if_spppsubr.c revision 111926
1/* 2 * Synchronous PPP/Cisco link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 * 5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6 * Author: Serge Vakulenko, <vak@cronyx.ru> 7 * 8 * Heavily revamped to conform to RFC 1661. 9 * Copyright (C) 1997, 2001 Joerg Wunsch. 10 * 11 * This software is distributed with NO WARRANTIES, not even the implied 12 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13 * 14 * Authors grant any other persons or organisations permission to use 15 * or modify this software as long as this message is kept with the software, 16 * all derivative works or modified versions. 17 * 18 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 19 * 20 * $FreeBSD: head/sys/net/if_spppsubr.c 111926 2003-03-05 19:24:24Z peter $ 21 */ 22 23#include <sys/param.h> 24 25#if defined(__FreeBSD__) && __FreeBSD__ >= 3 26#include "opt_inet.h" 27#include "opt_inet6.h" 28#include "opt_ipx.h" 29#endif 30 31#ifdef NetBSD1_3 32# if NetBSD1_3 > 6 33# include "opt_inet.h" 34# include "opt_inet6.h" 35# include "opt_iso.h" 36# endif 37#endif 38 39#include <sys/systm.h> 40#include <sys/kernel.h> 41#include <sys/module.h> 42#include <sys/sockio.h> 43#include <sys/socket.h> 44#include <sys/syslog.h> 45#if defined(__FreeBSD__) && __FreeBSD__ >= 3 46#include <sys/random.h> 47#endif 48#include <sys/malloc.h> 49#include <sys/mbuf.h> 50 51#if defined (__OpenBSD__) 52#include <sys/md5k.h> 53#else 54#include <sys/md5.h> 55#endif 56 57#include <net/if.h> 58#include <net/netisr.h> 59#include <net/if_types.h> 60#include <net/route.h> 61#include <netinet/in.h> 62#include <netinet/in_systm.h> 63#include <netinet/ip.h> 64#include <net/slcompress.h> 65 66#if defined (__NetBSD__) || defined (__OpenBSD__) 67#include <machine/cpu.h> /* XXX for softnet */ 68#endif 69 70#include <machine/stdarg.h> 71 72#include <netinet/in.h> 73#include <netinet/in_systm.h> 74#include <netinet/in_var.h> 75 76#ifdef INET 77#include <netinet/ip.h> 78#include <netinet/tcp.h> 79#endif 80 81#if defined (__FreeBSD__) || defined (__OpenBSD__) 82# include <netinet/if_ether.h> 83#else 84# include <net/ethertypes.h> 85#endif 86 87#ifdef IPX 88#include <netipx/ipx.h> 89#include <netipx/ipx_if.h> 90#endif 91 92#include <net/if_sppp.h> 93 94#if defined(__FreeBSD__) && __FreeBSD__ >= 3 95# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg, handle) 96# define TIMEOUT(fun, arg1, arg2, handle) handle = timeout(fun, arg1, arg2) 97# define IOCTL_CMD_T u_long 98#else 99# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg) 100# define TIMEOUT(fun, arg1, arg2, handle) timeout(fun, arg1, arg2) 101# define IOCTL_CMD_T int 102#endif 103 104#define MAXALIVECNT 3 /* max. alive packets */ 105 106/* 107 * Interface flags that can be set in an ifconfig command. 108 * 109 * Setting link0 will make the link passive, i.e. it will be marked 110 * as being administrative openable, but won't be opened to begin 111 * with. Incoming calls will be answered, or subsequent calls with 112 * -link1 will cause the administrative open of the LCP layer. 113 * 114 * Setting link1 will cause the link to auto-dial only as packets 115 * arrive to be sent. 116 * 117 * Setting IFF_DEBUG will syslog the option negotiation and state 118 * transitions at level kern.debug. Note: all logs consistently look 119 * like 120 * 121 * <if-name><unit>: <proto-name> <additional info...> 122 * 123 * with <if-name><unit> being something like "bppp0", and <proto-name> 124 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 125 */ 126 127#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 128#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 129#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 130 131#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 132#define PPP_UI 0x03 /* Unnumbered Information */ 133#define PPP_IP 0x0021 /* Internet Protocol */ 134#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 135#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 136#define PPP_IPX 0x002b /* Novell IPX Protocol */ 137#define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */ 138#define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */ 139#define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 140#define PPP_LCP 0xc021 /* Link Control Protocol */ 141#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 142#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 143#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 144#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 145 146#define CONF_REQ 1 /* PPP configure request */ 147#define CONF_ACK 2 /* PPP configure acknowledge */ 148#define CONF_NAK 3 /* PPP configure negative ack */ 149#define CONF_REJ 4 /* PPP configure reject */ 150#define TERM_REQ 5 /* PPP terminate request */ 151#define TERM_ACK 6 /* PPP terminate acknowledge */ 152#define CODE_REJ 7 /* PPP code reject */ 153#define PROTO_REJ 8 /* PPP protocol reject */ 154#define ECHO_REQ 9 /* PPP echo request */ 155#define ECHO_REPLY 10 /* PPP echo reply */ 156#define DISC_REQ 11 /* PPP discard request */ 157 158#define LCP_OPT_MRU 1 /* maximum receive unit */ 159#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 160#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 161#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 162#define LCP_OPT_MAGIC 5 /* magic number */ 163#define LCP_OPT_RESERVED 6 /* reserved */ 164#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 165#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 166 167#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 168#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 169#define IPCP_OPT_ADDRESS 3 /* local IP address */ 170 171#define IPV6CP_OPT_IFID 1 /* interface identifier */ 172#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 173 174#define IPCP_COMP_VJ 0x2d /* Code for VJ compression */ 175 176#define PAP_REQ 1 /* PAP name/password request */ 177#define PAP_ACK 2 /* PAP acknowledge */ 178#define PAP_NAK 3 /* PAP fail */ 179 180#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 181#define CHAP_RESPONSE 2 /* CHAP challenge response */ 182#define CHAP_SUCCESS 3 /* CHAP response ok */ 183#define CHAP_FAILURE 4 /* CHAP response failed */ 184 185#define CHAP_MD5 5 /* hash algorithm - MD5 */ 186 187#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 188#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 189#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 190#define CISCO_ADDR_REQ 0 /* Cisco address request */ 191#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 192#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 193 194/* states are named and numbered according to RFC 1661 */ 195#define STATE_INITIAL 0 196#define STATE_STARTING 1 197#define STATE_CLOSED 2 198#define STATE_STOPPED 3 199#define STATE_CLOSING 4 200#define STATE_STOPPING 5 201#define STATE_REQ_SENT 6 202#define STATE_ACK_RCVD 7 203#define STATE_ACK_SENT 8 204#define STATE_OPENED 9 205 206struct ppp_header { 207 u_char address; 208 u_char control; 209 u_short protocol; 210} __packed; 211#define PPP_HEADER_LEN sizeof (struct ppp_header) 212 213struct lcp_header { 214 u_char type; 215 u_char ident; 216 u_short len; 217} __packed; 218#define LCP_HEADER_LEN sizeof (struct lcp_header) 219 220struct cisco_packet { 221 u_long type; 222 u_long par1; 223 u_long par2; 224 u_short rel; 225 u_short time0; 226 u_short time1; 227} __packed; 228#define CISCO_PACKET_LEN sizeof (struct cisco_packet) 229 230/* 231 * We follow the spelling and capitalization of RFC 1661 here, to make 232 * it easier comparing with the standard. Please refer to this RFC in 233 * case you can't make sense out of these abbreviation; it will also 234 * explain the semantics related to the various events and actions. 235 */ 236struct cp { 237 u_short proto; /* PPP control protocol number */ 238 u_char protoidx; /* index into state table in struct sppp */ 239 u_char flags; 240#define CP_LCP 0x01 /* this is the LCP */ 241#define CP_AUTH 0x02 /* this is an authentication protocol */ 242#define CP_NCP 0x04 /* this is a NCP */ 243#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 244 const char *name; /* name of this control protocol */ 245 /* event handlers */ 246 void (*Up)(struct sppp *sp); 247 void (*Down)(struct sppp *sp); 248 void (*Open)(struct sppp *sp); 249 void (*Close)(struct sppp *sp); 250 void (*TO)(void *sp); 251 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 252 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 253 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 254 /* actions */ 255 void (*tlu)(struct sppp *sp); 256 void (*tld)(struct sppp *sp); 257 void (*tls)(struct sppp *sp); 258 void (*tlf)(struct sppp *sp); 259 void (*scr)(struct sppp *sp); 260}; 261 262static struct sppp *spppq; 263#if defined(__FreeBSD__) && __FreeBSD__ >= 3 264static struct callout_handle keepalive_ch; 265#endif 266 267#if defined(__FreeBSD__) && __FreeBSD__ >= 3 268#define SPP_FMT "%s%d: " 269#define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 270#else 271#define SPP_FMT "%s: " 272#define SPP_ARGS(ifp) (ifp)->if_xname 273#endif 274 275#ifdef INET 276/* 277 * The following disgusting hack gets around the problem that IP TOS 278 * can't be set yet. We want to put "interactive" traffic on a high 279 * priority queue. To decide if traffic is interactive, we check that 280 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 281 * 282 * XXX is this really still necessary? - joerg - 283 */ 284static u_short interactive_ports[8] = { 285 0, 513, 0, 0, 286 0, 21, 0, 23, 287}; 288#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 289#endif 290 291/* almost every function needs these */ 292#define STDDCL \ 293 struct ifnet *ifp = &sp->pp_if; \ 294 int debug = ifp->if_flags & IFF_DEBUG 295 296static int sppp_output(struct ifnet *ifp, struct mbuf *m, 297 struct sockaddr *dst, struct rtentry *rt); 298 299static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 300static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 301 302static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 303 struct mbuf *m); 304static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 305 u_char ident, u_short len, void *data); 306/* static void sppp_cp_timeout(void *arg); */ 307static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 308 int newstate); 309static void sppp_auth_send(const struct cp *cp, 310 struct sppp *sp, unsigned int type, unsigned int id, 311 ...); 312 313static void sppp_up_event(const struct cp *cp, struct sppp *sp); 314static void sppp_down_event(const struct cp *cp, struct sppp *sp); 315static void sppp_open_event(const struct cp *cp, struct sppp *sp); 316static void sppp_close_event(const struct cp *cp, struct sppp *sp); 317static void sppp_to_event(const struct cp *cp, struct sppp *sp); 318 319static void sppp_null(struct sppp *sp); 320 321static void sppp_lcp_init(struct sppp *sp); 322static void sppp_lcp_up(struct sppp *sp); 323static void sppp_lcp_down(struct sppp *sp); 324static void sppp_lcp_open(struct sppp *sp); 325static void sppp_lcp_close(struct sppp *sp); 326static void sppp_lcp_TO(void *sp); 327static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 328static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 329static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 330static void sppp_lcp_tlu(struct sppp *sp); 331static void sppp_lcp_tld(struct sppp *sp); 332static void sppp_lcp_tls(struct sppp *sp); 333static void sppp_lcp_tlf(struct sppp *sp); 334static void sppp_lcp_scr(struct sppp *sp); 335static void sppp_lcp_check_and_close(struct sppp *sp); 336static int sppp_ncp_check(struct sppp *sp); 337 338static void sppp_ipcp_init(struct sppp *sp); 339static void sppp_ipcp_up(struct sppp *sp); 340static void sppp_ipcp_down(struct sppp *sp); 341static void sppp_ipcp_open(struct sppp *sp); 342static void sppp_ipcp_close(struct sppp *sp); 343static void sppp_ipcp_TO(void *sp); 344static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 345static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 346static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 347static void sppp_ipcp_tlu(struct sppp *sp); 348static void sppp_ipcp_tld(struct sppp *sp); 349static void sppp_ipcp_tls(struct sppp *sp); 350static void sppp_ipcp_tlf(struct sppp *sp); 351static void sppp_ipcp_scr(struct sppp *sp); 352 353static void sppp_ipv6cp_init(struct sppp *sp); 354static void sppp_ipv6cp_up(struct sppp *sp); 355static void sppp_ipv6cp_down(struct sppp *sp); 356static void sppp_ipv6cp_open(struct sppp *sp); 357static void sppp_ipv6cp_close(struct sppp *sp); 358static void sppp_ipv6cp_TO(void *sp); 359static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 360static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 361static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 362static void sppp_ipv6cp_tlu(struct sppp *sp); 363static void sppp_ipv6cp_tld(struct sppp *sp); 364static void sppp_ipv6cp_tls(struct sppp *sp); 365static void sppp_ipv6cp_tlf(struct sppp *sp); 366static void sppp_ipv6cp_scr(struct sppp *sp); 367 368static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 369static void sppp_pap_init(struct sppp *sp); 370static void sppp_pap_open(struct sppp *sp); 371static void sppp_pap_close(struct sppp *sp); 372static void sppp_pap_TO(void *sp); 373static void sppp_pap_my_TO(void *sp); 374static void sppp_pap_tlu(struct sppp *sp); 375static void sppp_pap_tld(struct sppp *sp); 376static void sppp_pap_scr(struct sppp *sp); 377 378static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 379static void sppp_chap_init(struct sppp *sp); 380static void sppp_chap_open(struct sppp *sp); 381static void sppp_chap_close(struct sppp *sp); 382static void sppp_chap_TO(void *sp); 383static void sppp_chap_tlu(struct sppp *sp); 384static void sppp_chap_tld(struct sppp *sp); 385static void sppp_chap_scr(struct sppp *sp); 386 387static const char *sppp_auth_type_name(u_short proto, u_char type); 388static const char *sppp_cp_type_name(u_char type); 389static const char *sppp_dotted_quad(u_long addr); 390static const char *sppp_ipcp_opt_name(u_char opt); 391#ifdef INET6 392static const char *sppp_ipv6cp_opt_name(u_char opt); 393#endif 394static const char *sppp_lcp_opt_name(u_char opt); 395static const char *sppp_phase_name(enum ppp_phase phase); 396static const char *sppp_proto_name(u_short proto); 397static const char *sppp_state_name(int state); 398static int sppp_params(struct sppp *sp, u_long cmd, void *data); 399static int sppp_strnlen(u_char *p, int max); 400static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 401 u_long *srcmask); 402static void sppp_keepalive(void *dummy); 403static void sppp_phase_network(struct sppp *sp); 404static void sppp_print_bytes(const u_char *p, u_short len); 405static void sppp_print_string(const char *p, u_short len); 406static void sppp_qflush(struct ifqueue *ifq); 407static void sppp_set_ip_addr(struct sppp *sp, u_long src); 408#ifdef INET6 409static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 410 struct in6_addr *dst, struct in6_addr *srcmask); 411#ifdef IPV6CP_MYIFID_DYN 412static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 413static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 414#endif 415static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 416#endif 417 418/* our control protocol descriptors */ 419static const struct cp lcp = { 420 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 421 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 422 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 423 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 424 sppp_lcp_scr 425}; 426 427static const struct cp ipcp = { 428 PPP_IPCP, IDX_IPCP, 429#ifdef INET /* don't run IPCP if there's no IPv4 support */ 430 CP_NCP, 431#else 432 0, 433#endif 434 "ipcp", 435 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 436 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 437 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 438 sppp_ipcp_scr 439}; 440 441static const struct cp ipv6cp = { 442 PPP_IPV6CP, IDX_IPV6CP, 443#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 444 CP_NCP, 445#else 446 0, 447#endif 448 "ipv6cp", 449 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 450 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 451 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 452 sppp_ipv6cp_scr 453}; 454 455static const struct cp pap = { 456 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 457 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 458 sppp_pap_TO, 0, 0, 0, 459 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 460 sppp_pap_scr 461}; 462 463static const struct cp chap = { 464 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 465 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 466 sppp_chap_TO, 0, 0, 0, 467 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 468 sppp_chap_scr 469}; 470 471static const struct cp *cps[IDX_COUNT] = { 472 &lcp, /* IDX_LCP */ 473 &ipcp, /* IDX_IPCP */ 474 &ipv6cp, /* IDX_IPV6CP */ 475 &pap, /* IDX_PAP */ 476 &chap, /* IDX_CHAP */ 477}; 478 479static int 480sppp_modevent(module_t mod, int type, void *unused) 481{ 482 switch (type) { 483 case MOD_LOAD: 484 break; 485 case MOD_UNLOAD: 486 return EACCES; 487 break; 488 default: 489 break; 490 } 491 return 0; 492} 493static moduledata_t spppmod = { 494 "sppp", 495 sppp_modevent, 496 0 497}; 498MODULE_VERSION(sppp, 1); 499DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 500 501/* 502 * Exported functions, comprising our interface to the lower layer. 503 */ 504 505/* 506 * Process the received packet. 