if_spppsubr.c revision 131093
1120441Sbms/* 2120441Sbms * Synchronous PPP/Cisco link level subroutines. 3120441Sbms * Keepalive protocol implemented in both Cisco and PPP modes. 4120441Sbms * 5120441Sbms * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6120441Sbms * Author: Serge Vakulenko, <vak@cronyx.ru> 7120441Sbms * 8120441Sbms * Heavily revamped to conform to RFC 1661. 9120441Sbms * Copyright (C) 1997, 2001 Joerg Wunsch. 10120441Sbms * 11120441Sbms * This software is distributed with NO WARRANTIES, not even the implied 12120441Sbms * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13120441Sbms * 14120441Sbms * Authors grant any other persons or organisations permission to use 15120441Sbms * or modify this software as long as this message is kept with the software, 16120441Sbms * all derivative works or modified versions. 17120441Sbms * 18120441Sbms * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 19120441Sbms * 20120441Sbms * $FreeBSD: head/sys/net/if_spppsubr.c 131093 2004-06-25 10:25:33Z rik $ 21120441Sbms */ 22120441Sbms 23120441Sbms#include <sys/param.h> 24120441Sbms 25120441Sbms#if defined(__FreeBSD__) && __FreeBSD__ >= 3 26120441Sbms#include "opt_inet.h" 27120441Sbms#include "opt_inet6.h" 28120441Sbms#include "opt_ipx.h" 29120441Sbms#endif 30131681Sru 31120441Sbms#ifdef NetBSD1_3 32120441Sbms# if NetBSD1_3 > 6 33120441Sbms# include "opt_inet.h" 34120441Sbms# include "opt_inet6.h" 35120441Sbms# include "opt_iso.h" 36120441Sbms# endif 37120441Sbms#endif 38120441Sbms 39120441Sbms#include <sys/systm.h> 40120441Sbms#include <sys/kernel.h> 41120441Sbms#include <sys/module.h> 42120441Sbms#include <sys/sockio.h> 43120441Sbms#include <sys/socket.h> 44120441Sbms#include <sys/syslog.h> 45120441Sbms#if defined(__FreeBSD__) && __FreeBSD__ >= 3 46120441Sbms#include <sys/random.h> 47120441Sbms#endif 48120441Sbms#include <sys/malloc.h> 49120441Sbms#include <sys/mbuf.h> 50120441Sbms 51120441Sbms#if defined (__OpenBSD__) 52120441Sbms#include <sys/md5k.h> 53120441Sbms#else 54120441Sbms#include <sys/md5.h> 55120441Sbms#endif 56120441Sbms 57120441Sbms#include <net/if.h> 58267936Sbapt#include <net/netisr.h> 59#include <net/if_types.h> 60#include <net/route.h> 61#include <netinet/in.h> 62#include <netinet/in_systm.h> 63#include <netinet/ip.h> 64#include <net/slcompress.h> 65 66#if defined (__NetBSD__) || defined (__OpenBSD__) 67#include <machine/cpu.h> /* XXX for softnet */ 68#endif 69 70#include <machine/stdarg.h> 71 72#include <netinet/in.h> 73#include <netinet/in_systm.h> 74#include <netinet/in_var.h> 75 76#ifdef INET 77#include <netinet/ip.h> 78#include <netinet/tcp.h> 79#endif 80 81#if defined (__FreeBSD__) || defined (__OpenBSD__) 82# include <netinet/if_ether.h> 83#else 84# include <net/ethertypes.h> 85#endif 86 87#ifdef IPX 88#include <netipx/ipx.h> 89#include <netipx/ipx_if.h> 90#endif 91 92#include <net/if_sppp.h> 93 94#if defined(__FreeBSD__) && __FreeBSD__ >= 3 95# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg, handle) 96# define TIMEOUT(fun, arg1, arg2, handle) handle = timeout(fun, arg1, arg2) 97# define IOCTL_CMD_T u_long 98#else 99# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg) 100# define TIMEOUT(fun, arg1, arg2, handle) timeout(fun, arg1, arg2) 101# define IOCTL_CMD_T int 102#endif 103 104#define MAXALIVECNT 3 /* max. alive packets */ 105 106/* 107 * Interface flags that can be set in an ifconfig command. 108 * 109 * Setting link0 will make the link passive, i.e. it will be marked 110 * as being administrative openable, but won't be opened to begin 111 * with. Incoming calls will be answered, or subsequent calls with 112 * -link1 will cause the administrative open of the LCP layer. 113 * 114 * Setting link1 will cause the link to auto-dial only as packets 115 * arrive to be sent. 116 * 117 * Setting IFF_DEBUG will syslog the option negotiation and state 118 * transitions at level kern.debug. Note: all logs consistently look 119 * like 120 * 121 * <if-name><unit>: <proto-name> <additional info...> 122 * 123 * with <if-name><unit> being something like "bppp0", and <proto-name> 124 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 125 */ 126 127#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 128#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 129#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 130 131#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 132#define PPP_UI 0x03 /* Unnumbered Information */ 133#define PPP_IP 0x0021 /* Internet Protocol */ 134#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 135#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 136#define PPP_IPX 0x002b /* Novell IPX Protocol */ 137#define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */ 138#define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */ 139#define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 140#define PPP_LCP 0xc021 /* Link Control Protocol */ 141#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 142#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 143#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 144#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 145 146#define CONF_REQ 1 /* PPP configure request */ 147#define CONF_ACK 2 /* PPP configure acknowledge */ 148#define CONF_NAK 3 /* PPP configure negative ack */ 149#define CONF_REJ 4 /* PPP configure reject */ 150#define TERM_REQ 5 /* PPP terminate request */ 151#define TERM_ACK 6 /* PPP terminate acknowledge */ 152#define CODE_REJ 7 /* PPP code reject */ 153#define PROTO_REJ 8 /* PPP protocol reject */ 154#define ECHO_REQ 9 /* PPP echo request */ 155#define ECHO_REPLY 10 /* PPP echo reply */ 156#define DISC_REQ 11 /* PPP discard request */ 157 158#define LCP_OPT_MRU 1 /* maximum receive unit */ 159#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 160#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 161#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 162#define LCP_OPT_MAGIC 5 /* magic number */ 163#define LCP_OPT_RESERVED 6 /* reserved */ 164#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 165#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 166 167#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 168#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 169#define IPCP_OPT_ADDRESS 3 /* local IP address */ 170 171#define IPV6CP_OPT_IFID 1 /* interface identifier */ 172#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 173 174#define IPCP_COMP_VJ 0x2d /* Code for VJ compression */ 175 176#define PAP_REQ 1 /* PAP name/password request */ 177#define PAP_ACK 2 /* PAP acknowledge */ 178#define PAP_NAK 3 /* PAP fail */ 179 180#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 181#define CHAP_RESPONSE 2 /* CHAP challenge response */ 182#define CHAP_SUCCESS 3 /* CHAP response ok */ 183#define CHAP_FAILURE 4 /* CHAP response failed */ 184 185#define CHAP_MD5 5 /* hash algorithm - MD5 */ 186 187#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 188#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 189#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 190#define CISCO_ADDR_REQ 0 /* Cisco address request */ 191#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 192#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 193 194/* states are named and numbered according to RFC 1661 */ 195#define STATE_INITIAL 0 196#define STATE_STARTING 1 197#define STATE_CLOSED 2 198#define STATE_STOPPED 3 199#define STATE_CLOSING 4 200#define STATE_STOPPING 5 201#define STATE_REQ_SENT 6 202#define STATE_ACK_RCVD 7 203#define STATE_ACK_SENT 8 204#define STATE_OPENED 9 205 206struct ppp_header { 207 u_char address; 208 u_char control; 209 u_short protocol; 210} __packed; 211#define PPP_HEADER_LEN sizeof (struct ppp_header) 212 213struct lcp_header { 214 u_char type; 215 u_char ident; 216 u_short len; 217} __packed; 218#define LCP_HEADER_LEN sizeof (struct lcp_header) 219 220struct cisco_packet { 221 u_long type; 222 u_long par1; 223 u_long par2; 224 u_short rel; 225 u_short time0; 226 u_short time1; 227} __packed; 228#define CISCO_PACKET_LEN sizeof (struct cisco_packet) 229 230/* 231 * We follow the spelling and capitalization of RFC 1661 here, to make 232 * it easier comparing with the standard. Please refer to this RFC in 233 * case you can't make sense out of these abbreviation; it will also 234 * explain the semantics related to the various events and actions. 235 */ 236struct cp { 237 u_short proto; /* PPP control protocol number */ 238 u_char protoidx; /* index into state table in struct sppp */ 239 u_char flags; 240#define CP_LCP 0x01 /* this is the LCP */ 241#define CP_AUTH 0x02 /* this is an authentication protocol */ 242#define CP_NCP 0x04 /* this is a NCP */ 243#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 244 const char *name; /* name of this control protocol */ 245 /* event handlers */ 246 void (*Up)(struct sppp *sp); 247 void (*Down)(struct sppp *sp); 248 void (*Open)(struct sppp *sp); 249 void (*Close)(struct sppp *sp); 250 void (*TO)(void *sp); 251 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 252 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 253 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 254 /* actions */ 255 void (*tlu)(struct sppp *sp); 256 void (*tld)(struct sppp *sp); 257 void (*tls)(struct sppp *sp); 258 void (*tlf)(struct sppp *sp); 259 void (*scr)(struct sppp *sp); 260}; 261 262static struct sppp *spppq; 263#if defined(__FreeBSD__) && __FreeBSD__ >= 3 264static struct callout_handle keepalive_ch; 265#endif 266 267#if defined(__FreeBSD__) && __FreeBSD__ >= 3 && __FreeBSD_version < 501113 268#define SPP_FMT "%s%d: " 269#define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 270#else 271#define SPP_FMT "%s: " 272#define SPP_ARGS(ifp) (ifp)->if_xname 273#endif 274 275#ifdef INET 276/* 277 * The following disgusting hack gets around the problem that IP TOS 278 * can't be set yet. We want to put "interactive" traffic on a high 279 * priority queue. To decide if traffic is interactive, we check that 280 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 281 * 282 * XXX is this really still necessary? - joerg - 283 */ 284static const u_short interactive_ports[8] = { 285 0, 513, 0, 0, 286 0, 21, 0, 23, 287}; 288#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 289#endif 290 291/* almost every function needs these */ 292#define STDDCL \ 293 struct ifnet *ifp = &sp->pp_if; \ 294 int debug = ifp->if_flags & IFF_DEBUG 295 296static int sppp_output(struct ifnet *ifp, struct mbuf *m, 297 struct sockaddr *dst, struct rtentry *rt); 298 299static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 300static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 301 302static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 303 struct mbuf *m); 304static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 305 u_char ident, u_short len, void *data); 306/* static void sppp_cp_timeout(void *arg); */ 307static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 308 int newstate); 309static void sppp_auth_send(const struct cp *cp, 310 struct sppp *sp, unsigned int type, unsigned int id, 311 ...); 312 313static void sppp_up_event(const struct cp *cp, struct sppp *sp); 314static void sppp_down_event(const struct cp *cp, struct sppp *sp); 315static void sppp_open_event(const struct cp *cp, struct sppp *sp); 316static void sppp_close_event(const struct cp *cp, struct sppp *sp); 317static void sppp_to_event(const struct cp *cp, struct sppp *sp); 318 319static void sppp_null(struct sppp *sp); 320 321static void sppp_lcp_init(struct sppp *sp); 322static void sppp_lcp_up(struct sppp *sp); 323static void sppp_lcp_down(struct sppp *sp); 324static void sppp_lcp_open(struct sppp *sp); 325static void sppp_lcp_close(struct sppp *sp); 326static void sppp_lcp_TO(void *sp); 327static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 328static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 329static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 330static void sppp_lcp_tlu(struct sppp *sp); 331static void sppp_lcp_tld(struct sppp *sp); 332static void sppp_lcp_tls(struct sppp *sp); 333static void sppp_lcp_tlf(struct sppp *sp); 334static void sppp_lcp_scr(struct sppp *sp); 335static void sppp_lcp_check_and_close(struct sppp *sp); 336static int sppp_ncp_check(struct sppp *sp); 337 338static void sppp_ipcp_init(struct sppp *sp); 339static void sppp_ipcp_up(struct sppp *sp); 340static void sppp_ipcp_down(struct sppp *sp); 341static void sppp_ipcp_open(struct sppp *sp); 342static void sppp_ipcp_close(struct sppp *sp); 343static void sppp_ipcp_TO(void *sp); 344static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 345static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 346static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 347static void sppp_ipcp_tlu(struct sppp *sp); 348static void sppp_ipcp_tld(struct sppp *sp); 349static void sppp_ipcp_tls(struct sppp *sp); 350static void sppp_ipcp_tlf(struct sppp *sp); 351static void sppp_ipcp_scr(struct sppp *sp); 352 353static void sppp_ipv6cp_init(struct sppp *sp); 354static void sppp_ipv6cp_up(struct sppp *sp); 355static void sppp_ipv6cp_down(struct sppp *sp); 356static void sppp_ipv6cp_open(struct sppp *sp); 357static void sppp_ipv6cp_close(struct sppp *sp); 358static void sppp_ipv6cp_TO(void *sp); 359static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 360static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 361static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 362static void sppp_ipv6cp_tlu(struct sppp *sp); 363static void sppp_ipv6cp_tld(struct sppp *sp); 364static void sppp_ipv6cp_tls(struct sppp *sp); 365static void sppp_ipv6cp_tlf(struct sppp *sp); 366static void sppp_ipv6cp_scr(struct sppp *sp); 367 368static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 369static void sppp_pap_init(struct sppp *sp); 370static void sppp_pap_open(struct sppp *sp); 371static void sppp_pap_close(struct sppp *sp); 372static void sppp_pap_TO(void *sp); 373static void sppp_pap_my_TO(void *sp); 374static void sppp_pap_tlu(struct sppp *sp); 375static void sppp_pap_tld(struct sppp *sp); 376static void sppp_pap_scr(struct sppp *sp); 377 378static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 379static void sppp_chap_init(struct sppp *sp); 380static void sppp_chap_open(struct sppp *sp); 381static void sppp_chap_close(struct sppp *sp); 382static void sppp_chap_TO(void *sp); 383static void sppp_chap_tlu(struct sppp *sp); 384static void sppp_chap_tld(struct sppp *sp); 385static void sppp_chap_scr(struct sppp *sp); 386 387static const char *sppp_auth_type_name(u_short proto, u_char type); 388static const char *sppp_cp_type_name(u_char type); 389static const char *sppp_dotted_quad(u_long addr); 390static const char *sppp_ipcp_opt_name(u_char opt); 391#ifdef INET6 392static const char *sppp_ipv6cp_opt_name(u_char opt); 393#endif 394static const char *sppp_lcp_opt_name(u_char opt); 395static const char *sppp_phase_name(enum ppp_phase phase); 396static const char *sppp_proto_name(u_short proto); 397static const char *sppp_state_name(int state); 398static int sppp_params(struct sppp *sp, u_long cmd, void *data); 399static int sppp_strnlen(u_char *p, int max); 400static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 401 u_long *srcmask); 402static void sppp_keepalive(void *dummy); 403static void sppp_phase_network(struct sppp *sp); 404static void sppp_print_bytes(const u_char *p, u_short len); 405static void sppp_print_string(const char *p, u_short len); 406static void sppp_qflush(struct ifqueue *ifq); 407static void sppp_set_ip_addr(struct sppp *sp, u_long src); 408#ifdef INET6 409static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 410 struct in6_addr *dst, struct in6_addr *srcmask); 411#ifdef IPV6CP_MYIFID_DYN 412static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 413static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 414#endif 415static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 416#endif 417 418/* our control protocol descriptors */ 419static const struct cp lcp = { 420 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 421 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 422 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 423 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 424 sppp_lcp_scr 425}; 426 427static const struct cp ipcp = { 428 PPP_IPCP, IDX_IPCP, 429#ifdef INET /* don't run IPCP if there's no IPv4 support */ 430 CP_NCP, 431#else 432 0, 433#endif 434 "ipcp", 435 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 436 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 437 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 438 sppp_ipcp_scr 439}; 440 441static const struct cp ipv6cp = { 442 PPP_IPV6CP, IDX_IPV6CP, 443#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 444 CP_NCP, 445#else 446 0, 447#endif 448 "ipv6cp", 449 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 450 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 451 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 452 sppp_ipv6cp_scr 453}; 454 455static const struct cp pap = { 456 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 457 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 458 sppp_pap_TO, 0, 0, 0, 459 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 460 sppp_pap_scr 461}; 462 463static const struct cp chap = { 464 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 465 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 466 sppp_chap_TO, 0, 0, 0, 467 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 468 sppp_chap_scr 469}; 470 471static const struct cp *cps[IDX_COUNT] = { 472 &lcp, /* IDX_LCP */ 473 &ipcp, /* IDX_IPCP */ 474 &ipv6cp, /* IDX_IPV6CP */ 475 &pap, /* IDX_PAP */ 476 &chap, /* IDX_CHAP */ 477}; 478 479static int 480sppp_modevent(module_t mod, int type, void *unused) 481{ 482 switch (type) { 483 case MOD_LOAD: 484 break; 485 case MOD_UNLOAD: 486 return EACCES; 487 break; 488 default: 489 break; 490 } 491 return 0; 492} 493static moduledata_t spppmod = { 494 "sppp", 495 sppp_modevent, 496 0 497}; 498MODULE_VERSION(sppp, 1); 499DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 500 501/* 502 * Exported functions, comprising our interface to the lower layer. 503 */ 504 505/* 506 * Process the received packet. 