something like "bppp0", and <proto-name> 129 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 130 */ 131 132#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 133#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 134#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 135 136#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 137#define PPP_UI 0x03 /* Unnumbered Information */ 138#define PPP_IP 0x0021 /* Internet Protocol */ 139#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 140#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 141#define PPP_IPX 0x002b /* Novell IPX Protocol */ 142#define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */ 143#define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */ 144#define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 145#define PPP_LCP 0xc021 /* Link Control Protocol */ 146#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 147#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 148#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 149#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 150 151#define CONF_REQ 1 /* PPP configure request */ 152#define CONF_ACK 2 /* PPP configure acknowledge */ 153#define CONF_NAK 3 /* PPP configure negative ack */ 154#define CONF_REJ 4 /* PPP configure reject */ 155#define TERM_REQ 5 /* PPP terminate request */ 156#define TERM_ACK 6 /* PPP terminate acknowledge */ 157#define CODE_REJ 7 /* PPP code reject */ 158#define PROTO_REJ 8 /* PPP protocol reject */ 159#define ECHO_REQ 9 /* PPP echo request */ 160#define ECHO_REPLY 10 /* PPP echo reply */ 161#define DISC_REQ 11 /* PPP discard request */ 162 163#define LCP_OPT_MRU 1 /* maximum receive unit */ 164#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 165#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 166#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 167#define LCP_OPT_MAGIC 5 /* magic number */ 168#define LCP_OPT_RESERVED 6 /* reserved */ 169#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 170#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 171 172#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 173#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 174#define IPCP_OPT_ADDRESS 3 /* local IP address */ 175 176#define IPV6CP_OPT_IFID 1 /* interface identifier */ 177#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 178 179#define IPCP_COMP_VJ 0x2d /* Code for VJ compression */ 180 181#define PAP_REQ 1 /* PAP name/password request */ 182#define PAP_ACK 2 /* PAP acknowledge */ 183#define PAP_NAK 3 /* PAP fail */ 184 185#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 186#define CHAP_RESPONSE 2 /* CHAP challenge response */ 187#define CHAP_SUCCESS 3 /* CHAP response ok */ 188#define CHAP_FAILURE 4 /* CHAP response failed */ 189 190#define CHAP_MD5 5 /* hash algorithm - MD5 */ 191 192#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 193#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 194#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 195#define CISCO_ADDR_REQ 0 /* Cisco address request */ 196#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 197#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 198 199/* states are named and numbered according to RFC 1661 */ 200#define STATE_INITIAL 0 201#define STATE_STARTING 1 202#define STATE_CLOSED 2 203#define STATE_STOPPED 3 204#define STATE_CLOSING 4 205#define STATE_STOPPING 5 206#define STATE_REQ_SENT 6 207#define STATE_ACK_RCVD 7 208#define STATE_ACK_SENT 8 209#define STATE_OPENED 9 210 211struct ppp_header { 212 u_char address; 213 u_char control; 214 u_short protocol; 215}; 216#define PPP_HEADER_LEN sizeof (struct ppp_header) 217 218struct lcp_header { 219 u_char type; 220 u_char ident; 221 u_short len; 222}; 223#define LCP_HEADER_LEN sizeof (struct lcp_header) 224 225struct cisco_packet { 226 u_long type; 227 u_long par1; 228 u_long par2; 229 u_short rel; 230 u_short time0; 231 u_short time1; 232}; 233#define CISCO_PACKET_LEN 18 234 235/* 236 * We follow the spelling and capitalization of RFC 1661 here, to make 237 * it easier comparing with the standard. Please refer to this RFC in 238 * case you can't make sense out of these abbreviation; it will also 239 * explain the semantics related to the various events and actions. 240 */ 241struct cp { 242 u_short proto; /* PPP control protocol number */ 243 u_char protoidx; /* index into state table in struct sppp */ 244 u_char flags; 245#define CP_LCP 0x01 /* this is the LCP */ 246#define CP_AUTH 0x02 /* this is an authentication protocol */ 247#define CP_NCP 0x04 /* this is a NCP */ 248#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 249 const char *name; /* name of this control protocol */ 250 /* event handlers */ 251 void (*Up)(struct sppp *sp); 252 void (*Down)(struct sppp *sp); 253 void (*Open)(struct sppp *sp); 254 void (*Close)(struct sppp *sp); 255 void (*TO)(void *sp); 256 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 257 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 258 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 259 /* actions */ 260 void (*tlu)(struct sppp *sp); 261 void (*tld)(struct sppp *sp); 262 void (*tls)(struct sppp *sp); 263 void (*tlf)(struct sppp *sp); 264 void (*scr)(struct sppp *sp); 265}; 266 267static struct sppp *spppq; 268#if defined(__FreeBSD__) && __FreeBSD__ >= 3 269static struct callout_handle keepalive_ch; 270#endif 271 272#if defined(__FreeBSD__) && __FreeBSD__ >= 3 273#define SPP_FMT "%s%d: " 274#define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 275#else 276#define SPP_FMT "%s: " 277#define SPP_ARGS(ifp) (ifp)->if_xname 278#endif 279 280/* 281 * The following disgusting hack gets around the problem that IP TOS 282 * can't be set yet. We want to put "interactive" traffic on a high 283 * priority queue. To decide if traffic is interactive, we check that 284 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 285 * 286 * XXX is this really still necessary? - joerg - 287 */ 288static u_short interactive_ports[8] = { 289 0, 513, 0, 0, 290 0, 21, 0, 23, 291}; 292#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 293 294/* almost every function needs these */ 295#define STDDCL \ 296 struct ifnet *ifp = &sp->pp_if; \ 297 int debug = ifp->if_flags & IFF_DEBUG 298 299static int sppp_output(struct ifnet *ifp, struct mbuf *m, 300 struct sockaddr *dst, struct rtentry *rt); 301 302static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 303static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 304 305static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 306 struct mbuf *m); 307static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 308 u_char ident, u_short len, void *data); 309/* static void sppp_cp_timeout(void *arg); */ 310static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 311 int newstate); 312static void sppp_auth_send(const struct cp *cp, 313 struct sppp *sp, unsigned int type, unsigned int id, 314 ...); 315 316static void sppp_up_event(const struct cp *cp, struct sppp *sp); 317static void sppp_down_event(const struct cp *cp, struct sppp *sp); 318static void sppp_open_event(const struct cp *cp, struct sppp *sp); 319static void sppp_close_event(const struct cp *cp, struct sppp *sp); 320static void sppp_to_event(const struct cp *cp, struct sppp *sp); 321 322static void sppp_null(struct sppp *sp); 323 324static void sppp_lcp_init(struct sppp *sp); 325static void sppp_lcp_up(struct sppp *sp); 326static void sppp_lcp_down(struct sppp *sp); 327static void sppp_lcp_open(struct sppp *sp); 328static void sppp_lcp_close(struct sppp *sp); 329static void sppp_lcp_TO(void *sp); 330static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 331static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 332static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 333static void sppp_lcp_tlu(struct sppp *sp); 334static void sppp_lcp_tld(struct sppp *sp); 335static void sppp_lcp_tls(struct sppp *sp); 336static void sppp_lcp_tlf(struct sppp *sp); 337static void sppp_lcp_scr(struct sppp *sp); 338static void sppp_lcp_check_and_close(struct sppp *sp); 339static int sppp_ncp_check(struct sppp *sp); 340 341static void sppp_ipcp_init(struct sppp *sp); 342static void sppp_ipcp_up(struct sppp *sp); 343static void sppp_ipcp_down(struct sppp *sp); 344static void sppp_ipcp_open(struct sppp *sp); 345static void sppp_ipcp_close(struct sppp *sp); 346static void sppp_ipcp_TO(void *sp); 347static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 348static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 349static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 350static void sppp_ipcp_tlu(struct sppp *sp); 351static void sppp_ipcp_tld(struct sppp *sp); 352static void sppp_ipcp_tls(struct sppp *sp); 353static void sppp_ipcp_tlf(struct sppp *sp); 354static void sppp_ipcp_scr(struct sppp *sp); 355 356static void sppp_ipv6cp_init(struct sppp *sp); 357static void sppp_ipv6cp_up(struct sppp *sp); 358static void sppp_ipv6cp_down(struct sppp *sp); 359static void sppp_ipv6cp_open(struct sppp *sp); 360static void sppp_ipv6cp_close(struct sppp *sp); 361static void sppp_ipv6cp_TO(void *sp); 362static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 363static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 364static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 365static void sppp_ipv6cp_tlu(struct sppp *sp); 366static void sppp_ipv6cp_tld(struct sppp *sp); 367static void sppp_ipv6cp_tls(struct sppp *sp); 368static void sppp_ipv6cp_tlf(struct sppp *sp); 369static void sppp_ipv6cp_scr(struct sppp *sp); 370 371static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 372static void sppp_pap_init(struct sppp *sp); 373static void sppp_pap_open(struct sppp *sp); 374static void sppp_pap_close(struct sppp *sp); 375static void sppp_pap_TO(void *sp); 376static void sppp_pap_my_TO(void *sp); 377static void sppp_pap_tlu(struct sppp *sp); 378static void sppp_pap_tld(struct sppp *sp); 379static void sppp_pap_scr(struct sppp *sp); 380 381static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 382static void sppp_chap_init(struct sppp *sp); 383static void sppp_chap_open(struct sppp *sp); 384static void sppp_chap_close(struct sppp *sp); 385static void sppp_chap_TO(void *sp); 386static void sppp_chap_tlu(struct sppp *sp); 387static void sppp_chap_tld(struct sppp *sp); 388static void sppp_chap_scr(struct sppp *sp); 389 390static const char *sppp_auth_type_name(u_short proto, u_char type); 391static const char *sppp_cp_type_name(u_char type); 392static const char *sppp_dotted_quad(u_long addr); 393static const char *sppp_ipcp_opt_name(u_char opt); 394#ifdef INET6 395static const char *sppp_ipv6cp_opt_name(u_char opt); 396#endif 397static const char *sppp_lcp_opt_name(u_char opt); 398static const char *sppp_phase_name(enum ppp_phase phase); 399static const char *sppp_proto_name(u_short proto); 400static const char *sppp_state_name(int state); 401static int sppp_params(struct sppp *sp, u_long cmd, void *data); 402static int sppp_strnlen(u_char *p, int max); 403static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 404 u_long *srcmask); 405static void sppp_keepalive(void *dummy); 406static void sppp_phase_network(struct sppp *sp); 407static void sppp_print_bytes(const u_char *p, u_short len); 408static void sppp_print_string(const char *p, u_short len); 409static void sppp_qflush(struct ifqueue *ifq); 410static void sppp_set_ip_addr(struct sppp *sp, u_long src); 411#ifdef INET6 412static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 413 struct in6_addr *dst, struct in6_addr *srcmask); 414#ifdef IPV6CP_MYIFID_DYN 415static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 416static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 417#endif 418static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 419#endif 420 421/* our control protocol descriptors */ 422static const struct cp lcp = { 423 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 424 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 425 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 426 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 427 sppp_lcp_scr 428}; 429 430static const struct cp ipcp = { 431 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp", 432 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 433 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 434 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 435 sppp_ipcp_scr 436}; 437 438static const struct cp ipv6cp = { 439 PPP_IPV6CP, IDX_IPV6CP, 440#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 441 CP_NCP, 442#else 443 0, 444#endif 445 "ipv6cp", 446 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 447 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 448 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 449 sppp_ipv6cp_scr 450}; 451 452static const struct cp pap = { 453 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 454 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 455 sppp_pap_TO, 0, 0, 0, 456 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 457 sppp_pap_scr 458}; 459 460static const struct cp chap = { 461 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 462 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 463 sppp_chap_TO, 0, 0, 0, 464 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 465 sppp_chap_scr 466}; 467 468static const struct cp *cps[IDX_COUNT] = { 469 &lcp, /* IDX_LCP */ 470 &ipcp, /* IDX_IPCP */ 471 &ipv6cp, /* IDX_IPV6CP */ 472 &pap, /* IDX_PAP */ 473 &chap, /* IDX_CHAP */ 474}; 475 476static int 477sppp_modevent(module_t mod, int type, void *unused) 478{ 479 switch (type) { 480 case MOD_LOAD: 481 break; 482 case MOD_UNLOAD: 483 return EACCES; 484 break; 485 default: 486 break; 487 } 488 return 0; 489} 490static moduledata_t spppmod = { 491 "sppp", 492 sppp_modevent, 493 0 494}; 495MODULE_VERSION(sppp, 1); 496DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 497 498/* 499 * Exported functions, comprising our interface to the lower layer. 500 */ 501 502/* 503 * Process the received packet. 504 */ 505void 506sppp_input(struct ifnet *ifp, struct mbuf *m) 507{ 508 struct ppp_header *h; 509 struct ifqueue *inq = 0; 510 struct sppp *sp = (struct sppp *)ifp; 511 int len; 512 int debug = ifp->if_flags & IFF_DEBUG; 513 514 if (ifp->if_flags & IFF_UP) 515 /* Count received bytes, add FCS and one flag */ 516 ifp->if_ibytes += m->m_pkthdr.len + 3; 517 518 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 519 /* Too small packet, drop it. */ 520 if (debug) 521 log(LOG_DEBUG, 522 SPP_FMT "input packet is too small, %d bytes\n", 523 SPP_ARGS(ifp), m->m_pkthdr.len); 524 drop: 525 ++ifp->if_ierrors; 526 ++ifp->if_iqdrops; 527 m_freem (m); 528 return; 529 } 530 531 /* Get PPP header. */ 532 h = mtod (m, struct ppp_header*); 533 m_adj (m, PPP_HEADER_LEN); 534 535 switch (h->address) { 536 case PPP_ALLSTATIONS: 537 if (h->control != PPP_UI) 538 goto invalid; 539 if (sp->pp_mode == IFF_CISCO) { 540 if (debug) 541 log(LOG_DEBUG, 542 SPP_FMT "PPP packet in Cisco mode " 543 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 544 SPP_ARGS(ifp), 545 h->address, h->control, ntohs(h->protocol)); 546 goto drop; 547 } 548 switch (ntohs (h->protocol)) { 549 default: 550 if (debug) 551 log(LOG_DEBUG, 552 SPP_FMT "rejecting protocol " 553 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 554 SPP_ARGS(ifp), 555 h->address, h->control, ntohs(h->protocol)); 556 if (sp->state[IDX_LCP] == STATE_OPENED) 557 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 558 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 559 &h->protocol); 560 ++ifp->if_noproto; 561 goto drop; 562 case PPP_LCP: 563 sppp_cp_input(&lcp, sp, m); 564 m_freem (m); 565 return; 566 case PPP_PAP: 567 if (sp->pp_phase >= PHASE_AUTHENTICATE) 568 sppp_pap_input(sp, m); 569 m_freem (m); 570 return; 571 case PPP_CHAP: 572 if (sp->pp_phase >= PHASE_AUTHENTICATE) 573 sppp_chap_input(sp, m); 574 m_freem (m); 575 return; 576#ifdef INET 577 case PPP_IPCP: 578 if (sp->pp_phase == PHASE_NETWORK) 579 sppp_cp_input(&ipcp, sp, m); 580 m_freem (m); 581 return; 582 case PPP_IP: 583 if (sp->state[IDX_IPCP] == STATE_OPENED) { 584 schednetisr (NETISR_IP); 585 inq = &ipintrq; 586 } 587 break; 588#endif 589#ifdef INET6 590 case PPP_IPV6CP: 591 if (sp->pp_phase == PHASE_NETWORK) 592 sppp_cp_input(&ipv6cp, sp, m); 593 m_freem (m); 594 return; 595 596 case PPP_IPV6: 597 if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 598 schednetisr (NETISR_IPV6); 599 inq = &ip6intrq; 600 } 601 break; 602 case PPP_VJ_COMP: 603 if (sp->state[IDX_IPCP] == STATE_OPENED) { 604 if ((len = 605 sl_uncompress_tcp((u_char **)&m->m_data, 606 m->m_len, 607 TYPE_COMPRESSED_TCP, 608 &sp->pp_comp)) <= 0) 609 goto drop; 610 m->m_len = m->m_pkthdr.len = len; 611 schednetisr (NETISR_IP); 612 inq = &ipintrq; 613 } 614 break; 615 case PPP_VJ_UCOMP: 616 if (sp->state[IDX_IPCP] == STATE_OPENED) { 617 if ((len = 618 sl_uncompress_tcp((u_char **)&m->m_data, 619 m->m_len, 620 TYPE_UNCOMPRESSED_TCP, 621 &sp->pp_comp)) <= 0) 622 goto drop; 623 m->m_len = m->m_pkthdr.len = len; 624 schednetisr (NETISR_IP); 625 inq = &ipintrq; 626 } 627 break; 628#endif 629#ifdef IPX 630 case PPP_IPX: 631 /* IPX IPXCP not implemented yet */ 632 if (sp->pp_phase == PHASE_NETWORK) { 633 schednetisr (NETISR_IPX); 634 inq = &ipxintrq; 635 } 636 break; 637#endif 638#ifdef NS 639 case PPP_XNS: 640 /* XNS IDPCP not implemented yet */ 641 if (sp->pp_phase == PHASE_NETWORK) { 642 schednetisr (NETISR_NS); 643 inq = &nsintrq; 644 } 645 break; 646#endif 647 } 648 break; 649 case CISCO_MULTICAST: 650 case CISCO_UNICAST: 651 /* Don't check the control field here (RFC 1547). */ 652 if (sp->pp_mode != IFF_CISCO) { 653 if (debug) 654 log(LOG_DEBUG, 655 SPP_FMT "Cisco packet in PPP mode " 656 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 657 SPP_ARGS(ifp), 658 h->address, h->control, ntohs(h->protocol)); 659 goto drop; 660 } 661 switch (ntohs (h->protocol)) { 662 default: 663 ++ifp->if_noproto; 664 goto invalid; 665 case CISCO_KEEPALIVE: 666 sppp_cisco_input ((struct sppp*) ifp, m); 667 m_freem (m); 668 return; 669#ifdef INET 670 case ETHERTYPE_IP: 671 schednetisr (NETISR_IP); 672 inq = &ipintrq; 673 break; 674#endif 675#ifdef INET6 676 case ETHERTYPE_IPV6: 677 schednetisr (NETISR_IPV6); 678 inq = &ip6intrq; 679 break; 680#endif 681#ifdef IPX 682 case ETHERTYPE_IPX: 683 schednetisr (NETISR_IPX); 684 inq = &ipxintrq; 685 break; 686#endif 687#ifdef NS 688 case ETHERTYPE_NS: 689 schednetisr (NETISR_NS); 690 inq = &nsintrq; 691 break; 692#endif 693 } 694 break; 695 default: /* Invalid PPP packet. */ 696 invalid: 697 if (debug) 698 log(LOG_DEBUG, 699 SPP_FMT "invalid input packet " 700 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 701 SPP_ARGS(ifp), 702 h->address, h->control, ntohs(h->protocol)); 703 goto drop; 704 } 705 706 if (! (ifp->if_flags & IFF_UP) || ! inq) 707 goto drop; 708 709 /* Check queue. */ 710 if (! IF_HANDOFF(inq, m, NULL)) { 711 if (debug) 712 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 713 SPP_ARGS(ifp)); 714 goto drop; 715 } 716} 717 718/* 719 * Enqueue transmit packet. 