if_spppsubr.c revision 138855
1/* 2 * Synchronous PPP/Cisco link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 * 5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6 * Author: Serge Vakulenko, <vak@cronyx.ru> 7 * 8 * Heavily revamped to conform to RFC 1661. 9 * Copyright (C) 1997, 2001 Joerg Wunsch. 10 * 11 * This software is distributed with NO WARRANTIES, not even the implied 12 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13 * 14 * Authors grant any other persons or organisations permission to use 15 * or modify this software as long as this message is kept with the software, 16 * all derivative works or modified versions. 17 * 18 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 19 * 20 * $FreeBSD: head/sys/net/if_spppsubr.c 138855 2004-12-14 18:18:54Z rik $ 21 */ 22 23#include <sys/param.h> 24 25#if defined(__FreeBSD__) && __FreeBSD__ >= 3 26#include "opt_inet.h" 27#include "opt_inet6.h" 28#include "opt_ipx.h" 29#endif 30 31#ifdef NetBSD1_3 32# if NetBSD1_3 > 6 33# include "opt_inet.h" 34# include "opt_inet6.h" 35# include "opt_iso.h" 36# endif 37#endif 38 39#include <sys/systm.h> 40#include <sys/kernel.h> 41#include <sys/module.h> 42#include <sys/sockio.h> 43#include <sys/socket.h> 44#include <sys/syslog.h> 45#if defined(__FreeBSD__) && __FreeBSD__ >= 3 46#include <sys/random.h> 47#endif 48#include <sys/malloc.h> 49#include <sys/mbuf.h> 50 51#if defined (__OpenBSD__) 52#include <sys/md5k.h> 53#else 54#include <sys/md5.h> 55#endif 56 57#include <net/if.h> 58#include <net/netisr.h> 59#include <net/if_types.h> 60#include <net/route.h> 61#include <netinet/in.h> 62#include <netinet/in_systm.h> 63#include <netinet/ip.h> 64#include <net/slcompress.h> 65 66#if defined (__NetBSD__) || defined (__OpenBSD__) 67#include <machine/cpu.h> /* XXX for softnet */ 68#endif 69 70#include <machine/stdarg.h> 71 72#include <netinet/in_var.h> 73 74#ifdef INET 75#include <netinet/ip.h> 76#include <netinet/tcp.h> 77#endif 78 79#if defined (__FreeBSD__) || defined (__OpenBSD__) 80# include <netinet/if_ether.h> 81#else 82# include <net/ethertypes.h> 83#endif 84 85#ifdef IPX 86#include <netipx/ipx.h> 87#include <netipx/ipx_if.h> 88#endif 89 90#include <net/if_sppp.h> 91 92#if defined(__FreeBSD__) && __FreeBSD__ >= 3 93# define IOCTL_CMD_T u_long 94#else 95# define IOCTL_CMD_T int 96#endif 97 98#define MAXALIVECNT 3 /* max. alive packets */ 99 100/* 101 * Interface flags that can be set in an ifconfig command. 102 * 103 * Setting link0 will make the link passive, i.e. it will be marked 104 * as being administrative openable, but won't be opened to begin 105 * with. Incoming calls will be answered, or subsequent calls with 106 * -link1 will cause the administrative open of the LCP layer. 107 * 108 * Setting link1 will cause the link to auto-dial only as packets 109 * arrive to be sent. 110 * 111 * Setting IFF_DEBUG will syslog the option negotiation and state 112 * transitions at level kern.debug. Note: all logs consistently look 113 * like 114 * 115 * <if-name><unit>: <proto-name> <additional info...> 116 * 117 * with <if-name><unit> being something like "bppp0", and <proto-name> 118 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 119 */ 120 121#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 122#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 123#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 124 125#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 126#define PPP_UI 0x03 /* Unnumbered Information */ 127#define PPP_IP 0x0021 /* Internet Protocol */ 128#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 129#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 130#define PPP_IPX 0x002b /* Novell IPX Protocol */ 131#define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */ 132#define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */ 133#define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 134#define PPP_LCP 0xc021 /* Link Control Protocol */ 135#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 136#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 137#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 138#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 139 140#define CONF_REQ 1 /* PPP configure request */ 141#define CONF_ACK 2 /* PPP configure acknowledge */ 142#define CONF_NAK 3 /* PPP configure negative ack */ 143#define CONF_REJ 4 /* PPP configure reject */ 144#define TERM_REQ 5 /* PPP terminate request */ 145#define TERM_ACK 6 /* PPP terminate acknowledge */ 146#define CODE_REJ 7 /* PPP code reject */ 147#define PROTO_REJ 8 /* PPP protocol reject */ 148#define ECHO_REQ 9 /* PPP echo request */ 149#define ECHO_REPLY 10 /* PPP echo reply */ 150#define DISC_REQ 11 /* PPP discard request */ 151 152#define LCP_OPT_MRU 1 /* maximum receive unit */ 153#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 154#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 155#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 156#define LCP_OPT_MAGIC 5 /* magic number */ 157#define LCP_OPT_RESERVED 6 /* reserved */ 158#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 159#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 160 161#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 162#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 163#define IPCP_OPT_ADDRESS 3 /* local IP address */ 164 165#define IPV6CP_OPT_IFID 1 /* interface identifier */ 166#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 167 168#define IPCP_COMP_VJ 0x2d /* Code for VJ compression */ 169 170#define PAP_REQ 1 /* PAP name/password request */ 171#define PAP_ACK 2 /* PAP acknowledge */ 172#define PAP_NAK 3 /* PAP fail */ 173 174#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 175#define CHAP_RESPONSE 2 /* CHAP challenge response */ 176#define CHAP_SUCCESS 3 /* CHAP response ok */ 177#define CHAP_FAILURE 4 /* CHAP response failed */ 178 179#define CHAP_MD5 5 /* hash algorithm - MD5 */ 180 181#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 182#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 183#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 184#define CISCO_ADDR_REQ 0 /* Cisco address request */ 185#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 186#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 187 188/* states are named and numbered according to RFC 1661 */ 189#define STATE_INITIAL 0 190#define STATE_STARTING 1 191#define STATE_CLOSED 2 192#define STATE_STOPPED 3 193#define STATE_CLOSING 4 194#define STATE_STOPPING 5 195#define STATE_REQ_SENT 6 196#define STATE_ACK_RCVD 7 197#define STATE_ACK_SENT 8 198#define STATE_OPENED 9 199 200struct ppp_header { 201 u_char address; 202 u_char control; 203 u_short protocol; 204} __packed; 205#define PPP_HEADER_LEN sizeof (struct ppp_header) 206 207struct lcp_header { 208 u_char type; 209 u_char ident; 210 u_short len; 211} __packed; 212#define LCP_HEADER_LEN sizeof (struct lcp_header) 213 214struct cisco_packet { 215 u_long type; 216 u_long par1; 217 u_long par2; 218 u_short rel; 219 u_short time0; 220 u_short time1; 221} __packed; 222#define CISCO_PACKET_LEN sizeof (struct cisco_packet) 223 224/* 225 * We follow the spelling and capitalization of RFC 1661 here, to make 226 * it easier comparing with the standard. Please refer to this RFC in 227 * case you can't make sense out of these abbreviation; it will also 228 * explain the semantics related to the various events and actions. 