507 */ 508void 509sppp_input(struct ifnet *ifp, struct mbuf *m) 510{ 511 struct ppp_header *h; 512 int isr = -1; 513 struct sppp *sp = (struct sppp *)ifp; 514 u_char *iphdr; 515 int hlen, vjlen, do_account = 0; 516 int debug = ifp->if_flags & IFF_DEBUG; 517 518 if (ifp->if_flags & IFF_UP) 519 /* Count received bytes, add FCS and one flag */ 520 ifp->if_ibytes += m->m_pkthdr.len + 3; 521 522 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 523 /* Too small packet, drop it. */ 524 if (debug) 525 log(LOG_DEBUG, 526 SPP_FMT "input packet is too small, %d bytes\n", 527 SPP_ARGS(ifp), m->m_pkthdr.len); 528 drop: 529 m_freem (m); 530 drop2: 531 ++ifp->if_ierrors; 532 ++ifp->if_iqdrops; 533 return; 534 } 535 536 /* Get PPP header. */ 537 h = mtod (m, struct ppp_header*); 538 m_adj (m, PPP_HEADER_LEN); 539 540 switch (h->address) { 541 case PPP_ALLSTATIONS: 542 if (h->control != PPP_UI) 543 goto invalid; 544 if (sp->pp_mode == IFF_CISCO) { 545 if (debug) 546 log(LOG_DEBUG, 547 SPP_FMT "PPP packet in Cisco mode " 548 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 549 SPP_ARGS(ifp), 550 h->address, h->control, ntohs(h->protocol)); 551 goto drop; 552 } 553 switch (ntohs (h->protocol)) { 554 default: 555 if (debug) 556 log(LOG_DEBUG, 557 SPP_FMT "rejecting protocol " 558 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 559 SPP_ARGS(ifp), 560 h->address, h->control, ntohs(h->protocol)); 561 if (sp->state[IDX_LCP] == STATE_OPENED) 562 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 563 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 564 &h->protocol); 565 ++ifp->if_noproto; 566 goto drop; 567 case PPP_LCP: 568 sppp_cp_input(&lcp, sp, m); 569 m_freem (m); 570 return; 571 case PPP_PAP: 572 if (sp->pp_phase >= PHASE_AUTHENTICATE) 573 sppp_pap_input(sp, m); 574 m_freem (m); 575 return; 576 case PPP_CHAP: 577 if (sp->pp_phase >= PHASE_AUTHENTICATE) 578 sppp_chap_input(sp, m); 579 m_freem (m); 580 return; 581#ifdef INET 582 case PPP_IPCP: 583 if (sp->pp_phase == PHASE_NETWORK) 584 sppp_cp_input(&ipcp, sp, m); 585 m_freem (m); 586 return; 587 case PPP_IP: 588 if (sp->state[IDX_IPCP] == STATE_OPENED) { 589 isr = NETISR_IP; 590 } 591 do_account++; 592 break; 593 case PPP_VJ_COMP: 594 if (sp->state[IDX_IPCP] == STATE_OPENED) { 595 if ((vjlen = 596 sl_uncompress_tcp_core(mtod(m, u_char *), 597 m->m_len, m->m_len, 598 TYPE_COMPRESSED_TCP, 599 sp->pp_comp, 600 &iphdr, &hlen)) <= 0) { 601 if (debug) 602 log(LOG_INFO, 603 SPP_FMT "VJ uncompress failed on compressed packet\n", 604 SPP_ARGS(ifp)); 605 goto drop; 606 } 607 608 /* 609 * Trim the VJ header off the packet, and prepend 610 * the uncompressed IP header (which will usually 611 * end up in two chained mbufs since there's not 612 * enough leading space in the existing mbuf). 613 */ 614 m_adj(m, vjlen); 615 M_PREPEND(m, hlen, M_DONTWAIT); 616 if (m == NULL) 617 goto drop2; 618 bcopy(iphdr, mtod(m, u_char *), hlen); 619 isr = NETISR_IP; 620 } 621 do_account++; 622 break; 623 case PPP_VJ_UCOMP: 624 if (sp->state[IDX_IPCP] == STATE_OPENED) { 625 if (sl_uncompress_tcp_core(mtod(m, u_char *), 626 m->m_len, m->m_len, 627 TYPE_UNCOMPRESSED_TCP, 628 sp->pp_comp, 629 &iphdr, &hlen) != 0) { 630 if (debug) 631 log(LOG_INFO, 632 SPP_FMT "VJ uncompress failed on uncompressed packet\n", 633 SPP_ARGS(ifp)); 634 goto drop; 635 } 636 isr = NETISR_IP; 637 } 638 do_account++; 639 break; 640#endif 641#ifdef INET6 642 case PPP_IPV6CP: 643 if (sp->pp_phase == PHASE_NETWORK) 644 sppp_cp_input(&ipv6cp, sp, m); 645 m_freem (m); 646 return; 647 648 case PPP_IPV6: 649 if (sp->state[IDX_IPV6CP] == STATE_OPENED) 650 isr = NETISR_IPV6; 651 do_account++; 652 break; 653#endif 654#ifdef IPX 655 case PPP_IPX: 656 /* IPX IPXCP not implemented yet */ 657 if (sp->pp_phase == PHASE_NETWORK) 658 isr = NETISR_IPX; 659 do_account++; 660 break; 661#endif 662 } 663 break; 664 case CISCO_MULTICAST: 665 case CISCO_UNICAST: 666 /* Don't check the control field here (RFC 1547). */ 667 if (sp->pp_mode != IFF_CISCO) { 668 if (debug) 669 log(LOG_DEBUG, 670 SPP_FMT "Cisco packet in PPP mode " 671 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 672 SPP_ARGS(ifp), 673 h->address, h->control, ntohs(h->protocol)); 674 goto drop; 675 } 676 switch (ntohs (h->protocol)) { 677 default: 678 ++ifp->if_noproto; 679 goto invalid; 680 case CISCO_KEEPALIVE: 681 sppp_cisco_input ((struct sppp*) ifp, m); 682 m_freem (m); 683 return; 684#ifdef INET 685 case ETHERTYPE_IP: 686 isr = NETISR_IP; 687 do_account++; 688 break; 689#endif 690#ifdef INET6 691 case ETHERTYPE_IPV6: 692 isr = NETISR_IPV6; 693 do_account++; 694 break; 695#endif 696#ifdef IPX 697 case ETHERTYPE_IPX: 698 isr = NETISR_IPX; 699 do_account++; 700 break; 701#endif 702 } 703 break; 704 default: /* Invalid PPP packet. */ 705 invalid: 706 if (debug) 707 log(LOG_DEBUG, 708 SPP_FMT "invalid input packet " 709 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 710 SPP_ARGS(ifp), 711 h->address, h->control, ntohs(h->protocol)); 712 goto drop; 713 } 714 715 if (! (ifp->if_flags & IFF_UP) || isr == -1) 716 goto drop; 717 718 /* Check queue. */ 719 if (! netisr_queue(isr, m)) { 720 if (debug) 721 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 722 SPP_ARGS(ifp)); 723 goto drop; 724 } 725 if (do_account) 726 /* 727 * Do only account for network packets, not for control 728 * packets. This is used by some subsystems to detect 729 * idle lines. 730 */ 731 sp->pp_last_recv = time_second; 732} 733 734/* 735 * Enqueue transmit packet. 736 */ 737static int 738sppp_output(struct ifnet *ifp, struct mbuf *m, 739 struct sockaddr *dst, struct rtentry *rt) 740{ 741 struct sppp *sp = (struct sppp*) ifp; 742 struct ppp_header *h; 743 struct ifqueue *ifq = NULL; 744 int s, error, rv = 0; 745 int ipproto = PPP_IP; 746 int debug = ifp->if_flags & IFF_DEBUG; 747 748 s = splimp(); 749 750 if ((ifp->if_flags & IFF_UP) == 0 || 751 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 752#ifdef INET6 753 drop: 754#endif 755 m_freem (m); 756 splx (s); 757 return (ENETDOWN); 758 } 759 760 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 761#ifdef INET6 762 /* 763 * XXX 764 * 765 * Hack to prevent the initialization-time generated 766 * IPv6 multicast packet to erroneously cause a 767 * dialout event in case IPv6 has been 768 * administratively disabled on that interface. 769 */ 770 if (dst->sa_family == AF_INET6 && 771 !(sp->confflags & CONF_ENABLE_IPV6)) 772 goto drop; 773#endif 774 /* 775 * Interface is not yet running, but auto-dial. Need 776 * to start LCP for it. 777 */ 778 ifp->if_flags |= IFF_RUNNING; 779 splx(s); 780 lcp.Open(sp); 781 s = splimp(); 782 } 783 784#ifdef INET 785 if (dst->sa_family == AF_INET) { 786 /* XXX Check mbuf length here? */ 787 struct ip *ip = mtod (m, struct ip*); 788 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 789 790 /* 791 * When using dynamic local IP address assignment by using 792 * 0.0.0.0 as a local address, the first TCP session will 793 * not connect because the local TCP checksum is computed 794 * using 0.0.0.0 which will later become our real IP address 795 * so the TCP checksum computed at the remote end will 796 * become invalid. So we 797 * - don't let packets with src ip addr 0 thru 798 * - we flag TCP packets with src ip 0 as an error 799 */ 800 801 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 802 { 803 m_freem(m); 804 splx(s); 805 if(ip->ip_p == IPPROTO_TCP) 806 return(EADDRNOTAVAIL); 807 else 808 return(0); 809 } 810 811 /* 812 * Put low delay, telnet, rlogin and ftp control packets 813 * in front of the queue or let ALTQ take care. 814 */ 815 if (ALTQ_IS_ENABLED(&ifp->if_snd)) 816 ; 817 else if (_IF_QFULL(&sp->pp_fastq)) 818 ; 819 else if (ip->ip_tos & IPTOS_LOWDELAY) 820 ifq = &sp->pp_fastq; 821 else if (m->m_len < sizeof *ip + sizeof *tcp) 822 ; 823 else if (ip->ip_p != IPPROTO_TCP) 824 ; 825 else if (INTERACTIVE (ntohs (tcp->th_sport))) 826 ifq = &sp->pp_fastq; 827 else if (INTERACTIVE (ntohs (tcp->th_dport))) 828 ifq = &sp->pp_fastq; 829 830 /* 831 * Do IP Header compression 832 */ 833 if (sp->pp_mode != IFF_CISCO && (sp->ipcp.flags & IPCP_VJ) && 834 ip->ip_p == IPPROTO_TCP) 835 switch (sl_compress_tcp(m, ip, sp->pp_comp, 836 sp->ipcp.compress_cid)) { 837 case TYPE_COMPRESSED_TCP: 838 ipproto = PPP_VJ_COMP; 839 break; 840 case TYPE_UNCOMPRESSED_TCP: 841 ipproto = PPP_VJ_UCOMP; 842 break; 843 case TYPE_IP: 844 ipproto = PPP_IP; 845 break; 846 default: 847 m_freem(m); 848 splx(s); 849 return (EINVAL); 850 } 851 } 852#endif 853 854#ifdef INET6 855 if (dst->sa_family == AF_INET6) { 856 /* XXX do something tricky here? */ 857 } 858#endif 859 860 /* 861 * Prepend general data packet PPP header. For now, IP only. 862 */ 863 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 864 if (! m) { 865 if (debug) 866 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 867 SPP_ARGS(ifp)); 868 ++ifp->if_oerrors; 869 splx (s); 870 return (ENOBUFS); 871 } 872 /* 873 * May want to check size of packet 874 * (albeit due to the implementation it's always enough) 875 */ 876 h = mtod (m, struct ppp_header*); 877 if (sp->pp_mode == IFF_CISCO) { 878 h->address = CISCO_UNICAST; /* unicast address */ 879 h->control = 0; 880 } else { 881 h->address = PPP_ALLSTATIONS; /* broadcast address */ 882 h->control = PPP_UI; /* Unnumbered Info */ 883 } 884 885 switch (dst->sa_family) { 886#ifdef INET 887 case AF_INET: /* Internet Protocol */ 888 if (sp->pp_mode == IFF_CISCO) 889 h->protocol = htons (ETHERTYPE_IP); 890 else { 891 /* 892 * Don't choke with an ENETDOWN early. It's 893 * possible that we just started dialing out, 894 * so don't drop the packet immediately. If 895 * we notice that we run out of buffer space 896 * below, we will however remember that we are 897 * not ready to carry IP packets, and return 898 * ENETDOWN, as opposed to ENOBUFS. 899 */ 900 h->protocol = htons(ipproto); 901 if (sp->state[IDX_IPCP] != STATE_OPENED) 902 rv = ENETDOWN; 903 } 904 break; 905#endif 906#ifdef INET6 907 case AF_INET6: /* Internet Protocol */ 908 if (sp->pp_mode == IFF_CISCO) 909 h->protocol = htons (ETHERTYPE_IPV6); 910 else { 911 /* 912 * Don't choke with an ENETDOWN early. It's 913 * possible that we just started dialing out, 914 * so don't drop the packet immediately. If 915 * we notice that we run out of buffer space 916 * below, we will however remember that we are 917 * not ready to carry IP packets, and return 918 * ENETDOWN, as opposed to ENOBUFS. 919 */ 920 h->protocol = htons(PPP_IPV6); 921 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 922 rv = ENETDOWN; 923 } 924 break; 925#endif 926#ifdef IPX 927 case AF_IPX: /* Novell IPX Protocol */ 928 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 929 ETHERTYPE_IPX : PPP_IPX); 930 break; 931#endif 932 default: 933 m_freem (m); 934 ++ifp->if_oerrors; 935 splx (s); 936 return (EAFNOSUPPORT); 937 } 938 939 /* 940 * Queue message on interface, and start output if interface 941 * not yet active. 942 */ 943 if (ifq != NULL) 944 error = !(IF_HANDOFF_ADJ(ifq, m, ifp, 3)); 945 else 946 IFQ_HANDOFF_ADJ(ifp, m, 3, error); 947 if (error) { 948 ++ifp->if_oerrors; 949 splx (s); 950 return (rv? rv: ENOBUFS); 951 } 952 splx (s); 953 /* 954 * Unlike in sppp_input(), we can always bump the timestamp 955 * here since sppp_output() is only called on behalf of 956 * network-layer traffic; control-layer traffic is handled 957 * by sppp_cp_send(). 958 */ 959 sp->pp_last_sent = time_second; 960 return (0); 961} 962 963void 964sppp_attach(struct ifnet *ifp) 965{ 966 struct sppp *sp = (struct sppp*) ifp; 967 968 /* Initialize keepalive handler. */ 969 if (spppq == NULL) 970 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 971 972 /* Insert new entry into the keepalive list. */ 973 sp->pp_next = spppq; 974 spppq = sp; 975 976 sp->pp_if.if_mtu = PP_MTU; 977 sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 978 sp->pp_if.if_type = IFT_PPP; 979 sp->pp_if.if_output = sppp_output; 980#if 0 981 sp->pp_flags = PP_KEEPALIVE; 982#endif 983 sp->pp_if.if_snd.ifq_maxlen = 32; 984 sp->pp_fastq.ifq_maxlen = 32; 985 sp->pp_cpq.ifq_maxlen = 20; 986 sp->pp_loopcnt = 0; 987 sp->pp_alivecnt = 0; 988 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 989 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 990 sp->pp_phase = PHASE_DEAD; 991 sp->pp_up = lcp.Up; 992 sp->pp_down = lcp.Down; 993 if(!mtx_initialized(&sp->pp_cpq.ifq_mtx)) 994 mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", NULL, MTX_DEF); 995 if(!mtx_initialized(&sp->pp_fastq.ifq_mtx)) 996 mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", NULL, MTX_DEF); 997 sp->pp_last_recv = sp->pp_last_sent = time_second; 998 sp->confflags = 0; 999#ifdef INET 1000 sp->confflags |= CONF_ENABLE_VJ; 1001#endif 1002#ifdef INET6 1003 sp->confflags |= CONF_ENABLE_IPV6; 1004#endif 1005 sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAITOK); 1006 sl_compress_init(sp->pp_comp, -1); 1007 sppp_lcp_init(sp); 1008 sppp_ipcp_init(sp); 1009 sppp_ipv6cp_init(sp); 1010 sppp_pap_init(sp); 1011 sppp_chap_init(sp); 1012} 1013 1014void 1015sppp_detach(struct ifnet *ifp) 1016{ 1017 struct sppp **q, *p, *sp = (struct sppp*) ifp; 1018 int i; 1019 1020 /* Remove the entry from the keepalive list. */ 1021 for (q = &spppq; (p = *q); q = &p->pp_next) 1022 if (p == sp) { 1023 *q = p->pp_next; 1024 break; 1025 } 1026 1027 /* Stop keepalive handler. */ 1028 if (spppq == NULL) 1029 UNTIMEOUT(sppp_keepalive, 0, keepalive_ch); 1030 1031 for (i = 0; i < IDX_COUNT; i++) 1032 UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]); 1033 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 1034 mtx_destroy(&sp->pp_cpq.ifq_mtx); 1035 mtx_destroy(&sp->pp_fastq.ifq_mtx); 1036} 1037 1038/* 1039 * Flush the interface output queue. 1040 */ 1041void 1042sppp_flush(struct ifnet *ifp) 1043{ 1044 struct sppp *sp = (struct sppp*) ifp; 1045 1046 sppp_qflush ((struct ifqueue *)&sp->pp_if.if_snd); 1047 sppp_qflush (&sp->pp_fastq); 1048 sppp_qflush (&sp->pp_cpq); 1049} 1050 1051/* 1052 * Check if the output queue is empty. 1053 */ 1054int 1055sppp_isempty(struct ifnet *ifp) 1056{ 1057 struct sppp *sp = (struct sppp*) ifp; 1058 int empty, s; 1059 1060 s = splimp(); 1061 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 1062 !sp->pp_if.if_snd.ifq_head; 1063 splx(s); 1064 return (empty); 1065} 1066 1067/* 1068 * Get next packet to send. 1069 */ 1070struct mbuf * 1071sppp_dequeue(struct ifnet *ifp) 1072{ 1073 struct sppp *sp = (struct sppp*) ifp; 1074 struct mbuf *m; 1075 int s; 1076 1077 s = splimp(); 1078 /* 1079 * Process only the control protocol queue until we have at 1080 * least one NCP open. 1081 * 1082 * Do always serve all three queues in Cisco mode. 1083 */ 1084 IF_DEQUEUE(&sp->pp_cpq, m); 1085 if (m == NULL && 1086 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO)) { 1087 IF_DEQUEUE(&sp->pp_fastq, m); 1088 if (m == NULL) 1089 IF_DEQUEUE (&sp->pp_if.if_snd, m); 1090 } 1091 splx(s); 1092 return m; 1093} 1094 1095/* 1096 * Pick the next packet, do not remove it from the queue. 1097 */ 1098struct mbuf * 1099sppp_pick(struct ifnet *ifp) 1100{ 1101 struct sppp *sp = (struct sppp*)ifp; 1102 struct mbuf *m; 1103 int s; 1104 1105 s= splimp (); 1106 1107 m = sp->pp_cpq.ifq_head; 1108 if (m == NULL && 1109 (sp->pp_phase == PHASE_NETWORK || sp->pp_mode == IFF_CISCO)) 1110 if ((m = sp->pp_fastq.ifq_head) == NULL) 1111 m = sp->pp_if.if_snd.ifq_head; 1112 splx (s); 1113 return (m); 1114} 1115 1116/* 1117 * Process an ioctl request. Called on low priority level. 1118 */ 1119int 1120sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1121{ 1122 struct ifreq *ifr = (struct ifreq*) data; 1123 struct sppp *sp = (struct sppp*) ifp; 1124 int s, rv, going_up, going_down, newmode; 1125 1126 s = splimp(); 1127 rv = 0; 1128 switch (cmd) { 1129 case SIOCAIFADDR: 1130 case SIOCSIFDSTADDR: 1131 break; 1132 1133 case SIOCSIFADDR: 1134 /* set the interface "up" when assigning an IP address */ 1135 ifp->if_flags |= IFF_UP; 1136 /* FALLTHROUGH */ 1137 1138 case SIOCSIFFLAGS: 1139 going_up = ifp->if_flags & IFF_UP && 1140 (ifp->if_flags & IFF_RUNNING) == 0; 1141 going_down = (ifp->if_flags & IFF_UP) == 0 && 1142 ifp->if_flags & IFF_RUNNING; 1143 1144 newmode = ifp->if_flags & IFF_PASSIVE; 1145 if (!newmode) 1146 newmode = ifp->if_flags & IFF_AUTO; 1147 if (!newmode) 1148 newmode = ifp->if_flags & IFF_CISCO; 1149 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1150 ifp->if_flags |= newmode; 1151 1152 if (newmode != sp->pp_mode) { 1153 going_down = 1; 1154 if (!going_up) 1155 going_up = ifp->if_flags & IFF_RUNNING; 1156 } 1157 1158 if (going_down) { 1159 if (sp->pp_mode != IFF_CISCO) 1160 lcp.Close(sp); 1161 else if (sp->pp_tlf) 1162 (sp->pp_tlf)(sp); 1163 sppp_flush(ifp); 1164 ifp->if_flags &= ~IFF_RUNNING; 1165 sp->pp_mode = newmode; 1166 } 1167 1168 if (going_up) { 1169 if (sp->pp_mode != IFF_CISCO) 1170 lcp.Close(sp); 1171 sp->pp_mode = newmode; 1172 if (sp->pp_mode == 0) { 1173 ifp->if_flags |= IFF_RUNNING; 1174 lcp.Open(sp); 1175 } 1176 if (sp->pp_mode == IFF_CISCO) { 1177 if (sp->pp_tls) 1178 (sp->pp_tls)(sp); 1179 ifp->if_flags |= IFF_RUNNING; 1180 } 1181 } 1182 1183 break; 1184 1185#ifdef SIOCSIFMTU 1186#ifndef ifr_mtu 1187#define ifr_mtu ifr_metric 1188#endif 1189 case SIOCSIFMTU: 1190 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1191 return (EINVAL); 1192 ifp->if_mtu = ifr->ifr_mtu; 1193 break; 1194#endif 1195#ifdef SLIOCSETMTU 1196 case SLIOCSETMTU: 1197 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1198 return (EINVAL); 1199 ifp->if_mtu = *(short*)data; 1200 break; 1201#endif 1202#ifdef SIOCGIFMTU 1203 case SIOCGIFMTU: 1204 ifr->ifr_mtu = ifp->if_mtu; 1205 break; 1206#endif 1207#ifdef SLIOCGETMTU 1208 case SLIOCGETMTU: 1209 *(short*)data = ifp->if_mtu; 1210 break; 1211#endif 1212 case SIOCADDMULTI: 1213 case SIOCDELMULTI: 1214 break; 1215 1216 case SIOCGIFGENERIC: 1217 case SIOCSIFGENERIC: 1218 rv = sppp_params(sp, cmd, data); 1219 break; 1220 1221 default: 1222 rv = ENOTTY; 1223 } 1224 splx(s); 1225 return rv; 1226} 1227 1228/* 1229 * Cisco framing implementation. 1230 */ 1231 1232/* 1233 * Handle incoming Cisco keepalive protocol packets. 1234 */ 1235static void 1236sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1237{ 1238 STDDCL; 1239 struct cisco_packet *h; 1240 u_long me, mymask; 1241 1242 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1243 if (debug) 1244 log(LOG_DEBUG, 1245 SPP_FMT "cisco invalid packet length: %d bytes\n", 1246 SPP_ARGS(ifp), m->m_pkthdr.len); 1247 return; 1248 } 1249 h = mtod (m, struct cisco_packet*); 1250 if (debug) 1251 log(LOG_DEBUG, 1252 SPP_FMT "cisco input: %d bytes " 1253 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1254 SPP_ARGS(ifp), m->m_pkthdr.len, 1255 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1256 (u_int)h->time0, (u_int)h->time1); 1257 switch (ntohl (h->type)) { 1258 default: 1259 if (debug) 1260 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1261 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1262 break; 1263 case CISCO_ADDR_REPLY: 1264 /* Reply on address request, ignore */ 1265 break; 1266 case CISCO_KEEPALIVE_REQ: 1267 sp->pp_alivecnt = 0; 1268 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1269 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1270 /* Local and remote sequence numbers are equal. 