720 */ 721static int 722sppp_output(struct ifnet *ifp, struct mbuf *m, 723 struct sockaddr *dst, struct rtentry *rt) 724{ 725 struct sppp *sp = (struct sppp*) ifp; 726 struct ppp_header *h; 727 struct ifqueue *ifq = NULL; 728 int s, rv = 0; 729 int ipproto = PPP_IP; 730 int debug = ifp->if_flags & IFF_DEBUG; 731 732 s = splimp(); 733 734 if ((ifp->if_flags & IFF_UP) == 0 || 735 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 736 m_freem (m); 737 splx (s); 738 return (ENETDOWN); 739 } 740 741 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 742 /* 743 * Interface is not yet running, but auto-dial. Need 744 * to start LCP for it. 745 */ 746 ifp->if_flags |= IFF_RUNNING; 747 splx(s); 748 lcp.Open(sp); 749 s = splimp(); 750 } 751 752 ifq = &ifp->if_snd; 753#ifdef INET 754 if (dst->sa_family == AF_INET) { 755 /* XXX Check mbuf length here? */ 756 struct ip *ip = mtod (m, struct ip*); 757 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 758 759 /* 760 * When using dynamic local IP address assignment by using 761 * 0.0.0.0 as a local address, the first TCP session will 762 * not connect because the local TCP checksum is computed 763 * using 0.0.0.0 which will later become our real IP address 764 * so the TCP checksum computed at the remote end will 765 * become invalid. So we 766 * - don't let packets with src ip addr 0 thru 767 * - we flag TCP packets with src ip 0 as an error 768 */ 769 770 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 771 { 772 m_freem(m); 773 splx(s); 774 if(ip->ip_p == IPPROTO_TCP) 775 return(EADDRNOTAVAIL); 776 else 777 return(0); 778 } 779 780 /* 781 * Put low delay, telnet, rlogin and ftp control packets 782 * in front of the queue. 783 */ 784 if (_IF_QFULL(&sp->pp_fastq)) 785 ; 786 else if (ip->ip_tos & IPTOS_LOWDELAY) 787 ifq = &sp->pp_fastq; 788 else if (m->m_len < sizeof *ip + sizeof *tcp) 789 ; 790 else if (ip->ip_p != IPPROTO_TCP) 791 ; 792 else if (INTERACTIVE (ntohs (tcp->th_sport))) 793 ifq = &sp->pp_fastq; 794 else if (INTERACTIVE (ntohs (tcp->th_dport))) 795 ifq = &sp->pp_fastq; 796 797 /* 798 * Do IP Header compression 799 */ 800 if (sp->pp_mode != IFF_CISCO && (sp->ipcp.flags & IPCP_VJ) && 801 ip->ip_p == IPPROTO_TCP) 802 switch (sl_compress_tcp(m, ip, &sp->pp_comp, 803 sp->ipcp.compress_cid)) { 804 case TYPE_COMPRESSED_TCP: 805 ipproto = PPP_VJ_COMP; 806 break; 807 case TYPE_UNCOMPRESSED_TCP: 808 ipproto = PPP_VJ_UCOMP; 809 break; 810 case TYPE_IP: 811 ipproto = PPP_IP; 812 break; 813 default: 814 m_freem(m); 815 splx(s); 816 return (EINVAL); 817 } 818 } 819#endif 820 821#ifdef INET6 822 if (dst->sa_family == AF_INET6) { 823 /* XXX do something tricky here? */ 824 } 825#endif 826 827 /* 828 * Prepend general data packet PPP header. For now, IP only. 829 */ 830 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 831 if (! m) { 832 if (debug) 833 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 834 SPP_ARGS(ifp)); 835 ++ifp->if_oerrors; 836 splx (s); 837 return (ENOBUFS); 838 } 839 /* 840 * May want to check size of packet 841 * (albeit due to the implementation it's always enough) 842 */ 843 h = mtod (m, struct ppp_header*); 844 if (sp->pp_mode == IFF_CISCO) { 845 h->address = CISCO_UNICAST; /* unicast address */ 846 h->control = 0; 847 } else { 848 h->address = PPP_ALLSTATIONS; /* broadcast address */ 849 h->control = PPP_UI; /* Unnumbered Info */ 850 } 851 852 switch (dst->sa_family) { 853#ifdef INET 854 case AF_INET: /* Internet Protocol */ 855 if (sp->pp_mode == IFF_CISCO) 856 h->protocol = htons (ETHERTYPE_IP); 857 else { 858 /* 859 * Don't choke with an ENETDOWN early. It's 860 * possible that we just started dialing out, 861 * so don't drop the packet immediately. If 862 * we notice that we run out of buffer space 863 * below, we will however remember that we are 864 * not ready to carry IP packets, and return 865 * ENETDOWN, as opposed to ENOBUFS. 866 */ 867 h->protocol = htons(ipproto); 868 if (sp->state[IDX_IPCP] != STATE_OPENED) 869 rv = ENETDOWN; 870 } 871 break; 872#endif 873#ifdef INET6 874 case AF_INET6: /* Internet Protocol */ 875 if (sp->pp_mode == IFF_CISCO) 876 h->protocol = htons (ETHERTYPE_IPV6); 877 else { 878 /* 879 * Don't choke with an ENETDOWN early. It's 880 * possible that we just started dialing out, 881 * so don't drop the packet immediately. If 882 * we notice that we run out of buffer space 883 * below, we will however remember that we are 884 * not ready to carry IP packets, and return 885 * ENETDOWN, as opposed to ENOBUFS. 886 */ 887 h->protocol = htons(PPP_IPV6); 888 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 889 rv = ENETDOWN; 890 } 891 break; 892#endif 893#ifdef NS 894 case AF_NS: /* Xerox NS Protocol */ 895 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 896 ETHERTYPE_NS : PPP_XNS); 897 break; 898#endif 899#ifdef IPX 900 case AF_IPX: /* Novell IPX Protocol */ 901 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 902 ETHERTYPE_IPX : PPP_IPX); 903 break; 904#endif 905 default: 906 m_freem (m); 907 ++ifp->if_oerrors; 908 splx (s); 909 return (EAFNOSUPPORT); 910 } 911 912 /* 913 * Queue message on interface, and start output if interface 914 * not yet active. Also adjust output byte count. 915 * The packet length includes header, FCS and 1 flag, 916 * according to RFC 1333. 917 */ 918 if (! IF_HANDOFF_ADJ(ifq, m, ifp, 3)) { 919 ++ifp->if_oerrors; 920 return (rv? rv: ENOBUFS); 921 } 922 return (0); 923} 924 925void 926sppp_attach(struct ifnet *ifp) 927{ 928 struct sppp *sp = (struct sppp*) ifp; 929 930 /* Initialize keepalive handler. */ 931 if (! spppq) 932 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 933 934 /* Insert new entry into the keepalive list. */ 935 sp->pp_next = spppq; 936 spppq = sp; 937 938 sp->pp_if.if_mtu = PP_MTU; 939 sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 940 sp->pp_if.if_type = IFT_PPP; 941 sp->pp_if.if_output = sppp_output; 942#if 0 943 sp->pp_flags = PP_KEEPALIVE; 944#endif 945 sp->pp_if.if_snd.ifq_maxlen = 32; 946 sp->pp_fastq.ifq_maxlen = 32; 947 sp->pp_cpq.ifq_maxlen = 20; 948 sp->pp_loopcnt = 0; 949 sp->pp_alivecnt = 0; 950 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 951 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 952 sp->pp_phase = PHASE_DEAD; 953 sp->pp_up = lcp.Up; 954 sp->pp_down = lcp.Down; 955 mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", MTX_DEF); 956 mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", MTX_DEF); 957 sp->enable_vj = 1; 958 sl_compress_init(&sp->pp_comp, -1); 959 sppp_lcp_init(sp); 960 sppp_ipcp_init(sp); 961 sppp_ipv6cp_init(sp); 962 sppp_pap_init(sp); 963 sppp_chap_init(sp); 964} 965 966void 967sppp_detach(struct ifnet *ifp) 968{ 969 struct sppp **q, *p, *sp = (struct sppp*) ifp; 970 int i; 971 972 /* Remove the entry from the keepalive list. */ 973 for (q = &spppq; (p = *q); q = &p->pp_next) 974 if (p == sp) { 975 *q = p->pp_next; 976 break; 977 } 978 979 /* Stop keepalive handler. */ 980 if (! spppq) 981 UNTIMEOUT(sppp_keepalive, 0, keepalive_ch); 982 983 for (i = 0; i < IDX_COUNT; i++) 984 UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]); 985 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 986 mtx_destroy(&sp->pp_cpq.ifq_mtx); 987 mtx_destroy(&sp->pp_fastq.ifq_mtx); 988} 989 990/* 991 * Flush the interface output queue. 992 */ 993void 994sppp_flush(struct ifnet *ifp) 995{ 996 struct sppp *sp = (struct sppp*) ifp; 997 998 sppp_qflush (&sp->pp_if.if_snd); 999 sppp_qflush (&sp->pp_fastq); 1000 sppp_qflush (&sp->pp_cpq); 1001} 1002 1003/* 1004 * Check if the output queue is empty. 1005 */ 1006int 1007sppp_isempty(struct ifnet *ifp) 1008{ 1009 struct sppp *sp = (struct sppp*) ifp; 1010 int empty, s; 1011 1012 s = splimp(); 1013 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 1014 !sp->pp_if.if_snd.ifq_head; 1015 splx(s); 1016 return (empty); 1017} 1018 1019/* 1020 * Get next packet to send. 1021 */ 1022struct mbuf * 1023sppp_dequeue(struct ifnet *ifp) 1024{ 1025 struct sppp *sp = (struct sppp*) ifp; 1026 struct mbuf *m; 1027 int s; 1028 1029 s = splimp(); 1030 /* 1031 * Process only the control protocol queue until we have at 1032 * least one NCP open. 1033 * 1034 * Do always serve all three queues in Cisco mode. 1035 */ 1036 IF_DEQUEUE(&sp->pp_cpq, m); 1037 if (m == NULL && 1038 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO)) { 1039 IF_DEQUEUE(&sp->pp_fastq, m); 1040 if (m == NULL) 1041 IF_DEQUEUE (&sp->pp_if.if_snd, m); 1042 } 1043 splx(s); 1044 return m; 1045} 1046 1047/* 1048 * Pick the next packet, do not remove it from the queue. 1049 */ 1050struct mbuf * 1051sppp_pick(struct ifnet *ifp) 1052{ 1053 struct sppp *sp = (struct sppp*)ifp; 1054 struct mbuf *m; 1055 int s; 1056 1057 s= splimp (); 1058 1059 m = sp->pp_cpq.ifq_head; 1060 if (m == NULL && 1061 (sp->pp_phase == PHASE_NETWORK || sp->pp_mode == IFF_CISCO)) 1062 if ((m = sp->pp_fastq.ifq_head) == NULL) 1063 m = sp->pp_if.if_snd.ifq_head; 1064 splx (s); 1065 return (m); 1066} 1067 1068/* 1069 * Process an ioctl request. Called on low priority level. 1070 */ 1071int 1072sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1073{ 1074 struct ifreq *ifr = (struct ifreq*) data; 1075 struct sppp *sp = (struct sppp*) ifp; 1076 int s, rv, going_up, going_down, newmode; 1077 1078 s = splimp(); 1079 rv = 0; 1080 switch (cmd) { 1081 case SIOCAIFADDR: 1082 case SIOCSIFDSTADDR: 1083 break; 1084 1085 case SIOCSIFADDR: 1086 /* set the interface "up" when assigning an IP address */ 1087 ifp->if_flags |= IFF_UP; 1088 /* fall through... */ 1089 1090 case SIOCSIFFLAGS: 1091 going_up = ifp->if_flags & IFF_UP && 1092 (ifp->if_flags & IFF_RUNNING) == 0; 1093 going_down = (ifp->if_flags & IFF_UP) == 0 && 1094 ifp->if_flags & IFF_RUNNING; 1095 1096 newmode = ifp->if_flags & IFF_PASSIVE; 1097 if (!newmode) 1098 newmode = ifp->if_flags & IFF_AUTO; 1099 if (!newmode) 1100 newmode = ifp->if_flags & IFF_CISCO; 1101 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1102 ifp->if_flags |= newmode; 1103 1104 if (newmode != sp->pp_mode) { 1105 going_down = 1; 1106 if (!going_up) 1107 going_up = ifp->if_flags & IFF_RUNNING; 1108 } 1109 1110 if (going_down) { 1111 if (sp->pp_mode != IFF_CISCO) 1112 lcp.Close(sp); 1113 else if (sp->pp_tlf) 1114 (sp->pp_tlf)(sp); 1115 sppp_flush(ifp); 1116 ifp->if_flags &= ~IFF_RUNNING; 1117 sp->pp_mode = newmode; 1118 } 1119 1120 if (going_up) { 1121 if (sp->pp_mode != IFF_CISCO) 1122 lcp.Close(sp); 1123 sp->pp_mode = newmode; 1124 if (sp->pp_mode == 0) { 1125 ifp->if_flags |= IFF_RUNNING; 1126 lcp.Open(sp); 1127 } 1128 if (sp->pp_mode == IFF_CISCO) { 1129 if (sp->pp_tls) 1130 (sp->pp_tls)(sp); 1131 ifp->if_flags |= IFF_RUNNING; 1132 } 1133 } 1134 1135 break; 1136 1137#ifdef SIOCSIFMTU 1138#ifndef ifr_mtu 1139#define ifr_mtu ifr_metric 1140#endif 1141 case SIOCSIFMTU: 1142 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1143 return (EINVAL); 1144 ifp->if_mtu = ifr->ifr_mtu; 1145 break; 1146#endif 1147#ifdef SLIOCSETMTU 1148 case SLIOCSETMTU: 1149 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1150 return (EINVAL); 1151 ifp->if_mtu = *(short*)data; 1152 break; 1153#endif 1154#ifdef SIOCGIFMTU 1155 case SIOCGIFMTU: 1156 ifr->ifr_mtu = ifp->if_mtu; 1157 break; 1158#endif 1159#ifdef SLIOCGETMTU 1160 case SLIOCGETMTU: 1161 *(short*)data = ifp->if_mtu; 1162 break; 1163#endif 1164 case SIOCADDMULTI: 1165 case SIOCDELMULTI: 1166 break; 1167 1168 case SIOCGIFGENERIC: 1169 case SIOCSIFGENERIC: 1170 rv = sppp_params(sp, cmd, data); 1171 break; 1172 1173 default: 1174 rv = ENOTTY; 1175 } 1176 splx(s); 1177 return rv; 1178} 1179 1180/* 1181 * Cisco framing implementation. 1182 */ 1183 1184/* 1185 * Handle incoming Cisco keepalive protocol packets. 1186 */ 1187static void 1188sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1189{ 1190 STDDCL; 1191 struct cisco_packet *h; 1192 u_long me, mymask; 1193 1194 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1195 if (debug) 1196 log(LOG_DEBUG, 1197 SPP_FMT "cisco invalid packet length: %d bytes\n", 1198 SPP_ARGS(ifp), m->m_pkthdr.len); 1199 return; 1200 } 1201 h = mtod (m, struct cisco_packet*); 1202 if (debug) 1203 log(LOG_DEBUG, 1204 SPP_FMT "cisco input: %d bytes " 1205 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1206 SPP_ARGS(ifp), m->m_pkthdr.len, 1207 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1208 (u_int)h->time0, (u_int)h->time1); 1209 switch (ntohl (h->type)) { 1210 default: 1211 if (debug) 1212 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1213 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1214 break; 1215 case CISCO_ADDR_REPLY: 1216 /* Reply on address request, ignore */ 1217 break; 1218 case CISCO_KEEPALIVE_REQ: 1219 sp->pp_alivecnt = 0; 1220 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1221 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1222 /* Local and remote sequence numbers are equal. 1223 * Probably, the line is in loopback mode. */ 1224 if (sp->pp_loopcnt >= MAXALIVECNT) { 1225 printf (SPP_FMT "loopback\n", 1226 SPP_ARGS(ifp)); 1227 sp->pp_loopcnt = 0; 1228 if (ifp->if_flags & IFF_UP) { 1229 if_down (ifp); 1230 sppp_qflush (&sp->pp_cpq); 1231 } 1232 } 1233 ++sp->pp_loopcnt; 1234 1235 /* Generate new local sequence number */ 1236#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1237 sp->pp_seq[IDX_LCP] = random(); 1238#else 1239 sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec; 1240#endif 1241 break; 1242 } 1243 sp->pp_loopcnt = 0; 1244 if (! (ifp->if_flags & IFF_UP) && 1245 (ifp->if_flags & IFF_RUNNING)) { 1246 if_up(ifp); 1247 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1248 } 1249 break; 1250 case CISCO_ADDR_REQ: 1251 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1252 if (me != 0L) 1253 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1254 break; 1255 } 1256} 1257 1258/* 1259 * Send Cisco keepalive packet. 1260 */ 1261static void 1262sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1263{ 1264 STDDCL; 1265 struct ppp_header *h; 1266 struct cisco_packet *ch; 1267 struct mbuf *m; 1268#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1269 struct timeval tv; 1270#else 1271 u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1272#endif 1273 1274#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1275 getmicrouptime(&tv); 1276#endif 1277 1278 MGETHDR (m, M_DONTWAIT, MT_DATA); 1279 if (! m) 1280 return; 1281 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1282 m->m_pkthdr.rcvif = 0; 1283 1284 h = mtod (m, struct ppp_header*); 1285 h->address = CISCO_MULTICAST; 1286 h->control = 0; 1287 h->protocol = htons (CISCO_KEEPALIVE); 1288 1289 ch = (struct cisco_packet*) (h + 1); 1290 ch->type = htonl (type); 1291 ch->par1 = htonl (par1); 1292 ch->par2 = htonl (par2); 1293 ch->rel = -1; 1294 1295#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1296 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1297 ch->time1 = htons ((u_short) tv.tv_sec); 1298#else 1299 ch->time0 = htons ((u_short) (t >> 16)); 1300 ch->time1 = htons ((u_short) t); 1301#endif 1302 1303 if (debug) 1304 log(LOG_DEBUG, 1305 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1306 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1307 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1308 1309 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1310 ifp->if_oerrors++; 1311} 1312 1313/* 1314 * PPP protocol implementation. 1315 */ 1316 1317/* 1318 * Send PPP control protocol packet. 1319 */ 1320static void 1321sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1322 u_char ident, u_short len, void *data) 1323{ 1324 STDDCL; 1325 struct ppp_header *h; 1326 struct lcp_header *lh; 1327 struct mbuf *m; 1328 1329 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1330 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1331 MGETHDR (m, M_DONTWAIT, MT_DATA); 1332 if (! m) 1333 return; 1334 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1335 m->m_pkthdr.rcvif = 0; 1336 1337 h = mtod (m, struct ppp_header*); 1338 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1339 h->control = PPP_UI; /* Unnumbered Info */ 1340 h->protocol = htons (proto); /* Link Control Protocol */ 1341 1342 lh = (struct lcp_header*) (h + 1); 1343 lh->type = type; 1344 lh->ident = ident; 1345 lh->len = htons (LCP_HEADER_LEN + len); 1346 if (len) 1347 bcopy (data, lh+1, len); 1348 1349 if (debug) { 1350 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1351 SPP_ARGS(ifp), 1352 sppp_proto_name(proto), 1353 sppp_cp_type_name (lh->type), lh->ident, 1354 ntohs (lh->len)); 1355 sppp_print_bytes ((u_char*) (lh+1), len); 1356 log(-1, ">\n"); 1357 } 1358 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1359 ifp->if_oerrors++; 1360} 1361 1362/* 1363 * Handle incoming PPP control protocol packets. 