229 */ 230struct cp { 231 u_short proto; /* PPP control protocol number */ 232 u_char protoidx; /* index into state table in struct sppp */ 233 u_char flags; 234#define CP_LCP 0x01 /* this is the LCP */ 235#define CP_AUTH 0x02 /* this is an authentication protocol */ 236#define CP_NCP 0x04 /* this is a NCP */ 237#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 238 const char *name; /* name of this control protocol */ 239 /* event handlers */ 240 void (*Up)(struct sppp *sp); 241 void (*Down)(struct sppp *sp); 242 void (*Open)(struct sppp *sp); 243 void (*Close)(struct sppp *sp); 244 void (*TO)(void *sp); 245 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 246 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 247 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 248 /* actions */ 249 void (*tlu)(struct sppp *sp); 250 void (*tld)(struct sppp *sp); 251 void (*tls)(struct sppp *sp); 252 void (*tlf)(struct sppp *sp); 253 void (*scr)(struct sppp *sp); 254}; 255 256#if defined(__FreeBSD__) && __FreeBSD__ >= 3 && __FreeBSD_version < 501113 257#define SPP_FMT "%s%d: " 258#define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 259#else 260#define SPP_FMT "%s: " 261#define SPP_ARGS(ifp) (ifp)->if_xname 262#endif 263 264#define SPPP_LOCK(sp) \ 265 do { \ 266 if (!((sp)->pp_if.if_flags & IFF_NEEDSGIANT)) \ 267 mtx_lock (&(sp)->mtx); \ 268 } while (0) 269#define SPPP_UNLOCK(sp) \ 270 do { \ 271 if (!((sp)->pp_if.if_flags & IFF_NEEDSGIANT)) \ 272 mtx_unlock (&(sp)->mtx); \ 273 } while (0) 274 275#define SPPP_LOCK_ASSERT(sp) \ 276 do { \ 277 if (!((sp)->pp_if.if_flags & IFF_NEEDSGIANT)) \ 278 mtx_assert (&(sp)->mtx, MA_OWNED); \ 279 } while (0) 280#define SPPP_LOCK_OWNED(sp) \ 281 (!((sp)->pp_if.if_flags & IFF_NEEDSGIANT) && \ 282 mtx_owned (&sp->mtx)) 283 284#ifdef INET 285/* 286 * The following disgusting hack gets around the problem that IP TOS 287 * can't be set yet. We want to put "interactive" traffic on a high 288 * priority queue. To decide if traffic is interactive, we check that 289 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 290 * 291 * XXX is this really still necessary? - joerg - 292 */ 293static const u_short interactive_ports[8] = { 294 0, 513, 0, 0, 295 0, 21, 0, 23, 296}; 297#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 298#endif 299 300/* almost every function needs these */ 301#define STDDCL \ 302 struct ifnet *ifp = &sp->pp_if; \ 303 int debug = ifp->if_flags & IFF_DEBUG 304 305static int sppp_output(struct ifnet *ifp, struct mbuf *m, 306 struct sockaddr *dst, struct rtentry *rt); 307 308static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 309static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 310 311static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 312 struct mbuf *m); 313static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 314 u_char ident, u_short len, void *data); 315/* static void sppp_cp_timeout(void *arg); */ 316static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 317 int newstate); 318static void sppp_auth_send(const struct cp *cp, 319 struct sppp *sp, unsigned int type, unsigned int id, 320 ...); 321 322static void sppp_up_event(const struct cp *cp, struct sppp *sp); 323static void sppp_down_event(const struct cp *cp, struct sppp *sp); 324static void sppp_open_event(const struct cp *cp, struct sppp *sp); 325static void sppp_close_event(const struct cp *cp, struct sppp *sp); 326static void sppp_to_event(const struct cp *cp, struct sppp *sp); 327 328static void sppp_null(struct sppp *sp); 329 330static void sppp_pp_up(struct sppp *sp); 331static void sppp_pp_down(struct sppp *sp); 332 333static void sppp_lcp_init(struct sppp *sp); 334static void sppp_lcp_up(struct sppp *sp); 335static void sppp_lcp_down(struct sppp *sp); 336static void sppp_lcp_open(struct sppp *sp); 337static void sppp_lcp_close(struct sppp *sp); 338static void sppp_lcp_TO(void *sp); 339static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 340static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 341static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 342static void sppp_lcp_tlu(struct sppp *sp); 343static void sppp_lcp_tld(struct sppp *sp); 344static void sppp_lcp_tls(struct sppp *sp); 345static void sppp_lcp_tlf(struct sppp *sp); 346static void sppp_lcp_scr(struct sppp *sp); 347static void sppp_lcp_check_and_close(struct sppp *sp); 348static int sppp_ncp_check(struct sppp *sp); 349 350static void sppp_ipcp_init(struct sppp *sp); 351static void sppp_ipcp_up(struct sppp *sp); 352static void sppp_ipcp_down(struct sppp *sp); 353static void sppp_ipcp_open(struct sppp *sp); 354static void sppp_ipcp_close(struct sppp *sp); 355static void sppp_ipcp_TO(void *sp); 356static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 357static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 358static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 359static void sppp_ipcp_tlu(struct sppp *sp); 360static void sppp_ipcp_tld(struct sppp *sp); 361static void sppp_ipcp_tls(struct sppp *sp); 362static void sppp_ipcp_tlf(struct sppp *sp); 363static void sppp_ipcp_scr(struct sppp *sp); 364 365static void sppp_ipv6cp_init(struct sppp *sp); 366static void sppp_ipv6cp_up(struct sppp *sp); 367static void sppp_ipv6cp_down(struct sppp *sp); 368static void sppp_ipv6cp_open(struct sppp *sp); 369static void sppp_ipv6cp_close(struct sppp *sp); 370static void sppp_ipv6cp_TO(void *sp); 371static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 372static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 373static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 374static void sppp_ipv6cp_tlu(struct sppp *sp); 375static void sppp_ipv6cp_tld(struct sppp *sp); 376static void sppp_ipv6cp_tls(struct sppp *sp); 377static void sppp_ipv6cp_tlf(struct sppp *sp); 378static void sppp_ipv6cp_scr(struct sppp *sp); 379 380static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 381static void sppp_pap_init(struct sppp *sp); 382static void sppp_pap_open(struct sppp *sp); 383static void sppp_pap_close(struct sppp *sp); 384static void sppp_pap_TO(void *sp); 385static void sppp_pap_my_TO(void *sp); 386static void sppp_pap_tlu(struct sppp *sp); 387static void sppp_pap_tld(struct sppp *sp); 388static void sppp_pap_scr(struct sppp *sp); 389 390static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 391static void sppp_chap_init(struct sppp *sp); 392static void sppp_chap_open(struct sppp *sp); 393static void sppp_chap_close(struct sppp *sp); 394static void sppp_chap_TO(void *sp); 395static void sppp_chap_tlu(struct sppp *sp); 396static void sppp_chap_tld(struct sppp *sp); 397static void sppp_chap_scr(struct sppp *sp); 398 399static const char *sppp_auth_type_name(u_short proto, u_char type); 400static const char *sppp_cp_type_name(u_char type); 401static const char *sppp_dotted_quad(u_long addr); 402static const char *sppp_ipcp_opt_name(u_char opt); 403#ifdef INET6 404static const char *sppp_ipv6cp_opt_name(u_char opt); 405#endif 406static const char *sppp_lcp_opt_name(u_char opt); 407static const char *sppp_phase_name(enum ppp_phase phase); 408static const char *sppp_proto_name(u_short proto); 409static const char *sppp_state_name(int state); 410static int sppp_params(struct sppp *sp, u_long cmd, void *data); 411static int sppp_strnlen(u_char *p, int max); 412static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 413 u_long *srcmask); 414static void sppp_keepalive(void *dummy); 415static void sppp_phase_network(struct sppp *sp); 416static void sppp_print_bytes(const u_char *p, u_short len); 417static void sppp_print_string(const char *p, u_short len); 418static void sppp_qflush(struct ifqueue *ifq); 419static void sppp_set_ip_addr(struct sppp *sp, u_long src); 420#ifdef INET6 421static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 422 struct in6_addr *dst, struct in6_addr *srcmask); 423#ifdef IPV6CP_MYIFID_DYN 