507 */ 508void 509sppp_input(struct ifnet *ifp, struct mbuf *m) 510{ 511 struct ppp_header *h; 512 int isr = -1; 513 struct sppp *sp = (struct sppp *)ifp; 514 u_char *iphdr; 515 int hlen, vjlen, do_account = 0; 516 int debug = ifp->if_flags & IFF_DEBUG; 517 518 if (ifp->if_flags & IFF_UP) 519 /* Count received bytes, add FCS and one flag */ 520 ifp->if_ibytes += m->m_pkthdr.len + 3; 521 522 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 523 /* Too small packet, drop it. */ 524 if (debug) 525 log(LOG_DEBUG, 526 SPP_FMT "input packet is too small, %d bytes\n", 527 SPP_ARGS(ifp), m->m_pkthdr.len); 528 drop: 529 m_freem (m); 530 drop2: 531 ++ifp->if_ierrors; 532 ++ifp->if_iqdrops; 533 return; 534 } 535 536 /* Get PPP header. */ 537 h = mtod (m, struct ppp_header*); 538 m_adj (m, PPP_HEADER_LEN); 539 540 switch (h->address) { 541 case PPP_ALLSTATIONS: 542 if (h->control != PPP_UI) 543 goto invalid; 544 if (sp->pp_mode == IFF_CISCO) { 545 if (debug) 546 log(LOG_DEBUG, 547 SPP_FMT "PPP packet in Cisco mode " 548 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 549 SPP_ARGS(ifp), 550 h->address, h->control, ntohs(h->protocol)); 551 goto drop; 552 } 553 switch (ntohs (h->protocol)) { 554 default: 555 if (debug) 556 log(LOG_DEBUG, 557 SPP_FMT "rejecting protocol " 558 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 559 SPP_ARGS(ifp), 560 h->address, h->control, ntohs(h->protocol)); 561 if (sp->state[IDX_LCP] == STATE_OPENED) 562 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 563 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 564 &h->protocol); 565 ++ifp->if_noproto; 566 goto drop; 567 case PPP_LCP: 568 sppp_cp_input(&lcp, sp, m); 569 m_freem (m); 570 return; 571 case PPP_PAP: 572 if (sp->pp_phase >= PHASE_AUTHENTICATE) 573 sppp_pap_input(sp, m); 574 m_freem (m); 575 return; 576 case PPP_CHAP: 577 if (sp->pp_phase >= PHASE_AUTHENTICATE) 578 sppp_chap_input(sp, m); 579 m_freem (m); 580 return; 581#ifdef INET 582 case PPP_IPCP: 583 if (sp->pp_phase == PHASE_NETWORK) 584 sppp_cp_input(&ipcp, sp, m); 585 m_freem (m); 586 return; 587 case PPP_IP: 588 if (sp->state[IDX_IPCP] == STATE_OPENED) { 589 isr = NETISR_IP; 590 } 591 do_account++; 592 break; 593 case PPP_VJ_COMP: 594 if (sp->state[IDX_IPCP] == STATE_OPENED) { 595 if ((vjlen = 596 sl_uncompress_tcp_core(mtod(m, u_char *), 597 m->m_len, m->m_len, 598 TYPE_COMPRESSED_TCP, 599 sp->pp_comp, 600 &iphdr, &hlen)) <= 0) { 601 if (debug) 602 log(LOG_INFO, 603 SPP_FMT "VJ uncompress failed on compressed packet\n", 604 SPP_ARGS(ifp)); 605 goto drop; 606 } 607 608 /* 609 * Trim the VJ header off the packet, and prepend 610 * the uncompressed IP header (which will usually 611 * end up in two chained mbufs since there's not 612 * enough leading space in the existing mbuf). 613 */ 614 m_adj(m, vjlen); 615 M_PREPEND(m, hlen, M_DONTWAIT); 616 if (m == NULL) 617 goto drop2; 618 bcopy(iphdr, mtod(m, u_char *), hlen); 619 isr = NETISR_IP; 620 } 621 do_account++; 622 break; 623 case PPP_VJ_UCOMP: 624 if (sp->state[IDX_IPCP] == STATE_OPENED) { 625 if (sl_uncompress_tcp_core(mtod(m, u_char *), 626 m->m_len, m->m_len, 627 TYPE_UNCOMPRESSED_TCP, 628 sp->pp_comp, 629 &iphdr, &hlen) != 0) { 630 if (debug) 631 log(LOG_INFO, 632 SPP_FMT "VJ uncompress failed on uncompressed packet\n", 633 SPP_ARGS(ifp)); 634 goto drop; 635 } 636 isr = NETISR_IP; 637 } 638 do_account++; 639 break; 640#endif 641#ifdef INET6 642 case PPP_IPV6CP: 643 if (sp->pp_phase == PHASE_NETWORK) 644 sppp_cp_input(&ipv6cp, sp, m); 645 m_freem (m); 646 return; 647 648 case PPP_IPV6: 649 if (sp->state[IDX_IPV6CP] == STATE_OPENED) 650 isr = NETISR_IPV6; 651 do_account++; 652 break; 653#endif 654#ifdef IPX 655 case PPP_IPX: 656 /* IPX IPXCP not implemented yet */ 657 if (sp->pp_phase == PHASE_NETWORK) 658 isr = NETISR_IPX; 659 do_account++; 660 break; 661#endif 662 } 663 break; 664 case CISCO_MULTICAST: 665 case CISCO_UNICAST: 666 /* Don't check the control field here (RFC 1547). */ 667 if (sp->pp_mode != IFF_CISCO) { 668 if (debug) 669 log(LOG_DEBUG, 670 SPP_FMT "Cisco packet in PPP mode " 671 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 672 SPP_ARGS(ifp), 673 h->address, h->control, ntohs(h->protocol)); 674 goto drop; 675 } 676 switch (ntohs (h->protocol)) { 677 default: 678 ++ifp->if_noproto; 679 goto invalid; 680 case CISCO_KEEPALIVE: 681 sppp_cisco_input ((struct sppp*) ifp, m); 682 m_freem (m); 683 return; 684#ifdef INET 685 case ETHERTYPE_IP: 686 isr = NETISR_IP; 687 do_account++; 688 break; 689#endif 690#ifdef INET6 691 case ETHERTYPE_IPV6: 692 isr = NETISR_IPV6; 693 do_account++; 694 break; 695#endif 696#ifdef IPX 697 case ETHERTYPE_IPX: 698 isr = NETISR_IPX; 699 do_account++; 700 break; 701#endif 702 } 703 break; 704 default: /* Invalid PPP packet. */ 705 invalid: 706 if (debug) 707 log(LOG_DEBUG, 708 SPP_FMT "invalid input packet " 709 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 710 SPP_ARGS(ifp), 711 h->address, h->control, ntohs(h->protocol)); 712 goto drop; 713 } 714 715 if (! (ifp->if_flags & IFF_UP) || isr == -1) 716 goto drop; 717 718 /* Check queue. */ 719 if (! netisr_queue(isr, m)) { 720 if (debug) 721 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 722 SPP_ARGS(ifp)); 723 goto drop; 724 } 725 if (do_account) 726 /* 727 * Do only account for network packets, not for control 728 * packets. This is used by some subsystems to detect 729 * idle lines. 730 */ 731 sp->pp_last_recv = time_second; 732} 733 734/* 735 * Enqueue transmit packet. 736 */ 737static int 738sppp_output(struct ifnet *ifp, struct mbuf *m, 739 struct sockaddr *dst, struct rtentry *rt) 740{ 741 struct sppp *sp = (struct sppp*) ifp; 742 struct ppp_header *h; 743 struct ifqueue *ifq = NULL; 744 int s, rv = 0; 745 int ipproto = PPP_IP; 746 int debug = ifp->if_flags & IFF_DEBUG; 747 748 s = splimp(); 749 750 if ((ifp->if_flags & IFF_UP) == 0 || 751 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 752#ifdef INET6 753 drop: 754#endif 755 m_freem (m); 756 splx (s); 757 return (ENETDOWN); 758 } 759 760 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 761#ifdef INET6 762 /* 763 * XXX 764 * 765 * Hack to prevent the initialization-time generated 766 * IPv6 multicast packet to erroneously cause a 767 * dialout event in case IPv6 has been 768 * administratively disabled on that interface. 769 */ 770 if (dst->sa_family == AF_INET6 && 771 !(sp->confflags & CONF_ENABLE_IPV6)) 772 goto drop; 773#endif 774 /* 775 * Interface is not yet running, but auto-dial. Need 776 * to start LCP for it. 777 */ 778 ifp->if_flags |= IFF_RUNNING; 779 splx(s); 780 lcp.Open(sp); 781 s = splimp(); 782 } 783 784 ifq = &ifp->if_snd; 785#ifdef INET 786 if (dst->sa_family == AF_INET) { 787 /* XXX Check mbuf length here? */ 788 struct ip *ip = mtod (m, struct ip*); 789 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 790 791 /* 792 * When using dynamic local IP address assignment by using 793 * 0.0.0.0 as a local address, the first TCP session will 794 * not connect because the local TCP checksum is computed 795 * using 0.0.0.0 which will later become our real IP address 796 * so the TCP checksum computed at the remote end will 797 * become invalid. So we 798 * - don't let packets with src ip addr 0 thru 799 * - we flag TCP packets with src ip 0 as an error 800 */ 801 802 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 803 { 804 m_freem(m); 805 splx(s); 806 if(ip->ip_p == IPPROTO_TCP) 807 return(EADDRNOTAVAIL); 808 else 809 return(0); 810 } 811 812 /* 813 * Put low delay, telnet, rlogin and ftp control packets 814 * in front of the queue. 815 */ 816 if (_IF_QFULL(&sp->pp_fastq)) 817 ; 818 else if (ip->ip_tos & IPTOS_LOWDELAY) 819 ifq = &sp->pp_fastq; 820 else if (m->m_len < sizeof *ip + sizeof *tcp) 821 ; 822 else if (ip->ip_p != IPPROTO_TCP) 823 ; 824 else if (INTERACTIVE (ntohs (tcp->th_sport))) 825 ifq = &sp->pp_fastq; 826 else if (INTERACTIVE (ntohs (tcp->th_dport))) 827 ifq = &sp->pp_fastq; 828 829 /* 830 * Do IP Header compression 831 */ 832 if (sp->pp_mode != IFF_CISCO && (sp->ipcp.flags & IPCP_VJ) && 833 ip->ip_p == IPPROTO_TCP) 834 switch (sl_compress_tcp(m, ip, sp->pp_comp, 835 sp->ipcp.compress_cid)) { 836 case TYPE_COMPRESSED_TCP: 837 ipproto = PPP_VJ_COMP; 838 break; 839 case TYPE_UNCOMPRESSED_TCP: 840 ipproto = PPP_VJ_UCOMP; 841 break; 842 case TYPE_IP: 843 ipproto = PPP_IP; 844 break; 845 default: 846 m_freem(m); 847 splx(s); 848 return (EINVAL); 849 } 850 } 851#endif 852 853#ifdef INET6 854 if (dst->sa_family == AF_INET6) { 855 /* XXX do something tricky here? */ 856 } 857#endif 858 859 /* 860 * Prepend general data packet PPP header. For now, IP only. 861 */ 862 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 863 if (! m) { 864 if (debug) 865 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 866 SPP_ARGS(ifp)); 867 ++ifp->if_oerrors; 868 splx (s); 869 return (ENOBUFS); 870 } 871 /* 872 * May want to check size of packet 873 * (albeit due to the implementation it's always enough) 874 */ 875 h = mtod (m, struct ppp_header*); 876 if (sp->pp_mode == IFF_CISCO) { 877 h->address = CISCO_UNICAST; /* unicast address */ 878 h->control = 0; 879 } else { 880 h->address = PPP_ALLSTATIONS; /* broadcast address */ 881 h->control = PPP_UI; /* Unnumbered Info */ 882 } 883 884 switch (dst->sa_family) { 885#ifdef INET 886 case AF_INET: /* Internet Protocol */ 887 if (sp->pp_mode == IFF_CISCO) 888 h->protocol = htons (ETHERTYPE_IP); 889 else { 890 /* 891 * Don't choke with an ENETDOWN early. It's 892 * possible that we just started dialing out, 893 * so don't drop the packet immediately. If 894 * we notice that we run out of buffer space 895 * below, we will however remember that we are 896 * not ready to carry IP packets, and return 897 * ENETDOWN, as opposed to ENOBUFS. 898 */ 899 h->protocol = htons(ipproto); 900 if (sp->state[IDX_IPCP] != STATE_OPENED) 901 rv = ENETDOWN; 902 } 903 break; 904#endif 905#ifdef INET6 906 case AF_INET6: /* Internet Protocol */ 907 if (sp->pp_mode == IFF_CISCO) 908 h->protocol = htons (ETHERTYPE_IPV6); 909 else { 910 /* 911 * Don't choke with an ENETDOWN early. It's 912 * possible that we just started dialing out, 913 * so don't drop the packet immediately. If 914 * we notice that we run out of buffer space 915 * below, we will however remember that we are 916 * not ready to carry IP packets, and return 917 * ENETDOWN, as opposed to ENOBUFS. 918 */ 919 h->protocol = htons(PPP_IPV6); 920 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 921 rv = ENETDOWN; 922 } 923 break; 924#endif 925#ifdef IPX 926 case AF_IPX: /* Novell IPX Protocol */ 927 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 928 ETHERTYPE_IPX : PPP_IPX); 929 break; 930#endif 931 default: 932 m_freem (m); 933 ++ifp->if_oerrors; 934 splx (s); 935 return (EAFNOSUPPORT); 936 } 937 938 /* 939 * Queue message on interface, and start output if interface 940 * not yet active. 941 */ 942 if (! IF_HANDOFF_ADJ(ifq, m, ifp, 3)) { 943 ++ifp->if_oerrors; 944 splx (s); 945 return (rv? rv: ENOBUFS); 946 } 947 splx (s); 948 /* 949 * Unlike in sppp_input(), we can always bump the timestamp 950 * here since sppp_output() is only called on behalf of 951 * network-layer traffic; control-layer traffic is handled 952 * by sppp_cp_send(). 953 */ 954 sp->pp_last_sent = time_second; 955 return (0); 956} 957 958void 959sppp_attach(struct ifnet *ifp) 960{ 961 struct sppp *sp = (struct sppp*) ifp; 962 963 /* Initialize keepalive handler. */ 964 if (! spppq) 965 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 966 967 /* Insert new entry into the keepalive list. */ 968 sp->pp_next = spppq; 969 spppq = sp; 970 971 sp->pp_if.if_mtu = PP_MTU; 972 sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 973 sp->pp_if.if_type = IFT_PPP; 974 sp->pp_if.if_output = sppp_output; 975#if 0 976 sp->pp_flags = PP_KEEPALIVE; 977#endif 978 sp->pp_if.if_snd.ifq_maxlen = 32; 979 sp->pp_fastq.ifq_maxlen = 32; 980 sp->pp_cpq.ifq_maxlen = 20; 981 sp->pp_loopcnt = 0; 982 sp->pp_alivecnt = 0; 983 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 984 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 985 sp->pp_phase = PHASE_DEAD; 986 sp->pp_up = lcp.Up; 987 sp->pp_down = lcp.Down; 988 if(!mtx_initialized(&sp->pp_cpq.ifq_mtx)) 989 mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", NULL, MTX_DEF); 990 if(!mtx_initialized(&sp->pp_fastq.ifq_mtx)) 991 mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", NULL, MTX_DEF); 992 sp->pp_last_recv = sp->pp_last_sent = time_second; 993 sp->confflags = 0; 994#ifdef INET 995 sp->confflags |= CONF_ENABLE_VJ; 996#endif 997#ifdef INET6 998 sp->confflags |= CONF_ENABLE_IPV6; 999#endif 1000 sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAIT); 1001 sl_compress_init(sp->pp_comp, -1); 1002 sppp_lcp_init(sp); 1003 sppp_ipcp_init(sp); 1004 sppp_ipv6cp_init(sp); 1005 sppp_pap_init(sp); 1006 sppp_chap_init(sp); 1007} 1008 1009void 1010sppp_detach(struct ifnet *ifp) 1011{ 1012 struct sppp **q, *p, *sp = (struct sppp*) ifp; 1013 int i; 1014 1015 /* Remove the entry from the keepalive list. */ 1016 for (q = &spppq; (p = *q); q = &p->pp_next) 1017 if (p == sp) { 1018 *q = p->pp_next; 1019 break; 1020 } 1021 1022 /* Stop keepalive handler. */ 1023 if (! spppq) 1024 UNTIMEOUT(sppp_keepalive, 0, keepalive_ch); 1025 1026 for (i = 0; i < IDX_COUNT; i++) 1027 UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]); 1028 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 1029 mtx_destroy(&sp->pp_cpq.ifq_mtx); 1030 mtx_destroy(&sp->pp_fastq.ifq_mtx); 1031} 1032 1033/* 1034 * Flush the interface output queue. 1035 */ 1036void 1037sppp_flush(struct ifnet *ifp) 1038{ 1039 struct sppp *sp = (struct sppp*) ifp; 1040 1041 sppp_qflush (&sp->pp_if.if_snd); 1042 sppp_qflush (&sp->pp_fastq); 1043 sppp_qflush (&sp->pp_cpq); 1044} 1045 1046/* 1047 * Check if the output queue is empty. 1048 */ 1049int 1050sppp_isempty(struct ifnet *ifp) 1051{ 1052 struct sppp *sp = (struct sppp*) ifp; 1053 int empty, s; 1054 1055 s = splimp(); 1056 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 1057 !sp->pp_if.if_snd.ifq_head; 1058 splx(s); 1059 return (empty); 1060} 1061 1062/* 1063 * Get next packet to send. 1064 */ 1065struct mbuf * 1066sppp_dequeue(struct ifnet *ifp) 1067{ 1068 struct sppp *sp = (struct sppp*) ifp; 1069 struct mbuf *m; 1070 int s; 1071 1072 s = splimp(); 1073 /* 1074 * Process only the control protocol queue until we have at 1075 * least one NCP open. 1076 * 1077 * Do always serve all three queues in Cisco mode. 1078 */ 1079 IF_DEQUEUE(&sp->pp_cpq, m); 1080 if (m == NULL && 1081 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO)) { 1082 IF_DEQUEUE(&sp->pp_fastq, m); 1083 if (m == NULL) 1084 IF_DEQUEUE (&sp->pp_if.if_snd, m); 1085 } 1086 splx(s); 1087 return m; 1088} 1089 1090/* 1091 * Pick the next packet, do not remove it from the queue. 1092 */ 1093struct mbuf * 1094sppp_pick(struct ifnet *ifp) 1095{ 1096 struct sppp *sp = (struct sppp*)ifp; 1097 struct mbuf *m; 1098 int s; 1099 1100 s= splimp (); 1101 1102 m = sp->pp_cpq.ifq_head; 1103 if (m == NULL && 1104 (sp->pp_phase == PHASE_NETWORK || sp->pp_mode == IFF_CISCO)) 1105 if ((m = sp->pp_fastq.ifq_head) == NULL) 1106 m = sp->pp_if.if_snd.ifq_head; 1107 splx (s); 1108 return (m); 1109} 1110 1111/* 1112 * Process an ioctl request. Called on low priority level. 1113 */ 1114int 1115sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1116{ 1117 struct ifreq *ifr = (struct ifreq*) data; 1118 struct sppp *sp = (struct sppp*) ifp; 1119 int s, rv, going_up, going_down, newmode; 1120 1121 s = splimp(); 1122 rv = 0; 1123 switch (cmd) { 1124 case SIOCAIFADDR: 1125 case SIOCSIFDSTADDR: 1126 break; 1127 1128 case SIOCSIFADDR: 1129 /* set the interface "up" when assigning an IP address */ 1130 ifp->if_flags |= IFF_UP; 1131 /* FALLTHROUGH */ 1132 1133 case SIOCSIFFLAGS: 1134 going_up = ifp->if_flags & IFF_UP && 1135 (ifp->if_flags & IFF_RUNNING) == 0; 1136 going_down = (ifp->if_flags & IFF_UP) == 0 && 1137 ifp->if_flags & IFF_RUNNING; 1138 1139 newmode = ifp->if_flags & IFF_PASSIVE; 1140 if (!newmode) 1141 newmode = ifp->if_flags & IFF_AUTO; 1142 if (!newmode) 1143 newmode = ifp->if_flags & IFF_CISCO; 1144 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1145 ifp->if_flags |= newmode; 1146 1147 if (newmode != sp->pp_mode) { 1148 going_down = 1; 1149 if (!going_up) 1150 going_up = ifp->if_flags & IFF_RUNNING; 1151 } 1152 1153 if (going_down) { 1154 if (sp->pp_mode != IFF_CISCO) 1155 lcp.Close(sp); 1156 else if (sp->pp_tlf) 1157 (sp->pp_tlf)(sp); 1158 sppp_flush(ifp); 1159 ifp->if_flags &= ~IFF_RUNNING; 1160 sp->pp_mode = newmode; 1161 } 1162 1163 if (going_up) { 1164 if (sp->pp_mode != IFF_CISCO) 1165 lcp.Close(sp); 1166 sp->pp_mode = newmode; 1167 if (sp->pp_mode == 0) { 1168 ifp->if_flags |= IFF_RUNNING; 1169 lcp.Open(sp); 1170 } 1171 if (sp->pp_mode == IFF_CISCO) { 1172 if (sp->pp_tls) 1173 (sp->pp_tls)(sp); 1174 ifp->if_flags |= IFF_RUNNING; 1175 } 1176 } 1177 1178 break; 1179 1180#ifdef SIOCSIFMTU 1181#ifndef ifr_mtu 1182#define ifr_mtu ifr_metric 1183#endif 1184 case SIOCSIFMTU: 1185 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1186 return (EINVAL); 1187 ifp->if_mtu = ifr->ifr_mtu; 1188 break; 1189#endif 1190#ifdef SLIOCSETMTU 1191 case SLIOCSETMTU: 1192 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1193 return (EINVAL); 1194 ifp->if_mtu = *(short*)data; 1195 break; 1196#endif 1197#ifdef SIOCGIFMTU 1198 case SIOCGIFMTU: 1199 ifr->ifr_mtu = ifp->if_mtu; 1200 break; 1201#endif 1202#ifdef SLIOCGETMTU 1203 case SLIOCGETMTU: 1204 *(short*)data = ifp->if_mtu; 1205 break; 1206#endif 1207 case SIOCADDMULTI: 1208 case SIOCDELMULTI: 1209 break; 1210 1211 case SIOCGIFGENERIC: 1212 case SIOCSIFGENERIC: 1213 rv = sppp_params(sp, cmd, data); 1214 break; 1215 1216 default: 1217 rv = ENOTTY; 1218 } 1219 splx(s); 1220 return rv; 1221} 1222 1223/* 1224 * Cisco framing implementation. 1225 */ 1226 1227/* 1228 * Handle incoming Cisco keepalive protocol packets. 1229 */ 1230static void 1231sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1232{ 1233 STDDCL; 1234 struct cisco_packet *h; 1235 u_long me, mymask; 1236 1237 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1238 if (debug) 1239 log(LOG_DEBUG, 1240 SPP_FMT "cisco invalid packet length: %d bytes\n", 1241 SPP_ARGS(ifp), m->m_pkthdr.len); 1242 return; 1243 } 1244 h = mtod (m, struct cisco_packet*); 1245 if (debug) 1246 log(LOG_DEBUG, 1247 SPP_FMT "cisco input: %d bytes " 1248 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1249 SPP_ARGS(ifp), m->m_pkthdr.len, 1250 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1251 (u_int)h->time0, (u_int)h->time1); 1252 switch (ntohl (h->type)) { 1253 default: 1254 if (debug) 1255 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1256 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1257 break; 1258 case CISCO_ADDR_REPLY: 1259 /* Reply on address request, ignore */ 1260 break; 1261 case CISCO_KEEPALIVE_REQ: 1262 sp->pp_alivecnt = 0; 1263 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1264 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1265 /* Local and remote sequence numbers are equal. 