1364 */ 1365static void 1366sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1367{ 1368 STDDCL; 1369 struct lcp_header *h; 1370 int len = m->m_pkthdr.len; 1371 int rv; 1372 u_char *p; 1373 1374 if (len < 4) { 1375 if (debug) 1376 log(LOG_DEBUG, 1377 SPP_FMT "%s invalid packet length: %d bytes\n", 1378 SPP_ARGS(ifp), cp->name, len); 1379 return; 1380 } 1381 h = mtod (m, struct lcp_header*); 1382 if (debug) { 1383 log(LOG_DEBUG, 1384 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1385 SPP_ARGS(ifp), cp->name, 1386 sppp_state_name(sp->state[cp->protoidx]), 1387 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1388 sppp_print_bytes ((u_char*) (h+1), len-4); 1389 log(-1, ">\n"); 1390 } 1391 if (len > ntohs (h->len)) 1392 len = ntohs (h->len); 1393 p = (u_char *)(h + 1); 1394 switch (h->type) { 1395 case CONF_REQ: 1396 if (len < 4) { 1397 if (debug) 1398 log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1399 SPP_ARGS(ifp), cp->name, 1400 len); 1401 ++ifp->if_ierrors; 1402 break; 1403 } 1404 /* handle states where RCR doesn't get a SCA/SCN */ 1405 switch (sp->state[cp->protoidx]) { 1406 case STATE_CLOSING: 1407 case STATE_STOPPING: 1408 return; 1409 case STATE_CLOSED: 1410 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1411 0, 0); 1412 return; 1413 } 1414 rv = (cp->RCR)(sp, h, len); 1415 switch (sp->state[cp->protoidx]) { 1416 case STATE_OPENED: 1417 (cp->tld)(sp); 1418 (cp->scr)(sp); 1419 /* fall through... */ 1420 case STATE_ACK_SENT: 1421 case STATE_REQ_SENT: 1422 /* 1423 * sppp_cp_change_state() have the side effect of 1424 * restarting the timeouts. We want to avoid that 1425 * if the state don't change, otherwise we won't 1426 * ever timeout and resend a configuration request 1427 * that got lost. 1428 */ 1429 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1430 STATE_REQ_SENT)) 1431 break; 1432 sppp_cp_change_state(cp, sp, rv? 1433 STATE_ACK_SENT: STATE_REQ_SENT); 1434 break; 1435 case STATE_STOPPED: 1436 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1437 (cp->scr)(sp); 1438 sppp_cp_change_state(cp, sp, rv? 1439 STATE_ACK_SENT: STATE_REQ_SENT); 1440 break; 1441 case STATE_ACK_RCVD: 1442 if (rv) { 1443 sppp_cp_change_state(cp, sp, STATE_OPENED); 1444 if (debug) 1445 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1446 SPP_ARGS(ifp), 1447 cp->name); 1448 (cp->tlu)(sp); 1449 } else 1450 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1451 break; 1452 default: 1453 printf(SPP_FMT "%s illegal %s in state %s\n", 1454 SPP_ARGS(ifp), cp->name, 1455 sppp_cp_type_name(h->type), 1456 sppp_state_name(sp->state[cp->protoidx])); 1457 ++ifp->if_ierrors; 1458 } 1459 break; 1460 case CONF_ACK: 1461 if (h->ident != sp->confid[cp->protoidx]) { 1462 if (debug) 1463 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1464 SPP_ARGS(ifp), cp->name, 1465 h->ident, sp->confid[cp->protoidx]); 1466 ++ifp->if_ierrors; 1467 break; 1468 } 1469 switch (sp->state[cp->protoidx]) { 1470 case STATE_CLOSED: 1471 case STATE_STOPPED: 1472 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1473 break; 1474 case STATE_CLOSING: 1475 case STATE_STOPPING: 1476 break; 1477 case STATE_REQ_SENT: 1478 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1479 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1480 break; 1481 case STATE_OPENED: 1482 (cp->tld)(sp); 1483 /* fall through */ 1484 case STATE_ACK_RCVD: 1485 (cp->scr)(sp); 1486 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1487 break; 1488 case STATE_ACK_SENT: 1489 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1490 sppp_cp_change_state(cp, sp, STATE_OPENED); 1491 if (debug) 1492 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1493 SPP_ARGS(ifp), cp->name); 1494 (cp->tlu)(sp); 1495 break; 1496 default: 1497 printf(SPP_FMT "%s illegal %s in state %s\n", 1498 SPP_ARGS(ifp), cp->name, 1499 sppp_cp_type_name(h->type), 1500 sppp_state_name(sp->state[cp->protoidx])); 1501 ++ifp->if_ierrors; 1502 } 1503 break; 1504 case CONF_NAK: 1505 case CONF_REJ: 1506 if (h->ident != sp->confid[cp->protoidx]) { 1507 if (debug) 1508 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1509 SPP_ARGS(ifp), cp->name, 1510 h->ident, sp->confid[cp->protoidx]); 1511 ++ifp->if_ierrors; 1512 break; 1513 } 1514 if (h->type == CONF_NAK) 1515 (cp->RCN_nak)(sp, h, len); 1516 else /* CONF_REJ */ 1517 (cp->RCN_rej)(sp, h, len); 1518 1519 switch (sp->state[cp->protoidx]) { 1520 case STATE_CLOSED: 1521 case STATE_STOPPED: 1522 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1523 break; 1524 case STATE_REQ_SENT: 1525 case STATE_ACK_SENT: 1526 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1527 /* 1528 * Slow things down a bit if we think we might be 1529 * in loopback. Depend on the timeout to send the 1530 * next configuration request. 1531 */ 1532 if (sp->pp_loopcnt) 1533 break; 1534 (cp->scr)(sp); 1535 break; 1536 case STATE_OPENED: 1537 (cp->tld)(sp); 1538 /* fall through */ 1539 case STATE_ACK_RCVD: 1540 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1541 (cp->scr)(sp); 1542 break; 1543 case STATE_CLOSING: 1544 case STATE_STOPPING: 1545 break; 1546 default: 1547 printf(SPP_FMT "%s illegal %s in state %s\n", 1548 SPP_ARGS(ifp), cp->name, 1549 sppp_cp_type_name(h->type), 1550 sppp_state_name(sp->state[cp->protoidx])); 1551 ++ifp->if_ierrors; 1552 } 1553 break; 1554 1555 case TERM_REQ: 1556 switch (sp->state[cp->protoidx]) { 1557 case STATE_ACK_RCVD: 1558 case STATE_ACK_SENT: 1559 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1560 /* fall through */ 1561 case STATE_CLOSED: 1562 case STATE_STOPPED: 1563 case STATE_CLOSING: 1564 case STATE_STOPPING: 1565 case STATE_REQ_SENT: 1566 sta: 1567 /* Send Terminate-Ack packet. */ 1568 if (debug) 1569 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1570 SPP_ARGS(ifp), cp->name); 1571 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1572 break; 1573 case STATE_OPENED: 1574 (cp->tld)(sp); 1575 sp->rst_counter[cp->protoidx] = 0; 1576 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1577 goto sta; 1578 break; 1579 default: 1580 printf(SPP_FMT "%s illegal %s in state %s\n", 1581 SPP_ARGS(ifp), cp->name, 1582 sppp_cp_type_name(h->type), 1583 sppp_state_name(sp->state[cp->protoidx])); 1584 ++ifp->if_ierrors; 1585 } 1586 break; 1587 case TERM_ACK: 1588 switch (sp->state[cp->protoidx]) { 1589 case STATE_CLOSED: 1590 case STATE_STOPPED: 1591 case STATE_REQ_SENT: 1592 case STATE_ACK_SENT: 1593 break; 1594 case STATE_CLOSING: 1595 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1596 (cp->tlf)(sp); 1597 break; 1598 case STATE_STOPPING: 1599 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1600 (cp->tlf)(sp); 1601 break; 1602 case STATE_ACK_RCVD: 1603 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1604 break; 1605 case STATE_OPENED: 1606 (cp->tld)(sp); 1607 (cp->scr)(sp); 1608 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1609 break; 1610 default: 1611 printf(SPP_FMT "%s illegal %s in state %s\n", 1612 SPP_ARGS(ifp), cp->name, 1613 sppp_cp_type_name(h->type), 1614 sppp_state_name(sp->state[cp->protoidx])); 1615 ++ifp->if_ierrors; 1616 } 1617 break; 1618 case CODE_REJ: 1619 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1620 log(LOG_INFO, 1621 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1622 "danger will robinson\n", 1623 SPP_ARGS(ifp), cp->name, 1624 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1625 switch (sp->state[cp->protoidx]) { 1626 case STATE_CLOSED: 1627 case STATE_STOPPED: 1628 case STATE_REQ_SENT: 1629 case STATE_ACK_SENT: 1630 case STATE_CLOSING: 1631 case STATE_STOPPING: 1632 case STATE_OPENED: 1633 break; 1634 case STATE_ACK_RCVD: 1635 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1636 break; 1637 default: 1638 printf(SPP_FMT "%s illegal %s in state %s\n", 1639 SPP_ARGS(ifp), cp->name, 1640 sppp_cp_type_name(h->type), 1641 sppp_state_name(sp->state[cp->protoidx])); 1642 ++ifp->if_ierrors; 1643 } 1644 break; 1645 case PROTO_REJ: 1646 { 1647 int catastrophic; 1648 const struct cp *upper; 1649 int i; 1650 u_int16_t proto; 1651 1652 catastrophic = 0; 1653 upper = NULL; 1654 proto = ntohs(*((u_int16_t *)p)); 1655 for (i = 0; i < IDX_COUNT; i++) { 1656 if (cps[i]->proto == proto) { 1657 upper = cps[i]; 1658 break; 1659 } 1660 } 1661 if (upper == NULL) 1662 catastrophic++; 1663 1664 if (catastrophic || debug) 1665 log(catastrophic? LOG_INFO: LOG_DEBUG, 1666 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1667 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1668 sppp_cp_type_name(h->type), proto, 1669 upper ? upper->name : "unknown", 1670 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1671 1672 /* 1673 * if we got RXJ+ against conf-req, the peer does not implement 1674 * this particular protocol type. terminate the protocol. 1675 */ 1676 if (upper && !catastrophic) { 1677 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1678 upper->Close(sp); 1679 break; 1680 } 1681 } 1682 1683 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1684 switch (sp->state[cp->protoidx]) { 1685 case STATE_CLOSED: 1686 case STATE_STOPPED: 1687 case STATE_REQ_SENT: 1688 case STATE_ACK_SENT: 1689 case STATE_CLOSING: 1690 case STATE_STOPPING: 1691 case STATE_OPENED: 1692 break; 1693 case STATE_ACK_RCVD: 1694 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1695 break; 1696 default: 1697 printf(SPP_FMT "%s illegal %s in state %s\n", 1698 SPP_ARGS(ifp), cp->name, 1699 sppp_cp_type_name(h->type), 1700 sppp_state_name(sp->state[cp->protoidx])); 1701 ++ifp->if_ierrors; 1702 } 1703 break; 1704 } 1705 case DISC_REQ: 1706 if (cp->proto != PPP_LCP) 1707 goto illegal; 1708 /* Discard the packet. */ 1709 break; 1710 case ECHO_REQ: 1711 if (cp->proto != PPP_LCP) 1712 goto illegal; 1713 if (sp->state[cp->protoidx] != STATE_OPENED) { 1714 if (debug) 1715 log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1716 SPP_ARGS(ifp)); 1717 ++ifp->if_ierrors; 1718 break; 1719 } 1720 if (len < 8) { 1721 if (debug) 1722 log(-1, SPP_FMT "invalid lcp echo request " 1723 "packet length: %d bytes\n", 1724 SPP_ARGS(ifp), len); 1725 break; 1726 } 1727 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1728 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1729 /* Line loopback mode detected. */ 1730 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1731 sp->pp_loopcnt = MAXALIVECNT * 5; 1732 if_down (ifp); 1733 sppp_qflush (&sp->pp_cpq); 1734 1735 /* Shut down the PPP link. */ 1736 /* XXX */ 1737 lcp.Down(sp); 1738 lcp.Up(sp); 1739 break; 1740 } 1741 *(long*)(h+1) = htonl (sp->lcp.magic); 1742 if (debug) 1743 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1744 SPP_ARGS(ifp)); 1745 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1746 break; 1747 case ECHO_REPLY: 1748 if (cp->proto != PPP_LCP) 1749 goto illegal; 1750 if (h->ident != sp->lcp.echoid) { 1751 ++ifp->if_ierrors; 1752 break; 1753 } 1754 if (len < 8) { 1755 if (debug) 1756 log(-1, SPP_FMT "lcp invalid echo reply " 1757 "packet length: %d bytes\n", 1758 SPP_ARGS(ifp), len); 1759 break; 1760 } 1761 if (debug) 1762 log(-1, SPP_FMT "lcp got echo rep\n", 1763 SPP_ARGS(ifp)); 1764 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1765 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1766 sp->pp_alivecnt = 0; 1767 break; 1768 default: 1769 /* Unknown packet type -- send Code-Reject packet. */ 1770 illegal: 1771 if (debug) 1772 log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1773 SPP_ARGS(ifp), cp->name, h->type); 1774 sppp_cp_send(sp, cp->proto, CODE_REJ, 1775 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1776 ++ifp->if_ierrors; 1777 } 1778} 1779 1780 1781/* 1782 * The generic part of all Up/Down/Open/Close/TO event handlers. 1783 * Basically, the state transition handling in the automaton. 1784 */ 1785static void 1786sppp_up_event(const struct cp *cp, struct sppp *sp) 1787{ 1788 STDDCL; 1789 1790 if (debug) 1791 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1792 SPP_ARGS(ifp), cp->name, 1793 sppp_state_name(sp->state[cp->protoidx])); 1794 1795 switch (sp->state[cp->protoidx]) { 1796 case STATE_INITIAL: 1797 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1798 break; 1799 case STATE_STARTING: 1800 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1801 (cp->scr)(sp); 1802 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1803 break; 1804 default: 1805 printf(SPP_FMT "%s illegal up in state %s\n", 1806 SPP_ARGS(ifp), cp->name, 1807 sppp_state_name(sp->state[cp->protoidx])); 1808 } 1809} 1810 1811static void 1812sppp_down_event(const struct cp *cp, struct sppp *sp) 1813{ 1814 STDDCL; 1815 1816 if (debug) 1817 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1818 SPP_ARGS(ifp), cp->name, 1819 sppp_state_name(sp->state[cp->protoidx])); 1820 1821 switch (sp->state[cp->protoidx]) { 1822 case STATE_CLOSED: 1823 case STATE_CLOSING: 1824 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1825 break; 1826 case STATE_STOPPED: 1827 sppp_cp_change_state(cp, sp, STATE_STARTING); 1828 (cp->tls)(sp); 1829 break; 1830 case STATE_STOPPING: 1831 case STATE_REQ_SENT: 1832 case STATE_ACK_RCVD: 1833 case STATE_ACK_SENT: 1834 sppp_cp_change_state(cp, sp, STATE_STARTING); 1835 break; 1836 case STATE_OPENED: 1837 (cp->tld)(sp); 1838 sppp_cp_change_state(cp, sp, STATE_STARTING); 1839 break; 1840 default: 1841 printf(SPP_FMT "%s illegal down in state %s\n", 1842 SPP_ARGS(ifp), cp->name, 1843 sppp_state_name(sp->state[cp->protoidx])); 1844 } 1845} 1846 1847 1848static void 1849sppp_open_event(const struct cp *cp, struct sppp *sp) 1850{ 1851 STDDCL; 1852 1853 if (debug) 1854 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1855 SPP_ARGS(ifp), cp->name, 1856 sppp_state_name(sp->state[cp->protoidx])); 1857 1858 switch (sp->state[cp->protoidx]) { 1859 case STATE_INITIAL: 1860 sppp_cp_change_state(cp, sp, STATE_STARTING); 1861 (cp->tls)(sp); 1862 break; 1863 case STATE_STARTING: 1864 break; 1865 case STATE_CLOSED: 1866 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1867 (cp->scr)(sp); 1868 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1869 break; 1870 case STATE_STOPPED: 1871 /* 1872 * Try escaping stopped state. This seems to bite 1873 * people occasionally, in particular for IPCP, 1874 * presumably following previous IPCP negotiation 1875 * aborts. Somehow, we must have missed a Down event 1876 * which would have caused a transition into starting 1877 * state, so as a bandaid we force the Down event now. 1878 * This effectively implements (something like the) 1879 * `restart' option mentioned in the state transition 1880 * table of RFC 1661. 1881 */ 1882 sppp_cp_change_state(cp, sp, STATE_STARTING); 1883 (cp->tls)(sp); 1884 break; 1885 case STATE_STOPPING: 1886 case STATE_REQ_SENT: 1887 case STATE_ACK_RCVD: 1888 case STATE_ACK_SENT: 1889 case STATE_OPENED: 1890 break; 1891 case STATE_CLOSING: 1892 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1893 break; 1894 } 1895} 1896 1897 1898static void 1899sppp_close_event(const struct cp *cp, struct sppp *sp) 1900{ 1901 STDDCL; 1902 1903 if (debug) 1904 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1905 SPP_ARGS(ifp), cp->name, 1906 sppp_state_name(sp->state[cp->protoidx])); 1907 1908 switch (sp->state[cp->protoidx]) { 1909 case STATE_INITIAL: 1910 case STATE_CLOSED: 1911 case STATE_CLOSING: 1912 break; 1913 case STATE_STARTING: 1914 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1915 (cp->tlf)(sp); 1916 break; 1917 case STATE_STOPPED: 1918 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1919 break; 1920 case STATE_STOPPING: 1921 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1922 break; 1923 case STATE_OPENED: 1924 (cp->tld)(sp); 1925 /* fall through */ 1926 case STATE_REQ_SENT: 1927 case STATE_ACK_RCVD: 1928 case STATE_ACK_SENT: 1929 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1930 sppp_cp_send(sp, cp->proto, TERM_REQ, 1931 ++sp->pp_seq[cp->protoidx], 0, 0); 1932 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1933 break; 1934 } 1935} 1936 1937static void 1938sppp_to_event(const struct cp *cp, struct sppp *sp) 1939{ 1940 STDDCL; 1941 int s; 1942 1943 s = splimp(); 1944 if (debug) 1945 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1946 SPP_ARGS(ifp), cp->name, 1947 sppp_state_name(sp->state[cp->protoidx]), 1948 sp->rst_counter[cp->protoidx]); 1949 1950 if (--sp->rst_counter[cp->protoidx] < 0) 1951 /* TO- event */ 1952 switch (sp->state[cp->protoidx]) { 1953 case STATE_CLOSING: 1954 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1955 (cp->tlf)(sp); 1956 break; 1957 case STATE_STOPPING: 1958 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1959 (cp->tlf)(sp); 1960 break; 1961 case STATE_REQ_SENT: 1962 case STATE_ACK_RCVD: 1963 case STATE_ACK_SENT: 1964 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1965 (cp->tlf)(sp); 1966 break; 1967 } 1968 else 1969 /* TO+ event */ 1970 switch (sp->state[cp->protoidx]) { 1971 case STATE_CLOSING: 1972 case STATE_STOPPING: 1973 sppp_cp_send(sp, cp->proto, TERM_REQ, 1974 ++sp->pp_seq[cp->protoidx], 0, 0); 1975 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1976 sp->ch[cp->protoidx]); 1977 break; 1978 case STATE_REQ_SENT: 1979 case STATE_ACK_RCVD: 1980 (cp->scr)(sp); 1981 /* sppp_cp_change_state() will restart the timer */ 1982 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1983 break; 1984 case STATE_ACK_SENT: 1985 (cp->scr)(sp); 1986 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1987 sp->ch[cp->protoidx]); 1988 break; 1989 } 1990 1991 splx(s); 1992} 1993 1994/* 1995 * Change the state of a control protocol in the state automaton. 