1271 * Probably, the line is in loopback mode. */ 1272 if (sp->pp_loopcnt >= MAXALIVECNT) { 1273 printf (SPP_FMT "loopback\n", 1274 SPP_ARGS(ifp)); 1275 sp->pp_loopcnt = 0; 1276 if (ifp->if_flags & IFF_UP) { 1277 if_down (ifp); 1278 sppp_qflush (&sp->pp_cpq); 1279 } 1280 } 1281 ++sp->pp_loopcnt; 1282 1283 /* Generate new local sequence number */ 1284#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1285 sp->pp_seq[IDX_LCP] = random(); 1286#else 1287 sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec; 1288#endif 1289 break; 1290 } 1291 sp->pp_loopcnt = 0; 1292 if (! (ifp->if_flags & IFF_UP) && 1293 (ifp->if_flags & IFF_RUNNING)) { 1294 if_up(ifp); 1295 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1296 } 1297 break; 1298 case CISCO_ADDR_REQ: 1299 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1300 if (me != 0L) 1301 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1302 break; 1303 } 1304} 1305 1306/* 1307 * Send Cisco keepalive packet. 1308 */ 1309static void 1310sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1311{ 1312 STDDCL; 1313 struct ppp_header *h; 1314 struct cisco_packet *ch; 1315 struct mbuf *m; 1316 struct timeval tv; 1317 1318 getmicrouptime(&tv); 1319 1320 MGETHDR (m, M_DONTWAIT, MT_DATA); 1321 if (! m) 1322 return; 1323 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1324 m->m_pkthdr.rcvif = 0; 1325 1326 h = mtod (m, struct ppp_header*); 1327 h->address = CISCO_MULTICAST; 1328 h->control = 0; 1329 h->protocol = htons (CISCO_KEEPALIVE); 1330 1331 ch = (struct cisco_packet*) (h + 1); 1332 ch->type = htonl (type); 1333 ch->par1 = htonl (par1); 1334 ch->par2 = htonl (par2); 1335 ch->rel = -1; 1336 1337 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1338 ch->time1 = htons ((u_short) tv.tv_sec); 1339 1340 if (debug) 1341 log(LOG_DEBUG, 1342 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1343 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1344 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1345 1346 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1347 ifp->if_oerrors++; 1348} 1349 1350/* 1351 * PPP protocol implementation. 1352 */ 1353 1354/* 1355 * Send PPP control protocol packet. 1356 */ 1357static void 1358sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1359 u_char ident, u_short len, void *data) 1360{ 1361 STDDCL; 1362 struct ppp_header *h; 1363 struct lcp_header *lh; 1364 struct mbuf *m; 1365 1366 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1367 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1368 MGETHDR (m, M_DONTWAIT, MT_DATA); 1369 if (! m) 1370 return; 1371 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1372 m->m_pkthdr.rcvif = 0; 1373 1374 h = mtod (m, struct ppp_header*); 1375 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1376 h->control = PPP_UI; /* Unnumbered Info */ 1377 h->protocol = htons (proto); /* Link Control Protocol */ 1378 1379 lh = (struct lcp_header*) (h + 1); 1380 lh->type = type; 1381 lh->ident = ident; 1382 lh->len = htons (LCP_HEADER_LEN + len); 1383 if (len) 1384 bcopy (data, lh+1, len); 1385 1386 if (debug) { 1387 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1388 SPP_ARGS(ifp), 1389 sppp_proto_name(proto), 1390 sppp_cp_type_name (lh->type), lh->ident, 1391 ntohs (lh->len)); 1392 sppp_print_bytes ((u_char*) (lh+1), len); 1393 log(-1, ">\n"); 1394 } 1395 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1396 ifp->if_oerrors++; 1397} 1398 1399/* 1400 * Handle incoming PPP control protocol packets. 1401 */ 1402static void 1403sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1404{ 1405 STDDCL; 1406 struct lcp_header *h; 1407 int len = m->m_pkthdr.len; 1408 int rv; 1409 u_char *p; 1410 1411 if (len < 4) { 1412 if (debug) 1413 log(LOG_DEBUG, 1414 SPP_FMT "%s invalid packet length: %d bytes\n", 1415 SPP_ARGS(ifp), cp->name, len); 1416 return; 1417 } 1418 h = mtod (m, struct lcp_header*); 1419 if (debug) { 1420 log(LOG_DEBUG, 1421 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1422 SPP_ARGS(ifp), cp->name, 1423 sppp_state_name(sp->state[cp->protoidx]), 1424 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1425 sppp_print_bytes ((u_char*) (h+1), len-4); 1426 log(-1, ">\n"); 1427 } 1428 if (len > ntohs (h->len)) 1429 len = ntohs (h->len); 1430 p = (u_char *)(h + 1); 1431 switch (h->type) { 1432 case CONF_REQ: 1433 if (len < 4) { 1434 if (debug) 1435 log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1436 SPP_ARGS(ifp), cp->name, 1437 len); 1438 ++ifp->if_ierrors; 1439 break; 1440 } 1441 /* handle states where RCR doesn't get a SCA/SCN */ 1442 switch (sp->state[cp->protoidx]) { 1443 case STATE_CLOSING: 1444 case STATE_STOPPING: 1445 return; 1446 case STATE_CLOSED: 1447 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1448 0, 0); 1449 return; 1450 } 1451 rv = (cp->RCR)(sp, h, len); 1452 switch (sp->state[cp->protoidx]) { 1453 case STATE_OPENED: 1454 (cp->tld)(sp); 1455 (cp->scr)(sp); 1456 /* FALLTHROUGH */ 1457 case STATE_ACK_SENT: 1458 case STATE_REQ_SENT: 1459 /* 1460 * sppp_cp_change_state() have the side effect of 1461 * restarting the timeouts. We want to avoid that 1462 * if the state don't change, otherwise we won't 1463 * ever timeout and resend a configuration request 1464 * that got lost. 1465 */ 1466 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1467 STATE_REQ_SENT)) 1468 break; 1469 sppp_cp_change_state(cp, sp, rv? 1470 STATE_ACK_SENT: STATE_REQ_SENT); 1471 break; 1472 case STATE_STOPPED: 1473 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1474 (cp->scr)(sp); 1475 sppp_cp_change_state(cp, sp, rv? 1476 STATE_ACK_SENT: STATE_REQ_SENT); 1477 break; 1478 case STATE_ACK_RCVD: 1479 if (rv) { 1480 sppp_cp_change_state(cp, sp, STATE_OPENED); 1481 if (debug) 1482 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1483 SPP_ARGS(ifp), 1484 cp->name); 1485 (cp->tlu)(sp); 1486 } else 1487 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1488 break; 1489 default: 1490 printf(SPP_FMT "%s illegal %s in state %s\n", 1491 SPP_ARGS(ifp), cp->name, 1492 sppp_cp_type_name(h->type), 1493 sppp_state_name(sp->state[cp->protoidx])); 1494 ++ifp->if_ierrors; 1495 } 1496 break; 1497 case CONF_ACK: 1498 if (h->ident != sp->confid[cp->protoidx]) { 1499 if (debug) 1500 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1501 SPP_ARGS(ifp), cp->name, 1502 h->ident, sp->confid[cp->protoidx]); 1503 ++ifp->if_ierrors; 1504 break; 1505 } 1506 switch (sp->state[cp->protoidx]) { 1507 case STATE_CLOSED: 1508 case STATE_STOPPED: 1509 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1510 break; 1511 case STATE_CLOSING: 1512 case STATE_STOPPING: 1513 break; 1514 case STATE_REQ_SENT: 1515 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1516 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1517 break; 1518 case STATE_OPENED: 1519 (cp->tld)(sp); 1520 /* FALLTHROUGH */ 1521 case STATE_ACK_RCVD: 1522 (cp->scr)(sp); 1523 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1524 break; 1525 case STATE_ACK_SENT: 1526 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1527 sppp_cp_change_state(cp, sp, STATE_OPENED); 1528 if (debug) 1529 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1530 SPP_ARGS(ifp), cp->name); 1531 (cp->tlu)(sp); 1532 break; 1533 default: 1534 printf(SPP_FMT "%s illegal %s in state %s\n", 1535 SPP_ARGS(ifp), cp->name, 1536 sppp_cp_type_name(h->type), 1537 sppp_state_name(sp->state[cp->protoidx])); 1538 ++ifp->if_ierrors; 1539 } 1540 break; 1541 case CONF_NAK: 1542 case CONF_REJ: 1543 if (h->ident != sp->confid[cp->protoidx]) { 1544 if (debug) 1545 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1546 SPP_ARGS(ifp), cp->name, 1547 h->ident, sp->confid[cp->protoidx]); 1548 ++ifp->if_ierrors; 1549 break; 1550 } 1551 if (h->type == CONF_NAK) 1552 (cp->RCN_nak)(sp, h, len); 1553 else /* CONF_REJ */ 1554 (cp->RCN_rej)(sp, h, len); 1555 1556 switch (sp->state[cp->protoidx]) { 1557 case STATE_CLOSED: 1558 case STATE_STOPPED: 1559 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1560 break; 1561 case STATE_REQ_SENT: 1562 case STATE_ACK_SENT: 1563 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1564 /* 1565 * Slow things down a bit if we think we might be 1566 * in loopback. Depend on the timeout to send the 1567 * next configuration request. 1568 */ 1569 if (sp->pp_loopcnt) 1570 break; 1571 (cp->scr)(sp); 1572 break; 1573 case STATE_OPENED: 1574 (cp->tld)(sp); 1575 /* FALLTHROUGH */ 1576 case STATE_ACK_RCVD: 1577 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1578 (cp->scr)(sp); 1579 break; 1580 case STATE_CLOSING: 1581 case STATE_STOPPING: 1582 break; 1583 default: 1584 printf(SPP_FMT "%s illegal %s in state %s\n", 1585 SPP_ARGS(ifp), cp->name, 1586 sppp_cp_type_name(h->type), 1587 sppp_state_name(sp->state[cp->protoidx])); 1588 ++ifp->if_ierrors; 1589 } 1590 break; 1591 1592 case TERM_REQ: 1593 switch (sp->state[cp->protoidx]) { 1594 case STATE_ACK_RCVD: 1595 case STATE_ACK_SENT: 1596 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1597 /* FALLTHROUGH */ 1598 case STATE_CLOSED: 1599 case STATE_STOPPED: 1600 case STATE_CLOSING: 1601 case STATE_STOPPING: 1602 case STATE_REQ_SENT: 1603 sta: 1604 /* Send Terminate-Ack packet. */ 1605 if (debug) 1606 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1607 SPP_ARGS(ifp), cp->name); 1608 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1609 break; 1610 case STATE_OPENED: 1611 (cp->tld)(sp); 1612 sp->rst_counter[cp->protoidx] = 0; 1613 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1614 goto sta; 1615 break; 1616 default: 1617 printf(SPP_FMT "%s illegal %s in state %s\n", 1618 SPP_ARGS(ifp), cp->name, 1619 sppp_cp_type_name(h->type), 1620 sppp_state_name(sp->state[cp->protoidx])); 1621 ++ifp->if_ierrors; 1622 } 1623 break; 1624 case TERM_ACK: 1625 switch (sp->state[cp->protoidx]) { 1626 case STATE_CLOSED: 1627 case STATE_STOPPED: 1628 case STATE_REQ_SENT: 1629 case STATE_ACK_SENT: 1630 break; 1631 case STATE_CLOSING: 1632 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1633 (cp->tlf)(sp); 1634 break; 1635 case STATE_STOPPING: 1636 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1637 (cp->tlf)(sp); 1638 break; 1639 case STATE_ACK_RCVD: 1640 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1641 break; 1642 case STATE_OPENED: 1643 (cp->tld)(sp); 1644 (cp->scr)(sp); 1645 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1646 break; 1647 default: 1648 printf(SPP_FMT "%s illegal %s in state %s\n", 1649 SPP_ARGS(ifp), cp->name, 1650 sppp_cp_type_name(h->type), 1651 sppp_state_name(sp->state[cp->protoidx])); 1652 ++ifp->if_ierrors; 1653 } 1654 break; 1655 case CODE_REJ: 1656 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1657 log(LOG_INFO, 1658 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1659 "danger will robinson\n", 1660 SPP_ARGS(ifp), cp->name, 1661 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1662 switch (sp->state[cp->protoidx]) { 1663 case STATE_CLOSED: 1664 case STATE_STOPPED: 1665 case STATE_REQ_SENT: 1666 case STATE_ACK_SENT: 1667 case STATE_CLOSING: 1668 case STATE_STOPPING: 1669 case STATE_OPENED: 1670 break; 1671 case STATE_ACK_RCVD: 1672 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1673 break; 1674 default: 1675 printf(SPP_FMT "%s illegal %s in state %s\n", 1676 SPP_ARGS(ifp), cp->name, 1677 sppp_cp_type_name(h->type), 1678 sppp_state_name(sp->state[cp->protoidx])); 1679 ++ifp->if_ierrors; 1680 } 1681 break; 1682 case PROTO_REJ: 1683 { 1684 int catastrophic; 1685 const struct cp *upper; 1686 int i; 1687 u_int16_t proto; 1688 1689 catastrophic = 0; 1690 upper = NULL; 1691 proto = ntohs(*((u_int16_t *)p)); 1692 for (i = 0; i < IDX_COUNT; i++) { 1693 if (cps[i]->proto == proto) { 1694 upper = cps[i]; 1695 break; 1696 } 1697 } 1698 if (upper == NULL) 1699 catastrophic++; 1700 1701 if (catastrophic || debug) 1702 log(catastrophic? LOG_INFO: LOG_DEBUG, 1703 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1704 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1705 sppp_cp_type_name(h->type), proto, 1706 upper ? upper->name : "unknown", 1707 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1708 1709 /* 1710 * if we got RXJ+ against conf-req, the peer does not implement 1711 * this particular protocol type. terminate the protocol. 1712 */ 1713 if (upper && !catastrophic) { 1714 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1715 upper->Close(sp); 1716 break; 1717 } 1718 } 1719 1720 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1721 switch (sp->state[cp->protoidx]) { 1722 case STATE_CLOSED: 1723 case STATE_STOPPED: 1724 case STATE_REQ_SENT: 1725 case STATE_ACK_SENT: 1726 case STATE_CLOSING: 1727 case STATE_STOPPING: 1728 case STATE_OPENED: 1729 break; 1730 case STATE_ACK_RCVD: 1731 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1732 break; 1733 default: 1734 printf(SPP_FMT "%s illegal %s in state %s\n", 1735 SPP_ARGS(ifp), cp->name, 1736 sppp_cp_type_name(h->type), 1737 sppp_state_name(sp->state[cp->protoidx])); 1738 ++ifp->if_ierrors; 1739 } 1740 break; 1741 } 1742 case DISC_REQ: 1743 if (cp->proto != PPP_LCP) 1744 goto illegal; 1745 /* Discard the packet. */ 1746 break; 1747 case ECHO_REQ: 1748 if (cp->proto != PPP_LCP) 1749 goto illegal; 1750 if (sp->state[cp->protoidx] != STATE_OPENED) { 1751 if (debug) 1752 log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1753 SPP_ARGS(ifp)); 1754 ++ifp->if_ierrors; 1755 break; 1756 } 1757 if (len < 8) { 1758 if (debug) 1759 log(-1, SPP_FMT "invalid lcp echo request " 1760 "packet length: %d bytes\n", 1761 SPP_ARGS(ifp), len); 1762 break; 1763 } 1764 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1765 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1766 /* Line loopback mode detected. */ 1767 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1768 sp->pp_loopcnt = MAXALIVECNT * 5; 1769 if_down (ifp); 1770 sppp_qflush (&sp->pp_cpq); 1771 1772 /* Shut down the PPP link. */ 1773 /* XXX */ 1774 lcp.Down(sp); 1775 lcp.Up(sp); 1776 break; 1777 } 1778 *(long*)(h+1) = htonl (sp->lcp.magic); 1779 if (debug) 1780 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1781 SPP_ARGS(ifp)); 1782 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1783 break; 1784 case ECHO_REPLY: 1785 if (cp->proto != PPP_LCP) 1786 goto illegal; 1787 if (h->ident != sp->lcp.echoid) { 1788 ++ifp->if_ierrors; 1789 break; 1790 } 1791 if (len < 8) { 1792 if (debug) 1793 log(-1, SPP_FMT "lcp invalid echo reply " 1794 "packet length: %d bytes\n", 1795 SPP_ARGS(ifp), len); 1796 break; 1797 } 1798 if (debug) 1799 log(-1, SPP_FMT "lcp got echo rep\n", 1800 SPP_ARGS(ifp)); 1801 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1802 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1803 sp->pp_alivecnt = 0; 1804 break; 1805 default: 1806 /* Unknown packet type -- send Code-Reject packet. */ 1807 illegal: 1808 if (debug) 1809 log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1810 SPP_ARGS(ifp), cp->name, h->type); 1811 sppp_cp_send(sp, cp->proto, CODE_REJ, 1812 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1813 ++ifp->if_ierrors; 1814 } 1815} 1816 1817 1818/* 1819 * The generic part of all Up/Down/Open/Close/TO event handlers. 1820 * Basically, the state transition handling in the automaton. 1821 */ 1822static void 1823sppp_up_event(const struct cp *cp, struct sppp *sp) 1824{ 1825 STDDCL; 1826 1827 if (debug) 1828 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1829 SPP_ARGS(ifp), cp->name, 1830 sppp_state_name(sp->state[cp->protoidx])); 1831 1832 switch (sp->state[cp->protoidx]) { 1833 case STATE_INITIAL: 1834 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1835 break; 1836 case STATE_STARTING: 1837 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1838 (cp->scr)(sp); 1839 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1840 break; 1841 default: 1842 printf(SPP_FMT "%s illegal up in state %s\n", 1843 SPP_ARGS(ifp), cp->name, 1844 sppp_state_name(sp->state[cp->protoidx])); 1845 } 1846} 1847 1848static void 1849sppp_down_event(const struct cp *cp, struct sppp *sp) 1850{ 1851 STDDCL; 1852 1853 if (debug) 1854 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1855 SPP_ARGS(ifp), cp->name, 1856 sppp_state_name(sp->state[cp->protoidx])); 1857 1858 switch (sp->state[cp->protoidx]) { 1859 case STATE_CLOSED: 1860 case STATE_CLOSING: 1861 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1862 break; 1863 case STATE_STOPPED: 1864 sppp_cp_change_state(cp, sp, STATE_STARTING); 1865 (cp->tls)(sp); 1866 break; 1867 case STATE_STOPPING: 1868 case STATE_REQ_SENT: 1869 case STATE_ACK_RCVD: 1870 case STATE_ACK_SENT: 1871 sppp_cp_change_state(cp, sp, STATE_STARTING); 1872 break; 1873 case STATE_OPENED: 1874 (cp->tld)(sp); 1875 sppp_cp_change_state(cp, sp, STATE_STARTING); 1876 break; 1877 default: 1878 printf(SPP_FMT "%s illegal down in state %s\n", 1879 SPP_ARGS(ifp), cp->name, 1880 sppp_state_name(sp->state[cp->protoidx])); 1881 } 1882} 1883 1884 1885static void 1886sppp_open_event(const struct cp *cp, struct sppp *sp) 1887{ 1888 STDDCL; 1889 1890 if (debug) 1891 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1892 SPP_ARGS(ifp), cp->name, 1893 sppp_state_name(sp->state[cp->protoidx])); 1894 1895 switch (sp->state[cp->protoidx]) { 1896 case STATE_INITIAL: 1897 sppp_cp_change_state(cp, sp, STATE_STARTING); 1898 (cp->tls)(sp); 1899 break; 1900 case STATE_STARTING: 1901 break; 1902 case STATE_CLOSED: 1903 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1904 (cp->scr)(sp); 1905 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1906 break; 1907 case STATE_STOPPED: 1908 /* 1909 * Try escaping stopped state. This seems to bite 1910 * people occasionally, in particular for IPCP, 1911 * presumably following previous IPCP negotiation 1912 * aborts. Somehow, we must have missed a Down event 1913 * which would have caused a transition into starting 1914 * state, so as a bandaid we force the Down event now. 1915 * This effectively implements (something like the) 1916 * `restart' option mentioned in the state transition 1917 * table of RFC 1661. 