1266 * Probably, the line is in loopback mode. */ 1267 if (sp->pp_loopcnt >= MAXALIVECNT) { 1268 printf (SPP_FMT "loopback\n", 1269 SPP_ARGS(ifp)); 1270 sp->pp_loopcnt = 0; 1271 if (ifp->if_flags & IFF_UP) { 1272 if_down (ifp); 1273 sppp_qflush (&sp->pp_cpq); 1274 } 1275 } 1276 ++sp->pp_loopcnt; 1277 1278 /* Generate new local sequence number */ 1279#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1280 sp->pp_seq[IDX_LCP] = random(); 1281#else 1282 sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec; 1283#endif 1284 break; 1285 } 1286 sp->pp_loopcnt = 0; 1287 if (! (ifp->if_flags & IFF_UP) && 1288 (ifp->if_flags & IFF_RUNNING)) { 1289 if_up(ifp); 1290 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1291 } 1292 break; 1293 case CISCO_ADDR_REQ: 1294 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1295 if (me != 0L) 1296 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1297 break; 1298 } 1299} 1300 1301/* 1302 * Send Cisco keepalive packet. 1303 */ 1304static void 1305sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1306{ 1307 STDDCL; 1308 struct ppp_header *h; 1309 struct cisco_packet *ch; 1310 struct mbuf *m; 1311#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1312 struct timeval tv; 1313#else 1314 u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1315#endif 1316 1317#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1318 getmicrouptime(&tv); 1319#endif 1320 1321 MGETHDR (m, M_DONTWAIT, MT_DATA); 1322 if (! m) 1323 return; 1324 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1325 m->m_pkthdr.rcvif = 0; 1326 1327 h = mtod (m, struct ppp_header*); 1328 h->address = CISCO_MULTICAST; 1329 h->control = 0; 1330 h->protocol = htons (CISCO_KEEPALIVE); 1331 1332 ch = (struct cisco_packet*) (h + 1); 1333 ch->type = htonl (type); 1334 ch->par1 = htonl (par1); 1335 ch->par2 = htonl (par2); 1336 ch->rel = -1; 1337 1338#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1339 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1340 ch->time1 = htons ((u_short) tv.tv_sec); 1341#else 1342 ch->time0 = htons ((u_short) (t >> 16)); 1343 ch->time1 = htons ((u_short) t); 1344#endif 1345 1346 if (debug) 1347 log(LOG_DEBUG, 1348 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1349 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1350 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1351 1352 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1353 ifp->if_oerrors++; 1354} 1355 1356/* 1357 * PPP protocol implementation. 1358 */ 1359 1360/* 1361 * Send PPP control protocol packet. 1362 */ 1363static void 1364sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1365 u_char ident, u_short len, void *data) 1366{ 1367 STDDCL; 1368 struct ppp_header *h; 1369 struct lcp_header *lh; 1370 struct mbuf *m; 1371 1372 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1373 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1374 MGETHDR (m, M_DONTWAIT, MT_DATA); 1375 if (! m) 1376 return; 1377 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1378 m->m_pkthdr.rcvif = 0; 1379 1380 h = mtod (m, struct ppp_header*); 1381 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1382 h->control = PPP_UI; /* Unnumbered Info */ 1383 h->protocol = htons (proto); /* Link Control Protocol */ 1384 1385 lh = (struct lcp_header*) (h + 1); 1386 lh->type = type; 1387 lh->ident = ident; 1388 lh->len = htons (LCP_HEADER_LEN + len); 1389 if (len) 1390 bcopy (data, lh+1, len); 1391 1392 if (debug) { 1393 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1394 SPP_ARGS(ifp), 1395 sppp_proto_name(proto), 1396 sppp_cp_type_name (lh->type), lh->ident, 1397 ntohs (lh->len)); 1398 sppp_print_bytes ((u_char*) (lh+1), len); 1399 log(-1, ">\n"); 1400 } 1401 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1402 ifp->if_oerrors++; 1403} 1404 1405/* 1406 * Handle incoming PPP control protocol packets. 1407 */ 1408static void 1409sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1410{ 1411 STDDCL; 1412 struct lcp_header *h; 1413 int len = m->m_pkthdr.len; 1414 int rv; 1415 u_char *p; 1416 1417 if (len < 4) { 1418 if (debug) 1419 log(LOG_DEBUG, 1420 SPP_FMT "%s invalid packet length: %d bytes\n", 1421 SPP_ARGS(ifp), cp->name, len); 1422 return; 1423 } 1424 h = mtod (m, struct lcp_header*); 1425 if (debug) { 1426 log(LOG_DEBUG, 1427 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1428 SPP_ARGS(ifp), cp->name, 1429 sppp_state_name(sp->state[cp->protoidx]), 1430 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1431 sppp_print_bytes ((u_char*) (h+1), len-4); 1432 log(-1, ">\n"); 1433 } 1434 if (len > ntohs (h->len)) 1435 len = ntohs (h->len); 1436 p = (u_char *)(h + 1); 1437 switch (h->type) { 1438 case CONF_REQ: 1439 if (len < 4) { 1440 if (debug) 1441 log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1442 SPP_ARGS(ifp), cp->name, 1443 len); 1444 ++ifp->if_ierrors; 1445 break; 1446 } 1447 /* handle states where RCR doesn't get a SCA/SCN */ 1448 switch (sp->state[cp->protoidx]) { 1449 case STATE_CLOSING: 1450 case STATE_STOPPING: 1451 return; 1452 case STATE_CLOSED: 1453 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1454 0, 0); 1455 return; 1456 } 1457 rv = (cp->RCR)(sp, h, len); 1458 switch (sp->state[cp->protoidx]) { 1459 case STATE_OPENED: 1460 (cp->tld)(sp); 1461 (cp->scr)(sp); 1462 /* FALLTHROUGH */ 1463 case STATE_ACK_SENT: 1464 case STATE_REQ_SENT: 1465 /* 1466 * sppp_cp_change_state() have the side effect of 1467 * restarting the timeouts. We want to avoid that 1468 * if the state don't change, otherwise we won't 1469 * ever timeout and resend a configuration request 1470 * that got lost. 1471 */ 1472 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1473 STATE_REQ_SENT)) 1474 break; 1475 sppp_cp_change_state(cp, sp, rv? 1476 STATE_ACK_SENT: STATE_REQ_SENT); 1477 break; 1478 case STATE_STOPPED: 1479 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1480 (cp->scr)(sp); 1481 sppp_cp_change_state(cp, sp, rv? 1482 STATE_ACK_SENT: STATE_REQ_SENT); 1483 break; 1484 case STATE_ACK_RCVD: 1485 if (rv) { 1486 sppp_cp_change_state(cp, sp, STATE_OPENED); 1487 if (debug) 1488 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1489 SPP_ARGS(ifp), 1490 cp->name); 1491 (cp->tlu)(sp); 1492 } else 1493 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1494 break; 1495 default: 1496 printf(SPP_FMT "%s illegal %s in state %s\n", 1497 SPP_ARGS(ifp), cp->name, 1498 sppp_cp_type_name(h->type), 1499 sppp_state_name(sp->state[cp->protoidx])); 1500 ++ifp->if_ierrors; 1501 } 1502 break; 1503 case CONF_ACK: 1504 if (h->ident != sp->confid[cp->protoidx]) { 1505 if (debug) 1506 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1507 SPP_ARGS(ifp), cp->name, 1508 h->ident, sp->confid[cp->protoidx]); 1509 ++ifp->if_ierrors; 1510 break; 1511 } 1512 switch (sp->state[cp->protoidx]) { 1513 case STATE_CLOSED: 1514 case STATE_STOPPED: 1515 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1516 break; 1517 case STATE_CLOSING: 1518 case STATE_STOPPING: 1519 break; 1520 case STATE_REQ_SENT: 1521 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1522 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1523 break; 1524 case STATE_OPENED: 1525 (cp->tld)(sp); 1526 /* FALLTHROUGH */ 1527 case STATE_ACK_RCVD: 1528 (cp->scr)(sp); 1529 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1530 break; 1531 case STATE_ACK_SENT: 1532 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1533 sppp_cp_change_state(cp, sp, STATE_OPENED); 1534 if (debug) 1535 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1536 SPP_ARGS(ifp), cp->name); 1537 (cp->tlu)(sp); 1538 break; 1539 default: 1540 printf(SPP_FMT "%s illegal %s in state %s\n", 1541 SPP_ARGS(ifp), cp->name, 1542 sppp_cp_type_name(h->type), 1543 sppp_state_name(sp->state[cp->protoidx])); 1544 ++ifp->if_ierrors; 1545 } 1546 break; 1547 case CONF_NAK: 1548 case CONF_REJ: 1549 if (h->ident != sp->confid[cp->protoidx]) { 1550 if (debug) 1551 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1552 SPP_ARGS(ifp), cp->name, 1553 h->ident, sp->confid[cp->protoidx]); 1554 ++ifp->if_ierrors; 1555 break; 1556 } 1557 if (h->type == CONF_NAK) 1558 (cp->RCN_nak)(sp, h, len); 1559 else /* CONF_REJ */ 1560 (cp->RCN_rej)(sp, h, len); 1561 1562 switch (sp->state[cp->protoidx]) { 1563 case STATE_CLOSED: 1564 case STATE_STOPPED: 1565 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1566 break; 1567 case STATE_REQ_SENT: 1568 case STATE_ACK_SENT: 1569 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1570 /* 1571 * Slow things down a bit if we think we might be 1572 * in loopback. Depend on the timeout to send the 1573 * next configuration request. 1574 */ 1575 if (sp->pp_loopcnt) 1576 break; 1577 (cp->scr)(sp); 1578 break; 1579 case STATE_OPENED: 1580 (cp->tld)(sp); 1581 /* FALLTHROUGH */ 1582 case STATE_ACK_RCVD: 1583 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1584 (cp->scr)(sp); 1585 break; 1586 case STATE_CLOSING: 1587 case STATE_STOPPING: 1588 break; 1589 default: 1590 printf(SPP_FMT "%s illegal %s in state %s\n", 1591 SPP_ARGS(ifp), cp->name, 1592 sppp_cp_type_name(h->type), 1593 sppp_state_name(sp->state[cp->protoidx])); 1594 ++ifp->if_ierrors; 1595 } 1596 break; 1597 1598 case TERM_REQ: 1599 switch (sp->state[cp->protoidx]) { 1600 case STATE_ACK_RCVD: 1601 case STATE_ACK_SENT: 1602 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1603 /* FALLTHROUGH */ 1604 case STATE_CLOSED: 1605 case STATE_STOPPED: 1606 case STATE_CLOSING: 1607 case STATE_STOPPING: 1608 case STATE_REQ_SENT: 1609 sta: 1610 /* Send Terminate-Ack packet. */ 1611 if (debug) 1612 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1613 SPP_ARGS(ifp), cp->name); 1614 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1615 break; 1616 case STATE_OPENED: 1617 (cp->tld)(sp); 1618 sp->rst_counter[cp->protoidx] = 0; 1619 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1620 goto sta; 1621 break; 1622 default: 1623 printf(SPP_FMT "%s illegal %s in state %s\n", 1624 SPP_ARGS(ifp), cp->name, 1625 sppp_cp_type_name(h->type), 1626 sppp_state_name(sp->state[cp->protoidx])); 1627 ++ifp->if_ierrors; 1628 } 1629 break; 1630 case TERM_ACK: 1631 switch (sp->state[cp->protoidx]) { 1632 case STATE_CLOSED: 1633 case STATE_STOPPED: 1634 case STATE_REQ_SENT: 1635 case STATE_ACK_SENT: 1636 break; 1637 case STATE_CLOSING: 1638 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1639 (cp->tlf)(sp); 1640 break; 1641 case STATE_STOPPING: 1642 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1643 (cp->tlf)(sp); 1644 break; 1645 case STATE_ACK_RCVD: 1646 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1647 break; 1648 case STATE_OPENED: 1649 (cp->tld)(sp); 1650 (cp->scr)(sp); 1651 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1652 break; 1653 default: 1654 printf(SPP_FMT "%s illegal %s in state %s\n", 1655 SPP_ARGS(ifp), cp->name, 1656 sppp_cp_type_name(h->type), 1657 sppp_state_name(sp->state[cp->protoidx])); 1658 ++ifp->if_ierrors; 1659 } 1660 break; 1661 case CODE_REJ: 1662 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1663 log(LOG_INFO, 1664 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1665 "danger will robinson\n", 1666 SPP_ARGS(ifp), cp->name, 1667 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1668 switch (sp->state[cp->protoidx]) { 1669 case STATE_CLOSED: 1670 case STATE_STOPPED: 1671 case STATE_REQ_SENT: 1672 case STATE_ACK_SENT: 1673 case STATE_CLOSING: 1674 case STATE_STOPPING: 1675 case STATE_OPENED: 1676 break; 1677 case STATE_ACK_RCVD: 1678 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1679 break; 1680 default: 1681 printf(SPP_FMT "%s illegal %s in state %s\n", 1682 SPP_ARGS(ifp), cp->name, 1683 sppp_cp_type_name(h->type), 1684 sppp_state_name(sp->state[cp->protoidx])); 1685 ++ifp->if_ierrors; 1686 } 1687 break; 1688 case PROTO_REJ: 1689 { 1690 int catastrophic; 1691 const struct cp *upper; 1692 int i; 1693 u_int16_t proto; 1694 1695 catastrophic = 0; 1696 upper = NULL; 1697 proto = ntohs(*((u_int16_t *)p)); 1698 for (i = 0; i < IDX_COUNT; i++) { 1699 if (cps[i]->proto == proto) { 1700 upper = cps[i]; 1701 break; 1702 } 1703 } 1704 if (upper == NULL) 1705 catastrophic++; 1706 1707 if (catastrophic || debug) 1708 log(catastrophic? LOG_INFO: LOG_DEBUG, 1709 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1710 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1711 sppp_cp_type_name(h->type), proto, 1712 upper ? upper->name : "unknown", 1713 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1714 1715 /* 1716 * if we got RXJ+ against conf-req, the peer does not implement 1717 * this particular protocol type. terminate the protocol. 1718 */ 1719 if (upper && !catastrophic) { 1720 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1721 upper->Close(sp); 1722 break; 1723 } 1724 } 1725 1726 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1727 switch (sp->state[cp->protoidx]) { 1728 case STATE_CLOSED: 1729 case STATE_STOPPED: 1730 case STATE_REQ_SENT: 1731 case STATE_ACK_SENT: 1732 case STATE_CLOSING: 1733 case STATE_STOPPING: 1734 case STATE_OPENED: 1735 break; 1736 case STATE_ACK_RCVD: 1737 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1738 break; 1739 default: 1740 printf(SPP_FMT "%s illegal %s in state %s\n", 1741 SPP_ARGS(ifp), cp->name, 1742 sppp_cp_type_name(h->type), 1743 sppp_state_name(sp->state[cp->protoidx])); 1744 ++ifp->if_ierrors; 1745 } 1746 break; 1747 } 1748 case DISC_REQ: 1749 if (cp->proto != PPP_LCP) 1750 goto illegal; 1751 /* Discard the packet. */ 1752 break; 1753 case ECHO_REQ: 1754 if (cp->proto != PPP_LCP) 1755 goto illegal; 1756 if (sp->state[cp->protoidx] != STATE_OPENED) { 1757 if (debug) 1758 log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1759 SPP_ARGS(ifp)); 1760 ++ifp->if_ierrors; 1761 break; 1762 } 1763 if (len < 8) { 1764 if (debug) 1765 log(-1, SPP_FMT "invalid lcp echo request " 1766 "packet length: %d bytes\n", 1767 SPP_ARGS(ifp), len); 1768 break; 1769 } 1770 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1771 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1772 /* Line loopback mode detected. */ 1773 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1774 sp->pp_loopcnt = MAXALIVECNT * 5; 1775 if_down (ifp); 1776 sppp_qflush (&sp->pp_cpq); 1777 1778 /* Shut down the PPP link. */ 1779 /* XXX */ 1780 lcp.Down(sp); 1781 lcp.Up(sp); 1782 break; 1783 } 1784 *(long*)(h+1) = htonl (sp->lcp.magic); 1785 if (debug) 1786 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1787 SPP_ARGS(ifp)); 1788 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1789 break; 1790 case ECHO_REPLY: 1791 if (cp->proto != PPP_LCP) 1792 goto illegal; 1793 if (h->ident != sp->lcp.echoid) { 1794 ++ifp->if_ierrors; 1795 break; 1796 } 1797 if (len < 8) { 1798 if (debug) 1799 log(-1, SPP_FMT "lcp invalid echo reply " 1800 "packet length: %d bytes\n", 1801 SPP_ARGS(ifp), len); 1802 break; 1803 } 1804 if (debug) 1805 log(-1, SPP_FMT "lcp got echo rep\n", 1806 SPP_ARGS(ifp)); 1807 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1808 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1809 sp->pp_alivecnt = 0; 1810 break; 1811 default: 1812 /* Unknown packet type -- send Code-Reject packet. */ 1813 illegal: 1814 if (debug) 1815 log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1816 SPP_ARGS(ifp), cp->name, h->type); 1817 sppp_cp_send(sp, cp->proto, CODE_REJ, 1818 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1819 ++ifp->if_ierrors; 1820 } 1821} 1822 1823 1824/* 1825 * The generic part of all Up/Down/Open/Close/TO event handlers. 1826 * Basically, the state transition handling in the automaton. 1827 */ 1828static void 1829sppp_up_event(const struct cp *cp, struct sppp *sp) 1830{ 1831 STDDCL; 1832 1833 if (debug) 1834 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1835 SPP_ARGS(ifp), cp->name, 1836 sppp_state_name(sp->state[cp->protoidx])); 1837 1838 switch (sp->state[cp->protoidx]) { 1839 case STATE_INITIAL: 1840 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1841 break; 1842 case STATE_STARTING: 1843 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1844 (cp->scr)(sp); 1845 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1846 break; 1847 default: 1848 printf(SPP_FMT "%s illegal up in state %s\n", 1849 SPP_ARGS(ifp), cp->name, 1850 sppp_state_name(sp->state[cp->protoidx])); 1851 } 1852} 1853 1854static void 1855sppp_down_event(const struct cp *cp, struct sppp *sp) 1856{ 1857 STDDCL; 1858 1859 if (debug) 1860 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1861 SPP_ARGS(ifp), cp->name, 1862 sppp_state_name(sp->state[cp->protoidx])); 1863 1864 switch (sp->state[cp->protoidx]) { 1865 case STATE_CLOSED: 1866 case STATE_CLOSING: 1867 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1868 break; 1869 case STATE_STOPPED: 1870 sppp_cp_change_state(cp, sp, STATE_STARTING); 1871 (cp->tls)(sp); 1872 break; 1873 case STATE_STOPPING: 1874 case STATE_REQ_SENT: 1875 case STATE_ACK_RCVD: 1876 case STATE_ACK_SENT: 1877 sppp_cp_change_state(cp, sp, STATE_STARTING); 1878 break; 1879 case STATE_OPENED: 1880 (cp->tld)(sp); 1881 sppp_cp_change_state(cp, sp, STATE_STARTING); 1882 break; 1883 default: 1884 printf(SPP_FMT "%s illegal down in state %s\n", 1885 SPP_ARGS(ifp), cp->name, 1886 sppp_state_name(sp->state[cp->protoidx])); 1887 } 1888} 1889 1890 1891static void 1892sppp_open_event(const struct cp *cp, struct sppp *sp) 1893{ 1894 STDDCL; 1895 1896 if (debug) 1897 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1898 SPP_ARGS(ifp), cp->name, 1899 sppp_state_name(sp->state[cp->protoidx])); 1900 1901 switch (sp->state[cp->protoidx]) { 1902 case STATE_INITIAL: 1903 sppp_cp_change_state(cp, sp, STATE_STARTING); 1904 (cp->tls)(sp); 1905 break; 1906 case STATE_STARTING: 1907 break; 1908 case STATE_CLOSED: 1909 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1910 (cp->scr)(sp); 1911 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1912 break; 1913 case STATE_STOPPED: 1914 /* 1915 * Try escaping stopped state. This seems to bite 1916 * people occasionally, in particular for IPCP, 1917 * presumably following previous IPCP negotiation 1918 * aborts. Somehow, we must have missed a Down event 1919 * which would have caused a transition into starting 1920 * state, so as a bandaid we force the Down event now. 1921 * This effectively implements (something like the) 1922 * `restart' option mentioned in the state transition 1923 * table of RFC 1661. 