1996 * Takes care of starting/stopping the restart timer. 1997 */ 1998void 1999sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2000{ 2001 sp->state[cp->protoidx] = newstate; 2002 2003 UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 2004 switch (newstate) { 2005 case STATE_INITIAL: 2006 case STATE_STARTING: 2007 case STATE_CLOSED: 2008 case STATE_STOPPED: 2009 case STATE_OPENED: 2010 break; 2011 case STATE_CLOSING: 2012 case STATE_STOPPING: 2013 case STATE_REQ_SENT: 2014 case STATE_ACK_RCVD: 2015 case STATE_ACK_SENT: 2016 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 2017 sp->ch[cp->protoidx]); 2018 break; 2019 } 2020} 2021 2022/* 2023 *--------------------------------------------------------------------------* 2024 * * 2025 * The LCP implementation. * 2026 * * 2027 *--------------------------------------------------------------------------* 2028 */ 2029static void 2030sppp_lcp_init(struct sppp *sp) 2031{ 2032 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2033 sp->lcp.magic = 0; 2034 sp->state[IDX_LCP] = STATE_INITIAL; 2035 sp->fail_counter[IDX_LCP] = 0; 2036 sp->pp_seq[IDX_LCP] = 0; 2037 sp->pp_rseq[IDX_LCP] = 0; 2038 sp->lcp.protos = 0; 2039 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2040 2041 /* Note that these values are relevant for all control protocols */ 2042 sp->lcp.timeout = 3 * hz; 2043 sp->lcp.max_terminate = 2; 2044 sp->lcp.max_configure = 10; 2045 sp->lcp.max_failure = 10; 2046#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2047 callout_handle_init(&sp->ch[IDX_LCP]); 2048#endif 2049} 2050 2051static void 2052sppp_lcp_up(struct sppp *sp) 2053{ 2054 STDDCL; 2055 2056 sp->pp_alivecnt = 0; 2057 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2058 sp->lcp.magic = 0; 2059 sp->lcp.protos = 0; 2060 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2061 /* 2062 * If we are authenticator, negotiate LCP_AUTH 2063 */ 2064 if (sp->hisauth.proto != 0) 2065 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2066 else 2067 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2068 sp->pp_flags &= ~PP_NEEDAUTH; 2069 /* 2070 * If this interface is passive or dial-on-demand, and we are 2071 * still in Initial state, it means we've got an incoming 2072 * call. Activate the interface. 2073 */ 2074 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2075 if (debug) 2076 log(LOG_DEBUG, 2077 SPP_FMT "Up event", SPP_ARGS(ifp)); 2078 ifp->if_flags |= IFF_RUNNING; 2079 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2080 if (debug) 2081 log(-1, "(incoming call)\n"); 2082 sp->pp_flags |= PP_CALLIN; 2083 lcp.Open(sp); 2084 } else if (debug) 2085 log(-1, "\n"); 2086 } 2087 2088 sppp_up_event(&lcp, sp); 2089} 2090 2091static void 2092sppp_lcp_down(struct sppp *sp) 2093{ 2094 STDDCL; 2095 2096 sppp_down_event(&lcp, sp); 2097 2098 /* 2099 * If this is neither a dial-on-demand nor a passive 2100 * interface, simulate an ``ifconfig down'' action, so the 2101 * administrator can force a redial by another ``ifconfig 2102 * up''. XXX For leased line operation, should we immediately 2103 * try to reopen the connection here? 2104 */ 2105 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2106 log(LOG_INFO, 2107 SPP_FMT "Down event, taking interface down.\n", 2108 SPP_ARGS(ifp)); 2109 if_down(ifp); 2110 } else { 2111 if (debug) 2112 log(LOG_DEBUG, 2113 SPP_FMT "Down event (carrier loss)\n", 2114 SPP_ARGS(ifp)); 2115 sp->pp_flags &= ~PP_CALLIN; 2116 if (sp->state[IDX_LCP] != STATE_INITIAL) 2117 lcp.Close(sp); 2118 ifp->if_flags &= ~IFF_RUNNING; 2119 } 2120} 2121 2122static void 2123sppp_lcp_open(struct sppp *sp) 2124{ 2125 sppp_open_event(&lcp, sp); 2126} 2127 2128static void 2129sppp_lcp_close(struct sppp *sp) 2130{ 2131 sppp_close_event(&lcp, sp); 2132} 2133 2134static void 2135sppp_lcp_TO(void *cookie) 2136{ 2137 sppp_to_event(&lcp, (struct sppp *)cookie); 2138} 2139 2140/* 2141 * Analyze a configure request. Return true if it was agreeable, and 2142 * caused action sca, false if it has been rejected or nak'ed, and 2143 * caused action scn. (The return value is used to make the state 2144 * transition decision in the state automaton.) 2145 */ 2146static int 2147sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2148{ 2149 STDDCL; 2150 u_char *buf, *r, *p; 2151 int origlen, rlen; 2152 u_long nmagic; 2153 u_short authproto; 2154 2155 len -= 4; 2156 origlen = len; 2157 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2158 if (! buf) 2159 return (0); 2160 2161 if (debug) 2162 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2163 SPP_ARGS(ifp)); 2164 2165 /* pass 1: check for things that need to be rejected */ 2166 p = (void*) (h+1); 2167 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2168 if (debug) 2169 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2170 switch (*p) { 2171 case LCP_OPT_MAGIC: 2172 /* Magic number. */ 2173 if (len >= 6 && p[1] == 6) 2174 continue; 2175 if (debug) 2176 log(-1, "[invalid] "); 2177 break; 2178 case LCP_OPT_ASYNC_MAP: 2179 /* Async control character map. */ 2180 if (len >= 6 && p[1] == 6) 2181 continue; 2182 if (debug) 2183 log(-1, "[invalid] "); 2184 break; 2185 case LCP_OPT_MRU: 2186 /* Maximum receive unit. */ 2187 if (len >= 4 && p[1] == 4) 2188 continue; 2189 if (debug) 2190 log(-1, "[invalid] "); 2191 break; 2192 case LCP_OPT_AUTH_PROTO: 2193 if (len < 4) { 2194 if (debug) 2195 log(-1, "[invalid] "); 2196 break; 2197 } 2198 authproto = (p[2] << 8) + p[3]; 2199 if (authproto == PPP_CHAP && p[1] != 5) { 2200 if (debug) 2201 log(-1, "[invalid chap len] "); 2202 break; 2203 } 2204 if (sp->myauth.proto == 0) { 2205 /* we are not configured to do auth */ 2206 if (debug) 2207 log(-1, "[not configured] "); 2208 break; 2209 } 2210 /* 2211 * Remote want us to authenticate, remember this, 2212 * so we stay in PHASE_AUTHENTICATE after LCP got 2213 * up. 2214 */ 2215 sp->pp_flags |= PP_NEEDAUTH; 2216 continue; 2217 default: 2218 /* Others not supported. */ 2219 if (debug) 2220 log(-1, "[rej] "); 2221 break; 2222 } 2223 /* Add the option to rejected list. */ 2224 bcopy (p, r, p[1]); 2225 r += p[1]; 2226 rlen += p[1]; 2227 } 2228 if (rlen) { 2229 if (debug) 2230 log(-1, " send conf-rej\n"); 2231 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2232 return 0; 2233 } else if (debug) 2234 log(-1, "\n"); 2235 2236 /* 2237 * pass 2: check for option values that are unacceptable and 2238 * thus require to be nak'ed. 2239 */ 2240 if (debug) 2241 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2242 SPP_ARGS(ifp)); 2243 2244 p = (void*) (h+1); 2245 len = origlen; 2246 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2247 if (debug) 2248 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2249 switch (*p) { 2250 case LCP_OPT_MAGIC: 2251 /* Magic number -- extract. */ 2252 nmagic = (u_long)p[2] << 24 | 2253 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2254 if (nmagic != sp->lcp.magic) { 2255 sp->pp_loopcnt = 0; 2256 if (debug) 2257 log(-1, "0x%lx ", nmagic); 2258 continue; 2259 } 2260 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2261 log(-1, "[glitch] "); 2262 ++sp->pp_loopcnt; 2263 /* 2264 * We negate our magic here, and NAK it. If 2265 * we see it later in an NAK packet, we 2266 * suggest a new one. 2267 */ 2268 nmagic = ~sp->lcp.magic; 2269 /* Gonna NAK it. */ 2270 p[2] = nmagic >> 24; 2271 p[3] = nmagic >> 16; 2272 p[4] = nmagic >> 8; 2273 p[5] = nmagic; 2274 break; 2275 2276 case LCP_OPT_ASYNC_MAP: 2277 /* 2278 * Async control character map -- just ignore it. 2279 * 2280 * Quote from RFC 1662, chapter 6: 2281 * To enable this functionality, synchronous PPP 2282 * implementations MUST always respond to the 2283 * Async-Control-Character-Map Configuration 2284 * Option with the LCP Configure-Ack. However, 2285 * acceptance of the Configuration Option does 2286 * not imply that the synchronous implementation 2287 * will do any ACCM mapping. Instead, all such 2288 * octet mapping will be performed by the 2289 * asynchronous-to-synchronous converter. 2290 */ 2291 continue; 2292 2293 case LCP_OPT_MRU: 2294 /* 2295 * Maximum receive unit. Always agreeable, 2296 * but ignored by now. 2297 */ 2298 sp->lcp.their_mru = p[2] * 256 + p[3]; 2299 if (debug) 2300 log(-1, "%lu ", sp->lcp.their_mru); 2301 continue; 2302 2303 case LCP_OPT_AUTH_PROTO: 2304 authproto = (p[2] << 8) + p[3]; 2305 if (sp->myauth.proto != authproto) { 2306 /* not agreed, nak */ 2307 if (debug) 2308 log(-1, "[mine %s != his %s] ", 2309 sppp_proto_name(sp->hisauth.proto), 2310 sppp_proto_name(authproto)); 2311 p[2] = sp->myauth.proto >> 8; 2312 p[3] = sp->myauth.proto; 2313 break; 2314 } 2315 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2316 if (debug) 2317 log(-1, "[chap not MD5] "); 2318 p[4] = CHAP_MD5; 2319 break; 2320 } 2321 continue; 2322 } 2323 /* Add the option to nak'ed list. */ 2324 bcopy (p, r, p[1]); 2325 r += p[1]; 2326 rlen += p[1]; 2327 } 2328 if (rlen) { 2329 /* 2330 * Local and remote magics equal -- loopback? 2331 */ 2332 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2333 if (sp->pp_loopcnt == MAXALIVECNT*5) 2334 printf (SPP_FMT "loopback\n", 2335 SPP_ARGS(ifp)); 2336 if (ifp->if_flags & IFF_UP) { 2337 if_down(ifp); 2338 sppp_qflush(&sp->pp_cpq); 2339 /* XXX ? */ 2340 lcp.Down(sp); 2341 lcp.Up(sp); 2342 } 2343 } else if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2344 if (debug) 2345 log(-1, " max_failure (%d) exceeded, " 2346 "send conf-rej\n", 2347 sp->lcp.max_failure); 2348 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2349 } else { 2350 if (debug) 2351 log(-1, " send conf-nak\n"); 2352 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2353 } 2354 } else { 2355 if (debug) 2356 log(-1, " send conf-ack\n"); 2357 sp->fail_counter[IDX_LCP] = 0; 2358 sp->pp_loopcnt = 0; 2359 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2360 h->ident, origlen, h+1); 2361 } 2362 2363 free (buf, M_TEMP); 2364 return (rlen == 0); 2365} 2366 2367/* 2368 * Analyze the LCP Configure-Reject option list, and adjust our 2369 * negotiation. 2370 */ 2371static void 2372sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2373{ 2374 STDDCL; 2375 u_char *buf, *p; 2376 2377 len -= 4; 2378 buf = malloc (len, M_TEMP, M_NOWAIT); 2379 if (!buf) 2380 return; 2381 2382 if (debug) 2383 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2384 SPP_ARGS(ifp)); 2385 2386 p = (void*) (h+1); 2387 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2388 if (debug) 2389 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2390 switch (*p) { 2391 case LCP_OPT_MAGIC: 2392 /* Magic number -- can't use it, use 0 */ 2393 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2394 sp->lcp.magic = 0; 2395 break; 2396 case LCP_OPT_MRU: 2397 /* 2398 * Should not be rejected anyway, since we only 2399 * negotiate a MRU if explicitly requested by 2400 * peer. 2401 */ 2402 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2403 break; 2404 case LCP_OPT_AUTH_PROTO: 2405 /* 2406 * Peer doesn't want to authenticate himself, 2407 * deny unless this is a dialout call, and 2408 * AUTHFLAG_NOCALLOUT is set. 2409 */ 2410 if ((sp->pp_flags & PP_CALLIN) == 0 && 2411 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2412 if (debug) 2413 log(-1, "[don't insist on auth " 2414 "for callout]"); 2415 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2416 break; 2417 } 2418 if (debug) 2419 log(-1, "[access denied]\n"); 2420 lcp.Close(sp); 2421 break; 2422 } 2423 } 2424 if (debug) 2425 log(-1, "\n"); 2426 free (buf, M_TEMP); 2427 return; 2428} 2429 2430/* 2431 * Analyze the LCP Configure-NAK option list, and adjust our 2432 * negotiation. 2433 */ 2434static void 2435sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2436{ 2437 STDDCL; 2438 u_char *buf, *p; 2439 u_long magic; 2440 2441 len -= 4; 2442 buf = malloc (len, M_TEMP, M_NOWAIT); 2443 if (!buf) 2444 return; 2445 2446 if (debug) 2447 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2448 SPP_ARGS(ifp)); 2449 2450 p = (void*) (h+1); 2451 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2452 if (debug) 2453 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2454 switch (*p) { 2455 case LCP_OPT_MAGIC: 2456 /* Magic number -- renegotiate */ 2457 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2458 len >= 6 && p[1] == 6) { 2459 magic = (u_long)p[2] << 24 | 2460 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2461 /* 2462 * If the remote magic is our negated one, 2463 * this looks like a loopback problem. 2464 * Suggest a new magic to make sure. 2465 */ 2466 if (magic == ~sp->lcp.magic) { 2467 if (debug) 2468 log(-1, "magic glitch "); 2469#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2470 sp->lcp.magic = random(); 2471#else 2472 sp->lcp.magic = time.tv_sec + time.tv_usec; 2473#endif 2474 } else { 2475 sp->lcp.magic = magic; 2476 if (debug) 2477 log(-1, "%lu ", magic); 2478 } 2479 } 2480 break; 2481 case LCP_OPT_MRU: 2482 /* 2483 * Peer wants to advise us to negotiate an MRU. 2484 * Agree on it if it's reasonable, or use 2485 * default otherwise. 2486 */ 2487 if (len >= 4 && p[1] == 4) { 2488 u_int mru = p[2] * 256 + p[3]; 2489 if (debug) 2490 log(-1, "%d ", mru); 2491 if (mru < PP_MTU || mru > PP_MAX_MRU) 2492 mru = PP_MTU; 2493 sp->lcp.mru = mru; 2494 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2495 } 2496 break; 2497 case LCP_OPT_AUTH_PROTO: 2498 /* 2499 * Peer doesn't like our authentication method, 2500 * deny. 2501 */ 2502 if (debug) 2503 log(-1, "[access denied]\n"); 2504 lcp.Close(sp); 2505 break; 2506 } 2507 } 2508 if (debug) 2509 log(-1, "\n"); 2510 free (buf, M_TEMP); 2511 return; 2512} 2513 2514static void 2515sppp_lcp_tlu(struct sppp *sp) 2516{ 2517 STDDCL; 2518 int i; 2519 u_long mask; 2520 2521 /* XXX ? */ 2522 if (! (ifp->if_flags & IFF_UP) && 2523 (ifp->if_flags & IFF_RUNNING)) { 2524 /* Coming out of loopback mode. */ 2525 if_up(ifp); 2526 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2527 } 2528 2529 for (i = 0; i < IDX_COUNT; i++) 2530 if ((cps[i])->flags & CP_QUAL) 2531 (cps[i])->Open(sp); 2532 2533 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2534 (sp->pp_flags & PP_NEEDAUTH) != 0) 2535 sp->pp_phase = PHASE_AUTHENTICATE; 2536 else 2537 sp->pp_phase = PHASE_NETWORK; 2538 2539 if (debug) 2540 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2541 sppp_phase_name(sp->pp_phase)); 2542 2543 /* 2544 * Open all authentication protocols. This is even required 2545 * if we already proceeded to network phase, since it might be 2546 * that remote wants us to authenticate, so we might have to 2547 * send a PAP request. Undesired authentication protocols 2548 * don't do anything when they get an Open event. 2549 */ 2550 for (i = 0; i < IDX_COUNT; i++) 2551 if ((cps[i])->flags & CP_AUTH) 2552 (cps[i])->Open(sp); 2553 2554 if (sp->pp_phase == PHASE_NETWORK) { 2555 /* Notify all NCPs. */ 2556 for (i = 0; i < IDX_COUNT; i++) 2557 if ((cps[i])->flags & CP_NCP) 2558 (cps[i])->Open(sp); 2559 } 2560 2561 /* Send Up events to all started protos. */ 2562 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2563 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2564 (cps[i])->Up(sp); 2565 2566 /* notify low-level driver of state change */ 2567 if (sp->pp_chg) 2568 sp->pp_chg(sp, (int)sp->pp_phase); 2569 2570 if (sp->pp_phase == PHASE_NETWORK) 2571 /* if no NCP is starting, close down */ 2572 sppp_lcp_check_and_close(sp); 2573} 2574 2575static void 2576sppp_lcp_tld(struct sppp *sp) 2577{ 2578 STDDCL; 2579 int i; 2580 u_long mask; 2581 2582 sp->pp_phase = PHASE_TERMINATE; 2583 2584 if (debug) 2585 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2586 sppp_phase_name(sp->pp_phase)); 2587 2588 /* 2589 * Take upper layers down. We send the Down event first and 2590 * the Close second to prevent the upper layers from sending 2591 * ``a flurry of terminate-request packets'', as the RFC 2592 * describes it. 2593 */ 2594 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2595 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2596 (cps[i])->Down(sp); 2597 (cps[i])->Close(sp); 2598 } 2599} 2600 2601static void 2602sppp_lcp_tls(struct sppp *sp) 2603{ 2604 STDDCL; 2605 2606 sp->pp_phase = PHASE_ESTABLISH; 2607 2608 if (debug) 2609 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2610 sppp_phase_name(sp->pp_phase)); 2611 2612 /* Notify lower layer if desired. */ 2613 if (sp->pp_tls) 2614 (sp->pp_tls)(sp); 2615 else 2616 (sp->pp_up)(sp); 2617} 2618 2619static void 2620sppp_lcp_tlf(struct sppp *sp) 2621{ 2622 STDDCL; 2623 2624 sp->pp_phase = PHASE_DEAD; 2625 if (debug) 2626 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2627 sppp_phase_name(sp->pp_phase)); 2628 2629 /* Notify lower layer if desired. */ 2630 if (sp->pp_tlf) 2631 (sp->pp_tlf)(sp); 2632 else 2633 (sp->pp_down)(sp); 2634} 2635 2636static void 2637sppp_lcp_scr(struct sppp *sp) 2638{ 2639 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2640 int i = 0; 2641 u_short authproto; 2642 2643 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2644 if (! sp->lcp.magic) 2645#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2646 sp->lcp.magic = random(); 2647#else 2648 sp->lcp.magic = time.tv_sec + time.tv_usec; 2649#endif 2650 opt[i++] = LCP_OPT_MAGIC; 2651 opt[i++] = 6; 2652 opt[i++] = sp->lcp.magic >> 24; 2653 opt[i++] = sp->lcp.magic >> 16; 2654 opt[i++] = sp->lcp.magic >> 8; 2655 opt[i++] = sp->lcp.magic; 2656 } 2657 2658 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2659 opt[i++] = LCP_OPT_MRU; 2660 opt[i++] = 4; 2661 opt[i++] = sp->lcp.mru >> 8; 2662 opt[i++] = sp->lcp.mru; 2663 } 2664 2665 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2666 authproto = sp->hisauth.proto; 2667 opt[i++] = LCP_OPT_AUTH_PROTO; 2668 opt[i++] = authproto == PPP_CHAP? 5: 4; 2669 opt[i++] = authproto >> 8; 2670 opt[i++] = authproto; 2671 if (authproto == PPP_CHAP) 2672 opt[i++] = CHAP_MD5; 2673 } 2674 2675 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2676 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2677} 2678 2679/* 2680 * Check the open NCPs, return true if at least one NCP is open. 2681 */ 2682static int 2683sppp_ncp_check(struct sppp *sp) 2684{ 2685 int i, mask; 2686 2687 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2688 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2689 return 1; 2690 return 0; 2691} 2692 2693/* 2694 * Re-check the open NCPs and see if we should terminate the link. 2695 * Called by the NCPs during their tlf action handling. 