424static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 425static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 426#endif 427static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 428#endif 429 430/* if_start () wrapper */ 431static void sppp_ifstart (struct ifnet *ifp); 432 433/* our control protocol descriptors */ 434static const struct cp lcp = { 435 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 436 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 437 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 438 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 439 sppp_lcp_scr 440}; 441 442static const struct cp ipcp = { 443 PPP_IPCP, IDX_IPCP, 444#ifdef INET /* don't run IPCP if there's no IPv4 support */ 445 CP_NCP, 446#else 447 0, 448#endif 449 "ipcp", 450 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 451 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 452 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 453 sppp_ipcp_scr 454}; 455 456static const struct cp ipv6cp = { 457 PPP_IPV6CP, IDX_IPV6CP, 458#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 459 CP_NCP, 460#else 461 0, 462#endif 463 "ipv6cp", 464 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 465 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 466 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 467 sppp_ipv6cp_scr 468}; 469 470static const struct cp pap = { 471 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 472 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 473 sppp_pap_TO, 0, 0, 0, 474 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 475 sppp_pap_scr 476}; 477 478static const struct cp chap = { 479 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 480 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 481 sppp_chap_TO, 0, 0, 0, 482 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 483 sppp_chap_scr 484}; 485 486static const struct cp *cps[IDX_COUNT] = { 487 &lcp, /* IDX_LCP */ 488 &ipcp, /* IDX_IPCP */ 489 &ipv6cp, /* IDX_IPV6CP */ 490 &pap, /* IDX_PAP */ 491 &chap, /* IDX_CHAP */ 492}; 493 494static int 495sppp_modevent(module_t mod, int type, void *unused) 496{ 497 switch (type) { 498 case MOD_LOAD: 499 break; 500 case MOD_UNLOAD: 501 return EACCES; 502 default: 503 return EOPNOTSUPP; 504 } 505 return 0; 506} 507static moduledata_t spppmod = { 508 "sppp", 509 sppp_modevent, 510 0 511}; 512MODULE_VERSION(sppp, 1); 513DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 514 515/* 516 * Exported functions, comprising our interface to the lower layer. 517 */ 518 519/* 520 * Process the received packet. 521 */ 522void 523sppp_input(struct ifnet *ifp, struct mbuf *m) 524{ 525 struct ppp_header *h; 526 int isr = -1; 527 struct sppp *sp = (struct sppp *)ifp; 528 u_char *iphdr; 529 int hlen, vjlen, do_account = 0; 530 int debug; 531 532 SPPP_LOCK(sp); 533 debug = ifp->if_flags & IFF_DEBUG; 534 535 if (ifp->if_flags & IFF_UP) 536 /* Count received bytes, add FCS and one flag */ 537 ifp->if_ibytes += m->m_pkthdr.len + 3; 538 539 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 540 /* Too small packet, drop it. */ 541 if (debug) 542 log(LOG_DEBUG, 543 SPP_FMT "input packet is too small, %d bytes\n", 544 SPP_ARGS(ifp), m->m_pkthdr.len); 545 drop: 546 m_freem (m); 547 SPPP_UNLOCK(sp); 548 drop2: 549 ++ifp->if_ierrors; 550 ++ifp->if_iqdrops; 551 return; 552 } 553 554 /* Get PPP header. */ 555 h = mtod (m, struct ppp_header*); 556 m_adj (m, PPP_HEADER_LEN); 557 558 switch (h->address) { 559 case PPP_ALLSTATIONS: 560 if (h->control != PPP_UI) 561 goto invalid; 562 if (sp->pp_mode == IFF_CISCO) { 563 if (debug) 564 log(LOG_DEBUG, 565 SPP_FMT "PPP packet in Cisco mode " 566 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 567 SPP_ARGS(ifp), 568 h->address, h->control, ntohs(h->protocol)); 569 goto drop; 570 } 571 switch (ntohs (h->protocol)) { 572 default: 573 if (debug) 574 log(LOG_DEBUG, 575 SPP_FMT "rejecting protocol " 576 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 577 SPP_ARGS(ifp), 578 h->address, h->control, ntohs(h->protocol)); 579 if (sp->state[IDX_LCP] == STATE_OPENED) 580 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 581 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 582 &h->protocol); 583 ++ifp->if_noproto; 584 goto drop; 585 case PPP_LCP: 586 sppp_cp_input(&lcp, sp, m); 587 m_freem (m); 588 SPPP_UNLOCK(sp); 589 return; 590 case PPP_PAP: 591 if (sp->pp_phase >= PHASE_AUTHENTICATE) 592 sppp_pap_input(sp, m); 593 m_freem (m); 594 SPPP_UNLOCK(sp); 595 return; 596 case PPP_CHAP: 597 if (sp->pp_phase >= PHASE_AUTHENTICATE) 598 sppp_chap_input(sp, m); 599 m_freem (m); 600 SPPP_UNLOCK(sp); 601 return; 602#ifdef INET 603 case PPP_IPCP: 604 if (sp->pp_phase == PHASE_NETWORK) 605 sppp_cp_input(&ipcp, sp, m); 606 m_freem (m); 607 SPPP_UNLOCK(sp); 608 return; 609 case PPP_IP: 610 if (sp->state[IDX_IPCP] == STATE_OPENED) { 611 isr = NETISR_IP; 612 } 613 do_account++; 614 break; 615 case PPP_VJ_COMP: 616 if (sp->state[IDX_IPCP] == STATE_OPENED) { 617 if ((vjlen = 618 sl_uncompress_tcp_core(mtod(m, u_char *), 619 m->m_len, m->m_len, 620 TYPE_COMPRESSED_TCP, 621 sp->pp_comp, 622 &iphdr, &hlen)) <= 0) { 623 if (debug) 624 log(LOG_INFO, 625 SPP_FMT "VJ uncompress failed on compressed packet\n", 626 SPP_ARGS(ifp)); 627 goto drop; 628 } 629 630 /* 631 * Trim the VJ header off the packet, and prepend 632 * the uncompressed IP header (which will usually 633 * end up in two chained mbufs since there's not 634 * enough leading space in the existing mbuf). 635 */ 636 m_adj(m, vjlen); 637 M_PREPEND(m, hlen, M_DONTWAIT); 638 if (m == NULL) { 639 SPPP_UNLOCK(sp); 640 goto drop2; 641 } 642 bcopy(iphdr, mtod(m, u_char *), hlen); 643 isr = NETISR_IP; 644 } 645 do_account++; 646 break; 647 case PPP_VJ_UCOMP: 648 if (sp->state[IDX_IPCP] == STATE_OPENED) { 649 if (sl_uncompress_tcp_core(mtod(m, u_char *), 650 m->m_len, m->m_len, 651 TYPE_UNCOMPRESSED_TCP, 652 sp->pp_comp, 653 &iphdr, &hlen) != 0) { 654 if (debug) 655 log(LOG_INFO, 656 SPP_FMT "VJ uncompress failed on uncompressed packet\n", 657 SPP_ARGS(ifp)); 658 goto drop; 659 } 660 isr = NETISR_IP; 661 } 662 do_account++; 663 break; 664#endif 665#ifdef INET6 666 case PPP_IPV6CP: 667 if (sp->pp_phase == PHASE_NETWORK) 668 sppp_cp_input(&ipv6cp, sp, m); 669 m_freem (m); 670 SPPP_UNLOCK(sp); 671 return; 672 673 case PPP_IPV6: 674 if (sp->state[IDX_IPV6CP] == STATE_OPENED) 675 isr = NETISR_IPV6; 676 do_account++; 677 break; 678#endif 679#ifdef IPX 680 case PPP_IPX: 681 /* IPX IPXCP not implemented yet */ 682 if (sp->pp_phase == PHASE_NETWORK) 683 isr = NETISR_IPX; 684 do_account++; 685 break; 686#endif 687 } 688 break; 689 case CISCO_MULTICAST: 690 case CISCO_UNICAST: 691 /* Don't check the control field here (RFC 1547). */ 692 if (sp->pp_mode != IFF_CISCO) { 693 if (debug) 694 log(LOG_DEBUG, 695 SPP_FMT "Cisco packet in PPP mode " 696 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 697 SPP_ARGS(ifp), 698 h->address, h->control, ntohs(h->protocol)); 699 goto drop; 700 } 701 switch (ntohs (h->protocol)) { 702 default: 703 ++ifp->if_noproto; 704 goto invalid; 705 case CISCO_KEEPALIVE: 706 sppp_cisco_input ((struct sppp*) ifp, m); 707 m_freem (m); 708 SPPP_UNLOCK(sp); 709 return; 710#ifdef INET 711 case ETHERTYPE_IP: 712 isr = NETISR_IP; 713 do_account++; 714 break; 715#endif 716#ifdef INET6 717 case ETHERTYPE_IPV6: 718 isr = NETISR_IPV6; 719 do_account++; 720 break; 721#endif 722#ifdef IPX 723 case ETHERTYPE_IPX: 724 isr = NETISR_IPX; 725 do_account++; 726 break; 727#endif 728 } 729 break; 730 default: /* Invalid PPP packet. */ 731 invalid: 732 if (debug) 733 log(LOG_DEBUG, 734 SPP_FMT "invalid input packet " 735 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 736 SPP_ARGS(ifp), 737 h->address, h->control, ntohs(h->protocol)); 738 goto drop; 739 } 740 741 if (! (ifp->if_flags & IFF_UP) || isr == -1) 742 goto drop; 743 744 SPPP_UNLOCK(sp); 745 /* Check queue. */ 746 if (netisr_queue(isr, m)) { /* (0) on success. */ 747 if (debug) 748 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 749 SPP_ARGS(ifp)); 750 goto drop2; 751 } 752 753 if (do_account) 754 /* 755 * Do only account for network packets, not for control 756 * packets. This is used by some subsystems to detect 757 * idle lines. 