1924 */ 1925 sppp_cp_change_state(cp, sp, STATE_STARTING); 1926 (cp->tls)(sp); 1927 break; 1928 case STATE_STOPPING: 1929 case STATE_REQ_SENT: 1930 case STATE_ACK_RCVD: 1931 case STATE_ACK_SENT: 1932 case STATE_OPENED: 1933 break; 1934 case STATE_CLOSING: 1935 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1936 break; 1937 } 1938} 1939 1940 1941static void 1942sppp_close_event(const struct cp *cp, struct sppp *sp) 1943{ 1944 STDDCL; 1945 1946 if (debug) 1947 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1948 SPP_ARGS(ifp), cp->name, 1949 sppp_state_name(sp->state[cp->protoidx])); 1950 1951 switch (sp->state[cp->protoidx]) { 1952 case STATE_INITIAL: 1953 case STATE_CLOSED: 1954 case STATE_CLOSING: 1955 break; 1956 case STATE_STARTING: 1957 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1958 (cp->tlf)(sp); 1959 break; 1960 case STATE_STOPPED: 1961 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1962 break; 1963 case STATE_STOPPING: 1964 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1965 break; 1966 case STATE_OPENED: 1967 (cp->tld)(sp); 1968 /* FALLTHROUGH */ 1969 case STATE_REQ_SENT: 1970 case STATE_ACK_RCVD: 1971 case STATE_ACK_SENT: 1972 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1973 sppp_cp_send(sp, cp->proto, TERM_REQ, 1974 ++sp->pp_seq[cp->protoidx], 0, 0); 1975 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1976 break; 1977 } 1978} 1979 1980static void 1981sppp_to_event(const struct cp *cp, struct sppp *sp) 1982{ 1983 STDDCL; 1984 int s; 1985 1986 s = splimp(); 1987 if (debug) 1988 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1989 SPP_ARGS(ifp), cp->name, 1990 sppp_state_name(sp->state[cp->protoidx]), 1991 sp->rst_counter[cp->protoidx]); 1992 1993 if (--sp->rst_counter[cp->protoidx] < 0) 1994 /* TO- event */ 1995 switch (sp->state[cp->protoidx]) { 1996 case STATE_CLOSING: 1997 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1998 (cp->tlf)(sp); 1999 break; 2000 case STATE_STOPPING: 2001 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2002 (cp->tlf)(sp); 2003 break; 2004 case STATE_REQ_SENT: 2005 case STATE_ACK_RCVD: 2006 case STATE_ACK_SENT: 2007 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2008 (cp->tlf)(sp); 2009 break; 2010 } 2011 else 2012 /* TO+ event */ 2013 switch (sp->state[cp->protoidx]) { 2014 case STATE_CLOSING: 2015 case STATE_STOPPING: 2016 sppp_cp_send(sp, cp->proto, TERM_REQ, 2017 ++sp->pp_seq[cp->protoidx], 0, 0); 2018 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 2019 sp->ch[cp->protoidx]); 2020 break; 2021 case STATE_REQ_SENT: 2022 case STATE_ACK_RCVD: 2023 (cp->scr)(sp); 2024 /* sppp_cp_change_state() will restart the timer */ 2025 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2026 break; 2027 case STATE_ACK_SENT: 2028 (cp->scr)(sp); 2029 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 2030 sp->ch[cp->protoidx]); 2031 break; 2032 } 2033 2034 splx(s); 2035} 2036 2037/* 2038 * Change the state of a control protocol in the state automaton. 2039 * Takes care of starting/stopping the restart timer. 2040 */ 2041static void 2042sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2043{ 2044 sp->state[cp->protoidx] = newstate; 2045 2046 UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 2047 switch (newstate) { 2048 case STATE_INITIAL: 2049 case STATE_STARTING: 2050 case STATE_CLOSED: 2051 case STATE_STOPPED: 2052 case STATE_OPENED: 2053 break; 2054 case STATE_CLOSING: 2055 case STATE_STOPPING: 2056 case STATE_REQ_SENT: 2057 case STATE_ACK_RCVD: 2058 case STATE_ACK_SENT: 2059 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 2060 sp->ch[cp->protoidx]); 2061 break; 2062 } 2063} 2064 2065/* 2066 *--------------------------------------------------------------------------* 2067 * * 2068 * The LCP implementation. * 2069 * * 2070 *--------------------------------------------------------------------------* 2071 */ 2072static void 2073sppp_lcp_init(struct sppp *sp) 2074{ 2075 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2076 sp->lcp.magic = 0; 2077 sp->state[IDX_LCP] = STATE_INITIAL; 2078 sp->fail_counter[IDX_LCP] = 0; 2079 sp->pp_seq[IDX_LCP] = 0; 2080 sp->pp_rseq[IDX_LCP] = 0; 2081 sp->lcp.protos = 0; 2082 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2083 2084 /* Note that these values are relevant for all control protocols */ 2085 sp->lcp.timeout = 3 * hz; 2086 sp->lcp.max_terminate = 2; 2087 sp->lcp.max_configure = 10; 2088 sp->lcp.max_failure = 10; 2089#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2090 callout_handle_init(&sp->ch[IDX_LCP]); 2091#endif 2092} 2093 2094static void 2095sppp_lcp_up(struct sppp *sp) 2096{ 2097 STDDCL; 2098 2099 sp->pp_alivecnt = 0; 2100 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2101 sp->lcp.magic = 0; 2102 sp->lcp.protos = 0; 2103 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2104 /* 2105 * If we are authenticator, negotiate LCP_AUTH 2106 */ 2107 if (sp->hisauth.proto != 0) 2108 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2109 else 2110 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2111 sp->pp_flags &= ~PP_NEEDAUTH; 2112 /* 2113 * If this interface is passive or dial-on-demand, and we are 2114 * still in Initial state, it means we've got an incoming 2115 * call. Activate the interface. 2116 */ 2117 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2118 if (debug) 2119 log(LOG_DEBUG, 2120 SPP_FMT "Up event", SPP_ARGS(ifp)); 2121 ifp->if_flags |= IFF_RUNNING; 2122 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2123 if (debug) 2124 log(-1, "(incoming call)\n"); 2125 sp->pp_flags |= PP_CALLIN; 2126 lcp.Open(sp); 2127 } else if (debug) 2128 log(-1, "\n"); 2129 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2130 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2131 ifp->if_flags |= IFF_RUNNING; 2132 lcp.Open(sp); 2133 } 2134 2135 sppp_up_event(&lcp, sp); 2136} 2137 2138static void 2139sppp_lcp_down(struct sppp *sp) 2140{ 2141 STDDCL; 2142 2143 sppp_down_event(&lcp, sp); 2144 2145 /* 2146 * If this is neither a dial-on-demand nor a passive 2147 * interface, simulate an ``ifconfig down'' action, so the 2148 * administrator can force a redial by another ``ifconfig 2149 * up''. XXX For leased line operation, should we immediately 2150 * try to reopen the connection here? 2151 */ 2152 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2153 log(LOG_INFO, 2154 SPP_FMT "Down event, taking interface down.\n", 2155 SPP_ARGS(ifp)); 2156 if_down(ifp); 2157 } else { 2158 if (debug) 2159 log(LOG_DEBUG, 2160 SPP_FMT "Down event (carrier loss)\n", 2161 SPP_ARGS(ifp)); 2162 sp->pp_flags &= ~PP_CALLIN; 2163 if (sp->state[IDX_LCP] != STATE_INITIAL) 2164 lcp.Close(sp); 2165 ifp->if_flags &= ~IFF_RUNNING; 2166 } 2167} 2168 2169static void 2170sppp_lcp_open(struct sppp *sp) 2171{ 2172 sppp_open_event(&lcp, sp); 2173} 2174 2175static void 2176sppp_lcp_close(struct sppp *sp) 2177{ 2178 sppp_close_event(&lcp, sp); 2179} 2180 2181static void 2182sppp_lcp_TO(void *cookie) 2183{ 2184 sppp_to_event(&lcp, (struct sppp *)cookie); 2185} 2186 2187/* 2188 * Analyze a configure request. Return true if it was agreeable, and 2189 * caused action sca, false if it has been rejected or nak'ed, and 2190 * caused action scn. (The return value is used to make the state 2191 * transition decision in the state automaton.) 2192 */ 2193static int 2194sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2195{ 2196 STDDCL; 2197 u_char *buf, *r, *p; 2198 int origlen, rlen; 2199 u_long nmagic; 2200 u_short authproto; 2201 2202 len -= 4; 2203 origlen = len; 2204 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2205 if (! buf) 2206 return (0); 2207 2208 if (debug) 2209 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2210 SPP_ARGS(ifp)); 2211 2212 /* pass 1: check for things that need to be rejected */ 2213 p = (void*) (h+1); 2214 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2215 if (debug) 2216 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2217 switch (*p) { 2218 case LCP_OPT_MAGIC: 2219 /* Magic number. */ 2220 if (len >= 6 && p[1] == 6) 2221 continue; 2222 if (debug) 2223 log(-1, "[invalid] "); 2224 break; 2225 case LCP_OPT_ASYNC_MAP: 2226 /* Async control character map. */ 2227 if (len >= 6 && p[1] == 6) 2228 continue; 2229 if (debug) 2230 log(-1, "[invalid] "); 2231 break; 2232 case LCP_OPT_MRU: 2233 /* Maximum receive unit. */ 2234 if (len >= 4 && p[1] == 4) 2235 continue; 2236 if (debug) 2237 log(-1, "[invalid] "); 2238 break; 2239 case LCP_OPT_AUTH_PROTO: 2240 if (len < 4) { 2241 if (debug) 2242 log(-1, "[invalid] "); 2243 break; 2244 } 2245 authproto = (p[2] << 8) + p[3]; 2246 if (authproto == PPP_CHAP && p[1] != 5) { 2247 if (debug) 2248 log(-1, "[invalid chap len] "); 2249 break; 2250 } 2251 if (sp->myauth.proto == 0) { 2252 /* we are not configured to do auth */ 2253 if (debug) 2254 log(-1, "[not configured] "); 2255 break; 2256 } 2257 /* 2258 * Remote want us to authenticate, remember this, 2259 * so we stay in PHASE_AUTHENTICATE after LCP got 2260 * up. 2261 */ 2262 sp->pp_flags |= PP_NEEDAUTH; 2263 continue; 2264 default: 2265 /* Others not supported. */ 2266 if (debug) 2267 log(-1, "[rej] "); 2268 break; 2269 } 2270 /* Add the option to rejected list. */ 2271 bcopy (p, r, p[1]); 2272 r += p[1]; 2273 rlen += p[1]; 2274 } 2275 if (rlen) { 2276 if (debug) 2277 log(-1, " send conf-rej\n"); 2278 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2279 return 0; 2280 } else if (debug) 2281 log(-1, "\n"); 2282 2283 /* 2284 * pass 2: check for option values that are unacceptable and 2285 * thus require to be nak'ed. 2286 */ 2287 if (debug) 2288 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2289 SPP_ARGS(ifp)); 2290 2291 p = (void*) (h+1); 2292 len = origlen; 2293 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2294 if (debug) 2295 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2296 switch (*p) { 2297 case LCP_OPT_MAGIC: 2298 /* Magic number -- extract. */ 2299 nmagic = (u_long)p[2] << 24 | 2300 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2301 if (nmagic != sp->lcp.magic) { 2302 sp->pp_loopcnt = 0; 2303 if (debug) 2304 log(-1, "0x%lx ", nmagic); 2305 continue; 2306 } 2307 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2308 log(-1, "[glitch] "); 2309 ++sp->pp_loopcnt; 2310 /* 2311 * We negate our magic here, and NAK it. If 2312 * we see it later in an NAK packet, we 2313 * suggest a new one. 2314 */ 2315 nmagic = ~sp->lcp.magic; 2316 /* Gonna NAK it. */ 2317 p[2] = nmagic >> 24; 2318 p[3] = nmagic >> 16; 2319 p[4] = nmagic >> 8; 2320 p[5] = nmagic; 2321 break; 2322 2323 case LCP_OPT_ASYNC_MAP: 2324 /* 2325 * Async control character map -- just ignore it. 2326 * 2327 * Quote from RFC 1662, chapter 6: 2328 * To enable this functionality, synchronous PPP 2329 * implementations MUST always respond to the 2330 * Async-Control-Character-Map Configuration 2331 * Option with the LCP Configure-Ack. However, 2332 * acceptance of the Configuration Option does 2333 * not imply that the synchronous implementation 2334 * will do any ACCM mapping. Instead, all such 2335 * octet mapping will be performed by the 2336 * asynchronous-to-synchronous converter. 2337 */ 2338 continue; 2339 2340 case LCP_OPT_MRU: 2341 /* 2342 * Maximum receive unit. Always agreeable, 2343 * but ignored by now. 2344 */ 2345 sp->lcp.their_mru = p[2] * 256 + p[3]; 2346 if (debug) 2347 log(-1, "%lu ", sp->lcp.their_mru); 2348 continue; 2349 2350 case LCP_OPT_AUTH_PROTO: 2351 authproto = (p[2] << 8) + p[3]; 2352 if (sp->myauth.proto != authproto) { 2353 /* not agreed, nak */ 2354 if (debug) 2355 log(-1, "[mine %s != his %s] ", 2356 sppp_proto_name(sp->hisauth.proto), 2357 sppp_proto_name(authproto)); 2358 p[2] = sp->myauth.proto >> 8; 2359 p[3] = sp->myauth.proto; 2360 break; 2361 } 2362 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2363 if (debug) 2364 log(-1, "[chap not MD5] "); 2365 p[4] = CHAP_MD5; 2366 break; 2367 } 2368 continue; 2369 } 2370 /* Add the option to nak'ed list. */ 2371 bcopy (p, r, p[1]); 2372 r += p[1]; 2373 rlen += p[1]; 2374 } 2375 if (rlen) { 2376 /* 2377 * Local and remote magics equal -- loopback? 2378 */ 2379 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2380 if (sp->pp_loopcnt == MAXALIVECNT*5) 2381 printf (SPP_FMT "loopback\n", 2382 SPP_ARGS(ifp)); 2383 if (ifp->if_flags & IFF_UP) { 2384 if_down(ifp); 2385 sppp_qflush(&sp->pp_cpq); 2386 /* XXX ? */ 2387 lcp.Down(sp); 2388 lcp.Up(sp); 2389 } 2390 } else if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2391 if (debug) 2392 log(-1, " max_failure (%d) exceeded, " 2393 "send conf-rej\n", 2394 sp->lcp.max_failure); 2395 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2396 } else { 2397 if (debug) 2398 log(-1, " send conf-nak\n"); 2399 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2400 } 2401 } else { 2402 if (debug) 2403 log(-1, " send conf-ack\n"); 2404 sp->fail_counter[IDX_LCP] = 0; 2405 sp->pp_loopcnt = 0; 2406 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2407 h->ident, origlen, h+1); 2408 } 2409 2410 free (buf, M_TEMP); 2411 return (rlen == 0); 2412} 2413 2414/* 2415 * Analyze the LCP Configure-Reject option list, and adjust our 2416 * negotiation. 2417 */ 2418static void 2419sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2420{ 2421 STDDCL; 2422 u_char *buf, *p; 2423 2424 len -= 4; 2425 buf = malloc (len, M_TEMP, M_NOWAIT); 2426 if (!buf) 2427 return; 2428 2429 if (debug) 2430 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2431 SPP_ARGS(ifp)); 2432 2433 p = (void*) (h+1); 2434 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2435 if (debug) 2436 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2437 switch (*p) { 2438 case LCP_OPT_MAGIC: 2439 /* Magic number -- can't use it, use 0 */ 2440 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2441 sp->lcp.magic = 0; 2442 break; 2443 case LCP_OPT_MRU: 2444 /* 2445 * Should not be rejected anyway, since we only 2446 * negotiate a MRU if explicitly requested by 2447 * peer. 2448 */ 2449 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2450 break; 2451 case LCP_OPT_AUTH_PROTO: 2452 /* 2453 * Peer doesn't want to authenticate himself, 2454 * deny unless this is a dialout call, and 2455 * AUTHFLAG_NOCALLOUT is set. 2456 */ 2457 if ((sp->pp_flags & PP_CALLIN) == 0 && 2458 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2459 if (debug) 2460 log(-1, "[don't insist on auth " 2461 "for callout]"); 2462 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2463 break; 2464 } 2465 if (debug) 2466 log(-1, "[access denied]\n"); 2467 lcp.Close(sp); 2468 break; 2469 } 2470 } 2471 if (debug) 2472 log(-1, "\n"); 2473 free (buf, M_TEMP); 2474 return; 2475} 2476 2477/* 2478 * Analyze the LCP Configure-NAK option list, and adjust our 2479 * negotiation. 2480 */ 2481static void 2482sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2483{ 2484 STDDCL; 2485 u_char *buf, *p; 2486 u_long magic; 2487 2488 len -= 4; 2489 buf = malloc (len, M_TEMP, M_NOWAIT); 2490 if (!buf) 2491 return; 2492 2493 if (debug) 2494 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2495 SPP_ARGS(ifp)); 2496 2497 p = (void*) (h+1); 2498 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2499 if (debug) 2500 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2501 switch (*p) { 2502 case LCP_OPT_MAGIC: 2503 /* Magic number -- renegotiate */ 2504 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2505 len >= 6 && p[1] == 6) { 2506 magic = (u_long)p[2] << 24 | 2507 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2508 /* 2509 * If the remote magic is our negated one, 2510 * this looks like a loopback problem. 2511 * Suggest a new magic to make sure. 2512 */ 2513 if (magic == ~sp->lcp.magic) { 2514 if (debug) 2515 log(-1, "magic glitch "); 2516#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2517 sp->lcp.magic = random(); 2518#else 2519 sp->lcp.magic = time.tv_sec + time.tv_usec; 2520#endif 2521 } else { 2522 sp->lcp.magic = magic; 2523 if (debug) 2524 log(-1, "%lu ", magic); 2525 } 2526 } 2527 break; 2528 case LCP_OPT_MRU: 2529 /* 2530 * Peer wants to advise us to negotiate an MRU. 2531 * Agree on it if it's reasonable, or use 2532 * default otherwise. 2533 */ 2534 if (len >= 4 && p[1] == 4) { 2535 u_int mru = p[2] * 256 + p[3]; 2536 if (debug) 2537 log(-1, "%d ", mru); 2538 if (mru < PP_MTU || mru > PP_MAX_MRU) 2539 mru = PP_MTU; 2540 sp->lcp.mru = mru; 2541 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2542 } 2543 break; 2544 case LCP_OPT_AUTH_PROTO: 2545 /* 2546 * Peer doesn't like our authentication method, 2547 * deny. 2548 */ 2549 if (debug) 2550 log(-1, "[access denied]\n"); 2551 lcp.Close(sp); 2552 break; 2553 } 2554 } 2555 if (debug) 2556 log(-1, "\n"); 2557 free (buf, M_TEMP); 2558 return; 2559} 2560 2561static void 2562sppp_lcp_tlu(struct sppp *sp) 2563{ 2564 STDDCL; 2565 int i; 2566 u_long mask; 2567 2568 /* XXX ? */ 2569 if (! (ifp->if_flags & IFF_UP) && 2570 (ifp->if_flags & IFF_RUNNING)) { 2571 /* Coming out of loopback mode. */ 2572 if_up(ifp); 2573 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2574 } 2575 2576 for (i = 0; i < IDX_COUNT; i++) 2577 if ((cps[i])->flags & CP_QUAL) 2578 (cps[i])->Open(sp); 2579 2580 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2581 (sp->pp_flags & PP_NEEDAUTH) != 0) 2582 sp->pp_phase = PHASE_AUTHENTICATE; 2583 else 2584 sp->pp_phase = PHASE_NETWORK; 2585 2586 if (debug) 2587 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2588 sppp_phase_name(sp->pp_phase)); 2589 2590 /* 2591 * Open all authentication protocols. This is even required 2592 * if we already proceeded to network phase, since it might be 2593 * that remote wants us to authenticate, so we might have to 2594 * send a PAP request. Undesired authentication protocols 2595 * don't do anything when they get an Open event. 