2696 */ 2697static void 2698sppp_lcp_check_and_close(struct sppp *sp) 2699{ 2700 2701 if (sp->pp_phase < PHASE_NETWORK) 2702 /* don't bother, we are already going down */ 2703 return; 2704 2705 if (sppp_ncp_check(sp)) 2706 return; 2707 2708 lcp.Close(sp); 2709} 2710 2711/* 2712 *--------------------------------------------------------------------------* 2713 * * 2714 * The IPCP implementation. * 2715 * * 2716 *--------------------------------------------------------------------------* 2717 */ 2718 2719static void 2720sppp_ipcp_init(struct sppp *sp) 2721{ 2722 sp->ipcp.opts = 0; 2723 sp->ipcp.flags = 0; 2724 sp->state[IDX_IPCP] = STATE_INITIAL; 2725 sp->fail_counter[IDX_IPCP] = 0; 2726 sp->pp_seq[IDX_IPCP] = 0; 2727 sp->pp_rseq[IDX_IPCP] = 0; 2728#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2729 callout_handle_init(&sp->ch[IDX_IPCP]); 2730#endif 2731} 2732 2733static void 2734sppp_ipcp_up(struct sppp *sp) 2735{ 2736 sppp_up_event(&ipcp, sp); 2737} 2738 2739static void 2740sppp_ipcp_down(struct sppp *sp) 2741{ 2742 sppp_down_event(&ipcp, sp); 2743} 2744 2745static void 2746sppp_ipcp_open(struct sppp *sp) 2747{ 2748 STDDCL; 2749 u_long myaddr, hisaddr; 2750 2751 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN | 2752 IPCP_MYADDR_DYN | IPCP_VJ); 2753 2754 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2755 /* 2756 * If we don't have his address, this probably means our 2757 * interface doesn't want to talk IP at all. (This could 2758 * be the case if somebody wants to speak only IPX, for 2759 * example.) Don't open IPCP in this case. 2760 */ 2761 if (hisaddr == 0L) { 2762 /* XXX this message should go away */ 2763 if (debug) 2764 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2765 SPP_ARGS(ifp)); 2766 return; 2767 } 2768 if (myaddr == 0L) { 2769 /* 2770 * I don't have an assigned address, so i need to 2771 * negotiate my address. 2772 */ 2773 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2774 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2775 } else 2776 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2777 if (sp->enable_vj) { 2778 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION); 2779 sp->ipcp.max_state = MAX_STATES - 1; 2780 sp->ipcp.compress_cid = 1; 2781 } 2782 sppp_open_event(&ipcp, sp); 2783} 2784 2785static void 2786sppp_ipcp_close(struct sppp *sp) 2787{ 2788 sppp_close_event(&ipcp, sp); 2789 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2790 /* 2791 * My address was dynamic, clear it again. 2792 */ 2793 sppp_set_ip_addr(sp, 0L); 2794} 2795 2796static void 2797sppp_ipcp_TO(void *cookie) 2798{ 2799 sppp_to_event(&ipcp, (struct sppp *)cookie); 2800} 2801 2802/* 2803 * Analyze a configure request. Return true if it was agreeable, and 2804 * caused action sca, false if it has been rejected or nak'ed, and 2805 * caused action scn. (The return value is used to make the state 2806 * transition decision in the state automaton.) 2807 */ 2808static int 2809sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2810{ 2811 u_char *buf, *r, *p; 2812 struct ifnet *ifp = &sp->pp_if; 2813 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2814 u_long hisaddr, desiredaddr; 2815 int gotmyaddr = 0; 2816 int desiredcomp; 2817 2818 len -= 4; 2819 origlen = len; 2820 /* 2821 * Make sure to allocate a buf that can at least hold a 2822 * conf-nak with an `address' option. We might need it below. 2823 */ 2824 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2825 if (! buf) 2826 return (0); 2827 2828 /* pass 1: see if we can recognize them */ 2829 if (debug) 2830 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2831 SPP_ARGS(ifp)); 2832 p = (void*) (h+1); 2833 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2834 if (debug) 2835 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2836 switch (*p) { 2837 case IPCP_OPT_COMPRESSION: 2838 if (!sp->enable_vj) { 2839 /* VJ compression administratively disabled */ 2840 if (debug) 2841 log(-1, "[locally disabled] "); 2842 break; 2843 } 2844 /* 2845 * In theory, we should only conf-rej an 2846 * option that is shorter than RFC 1618 2847 * requires (i.e. < 4), and should conf-nak 2848 * anything else that is not VJ. However, 2849 * since our algorithm always uses the 2850 * original option to NAK it with new values, 2851 * things would become more complicated. In 2852 * pratice, the only commonly implemented IP 2853 * compression option is VJ anyway, so the 2854 * difference is negligible. 2855 */ 2856 if (len >= 6 && p[1] == 6) { 2857 /* 2858 * correctly formed compression option 2859 * that could be VJ compression 2860 */ 2861 continue; 2862 } 2863 if (debug) 2864 log(-1, 2865 "optlen %d [invalid/unsupported] ", 2866 p[1]); 2867 break; 2868 case IPCP_OPT_ADDRESS: 2869 if (len >= 6 && p[1] == 6) { 2870 /* correctly formed address option */ 2871 continue; 2872 } 2873 if (debug) 2874 log(-1, "[invalid] "); 2875 break; 2876 default: 2877 /* Others not supported. */ 2878 if (debug) 2879 log(-1, "[rej] "); 2880 break; 2881 } 2882 /* Add the option to rejected list. */ 2883 bcopy (p, r, p[1]); 2884 r += p[1]; 2885 rlen += p[1]; 2886 } 2887 if (rlen) { 2888 if (debug) 2889 log(-1, " send conf-rej\n"); 2890 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2891 return 0; 2892 } else if (debug) 2893 log(-1, "\n"); 2894 2895 /* pass 2: parse option values */ 2896 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2897 if (debug) 2898 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2899 SPP_ARGS(ifp)); 2900 p = (void*) (h+1); 2901 len = origlen; 2902 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2903 if (debug) 2904 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2905 switch (*p) { 2906 case IPCP_OPT_COMPRESSION: 2907 desiredcomp = p[2] << 8 | p[3]; 2908 /* We only support VJ */ 2909 if (desiredcomp == IPCP_COMP_VJ) { 2910 if (debug) 2911 log(-1, "VJ [ack] "); 2912 sp->ipcp.flags |= IPCP_VJ; 2913 sl_compress_init(&sp->pp_comp, p[4]); 2914 sp->ipcp.max_state = p[4]; 2915 sp->ipcp.compress_cid = p[5]; 2916 continue; 2917 } 2918 if (debug) 2919 log(-1, 2920 "compproto %#04x [not supported] ", 2921 desiredcomp); 2922 p[2] = IPCP_COMP_VJ >> 8; 2923 p[3] = IPCP_COMP_VJ; 2924 p[4] = sp->ipcp.max_state; 2925 p[5] = sp->ipcp.compress_cid; 2926 break; 2927 case IPCP_OPT_ADDRESS: 2928 /* This is the address he wants in his end */ 2929 desiredaddr = p[2] << 24 | p[3] << 16 | 2930 p[4] << 8 | p[5]; 2931 if (desiredaddr == hisaddr || 2932 (hisaddr == 1 && desiredaddr != 0)) { 2933 /* 2934 * Peer's address is same as our value, 2935 * or we have set it to 0.0.0.1 to 2936 * indicate that we do not really care, 2937 * this is agreeable. Gonna conf-ack 2938 * it. 2939 */ 2940 if (debug) 2941 log(-1, "%s [ack] ", 2942 sppp_dotted_quad(hisaddr)); 2943 /* record that we've seen it already */ 2944 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2945 continue; 2946 } 2947 /* 2948 * The address wasn't agreeable. This is either 2949 * he sent us 0.0.0.0, asking to assign him an 2950 * address, or he send us another address not 2951 * matching our value. Either case, we gonna 2952 * conf-nak it with our value. 2953 * XXX: we should "rej" if hisaddr == 0 2954 */ 2955 if (debug) { 2956 if (desiredaddr == 0) 2957 log(-1, "[addr requested] "); 2958 else 2959 log(-1, "%s [not agreed] ", 2960 sppp_dotted_quad(desiredaddr)); 2961 2962 } 2963 p[2] = hisaddr >> 24; 2964 p[3] = hisaddr >> 16; 2965 p[4] = hisaddr >> 8; 2966 p[5] = hisaddr; 2967 break; 2968 } 2969 /* Add the option to nak'ed list. */ 2970 bcopy (p, r, p[1]); 2971 r += p[1]; 2972 rlen += p[1]; 2973 } 2974 2975 /* 2976 * If we are about to conf-ack the request, but haven't seen 2977 * his address so far, gonna conf-nak it instead, with the 2978 * `address' option present and our idea of his address being 2979 * filled in there, to request negotiation of both addresses. 2980 * 2981 * XXX This can result in an endless req - nak loop if peer 2982 * doesn't want to send us his address. Q: What should we do 2983 * about it? XXX A: implement the max-failure counter. 2984 */ 2985 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 2986 buf[0] = IPCP_OPT_ADDRESS; 2987 buf[1] = 6; 2988 buf[2] = hisaddr >> 24; 2989 buf[3] = hisaddr >> 16; 2990 buf[4] = hisaddr >> 8; 2991 buf[5] = hisaddr; 2992 rlen = 6; 2993 if (debug) 2994 log(-1, "still need hisaddr "); 2995 } 2996 2997 if (rlen) { 2998 if (debug) 2999 log(-1, " send conf-nak\n"); 3000 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3001 } else { 3002 if (debug) 3003 log(-1, " send conf-ack\n"); 3004 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 3005 h->ident, origlen, h+1); 3006 } 3007 3008 free (buf, M_TEMP); 3009 return (rlen == 0); 3010} 3011 3012/* 3013 * Analyze the IPCP Configure-Reject option list, and adjust our 3014 * negotiation. 3015 */ 3016static void 3017sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3018{ 3019 u_char *buf, *p; 3020 struct ifnet *ifp = &sp->pp_if; 3021 int debug = ifp->if_flags & IFF_DEBUG; 3022 3023 len -= 4; 3024 buf = malloc (len, M_TEMP, M_NOWAIT); 3025 if (!buf) 3026 return; 3027 3028 if (debug) 3029 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 3030 SPP_ARGS(ifp)); 3031 3032 p = (void*) (h+1); 3033 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3034 if (debug) 3035 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3036 switch (*p) { 3037 case IPCP_OPT_COMPRESSION: 3038 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION); 3039 break; 3040 case IPCP_OPT_ADDRESS: 3041 /* 3042 * Peer doesn't grok address option. This is 3043 * bad. XXX Should we better give up here? 3044 * XXX We could try old "addresses" option... 3045 */ 3046 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3047 break; 3048 } 3049 } 3050 if (debug) 3051 log(-1, "\n"); 3052 free (buf, M_TEMP); 3053 return; 3054} 3055 3056/* 3057 * Analyze the IPCP Configure-NAK option list, and adjust our 3058 * negotiation. 3059 */ 3060static void 3061sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3062{ 3063 u_char *buf, *p; 3064 struct ifnet *ifp = &sp->pp_if; 3065 int debug = ifp->if_flags & IFF_DEBUG; 3066 int desiredcomp; 3067 u_long wantaddr; 3068 3069 len -= 4; 3070 buf = malloc (len, M_TEMP, M_NOWAIT); 3071 if (!buf) 3072 return; 3073 3074 if (debug) 3075 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 3076 SPP_ARGS(ifp)); 3077 3078 p = (void*) (h+1); 3079 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3080 if (debug) 3081 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3082 switch (*p) { 3083 case IPCP_OPT_COMPRESSION: 3084 if (len >= 6 && p[1] == 6) { 3085 desiredcomp = p[2] << 8 | p[3]; 3086 if (debug) 3087 log(-1, "[wantcomp %#04x] ", 3088 desiredcomp); 3089 if (desiredcomp == IPCP_COMP_VJ) { 3090 sl_compress_init(&sp->pp_comp, p[4]); 3091 sp->ipcp.max_state = p[4]; 3092 sp->ipcp.compress_cid = p[5]; 3093 if (debug) 3094 log(-1, "[agree] "); 3095 } else 3096 sp->ipcp.opts &= 3097 ~(1 << IPCP_OPT_COMPRESSION); 3098 } 3099 break; 3100 case IPCP_OPT_ADDRESS: 3101 /* 3102 * Peer doesn't like our local IP address. See 3103 * if we can do something for him. We'll drop 3104 * him our address then. 3105 */ 3106 if (len >= 6 && p[1] == 6) { 3107 wantaddr = p[2] << 24 | p[3] << 16 | 3108 p[4] << 8 | p[5]; 3109 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3110 if (debug) 3111 log(-1, "[wantaddr %s] ", 3112 sppp_dotted_quad(wantaddr)); 3113 /* 3114 * When doing dynamic address assignment, 3115 * we accept his offer. Otherwise, we 3116 * ignore it and thus continue to negotiate 3117 * our already existing value. 3118 * XXX: Bogus, if he said no once, he'll 3119 * just say no again, might as well die. 3120 */ 3121 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3122 sppp_set_ip_addr(sp, wantaddr); 3123 if (debug) 3124 log(-1, "[agree] "); 3125 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3126 } 3127 } 3128 break; 3129 } 3130 } 3131 if (debug) 3132 log(-1, "\n"); 3133 free (buf, M_TEMP); 3134 return; 3135} 3136 3137static void 3138sppp_ipcp_tlu(struct sppp *sp) 3139{ 3140 /* we are up - notify isdn daemon */ 3141 if (sp->pp_con) 3142 sp->pp_con(sp); 3143} 3144 3145static void 3146sppp_ipcp_tld(struct sppp *sp) 3147{ 3148} 3149 3150static void 3151sppp_ipcp_tls(struct sppp *sp) 3152{ 3153 /* indicate to LCP that it must stay alive */ 3154 sp->lcp.protos |= (1 << IDX_IPCP); 3155} 3156 3157static void 3158sppp_ipcp_tlf(struct sppp *sp) 3159{ 3160 /* we no longer need LCP */ 3161 sp->lcp.protos &= ~(1 << IDX_IPCP); 3162 sppp_lcp_check_and_close(sp); 3163} 3164 3165static void 3166sppp_ipcp_scr(struct sppp *sp) 3167{ 3168 char opt[6 /* compression */ + 6 /* address */]; 3169 u_long ouraddr; 3170 int i = 0; 3171 3172 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3173 opt[i++] = IPCP_OPT_COMPRESSION; 3174 opt[i++] = 6; 3175 opt[i++] = IPCP_COMP_VJ >> 8; 3176 opt[i++] = IPCP_COMP_VJ; 3177 opt[i++] = sp->ipcp.max_state; 3178 opt[i++] = sp->ipcp.compress_cid; 3179 } 3180 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3181 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3182 opt[i++] = IPCP_OPT_ADDRESS; 3183 opt[i++] = 6; 3184 opt[i++] = ouraddr >> 24; 3185 opt[i++] = ouraddr >> 16; 3186 opt[i++] = ouraddr >> 8; 3187 opt[i++] = ouraddr; 3188 } 3189 3190 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3191 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3192} 3193 3194/* 3195 *--------------------------------------------------------------------------* 3196 * * 3197 * The IPv6CP implementation. * 3198 * * 3199 *--------------------------------------------------------------------------* 3200 */ 3201 3202#ifdef INET6 3203static void 3204sppp_ipv6cp_init(struct sppp *sp) 3205{ 3206 sp->ipv6cp.opts = 0; 3207 sp->ipv6cp.flags = 0; 3208 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3209 sp->fail_counter[IDX_IPV6CP] = 0; 3210 sp->pp_seq[IDX_IPV6CP] = 0; 3211 sp->pp_rseq[IDX_IPV6CP] = 0; 3212#if defined(__NetBSD__) 3213 callout_init(&sp->ch[IDX_IPV6CP]); 3214#endif 3215#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3216 callout_handle_init(&sp->ch[IDX_IPV6CP]); 3217#endif 3218} 3219 3220static void 3221sppp_ipv6cp_up(struct sppp *sp) 3222{ 3223 sppp_up_event(&ipv6cp, sp); 3224} 3225 3226static void 3227sppp_ipv6cp_down(struct sppp *sp) 3228{ 3229 sppp_down_event(&ipv6cp, sp); 3230} 3231 3232static void 3233sppp_ipv6cp_open(struct sppp *sp) 3234{ 3235 STDDCL; 3236 struct in6_addr myaddr, hisaddr; 3237 3238#ifdef IPV6CP_MYIFID_DYN 3239 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3240#else 3241 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3242#endif 3243 3244 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3245 /* 3246 * If we don't have our address, this probably means our 3247 * interface doesn't want to talk IPv6 at all. (This could 3248 * be the case if somebody wants to speak only IPX, for 3249 * example.) Don't open IPv6CP in this case. 3250 */ 3251 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3252 /* XXX this message should go away */ 3253 if (debug) 3254 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3255 SPP_ARGS(ifp)); 3256 return; 3257 } 3258 3259 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3260 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3261 sppp_open_event(&ipv6cp, sp); 3262} 3263 3264static void 3265sppp_ipv6cp_close(struct sppp *sp) 3266{ 3267 sppp_close_event(&ipv6cp, sp); 3268} 3269 3270static void 3271sppp_ipv6cp_TO(void *cookie) 3272{ 3273 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3274} 3275 3276/* 3277 * Analyze a configure request. Return true if it was agreeable, and 3278 * caused action sca, false if it has been rejected or nak'ed, and 3279 * caused action scn. (The return value is used to make the state 3280 * transition decision in the state automaton.) 3281 */ 3282static int 3283sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3284{ 3285 u_char *buf, *r, *p; 3286 struct ifnet *ifp = &sp->pp_if; 3287 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3288 struct in6_addr myaddr, desiredaddr, suggestaddr; 3289 int ifidcount; 3290 int type; 3291 int collision, nohisaddr; 3292 3293 len -= 4; 3294 origlen = len; 3295 /* 3296 * Make sure to allocate a buf that can at least hold a 3297 * conf-nak with an `address' option. We might need it below. 