758 */ 759 sp->pp_last_recv = time_second; 760} 761 762static void 763sppp_ifstart_sched(void *dummy) 764{ 765 struct sppp *sp = dummy; 766 767 sp->if_start(&sp->pp_if); 768} 769 770/* if_start () wrapper function. We use it to schedule real if_start () for 771 * execution. We can't call it directly 772 */ 773static void 774sppp_ifstart(struct ifnet *ifp) 775{ 776 struct sppp *sp = (struct sppp*) ifp; 777 778 if (SPPP_LOCK_OWNED(sp)) { 779 if (callout_pending(&sp->ifstart_callout)) 780 return; 781 callout_reset(&sp->ifstart_callout, 1, sppp_ifstart_sched, 782 (void *)sp); 783 } else { 784 sp->if_start(ifp); 785 } 786} 787 788/* 789 * Enqueue transmit packet. 790 */ 791static int 792sppp_output(struct ifnet *ifp, struct mbuf *m, 793 struct sockaddr *dst, struct rtentry *rt) 794{ 795 struct sppp *sp = (struct sppp*) ifp; 796 struct ppp_header *h; 797 struct ifqueue *ifq = NULL; 798 int s, error, rv = 0; 799 int ipproto = PPP_IP; 800 int debug = ifp->if_flags & IFF_DEBUG; 801 802 s = splimp(); 803 SPPP_LOCK(sp); 804 805 if ((ifp->if_flags & IFF_UP) == 0 || 806 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 807#ifdef INET6 808 drop: 809#endif 810 m_freem (m); 811 SPPP_UNLOCK(sp); 812 splx (s); 813 return (ENETDOWN); 814 } 815 816 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 817#ifdef INET6 818 /* 819 * XXX 820 * 821 * Hack to prevent the initialization-time generated 822 * IPv6 multicast packet to erroneously cause a 823 * dialout event in case IPv6 has been 824 * administratively disabled on that interface. 825 */ 826 if (dst->sa_family == AF_INET6 && 827 !(sp->confflags & CONF_ENABLE_IPV6)) 828 goto drop; 829#endif 830 /* 831 * Interface is not yet running, but auto-dial. Need 832 * to start LCP for it. 833 */ 834 ifp->if_flags |= IFF_RUNNING; 835 splx(s); 836 lcp.Open(sp); 837 s = splimp(); 838 } 839 840#ifdef INET 841 if (dst->sa_family == AF_INET) { 842 /* XXX Check mbuf length here? */ 843 struct ip *ip = mtod (m, struct ip*); 844 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 845 846 /* 847 * When using dynamic local IP address assignment by using 848 * 0.0.0.0 as a local address, the first TCP session will 849 * not connect because the local TCP checksum is computed 850 * using 0.0.0.0 which will later become our real IP address 851 * so the TCP checksum computed at the remote end will 852 * become invalid. So we 853 * - don't let packets with src ip addr 0 thru 854 * - we flag TCP packets with src ip 0 as an error 855 */ 856 857 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 858 { 859 m_freem(m); 860 SPPP_UNLOCK(sp); 861 splx(s); 862 if(ip->ip_p == IPPROTO_TCP) 863 return(EADDRNOTAVAIL); 864 else 865 return(0); 866 } 867 868 /* 869 * Put low delay, telnet, rlogin and ftp control packets 870 * in front of the queue or let ALTQ take care. 871 */ 872 if (ALTQ_IS_ENABLED(&ifp->if_snd)) 873 ; 874 else if (_IF_QFULL(&sp->pp_fastq)) 875 ; 876 else if (ip->ip_tos & IPTOS_LOWDELAY) 877 ifq = &sp->pp_fastq; 878 else if (m->m_len < sizeof *ip + sizeof *tcp) 879 ; 880 else if (ip->ip_p != IPPROTO_TCP) 881 ; 882 else if (INTERACTIVE (ntohs (tcp->th_sport))) 883 ifq = &sp->pp_fastq; 884 else if (INTERACTIVE (ntohs (tcp->th_dport))) 885 ifq = &sp->pp_fastq; 886 887 /* 888 * Do IP Header compression 889 */ 890 if (sp->pp_mode != IFF_CISCO && 891 (sp->ipcp.flags & IPCP_VJ) && ip->ip_p == IPPROTO_TCP) 892 switch (sl_compress_tcp(m, ip, sp->pp_comp, 893 sp->ipcp.compress_cid)) { 894 case TYPE_COMPRESSED_TCP: 895 ipproto = PPP_VJ_COMP; 896 break; 897 case TYPE_UNCOMPRESSED_TCP: 898 ipproto = PPP_VJ_UCOMP; 899 break; 900 case TYPE_IP: 901 ipproto = PPP_IP; 902 break; 903 default: 904 m_freem(m); 905 SPPP_UNLOCK(sp); 906 splx(s); 907 return (EINVAL); 908 } 909 } 910#endif 911 912#ifdef INET6 913 if (dst->sa_family == AF_INET6) { 914 /* XXX do something tricky here? */ 915 } 916#endif 917 918 /* 919 * Prepend general data packet PPP header. For now, IP only. 920 */ 921 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 922 if (! m) { 923 if (debug) 924 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 925 SPP_ARGS(ifp)); 926 ++ifp->if_oerrors; 927 SPPP_UNLOCK(sp); 928 splx (s); 929 return (ENOBUFS); 930 } 931 /* 932 * May want to check size of packet 933 * (albeit due to the implementation it's always enough) 934 */ 935 h = mtod (m, struct ppp_header*); 936 if (sp->pp_mode == IFF_CISCO) { 937 h->address = CISCO_UNICAST; /* unicast address */ 938 h->control = 0; 939 } else { 940 h->address = PPP_ALLSTATIONS; /* broadcast address */ 941 h->control = PPP_UI; /* Unnumbered Info */ 942 } 943 944 switch (dst->sa_family) { 945#ifdef INET 946 case AF_INET: /* Internet Protocol */ 947 if (sp->pp_mode == IFF_CISCO) 948 h->protocol = htons (ETHERTYPE_IP); 949 else { 950 /* 951 * Don't choke with an ENETDOWN early. It's 952 * possible that we just started dialing out, 953 * so don't drop the packet immediately. If 954 * we notice that we run out of buffer space 955 * below, we will however remember that we are 956 * not ready to carry IP packets, and return 957 * ENETDOWN, as opposed to ENOBUFS. 958 */ 959 h->protocol = htons(ipproto); 960 if (sp->state[IDX_IPCP] != STATE_OPENED) 961 rv = ENETDOWN; 962 } 963 break; 964#endif 965#ifdef INET6 966 case AF_INET6: /* Internet Protocol */ 967 if (sp->pp_mode == IFF_CISCO) 968 h->protocol = htons (ETHERTYPE_IPV6); 969 else { 970 /* 971 * Don't choke with an ENETDOWN early. It's 972 * possible that we just started dialing out, 973 * so don't drop the packet immediately. If 974 * we notice that we run out of buffer space 975 * below, we will however remember that we are 976 * not ready to carry IP packets, and return 977 * ENETDOWN, as opposed to ENOBUFS. 978 */ 979 h->protocol = htons(PPP_IPV6); 980 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 981 rv = ENETDOWN; 982 } 983 break; 984#endif 985#ifdef IPX 986 case AF_IPX: /* Novell IPX Protocol */ 987 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 988 ETHERTYPE_IPX : PPP_IPX); 989 break; 990#endif 991 default: 992 m_freem (m); 993 ++ifp->if_oerrors; 994 SPPP_UNLOCK(sp); 995 splx (s); 996 return (EAFNOSUPPORT); 997 } 998 999 /* 1000 * Queue message on interface, and start output if interface 1001 * not yet active. 1002 */ 1003 if (ifq != NULL) 1004 error = !(IF_HANDOFF_ADJ(ifq, m, ifp, 3)); 1005 else 1006 IFQ_HANDOFF_ADJ(ifp, m, 3, error); 1007 if (error) { 1008 ++ifp->if_oerrors; 1009 SPPP_UNLOCK(sp); 1010 splx (s); 1011 return (rv? rv: ENOBUFS); 1012 } 1013 SPPP_UNLOCK(sp); 1014 splx (s); 1015 /* 1016 * Unlike in sppp_input(), we can always bump the timestamp 1017 * here since sppp_output() is only called on behalf of 1018 * network-layer traffic; control-layer traffic is handled 1019 * by sppp_cp_send(). 