2596 */ 2597 for (i = 0; i < IDX_COUNT; i++) 2598 if ((cps[i])->flags & CP_AUTH) 2599 (cps[i])->Open(sp); 2600 2601 if (sp->pp_phase == PHASE_NETWORK) { 2602 /* Notify all NCPs. */ 2603 for (i = 0; i < IDX_COUNT; i++) 2604 if (((cps[i])->flags & CP_NCP) && 2605 /* 2606 * XXX 2607 * Hack to administratively disable IPv6 if 2608 * not desired. Perhaps we should have another 2609 * flag for this, but right now, we can make 2610 * all struct cp's read/only. 2611 */ 2612 (cps[i] != &ipv6cp || 2613 (sp->confflags & CONF_ENABLE_IPV6))) 2614 (cps[i])->Open(sp); 2615 } 2616 2617 /* Send Up events to all started protos. */ 2618 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2619 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2620 (cps[i])->Up(sp); 2621 2622 /* notify low-level driver of state change */ 2623 if (sp->pp_chg) 2624 sp->pp_chg(sp, (int)sp->pp_phase); 2625 2626 if (sp->pp_phase == PHASE_NETWORK) 2627 /* if no NCP is starting, close down */ 2628 sppp_lcp_check_and_close(sp); 2629} 2630 2631static void 2632sppp_lcp_tld(struct sppp *sp) 2633{ 2634 STDDCL; 2635 int i; 2636 u_long mask; 2637 2638 sp->pp_phase = PHASE_TERMINATE; 2639 2640 if (debug) 2641 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2642 sppp_phase_name(sp->pp_phase)); 2643 2644 /* 2645 * Take upper layers down. We send the Down event first and 2646 * the Close second to prevent the upper layers from sending 2647 * ``a flurry of terminate-request packets'', as the RFC 2648 * describes it. 2649 */ 2650 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2651 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2652 (cps[i])->Down(sp); 2653 (cps[i])->Close(sp); 2654 } 2655} 2656 2657static void 2658sppp_lcp_tls(struct sppp *sp) 2659{ 2660 STDDCL; 2661 2662 sp->pp_phase = PHASE_ESTABLISH; 2663 2664 if (debug) 2665 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2666 sppp_phase_name(sp->pp_phase)); 2667 2668 /* Notify lower layer if desired. */ 2669 if (sp->pp_tls) 2670 (sp->pp_tls)(sp); 2671 else 2672 (sp->pp_up)(sp); 2673} 2674 2675static void 2676sppp_lcp_tlf(struct sppp *sp) 2677{ 2678 STDDCL; 2679 2680 sp->pp_phase = PHASE_DEAD; 2681 if (debug) 2682 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2683 sppp_phase_name(sp->pp_phase)); 2684 2685 /* Notify lower layer if desired. */ 2686 if (sp->pp_tlf) 2687 (sp->pp_tlf)(sp); 2688 else 2689 (sp->pp_down)(sp); 2690} 2691 2692static void 2693sppp_lcp_scr(struct sppp *sp) 2694{ 2695 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2696 int i = 0; 2697 u_short authproto; 2698 2699 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2700 if (! sp->lcp.magic) 2701#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2702 sp->lcp.magic = random(); 2703#else 2704 sp->lcp.magic = time.tv_sec + time.tv_usec; 2705#endif 2706 opt[i++] = LCP_OPT_MAGIC; 2707 opt[i++] = 6; 2708 opt[i++] = sp->lcp.magic >> 24; 2709 opt[i++] = sp->lcp.magic >> 16; 2710 opt[i++] = sp->lcp.magic >> 8; 2711 opt[i++] = sp->lcp.magic; 2712 } 2713 2714 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2715 opt[i++] = LCP_OPT_MRU; 2716 opt[i++] = 4; 2717 opt[i++] = sp->lcp.mru >> 8; 2718 opt[i++] = sp->lcp.mru; 2719 } 2720 2721 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2722 authproto = sp->hisauth.proto; 2723 opt[i++] = LCP_OPT_AUTH_PROTO; 2724 opt[i++] = authproto == PPP_CHAP? 5: 4; 2725 opt[i++] = authproto >> 8; 2726 opt[i++] = authproto; 2727 if (authproto == PPP_CHAP) 2728 opt[i++] = CHAP_MD5; 2729 } 2730 2731 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2732 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2733} 2734 2735/* 2736 * Check the open NCPs, return true if at least one NCP is open. 2737 */ 2738static int 2739sppp_ncp_check(struct sppp *sp) 2740{ 2741 int i, mask; 2742 2743 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2744 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2745 return 1; 2746 return 0; 2747} 2748 2749/* 2750 * Re-check the open NCPs and see if we should terminate the link. 2751 * Called by the NCPs during their tlf action handling. 2752 */ 2753static void 2754sppp_lcp_check_and_close(struct sppp *sp) 2755{ 2756 2757 if (sp->pp_phase < PHASE_NETWORK) 2758 /* don't bother, we are already going down */ 2759 return; 2760 2761 if (sppp_ncp_check(sp)) 2762 return; 2763 2764 lcp.Close(sp); 2765} 2766 2767/* 2768 *--------------------------------------------------------------------------* 2769 * * 2770 * The IPCP implementation. * 2771 * * 2772 *--------------------------------------------------------------------------* 2773 */ 2774 2775static void 2776sppp_ipcp_init(struct sppp *sp) 2777{ 2778 sp->ipcp.opts = 0; 2779 sp->ipcp.flags = 0; 2780 sp->state[IDX_IPCP] = STATE_INITIAL; 2781 sp->fail_counter[IDX_IPCP] = 0; 2782 sp->pp_seq[IDX_IPCP] = 0; 2783 sp->pp_rseq[IDX_IPCP] = 0; 2784#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2785 callout_handle_init(&sp->ch[IDX_IPCP]); 2786#endif 2787} 2788 2789static void 2790sppp_ipcp_up(struct sppp *sp) 2791{ 2792 sppp_up_event(&ipcp, sp); 2793} 2794 2795static void 2796sppp_ipcp_down(struct sppp *sp) 2797{ 2798 sppp_down_event(&ipcp, sp); 2799} 2800 2801static void 2802sppp_ipcp_open(struct sppp *sp) 2803{ 2804 STDDCL; 2805 u_long myaddr, hisaddr; 2806 2807 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN | 2808 IPCP_MYADDR_DYN | IPCP_VJ); 2809 sp->ipcp.opts = 0; 2810 2811 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2812 /* 2813 * If we don't have his address, this probably means our 2814 * interface doesn't want to talk IP at all. (This could 2815 * be the case if somebody wants to speak only IPX, for 2816 * example.) Don't open IPCP in this case. 2817 */ 2818 if (hisaddr == 0L) { 2819 /* XXX this message should go away */ 2820 if (debug) 2821 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2822 SPP_ARGS(ifp)); 2823 return; 2824 } 2825 if (myaddr == 0L) { 2826 /* 2827 * I don't have an assigned address, so i need to 2828 * negotiate my address. 2829 */ 2830 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2831 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2832 } else 2833 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2834 if (sp->confflags & CONF_ENABLE_VJ) { 2835 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION); 2836 sp->ipcp.max_state = MAX_STATES - 1; 2837 sp->ipcp.compress_cid = 1; 2838 } 2839 sppp_open_event(&ipcp, sp); 2840} 2841 2842static void 2843sppp_ipcp_close(struct sppp *sp) 2844{ 2845 sppp_close_event(&ipcp, sp); 2846 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2847 /* 2848 * My address was dynamic, clear it again. 2849 */ 2850 sppp_set_ip_addr(sp, 0L); 2851} 2852 2853static void 2854sppp_ipcp_TO(void *cookie) 2855{ 2856 sppp_to_event(&ipcp, (struct sppp *)cookie); 2857} 2858 2859/* 2860 * Analyze a configure request. Return true if it was agreeable, and 2861 * caused action sca, false if it has been rejected or nak'ed, and 2862 * caused action scn. (The return value is used to make the state 2863 * transition decision in the state automaton.) 2864 */ 2865static int 2866sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2867{ 2868 u_char *buf, *r, *p; 2869 struct ifnet *ifp = &sp->pp_if; 2870 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2871 u_long hisaddr, desiredaddr; 2872 int gotmyaddr = 0; 2873 int desiredcomp; 2874 2875 len -= 4; 2876 origlen = len; 2877 /* 2878 * Make sure to allocate a buf that can at least hold a 2879 * conf-nak with an `address' option. We might need it below. 2880 */ 2881 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2882 if (! buf) 2883 return (0); 2884 2885 /* pass 1: see if we can recognize them */ 2886 if (debug) 2887 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2888 SPP_ARGS(ifp)); 2889 p = (void*) (h+1); 2890 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2891 if (debug) 2892 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2893 switch (*p) { 2894 case IPCP_OPT_COMPRESSION: 2895 if (!(sp->confflags & CONF_ENABLE_VJ)) { 2896 /* VJ compression administratively disabled */ 2897 if (debug) 2898 log(-1, "[locally disabled] "); 2899 break; 2900 } 2901 /* 2902 * In theory, we should only conf-rej an 2903 * option that is shorter than RFC 1618 2904 * requires (i.e. < 4), and should conf-nak 2905 * anything else that is not VJ. However, 2906 * since our algorithm always uses the 2907 * original option to NAK it with new values, 2908 * things would become more complicated. In 2909 * pratice, the only commonly implemented IP 2910 * compression option is VJ anyway, so the 2911 * difference is negligible. 2912 */ 2913 if (len >= 6 && p[1] == 6) { 2914 /* 2915 * correctly formed compression option 2916 * that could be VJ compression 2917 */ 2918 continue; 2919 } 2920 if (debug) 2921 log(-1, 2922 "optlen %d [invalid/unsupported] ", 2923 p[1]); 2924 break; 2925 case IPCP_OPT_ADDRESS: 2926 if (len >= 6 && p[1] == 6) { 2927 /* correctly formed address option */ 2928 continue; 2929 } 2930 if (debug) 2931 log(-1, "[invalid] "); 2932 break; 2933 default: 2934 /* Others not supported. */ 2935 if (debug) 2936 log(-1, "[rej] "); 2937 break; 2938 } 2939 /* Add the option to rejected list. */ 2940 bcopy (p, r, p[1]); 2941 r += p[1]; 2942 rlen += p[1]; 2943 } 2944 if (rlen) { 2945 if (debug) 2946 log(-1, " send conf-rej\n"); 2947 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2948 return 0; 2949 } else if (debug) 2950 log(-1, "\n"); 2951 2952 /* pass 2: parse option values */ 2953 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2954 if (debug) 2955 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2956 SPP_ARGS(ifp)); 2957 p = (void*) (h+1); 2958 len = origlen; 2959 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2960 if (debug) 2961 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2962 switch (*p) { 2963 case IPCP_OPT_COMPRESSION: 2964 desiredcomp = p[2] << 8 | p[3]; 2965 /* We only support VJ */ 2966 if (desiredcomp == IPCP_COMP_VJ) { 2967 if (debug) 2968 log(-1, "VJ [ack] "); 2969 sp->ipcp.flags |= IPCP_VJ; 2970 sl_compress_init(sp->pp_comp, p[4]); 2971 sp->ipcp.max_state = p[4]; 2972 sp->ipcp.compress_cid = p[5]; 2973 continue; 2974 } 2975 if (debug) 2976 log(-1, 2977 "compproto %#04x [not supported] ", 2978 desiredcomp); 2979 p[2] = IPCP_COMP_VJ >> 8; 2980 p[3] = IPCP_COMP_VJ; 2981 p[4] = sp->ipcp.max_state; 2982 p[5] = sp->ipcp.compress_cid; 2983 break; 2984 case IPCP_OPT_ADDRESS: 2985 /* This is the address he wants in his end */ 2986 desiredaddr = p[2] << 24 | p[3] << 16 | 2987 p[4] << 8 | p[5]; 2988 if (desiredaddr == hisaddr || 2989 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) { 2990 /* 2991 * Peer's address is same as our value, 2992 * or we have set it to 0.0.0.* to 2993 * indicate that we do not really care, 2994 * this is agreeable. Gonna conf-ack 2995 * it. 2996 */ 2997 if (debug) 2998 log(-1, "%s [ack] ", 2999 sppp_dotted_quad(hisaddr)); 3000 /* record that we've seen it already */ 3001 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3002 continue; 3003 } 3004 /* 3005 * The address wasn't agreeable. This is either 3006 * he sent us 0.0.0.0, asking to assign him an 3007 * address, or he send us another address not 3008 * matching our value. Either case, we gonna 3009 * conf-nak it with our value. 3010 * XXX: we should "rej" if hisaddr == 0 3011 */ 3012 if (debug) { 3013 if (desiredaddr == 0) 3014 log(-1, "[addr requested] "); 3015 else 3016 log(-1, "%s [not agreed] ", 3017 sppp_dotted_quad(desiredaddr)); 3018 3019 } 3020 p[2] = hisaddr >> 24; 3021 p[3] = hisaddr >> 16; 3022 p[4] = hisaddr >> 8; 3023 p[5] = hisaddr; 3024 break; 3025 } 3026 /* Add the option to nak'ed list. */ 3027 bcopy (p, r, p[1]); 3028 r += p[1]; 3029 rlen += p[1]; 3030 } 3031 3032 /* 3033 * If we are about to conf-ack the request, but haven't seen 3034 * his address so far, gonna conf-nak it instead, with the 3035 * `address' option present and our idea of his address being 3036 * filled in there, to request negotiation of both addresses. 3037 * 3038 * XXX This can result in an endless req - nak loop if peer 3039 * doesn't want to send us his address. Q: What should we do 3040 * about it? XXX A: implement the max-failure counter. 3041 */ 3042 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 3043 buf[0] = IPCP_OPT_ADDRESS; 3044 buf[1] = 6; 3045 buf[2] = hisaddr >> 24; 3046 buf[3] = hisaddr >> 16; 3047 buf[4] = hisaddr >> 8; 3048 buf[5] = hisaddr; 3049 rlen = 6; 3050 if (debug) 3051 log(-1, "still need hisaddr "); 3052 } 3053 3054 if (rlen) { 3055 if (debug) 3056 log(-1, " send conf-nak\n"); 3057 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3058 } else { 3059 if (debug) 3060 log(-1, " send conf-ack\n"); 3061 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 3062 h->ident, origlen, h+1); 3063 } 3064 3065 free (buf, M_TEMP); 3066 return (rlen == 0); 3067} 3068 3069/* 3070 * Analyze the IPCP Configure-Reject option list, and adjust our 3071 * negotiation. 3072 */ 3073static void 3074sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3075{ 3076 u_char *buf, *p; 3077 struct ifnet *ifp = &sp->pp_if; 3078 int debug = ifp->if_flags & IFF_DEBUG; 3079 3080 len -= 4; 3081 buf = malloc (len, M_TEMP, M_NOWAIT); 3082 if (!buf) 3083 return; 3084 3085 if (debug) 3086 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 3087 SPP_ARGS(ifp)); 3088 3089 p = (void*) (h+1); 3090 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3091 if (debug) 3092 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3093 switch (*p) { 3094 case IPCP_OPT_COMPRESSION: 3095 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION); 3096 break; 3097 case IPCP_OPT_ADDRESS: 3098 /* 3099 * Peer doesn't grok address option. This is 3100 * bad. XXX Should we better give up here? 3101 * XXX We could try old "addresses" option... 3102 */ 3103 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3104 break; 3105 } 3106 } 3107 if (debug) 3108 log(-1, "\n"); 3109 free (buf, M_TEMP); 3110 return; 3111} 3112 3113/* 3114 * Analyze the IPCP Configure-NAK option list, and adjust our 3115 * negotiation. 3116 */ 3117static void 3118sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3119{ 3120 u_char *buf, *p; 3121 struct ifnet *ifp = &sp->pp_if; 3122 int debug = ifp->if_flags & IFF_DEBUG; 3123 int desiredcomp; 3124 u_long wantaddr; 3125 3126 len -= 4; 3127 buf = malloc (len, M_TEMP, M_NOWAIT); 3128 if (!buf) 3129 return; 3130 3131 if (debug) 3132 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 3133 SPP_ARGS(ifp)); 3134 3135 p = (void*) (h+1); 3136 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3137 if (debug) 3138 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3139 switch (*p) { 3140 case IPCP_OPT_COMPRESSION: 3141 if (len >= 6 && p[1] == 6) { 3142 desiredcomp = p[2] << 8 | p[3]; 3143 if (debug) 3144 log(-1, "[wantcomp %#04x] ", 3145 desiredcomp); 3146 if (desiredcomp == IPCP_COMP_VJ) { 3147 sl_compress_init(sp->pp_comp, p[4]); 3148 sp->ipcp.max_state = p[4]; 3149 sp->ipcp.compress_cid = p[5]; 3150 if (debug) 3151 log(-1, "[agree] "); 3152 } else 3153 sp->ipcp.opts &= 3154 ~(1 << IPCP_OPT_COMPRESSION); 3155 } 3156 break; 3157 case IPCP_OPT_ADDRESS: 3158 /* 3159 * Peer doesn't like our local IP address. See 3160 * if we can do something for him. We'll drop 3161 * him our address then. 3162 */ 3163 if (len >= 6 && p[1] == 6) { 3164 wantaddr = p[2] << 24 | p[3] << 16 | 3165 p[4] << 8 | p[5]; 3166 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3167 if (debug) 3168 log(-1, "[wantaddr %s] ", 3169 sppp_dotted_quad(wantaddr)); 3170 /* 3171 * When doing dynamic address assignment, 3172 * we accept his offer. Otherwise, we 3173 * ignore it and thus continue to negotiate 3174 * our already existing value. 3175 * XXX: Bogus, if he said no once, he'll 3176 * just say no again, might as well die. 3177 */ 3178 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3179 sppp_set_ip_addr(sp, wantaddr); 3180 if (debug) 3181 log(-1, "[agree] "); 3182 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3183 } 3184 } 3185 break; 3186 } 3187 } 3188 if (debug) 3189 log(-1, "\n"); 3190 free (buf, M_TEMP); 3191 return; 3192} 3193 3194static void 3195sppp_ipcp_tlu(struct sppp *sp) 3196{ 3197 /* we are up - notify isdn daemon */ 3198 if (sp->pp_con) 3199 sp->pp_con(sp); 3200} 3201 3202static void 3203sppp_ipcp_tld(struct sppp *sp) 3204{ 3205} 3206 3207static void 3208sppp_ipcp_tls(struct sppp *sp) 3209{ 3210 /* indicate to LCP that it must stay alive */ 3211 sp->lcp.protos |= (1 << IDX_IPCP); 3212} 3213 3214static void 3215sppp_ipcp_tlf(struct sppp *sp) 3216{ 3217 /* we no longer need LCP */ 3218 sp->lcp.protos &= ~(1 << IDX_IPCP); 3219 sppp_lcp_check_and_close(sp); 3220} 3221 3222static void 3223sppp_ipcp_scr(struct sppp *sp) 3224{ 3225 char opt[6 /* compression */ + 6 /* address */]; 3226 u_long ouraddr; 3227 int i = 0; 3228 3229 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3230 opt[i++] = IPCP_OPT_COMPRESSION; 3231 opt[i++] = 6; 3232 opt[i++] = IPCP_COMP_VJ >> 8; 3233 opt[i++] = IPCP_COMP_VJ; 3234 opt[i++] = sp->ipcp.max_state; 3235 opt[i++] = sp->ipcp.compress_cid; 3236 } 3237 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3238 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3239 opt[i++] = IPCP_OPT_ADDRESS; 3240 opt[i++] = 6; 3241 opt[i++] = ouraddr >> 24; 3242 opt[i++] = ouraddr >> 16; 3243 opt[i++] = ouraddr >> 8; 3244 opt[i++] = ouraddr; 3245 } 3246 3247 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3248 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3249} 3250 3251/* 3252 *--------------------------------------------------------------------------* 3253 * * 3254 * The IPv6CP implementation. * 3255 * * 3256 *--------------------------------------------------------------------------* 3257 */ 3258 3259#ifdef INET6 3260static void 3261sppp_ipv6cp_init(struct sppp *sp) 3262{ 3263 sp->ipv6cp.opts = 0; 3264 sp->ipv6cp.flags = 0; 3265 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3266 sp->fail_counter[IDX_IPV6CP] = 0; 3267 sp->pp_seq[IDX_IPV6CP] = 0; 3268 sp->pp_rseq[IDX_IPV6CP] = 0; 3269#if defined(__NetBSD__) 3270 callout_init(&sp->ch[IDX_IPV6CP]); 3271#endif 3272#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3273 callout_handle_init(&sp->ch[IDX_IPV6CP]); 3274#endif 3275} 3276 3277static void 3278sppp_ipv6cp_up(struct sppp *sp) 3279{ 3280 sppp_up_event(&ipv6cp, sp); 3281} 3282 3283static void 3284sppp_ipv6cp_down(struct sppp *sp) 3285{ 3286 sppp_down_event(&ipv6cp, sp); 3287} 3288 3289static void 3290sppp_ipv6cp_open(struct sppp *sp) 3291{ 3292 STDDCL; 3293 struct in6_addr myaddr, hisaddr; 3294 3295#ifdef IPV6CP_MYIFID_DYN 3296 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3297#else 3298 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3299#endif 3300 3301 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3302 /* 3303 * If we don't have our address, this probably means our 3304 * interface doesn't want to talk IPv6 at all. (This could 3305 * be the case if somebody wants to speak only IPX, for 3306 * example.) Don't open IPv6CP in this case. 3307 */ 3308 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3309 /* XXX this message should go away */ 3310 if (debug) 3311 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3312 SPP_ARGS(ifp)); 3313 return; 3314 } 3315 3316 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3317 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3318 sppp_open_event(&ipv6cp, sp); 3319} 3320 3321static void 3322sppp_ipv6cp_close(struct sppp *sp) 3323{ 3324 sppp_close_event(&ipv6cp, sp); 3325} 3326 3327static void 3328sppp_ipv6cp_TO(void *cookie) 3329{ 3330 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3331} 3332 3333/* 3334 * Analyze a configure request. Return true if it was agreeable, and 3335 * caused action sca, false if it has been rejected or nak'ed, and 3336 * caused action scn. (The return value is used to make the state 3337 * transition decision in the state automaton.) 