3298 */ 3299 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3300 if (! buf) 3301 return (0); 3302 3303 /* pass 1: see if we can recognize them */ 3304 if (debug) 3305 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3306 SPP_ARGS(ifp)); 3307 p = (void*) (h+1); 3308 ifidcount = 0; 3309 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3310 if (debug) 3311 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3312 switch (*p) { 3313 case IPV6CP_OPT_IFID: 3314 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3315 /* correctly formed address option */ 3316 ifidcount++; 3317 continue; 3318 } 3319 if (debug) 3320 log(-1, " [invalid]"); 3321 break; 3322#ifdef notyet 3323 case IPV6CP_OPT_COMPRESSION: 3324 if (len >= 4 && p[1] >= 4) { 3325 /* correctly formed compress option */ 3326 continue; 3327 } 3328 if (debug) 3329 log(-1, " [invalid]"); 3330 break; 3331#endif 3332 default: 3333 /* Others not supported. */ 3334 if (debug) 3335 log(-1, " [rej]"); 3336 break; 3337 } 3338 /* Add the option to rejected list. */ 3339 bcopy (p, r, p[1]); 3340 r += p[1]; 3341 rlen += p[1]; 3342 } 3343 if (rlen) { 3344 if (debug) 3345 log(-1, " send conf-rej\n"); 3346 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3347 goto end; 3348 } else if (debug) 3349 log(-1, "\n"); 3350 3351 /* pass 2: parse option values */ 3352 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3353 if (debug) 3354 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3355 SPP_ARGS(ifp)); 3356 p = (void*) (h+1); 3357 len = origlen; 3358 type = CONF_ACK; 3359 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3360 if (debug) 3361 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3362 switch (*p) { 3363#ifdef notyet 3364 case IPV6CP_OPT_COMPRESSION: 3365 continue; 3366#endif 3367 case IPV6CP_OPT_IFID: 3368 bzero(&desiredaddr, sizeof(desiredaddr)); 3369 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3370 collision = (bcmp(&desiredaddr.s6_addr[8], 3371 &myaddr.s6_addr[8], 8) == 0); 3372 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3373 3374 desiredaddr.s6_addr16[0] = htons(0xfe80); 3375 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3376 3377 if (!collision && !nohisaddr) { 3378 /* no collision, hisaddr known - Conf-Ack */ 3379 type = CONF_ACK; 3380 3381 if (debug) { 3382 log(-1, " %s [%s]", 3383 ip6_sprintf(&desiredaddr), 3384 sppp_cp_type_name(type)); 3385 } 3386 continue; 3387 } 3388 3389 bzero(&suggestaddr, sizeof(&suggestaddr)); 3390 if (collision && nohisaddr) { 3391 /* collision, hisaddr unknown - Conf-Rej */ 3392 type = CONF_REJ; 3393 bzero(&p[2], 8); 3394 } else { 3395 /* 3396 * - no collision, hisaddr unknown, or 3397 * - collision, hisaddr known 3398 * Conf-Nak, suggest hisaddr 3399 */ 3400 type = CONF_NAK; 3401 sppp_suggest_ip6_addr(sp, &suggestaddr); 3402 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3403 } 3404 if (debug) 3405 log(-1, " %s [%s]", ip6_sprintf(&desiredaddr), 3406 sppp_cp_type_name(type)); 3407 break; 3408 } 3409 /* Add the option to nak'ed list. */ 3410 bcopy (p, r, p[1]); 3411 r += p[1]; 3412 rlen += p[1]; 3413 } 3414 3415 if (rlen == 0 && type == CONF_ACK) { 3416 if (debug) 3417 log(-1, " send %s\n", sppp_cp_type_name(type)); 3418 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3419 } else { 3420#ifdef DIAGNOSTIC 3421 if (type == CONF_ACK) 3422 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3423#endif 3424 3425 if (debug) { 3426 log(-1, " send %s suggest %s\n", 3427 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3428 } 3429 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3430 } 3431 3432 end: 3433 free (buf, M_TEMP); 3434 return (rlen == 0); 3435} 3436 3437/* 3438 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3439 * negotiation. 3440 */ 3441static void 3442sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3443{ 3444 u_char *buf, *p; 3445 struct ifnet *ifp = &sp->pp_if; 3446 int debug = ifp->if_flags & IFF_DEBUG; 3447 3448 len -= 4; 3449 buf = malloc (len, M_TEMP, M_NOWAIT); 3450 if (!buf) 3451 return; 3452 3453 if (debug) 3454 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3455 SPP_ARGS(ifp)); 3456 3457 p = (void*) (h+1); 3458 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3459 if (debug) 3460 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3461 switch (*p) { 3462 case IPV6CP_OPT_IFID: 3463 /* 3464 * Peer doesn't grok address option. This is 3465 * bad. XXX Should we better give up here? 3466 */ 3467 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3468 break; 3469#ifdef notyet 3470 case IPV6CP_OPT_COMPRESS: 3471 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3472 break; 3473#endif 3474 } 3475 } 3476 if (debug) 3477 log(-1, "\n"); 3478 free (buf, M_TEMP); 3479 return; 3480} 3481 3482/* 3483 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3484 * negotiation. 3485 */ 3486static void 3487sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3488{ 3489 u_char *buf, *p; 3490 struct ifnet *ifp = &sp->pp_if; 3491 int debug = ifp->if_flags & IFF_DEBUG; 3492 struct in6_addr suggestaddr; 3493 3494 len -= 4; 3495 buf = malloc (len, M_TEMP, M_NOWAIT); 3496 if (!buf) 3497 return; 3498 3499 if (debug) 3500 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3501 SPP_ARGS(ifp)); 3502 3503 p = (void*) (h+1); 3504 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3505 if (debug) 3506 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3507 switch (*p) { 3508 case IPV6CP_OPT_IFID: 3509 /* 3510 * Peer doesn't like our local ifid. See 3511 * if we can do something for him. We'll drop 3512 * him our address then. 3513 */ 3514 if (len < 10 || p[1] != 10) 3515 break; 3516 bzero(&suggestaddr, sizeof(suggestaddr)); 3517 suggestaddr.s6_addr16[0] = htons(0xfe80); 3518 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3519 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3520 3521 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3522 if (debug) 3523 log(-1, " [suggestaddr %s]", 3524 ip6_sprintf(&suggestaddr)); 3525#ifdef IPV6CP_MYIFID_DYN 3526 /* 3527 * When doing dynamic address assignment, 3528 * we accept his offer. 3529 */ 3530 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3531 struct in6_addr lastsuggest; 3532 /* 3533 * If <suggested myaddr from peer> equals to 3534 * <hisaddr we have suggested last time>, 3535 * we have a collision. generate new random 3536 * ifid. 3537 */ 3538 sppp_suggest_ip6_addr(&lastsuggest); 3539 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3540 lastsuggest)) { 3541 if (debug) 3542 log(-1, " [random]"); 3543 sppp_gen_ip6_addr(sp, &suggestaddr); 3544 } 3545 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3546 if (debug) 3547 log(-1, " [agree]"); 3548 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3549 } 3550#else 3551 /* 3552 * Since we do not do dynamic address assignment, 3553 * we ignore it and thus continue to negotiate 3554 * our already existing value. This can possibly 3555 * go into infinite request-reject loop. 3556 * 3557 * This is not likely because we normally use 3558 * ifid based on MAC-address. 3559 * If you have no ethernet card on the node, too bad. 3560 * XXX should we use fail_counter? 3561 */ 3562#endif 3563 break; 3564#ifdef notyet 3565 case IPV6CP_OPT_COMPRESS: 3566 /* 3567 * Peer wants different compression parameters. 3568 */ 3569 break; 3570#endif 3571 } 3572 } 3573 if (debug) 3574 log(-1, "\n"); 3575 free (buf, M_TEMP); 3576 return; 3577} 3578static void 3579sppp_ipv6cp_tlu(struct sppp *sp) 3580{ 3581 /* we are up - notify isdn daemon */ 3582 if (sp->pp_con) 3583 sp->pp_con(sp); 3584} 3585 3586static void 3587sppp_ipv6cp_tld(struct sppp *sp) 3588{ 3589} 3590 3591static void 3592sppp_ipv6cp_tls(struct sppp *sp) 3593{ 3594 /* indicate to LCP that it must stay alive */ 3595 sp->lcp.protos |= (1 << IDX_IPV6CP); 3596} 3597 3598static void 3599sppp_ipv6cp_tlf(struct sppp *sp) 3600{ 3601 3602#if 0 /* need #if 0 to close IPv6CP properly */ 3603 /* we no longer need LCP */ 3604 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3605 sppp_lcp_check_and_close(sp); 3606#endif 3607} 3608 3609static void 3610sppp_ipv6cp_scr(struct sppp *sp) 3611{ 3612 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3613 struct in6_addr ouraddr; 3614 int i = 0; 3615 3616 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3617 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3618 opt[i++] = IPV6CP_OPT_IFID; 3619 opt[i++] = 10; 3620 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3621 i += 8; 3622 } 3623 3624#ifdef notyet 3625 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3626 opt[i++] = IPV6CP_OPT_COMPRESSION; 3627 opt[i++] = 4; 3628 opt[i++] = 0; /* TBD */ 3629 opt[i++] = 0; /* TBD */ 3630 /* variable length data may follow */ 3631 } 3632#endif 3633 3634 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3635 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3636} 3637#else /*INET6*/ 3638static void sppp_ipv6cp_init(struct sppp *sp) 3639{ 3640} 3641 3642static void sppp_ipv6cp_up(struct sppp *sp) 3643{ 3644} 3645 3646static void sppp_ipv6cp_down(struct sppp *sp) 3647{ 3648} 3649 3650 3651static void sppp_ipv6cp_open(struct sppp *sp) 3652{ 3653} 3654 3655static void sppp_ipv6cp_close(struct sppp *sp) 3656{ 3657} 3658 3659static void sppp_ipv6cp_TO(void *sp) 3660{ 3661} 3662 3663static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3664{ 3665 return 0; 3666} 3667 3668static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3669{ 3670} 3671 3672static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3673{ 3674} 3675 3676static void sppp_ipv6cp_tlu(struct sppp *sp) 3677{ 3678} 3679 3680static void sppp_ipv6cp_tld(struct sppp *sp) 3681{ 3682} 3683 3684static void sppp_ipv6cp_tls(struct sppp *sp) 3685{ 3686} 3687 3688static void sppp_ipv6cp_tlf(struct sppp *sp) 3689{ 3690} 3691 3692static void sppp_ipv6cp_scr(struct sppp *sp) 3693{ 3694} 3695#endif /*INET6*/ 3696 3697/* 3698 *--------------------------------------------------------------------------* 3699 * * 3700 * The CHAP implementation. * 3701 * * 3702 *--------------------------------------------------------------------------* 3703 */ 3704 3705/* 3706 * The authentication protocols don't employ a full-fledged state machine as 3707 * the control protocols do, since they do have Open and Close events, but 3708 * not Up and Down, nor are they explicitly terminated. Also, use of the 3709 * authentication protocols may be different in both directions (this makes 3710 * sense, think of a machine that never accepts incoming calls but only 3711 * calls out, it doesn't require the called party to authenticate itself). 3712 * 3713 * Our state machine for the local authentication protocol (we are requesting 3714 * the peer to authenticate) looks like: 3715 * 3716 * RCA- 3717 * +--------------------------------------------+ 3718 * V scn,tld| 3719 * +--------+ Close +---------+ RCA+ 3720 * | |<----------------------------------| |------+ 3721 * +--->| Closed | TO* | Opened | sca | 3722 * | | |-----+ +-------| |<-----+ 3723 * | +--------+ irc | | +---------+ 3724 * | ^ | | ^ 3725 * | | | | | 3726 * | | | | | 3727 * | TO-| | | | 3728 * | |tld TO+ V | | 3729 * | | +------->+ | | 3730 * | | | | | | 3731 * | +--------+ V | | 3732 * | | |<----+<--------------------+ | 3733 * | | Req- | scr | 3734 * | | Sent | | 3735 * | | | | 3736 * | +--------+ | 3737 * | RCA- | | RCA+ | 3738 * +------+ +------------------------------------------+ 3739 * scn,tld sca,irc,ict,tlu 3740 * 3741 * 3742 * with: 3743 * 3744 * Open: LCP reached authentication phase 3745 * Close: LCP reached terminate phase 3746 * 3747 * RCA+: received reply (pap-req, chap-response), acceptable 3748 * RCN: received reply (pap-req, chap-response), not acceptable 3749 * TO+: timeout with restart counter >= 0 3750 * TO-: timeout with restart counter < 0 3751 * TO*: reschedule timeout for CHAP 3752 * 3753 * scr: send request packet (none for PAP, chap-challenge) 3754 * sca: send ack packet (pap-ack, chap-success) 3755 * scn: send nak packet (pap-nak, chap-failure) 3756 * ict: initialize re-challenge timer (CHAP only) 3757 * 3758 * tlu: this-layer-up, LCP reaches network phase 3759 * tld: this-layer-down, LCP enters terminate phase 3760 * 3761 * Note that in CHAP mode, after sending a new challenge, while the state 3762 * automaton falls back into Req-Sent state, it doesn't signal a tld 3763 * event to LCP, so LCP remains in network phase. Only after not getting 3764 * any response (or after getting an unacceptable response), CHAP closes, 3765 * causing LCP to enter terminate phase. 3766 * 3767 * With PAP, there is no initial request that can be sent. The peer is 3768 * expected to send one based on the successful negotiation of PAP as 3769 * the authentication protocol during the LCP option negotiation. 3770 * 3771 * Incoming authentication protocol requests (remote requests 3772 * authentication, we are peer) don't employ a state machine at all, 3773 * they are simply answered. Some peers [Ascend P50 firmware rev 3774 * 4.50] react allergically when sending IPCP requests while they are 3775 * still in authentication phase (thereby violating the standard that 3776 * demands that these NCP packets are to be discarded), so we keep 3777 * track of the peer demanding us to authenticate, and only proceed to 3778 * phase network once we've seen a positive acknowledge for the 3779 * authentication. 3780 */ 3781 3782/* 3783 * Handle incoming CHAP packets. 3784 */ 3785void 3786sppp_chap_input(struct sppp *sp, struct mbuf *m) 3787{ 3788 STDDCL; 3789 struct lcp_header *h; 3790 int len, x; 3791 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3792 int value_len, name_len; 3793 MD5_CTX ctx; 3794 3795 len = m->m_pkthdr.len; 3796 if (len < 4) { 3797 if (debug) 3798 log(LOG_DEBUG, 3799 SPP_FMT "chap invalid packet length: %d bytes\n", 3800 SPP_ARGS(ifp), len); 3801 return; 3802 } 3803 h = mtod (m, struct lcp_header*); 3804 if (len > ntohs (h->len)) 3805 len = ntohs (h->len); 3806 3807 switch (h->type) { 3808 /* challenge, failure and success are his authproto */ 3809 case CHAP_CHALLENGE: 3810 value = 1 + (u_char*)(h+1); 3811 value_len = value[-1]; 3812 name = value + value_len; 3813 name_len = len - value_len - 5; 3814 if (name_len < 0) { 3815 if (debug) { 3816 log(LOG_DEBUG, 3817 SPP_FMT "chap corrupted challenge " 3818 "<%s id=0x%x len=%d", 3819 SPP_ARGS(ifp), 3820 sppp_auth_type_name(PPP_CHAP, h->type), 3821 h->ident, ntohs(h->len)); 3822 sppp_print_bytes((u_char*) (h+1), len-4); 3823 log(-1, ">\n"); 3824 } 3825 break; 3826 } 3827 3828 if (debug) { 3829 log(LOG_DEBUG, 3830 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3831 SPP_ARGS(ifp), 3832 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3833 ntohs(h->len)); 3834 sppp_print_string((char*) name, name_len); 3835 log(-1, " value-size=%d value=", value_len); 3836 sppp_print_bytes(value, value_len); 3837 log(-1, ">\n"); 3838 } 3839 3840 /* Compute reply value. */ 3841 MD5Init(&ctx); 3842 MD5Update(&ctx, &h->ident, 1); 3843 MD5Update(&ctx, sp->myauth.secret, 3844 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3845 MD5Update(&ctx, value, value_len); 3846 MD5Final(digest, &ctx); 3847 dsize = sizeof digest; 3848 3849 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3850 sizeof dsize, (const char *)&dsize, 3851 sizeof digest, digest, 3852 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3853 sp->myauth.name, 3854 0); 3855 break; 3856 3857 case CHAP_SUCCESS: 3858 if (debug) { 3859 log(LOG_DEBUG, SPP_FMT "chap success", 3860 SPP_ARGS(ifp)); 3861 if (len > 4) { 3862 log(-1, ": "); 3863 sppp_print_string((char*)(h + 1), len - 4); 3864 } 3865 log(-1, "\n"); 3866 } 3867 x = splimp(); 3868 sp->pp_flags &= ~PP_NEEDAUTH; 3869 if (sp->myauth.proto == PPP_CHAP && 3870 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3871 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3872 /* 3873 * We are authenticator for CHAP but didn't 3874 * complete yet. Leave it to tlu to proceed 3875 * to network phase. 3876 */ 3877 splx(x); 3878 break; 3879 } 3880 splx(x); 3881 sppp_phase_network(sp); 3882 break; 3883 3884 case CHAP_FAILURE: 3885 if (debug) { 3886 log(LOG_INFO, SPP_FMT "chap failure", 3887 SPP_ARGS(ifp)); 3888 if (len > 4) { 3889 log(-1, ": "); 3890 sppp_print_string((char*)(h + 1), len - 4); 3891 } 3892 log(-1, "\n"); 3893 } else 3894 log(LOG_INFO, SPP_FMT "chap failure\n", 3895 SPP_ARGS(ifp)); 3896 /* await LCP shutdown by authenticator */ 3897 break; 3898 3899 /* response is my authproto */ 3900 case CHAP_RESPONSE: 3901 value = 1 + (u_char*)(h+1); 3902 value_len = value[-1]; 3903 name = value + value_len; 3904 name_len = len - value_len - 5; 3905 if (name_len < 0) { 3906 if (debug) { 3907 log(LOG_DEBUG, 3908 SPP_FMT "chap corrupted response " 3909 "<%s id=0x%x len=%d", 3910 SPP_ARGS(ifp), 3911 sppp_auth_type_name(PPP_CHAP, h->type), 3912 h->ident, ntohs(h->len)); 3913 sppp_print_bytes((u_char*)(h+1), len-4); 3914 log(-1, ">\n"); 3915 } 3916 break; 3917 } 3918 if (h->ident != sp->confid[IDX_CHAP]) { 3919 if (debug) 3920 log(LOG_DEBUG, 3921 SPP_FMT "chap dropping response for old ID " 3922 "(got %d, expected %d)\n", 3923 SPP_ARGS(ifp), 3924 h->ident, sp->confid[IDX_CHAP]); 3925 break; 3926 } 3927 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 3928 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3929 log(LOG_INFO, SPP_FMT "chap response, his name ", 3930 SPP_ARGS(ifp)); 3931 sppp_print_string(name, name_len); 3932 log(-1, " != expected "); 3933 sppp_print_string(sp->hisauth.name, 3934 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 3935 log(-1, "\n"); 3936 } 3937 if (debug) { 3938 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3939 "<%s id=0x%x len=%d name=", 3940 SPP_ARGS(ifp), 3941 sppp_state_name(sp->state[IDX_CHAP]), 3942 sppp_auth_type_name(PPP_CHAP, h->type), 3943 h->ident, ntohs (h->len)); 3944 sppp_print_string((char*)name, name_len); 3945 log(-1, " value-size=%d value=", value_len); 3946 sppp_print_bytes(value, value_len); 3947 log(-1, ">\n"); 3948 } 3949 if (value_len != AUTHKEYLEN) { 3950 if (debug) 3951 log(LOG_DEBUG, 3952 SPP_FMT "chap bad hash value length: " 3953 "%d bytes, should be %d\n", 3954 SPP_ARGS(ifp), value_len, 3955 AUTHKEYLEN); 3956 break; 3957 } 3958 3959 MD5Init(&ctx); 3960 MD5Update(&ctx, &h->ident, 1); 3961 MD5Update(&ctx, sp->hisauth.secret, 3962 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 3963 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 3964 MD5Final(digest, &ctx); 3965 3966#define FAILMSG "Failed..." 