1020 */ 1021 sp->pp_last_sent = time_second; 1022 return (0); 1023} 1024 1025void 1026sppp_attach(struct ifnet *ifp) 1027{ 1028 struct sppp *sp = (struct sppp*) ifp; 1029 1030 /* Initialize mtx lock */ 1031 mtx_init(&sp->mtx, "sppp", MTX_NETWORK_LOCK, MTX_DEF | MTX_RECURSE); 1032 1033 /* Initialize keepalive handler. */ 1034 callout_init(&sp->keepalive_callout, 1035 (ifp->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 1036 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 1037 (void *)sp); 1038 1039 sp->pp_if.if_mtu = PP_MTU; 1040 sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 1041 sp->pp_if.if_type = IFT_PPP; 1042 sp->pp_if.if_output = sppp_output; 1043#if 0 1044 sp->pp_flags = PP_KEEPALIVE; 1045#endif 1046 sp->pp_if.if_snd.ifq_maxlen = 32; 1047 sp->pp_fastq.ifq_maxlen = 32; 1048 sp->pp_cpq.ifq_maxlen = 20; 1049 sp->pp_loopcnt = 0; 1050 sp->pp_alivecnt = 0; 1051 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 1052 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 1053 sp->pp_phase = PHASE_DEAD; 1054 sp->pp_up = sppp_pp_up; 1055 sp->pp_down = sppp_pp_down; 1056 if(!mtx_initialized(&sp->pp_cpq.ifq_mtx)) 1057 mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", NULL, MTX_DEF); 1058 if(!mtx_initialized(&sp->pp_fastq.ifq_mtx)) 1059 mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", NULL, MTX_DEF); 1060 sp->pp_last_recv = sp->pp_last_sent = time_second; 1061 sp->confflags = 0; 1062#ifdef INET 1063 sp->confflags |= CONF_ENABLE_VJ; 1064#endif 1065#ifdef INET6 1066 sp->confflags |= CONF_ENABLE_IPV6; 1067#endif 1068 callout_init(&sp->ifstart_callout, 1069 (ifp->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 1070 sp->if_start = ifp->if_start; 1071 ifp->if_start = sppp_ifstart; 1072 sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAITOK); 1073 sl_compress_init(sp->pp_comp, -1); 1074 sppp_lcp_init(sp); 1075 sppp_ipcp_init(sp); 1076 sppp_ipv6cp_init(sp); 1077 sppp_pap_init(sp); 1078 sppp_chap_init(sp); 1079} 1080 1081void 1082sppp_detach(struct ifnet *ifp) 1083{ 1084 struct sppp *sp = (struct sppp*) ifp; 1085 int i; 1086 1087 KASSERT(mtx_initialized(&sp->mtx), ("sppp mutex is not initialized")); 1088 1089 /* Stop keepalive handler. */ 1090 if (!callout_drain(&sp->keepalive_callout)) 1091 callout_stop(&sp->keepalive_callout); 1092 1093 for (i = 0; i < IDX_COUNT; i++) { 1094 if (!callout_drain(&sp->ch[i])) 1095 callout_stop(&sp->ch[i]); 1096 } 1097 if (!callout_drain(&sp->pap_my_to_ch)) 1098 callout_stop(&sp->pap_my_to_ch); 1099 mtx_destroy(&sp->pp_cpq.ifq_mtx); 1100 mtx_destroy(&sp->pp_fastq.ifq_mtx); 1101 mtx_destroy(&sp->mtx); 1102} 1103 1104/* 1105 * Flush the interface output queue. 1106 */ 1107static void 1108sppp_flush_unlocked(struct ifnet *ifp) 1109{ 1110 struct sppp *sp = (struct sppp*) ifp; 1111 1112 sppp_qflush ((struct ifqueue *)&sp->pp_if.if_snd); 1113 sppp_qflush (&sp->pp_fastq); 1114 sppp_qflush (&sp->pp_cpq); 1115} 1116 1117void 1118sppp_flush(struct ifnet *ifp) 1119{ 1120 struct sppp *sp = (struct sppp*) ifp; 1121 1122 SPPP_LOCK(sp); 1123 sppp_flush_unlocked (ifp); 1124 SPPP_UNLOCK(sp); 1125} 1126 1127/* 1128 * Check if the output queue is empty. 1129 */ 1130int 1131sppp_isempty(struct ifnet *ifp) 1132{ 1133 struct sppp *sp = (struct sppp*) ifp; 1134 int empty, s; 1135 1136 s = splimp(); 1137 SPPP_LOCK(sp); 1138 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 1139 !sp->pp_if.if_snd.ifq_head; 1140 SPPP_UNLOCK(sp); 1141 splx(s); 1142 return (empty); 1143} 1144 1145/* 1146 * Get next packet to send. 1147 */ 1148struct mbuf * 1149sppp_dequeue(struct ifnet *ifp) 1150{ 1151 struct sppp *sp = (struct sppp*) ifp; 1152 struct mbuf *m; 1153 int s; 1154 1155 s = splimp(); 1156 SPPP_LOCK(sp); 1157 /* 1158 * Process only the control protocol queue until we have at 1159 * least one NCP open. 1160 * 1161 * Do always serve all three queues in Cisco mode. 1162 */ 1163 IF_DEQUEUE(&sp->pp_cpq, m); 1164 if (m == NULL && 1165 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO)) { 1166 IF_DEQUEUE(&sp->pp_fastq, m); 1167 if (m == NULL) 1168 IF_DEQUEUE (&sp->pp_if.if_snd, m); 1169 } 1170 SPPP_UNLOCK(sp); 1171 splx(s); 1172 return m; 1173} 1174 1175/* 1176 * Pick the next packet, do not remove it from the queue. 1177 */ 1178struct mbuf * 1179sppp_pick(struct ifnet *ifp) 1180{ 1181 struct sppp *sp = (struct sppp*)ifp; 1182 struct mbuf *m; 1183 int s; 1184 1185 s = splimp (); 1186 SPPP_LOCK(sp); 1187 1188 m = sp->pp_cpq.ifq_head; 1189 if (m == NULL && 1190 (sp->pp_phase == PHASE_NETWORK || 1191 sp->pp_mode == IFF_CISCO)) 1192 if ((m = sp->pp_fastq.ifq_head) == NULL) 1193 m = sp->pp_if.if_snd.ifq_head; 1194 SPPP_UNLOCK(sp); 1195 splx (s); 1196 return (m); 1197} 1198 1199/* 1200 * Process an ioctl request. Called on low priority level. 1201 */ 1202int 1203sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1204{ 1205 struct ifreq *ifr = (struct ifreq*) data; 1206 struct sppp *sp = (struct sppp*) ifp; 1207 int s, rv, going_up, going_down, newmode; 1208 1209 s = splimp(); 1210 SPPP_LOCK(sp); 1211 rv = 0; 1212 switch (cmd) { 1213 case SIOCAIFADDR: 1214 case SIOCSIFDSTADDR: 1215 break; 1216 1217 case SIOCSIFADDR: 1218 /* set the interface "up" when assigning an IP address */ 1219 ifp->if_flags |= IFF_UP; 1220 /* FALLTHROUGH */ 1221 1222 case SIOCSIFFLAGS: 1223 going_up = ifp->if_flags & IFF_UP && 1224 (ifp->if_flags & IFF_RUNNING) == 0; 1225 going_down = (ifp->if_flags & IFF_UP) == 0 && 1226 ifp->if_flags & IFF_RUNNING; 1227 1228 newmode = ifp->if_flags & IFF_PASSIVE; 1229 if (!newmode) 1230 newmode = ifp->if_flags & IFF_AUTO; 1231 if (!newmode) 1232 newmode = ifp->if_flags & IFF_CISCO; 1233 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1234 ifp->if_flags |= newmode; 1235 1236 if (newmode != sp->pp_mode) { 1237 going_down = 1; 1238 if (!going_up) 1239 going_up = ifp->if_flags & IFF_RUNNING; 1240 } 1241 1242 if (going_down) { 1243 if (sp->pp_mode != IFF_CISCO) 1244 lcp.Close(sp); 1245 else if (sp->pp_tlf) 1246 (sp->pp_tlf)(sp); 1247 sppp_flush_unlocked(ifp); 1248 ifp->if_flags &= ~IFF_RUNNING; 1249 sp->pp_mode = newmode; 1250 } 1251 1252 if (going_up) { 1253 if (sp->pp_mode != IFF_CISCO) 1254 lcp.Close(sp); 1255 sp->pp_mode = newmode; 1256 if (sp->pp_mode == 0) { 1257 ifp->if_flags |= IFF_RUNNING; 1258 lcp.Open(sp); 1259 } 1260 if (sp->pp_mode == IFF_CISCO) { 1261 if (sp->pp_tls) 1262 (sp->pp_tls)(sp); 1263 ifp->if_flags |= IFF_RUNNING; 1264 } 1265 } 1266 1267 break; 1268 1269#ifdef SIOCSIFMTU 1270#ifndef ifr_mtu 1271#define ifr_mtu ifr_metric 1272#endif 1273 case SIOCSIFMTU: 1274 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1275 return (EINVAL); 1276 ifp->if_mtu = ifr->ifr_mtu; 1277 break; 1278#endif 1279#ifdef SLIOCSETMTU 1280 case SLIOCSETMTU: 1281 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1282 return (EINVAL); 1283 ifp->if_mtu = *(short*)data; 1284 break; 1285#endif 1286#ifdef SIOCGIFMTU 1287 case SIOCGIFMTU: 1288 ifr->ifr_mtu = ifp->if_mtu; 1289 break; 1290#endif 1291#ifdef SLIOCGETMTU 1292 case SLIOCGETMTU: 1293 *(short*)data = ifp->if_mtu; 1294 break; 1295#endif 1296 case SIOCADDMULTI: 1297 case SIOCDELMULTI: 1298 break; 1299 1300 case SIOCGIFGENERIC: 1301 case SIOCSIFGENERIC: 1302 rv = sppp_params(sp, cmd, data); 1303 break; 1304 1305 default: 1306 rv = ENOTTY; 1307 } 1308 SPPP_UNLOCK(sp); 1309 splx(s); 1310 return rv; 1311} 1312 1313/* 1314 * Cisco framing implementation. 1315 */ 1316 1317/* 1318 * Handle incoming Cisco keepalive protocol packets. 1319 */ 1320static void 1321sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1322{ 1323 STDDCL; 1324 struct cisco_packet *h; 1325 u_long me, mymask; 1326 1327 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1328 if (debug) 1329 log(LOG_DEBUG, 1330 SPP_FMT "cisco invalid packet length: %d bytes\n", 1331 SPP_ARGS(ifp), m->m_pkthdr.len); 1332 return; 1333 } 1334 h = mtod (m, struct cisco_packet*); 1335 if (debug) 1336 log(LOG_DEBUG, 1337 SPP_FMT "cisco input: %d bytes " 1338 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1339 SPP_ARGS(ifp), m->m_pkthdr.len, 1340 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1341 (u_int)h->time0, (u_int)h->time1); 1342 switch (ntohl (h->type)) { 1343 default: 1344 if (debug) 1345 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1346 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1347 break; 1348 case CISCO_ADDR_REPLY: 1349 /* Reply on address request, ignore */ 1350 break; 1351 case CISCO_KEEPALIVE_REQ: 1352 sp->pp_alivecnt = 0; 1353 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1354 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1355 /* Local and remote sequence numbers are equal. 