3338 */ 3339static int 3340sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3341{ 3342 u_char *buf, *r, *p; 3343 struct ifnet *ifp = &sp->pp_if; 3344 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3345 struct in6_addr myaddr, desiredaddr, suggestaddr; 3346 int ifidcount; 3347 int type; 3348 int collision, nohisaddr; 3349 3350 len -= 4; 3351 origlen = len; 3352 /* 3353 * Make sure to allocate a buf that can at least hold a 3354 * conf-nak with an `address' option. We might need it below. 3355 */ 3356 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3357 if (! buf) 3358 return (0); 3359 3360 /* pass 1: see if we can recognize them */ 3361 if (debug) 3362 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3363 SPP_ARGS(ifp)); 3364 p = (void*) (h+1); 3365 ifidcount = 0; 3366 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3367 if (debug) 3368 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3369 switch (*p) { 3370 case IPV6CP_OPT_IFID: 3371 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3372 /* correctly formed address option */ 3373 ifidcount++; 3374 continue; 3375 } 3376 if (debug) 3377 log(-1, " [invalid]"); 3378 break; 3379#ifdef notyet 3380 case IPV6CP_OPT_COMPRESSION: 3381 if (len >= 4 && p[1] >= 4) { 3382 /* correctly formed compress option */ 3383 continue; 3384 } 3385 if (debug) 3386 log(-1, " [invalid]"); 3387 break; 3388#endif 3389 default: 3390 /* Others not supported. */ 3391 if (debug) 3392 log(-1, " [rej]"); 3393 break; 3394 } 3395 /* Add the option to rejected list. */ 3396 bcopy (p, r, p[1]); 3397 r += p[1]; 3398 rlen += p[1]; 3399 } 3400 if (rlen) { 3401 if (debug) 3402 log(-1, " send conf-rej\n"); 3403 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3404 goto end; 3405 } else if (debug) 3406 log(-1, "\n"); 3407 3408 /* pass 2: parse option values */ 3409 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3410 if (debug) 3411 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3412 SPP_ARGS(ifp)); 3413 p = (void*) (h+1); 3414 len = origlen; 3415 type = CONF_ACK; 3416 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3417 if (debug) 3418 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3419 switch (*p) { 3420#ifdef notyet 3421 case IPV6CP_OPT_COMPRESSION: 3422 continue; 3423#endif 3424 case IPV6CP_OPT_IFID: 3425 bzero(&desiredaddr, sizeof(desiredaddr)); 3426 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3427 collision = (bcmp(&desiredaddr.s6_addr[8], 3428 &myaddr.s6_addr[8], 8) == 0); 3429 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3430 3431 desiredaddr.s6_addr16[0] = htons(0xfe80); 3432 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3433 3434 if (!collision && !nohisaddr) { 3435 /* no collision, hisaddr known - Conf-Ack */ 3436 type = CONF_ACK; 3437 3438 if (debug) { 3439 log(-1, " %s [%s]", 3440 ip6_sprintf(&desiredaddr), 3441 sppp_cp_type_name(type)); 3442 } 3443 continue; 3444 } 3445 3446 bzero(&suggestaddr, sizeof(&suggestaddr)); 3447 if (collision && nohisaddr) { 3448 /* collision, hisaddr unknown - Conf-Rej */ 3449 type = CONF_REJ; 3450 bzero(&p[2], 8); 3451 } else { 3452 /* 3453 * - no collision, hisaddr unknown, or 3454 * - collision, hisaddr known 3455 * Conf-Nak, suggest hisaddr 3456 */ 3457 type = CONF_NAK; 3458 sppp_suggest_ip6_addr(sp, &suggestaddr); 3459 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3460 } 3461 if (debug) 3462 log(-1, " %s [%s]", ip6_sprintf(&desiredaddr), 3463 sppp_cp_type_name(type)); 3464 break; 3465 } 3466 /* Add the option to nak'ed list. */ 3467 bcopy (p, r, p[1]); 3468 r += p[1]; 3469 rlen += p[1]; 3470 } 3471 3472 if (rlen == 0 && type == CONF_ACK) { 3473 if (debug) 3474 log(-1, " send %s\n", sppp_cp_type_name(type)); 3475 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3476 } else { 3477#ifdef DIAGNOSTIC 3478 if (type == CONF_ACK) 3479 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3480#endif 3481 3482 if (debug) { 3483 log(-1, " send %s suggest %s\n", 3484 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3485 } 3486 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3487 } 3488 3489 end: 3490 free (buf, M_TEMP); 3491 return (rlen == 0); 3492} 3493 3494/* 3495 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3496 * negotiation. 3497 */ 3498static void 3499sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3500{ 3501 u_char *buf, *p; 3502 struct ifnet *ifp = &sp->pp_if; 3503 int debug = ifp->if_flags & IFF_DEBUG; 3504 3505 len -= 4; 3506 buf = malloc (len, M_TEMP, M_NOWAIT); 3507 if (!buf) 3508 return; 3509 3510 if (debug) 3511 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3512 SPP_ARGS(ifp)); 3513 3514 p = (void*) (h+1); 3515 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3516 if (debug) 3517 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3518 switch (*p) { 3519 case IPV6CP_OPT_IFID: 3520 /* 3521 * Peer doesn't grok address option. This is 3522 * bad. XXX Should we better give up here? 3523 */ 3524 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3525 break; 3526#ifdef notyet 3527 case IPV6CP_OPT_COMPRESS: 3528 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3529 break; 3530#endif 3531 } 3532 } 3533 if (debug) 3534 log(-1, "\n"); 3535 free (buf, M_TEMP); 3536 return; 3537} 3538 3539/* 3540 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3541 * negotiation. 3542 */ 3543static void 3544sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3545{ 3546 u_char *buf, *p; 3547 struct ifnet *ifp = &sp->pp_if; 3548 int debug = ifp->if_flags & IFF_DEBUG; 3549 struct in6_addr suggestaddr; 3550 3551 len -= 4; 3552 buf = malloc (len, M_TEMP, M_NOWAIT); 3553 if (!buf) 3554 return; 3555 3556 if (debug) 3557 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3558 SPP_ARGS(ifp)); 3559 3560 p = (void*) (h+1); 3561 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3562 if (debug) 3563 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3564 switch (*p) { 3565 case IPV6CP_OPT_IFID: 3566 /* 3567 * Peer doesn't like our local ifid. See 3568 * if we can do something for him. We'll drop 3569 * him our address then. 3570 */ 3571 if (len < 10 || p[1] != 10) 3572 break; 3573 bzero(&suggestaddr, sizeof(suggestaddr)); 3574 suggestaddr.s6_addr16[0] = htons(0xfe80); 3575 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3576 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3577 3578 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3579 if (debug) 3580 log(-1, " [suggestaddr %s]", 3581 ip6_sprintf(&suggestaddr)); 3582#ifdef IPV6CP_MYIFID_DYN 3583 /* 3584 * When doing dynamic address assignment, 3585 * we accept his offer. 3586 */ 3587 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3588 struct in6_addr lastsuggest; 3589 /* 3590 * If <suggested myaddr from peer> equals to 3591 * <hisaddr we have suggested last time>, 3592 * we have a collision. generate new random 3593 * ifid. 3594 */ 3595 sppp_suggest_ip6_addr(&lastsuggest); 3596 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3597 lastsuggest)) { 3598 if (debug) 3599 log(-1, " [random]"); 3600 sppp_gen_ip6_addr(sp, &suggestaddr); 3601 } 3602 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3603 if (debug) 3604 log(-1, " [agree]"); 3605 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3606 } 3607#else 3608 /* 3609 * Since we do not do dynamic address assignment, 3610 * we ignore it and thus continue to negotiate 3611 * our already existing value. This can possibly 3612 * go into infinite request-reject loop. 3613 * 3614 * This is not likely because we normally use 3615 * ifid based on MAC-address. 3616 * If you have no ethernet card on the node, too bad. 3617 * XXX should we use fail_counter? 3618 */ 3619#endif 3620 break; 3621#ifdef notyet 3622 case IPV6CP_OPT_COMPRESS: 3623 /* 3624 * Peer wants different compression parameters. 3625 */ 3626 break; 3627#endif 3628 } 3629 } 3630 if (debug) 3631 log(-1, "\n"); 3632 free (buf, M_TEMP); 3633 return; 3634} 3635static void 3636sppp_ipv6cp_tlu(struct sppp *sp) 3637{ 3638 /* we are up - notify isdn daemon */ 3639 if (sp->pp_con) 3640 sp->pp_con(sp); 3641} 3642 3643static void 3644sppp_ipv6cp_tld(struct sppp *sp) 3645{ 3646} 3647 3648static void 3649sppp_ipv6cp_tls(struct sppp *sp) 3650{ 3651 /* indicate to LCP that it must stay alive */ 3652 sp->lcp.protos |= (1 << IDX_IPV6CP); 3653} 3654 3655static void 3656sppp_ipv6cp_tlf(struct sppp *sp) 3657{ 3658 3659#if 0 /* need #if 0 to close IPv6CP properly */ 3660 /* we no longer need LCP */ 3661 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3662 sppp_lcp_check_and_close(sp); 3663#endif 3664} 3665 3666static void 3667sppp_ipv6cp_scr(struct sppp *sp) 3668{ 3669 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3670 struct in6_addr ouraddr; 3671 int i = 0; 3672 3673 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3674 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3675 opt[i++] = IPV6CP_OPT_IFID; 3676 opt[i++] = 10; 3677 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3678 i += 8; 3679 } 3680 3681#ifdef notyet 3682 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3683 opt[i++] = IPV6CP_OPT_COMPRESSION; 3684 opt[i++] = 4; 3685 opt[i++] = 0; /* TBD */ 3686 opt[i++] = 0; /* TBD */ 3687 /* variable length data may follow */ 3688 } 3689#endif 3690 3691 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3692 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3693} 3694#else /*INET6*/ 3695static void sppp_ipv6cp_init(struct sppp *sp) 3696{ 3697} 3698 3699static void sppp_ipv6cp_up(struct sppp *sp) 3700{ 3701} 3702 3703static void sppp_ipv6cp_down(struct sppp *sp) 3704{ 3705} 3706 3707 3708static void sppp_ipv6cp_open(struct sppp *sp) 3709{ 3710} 3711 3712static void sppp_ipv6cp_close(struct sppp *sp) 3713{ 3714} 3715 3716static void sppp_ipv6cp_TO(void *sp) 3717{ 3718} 3719 3720static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3721{ 3722 return 0; 3723} 3724 3725static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3726{ 3727} 3728 3729static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3730{ 3731} 3732 3733static void sppp_ipv6cp_tlu(struct sppp *sp) 3734{ 3735} 3736 3737static void sppp_ipv6cp_tld(struct sppp *sp) 3738{ 3739} 3740 3741static void sppp_ipv6cp_tls(struct sppp *sp) 3742{ 3743} 3744 3745static void sppp_ipv6cp_tlf(struct sppp *sp) 3746{ 3747} 3748 3749static void sppp_ipv6cp_scr(struct sppp *sp) 3750{ 3751} 3752#endif /*INET6*/ 3753 3754/* 3755 *--------------------------------------------------------------------------* 3756 * * 3757 * The CHAP implementation. * 3758 * * 3759 *--------------------------------------------------------------------------* 3760 */ 3761 3762/* 3763 * The authentication protocols don't employ a full-fledged state machine as 3764 * the control protocols do, since they do have Open and Close events, but 3765 * not Up and Down, nor are they explicitly terminated. Also, use of the 3766 * authentication protocols may be different in both directions (this makes 3767 * sense, think of a machine that never accepts incoming calls but only 3768 * calls out, it doesn't require the called party to authenticate itself). 3769 * 3770 * Our state machine for the local authentication protocol (we are requesting 3771 * the peer to authenticate) looks like: 3772 * 3773 * RCA- 3774 * +--------------------------------------------+ 3775 * V scn,tld| 3776 * +--------+ Close +---------+ RCA+ 3777 * | |<----------------------------------| |------+ 3778 * +--->| Closed | TO* | Opened | sca | 3779 * | | |-----+ +-------| |<-----+ 3780 * | +--------+ irc | | +---------+ 3781 * | ^ | | ^ 3782 * | | | | | 3783 * | | | | | 3784 * | TO-| | | | 3785 * | |tld TO+ V | | 3786 * | | +------->+ | | 3787 * | | | | | | 3788 * | +--------+ V | | 3789 * | | |<----+<--------------------+ | 3790 * | | Req- | scr | 3791 * | | Sent | | 3792 * | | | | 3793 * | +--------+ | 3794 * | RCA- | | RCA+ | 3795 * +------+ +------------------------------------------+ 3796 * scn,tld sca,irc,ict,tlu 3797 * 3798 * 3799 * with: 3800 * 3801 * Open: LCP reached authentication phase 3802 * Close: LCP reached terminate phase 3803 * 3804 * RCA+: received reply (pap-req, chap-response), acceptable 3805 * RCN: received reply (pap-req, chap-response), not acceptable 3806 * TO+: timeout with restart counter >= 0 3807 * TO-: timeout with restart counter < 0 3808 * TO*: reschedule timeout for CHAP 3809 * 3810 * scr: send request packet (none for PAP, chap-challenge) 3811 * sca: send ack packet (pap-ack, chap-success) 3812 * scn: send nak packet (pap-nak, chap-failure) 3813 * ict: initialize re-challenge timer (CHAP only) 3814 * 3815 * tlu: this-layer-up, LCP reaches network phase 3816 * tld: this-layer-down, LCP enters terminate phase 3817 * 3818 * Note that in CHAP mode, after sending a new challenge, while the state 3819 * automaton falls back into Req-Sent state, it doesn't signal a tld 3820 * event to LCP, so LCP remains in network phase. Only after not getting 3821 * any response (or after getting an unacceptable response), CHAP closes, 3822 * causing LCP to enter terminate phase. 3823 * 3824 * With PAP, there is no initial request that can be sent. The peer is 3825 * expected to send one based on the successful negotiation of PAP as 3826 * the authentication protocol during the LCP option negotiation. 3827 * 3828 * Incoming authentication protocol requests (remote requests 3829 * authentication, we are peer) don't employ a state machine at all, 3830 * they are simply answered. Some peers [Ascend P50 firmware rev 3831 * 4.50] react allergically when sending IPCP requests while they are 3832 * still in authentication phase (thereby violating the standard that 3833 * demands that these NCP packets are to be discarded), so we keep 3834 * track of the peer demanding us to authenticate, and only proceed to 3835 * phase network once we've seen a positive acknowledge for the 3836 * authentication. 3837 */ 3838 3839/* 3840 * Handle incoming CHAP packets. 3841 */ 3842static void 3843sppp_chap_input(struct sppp *sp, struct mbuf *m) 3844{ 3845 STDDCL; 3846 struct lcp_header *h; 3847 int len, x; 3848 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3849 int value_len, name_len; 3850 MD5_CTX ctx; 3851 3852 len = m->m_pkthdr.len; 3853 if (len < 4) { 3854 if (debug) 3855 log(LOG_DEBUG, 3856 SPP_FMT "chap invalid packet length: %d bytes\n", 3857 SPP_ARGS(ifp), len); 3858 return; 3859 } 3860 h = mtod (m, struct lcp_header*); 3861 if (len > ntohs (h->len)) 3862 len = ntohs (h->len); 3863 3864 switch (h->type) { 3865 /* challenge, failure and success are his authproto */ 3866 case CHAP_CHALLENGE: 3867 value = 1 + (u_char*)(h+1); 3868 value_len = value[-1]; 3869 name = value + value_len; 3870 name_len = len - value_len - 5; 3871 if (name_len < 0) { 3872 if (debug) { 3873 log(LOG_DEBUG, 3874 SPP_FMT "chap corrupted challenge " 3875 "<%s id=0x%x len=%d", 3876 SPP_ARGS(ifp), 3877 sppp_auth_type_name(PPP_CHAP, h->type), 3878 h->ident, ntohs(h->len)); 3879 sppp_print_bytes((u_char*) (h+1), len-4); 3880 log(-1, ">\n"); 3881 } 3882 break; 3883 } 3884 3885 if (debug) { 3886 log(LOG_DEBUG, 3887 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3888 SPP_ARGS(ifp), 3889 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3890 ntohs(h->len)); 3891 sppp_print_string((char*) name, name_len); 3892 log(-1, " value-size=%d value=", value_len); 3893 sppp_print_bytes(value, value_len); 3894 log(-1, ">\n"); 3895 } 3896 3897 /* Compute reply value. */ 3898 MD5Init(&ctx); 3899 MD5Update(&ctx, &h->ident, 1); 3900 MD5Update(&ctx, sp->myauth.secret, 3901 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3902 MD5Update(&ctx, value, value_len); 3903 MD5Final(digest, &ctx); 3904 dsize = sizeof digest; 3905 3906 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3907 sizeof dsize, (const char *)&dsize, 3908 sizeof digest, digest, 3909 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3910 sp->myauth.name, 3911 0); 3912 break; 3913 3914 case CHAP_SUCCESS: 3915 if (debug) { 3916 log(LOG_DEBUG, SPP_FMT "chap success", 3917 SPP_ARGS(ifp)); 3918 if (len > 4) { 3919 log(-1, ": "); 3920 sppp_print_string((char*)(h + 1), len - 4); 3921 } 3922 log(-1, "\n"); 3923 } 3924 x = splimp(); 3925 sp->pp_flags &= ~PP_NEEDAUTH; 3926 if (sp->myauth.proto == PPP_CHAP && 3927 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3928 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3929 /* 3930 * We are authenticator for CHAP but didn't 3931 * complete yet. Leave it to tlu to proceed 3932 * to network phase. 3933 */ 3934 splx(x); 3935 break; 3936 } 3937 splx(x); 3938 sppp_phase_network(sp); 3939 break; 3940 3941 case CHAP_FAILURE: 3942 if (debug) { 3943 log(LOG_INFO, SPP_FMT "chap failure", 3944 SPP_ARGS(ifp)); 3945 if (len > 4) { 3946 log(-1, ": "); 3947 sppp_print_string((char*)(h + 1), len - 4); 3948 } 3949 log(-1, "\n"); 3950 } else 3951 log(LOG_INFO, SPP_FMT "chap failure\n", 3952 SPP_ARGS(ifp)); 3953 /* await LCP shutdown by authenticator */ 3954 break; 3955 3956 /* response is my authproto */ 3957 case CHAP_RESPONSE: 3958 value = 1 + (u_char*)(h+1); 3959 value_len = value[-1]; 3960 name = value + value_len; 3961 name_len = len - value_len - 5; 3962 if (name_len < 0) { 3963 if (debug) { 3964 log(LOG_DEBUG, 3965 SPP_FMT "chap corrupted response " 3966 "<%s id=0x%x len=%d", 3967 SPP_ARGS(ifp), 3968 sppp_auth_type_name(PPP_CHAP, h->type), 3969 h->ident, ntohs(h->len)); 3970 sppp_print_bytes((u_char*)(h+1), len-4); 3971 log(-1, ">\n"); 3972 } 3973 break; 3974 } 3975 if (h->ident != sp->confid[IDX_CHAP]) { 3976 if (debug) 3977 log(LOG_DEBUG, 3978 SPP_FMT "chap dropping response for old ID " 3979 "(got %d, expected %d)\n", 3980 SPP_ARGS(ifp), 3981 h->ident, sp->confid[IDX_CHAP]); 3982 break; 3983 } 3984 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 3985 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3986 log(LOG_INFO, SPP_FMT "chap response, his name ", 3987 SPP_ARGS(ifp)); 3988 sppp_print_string(name, name_len); 3989 log(-1, " != expected "); 3990 sppp_print_string(sp->hisauth.name, 3991 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 3992 log(-1, "\n"); 3993 } 3994 if (debug) { 3995 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3996 "<%s id=0x%x len=%d name=", 3997 SPP_ARGS(ifp), 3998 sppp_state_name(sp->state[IDX_CHAP]), 3999 sppp_auth_type_name(PPP_CHAP, h->type), 4000 h->ident, ntohs (h->len)); 4001 sppp_print_string((char*)name, name_len); 4002 log(-1, " value-size=%d value=", value_len); 4003 sppp_print_bytes(value, value_len); 4004 log(-1, ">\n"); 4005 } 4006 if (value_len != AUTHKEYLEN) { 4007 if (debug) 4008 log(LOG_DEBUG, 4009 SPP_FMT "chap bad hash value length: " 4010 "%d bytes, should be %d\n", 4011 SPP_ARGS(ifp), value_len, 4012 AUTHKEYLEN); 4013 break; 4014 } 4015 4016 MD5Init(&ctx); 4017 MD5Update(&ctx, &h->ident, 1); 4018 MD5Update(&ctx, sp->hisauth.secret, 4019 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 4020 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 4021 MD5Final(digest, &ctx); 4022 4023#define FAILMSG "Failed..." 