1918 */ 1919 sppp_cp_change_state(cp, sp, STATE_STARTING); 1920 (cp->tls)(sp); 1921 break; 1922 case STATE_STOPPING: 1923 case STATE_REQ_SENT: 1924 case STATE_ACK_RCVD: 1925 case STATE_ACK_SENT: 1926 case STATE_OPENED: 1927 break; 1928 case STATE_CLOSING: 1929 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1930 break; 1931 } 1932} 1933 1934 1935static void 1936sppp_close_event(const struct cp *cp, struct sppp *sp) 1937{ 1938 STDDCL; 1939 1940 if (debug) 1941 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1942 SPP_ARGS(ifp), cp->name, 1943 sppp_state_name(sp->state[cp->protoidx])); 1944 1945 switch (sp->state[cp->protoidx]) { 1946 case STATE_INITIAL: 1947 case STATE_CLOSED: 1948 case STATE_CLOSING: 1949 break; 1950 case STATE_STARTING: 1951 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1952 (cp->tlf)(sp); 1953 break; 1954 case STATE_STOPPED: 1955 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1956 break; 1957 case STATE_STOPPING: 1958 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1959 break; 1960 case STATE_OPENED: 1961 (cp->tld)(sp); 1962 /* FALLTHROUGH */ 1963 case STATE_REQ_SENT: 1964 case STATE_ACK_RCVD: 1965 case STATE_ACK_SENT: 1966 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1967 sppp_cp_send(sp, cp->proto, TERM_REQ, 1968 ++sp->pp_seq[cp->protoidx], 0, 0); 1969 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1970 break; 1971 } 1972} 1973 1974static void 1975sppp_to_event(const struct cp *cp, struct sppp *sp) 1976{ 1977 STDDCL; 1978 int s; 1979 1980 s = splimp(); 1981 if (debug) 1982 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1983 SPP_ARGS(ifp), cp->name, 1984 sppp_state_name(sp->state[cp->protoidx]), 1985 sp->rst_counter[cp->protoidx]); 1986 1987 if (--sp->rst_counter[cp->protoidx] < 0) 1988 /* TO- event */ 1989 switch (sp->state[cp->protoidx]) { 1990 case STATE_CLOSING: 1991 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1992 (cp->tlf)(sp); 1993 break; 1994 case STATE_STOPPING: 1995 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1996 (cp->tlf)(sp); 1997 break; 1998 case STATE_REQ_SENT: 1999 case STATE_ACK_RCVD: 2000 case STATE_ACK_SENT: 2001 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2002 (cp->tlf)(sp); 2003 break; 2004 } 2005 else 2006 /* TO+ event */ 2007 switch (sp->state[cp->protoidx]) { 2008 case STATE_CLOSING: 2009 case STATE_STOPPING: 2010 sppp_cp_send(sp, cp->proto, TERM_REQ, 2011 ++sp->pp_seq[cp->protoidx], 0, 0); 2012 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 2013 sp->ch[cp->protoidx]); 2014 break; 2015 case STATE_REQ_SENT: 2016 case STATE_ACK_RCVD: 2017 (cp->scr)(sp); 2018 /* sppp_cp_change_state() will restart the timer */ 2019 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2020 break; 2021 case STATE_ACK_SENT: 2022 (cp->scr)(sp); 2023 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 2024 sp->ch[cp->protoidx]); 2025 break; 2026 } 2027 2028 splx(s); 2029} 2030 2031/* 2032 * Change the state of a control protocol in the state automaton. 2033 * Takes care of starting/stopping the restart timer. 2034 */ 2035static void 2036sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2037{ 2038 sp->state[cp->protoidx] = newstate; 2039 2040 UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 2041 switch (newstate) { 2042 case STATE_INITIAL: 2043 case STATE_STARTING: 2044 case STATE_CLOSED: 2045 case STATE_STOPPED: 2046 case STATE_OPENED: 2047 break; 2048 case STATE_CLOSING: 2049 case STATE_STOPPING: 2050 case STATE_REQ_SENT: 2051 case STATE_ACK_RCVD: 2052 case STATE_ACK_SENT: 2053 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 2054 sp->ch[cp->protoidx]); 2055 break; 2056 } 2057} 2058 2059/* 2060 *--------------------------------------------------------------------------* 2061 * * 2062 * The LCP implementation. * 2063 * * 2064 *--------------------------------------------------------------------------* 2065 */ 2066static void 2067sppp_lcp_init(struct sppp *sp) 2068{ 2069 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2070 sp->lcp.magic = 0; 2071 sp->state[IDX_LCP] = STATE_INITIAL; 2072 sp->fail_counter[IDX_LCP] = 0; 2073 sp->pp_seq[IDX_LCP] = 0; 2074 sp->pp_rseq[IDX_LCP] = 0; 2075 sp->lcp.protos = 0; 2076 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2077 2078 /* Note that these values are relevant for all control protocols */ 2079 sp->lcp.timeout = 3 * hz; 2080 sp->lcp.max_terminate = 2; 2081 sp->lcp.max_configure = 10; 2082 sp->lcp.max_failure = 10; 2083#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2084 callout_handle_init(&sp->ch[IDX_LCP]); 2085#endif 2086} 2087 2088static void 2089sppp_lcp_up(struct sppp *sp) 2090{ 2091 STDDCL; 2092 2093 sp->pp_alivecnt = 0; 2094 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2095 sp->lcp.magic = 0; 2096 sp->lcp.protos = 0; 2097 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2098 /* 2099 * If we are authenticator, negotiate LCP_AUTH 2100 */ 2101 if (sp->hisauth.proto != 0) 2102 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2103 else 2104 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2105 sp->pp_flags &= ~PP_NEEDAUTH; 2106 /* 2107 * If this interface is passive or dial-on-demand, and we are 2108 * still in Initial state, it means we've got an incoming 2109 * call. Activate the interface. 2110 */ 2111 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2112 if (debug) 2113 log(LOG_DEBUG, 2114 SPP_FMT "Up event", SPP_ARGS(ifp)); 2115 ifp->if_flags |= IFF_RUNNING; 2116 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2117 if (debug) 2118 log(-1, "(incoming call)\n"); 2119 sp->pp_flags |= PP_CALLIN; 2120 lcp.Open(sp); 2121 } else if (debug) 2122 log(-1, "\n"); 2123 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2124 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2125 ifp->if_flags |= IFF_RUNNING; 2126 lcp.Open(sp); 2127 } 2128 2129 sppp_up_event(&lcp, sp); 2130} 2131 2132static void 2133sppp_lcp_down(struct sppp *sp) 2134{ 2135 STDDCL; 2136 2137 sppp_down_event(&lcp, sp); 2138 2139 /* 2140 * If this is neither a dial-on-demand nor a passive 2141 * interface, simulate an ``ifconfig down'' action, so the 2142 * administrator can force a redial by another ``ifconfig 2143 * up''. XXX For leased line operation, should we immediately 2144 * try to reopen the connection here? 2145 */ 2146 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2147 log(LOG_INFO, 2148 SPP_FMT "Down event, taking interface down.\n", 2149 SPP_ARGS(ifp)); 2150 if_down(ifp); 2151 } else { 2152 if (debug) 2153 log(LOG_DEBUG, 2154 SPP_FMT "Down event (carrier loss)\n", 2155 SPP_ARGS(ifp)); 2156 sp->pp_flags &= ~PP_CALLIN; 2157 if (sp->state[IDX_LCP] != STATE_INITIAL) 2158 lcp.Close(sp); 2159 ifp->if_flags &= ~IFF_RUNNING; 2160 } 2161} 2162 2163static void 2164sppp_lcp_open(struct sppp *sp) 2165{ 2166 sppp_open_event(&lcp, sp); 2167} 2168 2169static void 2170sppp_lcp_close(struct sppp *sp) 2171{ 2172 sppp_close_event(&lcp, sp); 2173} 2174 2175static void 2176sppp_lcp_TO(void *cookie) 2177{ 2178 sppp_to_event(&lcp, (struct sppp *)cookie); 2179} 2180 2181/* 2182 * Analyze a configure request. Return true if it was agreeable, and 2183 * caused action sca, false if it has been rejected or nak'ed, and 2184 * caused action scn. (The return value is used to make the state 2185 * transition decision in the state automaton.) 2186 */ 2187static int 2188sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2189{ 2190 STDDCL; 2191 u_char *buf, *r, *p; 2192 int origlen, rlen; 2193 u_long nmagic; 2194 u_short authproto; 2195 2196 len -= 4; 2197 origlen = len; 2198 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2199 if (! buf) 2200 return (0); 2201 2202 if (debug) 2203 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2204 SPP_ARGS(ifp)); 2205 2206 /* pass 1: check for things that need to be rejected */ 2207 p = (void*) (h+1); 2208 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2209 if (debug) 2210 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2211 switch (*p) { 2212 case LCP_OPT_MAGIC: 2213 /* Magic number. */ 2214 if (len >= 6 && p[1] == 6) 2215 continue; 2216 if (debug) 2217 log(-1, "[invalid] "); 2218 break; 2219 case LCP_OPT_ASYNC_MAP: 2220 /* Async control character map. */ 2221 if (len >= 6 && p[1] == 6) 2222 continue; 2223 if (debug) 2224 log(-1, "[invalid] "); 2225 break; 2226 case LCP_OPT_MRU: 2227 /* Maximum receive unit. */ 2228 if (len >= 4 && p[1] == 4) 2229 continue; 2230 if (debug) 2231 log(-1, "[invalid] "); 2232 break; 2233 case LCP_OPT_AUTH_PROTO: 2234 if (len < 4) { 2235 if (debug) 2236 log(-1, "[invalid] "); 2237 break; 2238 } 2239 authproto = (p[2] << 8) + p[3]; 2240 if (authproto == PPP_CHAP && p[1] != 5) { 2241 if (debug) 2242 log(-1, "[invalid chap len] "); 2243 break; 2244 } 2245 if (sp->myauth.proto == 0) { 2246 /* we are not configured to do auth */ 2247 if (debug) 2248 log(-1, "[not configured] "); 2249 break; 2250 } 2251 /* 2252 * Remote want us to authenticate, remember this, 2253 * so we stay in PHASE_AUTHENTICATE after LCP got 2254 * up. 2255 */ 2256 sp->pp_flags |= PP_NEEDAUTH; 2257 continue; 2258 default: 2259 /* Others not supported. */ 2260 if (debug) 2261 log(-1, "[rej] "); 2262 break; 2263 } 2264 /* Add the option to rejected list. */ 2265 bcopy (p, r, p[1]); 2266 r += p[1]; 2267 rlen += p[1]; 2268 } 2269 if (rlen) { 2270 if (debug) 2271 log(-1, " send conf-rej\n"); 2272 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2273 return 0; 2274 } else if (debug) 2275 log(-1, "\n"); 2276 2277 /* 2278 * pass 2: check for option values that are unacceptable and 2279 * thus require to be nak'ed. 2280 */ 2281 if (debug) 2282 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2283 SPP_ARGS(ifp)); 2284 2285 p = (void*) (h+1); 2286 len = origlen; 2287 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2288 if (debug) 2289 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2290 switch (*p) { 2291 case LCP_OPT_MAGIC: 2292 /* Magic number -- extract. */ 2293 nmagic = (u_long)p[2] << 24 | 2294 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2295 if (nmagic != sp->lcp.magic) { 2296 sp->pp_loopcnt = 0; 2297 if (debug) 2298 log(-1, "0x%lx ", nmagic); 2299 continue; 2300 } 2301 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2302 log(-1, "[glitch] "); 2303 ++sp->pp_loopcnt; 2304 /* 2305 * We negate our magic here, and NAK it. If 2306 * we see it later in an NAK packet, we 2307 * suggest a new one. 2308 */ 2309 nmagic = ~sp->lcp.magic; 2310 /* Gonna NAK it. */ 2311 p[2] = nmagic >> 24; 2312 p[3] = nmagic >> 16; 2313 p[4] = nmagic >> 8; 2314 p[5] = nmagic; 2315 break; 2316 2317 case LCP_OPT_ASYNC_MAP: 2318 /* 2319 * Async control character map -- just ignore it. 2320 * 2321 * Quote from RFC 1662, chapter 6: 2322 * To enable this functionality, synchronous PPP 2323 * implementations MUST always respond to the 2324 * Async-Control-Character-Map Configuration 2325 * Option with the LCP Configure-Ack. However, 2326 * acceptance of the Configuration Option does 2327 * not imply that the synchronous implementation 2328 * will do any ACCM mapping. Instead, all such 2329 * octet mapping will be performed by the 2330 * asynchronous-to-synchronous converter. 2331 */ 2332 continue; 2333 2334 case LCP_OPT_MRU: 2335 /* 2336 * Maximum receive unit. Always agreeable, 2337 * but ignored by now. 2338 */ 2339 sp->lcp.their_mru = p[2] * 256 + p[3]; 2340 if (debug) 2341 log(-1, "%lu ", sp->lcp.their_mru); 2342 continue; 2343 2344 case LCP_OPT_AUTH_PROTO: 2345 authproto = (p[2] << 8) + p[3]; 2346 if (sp->myauth.proto != authproto) { 2347 /* not agreed, nak */ 2348 if (debug) 2349 log(-1, "[mine %s != his %s] ", 2350 sppp_proto_name(sp->hisauth.proto), 2351 sppp_proto_name(authproto)); 2352 p[2] = sp->myauth.proto >> 8; 2353 p[3] = sp->myauth.proto; 2354 break; 2355 } 2356 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2357 if (debug) 2358 log(-1, "[chap not MD5] "); 2359 p[4] = CHAP_MD5; 2360 break; 2361 } 2362 continue; 2363 } 2364 /* Add the option to nak'ed list. */ 2365 bcopy (p, r, p[1]); 2366 r += p[1]; 2367 rlen += p[1]; 2368 } 2369 if (rlen) { 2370 /* 2371 * Local and remote magics equal -- loopback? 2372 */ 2373 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2374 if (sp->pp_loopcnt == MAXALIVECNT*5) 2375 printf (SPP_FMT "loopback\n", 2376 SPP_ARGS(ifp)); 2377 if (ifp->if_flags & IFF_UP) { 2378 if_down(ifp); 2379 sppp_qflush(&sp->pp_cpq); 2380 /* XXX ? */ 2381 lcp.Down(sp); 2382 lcp.Up(sp); 2383 } 2384 } else if (!sp->pp_loopcnt && 2385 ++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2386 if (debug) 2387 log(-1, " max_failure (%d) exceeded, " 2388 "send conf-rej\n", 2389 sp->lcp.max_failure); 2390 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2391 } else { 2392 if (debug) 2393 log(-1, " send conf-nak\n"); 2394 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2395 } 2396 } else { 2397 if (debug) 2398 log(-1, " send conf-ack\n"); 2399 sp->fail_counter[IDX_LCP] = 0; 2400 sp->pp_loopcnt = 0; 2401 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2402 h->ident, origlen, h+1); 2403 } 2404 2405 free (buf, M_TEMP); 2406 return (rlen == 0); 2407} 2408 2409/* 2410 * Analyze the LCP Configure-Reject option list, and adjust our 2411 * negotiation. 2412 */ 2413static void 2414sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2415{ 2416 STDDCL; 2417 u_char *buf, *p; 2418 2419 len -= 4; 2420 buf = malloc (len, M_TEMP, M_NOWAIT); 2421 if (!buf) 2422 return; 2423 2424 if (debug) 2425 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2426 SPP_ARGS(ifp)); 2427 2428 p = (void*) (h+1); 2429 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2430 if (debug) 2431 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2432 switch (*p) { 2433 case LCP_OPT_MAGIC: 2434 /* Magic number -- can't use it, use 0 */ 2435 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2436 sp->lcp.magic = 0; 2437 break; 2438 case LCP_OPT_MRU: 2439 /* 2440 * Should not be rejected anyway, since we only 2441 * negotiate a MRU if explicitly requested by 2442 * peer. 2443 */ 2444 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2445 break; 2446 case LCP_OPT_AUTH_PROTO: 2447 /* 2448 * Peer doesn't want to authenticate himself, 2449 * deny unless this is a dialout call, and 2450 * AUTHFLAG_NOCALLOUT is set. 2451 */ 2452 if ((sp->pp_flags & PP_CALLIN) == 0 && 2453 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2454 if (debug) 2455 log(-1, "[don't insist on auth " 2456 "for callout]"); 2457 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2458 break; 2459 } 2460 if (debug) 2461 log(-1, "[access denied]\n"); 2462 lcp.Close(sp); 2463 break; 2464 } 2465 } 2466 if (debug) 2467 log(-1, "\n"); 2468 free (buf, M_TEMP); 2469 return; 2470} 2471 2472/* 2473 * Analyze the LCP Configure-NAK option list, and adjust our 2474 * negotiation. 2475 */ 2476static void 2477sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2478{ 2479 STDDCL; 2480 u_char *buf, *p; 2481 u_long magic; 2482 2483 len -= 4; 2484 buf = malloc (len, M_TEMP, M_NOWAIT); 2485 if (!buf) 2486 return; 2487 2488 if (debug) 2489 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2490 SPP_ARGS(ifp)); 2491 2492 p = (void*) (h+1); 2493 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2494 if (debug) 2495 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2496 switch (*p) { 2497 case LCP_OPT_MAGIC: 2498 /* Magic number -- renegotiate */ 2499 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2500 len >= 6 && p[1] == 6) { 2501 magic = (u_long)p[2] << 24 | 2502 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2503 /* 2504 * If the remote magic is our negated one, 2505 * this looks like a loopback problem. 2506 * Suggest a new magic to make sure. 2507 */ 2508 if (magic == ~sp->lcp.magic) { 2509 if (debug) 2510 log(-1, "magic glitch "); 2511#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2512 sp->lcp.magic = random(); 2513#else 2514 sp->lcp.magic = time.tv_sec + time.tv_usec; 2515#endif 2516 } else { 2517 sp->lcp.magic = magic; 2518 if (debug) 2519 log(-1, "%lu ", magic); 2520 } 2521 } 2522 break; 2523 case LCP_OPT_MRU: 2524 /* 2525 * Peer wants to advise us to negotiate an MRU. 2526 * Agree on it if it's reasonable, or use 2527 * default otherwise. 2528 */ 2529 if (len >= 4 && p[1] == 4) { 2530 u_int mru = p[2] * 256 + p[3]; 2531 if (debug) 2532 log(-1, "%d ", mru); 2533 if (mru < PP_MTU || mru > PP_MAX_MRU) 2534 mru = PP_MTU; 2535 sp->lcp.mru = mru; 2536 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2537 } 2538 break; 2539 case LCP_OPT_AUTH_PROTO: 2540 /* 2541 * Peer doesn't like our authentication method, 2542 * deny. 2543 */ 2544 if (debug) 2545 log(-1, "[access denied]\n"); 2546 lcp.Close(sp); 2547 break; 2548 } 2549 } 2550 if (debug) 2551 log(-1, "\n"); 2552 free (buf, M_TEMP); 2553 return; 2554} 2555 2556static void 2557sppp_lcp_tlu(struct sppp *sp) 2558{ 2559 STDDCL; 2560 int i; 2561 u_long mask; 2562 2563 /* XXX ? */ 2564 if (! (ifp->if_flags & IFF_UP) && 2565 (ifp->if_flags & IFF_RUNNING)) { 2566 /* Coming out of loopback mode. */ 2567 if_up(ifp); 2568 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2569 } 2570 2571 for (i = 0; i < IDX_COUNT; i++) 2572 if ((cps[i])->flags & CP_QUAL) 2573 (cps[i])->Open(sp); 2574 2575 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2576 (sp->pp_flags & PP_NEEDAUTH) != 0) 2577 sp->pp_phase = PHASE_AUTHENTICATE; 2578 else 2579 sp->pp_phase = PHASE_NETWORK; 2580 2581 if (debug) 2582 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2583 sppp_phase_name(sp->pp_phase)); 2584 2585 /* 2586 * Open all authentication protocols. This is even required 2587 * if we already proceeded to network phase, since it might be 2588 * that remote wants us to authenticate, so we might have to 2589 * send a PAP request. Undesired authentication protocols 2590 * don't do anything when they get an Open event. 