1356 * Probably, the line is in loopback mode. */ 1357 if (sp->pp_loopcnt >= MAXALIVECNT) { 1358 printf (SPP_FMT "loopback\n", 1359 SPP_ARGS(ifp)); 1360 sp->pp_loopcnt = 0; 1361 if (ifp->if_flags & IFF_UP) { 1362 if_down (ifp); 1363 sppp_qflush (&sp->pp_cpq); 1364 } 1365 } 1366 ++sp->pp_loopcnt; 1367 1368 /* Generate new local sequence number */ 1369#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1370 sp->pp_seq[IDX_LCP] = random(); 1371#else 1372 sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec; 1373#endif 1374 break; 1375 } 1376 sp->pp_loopcnt = 0; 1377 if (! (ifp->if_flags & IFF_UP) && 1378 (ifp->if_flags & IFF_RUNNING)) { 1379 if_up(ifp); 1380 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1381 } 1382 break; 1383 case CISCO_ADDR_REQ: 1384 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1385 if (me != 0L) 1386 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1387 break; 1388 } 1389} 1390 1391/* 1392 * Send Cisco keepalive packet. 1393 */ 1394static void 1395sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1396{ 1397 STDDCL; 1398 struct ppp_header *h; 1399 struct cisco_packet *ch; 1400 struct mbuf *m; 1401 struct timeval tv; 1402 1403 getmicrouptime(&tv); 1404 1405 MGETHDR (m, M_DONTWAIT, MT_DATA); 1406 if (! m) 1407 return; 1408 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1409 m->m_pkthdr.rcvif = 0; 1410 1411 h = mtod (m, struct ppp_header*); 1412 h->address = CISCO_MULTICAST; 1413 h->control = 0; 1414 h->protocol = htons (CISCO_KEEPALIVE); 1415 1416 ch = (struct cisco_packet*) (h + 1); 1417 ch->type = htonl (type); 1418 ch->par1 = htonl (par1); 1419 ch->par2 = htonl (par2); 1420 ch->rel = -1; 1421 1422 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1423 ch->time1 = htons ((u_short) tv.tv_sec); 1424 1425 if (debug) 1426 log(LOG_DEBUG, 1427 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1428 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1429 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1430 1431 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1432 ifp->if_oerrors++; 1433} 1434 1435/* 1436 * PPP protocol implementation. 1437 */ 1438 1439/* 1440 * Send PPP control protocol packet. 1441 */ 1442static void 1443sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1444 u_char ident, u_short len, void *data) 1445{ 1446 STDDCL; 1447 struct ppp_header *h; 1448 struct lcp_header *lh; 1449 struct mbuf *m; 1450 1451 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1452 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1453 MGETHDR (m, M_DONTWAIT, MT_DATA); 1454 if (! m) 1455 return; 1456 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1457 m->m_pkthdr.rcvif = 0; 1458 1459 h = mtod (m, struct ppp_header*); 1460 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1461 h->control = PPP_UI; /* Unnumbered Info */ 1462 h->protocol = htons (proto); /* Link Control Protocol */ 1463 1464 lh = (struct lcp_header*) (h + 1); 1465 lh->type = type; 1466 lh->ident = ident; 1467 lh->len = htons (LCP_HEADER_LEN + len); 1468 if (len) 1469 bcopy (data, lh+1, len); 1470 1471 if (debug) { 1472 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1473 SPP_ARGS(ifp), 1474 sppp_proto_name(proto), 1475 sppp_cp_type_name (lh->type), lh->ident, 1476 ntohs (lh->len)); 1477 sppp_print_bytes ((u_char*) (lh+1), len); 1478 log(-1, ">\n"); 1479 } 1480 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1481 ifp->if_oerrors++; 1482} 1483 1484/* 1485 * Handle incoming PPP control protocol packets. 1486 */ 1487static void 1488sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1489{ 1490 STDDCL; 1491 struct lcp_header *h; 1492 int len = m->m_pkthdr.len; 1493 int rv; 1494 u_char *p; 1495 1496 if (len < 4) { 1497 if (debug) 1498 log(LOG_DEBUG, 1499 SPP_FMT "%s invalid packet length: %d bytes\n", 1500 SPP_ARGS(ifp), cp->name, len); 1501 return; 1502 } 1503 h = mtod (m, struct lcp_header*); 1504 if (debug) { 1505 log(LOG_DEBUG, 1506 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1507 SPP_ARGS(ifp), cp->name, 1508 sppp_state_name(sp->state[cp->protoidx]), 1509 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1510 sppp_print_bytes ((u_char*) (h+1), len-4); 1511 log(-1, ">\n"); 1512 } 1513 if (len > ntohs (h->len)) 1514 len = ntohs (h->len); 1515 p = (u_char *)(h + 1); 1516 switch (h->type) { 1517 case CONF_REQ: 1518 if (len < 4) { 1519 if (debug) 1520 log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1521 SPP_ARGS(ifp), cp->name, 1522 len); 1523 ++ifp->if_ierrors; 1524 break; 1525 } 1526 /* handle states where RCR doesn't get a SCA/SCN */ 1527 switch (sp->state[cp->protoidx]) { 1528 case STATE_CLOSING: 1529 case STATE_STOPPING: 1530 return; 1531 case STATE_CLOSED: 1532 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1533 0, 0); 1534 return; 1535 } 1536 rv = (cp->RCR)(sp, h, len); 1537 switch (sp->state[cp->protoidx]) { 1538 case STATE_OPENED: 1539 (cp->tld)(sp); 1540 (cp->scr)(sp); 1541 /* FALLTHROUGH */ 1542 case STATE_ACK_SENT: 1543 case STATE_REQ_SENT: 1544 /* 1545 * sppp_cp_change_state() have the side effect of 1546 * restarting the timeouts. We want to avoid that 1547 * if the state don't change, otherwise we won't 1548 * ever timeout and resend a configuration request 1549 * that got lost. 1550 */ 1551 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1552 STATE_REQ_SENT)) 1553 break; 1554 sppp_cp_change_state(cp, sp, rv? 1555 STATE_ACK_SENT: STATE_REQ_SENT); 1556 break; 1557 case STATE_STOPPED: 1558 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1559 (cp->scr)(sp); 1560 sppp_cp_change_state(cp, sp, rv? 1561 STATE_ACK_SENT: STATE_REQ_SENT); 1562 break; 1563 case STATE_ACK_RCVD: 1564 if (rv) { 1565 sppp_cp_change_state(cp, sp, STATE_OPENED); 1566 if (debug) 1567 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1568 SPP_ARGS(ifp), 1569 cp->name); 1570 (cp->tlu)(sp); 1571 } else 1572 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1573 break; 1574 default: 1575 printf(SPP_FMT "%s illegal %s in state %s\n", 1576 SPP_ARGS(ifp), cp->name, 1577 sppp_cp_type_name(h->type), 1578 sppp_state_name(sp->state[cp->protoidx])); 1579 ++ifp->if_ierrors; 1580 } 1581 break; 1582 case CONF_ACK: 1583 if (h->ident != sp->confid[cp->protoidx]) { 1584 if (debug) 1585 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1586 SPP_ARGS(ifp), cp->name, 1587 h->ident, sp->confid[cp->protoidx]); 1588 ++ifp->if_ierrors; 1589 break; 1590 } 1591 switch (sp->state[cp->protoidx]) { 1592 case STATE_CLOSED: 1593 case STATE_STOPPED: 1594 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1595 break; 1596 case STATE_CLOSING: 1597 case STATE_STOPPING: 1598 break; 1599 case STATE_REQ_SENT: 1600 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1601 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1602 break; 1603 case STATE_OPENED: 1604 (cp->tld)(sp); 1605 /* FALLTHROUGH */ 1606 case STATE_ACK_RCVD: 1607 (cp->scr)(sp); 1608 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1609 break; 1610 case STATE_ACK_SENT: 1611 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1612 sppp_cp_change_state(cp, sp, STATE_OPENED); 1613 if (debug) 1614 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1615 SPP_ARGS(ifp), cp->name); 1616 (cp->tlu)(sp); 1617 break; 1618 default: 1619 printf(SPP_FMT "%s illegal %s in state %s\n", 1620 SPP_ARGS(ifp), cp->name, 1621 sppp_cp_type_name(h->type), 1622 sppp_state_name(sp->state[cp->protoidx])); 1623 ++ifp->if_ierrors; 1624 } 1625 break; 1626 case CONF_NAK: 1627 case CONF_REJ: 1628 if (h->ident != sp->confid[cp->protoidx]) { 1629 if (debug) 1630 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1631 SPP_ARGS(ifp), cp->name, 1632 h->ident, sp->confid[cp->protoidx]); 1633 ++ifp->if_ierrors; 1634 break; 1635 } 1636 if (h->type == CONF_NAK) 1637 (cp->RCN_nak)(sp, h, len); 1638 else /* CONF_REJ */ 1639 (cp->RCN_rej)(sp, h, len); 1640 1641 switch (sp->state[cp->protoidx]) { 1642 case STATE_CLOSED: 1643 case STATE_STOPPED: 1644 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1645 break; 1646 case STATE_REQ_SENT: 1647 case STATE_ACK_SENT: 1648 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1649 /* 1650 * Slow things down a bit if we think we might be 1651 * in loopback. Depend on the timeout to send the 1652 * next configuration request. 