3967#define SUCCMSG "Welcome!" 3968 3969 if (value_len != sizeof digest || 3970 bcmp(digest, value, value_len) != 0) { 3971 /* action scn, tld */ 3972 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3973 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3974 0); 3975 chap.tld(sp); 3976 break; 3977 } 3978 /* action sca, perhaps tlu */ 3979 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3980 sp->state[IDX_CHAP] == STATE_OPENED) 3981 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3982 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3983 0); 3984 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3985 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3986 chap.tlu(sp); 3987 } 3988 break; 3989 3990 default: 3991 /* Unknown CHAP packet type -- ignore. */ 3992 if (debug) { 3993 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 3994 "<0x%x id=0x%xh len=%d", 3995 SPP_ARGS(ifp), 3996 sppp_state_name(sp->state[IDX_CHAP]), 3997 h->type, h->ident, ntohs(h->len)); 3998 sppp_print_bytes((u_char*)(h+1), len-4); 3999 log(-1, ">\n"); 4000 } 4001 break; 4002 4003 } 4004} 4005 4006static void 4007sppp_chap_init(struct sppp *sp) 4008{ 4009 /* Chap doesn't have STATE_INITIAL at all. */ 4010 sp->state[IDX_CHAP] = STATE_CLOSED; 4011 sp->fail_counter[IDX_CHAP] = 0; 4012 sp->pp_seq[IDX_CHAP] = 0; 4013 sp->pp_rseq[IDX_CHAP] = 0; 4014#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4015 callout_handle_init(&sp->ch[IDX_CHAP]); 4016#endif 4017} 4018 4019static void 4020sppp_chap_open(struct sppp *sp) 4021{ 4022 if (sp->myauth.proto == PPP_CHAP && 4023 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4024 /* we are authenticator for CHAP, start it */ 4025 chap.scr(sp); 4026 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4027 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4028 } 4029 /* nothing to be done if we are peer, await a challenge */ 4030} 4031 4032static void 4033sppp_chap_close(struct sppp *sp) 4034{ 4035 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4036 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4037} 4038 4039static void 4040sppp_chap_TO(void *cookie) 4041{ 4042 struct sppp *sp = (struct sppp *)cookie; 4043 STDDCL; 4044 int s; 4045 4046 s = splimp(); 4047 if (debug) 4048 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4049 SPP_ARGS(ifp), 4050 sppp_state_name(sp->state[IDX_CHAP]), 4051 sp->rst_counter[IDX_CHAP]); 4052 4053 if (--sp->rst_counter[IDX_CHAP] < 0) 4054 /* TO- event */ 4055 switch (sp->state[IDX_CHAP]) { 4056 case STATE_REQ_SENT: 4057 chap.tld(sp); 4058 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4059 break; 4060 } 4061 else 4062 /* TO+ (or TO*) event */ 4063 switch (sp->state[IDX_CHAP]) { 4064 case STATE_OPENED: 4065 /* TO* event */ 4066 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4067 /* fall through */ 4068 case STATE_REQ_SENT: 4069 chap.scr(sp); 4070 /* sppp_cp_change_state() will restart the timer */ 4071 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4072 break; 4073 } 4074 4075 splx(s); 4076} 4077 4078static void 4079sppp_chap_tlu(struct sppp *sp) 4080{ 4081 STDDCL; 4082 int i, x; 4083 4084 i = 0; 4085 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4086 4087 /* 4088 * Some broken CHAP implementations (Conware CoNet, firmware 4089 * 4.0.?) don't want to re-authenticate their CHAP once the 4090 * initial challenge-response exchange has taken place. 4091 * Provide for an option to avoid rechallenges. 4092 */ 4093 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4094 /* 4095 * Compute the re-challenge timeout. This will yield 4096 * a number between 300 and 810 seconds. 4097 */ 4098 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4099 TIMEOUT(chap.TO, (void *)sp, i * hz, sp->ch[IDX_CHAP]); 4100 } 4101 4102 if (debug) { 4103 log(LOG_DEBUG, 4104 SPP_FMT "chap %s, ", 4105 SPP_ARGS(ifp), 4106 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4107 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4108 log(-1, "next re-challenge in %d seconds\n", i); 4109 else 4110 log(-1, "re-challenging supressed\n"); 4111 } 4112 4113 x = splimp(); 4114 /* indicate to LCP that we need to be closed down */ 4115 sp->lcp.protos |= (1 << IDX_CHAP); 4116 4117 if (sp->pp_flags & PP_NEEDAUTH) { 4118 /* 4119 * Remote is authenticator, but his auth proto didn't 4120 * complete yet. Defer the transition to network 4121 * phase. 4122 */ 4123 splx(x); 4124 return; 4125 } 4126 splx(x); 4127 4128 /* 4129 * If we are already in phase network, we are done here. This 4130 * is the case if this is a dummy tlu event after a re-challenge. 4131 */ 4132 if (sp->pp_phase != PHASE_NETWORK) 4133 sppp_phase_network(sp); 4134} 4135 4136static void 4137sppp_chap_tld(struct sppp *sp) 4138{ 4139 STDDCL; 4140 4141 if (debug) 4142 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4143 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 4144 sp->lcp.protos &= ~(1 << IDX_CHAP); 4145 4146 lcp.Close(sp); 4147} 4148 4149static void 4150sppp_chap_scr(struct sppp *sp) 4151{ 4152 u_long *ch, seed; 4153 u_char clen; 4154 4155 /* Compute random challenge. */ 4156 ch = (u_long *)sp->myauth.challenge; 4157#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4158 read_random(&seed, sizeof seed); 4159#else 4160 { 4161 struct timeval tv; 4162 microtime(&tv); 4163 seed = tv.tv_sec ^ tv.tv_usec; 4164 } 4165#endif 4166 ch[0] = seed ^ random(); 4167 ch[1] = seed ^ random(); 4168 ch[2] = seed ^ random(); 4169 ch[3] = seed ^ random(); 4170 clen = AUTHKEYLEN; 4171 4172 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4173 4174 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4175 sizeof clen, (const char *)&clen, 4176 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4177 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4178 sp->myauth.name, 4179 0); 4180} 4181 4182/* 4183 *--------------------------------------------------------------------------* 4184 * * 4185 * The PAP implementation. * 4186 * * 4187 *--------------------------------------------------------------------------* 4188 */ 4189/* 4190 * For PAP, we need to keep a little state also if we are the peer, not the 4191 * authenticator. This is since we don't get a request to authenticate, but 4192 * have to repeatedly authenticate ourself until we got a response (or the 4193 * retry counter is expired). 4194 */ 4195 4196/* 4197 * Handle incoming PAP packets. */ 4198static void 4199sppp_pap_input(struct sppp *sp, struct mbuf *m) 4200{ 4201 STDDCL; 4202 struct lcp_header *h; 4203 int len, x; 4204 u_char *name, *passwd, mlen; 4205 int name_len, passwd_len; 4206 4207 len = m->m_pkthdr.len; 4208 if (len < 5) { 4209 if (debug) 4210 log(LOG_DEBUG, 4211 SPP_FMT "pap invalid packet length: %d bytes\n", 4212 SPP_ARGS(ifp), len); 4213 return; 4214 } 4215 h = mtod (m, struct lcp_header*); 4216 if (len > ntohs (h->len)) 4217 len = ntohs (h->len); 4218 switch (h->type) { 4219 /* PAP request is my authproto */ 4220 case PAP_REQ: 4221 name = 1 + (u_char*)(h+1); 4222 name_len = name[-1]; 4223 passwd = name + name_len + 1; 4224 if (name_len > len - 6 || 4225 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4226 if (debug) { 4227 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4228 "<%s id=0x%x len=%d", 4229 SPP_ARGS(ifp), 4230 sppp_auth_type_name(PPP_PAP, h->type), 4231 h->ident, ntohs(h->len)); 4232 sppp_print_bytes((u_char*)(h+1), len-4); 4233 log(-1, ">\n"); 4234 } 4235 break; 4236 } 4237 if (debug) { 4238 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4239 "<%s id=0x%x len=%d name=", 4240 SPP_ARGS(ifp), 4241 sppp_state_name(sp->state[IDX_PAP]), 4242 sppp_auth_type_name(PPP_PAP, h->type), 4243 h->ident, ntohs(h->len)); 4244 sppp_print_string((char*)name, name_len); 4245 log(-1, " passwd="); 4246 sppp_print_string((char*)passwd, passwd_len); 4247 log(-1, ">\n"); 4248 } 4249 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4250 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4251 bcmp(name, sp->hisauth.name, name_len) != 0 || 4252 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4253 /* action scn, tld */ 4254 mlen = sizeof(FAILMSG) - 1; 4255 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4256 sizeof mlen, (const char *)&mlen, 4257 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4258 0); 4259 pap.tld(sp); 4260 break; 4261 } 4262 /* action sca, perhaps tlu */ 4263 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4264 sp->state[IDX_PAP] == STATE_OPENED) { 4265 mlen = sizeof(SUCCMSG) - 1; 4266 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4267 sizeof mlen, (const char *)&mlen, 4268 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4269 0); 4270 } 4271 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4272 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4273 pap.tlu(sp); 4274 } 4275 break; 4276 4277 /* ack and nak are his authproto */ 4278 case PAP_ACK: 4279 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4280 if (debug) { 4281 log(LOG_DEBUG, SPP_FMT "pap success", 4282 SPP_ARGS(ifp)); 4283 name_len = *((char *)h); 4284 if (len > 5 && name_len) { 4285 log(-1, ": "); 4286 sppp_print_string((char*)(h+1), name_len); 4287 } 4288 log(-1, "\n"); 4289 } 4290 x = splimp(); 4291 sp->pp_flags &= ~PP_NEEDAUTH; 4292 if (sp->myauth.proto == PPP_PAP && 4293 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4294 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4295 /* 4296 * We are authenticator for PAP but didn't 4297 * complete yet. Leave it to tlu to proceed 4298 * to network phase. 4299 */ 4300 splx(x); 4301 break; 4302 } 4303 splx(x); 4304 sppp_phase_network(sp); 4305 break; 4306 4307 case PAP_NAK: 4308 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4309 if (debug) { 4310 log(LOG_INFO, SPP_FMT "pap failure", 4311 SPP_ARGS(ifp)); 4312 name_len = *((char *)h); 4313 if (len > 5 && name_len) { 4314 log(-1, ": "); 4315 sppp_print_string((char*)(h+1), name_len); 4316 } 4317 log(-1, "\n"); 4318 } else 4319 log(LOG_INFO, SPP_FMT "pap failure\n", 4320 SPP_ARGS(ifp)); 4321 /* await LCP shutdown by authenticator */ 4322 break; 4323 4324 default: 4325 /* Unknown PAP packet type -- ignore. */ 4326 if (debug) { 4327 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4328 "<0x%x id=0x%x len=%d", 4329 SPP_ARGS(ifp), 4330 h->type, h->ident, ntohs(h->len)); 4331 sppp_print_bytes((u_char*)(h+1), len-4); 4332 log(-1, ">\n"); 4333 } 4334 break; 4335 4336 } 4337} 4338 4339static void 4340sppp_pap_init(struct sppp *sp) 4341{ 4342 /* PAP doesn't have STATE_INITIAL at all. */ 4343 sp->state[IDX_PAP] = STATE_CLOSED; 4344 sp->fail_counter[IDX_PAP] = 0; 4345 sp->pp_seq[IDX_PAP] = 0; 4346 sp->pp_rseq[IDX_PAP] = 0; 4347#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4348 callout_handle_init(&sp->ch[IDX_PAP]); 4349 callout_handle_init(&sp->pap_my_to_ch); 4350#endif 4351} 4352 4353static void 4354sppp_pap_open(struct sppp *sp) 4355{ 4356 if (sp->hisauth.proto == PPP_PAP && 4357 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4358 /* we are authenticator for PAP, start our timer */ 4359 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4360 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4361 } 4362 if (sp->myauth.proto == PPP_PAP) { 4363 /* we are peer, send a request, and start a timer */ 4364 pap.scr(sp); 4365 TIMEOUT(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout, 4366 sp->pap_my_to_ch); 4367 } 4368} 4369 4370static void 4371sppp_pap_close(struct sppp *sp) 4372{ 4373 if (sp->state[IDX_PAP] != STATE_CLOSED) 4374 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4375} 4376 4377/* 4378 * That's the timeout routine if we are authenticator. Since the 4379 * authenticator is basically passive in PAP, we can't do much here. 4380 */ 4381static void 4382sppp_pap_TO(void *cookie) 4383{ 4384 struct sppp *sp = (struct sppp *)cookie; 4385 STDDCL; 4386 int s; 4387 4388 s = splimp(); 4389 if (debug) 4390 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4391 SPP_ARGS(ifp), 4392 sppp_state_name(sp->state[IDX_PAP]), 4393 sp->rst_counter[IDX_PAP]); 4394 4395 if (--sp->rst_counter[IDX_PAP] < 0) 4396 /* TO- event */ 4397 switch (sp->state[IDX_PAP]) { 4398 case STATE_REQ_SENT: 4399 pap.tld(sp); 4400 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4401 break; 4402 } 4403 else 4404 /* TO+ event, not very much we could do */ 4405 switch (sp->state[IDX_PAP]) { 4406 case STATE_REQ_SENT: 4407 /* sppp_cp_change_state() will restart the timer */ 4408 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4409 break; 4410 } 4411 4412 splx(s); 4413} 4414 4415/* 4416 * That's the timeout handler if we are peer. Since the peer is active, 4417 * we need to retransmit our PAP request since it is apparently lost. 4418 * XXX We should impose a max counter. 4419 */ 4420static void 4421sppp_pap_my_TO(void *cookie) 4422{ 4423 struct sppp *sp = (struct sppp *)cookie; 4424 STDDCL; 4425 4426 if (debug) 4427 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4428 SPP_ARGS(ifp)); 4429 4430 pap.scr(sp); 4431} 4432 4433static void 4434sppp_pap_tlu(struct sppp *sp) 4435{ 4436 STDDCL; 4437 int x; 4438 4439 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4440 4441 if (debug) 4442 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4443 SPP_ARGS(ifp), pap.name); 4444 4445 x = splimp(); 4446 /* indicate to LCP that we need to be closed down */ 4447 sp->lcp.protos |= (1 << IDX_PAP); 4448 4449 if (sp->pp_flags & PP_NEEDAUTH) { 4450 /* 4451 * Remote is authenticator, but his auth proto didn't 4452 * complete yet. Defer the transition to network 4453 * phase. 4454 */ 4455 splx(x); 4456 return; 4457 } 4458 splx(x); 4459 sppp_phase_network(sp); 4460} 4461 4462static void 4463sppp_pap_tld(struct sppp *sp) 4464{ 4465 STDDCL; 4466 4467 if (debug) 4468 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4469 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 4470 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4471 sp->lcp.protos &= ~(1 << IDX_PAP); 4472 4473 lcp.Close(sp); 4474} 4475 4476static void 4477sppp_pap_scr(struct sppp *sp) 4478{ 4479 u_char idlen, pwdlen; 4480 4481 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4482 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4483 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4484 4485 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4486 sizeof idlen, (const char *)&idlen, 4487 (size_t)idlen, sp->myauth.name, 4488 sizeof pwdlen, (const char *)&pwdlen, 4489 (size_t)pwdlen, sp->myauth.secret, 4490 0); 4491} 4492 4493/* 4494 * Random miscellaneous functions. 4495 */ 4496 4497/* 4498 * Send a PAP or CHAP proto packet. 4499 * 4500 * Varadic function, each of the elements for the ellipsis is of type 4501 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4502 * mlen == 0. 4503 * NOTE: never declare variadic functions with types subject to type 4504 * promotion (i.e. u_char). This is asking for big trouble depending 4505 * on the architecture you are on... 4506 */ 4507 4508static void 4509sppp_auth_send(const struct cp *cp, struct sppp *sp, 4510 unsigned int type, unsigned int id, 4511 ...) 4512{ 4513 STDDCL; 4514 struct ppp_header *h; 4515 struct lcp_header *lh; 4516 struct mbuf *m; 4517 u_char *p; 4518 int len; 4519 unsigned int mlen; 4520 const char *msg; 4521 va_list ap; 4522 4523 MGETHDR (m, M_DONTWAIT, MT_DATA); 4524 if (! m) 4525 return; 4526 m->m_pkthdr.rcvif = 0; 4527 4528 h = mtod (m, struct ppp_header*); 4529 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4530 h->control = PPP_UI; /* Unnumbered Info */ 4531 h->protocol = htons(cp->proto); 4532 4533 lh = (struct lcp_header*)(h + 1); 4534 lh->type = type; 4535 lh->ident = id; 4536 p = (u_char*) (lh+1); 4537 4538 va_start(ap, id); 4539 len = 0; 4540 4541 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4542 msg = va_arg(ap, const char *); 4543 len += mlen; 4544 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4545 va_end(ap); 4546 m_freem(m); 4547 return; 4548 } 4549 4550 bcopy(msg, p, mlen); 4551 p += mlen; 4552 } 4553 va_end(ap); 4554 4555 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4556 lh->len = htons (LCP_HEADER_LEN + len); 4557 4558 if (debug) { 4559 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4560 SPP_ARGS(ifp), cp->name, 4561 sppp_auth_type_name(cp->proto, lh->type), 4562 lh->ident, ntohs(lh->len)); 4563 sppp_print_bytes((u_char*) (lh+1), len); 4564 log(-1, ">\n"); 4565 } 4566 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 4567 ifp->if_oerrors++; 4568} 4569 4570/* 4571 * Flush interface queue. 4572 */ 4573static void 4574sppp_qflush(struct ifqueue *ifq) 4575{ 4576 struct mbuf *m, *n; 4577 4578 n = ifq->ifq_head; 4579 while ((m = n)) { 4580 n = m->m_act; 4581 m_freem (m); 4582 } 4583 ifq->ifq_head = 0; 4584 ifq->ifq_tail = 0; 4585 ifq->ifq_len = 0; 4586} 4587 4588/* 4589 * Send keepalive packets, every 10 seconds. 