2591 */ 2592 for (i = 0; i < IDX_COUNT; i++) 2593 if ((cps[i])->flags & CP_AUTH) 2594 (cps[i])->Open(sp); 2595 2596 if (sp->pp_phase == PHASE_NETWORK) { 2597 /* Notify all NCPs. */ 2598 for (i = 0; i < IDX_COUNT; i++) 2599 if (((cps[i])->flags & CP_NCP) && 2600 /* 2601 * XXX 2602 * Hack to administratively disable IPv6 if 2603 * not desired. Perhaps we should have another 2604 * flag for this, but right now, we can make 2605 * all struct cp's read/only. 2606 */ 2607 (cps[i] != &ipv6cp || 2608 (sp->confflags & CONF_ENABLE_IPV6))) 2609 (cps[i])->Open(sp); 2610 } 2611 2612 /* Send Up events to all started protos. */ 2613 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2614 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2615 (cps[i])->Up(sp); 2616 2617 /* notify low-level driver of state change */ 2618 if (sp->pp_chg) 2619 sp->pp_chg(sp, (int)sp->pp_phase); 2620 2621 if (sp->pp_phase == PHASE_NETWORK) 2622 /* if no NCP is starting, close down */ 2623 sppp_lcp_check_and_close(sp); 2624} 2625 2626static void 2627sppp_lcp_tld(struct sppp *sp) 2628{ 2629 STDDCL; 2630 int i; 2631 u_long mask; 2632 2633 sp->pp_phase = PHASE_TERMINATE; 2634 2635 if (debug) 2636 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2637 sppp_phase_name(sp->pp_phase)); 2638 2639 /* 2640 * Take upper layers down. We send the Down event first and 2641 * the Close second to prevent the upper layers from sending 2642 * ``a flurry of terminate-request packets'', as the RFC 2643 * describes it. 2644 */ 2645 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2646 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2647 (cps[i])->Down(sp); 2648 (cps[i])->Close(sp); 2649 } 2650} 2651 2652static void 2653sppp_lcp_tls(struct sppp *sp) 2654{ 2655 STDDCL; 2656 2657 sp->pp_phase = PHASE_ESTABLISH; 2658 2659 if (debug) 2660 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2661 sppp_phase_name(sp->pp_phase)); 2662 2663 /* Notify lower layer if desired. */ 2664 if (sp->pp_tls) 2665 (sp->pp_tls)(sp); 2666 else 2667 (sp->pp_up)(sp); 2668} 2669 2670static void 2671sppp_lcp_tlf(struct sppp *sp) 2672{ 2673 STDDCL; 2674 2675 sp->pp_phase = PHASE_DEAD; 2676 if (debug) 2677 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2678 sppp_phase_name(sp->pp_phase)); 2679 2680 /* Notify lower layer if desired. */ 2681 if (sp->pp_tlf) 2682 (sp->pp_tlf)(sp); 2683 else 2684 (sp->pp_down)(sp); 2685} 2686 2687static void 2688sppp_lcp_scr(struct sppp *sp) 2689{ 2690 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2691 int i = 0; 2692 u_short authproto; 2693 2694 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2695 if (! sp->lcp.magic) 2696#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2697 sp->lcp.magic = random(); 2698#else 2699 sp->lcp.magic = time.tv_sec + time.tv_usec; 2700#endif 2701 opt[i++] = LCP_OPT_MAGIC; 2702 opt[i++] = 6; 2703 opt[i++] = sp->lcp.magic >> 24; 2704 opt[i++] = sp->lcp.magic >> 16; 2705 opt[i++] = sp->lcp.magic >> 8; 2706 opt[i++] = sp->lcp.magic; 2707 } 2708 2709 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2710 opt[i++] = LCP_OPT_MRU; 2711 opt[i++] = 4; 2712 opt[i++] = sp->lcp.mru >> 8; 2713 opt[i++] = sp->lcp.mru; 2714 } 2715 2716 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2717 authproto = sp->hisauth.proto; 2718 opt[i++] = LCP_OPT_AUTH_PROTO; 2719 opt[i++] = authproto == PPP_CHAP? 5: 4; 2720 opt[i++] = authproto >> 8; 2721 opt[i++] = authproto; 2722 if (authproto == PPP_CHAP) 2723 opt[i++] = CHAP_MD5; 2724 } 2725 2726 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2727 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2728} 2729 2730/* 2731 * Check the open NCPs, return true if at least one NCP is open. 2732 */ 2733static int 2734sppp_ncp_check(struct sppp *sp) 2735{ 2736 int i, mask; 2737 2738 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2739 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2740 return 1; 2741 return 0; 2742} 2743 2744/* 2745 * Re-check the open NCPs and see if we should terminate the link. 2746 * Called by the NCPs during their tlf action handling. 2747 */ 2748static void 2749sppp_lcp_check_and_close(struct sppp *sp) 2750{ 2751 2752 if (sp->pp_phase < PHASE_NETWORK) 2753 /* don't bother, we are already going down */ 2754 return; 2755 2756 if (sppp_ncp_check(sp)) 2757 return; 2758 2759 lcp.Close(sp); 2760} 2761 2762/* 2763 *--------------------------------------------------------------------------* 2764 * * 2765 * The IPCP implementation. * 2766 * * 2767 *--------------------------------------------------------------------------* 2768 */ 2769 2770static void 2771sppp_ipcp_init(struct sppp *sp) 2772{ 2773 sp->ipcp.opts = 0; 2774 sp->ipcp.flags = 0; 2775 sp->state[IDX_IPCP] = STATE_INITIAL; 2776 sp->fail_counter[IDX_IPCP] = 0; 2777 sp->pp_seq[IDX_IPCP] = 0; 2778 sp->pp_rseq[IDX_IPCP] = 0; 2779#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2780 callout_handle_init(&sp->ch[IDX_IPCP]); 2781#endif 2782} 2783 2784static void 2785sppp_ipcp_up(struct sppp *sp) 2786{ 2787 sppp_up_event(&ipcp, sp); 2788} 2789 2790static void 2791sppp_ipcp_down(struct sppp *sp) 2792{ 2793 sppp_down_event(&ipcp, sp); 2794} 2795 2796static void 2797sppp_ipcp_open(struct sppp *sp) 2798{ 2799 STDDCL; 2800 u_long myaddr, hisaddr; 2801 2802 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN | 2803 IPCP_MYADDR_DYN | IPCP_VJ); 2804 sp->ipcp.opts = 0; 2805 2806 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2807 /* 2808 * If we don't have his address, this probably means our 2809 * interface doesn't want to talk IP at all. (This could 2810 * be the case if somebody wants to speak only IPX, for 2811 * example.) Don't open IPCP in this case. 2812 */ 2813 if (hisaddr == 0L) { 2814 /* XXX this message should go away */ 2815 if (debug) 2816 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2817 SPP_ARGS(ifp)); 2818 return; 2819 } 2820 if (myaddr == 0L) { 2821 /* 2822 * I don't have an assigned address, so i need to 2823 * negotiate my address. 2824 */ 2825 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2826 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2827 } else 2828 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2829 if (sp->confflags & CONF_ENABLE_VJ) { 2830 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION); 2831 sp->ipcp.max_state = MAX_STATES - 1; 2832 sp->ipcp.compress_cid = 1; 2833 } 2834 sppp_open_event(&ipcp, sp); 2835} 2836 2837static void 2838sppp_ipcp_close(struct sppp *sp) 2839{ 2840 sppp_close_event(&ipcp, sp); 2841 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2842 /* 2843 * My address was dynamic, clear it again. 2844 */ 2845 sppp_set_ip_addr(sp, 0L); 2846} 2847 2848static void 2849sppp_ipcp_TO(void *cookie) 2850{ 2851 sppp_to_event(&ipcp, (struct sppp *)cookie); 2852} 2853 2854/* 2855 * Analyze a configure request. Return true if it was agreeable, and 2856 * caused action sca, false if it has been rejected or nak'ed, and 2857 * caused action scn. (The return value is used to make the state 2858 * transition decision in the state automaton.) 2859 */ 2860static int 2861sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2862{ 2863 u_char *buf, *r, *p; 2864 struct ifnet *ifp = &sp->pp_if; 2865 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2866 u_long hisaddr, desiredaddr; 2867 int gotmyaddr = 0; 2868 int desiredcomp; 2869 2870 len -= 4; 2871 origlen = len; 2872 /* 2873 * Make sure to allocate a buf that can at least hold a 2874 * conf-nak with an `address' option. We might need it below. 2875 */ 2876 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2877 if (! buf) 2878 return (0); 2879 2880 /* pass 1: see if we can recognize them */ 2881 if (debug) 2882 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2883 SPP_ARGS(ifp)); 2884 p = (void*) (h+1); 2885 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2886 if (debug) 2887 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2888 switch (*p) { 2889 case IPCP_OPT_COMPRESSION: 2890 if (!(sp->confflags & CONF_ENABLE_VJ)) { 2891 /* VJ compression administratively disabled */ 2892 if (debug) 2893 log(-1, "[locally disabled] "); 2894 break; 2895 } 2896 /* 2897 * In theory, we should only conf-rej an 2898 * option that is shorter than RFC 1618 2899 * requires (i.e. < 4), and should conf-nak 2900 * anything else that is not VJ. However, 2901 * since our algorithm always uses the 2902 * original option to NAK it with new values, 2903 * things would become more complicated. In 2904 * pratice, the only commonly implemented IP 2905 * compression option is VJ anyway, so the 2906 * difference is negligible. 2907 */ 2908 if (len >= 6 && p[1] == 6) { 2909 /* 2910 * correctly formed compression option 2911 * that could be VJ compression 2912 */ 2913 continue; 2914 } 2915 if (debug) 2916 log(-1, 2917 "optlen %d [invalid/unsupported] ", 2918 p[1]); 2919 break; 2920 case IPCP_OPT_ADDRESS: 2921 if (len >= 6 && p[1] == 6) { 2922 /* correctly formed address option */ 2923 continue; 2924 } 2925 if (debug) 2926 log(-1, "[invalid] "); 2927 break; 2928 default: 2929 /* Others not supported. */ 2930 if (debug) 2931 log(-1, "[rej] "); 2932 break; 2933 } 2934 /* Add the option to rejected list. */ 2935 bcopy (p, r, p[1]); 2936 r += p[1]; 2937 rlen += p[1]; 2938 } 2939 if (rlen) { 2940 if (debug) 2941 log(-1, " send conf-rej\n"); 2942 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2943 return 0; 2944 } else if (debug) 2945 log(-1, "\n"); 2946 2947 /* pass 2: parse option values */ 2948 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2949 if (debug) 2950 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2951 SPP_ARGS(ifp)); 2952 p = (void*) (h+1); 2953 len = origlen; 2954 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2955 if (debug) 2956 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2957 switch (*p) { 2958 case IPCP_OPT_COMPRESSION: 2959 desiredcomp = p[2] << 8 | p[3]; 2960 /* We only support VJ */ 2961 if (desiredcomp == IPCP_COMP_VJ) { 2962 if (debug) 2963 log(-1, "VJ [ack] "); 2964 sp->ipcp.flags |= IPCP_VJ; 2965 sl_compress_init(sp->pp_comp, p[4]); 2966 sp->ipcp.max_state = p[4]; 2967 sp->ipcp.compress_cid = p[5]; 2968 continue; 2969 } 2970 if (debug) 2971 log(-1, 2972 "compproto %#04x [not supported] ", 2973 desiredcomp); 2974 p[2] = IPCP_COMP_VJ >> 8; 2975 p[3] = IPCP_COMP_VJ; 2976 p[4] = sp->ipcp.max_state; 2977 p[5] = sp->ipcp.compress_cid; 2978 break; 2979 case IPCP_OPT_ADDRESS: 2980 /* This is the address he wants in his end */ 2981 desiredaddr = p[2] << 24 | p[3] << 16 | 2982 p[4] << 8 | p[5]; 2983 if (desiredaddr == hisaddr || 2984 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) { 2985 /* 2986 * Peer's address is same as our value, 2987 * or we have set it to 0.0.0.* to 2988 * indicate that we do not really care, 2989 * this is agreeable. Gonna conf-ack 2990 * it. 2991 */ 2992 if (debug) 2993 log(-1, "%s [ack] ", 2994 sppp_dotted_quad(hisaddr)); 2995 /* record that we've seen it already */ 2996 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2997 continue; 2998 } 2999 /* 3000 * The address wasn't agreeable. This is either 3001 * he sent us 0.0.0.0, asking to assign him an 3002 * address, or he send us another address not 3003 * matching our value. Either case, we gonna 3004 * conf-nak it with our value. 3005 * XXX: we should "rej" if hisaddr == 0 3006 */ 3007 if (debug) { 3008 if (desiredaddr == 0) 3009 log(-1, "[addr requested] "); 3010 else 3011 log(-1, "%s [not agreed] ", 3012 sppp_dotted_quad(desiredaddr)); 3013 3014 } 3015 p[2] = hisaddr >> 24; 3016 p[3] = hisaddr >> 16; 3017 p[4] = hisaddr >> 8; 3018 p[5] = hisaddr; 3019 break; 3020 } 3021 /* Add the option to nak'ed list. */ 3022 bcopy (p, r, p[1]); 3023 r += p[1]; 3024 rlen += p[1]; 3025 } 3026 3027 /* 3028 * If we are about to conf-ack the request, but haven't seen 3029 * his address so far, gonna conf-nak it instead, with the 3030 * `address' option present and our idea of his address being 3031 * filled in there, to request negotiation of both addresses. 3032 * 3033 * XXX This can result in an endless req - nak loop if peer 3034 * doesn't want to send us his address. Q: What should we do 3035 * about it? XXX A: implement the max-failure counter. 3036 */ 3037 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 3038 buf[0] = IPCP_OPT_ADDRESS; 3039 buf[1] = 6; 3040 buf[2] = hisaddr >> 24; 3041 buf[3] = hisaddr >> 16; 3042 buf[4] = hisaddr >> 8; 3043 buf[5] = hisaddr; 3044 rlen = 6; 3045 if (debug) 3046 log(-1, "still need hisaddr "); 3047 } 3048 3049 if (rlen) { 3050 if (debug) 3051 log(-1, " send conf-nak\n"); 3052 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3053 } else { 3054 if (debug) 3055 log(-1, " send conf-ack\n"); 3056 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 3057 h->ident, origlen, h+1); 3058 } 3059 3060 free (buf, M_TEMP); 3061 return (rlen == 0); 3062} 3063 3064/* 3065 * Analyze the IPCP Configure-Reject option list, and adjust our 3066 * negotiation. 3067 */ 3068static void 3069sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3070{ 3071 u_char *buf, *p; 3072 struct ifnet *ifp = &sp->pp_if; 3073 int debug = ifp->if_flags & IFF_DEBUG; 3074 3075 len -= 4; 3076 buf = malloc (len, M_TEMP, M_NOWAIT); 3077 if (!buf) 3078 return; 3079 3080 if (debug) 3081 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 3082 SPP_ARGS(ifp)); 3083 3084 p = (void*) (h+1); 3085 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3086 if (debug) 3087 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3088 switch (*p) { 3089 case IPCP_OPT_COMPRESSION: 3090 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION); 3091 break; 3092 case IPCP_OPT_ADDRESS: 3093 /* 3094 * Peer doesn't grok address option. This is 3095 * bad. XXX Should we better give up here? 3096 * XXX We could try old "addresses" option... 3097 */ 3098 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3099 break; 3100 } 3101 } 3102 if (debug) 3103 log(-1, "\n"); 3104 free (buf, M_TEMP); 3105 return; 3106} 3107 3108/* 3109 * Analyze the IPCP Configure-NAK option list, and adjust our 3110 * negotiation. 3111 */ 3112static void 3113sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3114{ 3115 u_char *buf, *p; 3116 struct ifnet *ifp = &sp->pp_if; 3117 int debug = ifp->if_flags & IFF_DEBUG; 3118 int desiredcomp; 3119 u_long wantaddr; 3120 3121 len -= 4; 3122 buf = malloc (len, M_TEMP, M_NOWAIT); 3123 if (!buf) 3124 return; 3125 3126 if (debug) 3127 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 3128 SPP_ARGS(ifp)); 3129 3130 p = (void*) (h+1); 3131 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3132 if (debug) 3133 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3134 switch (*p) { 3135 case IPCP_OPT_COMPRESSION: 3136 if (len >= 6 && p[1] == 6) { 3137 desiredcomp = p[2] << 8 | p[3]; 3138 if (debug) 3139 log(-1, "[wantcomp %#04x] ", 3140 desiredcomp); 3141 if (desiredcomp == IPCP_COMP_VJ) { 3142 sl_compress_init(sp->pp_comp, p[4]); 3143 sp->ipcp.max_state = p[4]; 3144 sp->ipcp.compress_cid = p[5]; 3145 if (debug) 3146 log(-1, "[agree] "); 3147 } else 3148 sp->ipcp.opts &= 3149 ~(1 << IPCP_OPT_COMPRESSION); 3150 } 3151 break; 3152 case IPCP_OPT_ADDRESS: 3153 /* 3154 * Peer doesn't like our local IP address. See 3155 * if we can do something for him. We'll drop 3156 * him our address then. 3157 */ 3158 if (len >= 6 && p[1] == 6) { 3159 wantaddr = p[2] << 24 | p[3] << 16 | 3160 p[4] << 8 | p[5]; 3161 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3162 if (debug) 3163 log(-1, "[wantaddr %s] ", 3164 sppp_dotted_quad(wantaddr)); 3165 /* 3166 * When doing dynamic address assignment, 3167 * we accept his offer. Otherwise, we 3168 * ignore it and thus continue to negotiate 3169 * our already existing value. 3170 * XXX: Bogus, if he said no once, he'll 3171 * just say no again, might as well die. 3172 */ 3173 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3174 sppp_set_ip_addr(sp, wantaddr); 3175 if (debug) 3176 log(-1, "[agree] "); 3177 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3178 } 3179 } 3180 break; 3181 } 3182 } 3183 if (debug) 3184 log(-1, "\n"); 3185 free (buf, M_TEMP); 3186 return; 3187} 3188 3189static void 3190sppp_ipcp_tlu(struct sppp *sp) 3191{ 3192 /* we are up - notify isdn daemon */ 3193 if (sp->pp_con) 3194 sp->pp_con(sp); 3195} 3196 3197static void 3198sppp_ipcp_tld(struct sppp *sp) 3199{ 3200} 3201 3202static void 3203sppp_ipcp_tls(struct sppp *sp) 3204{ 3205 /* indicate to LCP that it must stay alive */ 3206 sp->lcp.protos |= (1 << IDX_IPCP); 3207} 3208 3209static void 3210sppp_ipcp_tlf(struct sppp *sp) 3211{ 3212 /* we no longer need LCP */ 3213 sp->lcp.protos &= ~(1 << IDX_IPCP); 3214 sppp_lcp_check_and_close(sp); 3215} 3216 3217static void 3218sppp_ipcp_scr(struct sppp *sp) 3219{ 3220 char opt[6 /* compression */ + 6 /* address */]; 3221 u_long ouraddr; 3222 int i = 0; 3223 3224 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3225 opt[i++] = IPCP_OPT_COMPRESSION; 3226 opt[i++] = 6; 3227 opt[i++] = IPCP_COMP_VJ >> 8; 3228 opt[i++] = IPCP_COMP_VJ; 3229 opt[i++] = sp->ipcp.max_state; 3230 opt[i++] = sp->ipcp.compress_cid; 3231 } 3232 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3233 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3234 opt[i++] = IPCP_OPT_ADDRESS; 3235 opt[i++] = 6; 3236 opt[i++] = ouraddr >> 24; 3237 opt[i++] = ouraddr >> 16; 3238 opt[i++] = ouraddr >> 8; 3239 opt[i++] = ouraddr; 3240 } 3241 3242 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3243 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3244} 3245 3246/* 3247 *--------------------------------------------------------------------------* 3248 * * 3249 * The IPv6CP implementation. * 3250 * * 3251 *--------------------------------------------------------------------------* 3252 */ 3253 3254#ifdef INET6 3255static void 3256sppp_ipv6cp_init(struct sppp *sp) 3257{ 3258 sp->ipv6cp.opts = 0; 3259 sp->ipv6cp.flags = 0; 3260 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3261 sp->fail_counter[IDX_IPV6CP] = 0; 3262 sp->pp_seq[IDX_IPV6CP] = 0; 3263 sp->pp_rseq[IDX_IPV6CP] = 0; 3264#if defined(__NetBSD__) 3265 callout_init(&sp->ch[IDX_IPV6CP]); 3266#endif 3267#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3268 callout_handle_init(&sp->ch[IDX_IPV6CP]); 3269#endif 3270} 3271 3272static void 3273sppp_ipv6cp_up(struct sppp *sp) 3274{ 3275 sppp_up_event(&ipv6cp, sp); 3276} 3277 3278static void 3279sppp_ipv6cp_down(struct sppp *sp) 3280{ 3281 sppp_down_event(&ipv6cp, sp); 3282} 3283 3284static void 3285sppp_ipv6cp_open(struct sppp *sp) 3286{ 3287 STDDCL; 3288 struct in6_addr myaddr, hisaddr; 3289 3290#ifdef IPV6CP_MYIFID_DYN 3291 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3292#else 3293 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3294#endif 3295 3296 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3297 /* 3298 * If we don't have our address, this probably means our 3299 * interface doesn't want to talk IPv6 at all. (This could 3300 * be the case if somebody wants to speak only IPX, for 3301 * example.) Don't open IPv6CP in this case. 3302 */ 3303 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3304 /* XXX this message should go away */ 3305 if (debug) 3306 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3307 SPP_ARGS(ifp)); 3308 return; 3309 } 3310 3311 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3312 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3313 sppp_open_event(&ipv6cp, sp); 3314} 3315 3316static void 3317sppp_ipv6cp_close(struct sppp *sp) 3318{ 3319 sppp_close_event(&ipv6cp, sp); 3320} 3321 3322static void 3323sppp_ipv6cp_TO(void *cookie) 3324{ 3325 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3326} 3327 3328/* 3329 * Analyze a configure request. Return true if it was agreeable, and 3330 * caused action sca, false if it has been rejected or nak'ed, and 3331 * caused action scn. (The return value is used to make the state 3332 * transition decision in the state automaton.) 