1653 */ 1654 if (sp->pp_loopcnt) 1655 break; 1656 (cp->scr)(sp); 1657 break; 1658 case STATE_OPENED: 1659 (cp->tld)(sp); 1660 /* FALLTHROUGH */ 1661 case STATE_ACK_RCVD: 1662 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1663 (cp->scr)(sp); 1664 break; 1665 case STATE_CLOSING: 1666 case STATE_STOPPING: 1667 break; 1668 default: 1669 printf(SPP_FMT "%s illegal %s in state %s\n", 1670 SPP_ARGS(ifp), cp->name, 1671 sppp_cp_type_name(h->type), 1672 sppp_state_name(sp->state[cp->protoidx])); 1673 ++ifp->if_ierrors; 1674 } 1675 break; 1676 1677 case TERM_REQ: 1678 switch (sp->state[cp->protoidx]) { 1679 case STATE_ACK_RCVD: 1680 case STATE_ACK_SENT: 1681 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1682 /* FALLTHROUGH */ 1683 case STATE_CLOSED: 1684 case STATE_STOPPED: 1685 case STATE_CLOSING: 1686 case STATE_STOPPING: 1687 case STATE_REQ_SENT: 1688 sta: 1689 /* Send Terminate-Ack packet. */ 1690 if (debug) 1691 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1692 SPP_ARGS(ifp), cp->name); 1693 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1694 break; 1695 case STATE_OPENED: 1696 (cp->tld)(sp); 1697 sp->rst_counter[cp->protoidx] = 0; 1698 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1699 goto sta; 1700 break; 1701 default: 1702 printf(SPP_FMT "%s illegal %s in state %s\n", 1703 SPP_ARGS(ifp), cp->name, 1704 sppp_cp_type_name(h->type), 1705 sppp_state_name(sp->state[cp->protoidx])); 1706 ++ifp->if_ierrors; 1707 } 1708 break; 1709 case TERM_ACK: 1710 switch (sp->state[cp->protoidx]) { 1711 case STATE_CLOSED: 1712 case STATE_STOPPED: 1713 case STATE_REQ_SENT: 1714 case STATE_ACK_SENT: 1715 break; 1716 case STATE_CLOSING: 1717 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1718 (cp->tlf)(sp); 1719 break; 1720 case STATE_STOPPING: 1721 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1722 (cp->tlf)(sp); 1723 break; 1724 case STATE_ACK_RCVD: 1725 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1726 break; 1727 case STATE_OPENED: 1728 (cp->tld)(sp); 1729 (cp->scr)(sp); 1730 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1731 break; 1732 default: 1733 printf(SPP_FMT "%s illegal %s in state %s\n", 1734 SPP_ARGS(ifp), cp->name, 1735 sppp_cp_type_name(h->type), 1736 sppp_state_name(sp->state[cp->protoidx])); 1737 ++ifp->if_ierrors; 1738 } 1739 break; 1740 case CODE_REJ: 1741 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1742 log(LOG_INFO, 1743 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1744 "danger will robinson\n", 1745 SPP_ARGS(ifp), cp->name, 1746 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1747 switch (sp->state[cp->protoidx]) { 1748 case STATE_CLOSED: 1749 case STATE_STOPPED: 1750 case STATE_REQ_SENT: 1751 case STATE_ACK_SENT: 1752 case STATE_CLOSING: 1753 case STATE_STOPPING: 1754 case STATE_OPENED: 1755 break; 1756 case STATE_ACK_RCVD: 1757 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1758 break; 1759 default: 1760 printf(SPP_FMT "%s illegal %s in state %s\n", 1761 SPP_ARGS(ifp), cp->name, 1762 sppp_cp_type_name(h->type), 1763 sppp_state_name(sp->state[cp->protoidx])); 1764 ++ifp->if_ierrors; 1765 } 1766 break; 1767 case PROTO_REJ: 1768 { 1769 int catastrophic; 1770 const struct cp *upper; 1771 int i; 1772 u_int16_t proto; 1773 1774 catastrophic = 0; 1775 upper = NULL; 1776 proto = ntohs(*((u_int16_t *)p)); 1777 for (i = 0; i < IDX_COUNT; i++) { 1778 if (cps[i]->proto == proto) { 1779 upper = cps[i]; 1780 break; 1781 } 1782 } 1783 if (upper == NULL) 1784 catastrophic++; 1785 1786 if (catastrophic || debug) 1787 log(catastrophic? LOG_INFO: LOG_DEBUG, 1788 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1789 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1790 sppp_cp_type_name(h->type), proto, 1791 upper ? upper->name : "unknown", 1792 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1793 1794 /* 1795 * if we got RXJ+ against conf-req, the peer does not implement 1796 * this particular protocol type. terminate the protocol. 1797 */ 1798 if (upper && !catastrophic) { 1799 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1800 upper->Close(sp); 1801 break; 1802 } 1803 } 1804 1805 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1806 switch (sp->state[cp->protoidx]) { 1807 case STATE_CLOSED: 1808 case STATE_STOPPED: 1809 case STATE_REQ_SENT: 1810 case STATE_ACK_SENT: 1811 case STATE_CLOSING: 1812 case STATE_STOPPING: 1813 case STATE_OPENED: 1814 break; 1815 case STATE_ACK_RCVD: 1816 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1817 break; 1818 default: 1819 printf(SPP_FMT "%s illegal %s in state %s\n", 1820 SPP_ARGS(ifp), cp->name, 1821 sppp_cp_type_name(h->type), 1822 sppp_state_name(sp->state[cp->protoidx])); 1823 ++ifp->if_ierrors; 1824 } 1825 break; 1826 } 1827 case DISC_REQ: 1828 if (cp->proto != PPP_LCP) 1829 goto illegal; 1830 /* Discard the packet. */ 1831 break; 1832 case ECHO_REQ: 1833 if (cp->proto != PPP_LCP) 1834 goto illegal; 1835 if (sp->state[cp->protoidx] != STATE_OPENED) { 1836 if (debug) 1837 log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1838 SPP_ARGS(ifp)); 1839 ++ifp->if_ierrors; 1840 break; 1841 } 1842 if (len < 8) { 1843 if (debug) 1844 log(-1, SPP_FMT "invalid lcp echo request " 1845 "packet length: %d bytes\n", 1846 SPP_ARGS(ifp), len); 1847 break; 1848 } 1849 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1850 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1851 /* Line loopback mode detected. */ 1852 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1853 sp->pp_loopcnt = MAXALIVECNT * 5; 1854 if_down (ifp); 1855 sppp_qflush (&sp->pp_cpq); 1856 1857 /* Shut down the PPP link. */ 1858 /* XXX */ 1859 lcp.Down(sp); 1860 lcp.Up(sp); 1861 break; 1862 } 1863 *(long*)(h+1) = htonl (sp->lcp.magic); 1864 if (debug) 1865 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1866 SPP_ARGS(ifp)); 1867 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1868 break; 1869 case ECHO_REPLY: 1870 if (cp->proto != PPP_LCP) 1871 goto illegal; 1872 if (h->ident != sp->lcp.echoid) { 1873 ++ifp->if_ierrors; 1874 break; 1875 } 1876 if (len < 8) { 1877 if (debug) 1878 log(-1, SPP_FMT "lcp invalid echo reply " 1879 "packet length: %d bytes\n", 1880 SPP_ARGS(ifp), len); 1881 break; 1882 } 1883 if (debug) 1884 log(-1, SPP_FMT "lcp got echo rep\n", 1885 SPP_ARGS(ifp)); 1886 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1887 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1888 sp->pp_alivecnt = 0; 1889 break; 1890 default: 1891 /* Unknown packet type -- send Code-Reject packet. */ 1892 illegal: 1893 if (debug) 1894 log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1895 SPP_ARGS(ifp), cp->name, h->type); 1896 sppp_cp_send(sp, cp->proto, CODE_REJ, 1897 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1898 ++ifp->if_ierrors; 1899 } 1900} 1901 1902 1903/* 1904 * The generic part of all Up/Down/Open/Close/TO event handlers. 