4590 */ 4591static void 4592sppp_keepalive(void *dummy) 4593{ 4594 struct sppp *sp; 4595 int s; 4596 4597 s = splimp(); 4598 for (sp=spppq; sp; sp=sp->pp_next) { 4599 struct ifnet *ifp = &sp->pp_if; 4600 4601 /* Keepalive mode disabled or channel down? */ 4602 if (! (sp->pp_flags & PP_KEEPALIVE) || 4603 ! (ifp->if_flags & IFF_RUNNING)) 4604 continue; 4605 4606 /* No keepalive in PPP mode if LCP not opened yet. */ 4607 if (sp->pp_mode != IFF_CISCO && 4608 sp->pp_phase < PHASE_AUTHENTICATE) 4609 continue; 4610 4611 if (sp->pp_alivecnt == MAXALIVECNT) { 4612 /* No keepalive packets got. Stop the interface. */ 4613 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4614 if_down (ifp); 4615 sppp_qflush (&sp->pp_cpq); 4616 if (sp->pp_mode != IFF_CISCO) { 4617 /* XXX */ 4618 /* Shut down the PPP link. */ 4619 lcp.Down(sp); 4620 /* Initiate negotiation. XXX */ 4621 lcp.Up(sp); 4622 } 4623 } 4624 if (sp->pp_alivecnt <= MAXALIVECNT) 4625 ++sp->pp_alivecnt; 4626 if (sp->pp_mode == IFF_CISCO) 4627 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4628 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4629 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4630 long nmagic = htonl (sp->lcp.magic); 4631 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4632 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4633 sp->lcp.echoid, 4, &nmagic); 4634 } 4635 } 4636 splx(s); 4637 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 4638} 4639 4640/* 4641 * Get both IP addresses. 4642 */ 4643static void 4644sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4645{ 4646 struct ifnet *ifp = &sp->pp_if; 4647 struct ifaddr *ifa; 4648 struct sockaddr_in *si, *sm; 4649 u_long ssrc, ddst; 4650 4651 sm = NULL; 4652 ssrc = ddst = 0L; 4653 /* 4654 * Pick the first AF_INET address from the list, 4655 * aliases don't make any sense on a p2p link anyway. 4656 */ 4657 si = 0; 4658#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4659 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4660#elif defined(__NetBSD__) || defined (__OpenBSD__) 4661 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4662 ifa; 4663 ifa = TAILQ_NEXT(ifa, ifa_list)) 4664#else 4665 for (ifa = ifp->if_addrlist; 4666 ifa; 4667 ifa = ifa->ifa_next) 4668#endif 4669 if (ifa->ifa_addr->sa_family == AF_INET) { 4670 si = (struct sockaddr_in *)ifa->ifa_addr; 4671 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4672 if (si) 4673 break; 4674 } 4675 if (ifa) { 4676 if (si && si->sin_addr.s_addr) { 4677 ssrc = si->sin_addr.s_addr; 4678 if (srcmask) 4679 *srcmask = ntohl(sm->sin_addr.s_addr); 4680 } 4681 4682 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4683 if (si && si->sin_addr.s_addr) 4684 ddst = si->sin_addr.s_addr; 4685 } 4686 4687 if (dst) *dst = ntohl(ddst); 4688 if (src) *src = ntohl(ssrc); 4689} 4690 4691/* 4692 * Set my IP address. Must be called at splimp. 4693 */ 4694static void 4695sppp_set_ip_addr(struct sppp *sp, u_long src) 4696{ 4697 STDDCL; 4698 struct ifaddr *ifa; 4699 struct sockaddr_in *si; 4700 struct in_ifaddr *ia; 4701 4702 /* 4703 * Pick the first AF_INET address from the list, 4704 * aliases don't make any sense on a p2p link anyway. 4705 */ 4706 si = 0; 4707#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4708 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4709#elif defined(__NetBSD__) || defined (__OpenBSD__) 4710 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4711 ifa; 4712 ifa = TAILQ_NEXT(ifa, ifa_list)) 4713#else 4714 for (ifa = ifp->if_addrlist; 4715 ifa; 4716 ifa = ifa->ifa_next) 4717#endif 4718 { 4719 if (ifa->ifa_addr->sa_family == AF_INET) 4720 { 4721 si = (struct sockaddr_in *)ifa->ifa_addr; 4722 if (si) 4723 break; 4724 } 4725 } 4726 4727 if (ifa && si) 4728 { 4729 int error; 4730#if __NetBSD_Version__ >= 103080000 4731 struct sockaddr_in new_sin = *si; 4732 4733 new_sin.sin_addr.s_addr = htonl(src); 4734 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4735 if(debug && error) 4736 { 4737 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4738 " failed, error=%d\n", SPP_ARGS(ifp), error); 4739 } 4740#else 4741 /* delete old route */ 4742 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4743 if(debug && error) 4744 { 4745 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4746 SPP_ARGS(ifp), error); 4747 } 4748 4749 /* set new address */ 4750 si->sin_addr.s_addr = htonl(src); 4751 ia = ifatoia(ifa); 4752 LIST_REMOVE(ia, ia_hash); 4753 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4754 4755 /* add new route */ 4756 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4757 if (debug && error) 4758 { 4759 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4760 SPP_ARGS(ifp), error); 4761 } 4762#endif 4763 } 4764} 4765 4766#ifdef INET6 4767/* 4768 * Get both IPv6 addresses. 4769 */ 4770static void 4771sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4772 struct in6_addr *srcmask) 4773{ 4774 struct ifnet *ifp = &sp->pp_if; 4775 struct ifaddr *ifa; 4776 struct sockaddr_in6 *si, *sm; 4777 struct in6_addr ssrc, ddst; 4778 4779 sm = NULL; 4780 bzero(&ssrc, sizeof(ssrc)); 4781 bzero(&ddst, sizeof(ddst)); 4782 /* 4783 * Pick the first link-local AF_INET6 address from the list, 4784 * aliases don't make any sense on a p2p link anyway. 4785 */ 4786#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4787 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 4788 ifa; 4789 ifa = ifa->ifa_link.tqe_next) 4790#elif defined(__NetBSD__) || defined (__OpenBSD__) 4791 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 4792 ifa; 4793 ifa = ifa->ifa_list.tqe_next) 4794#else 4795 for (ifa = ifp->if_addrlist, si = 0; 4796 ifa; 4797 ifa = ifa->ifa_next) 4798#endif 4799 if (ifa->ifa_addr->sa_family == AF_INET6) { 4800 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4801 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4802 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4803 break; 4804 } 4805 if (ifa) { 4806 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4807 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4808 if (srcmask) { 4809 bcopy(&sm->sin6_addr, srcmask, 4810 sizeof(*srcmask)); 4811 } 4812 } 4813 4814 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4815 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4816 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4817 } 4818 4819 if (dst) 4820 bcopy(&ddst, dst, sizeof(*dst)); 4821 if (src) 4822 bcopy(&ssrc, src, sizeof(*src)); 4823} 4824 4825#ifdef IPV6CP_MYIFID_DYN 4826/* 4827 * Generate random ifid. 4828 */ 4829static void 4830sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4831{ 4832 /* TBD */ 4833} 4834 4835/* 4836 * Set my IPv6 address. Must be called at splimp. 4837 */ 4838static void 4839sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4840{ 4841 STDDCL; 4842 struct ifaddr *ifa; 4843 struct sockaddr_in6 *sin6; 4844 4845 /* 4846 * Pick the first link-local AF_INET6 address from the list, 4847 * aliases don't make any sense on a p2p link anyway. 4848 */ 4849 4850 sin6 = NULL; 4851#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4852 for (ifa = ifp->if_addrhead.tqh_first; 4853 ifa; 4854 ifa = ifa->ifa_link.tqe_next) 4855#elif defined(__NetBSD__) || defined (__OpenBSD__) 4856 for (ifa = ifp->if_addrlist.tqh_first; 4857 ifa; 4858 ifa = ifa->ifa_list.tqe_next) 4859#else 4860 for (ifa = ifp->if_addrlist; ifa; ifa = ifa->ifa_next) 4861#endif 4862 { 4863 if (ifa->ifa_addr->sa_family == AF_INET6) 4864 { 4865 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 4866 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 4867 break; 4868 } 4869 } 4870 4871 if (ifa && sin6) 4872 { 4873 int error; 4874 struct sockaddr_in6 new_sin6 = *sin6; 4875 4876 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 4877 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 4878 if (debug && error) 4879 { 4880 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 4881 " failed, error=%d\n", SPP_ARGS(ifp), error); 4882 } 4883 } 4884} 4885#endif 4886 4887/* 4888 * Suggest a candidate address to be used by peer. 4889 */ 4890static void 4891sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4892{ 4893 struct in6_addr myaddr; 4894 struct timeval tv; 4895 4896 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4897 4898 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4899 microtime(&tv); 4900 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 4901 myaddr.s6_addr[14] ^= 0xff; 4902 myaddr.s6_addr[15] ^= 0xff; 4903 } else { 4904 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 4905 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 4906 } 4907 if (suggest) 4908 bcopy(&myaddr, suggest, sizeof(myaddr)); 4909} 4910#endif /*INET6*/ 4911 4912static int 4913sppp_params(struct sppp *sp, u_long cmd, void *data) 4914{ 4915 u_long subcmd; 4916 struct ifreq *ifr = (struct ifreq *)data; 4917 struct spppreq spr; 4918 4919 /* 4920 * ifr->ifr_data is supposed to point to a struct spppreq. 4921 * Check the cmd word first before attempting to fetch all the 4922 * data. 4923 */ 4924 if ((subcmd = fuword(ifr->ifr_data)) == -1) 4925 return EFAULT; 4926 4927 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0) 4928 return EFAULT; 4929 4930 switch (subcmd) { 4931 case SPPPIOGDEFS: 4932 if (cmd != SIOCGIFGENERIC) 4933 return EINVAL; 4934 /* 4935 * We copy over the entire current state, but clean 4936 * out some of the stuff we don't wanna pass up. 4937 * Remember, SIOCGIFGENERIC is unprotected, and can be 4938 * called by any user. No need to ever get PAP or 4939 * CHAP secrets back to userland anyway. 4940 */ 4941 bcopy(sp, &spr.defs, sizeof(struct sppp)); 4942 bzero(spr.defs.myauth.secret, AUTHKEYLEN); 4943 bzero(spr.defs.myauth.challenge, AUTHKEYLEN); 4944 bzero(spr.defs.hisauth.secret, AUTHKEYLEN); 4945 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN); 4946 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr); 4947 4948 case SPPPIOSDEFS: 4949 if (cmd != SIOCSIFGENERIC) 4950 return EINVAL; 4951 /* 4952 * We have a very specific idea of which fields we allow 4953 * being passed back from userland, so to not clobber our 4954 * current state. For one, we only allow setting 4955 * anything if LCP is in dead phase. Once the LCP 4956 * negotiations started, the authentication settings must 4957 * not be changed again. (The administrator can force an 4958 * ifconfig down in order to get LCP back into dead 4959 * phase.) 4960 * 4961 * Also, we only allow for authentication parameters to be 4962 * specified. 4963 * 4964 * XXX Should allow to set or clear pp_flags. 4965 * 4966 * Finally, if the respective authentication protocol to 4967 * be used is set differently than 0, but the secret is 4968 * passed as all zeros, we don't trash the existing secret. 4969 * This allows an administrator to change the system name 4970 * only without clobbering the secret (which he didn't get 4971 * back in a previous SPPPIOGDEFS call). However, the 4972 * secrets are cleared if the authentication protocol is 4973 * reset to 0. 4974 */ 4975 if (sp->pp_phase != PHASE_DEAD) 4976 return EBUSY; 4977 4978 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP && 4979 spr.defs.myauth.proto != PPP_CHAP) || 4980 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP && 4981 spr.defs.hisauth.proto != PPP_CHAP)) 4982 return EINVAL; 4983 4984 if (spr.defs.myauth.proto == 0) 4985 /* resetting myauth */ 4986 bzero(&sp->myauth, sizeof sp->myauth); 4987 else { 4988 /* setting/changing myauth */ 4989 sp->myauth.proto = spr.defs.myauth.proto; 4990 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 4991 if (spr.defs.myauth.secret[0] != '\0') 4992 bcopy(spr.defs.myauth.secret, sp->myauth.secret, 4993 AUTHKEYLEN); 4994 } 4995 if (spr.defs.hisauth.proto == 0) 4996 /* resetting hisauth */ 4997 bzero(&sp->hisauth, sizeof sp->hisauth); 4998 else { 4999 /* setting/changing hisauth */ 5000 sp->hisauth.proto = spr.defs.hisauth.proto; 5001 sp->hisauth.flags = spr.defs.hisauth.flags; 5002 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5003 if (spr.defs.hisauth.secret[0] != '\0') 5004 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret, 5005 AUTHKEYLEN); 5006 } 5007 /* set VJ enable flag */ 5008 sp->enable_vj = spr.defs.enable_vj; 5009 break; 5010 5011 default: 5012 return EINVAL; 5013 } 5014 5015 return 0; 5016} 5017 5018static void 5019sppp_phase_network(struct sppp *sp) 5020{ 5021 STDDCL; 5022 int i; 5023 u_long mask; 5024 5025 sp->pp_phase = PHASE_NETWORK; 5026 5027 if (debug) 5028 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5029 sppp_phase_name(sp->pp_phase)); 5030 5031 /* Notify NCPs now. */ 5032 for (i = 0; i < IDX_COUNT; i++) 5033 if ((cps[i])->flags & CP_NCP) 5034 (cps[i])->Open(sp); 5035 5036 /* Send Up events to all NCPs. */ 5037 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5038 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 5039 (cps[i])->Up(sp); 5040 5041 /* if no NCP is starting, all this was in vain, close down */ 5042 sppp_lcp_check_and_close(sp); 5043} 5044 5045 5046static const char * 5047sppp_cp_type_name(u_char type) 5048{ 5049 static char buf[12]; 5050 switch (type) { 5051 case CONF_REQ: return "conf-req"; 5052 case CONF_ACK: return "conf-ack"; 5053 case CONF_NAK: return "conf-nak"; 5054 case CONF_REJ: return "conf-rej"; 5055 case TERM_REQ: return "term-req"; 5056 case TERM_ACK: return "term-ack"; 5057 case CODE_REJ: return "code-rej"; 5058 case PROTO_REJ: return "proto-rej"; 5059 case ECHO_REQ: return "echo-req"; 5060 case ECHO_REPLY: return "echo-reply"; 5061 case DISC_REQ: return "discard-req"; 5062 } 5063 snprintf (buf, sizeof(buf), "cp/0x%x", type); 5064 return buf; 5065} 5066 5067static const char * 5068sppp_auth_type_name(u_short proto, u_char type) 5069{ 5070 static char buf[12]; 5071 switch (proto) { 5072 case PPP_CHAP: 5073 switch (type) { 5074 case CHAP_CHALLENGE: return "challenge"; 5075 case CHAP_RESPONSE: return "response"; 5076 case CHAP_SUCCESS: return "success"; 5077 case CHAP_FAILURE: return "failure"; 5078 } 5079 case PPP_PAP: 5080 switch (type) { 5081 case PAP_REQ: return "req"; 5082 case PAP_ACK: return "ack"; 5083 case PAP_NAK: return "nak"; 5084 } 5085 } 5086 snprintf (buf, sizeof(buf), "auth/0x%x", type); 5087 return buf; 5088} 5089 5090static const char * 5091sppp_lcp_opt_name(u_char opt) 5092{ 5093 static char buf[12]; 5094 switch (opt) { 5095 case LCP_OPT_MRU: return "mru"; 5096 case LCP_OPT_ASYNC_MAP: return "async-map"; 5097 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5098 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5099 case LCP_OPT_MAGIC: return "magic"; 5100 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5101 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5102 } 5103 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 5104 return buf; 5105} 5106 5107static const char * 5108sppp_ipcp_opt_name(u_char opt) 5109{ 5110 static char buf[12]; 5111 switch (opt) { 5112 case IPCP_OPT_ADDRESSES: return "addresses"; 5113 case IPCP_OPT_COMPRESSION: return "compression"; 5114 case IPCP_OPT_ADDRESS: return "address"; 5115 } 5116 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 5117 return buf; 5118} 5119 5120#ifdef INET6 5121static const char * 5122sppp_ipv6cp_opt_name(u_char opt) 5123{ 5124 static char buf[12]; 5125 switch (opt) { 5126 case IPV6CP_OPT_IFID: return "ifid"; 5127 case IPV6CP_OPT_COMPRESSION: return "compression"; 5128 } 5129 sprintf (buf, "0x%x", opt); 5130 return buf; 5131} 5132#endif 5133 5134static const char * 5135sppp_state_name(int state) 5136{ 5137 switch (state) { 5138 case STATE_INITIAL: return "initial"; 5139 case STATE_STARTING: return "starting"; 5140 case STATE_CLOSED: return "closed"; 5141 case STATE_STOPPED: return "stopped"; 5142 case STATE_CLOSING: return "closing"; 5143 case STATE_STOPPING: return "stopping"; 5144 case STATE_REQ_SENT: return "req-sent"; 5145 case STATE_ACK_RCVD: return "ack-rcvd"; 5146 case STATE_ACK_SENT: return "ack-sent"; 5147 case STATE_OPENED: return "opened"; 5148 } 5149 return "illegal"; 5150} 5151 5152static const char * 5153sppp_phase_name(enum ppp_phase phase) 5154{ 5155 switch (phase) { 5156 case PHASE_DEAD: return "dead"; 5157 case PHASE_ESTABLISH: return "establish"; 5158 case PHASE_TERMINATE: return "terminate"; 5159 case PHASE_AUTHENTICATE: return "authenticate"; 5160 case PHASE_NETWORK: return "network"; 5161 } 5162 return "illegal"; 5163} 5164 5165static const char * 5166sppp_proto_name(u_short proto) 5167{ 5168 static char buf[12]; 5169 switch (proto) { 5170 case PPP_LCP: return "lcp"; 5171 case PPP_IPCP: return "ipcp"; 5172 case PPP_PAP: return "pap"; 5173 case PPP_CHAP: return "chap"; 5174 case PPP_IPV6CP: return "ipv6cp"; 5175 } 5176 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5177 return buf; 5178} 5179 5180static void 5181sppp_print_bytes(const u_char *p, u_short len) 5182{ 5183 if (len) 5184 log(-1, " %*D", len, p, "-"); 5185} 5186 5187static void 5188sppp_print_string(const char *p, u_short len) 5189{ 5190 u_char c; 5191 5192 while (len-- > 0) { 5193 c = *p++; 5194 /* 5195 * Print only ASCII chars directly. RFC 1994 recommends 5196 * using only them, but we don't rely on it. */ 5197 if (c < ' ' || c > '~') 5198 log(-1, "\\x%x", c); 5199 else 5200 log(-1, "%c", c); 5201 } 5202} 5203 5204static const char * 5205sppp_dotted_quad(u_long addr) 5206{ 5207 static char s[16]; 5208 sprintf(s, "%d.%d.%d.%d", 5209 (int)((addr >> 24) & 0xff), 5210 (int)((addr >> 16) & 0xff), 5211 (int)((addr >> 8) & 0xff), 5212 (int)(addr & 0xff)); 5213 return s; 5214} 5215 5216static int 5217sppp_strnlen(u_char *p, int max) 5218{ 5219 int len; 5220 5221 for (len = 0; len < max && *p; ++p) 5222 ++len; 5223 return len; 5224} 5225 5226/* a dummy, used to drop uninteresting events */ 5227static void 5228sppp_null(struct sppp *unused) 5229{ 5230 /* do just nothing */ 5231} 5232