3333 */ 3334static int 3335sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3336{ 3337 u_char *buf, *r, *p; 3338 struct ifnet *ifp = &sp->pp_if; 3339 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3340 struct in6_addr myaddr, desiredaddr, suggestaddr; 3341 int ifidcount; 3342 int type; 3343 int collision, nohisaddr; 3344 3345 len -= 4; 3346 origlen = len; 3347 /* 3348 * Make sure to allocate a buf that can at least hold a 3349 * conf-nak with an `address' option. We might need it below. 3350 */ 3351 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3352 if (! buf) 3353 return (0); 3354 3355 /* pass 1: see if we can recognize them */ 3356 if (debug) 3357 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3358 SPP_ARGS(ifp)); 3359 p = (void*) (h+1); 3360 ifidcount = 0; 3361 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3362 if (debug) 3363 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3364 switch (*p) { 3365 case IPV6CP_OPT_IFID: 3366 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3367 /* correctly formed address option */ 3368 ifidcount++; 3369 continue; 3370 } 3371 if (debug) 3372 log(-1, " [invalid]"); 3373 break; 3374#ifdef notyet 3375 case IPV6CP_OPT_COMPRESSION: 3376 if (len >= 4 && p[1] >= 4) { 3377 /* correctly formed compress option */ 3378 continue; 3379 } 3380 if (debug) 3381 log(-1, " [invalid]"); 3382 break; 3383#endif 3384 default: 3385 /* Others not supported. */ 3386 if (debug) 3387 log(-1, " [rej]"); 3388 break; 3389 } 3390 /* Add the option to rejected list. */ 3391 bcopy (p, r, p[1]); 3392 r += p[1]; 3393 rlen += p[1]; 3394 } 3395 if (rlen) { 3396 if (debug) 3397 log(-1, " send conf-rej\n"); 3398 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3399 goto end; 3400 } else if (debug) 3401 log(-1, "\n"); 3402 3403 /* pass 2: parse option values */ 3404 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3405 if (debug) 3406 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3407 SPP_ARGS(ifp)); 3408 p = (void*) (h+1); 3409 len = origlen; 3410 type = CONF_ACK; 3411 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3412 if (debug) 3413 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3414 switch (*p) { 3415#ifdef notyet 3416 case IPV6CP_OPT_COMPRESSION: 3417 continue; 3418#endif 3419 case IPV6CP_OPT_IFID: 3420 bzero(&desiredaddr, sizeof(desiredaddr)); 3421 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3422 collision = (bcmp(&desiredaddr.s6_addr[8], 3423 &myaddr.s6_addr[8], 8) == 0); 3424 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3425 3426 desiredaddr.s6_addr16[0] = htons(0xfe80); 3427 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3428 3429 if (!collision && !nohisaddr) { 3430 /* no collision, hisaddr known - Conf-Ack */ 3431 type = CONF_ACK; 3432 3433 if (debug) { 3434 log(-1, " %s [%s]", 3435 ip6_sprintf(&desiredaddr), 3436 sppp_cp_type_name(type)); 3437 } 3438 continue; 3439 } 3440 3441 bzero(&suggestaddr, sizeof(&suggestaddr)); 3442 if (collision && nohisaddr) { 3443 /* collision, hisaddr unknown - Conf-Rej */ 3444 type = CONF_REJ; 3445 bzero(&p[2], 8); 3446 } else { 3447 /* 3448 * - no collision, hisaddr unknown, or 3449 * - collision, hisaddr known 3450 * Conf-Nak, suggest hisaddr 3451 */ 3452 type = CONF_NAK; 3453 sppp_suggest_ip6_addr(sp, &suggestaddr); 3454 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3455 } 3456 if (debug) 3457 log(-1, " %s [%s]", ip6_sprintf(&desiredaddr), 3458 sppp_cp_type_name(type)); 3459 break; 3460 } 3461 /* Add the option to nak'ed list. */ 3462 bcopy (p, r, p[1]); 3463 r += p[1]; 3464 rlen += p[1]; 3465 } 3466 3467 if (rlen == 0 && type == CONF_ACK) { 3468 if (debug) 3469 log(-1, " send %s\n", sppp_cp_type_name(type)); 3470 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3471 } else { 3472#ifdef DIAGNOSTIC 3473 if (type == CONF_ACK) 3474 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3475#endif 3476 3477 if (debug) { 3478 log(-1, " send %s suggest %s\n", 3479 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3480 } 3481 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3482 } 3483 3484 end: 3485 free (buf, M_TEMP); 3486 return (rlen == 0); 3487} 3488 3489/* 3490 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3491 * negotiation. 3492 */ 3493static void 3494sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3495{ 3496 u_char *buf, *p; 3497 struct ifnet *ifp = &sp->pp_if; 3498 int debug = ifp->if_flags & IFF_DEBUG; 3499 3500 len -= 4; 3501 buf = malloc (len, M_TEMP, M_NOWAIT); 3502 if (!buf) 3503 return; 3504 3505 if (debug) 3506 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3507 SPP_ARGS(ifp)); 3508 3509 p = (void*) (h+1); 3510 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3511 if (debug) 3512 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3513 switch (*p) { 3514 case IPV6CP_OPT_IFID: 3515 /* 3516 * Peer doesn't grok address option. This is 3517 * bad. XXX Should we better give up here? 3518 */ 3519 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3520 break; 3521#ifdef notyet 3522 case IPV6CP_OPT_COMPRESS: 3523 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3524 break; 3525#endif 3526 } 3527 } 3528 if (debug) 3529 log(-1, "\n"); 3530 free (buf, M_TEMP); 3531 return; 3532} 3533 3534/* 3535 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3536 * negotiation. 3537 */ 3538static void 3539sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3540{ 3541 u_char *buf, *p; 3542 struct ifnet *ifp = &sp->pp_if; 3543 int debug = ifp->if_flags & IFF_DEBUG; 3544 struct in6_addr suggestaddr; 3545 3546 len -= 4; 3547 buf = malloc (len, M_TEMP, M_NOWAIT); 3548 if (!buf) 3549 return; 3550 3551 if (debug) 3552 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3553 SPP_ARGS(ifp)); 3554 3555 p = (void*) (h+1); 3556 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3557 if (debug) 3558 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3559 switch (*p) { 3560 case IPV6CP_OPT_IFID: 3561 /* 3562 * Peer doesn't like our local ifid. See 3563 * if we can do something for him. We'll drop 3564 * him our address then. 3565 */ 3566 if (len < 10 || p[1] != 10) 3567 break; 3568 bzero(&suggestaddr, sizeof(suggestaddr)); 3569 suggestaddr.s6_addr16[0] = htons(0xfe80); 3570 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3571 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3572 3573 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3574 if (debug) 3575 log(-1, " [suggestaddr %s]", 3576 ip6_sprintf(&suggestaddr)); 3577#ifdef IPV6CP_MYIFID_DYN 3578 /* 3579 * When doing dynamic address assignment, 3580 * we accept his offer. 3581 */ 3582 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3583 struct in6_addr lastsuggest; 3584 /* 3585 * If <suggested myaddr from peer> equals to 3586 * <hisaddr we have suggested last time>, 3587 * we have a collision. generate new random 3588 * ifid. 3589 */ 3590 sppp_suggest_ip6_addr(&lastsuggest); 3591 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3592 lastsuggest)) { 3593 if (debug) 3594 log(-1, " [random]"); 3595 sppp_gen_ip6_addr(sp, &suggestaddr); 3596 } 3597 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3598 if (debug) 3599 log(-1, " [agree]"); 3600 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3601 } 3602#else 3603 /* 3604 * Since we do not do dynamic address assignment, 3605 * we ignore it and thus continue to negotiate 3606 * our already existing value. This can possibly 3607 * go into infinite request-reject loop. 3608 * 3609 * This is not likely because we normally use 3610 * ifid based on MAC-address. 3611 * If you have no ethernet card on the node, too bad. 3612 * XXX should we use fail_counter? 3613 */ 3614#endif 3615 break; 3616#ifdef notyet 3617 case IPV6CP_OPT_COMPRESS: 3618 /* 3619 * Peer wants different compression parameters. 3620 */ 3621 break; 3622#endif 3623 } 3624 } 3625 if (debug) 3626 log(-1, "\n"); 3627 free (buf, M_TEMP); 3628 return; 3629} 3630static void 3631sppp_ipv6cp_tlu(struct sppp *sp) 3632{ 3633 /* we are up - notify isdn daemon */ 3634 if (sp->pp_con) 3635 sp->pp_con(sp); 3636} 3637 3638static void 3639sppp_ipv6cp_tld(struct sppp *sp) 3640{ 3641} 3642 3643static void 3644sppp_ipv6cp_tls(struct sppp *sp) 3645{ 3646 /* indicate to LCP that it must stay alive */ 3647 sp->lcp.protos |= (1 << IDX_IPV6CP); 3648} 3649 3650static void 3651sppp_ipv6cp_tlf(struct sppp *sp) 3652{ 3653 3654#if 0 /* need #if 0 to close IPv6CP properly */ 3655 /* we no longer need LCP */ 3656 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3657 sppp_lcp_check_and_close(sp); 3658#endif 3659} 3660 3661static void 3662sppp_ipv6cp_scr(struct sppp *sp) 3663{ 3664 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3665 struct in6_addr ouraddr; 3666 int i = 0; 3667 3668 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3669 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3670 opt[i++] = IPV6CP_OPT_IFID; 3671 opt[i++] = 10; 3672 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3673 i += 8; 3674 } 3675 3676#ifdef notyet 3677 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3678 opt[i++] = IPV6CP_OPT_COMPRESSION; 3679 opt[i++] = 4; 3680 opt[i++] = 0; /* TBD */ 3681 opt[i++] = 0; /* TBD */ 3682 /* variable length data may follow */ 3683 } 3684#endif 3685 3686 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3687 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3688} 3689#else /*INET6*/ 3690static void sppp_ipv6cp_init(struct sppp *sp) 3691{ 3692} 3693 3694static void sppp_ipv6cp_up(struct sppp *sp) 3695{ 3696} 3697 3698static void sppp_ipv6cp_down(struct sppp *sp) 3699{ 3700} 3701 3702 3703static void sppp_ipv6cp_open(struct sppp *sp) 3704{ 3705} 3706 3707static void sppp_ipv6cp_close(struct sppp *sp) 3708{ 3709} 3710 3711static void sppp_ipv6cp_TO(void *sp) 3712{ 3713} 3714 3715static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3716{ 3717 return 0; 3718} 3719 3720static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3721{ 3722} 3723 3724static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3725{ 3726} 3727 3728static void sppp_ipv6cp_tlu(struct sppp *sp) 3729{ 3730} 3731 3732static void sppp_ipv6cp_tld(struct sppp *sp) 3733{ 3734} 3735 3736static void sppp_ipv6cp_tls(struct sppp *sp) 3737{ 3738} 3739 3740static void sppp_ipv6cp_tlf(struct sppp *sp) 3741{ 3742} 3743 3744static void sppp_ipv6cp_scr(struct sppp *sp) 3745{ 3746} 3747#endif /*INET6*/ 3748 3749/* 3750 *--------------------------------------------------------------------------* 3751 * * 3752 * The CHAP implementation. * 3753 * * 3754 *--------------------------------------------------------------------------* 3755 */ 3756 3757/* 3758 * The authentication protocols don't employ a full-fledged state machine as 3759 * the control protocols do, since they do have Open and Close events, but 3760 * not Up and Down, nor are they explicitly terminated. Also, use of the 3761 * authentication protocols may be different in both directions (this makes 3762 * sense, think of a machine that never accepts incoming calls but only 3763 * calls out, it doesn't require the called party to authenticate itself). 3764 * 3765 * Our state machine for the local authentication protocol (we are requesting 3766 * the peer to authenticate) looks like: 3767 * 3768 * RCA- 3769 * +--------------------------------------------+ 3770 * V scn,tld| 3771 * +--------+ Close +---------+ RCA+ 3772 * | |<----------------------------------| |------+ 3773 * +--->| Closed | TO* | Opened | sca | 3774 * | | |-----+ +-------| |<-----+ 3775 * | +--------+ irc | | +---------+ 3776 * | ^ | | ^ 3777 * | | | | | 3778 * | | | | | 3779 * | TO-| | | | 3780 * | |tld TO+ V | | 3781 * | | +------->+ | | 3782 * | | | | | | 3783 * | +--------+ V | | 3784 * | | |<----+<--------------------+ | 3785 * | | Req- | scr | 3786 * | | Sent | | 3787 * | | | | 3788 * | +--------+ | 3789 * | RCA- | | RCA+ | 3790 * +------+ +------------------------------------------+ 3791 * scn,tld sca,irc,ict,tlu 3792 * 3793 * 3794 * with: 3795 * 3796 * Open: LCP reached authentication phase 3797 * Close: LCP reached terminate phase 3798 * 3799 * RCA+: received reply (pap-req, chap-response), acceptable 3800 * RCN: received reply (pap-req, chap-response), not acceptable 3801 * TO+: timeout with restart counter >= 0 3802 * TO-: timeout with restart counter < 0 3803 * TO*: reschedule timeout for CHAP 3804 * 3805 * scr: send request packet (none for PAP, chap-challenge) 3806 * sca: send ack packet (pap-ack, chap-success) 3807 * scn: send nak packet (pap-nak, chap-failure) 3808 * ict: initialize re-challenge timer (CHAP only) 3809 * 3810 * tlu: this-layer-up, LCP reaches network phase 3811 * tld: this-layer-down, LCP enters terminate phase 3812 * 3813 * Note that in CHAP mode, after sending a new challenge, while the state 3814 * automaton falls back into Req-Sent state, it doesn't signal a tld 3815 * event to LCP, so LCP remains in network phase. Only after not getting 3816 * any response (or after getting an unacceptable response), CHAP closes, 3817 * causing LCP to enter terminate phase. 3818 * 3819 * With PAP, there is no initial request that can be sent. The peer is 3820 * expected to send one based on the successful negotiation of PAP as 3821 * the authentication protocol during the LCP option negotiation. 3822 * 3823 * Incoming authentication protocol requests (remote requests 3824 * authentication, we are peer) don't employ a state machine at all, 3825 * they are simply answered. Some peers [Ascend P50 firmware rev 3826 * 4.50] react allergically when sending IPCP requests while they are 3827 * still in authentication phase (thereby violating the standard that 3828 * demands that these NCP packets are to be discarded), so we keep 3829 * track of the peer demanding us to authenticate, and only proceed to 3830 * phase network once we've seen a positive acknowledge for the 3831 * authentication. 3832 */ 3833 3834/* 3835 * Handle incoming CHAP packets. 3836 */ 3837static void 3838sppp_chap_input(struct sppp *sp, struct mbuf *m) 3839{ 3840 STDDCL; 3841 struct lcp_header *h; 3842 int len, x; 3843 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3844 int value_len, name_len; 3845 MD5_CTX ctx; 3846 3847 len = m->m_pkthdr.len; 3848 if (len < 4) { 3849 if (debug) 3850 log(LOG_DEBUG, 3851 SPP_FMT "chap invalid packet length: %d bytes\n", 3852 SPP_ARGS(ifp), len); 3853 return; 3854 } 3855 h = mtod (m, struct lcp_header*); 3856 if (len > ntohs (h->len)) 3857 len = ntohs (h->len); 3858 3859 switch (h->type) { 3860 /* challenge, failure and success are his authproto */ 3861 case CHAP_CHALLENGE: 3862 value = 1 + (u_char*)(h+1); 3863 value_len = value[-1]; 3864 name = value + value_len; 3865 name_len = len - value_len - 5; 3866 if (name_len < 0) { 3867 if (debug) { 3868 log(LOG_DEBUG, 3869 SPP_FMT "chap corrupted challenge " 3870 "<%s id=0x%x len=%d", 3871 SPP_ARGS(ifp), 3872 sppp_auth_type_name(PPP_CHAP, h->type), 3873 h->ident, ntohs(h->len)); 3874 sppp_print_bytes((u_char*) (h+1), len-4); 3875 log(-1, ">\n"); 3876 } 3877 break; 3878 } 3879 3880 if (debug) { 3881 log(LOG_DEBUG, 3882 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3883 SPP_ARGS(ifp), 3884 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3885 ntohs(h->len)); 3886 sppp_print_string((char*) name, name_len); 3887 log(-1, " value-size=%d value=", value_len); 3888 sppp_print_bytes(value, value_len); 3889 log(-1, ">\n"); 3890 } 3891 3892 /* Compute reply value. */ 3893 MD5Init(&ctx); 3894 MD5Update(&ctx, &h->ident, 1); 3895 MD5Update(&ctx, sp->myauth.secret, 3896 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3897 MD5Update(&ctx, value, value_len); 3898 MD5Final(digest, &ctx); 3899 dsize = sizeof digest; 3900 3901 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3902 sizeof dsize, (const char *)&dsize, 3903 sizeof digest, digest, 3904 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3905 sp->myauth.name, 3906 0); 3907 break; 3908 3909 case CHAP_SUCCESS: 3910 if (debug) { 3911 log(LOG_DEBUG, SPP_FMT "chap success", 3912 SPP_ARGS(ifp)); 3913 if (len > 4) { 3914 log(-1, ": "); 3915 sppp_print_string((char*)(h + 1), len - 4); 3916 } 3917 log(-1, "\n"); 3918 } 3919 x = splimp(); 3920 sp->pp_flags &= ~PP_NEEDAUTH; 3921 if (sp->myauth.proto == PPP_CHAP && 3922 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3923 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3924 /* 3925 * We are authenticator for CHAP but didn't 3926 * complete yet. Leave it to tlu to proceed 3927 * to network phase. 3928 */ 3929 splx(x); 3930 break; 3931 } 3932 splx(x); 3933 sppp_phase_network(sp); 3934 break; 3935 3936 case CHAP_FAILURE: 3937 if (debug) { 3938 log(LOG_INFO, SPP_FMT "chap failure", 3939 SPP_ARGS(ifp)); 3940 if (len > 4) { 3941 log(-1, ": "); 3942 sppp_print_string((char*)(h + 1), len - 4); 3943 } 3944 log(-1, "\n"); 3945 } else 3946 log(LOG_INFO, SPP_FMT "chap failure\n", 3947 SPP_ARGS(ifp)); 3948 /* await LCP shutdown by authenticator */ 3949 break; 3950 3951 /* response is my authproto */ 3952 case CHAP_RESPONSE: 3953 value = 1 + (u_char*)(h+1); 3954 value_len = value[-1]; 3955 name = value + value_len; 3956 name_len = len - value_len - 5; 3957 if (name_len < 0) { 3958 if (debug) { 3959 log(LOG_DEBUG, 3960 SPP_FMT "chap corrupted response " 3961 "<%s id=0x%x len=%d", 3962 SPP_ARGS(ifp), 3963 sppp_auth_type_name(PPP_CHAP, h->type), 3964 h->ident, ntohs(h->len)); 3965 sppp_print_bytes((u_char*)(h+1), len-4); 3966 log(-1, ">\n"); 3967 } 3968 break; 3969 } 3970 if (h->ident != sp->confid[IDX_CHAP]) { 3971 if (debug) 3972 log(LOG_DEBUG, 3973 SPP_FMT "chap dropping response for old ID " 3974 "(got %d, expected %d)\n", 3975 SPP_ARGS(ifp), 3976 h->ident, sp->confid[IDX_CHAP]); 3977 break; 3978 } 3979 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 3980 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3981 log(LOG_INFO, SPP_FMT "chap response, his name ", 3982 SPP_ARGS(ifp)); 3983 sppp_print_string(name, name_len); 3984 log(-1, " != expected "); 3985 sppp_print_string(sp->hisauth.name, 3986 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 3987 log(-1, "\n"); 3988 } 3989 if (debug) { 3990 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3991 "<%s id=0x%x len=%d name=", 3992 SPP_ARGS(ifp), 3993 sppp_state_name(sp->state[IDX_CHAP]), 3994 sppp_auth_type_name(PPP_CHAP, h->type), 3995 h->ident, ntohs (h->len)); 3996 sppp_print_string((char*)name, name_len); 3997 log(-1, " value-size=%d value=", value_len); 3998 sppp_print_bytes(value, value_len); 3999 log(-1, ">\n"); 4000 } 4001 if (value_len != AUTHKEYLEN) { 4002 if (debug) 4003 log(LOG_DEBUG, 4004 SPP_FMT "chap bad hash value length: " 4005 "%d bytes, should be %d\n", 4006 SPP_ARGS(ifp), value_len, 4007 AUTHKEYLEN); 4008 break; 4009 } 4010 4011 MD5Init(&ctx); 4012 MD5Update(&ctx, &h->ident, 1); 4013 MD5Update(&ctx, sp->hisauth.secret, 4014 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 4015 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 4016 MD5Final(digest, &ctx); 4017 4018#define FAILMSG "Failed..." 