4024#define SUCCMSG "Welcome!" 4025 4026 if (value_len != sizeof digest || 4027 bcmp(digest, value, value_len) != 0) { 4028 /* action scn, tld */ 4029 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4030 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4031 0); 4032 chap.tld(sp); 4033 break; 4034 } 4035 /* action sca, perhaps tlu */ 4036 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4037 sp->state[IDX_CHAP] == STATE_OPENED) 4038 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4039 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4040 0); 4041 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4042 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4043 chap.tlu(sp); 4044 } 4045 break; 4046 4047 default: 4048 /* Unknown CHAP packet type -- ignore. */ 4049 if (debug) { 4050 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4051 "<0x%x id=0x%xh len=%d", 4052 SPP_ARGS(ifp), 4053 sppp_state_name(sp->state[IDX_CHAP]), 4054 h->type, h->ident, ntohs(h->len)); 4055 sppp_print_bytes((u_char*)(h+1), len-4); 4056 log(-1, ">\n"); 4057 } 4058 break; 4059 4060 } 4061} 4062 4063static void 4064sppp_chap_init(struct sppp *sp) 4065{ 4066 /* Chap doesn't have STATE_INITIAL at all. */ 4067 sp->state[IDX_CHAP] = STATE_CLOSED; 4068 sp->fail_counter[IDX_CHAP] = 0; 4069 sp->pp_seq[IDX_CHAP] = 0; 4070 sp->pp_rseq[IDX_CHAP] = 0; 4071#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4072 callout_handle_init(&sp->ch[IDX_CHAP]); 4073#endif 4074} 4075 4076static void 4077sppp_chap_open(struct sppp *sp) 4078{ 4079 if (sp->myauth.proto == PPP_CHAP && 4080 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4081 /* we are authenticator for CHAP, start it */ 4082 chap.scr(sp); 4083 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4084 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4085 } 4086 /* nothing to be done if we are peer, await a challenge */ 4087} 4088 4089static void 4090sppp_chap_close(struct sppp *sp) 4091{ 4092 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4093 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4094} 4095 4096static void 4097sppp_chap_TO(void *cookie) 4098{ 4099 struct sppp *sp = (struct sppp *)cookie; 4100 STDDCL; 4101 int s; 4102 4103 s = splimp(); 4104 if (debug) 4105 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4106 SPP_ARGS(ifp), 4107 sppp_state_name(sp->state[IDX_CHAP]), 4108 sp->rst_counter[IDX_CHAP]); 4109 4110 if (--sp->rst_counter[IDX_CHAP] < 0) 4111 /* TO- event */ 4112 switch (sp->state[IDX_CHAP]) { 4113 case STATE_REQ_SENT: 4114 chap.tld(sp); 4115 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4116 break; 4117 } 4118 else 4119 /* TO+ (or TO*) event */ 4120 switch (sp->state[IDX_CHAP]) { 4121 case STATE_OPENED: 4122 /* TO* event */ 4123 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4124 /* FALLTHROUGH */ 4125 case STATE_REQ_SENT: 4126 chap.scr(sp); 4127 /* sppp_cp_change_state() will restart the timer */ 4128 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4129 break; 4130 } 4131 4132 splx(s); 4133} 4134 4135static void 4136sppp_chap_tlu(struct sppp *sp) 4137{ 4138 STDDCL; 4139 int i, x; 4140 4141 i = 0; 4142 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4143 4144 /* 4145 * Some broken CHAP implementations (Conware CoNet, firmware 4146 * 4.0.?) don't want to re-authenticate their CHAP once the 4147 * initial challenge-response exchange has taken place. 4148 * Provide for an option to avoid rechallenges. 4149 */ 4150 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4151 /* 4152 * Compute the re-challenge timeout. This will yield 4153 * a number between 300 and 810 seconds. 4154 */ 4155 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4156 TIMEOUT(chap.TO, (void *)sp, i * hz, sp->ch[IDX_CHAP]); 4157 } 4158 4159 if (debug) { 4160 log(LOG_DEBUG, 4161 SPP_FMT "chap %s, ", 4162 SPP_ARGS(ifp), 4163 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4164 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4165 log(-1, "next re-challenge in %d seconds\n", i); 4166 else 4167 log(-1, "re-challenging supressed\n"); 4168 } 4169 4170 x = splimp(); 4171 /* indicate to LCP that we need to be closed down */ 4172 sp->lcp.protos |= (1 << IDX_CHAP); 4173 4174 if (sp->pp_flags & PP_NEEDAUTH) { 4175 /* 4176 * Remote is authenticator, but his auth proto didn't 4177 * complete yet. Defer the transition to network 4178 * phase. 4179 */ 4180 splx(x); 4181 return; 4182 } 4183 splx(x); 4184 4185 /* 4186 * If we are already in phase network, we are done here. This 4187 * is the case if this is a dummy tlu event after a re-challenge. 4188 */ 4189 if (sp->pp_phase != PHASE_NETWORK) 4190 sppp_phase_network(sp); 4191} 4192 4193static void 4194sppp_chap_tld(struct sppp *sp) 4195{ 4196 STDDCL; 4197 4198 if (debug) 4199 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4200 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 4201 sp->lcp.protos &= ~(1 << IDX_CHAP); 4202 4203 lcp.Close(sp); 4204} 4205 4206static void 4207sppp_chap_scr(struct sppp *sp) 4208{ 4209 u_long *ch, seed; 4210 u_char clen; 4211 4212 /* Compute random challenge. */ 4213 ch = (u_long *)sp->myauth.challenge; 4214#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4215 read_random(&seed, sizeof seed); 4216#else 4217 { 4218 struct timeval tv; 4219 microtime(&tv); 4220 seed = tv.tv_sec ^ tv.tv_usec; 4221 } 4222#endif 4223 ch[0] = seed ^ random(); 4224 ch[1] = seed ^ random(); 4225 ch[2] = seed ^ random(); 4226 ch[3] = seed ^ random(); 4227 clen = AUTHKEYLEN; 4228 4229 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4230 4231 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4232 sizeof clen, (const char *)&clen, 4233 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4234 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4235 sp->myauth.name, 4236 0); 4237} 4238 4239/* 4240 *--------------------------------------------------------------------------* 4241 * * 4242 * The PAP implementation. * 4243 * * 4244 *--------------------------------------------------------------------------* 4245 */ 4246/* 4247 * For PAP, we need to keep a little state also if we are the peer, not the 4248 * authenticator. This is since we don't get a request to authenticate, but 4249 * have to repeatedly authenticate ourself until we got a response (or the 4250 * retry counter is expired). 4251 */ 4252 4253/* 4254 * Handle incoming PAP packets. */ 4255static void 4256sppp_pap_input(struct sppp *sp, struct mbuf *m) 4257{ 4258 STDDCL; 4259 struct lcp_header *h; 4260 int len, x; 4261 u_char *name, *passwd, mlen; 4262 int name_len, passwd_len; 4263 4264 len = m->m_pkthdr.len; 4265 if (len < 5) { 4266 if (debug) 4267 log(LOG_DEBUG, 4268 SPP_FMT "pap invalid packet length: %d bytes\n", 4269 SPP_ARGS(ifp), len); 4270 return; 4271 } 4272 h = mtod (m, struct lcp_header*); 4273 if (len > ntohs (h->len)) 4274 len = ntohs (h->len); 4275 switch (h->type) { 4276 /* PAP request is my authproto */ 4277 case PAP_REQ: 4278 name = 1 + (u_char*)(h+1); 4279 name_len = name[-1]; 4280 passwd = name + name_len + 1; 4281 if (name_len > len - 6 || 4282 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4283 if (debug) { 4284 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4285 "<%s id=0x%x len=%d", 4286 SPP_ARGS(ifp), 4287 sppp_auth_type_name(PPP_PAP, h->type), 4288 h->ident, ntohs(h->len)); 4289 sppp_print_bytes((u_char*)(h+1), len-4); 4290 log(-1, ">\n"); 4291 } 4292 break; 4293 } 4294 if (debug) { 4295 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4296 "<%s id=0x%x len=%d name=", 4297 SPP_ARGS(ifp), 4298 sppp_state_name(sp->state[IDX_PAP]), 4299 sppp_auth_type_name(PPP_PAP, h->type), 4300 h->ident, ntohs(h->len)); 4301 sppp_print_string((char*)name, name_len); 4302 log(-1, " passwd="); 4303 sppp_print_string((char*)passwd, passwd_len); 4304 log(-1, ">\n"); 4305 } 4306 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4307 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4308 bcmp(name, sp->hisauth.name, name_len) != 0 || 4309 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4310 /* action scn, tld */ 4311 mlen = sizeof(FAILMSG) - 1; 4312 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4313 sizeof mlen, (const char *)&mlen, 4314 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4315 0); 4316 pap.tld(sp); 4317 break; 4318 } 4319 /* action sca, perhaps tlu */ 4320 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4321 sp->state[IDX_PAP] == STATE_OPENED) { 4322 mlen = sizeof(SUCCMSG) - 1; 4323 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4324 sizeof mlen, (const char *)&mlen, 4325 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4326 0); 4327 } 4328 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4329 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4330 pap.tlu(sp); 4331 } 4332 break; 4333 4334 /* ack and nak are his authproto */ 4335 case PAP_ACK: 4336 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4337 if (debug) { 4338 log(LOG_DEBUG, SPP_FMT "pap success", 4339 SPP_ARGS(ifp)); 4340 name_len = *((char *)h); 4341 if (len > 5 && name_len) { 4342 log(-1, ": "); 4343 sppp_print_string((char*)(h+1), name_len); 4344 } 4345 log(-1, "\n"); 4346 } 4347 x = splimp(); 4348 sp->pp_flags &= ~PP_NEEDAUTH; 4349 if (sp->myauth.proto == PPP_PAP && 4350 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4351 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4352 /* 4353 * We are authenticator for PAP but didn't 4354 * complete yet. Leave it to tlu to proceed 4355 * to network phase. 4356 */ 4357 splx(x); 4358 break; 4359 } 4360 splx(x); 4361 sppp_phase_network(sp); 4362 break; 4363 4364 case PAP_NAK: 4365 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4366 if (debug) { 4367 log(LOG_INFO, SPP_FMT "pap failure", 4368 SPP_ARGS(ifp)); 4369 name_len = *((char *)h); 4370 if (len > 5 && name_len) { 4371 log(-1, ": "); 4372 sppp_print_string((char*)(h+1), name_len); 4373 } 4374 log(-1, "\n"); 4375 } else 4376 log(LOG_INFO, SPP_FMT "pap failure\n", 4377 SPP_ARGS(ifp)); 4378 /* await LCP shutdown by authenticator */ 4379 break; 4380 4381 default: 4382 /* Unknown PAP packet type -- ignore. */ 4383 if (debug) { 4384 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4385 "<0x%x id=0x%x len=%d", 4386 SPP_ARGS(ifp), 4387 h->type, h->ident, ntohs(h->len)); 4388 sppp_print_bytes((u_char*)(h+1), len-4); 4389 log(-1, ">\n"); 4390 } 4391 break; 4392 4393 } 4394} 4395 4396static void 4397sppp_pap_init(struct sppp *sp) 4398{ 4399 /* PAP doesn't have STATE_INITIAL at all. */ 4400 sp->state[IDX_PAP] = STATE_CLOSED; 4401 sp->fail_counter[IDX_PAP] = 0; 4402 sp->pp_seq[IDX_PAP] = 0; 4403 sp->pp_rseq[IDX_PAP] = 0; 4404#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4405 callout_handle_init(&sp->ch[IDX_PAP]); 4406 callout_handle_init(&sp->pap_my_to_ch); 4407#endif 4408} 4409 4410static void 4411sppp_pap_open(struct sppp *sp) 4412{ 4413 if (sp->hisauth.proto == PPP_PAP && 4414 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4415 /* we are authenticator for PAP, start our timer */ 4416 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4417 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4418 } 4419 if (sp->myauth.proto == PPP_PAP) { 4420 /* we are peer, send a request, and start a timer */ 4421 pap.scr(sp); 4422 TIMEOUT(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout, 4423 sp->pap_my_to_ch); 4424 } 4425} 4426 4427static void 4428sppp_pap_close(struct sppp *sp) 4429{ 4430 if (sp->state[IDX_PAP] != STATE_CLOSED) 4431 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4432} 4433 4434/* 4435 * That's the timeout routine if we are authenticator. Since the 4436 * authenticator is basically passive in PAP, we can't do much here. 4437 */ 4438static void 4439sppp_pap_TO(void *cookie) 4440{ 4441 struct sppp *sp = (struct sppp *)cookie; 4442 STDDCL; 4443 int s; 4444 4445 s = splimp(); 4446 if (debug) 4447 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4448 SPP_ARGS(ifp), 4449 sppp_state_name(sp->state[IDX_PAP]), 4450 sp->rst_counter[IDX_PAP]); 4451 4452 if (--sp->rst_counter[IDX_PAP] < 0) 4453 /* TO- event */ 4454 switch (sp->state[IDX_PAP]) { 4455 case STATE_REQ_SENT: 4456 pap.tld(sp); 4457 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4458 break; 4459 } 4460 else 4461 /* TO+ event, not very much we could do */ 4462 switch (sp->state[IDX_PAP]) { 4463 case STATE_REQ_SENT: 4464 /* sppp_cp_change_state() will restart the timer */ 4465 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4466 break; 4467 } 4468 4469 splx(s); 4470} 4471 4472/* 4473 * That's the timeout handler if we are peer. Since the peer is active, 4474 * we need to retransmit our PAP request since it is apparently lost. 4475 * XXX We should impose a max counter. 4476 */ 4477static void 4478sppp_pap_my_TO(void *cookie) 4479{ 4480 struct sppp *sp = (struct sppp *)cookie; 4481 STDDCL; 4482 4483 if (debug) 4484 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4485 SPP_ARGS(ifp)); 4486 4487 pap.scr(sp); 4488} 4489 4490static void 4491sppp_pap_tlu(struct sppp *sp) 4492{ 4493 STDDCL; 4494 int x; 4495 4496 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4497 4498 if (debug) 4499 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4500 SPP_ARGS(ifp), pap.name); 4501 4502 x = splimp(); 4503 /* indicate to LCP that we need to be closed down */ 4504 sp->lcp.protos |= (1 << IDX_PAP); 4505 4506 if (sp->pp_flags & PP_NEEDAUTH) { 4507 /* 4508 * Remote is authenticator, but his auth proto didn't 4509 * complete yet. Defer the transition to network 4510 * phase. 4511 */ 4512 splx(x); 4513 return; 4514 } 4515 splx(x); 4516 sppp_phase_network(sp); 4517} 4518 4519static void 4520sppp_pap_tld(struct sppp *sp) 4521{ 4522 STDDCL; 4523 4524 if (debug) 4525 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4526 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 4527 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4528 sp->lcp.protos &= ~(1 << IDX_PAP); 4529 4530 lcp.Close(sp); 4531} 4532 4533static void 4534sppp_pap_scr(struct sppp *sp) 4535{ 4536 u_char idlen, pwdlen; 4537 4538 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4539 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4540 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4541 4542 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4543 sizeof idlen, (const char *)&idlen, 4544 (size_t)idlen, sp->myauth.name, 4545 sizeof pwdlen, (const char *)&pwdlen, 4546 (size_t)pwdlen, sp->myauth.secret, 4547 0); 4548} 4549 4550/* 4551 * Random miscellaneous functions. 4552 */ 4553 4554/* 4555 * Send a PAP or CHAP proto packet. 4556 * 4557 * Varadic function, each of the elements for the ellipsis is of type 4558 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4559 * mlen == 0. 4560 * NOTE: never declare variadic functions with types subject to type 4561 * promotion (i.e. u_char). This is asking for big trouble depending 4562 * on the architecture you are on... 4563 */ 4564 4565static void 4566sppp_auth_send(const struct cp *cp, struct sppp *sp, 4567 unsigned int type, unsigned int id, 4568 ...) 4569{ 4570 STDDCL; 4571 struct ppp_header *h; 4572 struct lcp_header *lh; 4573 struct mbuf *m; 4574 u_char *p; 4575 int len; 4576 unsigned int mlen; 4577 const char *msg; 4578 va_list ap; 4579 4580 MGETHDR (m, M_DONTWAIT, MT_DATA); 4581 if (! m) 4582 return; 4583 m->m_pkthdr.rcvif = 0; 4584 4585 h = mtod (m, struct ppp_header*); 4586 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4587 h->control = PPP_UI; /* Unnumbered Info */ 4588 h->protocol = htons(cp->proto); 4589 4590 lh = (struct lcp_header*)(h + 1); 4591 lh->type = type; 4592 lh->ident = id; 4593 p = (u_char*) (lh+1); 4594 4595 va_start(ap, id); 4596 len = 0; 4597 4598 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4599 msg = va_arg(ap, const char *); 4600 len += mlen; 4601 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4602 va_end(ap); 4603 m_freem(m); 4604 return; 4605 } 4606 4607 bcopy(msg, p, mlen); 4608 p += mlen; 4609 } 4610 va_end(ap); 4611 4612 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4613 lh->len = htons (LCP_HEADER_LEN + len); 4614 4615 if (debug) { 4616 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4617 SPP_ARGS(ifp), cp->name, 4618 sppp_auth_type_name(cp->proto, lh->type), 4619 lh->ident, ntohs(lh->len)); 4620 sppp_print_bytes((u_char*) (lh+1), len); 4621 log(-1, ">\n"); 4622 } 4623 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 4624 ifp->if_oerrors++; 4625} 4626 4627/* 4628 * Flush interface queue. 4629 */ 4630static void 4631sppp_qflush(struct ifqueue *ifq) 4632{ 4633 struct mbuf *m, *n; 4634 4635 n = ifq->ifq_head; 4636 while ((m = n)) { 4637 n = m->m_act; 4638 m_freem (m); 4639 } 4640 ifq->ifq_head = 0; 4641 ifq->ifq_tail = 0; 4642 ifq->ifq_len = 0; 4643} 4644 4645/* 4646 * Send keepalive packets, every 10 seconds. 