4019#define SUCCMSG "Welcome!" 4020 4021 if (value_len != sizeof digest || 4022 bcmp(digest, value, value_len) != 0) { 4023 /* action scn, tld */ 4024 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4025 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4026 0); 4027 chap.tld(sp); 4028 break; 4029 } 4030 /* action sca, perhaps tlu */ 4031 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4032 sp->state[IDX_CHAP] == STATE_OPENED) 4033 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4034 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4035 0); 4036 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4037 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4038 chap.tlu(sp); 4039 } 4040 break; 4041 4042 default: 4043 /* Unknown CHAP packet type -- ignore. */ 4044 if (debug) { 4045 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4046 "<0x%x id=0x%xh len=%d", 4047 SPP_ARGS(ifp), 4048 sppp_state_name(sp->state[IDX_CHAP]), 4049 h->type, h->ident, ntohs(h->len)); 4050 sppp_print_bytes((u_char*)(h+1), len-4); 4051 log(-1, ">\n"); 4052 } 4053 break; 4054 4055 } 4056} 4057 4058static void 4059sppp_chap_init(struct sppp *sp) 4060{ 4061 /* Chap doesn't have STATE_INITIAL at all. */ 4062 sp->state[IDX_CHAP] = STATE_CLOSED; 4063 sp->fail_counter[IDX_CHAP] = 0; 4064 sp->pp_seq[IDX_CHAP] = 0; 4065 sp->pp_rseq[IDX_CHAP] = 0; 4066#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4067 callout_handle_init(&sp->ch[IDX_CHAP]); 4068#endif 4069} 4070 4071static void 4072sppp_chap_open(struct sppp *sp) 4073{ 4074 if (sp->myauth.proto == PPP_CHAP && 4075 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4076 /* we are authenticator for CHAP, start it */ 4077 chap.scr(sp); 4078 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4079 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4080 } 4081 /* nothing to be done if we are peer, await a challenge */ 4082} 4083 4084static void 4085sppp_chap_close(struct sppp *sp) 4086{ 4087 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4088 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4089} 4090 4091static void 4092sppp_chap_TO(void *cookie) 4093{ 4094 struct sppp *sp = (struct sppp *)cookie; 4095 STDDCL; 4096 int s; 4097 4098 s = splimp(); 4099 if (debug) 4100 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4101 SPP_ARGS(ifp), 4102 sppp_state_name(sp->state[IDX_CHAP]), 4103 sp->rst_counter[IDX_CHAP]); 4104 4105 if (--sp->rst_counter[IDX_CHAP] < 0) 4106 /* TO- event */ 4107 switch (sp->state[IDX_CHAP]) { 4108 case STATE_REQ_SENT: 4109 chap.tld(sp); 4110 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4111 break; 4112 } 4113 else 4114 /* TO+ (or TO*) event */ 4115 switch (sp->state[IDX_CHAP]) { 4116 case STATE_OPENED: 4117 /* TO* event */ 4118 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4119 /* FALLTHROUGH */ 4120 case STATE_REQ_SENT: 4121 chap.scr(sp); 4122 /* sppp_cp_change_state() will restart the timer */ 4123 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4124 break; 4125 } 4126 4127 splx(s); 4128} 4129 4130static void 4131sppp_chap_tlu(struct sppp *sp) 4132{ 4133 STDDCL; 4134 int i, x; 4135 4136 i = 0; 4137 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4138 4139 /* 4140 * Some broken CHAP implementations (Conware CoNet, firmware 4141 * 4.0.?) don't want to re-authenticate their CHAP once the 4142 * initial challenge-response exchange has taken place. 4143 * Provide for an option to avoid rechallenges. 4144 */ 4145 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4146 /* 4147 * Compute the re-challenge timeout. This will yield 4148 * a number between 300 and 810 seconds. 4149 */ 4150 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4151 TIMEOUT(chap.TO, (void *)sp, i * hz, sp->ch[IDX_CHAP]); 4152 } 4153 4154 if (debug) { 4155 log(LOG_DEBUG, 4156 SPP_FMT "chap %s, ", 4157 SPP_ARGS(ifp), 4158 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4159 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4160 log(-1, "next re-challenge in %d seconds\n", i); 4161 else 4162 log(-1, "re-challenging supressed\n"); 4163 } 4164 4165 x = splimp(); 4166 /* indicate to LCP that we need to be closed down */ 4167 sp->lcp.protos |= (1 << IDX_CHAP); 4168 4169 if (sp->pp_flags & PP_NEEDAUTH) { 4170 /* 4171 * Remote is authenticator, but his auth proto didn't 4172 * complete yet. Defer the transition to network 4173 * phase. 4174 */ 4175 splx(x); 4176 return; 4177 } 4178 splx(x); 4179 4180 /* 4181 * If we are already in phase network, we are done here. This 4182 * is the case if this is a dummy tlu event after a re-challenge. 4183 */ 4184 if (sp->pp_phase != PHASE_NETWORK) 4185 sppp_phase_network(sp); 4186} 4187 4188static void 4189sppp_chap_tld(struct sppp *sp) 4190{ 4191 STDDCL; 4192 4193 if (debug) 4194 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4195 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 4196 sp->lcp.protos &= ~(1 << IDX_CHAP); 4197 4198 lcp.Close(sp); 4199} 4200 4201static void 4202sppp_chap_scr(struct sppp *sp) 4203{ 4204 u_long *ch, seed; 4205 u_char clen; 4206 4207 /* Compute random challenge. */ 4208 ch = (u_long *)sp->myauth.challenge; 4209#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4210 read_random(&seed, sizeof seed); 4211#else 4212 { 4213 struct timeval tv; 4214 microtime(&tv); 4215 seed = tv.tv_sec ^ tv.tv_usec; 4216 } 4217#endif 4218 ch[0] = seed ^ random(); 4219 ch[1] = seed ^ random(); 4220 ch[2] = seed ^ random(); 4221 ch[3] = seed ^ random(); 4222 clen = AUTHKEYLEN; 4223 4224 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4225 4226 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4227 sizeof clen, (const char *)&clen, 4228 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4229 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4230 sp->myauth.name, 4231 0); 4232} 4233 4234/* 4235 *--------------------------------------------------------------------------* 4236 * * 4237 * The PAP implementation. * 4238 * * 4239 *--------------------------------------------------------------------------* 4240 */ 4241/* 4242 * For PAP, we need to keep a little state also if we are the peer, not the 4243 * authenticator. This is since we don't get a request to authenticate, but 4244 * have to repeatedly authenticate ourself until we got a response (or the 4245 * retry counter is expired). 4246 */ 4247 4248/* 4249 * Handle incoming PAP packets. */ 4250static void 4251sppp_pap_input(struct sppp *sp, struct mbuf *m) 4252{ 4253 STDDCL; 4254 struct lcp_header *h; 4255 int len, x; 4256 u_char *name, *passwd, mlen; 4257 int name_len, passwd_len; 4258 4259 len = m->m_pkthdr.len; 4260 if (len < 5) { 4261 if (debug) 4262 log(LOG_DEBUG, 4263 SPP_FMT "pap invalid packet length: %d bytes\n", 4264 SPP_ARGS(ifp), len); 4265 return; 4266 } 4267 h = mtod (m, struct lcp_header*); 4268 if (len > ntohs (h->len)) 4269 len = ntohs (h->len); 4270 switch (h->type) { 4271 /* PAP request is my authproto */ 4272 case PAP_REQ: 4273 name = 1 + (u_char*)(h+1); 4274 name_len = name[-1]; 4275 passwd = name + name_len + 1; 4276 if (name_len > len - 6 || 4277 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4278 if (debug) { 4279 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4280 "<%s id=0x%x len=%d", 4281 SPP_ARGS(ifp), 4282 sppp_auth_type_name(PPP_PAP, h->type), 4283 h->ident, ntohs(h->len)); 4284 sppp_print_bytes((u_char*)(h+1), len-4); 4285 log(-1, ">\n"); 4286 } 4287 break; 4288 } 4289 if (debug) { 4290 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4291 "<%s id=0x%x len=%d name=", 4292 SPP_ARGS(ifp), 4293 sppp_state_name(sp->state[IDX_PAP]), 4294 sppp_auth_type_name(PPP_PAP, h->type), 4295 h->ident, ntohs(h->len)); 4296 sppp_print_string((char*)name, name_len); 4297 log(-1, " passwd="); 4298 sppp_print_string((char*)passwd, passwd_len); 4299 log(-1, ">\n"); 4300 } 4301 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4302 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4303 bcmp(name, sp->hisauth.name, name_len) != 0 || 4304 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4305 /* action scn, tld */ 4306 mlen = sizeof(FAILMSG) - 1; 4307 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4308 sizeof mlen, (const char *)&mlen, 4309 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4310 0); 4311 pap.tld(sp); 4312 break; 4313 } 4314 /* action sca, perhaps tlu */ 4315 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4316 sp->state[IDX_PAP] == STATE_OPENED) { 4317 mlen = sizeof(SUCCMSG) - 1; 4318 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4319 sizeof mlen, (const char *)&mlen, 4320 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4321 0); 4322 } 4323 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4324 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4325 pap.tlu(sp); 4326 } 4327 break; 4328 4329 /* ack and nak are his authproto */ 4330 case PAP_ACK: 4331 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4332 if (debug) { 4333 log(LOG_DEBUG, SPP_FMT "pap success", 4334 SPP_ARGS(ifp)); 4335 name_len = *((char *)h); 4336 if (len > 5 && name_len) { 4337 log(-1, ": "); 4338 sppp_print_string((char*)(h+1), name_len); 4339 } 4340 log(-1, "\n"); 4341 } 4342 x = splimp(); 4343 sp->pp_flags &= ~PP_NEEDAUTH; 4344 if (sp->myauth.proto == PPP_PAP && 4345 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4346 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4347 /* 4348 * We are authenticator for PAP but didn't 4349 * complete yet. Leave it to tlu to proceed 4350 * to network phase. 4351 */ 4352 splx(x); 4353 break; 4354 } 4355 splx(x); 4356 sppp_phase_network(sp); 4357 break; 4358 4359 case PAP_NAK: 4360 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4361 if (debug) { 4362 log(LOG_INFO, SPP_FMT "pap failure", 4363 SPP_ARGS(ifp)); 4364 name_len = *((char *)h); 4365 if (len > 5 && name_len) { 4366 log(-1, ": "); 4367 sppp_print_string((char*)(h+1), name_len); 4368 } 4369 log(-1, "\n"); 4370 } else 4371 log(LOG_INFO, SPP_FMT "pap failure\n", 4372 SPP_ARGS(ifp)); 4373 /* await LCP shutdown by authenticator */ 4374 break; 4375 4376 default: 4377 /* Unknown PAP packet type -- ignore. */ 4378 if (debug) { 4379 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4380 "<0x%x id=0x%x len=%d", 4381 SPP_ARGS(ifp), 4382 h->type, h->ident, ntohs(h->len)); 4383 sppp_print_bytes((u_char*)(h+1), len-4); 4384 log(-1, ">\n"); 4385 } 4386 break; 4387 4388 } 4389} 4390 4391static void 4392sppp_pap_init(struct sppp *sp) 4393{ 4394 /* PAP doesn't have STATE_INITIAL at all. */ 4395 sp->state[IDX_PAP] = STATE_CLOSED; 4396 sp->fail_counter[IDX_PAP] = 0; 4397 sp->pp_seq[IDX_PAP] = 0; 4398 sp->pp_rseq[IDX_PAP] = 0; 4399#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4400 callout_handle_init(&sp->ch[IDX_PAP]); 4401 callout_handle_init(&sp->pap_my_to_ch); 4402#endif 4403} 4404 4405static void 4406sppp_pap_open(struct sppp *sp) 4407{ 4408 if (sp->hisauth.proto == PPP_PAP && 4409 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4410 /* we are authenticator for PAP, start our timer */ 4411 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4412 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4413 } 4414 if (sp->myauth.proto == PPP_PAP) { 4415 /* we are peer, send a request, and start a timer */ 4416 pap.scr(sp); 4417 TIMEOUT(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout, 4418 sp->pap_my_to_ch); 4419 } 4420} 4421 4422static void 4423sppp_pap_close(struct sppp *sp) 4424{ 4425 if (sp->state[IDX_PAP] != STATE_CLOSED) 4426 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4427} 4428 4429/* 4430 * That's the timeout routine if we are authenticator. Since the 4431 * authenticator is basically passive in PAP, we can't do much here. 4432 */ 4433static void 4434sppp_pap_TO(void *cookie) 4435{ 4436 struct sppp *sp = (struct sppp *)cookie; 4437 STDDCL; 4438 int s; 4439 4440 s = splimp(); 4441 if (debug) 4442 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4443 SPP_ARGS(ifp), 4444 sppp_state_name(sp->state[IDX_PAP]), 4445 sp->rst_counter[IDX_PAP]); 4446 4447 if (--sp->rst_counter[IDX_PAP] < 0) 4448 /* TO- event */ 4449 switch (sp->state[IDX_PAP]) { 4450 case STATE_REQ_SENT: 4451 pap.tld(sp); 4452 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4453 break; 4454 } 4455 else 4456 /* TO+ event, not very much we could do */ 4457 switch (sp->state[IDX_PAP]) { 4458 case STATE_REQ_SENT: 4459 /* sppp_cp_change_state() will restart the timer */ 4460 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4461 break; 4462 } 4463 4464 splx(s); 4465} 4466 4467/* 4468 * That's the timeout handler if we are peer. Since the peer is active, 4469 * we need to retransmit our PAP request since it is apparently lost. 4470 * XXX We should impose a max counter. 4471 */ 4472static void 4473sppp_pap_my_TO(void *cookie) 4474{ 4475 struct sppp *sp = (struct sppp *)cookie; 4476 STDDCL; 4477 4478 if (debug) 4479 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4480 SPP_ARGS(ifp)); 4481 4482 pap.scr(sp); 4483} 4484 4485static void 4486sppp_pap_tlu(struct sppp *sp) 4487{ 4488 STDDCL; 4489 int x; 4490 4491 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4492 4493 if (debug) 4494 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4495 SPP_ARGS(ifp), pap.name); 4496 4497 x = splimp(); 4498 /* indicate to LCP that we need to be closed down */ 4499 sp->lcp.protos |= (1 << IDX_PAP); 4500 4501 if (sp->pp_flags & PP_NEEDAUTH) { 4502 /* 4503 * Remote is authenticator, but his auth proto didn't 4504 * complete yet. Defer the transition to network 4505 * phase. 4506 */ 4507 splx(x); 4508 return; 4509 } 4510 splx(x); 4511 sppp_phase_network(sp); 4512} 4513 4514static void 4515sppp_pap_tld(struct sppp *sp) 4516{ 4517 STDDCL; 4518 4519 if (debug) 4520 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4521 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 4522 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4523 sp->lcp.protos &= ~(1 << IDX_PAP); 4524 4525 lcp.Close(sp); 4526} 4527 4528static void 4529sppp_pap_scr(struct sppp *sp) 4530{ 4531 u_char idlen, pwdlen; 4532 4533 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4534 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4535 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4536 4537 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4538 sizeof idlen, (const char *)&idlen, 4539 (size_t)idlen, sp->myauth.name, 4540 sizeof pwdlen, (const char *)&pwdlen, 4541 (size_t)pwdlen, sp->myauth.secret, 4542 0); 4543} 4544 4545/* 4546 * Random miscellaneous functions. 4547 */ 4548 4549/* 4550 * Send a PAP or CHAP proto packet. 4551 * 4552 * Varadic function, each of the elements for the ellipsis is of type 4553 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4554 * mlen == 0. 4555 * NOTE: never declare variadic functions with types subject to type 4556 * promotion (i.e. u_char). This is asking for big trouble depending 4557 * on the architecture you are on... 4558 */ 4559 4560static void 4561sppp_auth_send(const struct cp *cp, struct sppp *sp, 4562 unsigned int type, unsigned int id, 4563 ...) 4564{ 4565 STDDCL; 4566 struct ppp_header *h; 4567 struct lcp_header *lh; 4568 struct mbuf *m; 4569 u_char *p; 4570 int len; 4571 unsigned int mlen; 4572 const char *msg; 4573 va_list ap; 4574 4575 MGETHDR (m, M_DONTWAIT, MT_DATA); 4576 if (! m) 4577 return; 4578 m->m_pkthdr.rcvif = 0; 4579 4580 h = mtod (m, struct ppp_header*); 4581 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4582 h->control = PPP_UI; /* Unnumbered Info */ 4583 h->protocol = htons(cp->proto); 4584 4585 lh = (struct lcp_header*)(h + 1); 4586 lh->type = type; 4587 lh->ident = id; 4588 p = (u_char*) (lh+1); 4589 4590 va_start(ap, id); 4591 len = 0; 4592 4593 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4594 msg = va_arg(ap, const char *); 4595 len += mlen; 4596 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4597 va_end(ap); 4598 m_freem(m); 4599 return; 4600 } 4601 4602 bcopy(msg, p, mlen); 4603 p += mlen; 4604 } 4605 va_end(ap); 4606 4607 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4608 lh->len = htons (LCP_HEADER_LEN + len); 4609 4610 if (debug) { 4611 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4612 SPP_ARGS(ifp), cp->name, 4613 sppp_auth_type_name(cp->proto, lh->type), 4614 lh->ident, ntohs(lh->len)); 4615 sppp_print_bytes((u_char*) (lh+1), len); 4616 log(-1, ">\n"); 4617 } 4618 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 4619 ifp->if_oerrors++; 4620} 4621 4622/* 4623 * Flush interface queue. 4624 */ 4625static void 4626sppp_qflush(struct ifqueue *ifq) 4627{ 4628 struct mbuf *m, *n; 4629 4630 n = ifq->ifq_head; 4631 while ((m = n)) { 4632 n = m->m_act; 4633 m_freem (m); 4634 } 4635 ifq->ifq_head = 0; 4636 ifq->ifq_tail = 0; 4637 ifq->ifq_len = 0; 4638} 4639 4640/* 4641 * Send keepalive packets, every 10 seconds. 4642 */ 4643static void 4644sppp_keepalive(void *dummy) 4645{ 4646 struct sppp *sp; 4647 int s; 4648 4649 s = splimp(); 4650 for (sp=spppq; sp; sp=sp->pp_next) { 4651 struct ifnet *ifp = &sp->pp_if; 4652 4653 /* Keepalive mode disabled or channel down? */ 4654 if (! (sp->pp_flags & PP_KEEPALIVE) || 4655 ! (ifp->if_flags & IFF_RUNNING)) 4656 continue; 4657 4658 /* No keepalive in PPP mode if LCP not opened yet. */ 4659 if (sp->pp_mode != IFF_CISCO && 4660 sp->pp_phase < PHASE_AUTHENTICATE) 4661 continue; 4662 4663 if (sp->pp_alivecnt == MAXALIVECNT) { 4664 /* No keepalive packets got. Stop the interface. */ 4665 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4666 if_down (ifp); 4667 sppp_qflush (&sp->pp_cpq); 4668 if (sp->pp_mode != IFF_CISCO) { 4669 /* XXX */ 4670 /* Shut down the PPP link. */ 4671 lcp.Down(sp); 4672 /* Initiate negotiation. XXX */ 4673 lcp.Up(sp); 4674 } 4675 } 4676 if (sp->pp_alivecnt <= MAXALIVECNT) 4677 ++sp->pp_alivecnt; 4678 if (sp->pp_mode == IFF_CISCO) 4679 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4680 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4681 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4682 long nmagic = htonl (sp->lcp.magic); 4683 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4684 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4685 sp->lcp.echoid, 4, &nmagic); 4686 } 4687 } 4688 splx(s); 4689 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 4690} 4691 4692/* 4693 * Get both IP addresses. 4694 */ 4695static void 4696sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4697{ 4698 struct ifnet *ifp = &sp->pp_if; 4699 struct ifaddr *ifa; 4700 struct sockaddr_in *si, *sm; 4701 u_long ssrc, ddst; 4702 4703 sm = NULL; 4704 ssrc = ddst = 0L; 4705 /* 4706 * Pick the first AF_INET address from the list, 4707 * aliases don't make any sense on a p2p link anyway. 4708 */ 4709 si = 0; 4710#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4711 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4712#elif defined(__NetBSD__) || defined (__OpenBSD__) 4713 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4714 ifa; 4715 ifa = TAILQ_NEXT(ifa, ifa_list)) 4716#else 4717 for (ifa = ifp->if_addrlist; 4718 ifa; 4719 ifa = ifa->ifa_next) 4720#endif 4721 if (ifa->ifa_addr->sa_family == AF_INET) { 4722 si = (struct sockaddr_in *)ifa->ifa_addr; 4723 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4724 if (si) 4725 break; 4726 } 4727 if (ifa) { 4728 if (si && si->sin_addr.s_addr) { 4729 ssrc = si->sin_addr.s_addr; 4730 if (srcmask) 4731 *srcmask = ntohl(sm->sin_addr.s_addr); 4732 } 4733 4734 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4735 if (si && si->sin_addr.s_addr) 4736 ddst = si->sin_addr.s_addr; 4737 } 4738 4739 if (dst) *dst = ntohl(ddst); 4740 if (src) *src = ntohl(ssrc); 4741} 4742 4743/* 4744 * Set my IP address. Must be called at splimp. 4745 */ 4746static void 4747sppp_set_ip_addr(struct sppp *sp, u_long src) 4748{ 4749 STDDCL; 4750 struct ifaddr *ifa; 4751 struct sockaddr_in *si; 4752 struct in_ifaddr *ia; 4753 4754 /* 4755 * Pick the first AF_INET address from the list, 4756 * aliases don't make any sense on a p2p link anyway. 4757 */ 4758 si = 0; 4759#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4760 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4761#elif defined(__NetBSD__) || defined (__OpenBSD__) 4762 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4763 ifa; 4764 ifa = TAILQ_NEXT(ifa, ifa_list)) 4765#else 4766 for (ifa = ifp->if_addrlist; 4767 ifa; 4768 ifa = ifa->ifa_next) 4769#endif 4770 { 4771 if (ifa->ifa_addr->sa_family == AF_INET) 4772 { 4773 si = (struct sockaddr_in *)ifa->ifa_addr; 4774 if (si) 4775 break; 4776 } 4777 } 4778 4779 if (ifa && si) 4780 { 4781 int error; 4782#if __NetBSD_Version__ >= 103080000 4783 struct sockaddr_in new_sin = *si; 4784 4785 new_sin.sin_addr.s_addr = htonl(src); 4786 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4787 if(debug && error) 4788 { 4789 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4790 " failed, error=%d\n", SPP_ARGS(ifp), error); 4791 } 4792#else 4793 /* delete old route */ 4794 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4795 if(debug && error) 4796 { 4797 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4798 SPP_ARGS(ifp), error); 4799 } 4800 4801 /* set new address */ 4802 si->sin_addr.s_addr = htonl(src); 4803 ia = ifatoia(ifa); 4804 LIST_REMOVE(ia, ia_hash); 4805 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4806 4807 /* add new route */ 4808 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4809 if (debug && error) 4810 { 4811 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4812 SPP_ARGS(ifp), error); 4813 } 4814#endif 4815 } 4816} 4817 4818#ifdef INET6 4819/* 4820 * Get both IPv6 addresses. 4821 */ 4822static void 4823sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4824 struct in6_addr *srcmask) 4825{ 4826 struct ifnet *ifp = &sp->pp_if; 4827 struct ifaddr *ifa; 4828 struct sockaddr_in6 *si, *sm; 4829 struct in6_addr ssrc, ddst; 4830 4831 sm = NULL; 4832 bzero(&ssrc, sizeof(ssrc)); 4833 bzero(&ddst, sizeof(ddst)); 4834 /* 4835 * Pick the first link-local AF_INET6 address from the list, 4836 * aliases don't make any sense on a p2p link anyway. 4837 */ 4838#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4839 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 4840 ifa; 4841 ifa = ifa->ifa_link.tqe_next) 4842#elif defined(__NetBSD__) || defined (__OpenBSD__) 4843 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 4844 ifa; 4845 ifa = ifa->ifa_list.tqe_next) 4846#else 4847 for (ifa = ifp->if_addrlist, si = 0; 4848 ifa; 4849 ifa = ifa->ifa_next) 4850#endif 4851 if (ifa->ifa_addr->sa_family == AF_INET6) { 4852 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4853 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4854 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4855 break; 4856 } 4857 if (ifa) { 4858 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4859 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4860 if (srcmask) { 4861 bcopy(&sm->sin6_addr, srcmask, 4862 sizeof(*srcmask)); 4863 } 4864 } 4865 4866 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4867 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4868 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4869 } 4870 4871 if (dst) 4872 bcopy(&ddst, dst, sizeof(*dst)); 4873 if (src) 4874 bcopy(&ssrc, src, sizeof(*src)); 4875} 4876 4877#ifdef IPV6CP_MYIFID_DYN 4878/* 4879 * Generate random ifid. 4880 */ 4881static void 4882sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4883{ 4884 /* TBD */ 4885} 4886 4887/* 4888 * Set my IPv6 address. Must be called at splimp. 4889 */ 4890static void 4891sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4892{ 4893 STDDCL; 4894 struct ifaddr *ifa; 4895 struct sockaddr_in6 *sin6; 4896 4897 /* 4898 * Pick the first link-local AF_INET6 address from the list, 4899 * aliases don't make any sense on a p2p link anyway. 4900 */ 4901 4902 sin6 = NULL; 4903#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4904 for (ifa = ifp->if_addrhead.tqh_first; 4905 ifa; 4906 ifa = ifa->ifa_link.tqe_next) 4907#elif defined(__NetBSD__) || defined (__OpenBSD__) 4908 for (ifa = ifp->if_addrlist.tqh_first; 4909 ifa; 4910 ifa = ifa->ifa_list.tqe_next) 4911#else 4912 for (ifa = ifp->if_addrlist; ifa; ifa = ifa->ifa_next) 4913#endif 4914 { 4915 if (ifa->ifa_addr->sa_family == AF_INET6) 4916 { 4917 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 4918 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 4919 break; 4920 } 4921 } 4922 4923 if (ifa && sin6) 4924 { 4925 int error; 4926 struct sockaddr_in6 new_sin6 = *sin6; 4927 4928 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 4929 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 4930 if (debug && error) 4931 { 4932 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 4933 " failed, error=%d\n", SPP_ARGS(ifp), error); 4934 } 4935 } 4936} 4937#endif 4938 4939/* 4940 * Suggest a candidate address to be used by peer. 4941 */ 4942static void 4943sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4944{ 4945 struct in6_addr myaddr; 4946 struct timeval tv; 4947 4948 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4949 4950 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4951 microtime(&tv); 4952 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 4953 myaddr.s6_addr[14] ^= 0xff; 4954 myaddr.s6_addr[15] ^= 0xff; 4955 } else { 4956 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 4957 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 4958 } 4959 if (suggest) 4960 bcopy(&myaddr, suggest, sizeof(myaddr)); 4961} 4962#endif /*INET6*/ 4963 4964static int 4965sppp_params(struct sppp *sp, u_long cmd, void *data) 4966{ 4967 u_long subcmd; 4968 struct ifreq *ifr = (struct ifreq *)data; 4969 struct spppreq *spr; 4970 int rv = 0; 4971 4972 if ((spr = malloc(sizeof(struct spppreq), M_TEMP, M_NOWAIT)) == 0) 4973 return (EAGAIN); 4974 /* 4975 * ifr->ifr_data is supposed to point to a struct spppreq. 4976 * Check the cmd word first before attempting to fetch all the 4977 * data. 4978 */ 4979 if ((subcmd = fuword(ifr->ifr_data)) == -1) { 4980 rv = EFAULT; 4981 goto quit; 4982 } 4983 4984 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(struct spppreq)) != 0) { 4985 rv = EFAULT; 4986 goto quit; 4987 } 4988 4989 switch (subcmd) { 4990 case (int)SPPPIOGDEFS: 4991 if (cmd != SIOCGIFGENERIC) { 4992 rv = EINVAL; 4993 break; 4994 } 4995 /* 4996 * We copy over the entire current state, but clean 4997 * out some of the stuff we don't wanna pass up. 4998 * Remember, SIOCGIFGENERIC is unprotected, and can be 4999 * called by any user. No need to ever get PAP or 5000 * CHAP secrets back to userland anyway. 5001 */ 5002 spr->defs.pp_phase = sp->pp_phase; 5003 spr->defs.enable_vj = (sp->confflags & CONF_ENABLE_VJ) != 0; 5004 spr->defs.enable_ipv6 = (sp->confflags & CONF_ENABLE_IPV6) != 0; 5005 spr->defs.lcp = sp->lcp; 5006 spr->defs.ipcp = sp->ipcp; 5007 spr->defs.ipv6cp = sp->ipv6cp; 5008 spr->defs.myauth = sp->myauth; 5009 spr->defs.hisauth = sp->hisauth; 5010 bzero(spr->defs.myauth.secret, AUTHKEYLEN); 5011 bzero(spr->defs.myauth.challenge, AUTHKEYLEN); 5012 bzero(spr->defs.hisauth.secret, AUTHKEYLEN); 5013 bzero(spr->defs.hisauth.challenge, AUTHKEYLEN); 5014 /* 5015 * Fixup the LCP timeout value to milliseconds so 5016 * spppcontrol doesn't need to bother about the value 5017 * of "hz". We do the reverse calculation below when 5018 * setting it. 5019 */ 5020 spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz; 5021 rv = copyout(spr, (caddr_t)ifr->ifr_data, 5022 sizeof(struct spppreq)); 5023 break; 5024 5025 case (int)SPPPIOSDEFS: 5026 if (cmd != SIOCSIFGENERIC) { 5027 rv = EINVAL; 5028 break; 5029 } 5030 /* 5031 * We have a very specific idea of which fields we 5032 * allow being passed back from userland, so to not 5033 * clobber our current state. For one, we only allow 5034 * setting anything if LCP is in dead or establish 5035 * phase. Once the authentication negotiations 5036 * started, the authentication settings must not be 5037 * changed again. (The administrator can force an 5038 * ifconfig down in order to get LCP back into dead 5039 * phase.) 5040 * 5041 * Also, we only allow for authentication parameters to be 5042 * specified. 5043 * 5044 * XXX Should allow to set or clear pp_flags. 5045 * 5046 * Finally, if the respective authentication protocol to 5047 * be used is set differently than 0, but the secret is 5048 * passed as all zeros, we don't trash the existing secret. 5049 * This allows an administrator to change the system name 5050 * only without clobbering the secret (which he didn't get 5051 * back in a previous SPPPIOGDEFS call). However, the 5052 * secrets are cleared if the authentication protocol is 5053 * reset to 0. */ 5054 if (sp->pp_phase != PHASE_DEAD && 5055 sp->pp_phase != PHASE_ESTABLISH) { 5056 rv = EBUSY; 5057 break; 5058 } 5059 5060 if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP && 5061 spr->defs.myauth.proto != PPP_CHAP) || 5062 (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP && 5063 spr->defs.hisauth.proto != PPP_CHAP)) { 5064 rv = EINVAL; 5065 break; 5066 } 5067 5068 if (spr->defs.myauth.proto == 0) 5069 /* resetting myauth */ 5070 bzero(&sp->myauth, sizeof sp->myauth); 5071 else { 5072 /* setting/changing myauth */ 5073 sp->myauth.proto = spr->defs.myauth.proto; 5074 bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 5075 if (spr->defs.myauth.secret[0] != '\0') 5076 bcopy(spr->defs.myauth.secret, sp->myauth.secret, 5077 AUTHKEYLEN); 5078 } 5079 if (spr->defs.hisauth.proto == 0) 5080 /* resetting hisauth */ 5081 bzero(&sp->hisauth, sizeof sp->hisauth); 5082 else { 5083 /* setting/changing hisauth */ 5084 sp->hisauth.proto = spr->defs.hisauth.proto; 5085 sp->hisauth.flags = spr->defs.hisauth.flags; 5086 bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5087 if (spr->defs.hisauth.secret[0] != '\0') 5088 bcopy(spr->defs.hisauth.secret, sp->hisauth.secret, 5089 AUTHKEYLEN); 5090 } 5091 /* set LCP restart timer timeout */ 5092 if (spr->defs.lcp.timeout != 0) 5093 sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000; 5094 /* set VJ enable and IPv6 disable flags */ 5095#ifdef INET 5096 if (spr->defs.enable_vj) 5097 sp->confflags |= CONF_ENABLE_VJ; 5098 else 5099 sp->confflags &= ~CONF_ENABLE_VJ; 5100#endif 5101#ifdef INET6 5102 if (spr->defs.enable_ipv6) 5103 sp->confflags |= CONF_ENABLE_IPV6; 5104 else 5105 sp->confflags &= ~CONF_ENABLE_IPV6; 5106#endif 5107 break; 5108 5109 default: 5110 rv = EINVAL; 5111 } 5112 5113 quit: 5114 free(spr, M_TEMP); 5115 5116 return (rv); 5117} 5118 5119static void 5120sppp_phase_network(struct sppp *sp) 5121{ 5122 STDDCL; 5123 int i; 5124 u_long mask; 5125 5126 sp->pp_phase = PHASE_NETWORK; 5127 5128 if (debug) 5129 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5130 sppp_phase_name(sp->pp_phase)); 5131 5132 /* Notify NCPs now. */ 5133 for (i = 0; i < IDX_COUNT; i++) 5134 if ((cps[i])->flags & CP_NCP) 5135 (cps[i])->Open(sp); 5136 5137 /* Send Up events to all NCPs. */ 5138 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5139 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5140 (cps[i])->Up(sp); 5141 5142 /* if no NCP is starting, all this was in vain, close down */ 5143 sppp_lcp_check_and_close(sp); 5144} 5145 5146 5147static const char * 5148sppp_cp_type_name(u_char type) 5149{ 5150 static char buf[12]; 5151 switch (type) { 5152 case CONF_REQ: return "conf-req"; 5153 case CONF_ACK: return "conf-ack"; 5154 case CONF_NAK: return "conf-nak"; 5155 case CONF_REJ: return "conf-rej"; 5156 case TERM_REQ: return "term-req"; 5157 case TERM_ACK: return "term-ack"; 5158 case CODE_REJ: return "code-rej"; 5159 case PROTO_REJ: return "proto-rej"; 5160 case ECHO_REQ: return "echo-req"; 5161 case ECHO_REPLY: return "echo-reply"; 5162 case DISC_REQ: return "discard-req"; 5163 } 5164 snprintf (buf, sizeof(buf), "cp/0x%x", type); 5165 return buf; 5166} 5167 5168static const char * 5169sppp_auth_type_name(u_short proto, u_char type) 5170{ 5171 static char buf[12]; 5172 switch (proto) { 5173 case PPP_CHAP: 5174 switch (type) { 5175 case CHAP_CHALLENGE: return "challenge"; 5176 case CHAP_RESPONSE: return "response"; 5177 case CHAP_SUCCESS: return "success"; 5178 case CHAP_FAILURE: return "failure"; 5179 } 5180 case PPP_PAP: 5181 switch (type) { 5182 case PAP_REQ: return "req"; 5183 case PAP_ACK: return "ack"; 5184 case PAP_NAK: return "nak"; 5185 } 5186 } 5187 snprintf (buf, sizeof(buf), "auth/0x%x", type); 5188 return buf; 5189} 5190 5191static const char * 5192sppp_lcp_opt_name(u_char opt) 5193{ 5194 static char buf[12]; 5195 switch (opt) { 5196 case LCP_OPT_MRU: return "mru"; 5197 case LCP_OPT_ASYNC_MAP: return "async-map"; 5198 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5199 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5200 case LCP_OPT_MAGIC: return "magic"; 5201 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5202 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5203 } 5204 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 5205 return buf; 5206} 5207 5208static const char * 5209sppp_ipcp_opt_name(u_char opt) 5210{ 5211 static char buf[12]; 5212 switch (opt) { 5213 case IPCP_OPT_ADDRESSES: return "addresses"; 5214 case IPCP_OPT_COMPRESSION: return "compression"; 5215 case IPCP_OPT_ADDRESS: return "address"; 5216 } 5217 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 5218 return buf; 5219} 5220 5221#ifdef INET6 5222static const char * 5223sppp_ipv6cp_opt_name(u_char opt) 5224{ 5225 static char buf[12]; 5226 switch (opt) { 5227 case IPV6CP_OPT_IFID: return "ifid"; 5228 case IPV6CP_OPT_COMPRESSION: return "compression"; 5229 } 5230 sprintf (buf, "0x%x", opt); 5231 return buf; 5232} 5233#endif 5234 5235static const char * 5236sppp_state_name(int state) 5237{ 5238 switch (state) { 5239 case STATE_INITIAL: return "initial"; 5240 case STATE_STARTING: return "starting"; 5241 case STATE_CLOSED: return "closed"; 5242 case STATE_STOPPED: return "stopped"; 5243 case STATE_CLOSING: return "closing"; 5244 case STATE_STOPPING: return "stopping"; 5245 case STATE_REQ_SENT: return "req-sent"; 5246 case STATE_ACK_RCVD: return "ack-rcvd"; 5247 case STATE_ACK_SENT: return "ack-sent"; 5248 case STATE_OPENED: return "opened"; 5249 } 5250 return "illegal"; 5251} 5252 5253static const char * 5254sppp_phase_name(enum ppp_phase phase) 5255{ 5256 switch (phase) { 5257 case PHASE_DEAD: return "dead"; 5258 case PHASE_ESTABLISH: return "establish"; 5259 case PHASE_TERMINATE: return "terminate"; 5260 case PHASE_AUTHENTICATE: return "authenticate"; 5261 case PHASE_NETWORK: return "network"; 5262 } 5263 return "illegal"; 5264} 5265 5266static const char * 5267sppp_proto_name(u_short proto) 5268{ 5269 static char buf[12]; 5270 switch (proto) { 5271 case PPP_LCP: return "lcp"; 5272 case PPP_IPCP: return "ipcp"; 5273 case PPP_PAP: return "pap"; 5274 case PPP_CHAP: return "chap"; 5275 case PPP_IPV6CP: return "ipv6cp"; 5276 } 5277 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5278 return buf; 5279} 5280 5281static void 5282sppp_print_bytes(const u_char *p, u_short len) 5283{ 5284 if (len) 5285 log(-1, " %*D", len, p, "-"); 5286} 5287 5288static void 5289sppp_print_string(const char *p, u_short len) 5290{ 5291 u_char c; 5292 5293 while (len-- > 0) { 5294 c = *p++; 5295 /* 5296 * Print only ASCII chars directly. RFC 1994 recommends 5297 * using only them, but we don't rely on it. */ 5298 if (c < ' ' || c > '~') 5299 log(-1, "\\x%x", c); 5300 else 5301 log(-1, "%c", c); 5302 } 5303} 5304 5305static const char * 5306sppp_dotted_quad(u_long addr) 5307{ 5308 static char s[16]; 5309 sprintf(s, "%d.%d.%d.%d", 5310 (int)((addr >> 24) & 0xff), 5311 (int)((addr >> 16) & 0xff), 5312 (int)((addr >> 8) & 0xff), 5313 (int)(addr & 0xff)); 5314 return s; 5315} 5316 5317static int 5318sppp_strnlen(u_char *p, int max) 5319{ 5320 int len; 5321 5322 for (len = 0; len < max && *p; ++p) 5323 ++len; 5324 return len; 5325} 5326 5327/* a dummy, used to drop uninteresting events */ 5328static void 5329sppp_null(struct sppp *unused) 5330{ 5331 /* do just nothing */ 5332} 5333