4647 */ 4648static void 4649sppp_keepalive(void *dummy) 4650{ 4651 struct sppp *sp; 4652 int s; 4653 4654 s = splimp(); 4655 for (sp=spppq; sp; sp=sp->pp_next) { 4656 struct ifnet *ifp = &sp->pp_if; 4657 4658 /* Keepalive mode disabled or channel down? */ 4659 if (! (sp->pp_flags & PP_KEEPALIVE) || 4660 ! (ifp->if_flags & IFF_RUNNING)) 4661 continue; 4662 4663 /* No keepalive in PPP mode if LCP not opened yet. */ 4664 if (sp->pp_mode != IFF_CISCO && 4665 sp->pp_phase < PHASE_AUTHENTICATE) 4666 continue; 4667 4668 if (sp->pp_alivecnt == MAXALIVECNT) { 4669 /* No keepalive packets got. Stop the interface. */ 4670 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4671 if_down (ifp); 4672 sppp_qflush (&sp->pp_cpq); 4673 if (sp->pp_mode != IFF_CISCO) { 4674 /* XXX */ 4675 /* Shut down the PPP link. */ 4676 lcp.Down(sp); 4677 /* Initiate negotiation. XXX */ 4678 lcp.Up(sp); 4679 } 4680 } 4681 if (sp->pp_alivecnt <= MAXALIVECNT) 4682 ++sp->pp_alivecnt; 4683 if (sp->pp_mode == IFF_CISCO) 4684 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4685 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4686 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4687 long nmagic = htonl (sp->lcp.magic); 4688 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4689 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4690 sp->lcp.echoid, 4, &nmagic); 4691 } 4692 } 4693 splx(s); 4694 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 4695} 4696 4697/* 4698 * Get both IP addresses. 4699 */ 4700static void 4701sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4702{ 4703 struct ifnet *ifp = &sp->pp_if; 4704 struct ifaddr *ifa; 4705 struct sockaddr_in *si, *sm; 4706 u_long ssrc, ddst; 4707 4708 sm = NULL; 4709 ssrc = ddst = 0L; 4710 /* 4711 * Pick the first AF_INET address from the list, 4712 * aliases don't make any sense on a p2p link anyway. 4713 */ 4714 si = 0; 4715#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4716 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4717#elif defined(__NetBSD__) || defined (__OpenBSD__) 4718 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4719 ifa; 4720 ifa = TAILQ_NEXT(ifa, ifa_list)) 4721#else 4722 for (ifa = ifp->if_addrlist; 4723 ifa; 4724 ifa = ifa->ifa_next) 4725#endif 4726 if (ifa->ifa_addr->sa_family == AF_INET) { 4727 si = (struct sockaddr_in *)ifa->ifa_addr; 4728 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4729 if (si) 4730 break; 4731 } 4732 if (ifa) { 4733 if (si && si->sin_addr.s_addr) { 4734 ssrc = si->sin_addr.s_addr; 4735 if (srcmask) 4736 *srcmask = ntohl(sm->sin_addr.s_addr); 4737 } 4738 4739 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4740 if (si && si->sin_addr.s_addr) 4741 ddst = si->sin_addr.s_addr; 4742 } 4743 4744 if (dst) *dst = ntohl(ddst); 4745 if (src) *src = ntohl(ssrc); 4746} 4747 4748/* 4749 * Set my IP address. Must be called at splimp. 4750 */ 4751static void 4752sppp_set_ip_addr(struct sppp *sp, u_long src) 4753{ 4754 STDDCL; 4755 struct ifaddr *ifa; 4756 struct sockaddr_in *si; 4757 struct in_ifaddr *ia; 4758 4759 /* 4760 * Pick the first AF_INET address from the list, 4761 * aliases don't make any sense on a p2p link anyway. 4762 */ 4763 si = 0; 4764#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4765 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4766#elif defined(__NetBSD__) || defined (__OpenBSD__) 4767 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4768 ifa; 4769 ifa = TAILQ_NEXT(ifa, ifa_list)) 4770#else 4771 for (ifa = ifp->if_addrlist; 4772 ifa; 4773 ifa = ifa->ifa_next) 4774#endif 4775 { 4776 if (ifa->ifa_addr->sa_family == AF_INET) 4777 { 4778 si = (struct sockaddr_in *)ifa->ifa_addr; 4779 if (si) 4780 break; 4781 } 4782 } 4783 4784 if (ifa && si) 4785 { 4786 int error; 4787#if __NetBSD_Version__ >= 103080000 4788 struct sockaddr_in new_sin = *si; 4789 4790 new_sin.sin_addr.s_addr = htonl(src); 4791 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4792 if(debug && error) 4793 { 4794 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4795 " failed, error=%d\n", SPP_ARGS(ifp), error); 4796 } 4797#else 4798 /* delete old route */ 4799 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4800 if(debug && error) 4801 { 4802 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4803 SPP_ARGS(ifp), error); 4804 } 4805 4806 /* set new address */ 4807 si->sin_addr.s_addr = htonl(src); 4808 ia = ifatoia(ifa); 4809 LIST_REMOVE(ia, ia_hash); 4810 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4811 4812 /* add new route */ 4813 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4814 if (debug && error) 4815 { 4816 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4817 SPP_ARGS(ifp), error); 4818 } 4819#endif 4820 } 4821} 4822 4823#ifdef INET6 4824/* 4825 * Get both IPv6 addresses. 4826 */ 4827static void 4828sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4829 struct in6_addr *srcmask) 4830{ 4831 struct ifnet *ifp = &sp->pp_if; 4832 struct ifaddr *ifa; 4833 struct sockaddr_in6 *si, *sm; 4834 struct in6_addr ssrc, ddst; 4835 4836 sm = NULL; 4837 bzero(&ssrc, sizeof(ssrc)); 4838 bzero(&ddst, sizeof(ddst)); 4839 /* 4840 * Pick the first link-local AF_INET6 address from the list, 4841 * aliases don't make any sense on a p2p link anyway. 4842 */ 4843#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4844 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 4845 ifa; 4846 ifa = ifa->ifa_link.tqe_next) 4847#elif defined(__NetBSD__) || defined (__OpenBSD__) 4848 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 4849 ifa; 4850 ifa = ifa->ifa_list.tqe_next) 4851#else 4852 for (ifa = ifp->if_addrlist, si = 0; 4853 ifa; 4854 ifa = ifa->ifa_next) 4855#endif 4856 if (ifa->ifa_addr->sa_family == AF_INET6) { 4857 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4858 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4859 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4860 break; 4861 } 4862 if (ifa) { 4863 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4864 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4865 if (srcmask) { 4866 bcopy(&sm->sin6_addr, srcmask, 4867 sizeof(*srcmask)); 4868 } 4869 } 4870 4871 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4872 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4873 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4874 } 4875 4876 if (dst) 4877 bcopy(&ddst, dst, sizeof(*dst)); 4878 if (src) 4879 bcopy(&ssrc, src, sizeof(*src)); 4880} 4881 4882#ifdef IPV6CP_MYIFID_DYN 4883/* 4884 * Generate random ifid. 4885 */ 4886static void 4887sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4888{ 4889 /* TBD */ 4890} 4891 4892/* 4893 * Set my IPv6 address. Must be called at splimp. 4894 */ 4895static void 4896sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4897{ 4898 STDDCL; 4899 struct ifaddr *ifa; 4900 struct sockaddr_in6 *sin6; 4901 4902 /* 4903 * Pick the first link-local AF_INET6 address from the list, 4904 * aliases don't make any sense on a p2p link anyway. 4905 */ 4906 4907 sin6 = NULL; 4908#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4909 for (ifa = ifp->if_addrhead.tqh_first; 4910 ifa; 4911 ifa = ifa->ifa_link.tqe_next) 4912#elif defined(__NetBSD__) || defined (__OpenBSD__) 4913 for (ifa = ifp->if_addrlist.tqh_first; 4914 ifa; 4915 ifa = ifa->ifa_list.tqe_next) 4916#else 4917 for (ifa = ifp->if_addrlist; ifa; ifa = ifa->ifa_next) 4918#endif 4919 { 4920 if (ifa->ifa_addr->sa_family == AF_INET6) 4921 { 4922 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 4923 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 4924 break; 4925 } 4926 } 4927 4928 if (ifa && sin6) 4929 { 4930 int error; 4931 struct sockaddr_in6 new_sin6 = *sin6; 4932 4933 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 4934 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 4935 if (debug && error) 4936 { 4937 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 4938 " failed, error=%d\n", SPP_ARGS(ifp), error); 4939 } 4940 } 4941} 4942#endif 4943 4944/* 4945 * Suggest a candidate address to be used by peer. 4946 */ 4947static void 4948sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4949{ 4950 struct in6_addr myaddr; 4951 struct timeval tv; 4952 4953 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4954 4955 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4956 microtime(&tv); 4957 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 4958 myaddr.s6_addr[14] ^= 0xff; 4959 myaddr.s6_addr[15] ^= 0xff; 4960 } else { 4961 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 4962 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 4963 } 4964 if (suggest) 4965 bcopy(&myaddr, suggest, sizeof(myaddr)); 4966} 4967#endif /*INET6*/ 4968 4969static int 4970sppp_params(struct sppp *sp, u_long cmd, void *data) 4971{ 4972 u_long subcmd; 4973 struct ifreq *ifr = (struct ifreq *)data; 4974 struct spppreq *spr; 4975 int rv = 0; 4976 4977 if ((spr = malloc(sizeof(struct spppreq), M_TEMP, M_NOWAIT)) == 0) 4978 return (EAGAIN); 4979 /* 4980 * ifr->ifr_data is supposed to point to a struct spppreq. 4981 * Check the cmd word first before attempting to fetch all the 4982 * data. 4983 */ 4984 if ((subcmd = fuword(ifr->ifr_data)) == -1) { 4985 rv = EFAULT; 4986 goto quit; 4987 } 4988 4989 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(struct spppreq)) != 0) { 4990 rv = EFAULT; 4991 goto quit; 4992 } 4993 4994 switch (subcmd) { 4995 case (int)SPPPIOGDEFS: 4996 if (cmd != SIOCGIFGENERIC) { 4997 rv = EINVAL; 4998 break; 4999 } 5000 /* 5001 * We copy over the entire current state, but clean 5002 * out some of the stuff we don't wanna pass up. 5003 * Remember, SIOCGIFGENERIC is unprotected, and can be 5004 * called by any user. No need to ever get PAP or 5005 * CHAP secrets back to userland anyway. 5006 */ 5007 spr->defs.pp_phase = sp->pp_phase; 5008 spr->defs.enable_vj = (sp->confflags & CONF_ENABLE_VJ) != 0; 5009 spr->defs.enable_ipv6 = (sp->confflags & CONF_ENABLE_IPV6) != 0; 5010 spr->defs.lcp = sp->lcp; 5011 spr->defs.ipcp = sp->ipcp; 5012 spr->defs.ipv6cp = sp->ipv6cp; 5013 spr->defs.myauth = sp->myauth; 5014 spr->defs.hisauth = sp->hisauth; 5015 bzero(spr->defs.myauth.secret, AUTHKEYLEN); 5016 bzero(spr->defs.myauth.challenge, AUTHKEYLEN); 5017 bzero(spr->defs.hisauth.secret, AUTHKEYLEN); 5018 bzero(spr->defs.hisauth.challenge, AUTHKEYLEN); 5019 /* 5020 * Fixup the LCP timeout value to milliseconds so 5021 * spppcontrol doesn't need to bother about the value 5022 * of "hz". We do the reverse calculation below when 5023 * setting it. 5024 */ 5025 spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz; 5026 rv = copyout(spr, (caddr_t)ifr->ifr_data, 5027 sizeof(struct spppreq)); 5028 break; 5029 5030 case (int)SPPPIOSDEFS: 5031 if (cmd != SIOCSIFGENERIC) { 5032 rv = EINVAL; 5033 break; 5034 } 5035 /* 5036 * We have a very specific idea of which fields we 5037 * allow being passed back from userland, so to not 5038 * clobber our current state. For one, we only allow 5039 * setting anything if LCP is in dead or establish 5040 * phase. Once the authentication negotiations 5041 * started, the authentication settings must not be 5042 * changed again. (The administrator can force an 5043 * ifconfig down in order to get LCP back into dead 5044 * phase.) 5045 * 5046 * Also, we only allow for authentication parameters to be 5047 * specified. 5048 * 5049 * XXX Should allow to set or clear pp_flags. 5050 * 5051 * Finally, if the respective authentication protocol to 5052 * be used is set differently than 0, but the secret is 5053 * passed as all zeros, we don't trash the existing secret. 5054 * This allows an administrator to change the system name 5055 * only without clobbering the secret (which he didn't get 5056 * back in a previous SPPPIOGDEFS call). However, the 5057 * secrets are cleared if the authentication protocol is 5058 * reset to 0. */ 5059 if (sp->pp_phase != PHASE_DEAD && 5060 sp->pp_phase != PHASE_ESTABLISH) { 5061 rv = EBUSY; 5062 break; 5063 } 5064 5065 if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP && 5066 spr->defs.myauth.proto != PPP_CHAP) || 5067 (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP && 5068 spr->defs.hisauth.proto != PPP_CHAP)) { 5069 rv = EINVAL; 5070 break; 5071 } 5072 5073 if (spr->defs.myauth.proto == 0) 5074 /* resetting myauth */ 5075 bzero(&sp->myauth, sizeof sp->myauth); 5076 else { 5077 /* setting/changing myauth */ 5078 sp->myauth.proto = spr->defs.myauth.proto; 5079 bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 5080 if (spr->defs.myauth.secret[0] != '\0') 5081 bcopy(spr->defs.myauth.secret, sp->myauth.secret, 5082 AUTHKEYLEN); 5083 } 5084 if (spr->defs.hisauth.proto == 0) 5085 /* resetting hisauth */ 5086 bzero(&sp->hisauth, sizeof sp->hisauth); 5087 else { 5088 /* setting/changing hisauth */ 5089 sp->hisauth.proto = spr->defs.hisauth.proto; 5090 sp->hisauth.flags = spr->defs.hisauth.flags; 5091 bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5092 if (spr->defs.hisauth.secret[0] != '\0') 5093 bcopy(spr->defs.hisauth.secret, sp->hisauth.secret, 5094 AUTHKEYLEN); 5095 } 5096 /* set LCP restart timer timeout */ 5097 if (spr->defs.lcp.timeout != 0) 5098 sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000; 5099 /* set VJ enable and IPv6 disable flags */ 5100#ifdef INET 5101 if (spr->defs.enable_vj) 5102 sp->confflags |= CONF_ENABLE_VJ; 5103 else 5104 sp->confflags &= ~CONF_ENABLE_VJ; 5105#endif 5106#ifdef INET6 5107 if (spr->defs.enable_ipv6) 5108 sp->confflags |= CONF_ENABLE_IPV6; 5109 else 5110 sp->confflags &= ~CONF_ENABLE_IPV6; 5111#endif 5112 break; 5113 5114 default: 5115 rv = EINVAL; 5116 } 5117 5118 quit: 5119 free(spr, M_TEMP); 5120 5121 return (rv); 5122} 5123 5124static void 5125sppp_phase_network(struct sppp *sp) 5126{ 5127 STDDCL; 5128 int i; 5129 u_long mask; 5130 5131 sp->pp_phase = PHASE_NETWORK; 5132 5133 if (debug) 5134 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5135 sppp_phase_name(sp->pp_phase)); 5136 5137 /* Notify NCPs now. */ 5138 for (i = 0; i < IDX_COUNT; i++) 5139 if ((cps[i])->flags & CP_NCP) 5140 (cps[i])->Open(sp); 5141 5142 /* Send Up events to all NCPs. */ 5143 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5144 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5145 (cps[i])->Up(sp); 5146 5147 /* if no NCP is starting, all this was in vain, close down */ 5148 sppp_lcp_check_and_close(sp); 5149} 5150 5151 5152static const char * 5153sppp_cp_type_name(u_char type) 5154{ 5155 static char buf[12]; 5156 switch (type) { 5157 case CONF_REQ: return "conf-req"; 5158 case CONF_ACK: return "conf-ack"; 5159 case CONF_NAK: return "conf-nak"; 5160 case CONF_REJ: return "conf-rej"; 5161 case TERM_REQ: return "term-req"; 5162 case TERM_ACK: return "term-ack"; 5163 case CODE_REJ: return "code-rej"; 5164 case PROTO_REJ: return "proto-rej"; 5165 case ECHO_REQ: return "echo-req"; 5166 case ECHO_REPLY: return "echo-reply"; 5167 case DISC_REQ: return "discard-req"; 5168 } 5169 snprintf (buf, sizeof(buf), "cp/0x%x", type); 5170 return buf; 5171} 5172 5173static const char * 5174sppp_auth_type_name(u_short proto, u_char type) 5175{ 5176 static char buf[12]; 5177 switch (proto) { 5178 case PPP_CHAP: 5179 switch (type) { 5180 case CHAP_CHALLENGE: return "challenge"; 5181 case CHAP_RESPONSE: return "response"; 5182 case CHAP_SUCCESS: return "success"; 5183 case CHAP_FAILURE: return "failure"; 5184 } 5185 case PPP_PAP: 5186 switch (type) { 5187 case PAP_REQ: return "req"; 5188 case PAP_ACK: return "ack"; 5189 case PAP_NAK: return "nak"; 5190 } 5191 } 5192 snprintf (buf, sizeof(buf), "auth/0x%x", type); 5193 return buf; 5194} 5195 5196static const char * 5197sppp_lcp_opt_name(u_char opt) 5198{ 5199 static char buf[12]; 5200 switch (opt) { 5201 case LCP_OPT_MRU: return "mru"; 5202 case LCP_OPT_ASYNC_MAP: return "async-map"; 5203 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5204 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5205 case LCP_OPT_MAGIC: return "magic"; 5206 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5207 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5208 } 5209 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 5210 return buf; 5211} 5212 5213static const char * 5214sppp_ipcp_opt_name(u_char opt) 5215{ 5216 static char buf[12]; 5217 switch (opt) { 5218 case IPCP_OPT_ADDRESSES: return "addresses"; 5219 case IPCP_OPT_COMPRESSION: return "compression"; 5220 case IPCP_OPT_ADDRESS: return "address"; 5221 } 5222 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 5223 return buf; 5224} 5225 5226#ifdef INET6 5227static const char * 5228sppp_ipv6cp_opt_name(u_char opt) 5229{ 5230 static char buf[12]; 5231 switch (opt) { 5232 case IPV6CP_OPT_IFID: return "ifid"; 5233 case IPV6CP_OPT_COMPRESSION: return "compression"; 5234 } 5235 sprintf (buf, "0x%x", opt); 5236 return buf; 5237} 5238#endif 5239 5240static const char * 5241sppp_state_name(int state) 5242{ 5243 switch (state) { 5244 case STATE_INITIAL: return "initial"; 5245 case STATE_STARTING: return "starting"; 5246 case STATE_CLOSED: return "closed"; 5247 case STATE_STOPPED: return "stopped"; 5248 case STATE_CLOSING: return "closing"; 5249 case STATE_STOPPING: return "stopping"; 5250 case STATE_REQ_SENT: return "req-sent"; 5251 case STATE_ACK_RCVD: return "ack-rcvd"; 5252 case STATE_ACK_SENT: return "ack-sent"; 5253 case STATE_OPENED: return "opened"; 5254 } 5255 return "illegal"; 5256} 5257 5258static const char * 5259sppp_phase_name(enum ppp_phase phase) 5260{ 5261 switch (phase) { 5262 case PHASE_DEAD: return "dead"; 5263 case PHASE_ESTABLISH: return "establish"; 5264 case PHASE_TERMINATE: return "terminate"; 5265 case PHASE_AUTHENTICATE: return "authenticate"; 5266 case PHASE_NETWORK: return "network"; 5267 } 5268 return "illegal"; 5269} 5270 5271static const char * 5272sppp_proto_name(u_short proto) 5273{ 5274 static char buf[12]; 5275 switch (proto) { 5276 case PPP_LCP: return "lcp"; 5277 case PPP_IPCP: return "ipcp"; 5278 case PPP_PAP: return "pap"; 5279 case PPP_CHAP: return "chap"; 5280 case PPP_IPV6CP: return "ipv6cp"; 5281 } 5282 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5283 return buf; 5284} 5285 5286static void 5287sppp_print_bytes(const u_char *p, u_short len) 5288{ 5289 if (len) 5290 log(-1, " %*D", len, p, "-"); 5291} 5292 5293static void 5294sppp_print_string(const char *p, u_short len) 5295{ 5296 u_char c; 5297 5298 while (len-- > 0) { 5299 c = *p++; 5300 /* 5301 * Print only ASCII chars directly. RFC 1994 recommends 5302 * using only them, but we don't rely on it. */ 5303 if (c < ' ' || c > '~') 5304 log(-1, "\\x%x", c); 5305 else 5306 log(-1, "%c", c); 5307 } 5308} 5309 5310static const char * 5311sppp_dotted_quad(u_long addr) 5312{ 5313 static char s[16]; 5314 sprintf(s, "%d.%d.%d.%d", 5315 (int)((addr >> 24) & 0xff), 5316 (int)((addr >> 16) & 0xff), 5317 (int)((addr >> 8) & 0xff), 5318 (int)(addr & 0xff)); 5319 return s; 5320} 5321 5322static int 5323sppp_strnlen(u_char *p, int max) 5324{ 5325 int len; 5326 5327 for (len = 0; len < max && *p; ++p) 5328 ++len; 5329 return len; 5330} 5331 5332/* a dummy, used to drop uninteresting events */ 5333static void 5334sppp_null(struct sppp *unused) 5335{ 5336 /* do just nothing */ 5337} 5338