1905 * Basically, the state transition handling in the automaton. 1906 */ 1907static void 1908sppp_up_event(const struct cp *cp, struct sppp *sp) 1909{ 1910 STDDCL; 1911 1912 if (debug) 1913 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1914 SPP_ARGS(ifp), cp->name, 1915 sppp_state_name(sp->state[cp->protoidx])); 1916 1917 switch (sp->state[cp->protoidx]) { 1918 case STATE_INITIAL: 1919 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1920 break; 1921 case STATE_STARTING: 1922 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1923 (cp->scr)(sp); 1924 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1925 break; 1926 default: 1927 printf(SPP_FMT "%s illegal up in state %s\n", 1928 SPP_ARGS(ifp), cp->name, 1929 sppp_state_name(sp->state[cp->protoidx])); 1930 } 1931} 1932 1933static void 1934sppp_down_event(const struct cp *cp, struct sppp *sp) 1935{ 1936 STDDCL; 1937 1938 if (debug) 1939 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1940 SPP_ARGS(ifp), cp->name, 1941 sppp_state_name(sp->state[cp->protoidx])); 1942 1943 switch (sp->state[cp->protoidx]) { 1944 case STATE_CLOSED: 1945 case STATE_CLOSING: 1946 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1947 break; 1948 case STATE_STOPPED: 1949 sppp_cp_change_state(cp, sp, STATE_STARTING); 1950 (cp->tls)(sp); 1951 break; 1952 case STATE_STOPPING: 1953 case STATE_REQ_SENT: 1954 case STATE_ACK_RCVD: 1955 case STATE_ACK_SENT: 1956 sppp_cp_change_state(cp, sp, STATE_STARTING); 1957 break; 1958 case STATE_OPENED: 1959 (cp->tld)(sp); 1960 sppp_cp_change_state(cp, sp, STATE_STARTING); 1961 break; 1962 default: 1963 printf(SPP_FMT "%s illegal down in state %s\n", 1964 SPP_ARGS(ifp), cp->name, 1965 sppp_state_name(sp->state[cp->protoidx])); 1966 } 1967} 1968 1969 1970static void 1971sppp_open_event(const struct cp *cp, struct sppp *sp) 1972{ 1973 STDDCL; 1974 1975 if (debug) 1976 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1977 SPP_ARGS(ifp), cp->name, 1978 sppp_state_name(sp->state[cp->protoidx])); 1979 1980 switch (sp->state[cp->protoidx]) { 1981 case STATE_INITIAL: 1982 sppp_cp_change_state(cp, sp, STATE_STARTING); 1983 (cp->tls)(sp); 1984 break; 1985 case STATE_STARTING: 1986 break; 1987 case STATE_CLOSED: 1988 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1989 (cp->scr)(sp); 1990 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1991 break; 1992 case STATE_STOPPED: 1993 /* 1994 * Try escaping stopped state. This seems to bite 1995 * people occasionally, in particular for IPCP, 1996 * presumably following previous IPCP negotiation 1997 * aborts. Somehow, we must have missed a Down event 1998 * which would have caused a transition into starting 1999 * state, so as a bandaid we force the Down event now. 2000 * This effectively implements (something like the) 2001 * `restart' option mentioned in the state transition 2002 * table of RFC 1661. 2003 */ 2004 sppp_cp_change_state(cp, sp, STATE_STARTING); 2005 (cp->tls)(sp); 2006 break; 2007 case STATE_STOPPING: 2008 case STATE_REQ_SENT: 2009 case STATE_ACK_RCVD: 2010 case STATE_ACK_SENT: 2011 case STATE_OPENED: 2012 break; 2013 case STATE_CLOSING: 2014 sppp_cp_change_state(cp, sp, STATE_STOPPING); 2015 break; 2016 } 2017} 2018 2019 2020static void 2021sppp_close_event(const struct cp *cp, struct sppp *sp) 2022{ 2023 STDDCL; 2024 2025 if (debug) 2026 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 2027 SPP_ARGS(ifp), cp->name, 2028 sppp_state_name(sp->state[cp->protoidx])); 2029 2030 switch (sp->state[cp->protoidx]) { 2031 case STATE_INITIAL: 2032 case STATE_CLOSED: 2033 case STATE_CLOSING: 2034 break; 2035 case STATE_STARTING: 2036 sppp_cp_change_state(cp, sp, STATE_INITIAL); 2037 (cp->tlf)(sp); 2038 break; 2039 case STATE_STOPPED: 2040 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2041 break; 2042 case STATE_STOPPING: 2043 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2044 break; 2045 case STATE_OPENED: 2046 (cp->tld)(sp); 2047 /* FALLTHROUGH */ 2048 case STATE_REQ_SENT: 2049 case STATE_ACK_RCVD: 2050 case STATE_ACK_SENT: 2051 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 2052 sppp_cp_send(sp, cp->proto, TERM_REQ, 2053 ++sp->pp_seq[cp->protoidx], 0, 0); 2054 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2055 break; 2056 } 2057} 2058 2059static void 2060sppp_to_event(const struct cp *cp, struct sppp *sp) 2061{ 2062 STDDCL; 2063 int s; 2064 2065 s = splimp(); 2066 SPPP_LOCK(sp); 2067 if (debug) 2068 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 2069 SPP_ARGS(ifp), cp->name, 2070 sppp_state_name(sp->state[cp->protoidx]), 2071 sp->rst_counter[cp->protoidx]); 2072 2073 if (--sp->rst_counter[cp->protoidx] < 0) 2074 /* TO- event */ 2075 switch (sp->state[cp->protoidx]) { 2076 case STATE_CLOSING: 2077 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2078 (cp->tlf)(sp); 2079 break; 2080 case STATE_STOPPING: 2081 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2082 (cp->tlf)(sp); 2083 break; 2084 case STATE_REQ_SENT: 2085 case STATE_ACK_RCVD: 2086 case STATE_ACK_SENT: 2087 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2088 (cp->tlf)(sp); 2089 break; 2090 } 2091 else 2092 /* TO+ event */ 2093 switch (sp->state[cp->protoidx]) { 2094 case STATE_CLOSING: 2095 case STATE_STOPPING: 2096 sppp_cp_send(sp, cp->proto, TERM_REQ, 2097 ++sp->pp_seq[cp->protoidx], 0, 0); 2098 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2099 cp->TO, (void *)sp); 2100 break; 2101 case STATE_REQ_SENT: 2102 case STATE_ACK_RCVD: 2103 (cp->scr)(sp); 2104 /* sppp_cp_change_state() will restart the timer */ 2105 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2106 break; 2107 case STATE_ACK_SENT: 2108 (cp->scr)(sp); 2109 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2110 cp->TO, (void *)sp); 2111 break; 2112 } 2113 2114 SPPP_UNLOCK(sp); 2115 splx(s); 2116} 2117 2118/* 2119 * Change the state of a control protocol in the state automaton. 2120 * Takes care of starting/stopping the restart timer. 2121 */ 2122static void 2123sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2124{ 2125 sp->state[cp->protoidx] = newstate; 2126 2127 callout_stop (&sp->ch[cp->protoidx]); 2128 2129 switch (newstate) { 2130 case STATE_INITIAL: 2131 case STATE_STARTING: 2132 case STATE_CLOSED: 2133 case STATE_STOPPED: 2134 case STATE_OPENED: 2135 break; 2136 case STATE_CLOSING: 2137 case STATE_STOPPING: 2138 case STATE_REQ_SENT: 2139 case STATE_ACK_RCVD: 2140 case STATE_ACK_SENT: 2141 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2142 cp->TO, (void *)sp); 2143 break; 2144 } 2145} 2146 2147/* 2148 *--------------------------------------------------------------------------* 2149 * * 2150 * The LCP implementation. * 2151 * * 2152 *--------------------------------------------------------------------------* 2153 */ 2154static void 2155sppp_pp_up(struct sppp *sp) 2156{ 2157 SPPP_LOCK(sp); 2158 lcp.Up(sp); 2159 SPPP_UNLOCK(sp); 2160} 2161 2162static void 2163sppp_pp_down(struct sppp *sp) 2164{ 2165 SPPP_LOCK(sp); 2166 lcp.Down(sp); 2167 SPPP_UNLOCK(sp); 2168} 2169 2170static void 2171sppp_lcp_init(struct sppp *sp) 2172{ 2173 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2174 sp->lcp.magic = 0; 2175 sp->state[IDX_LCP] = STATE_INITIAL; 2176 sp->fail_counter[IDX_LCP] = 0; 2177 sp->pp_seq[IDX_LCP] = 0; 2178 sp->pp_rseq[IDX_LCP] = 0; 2179 sp->lcp.protos = 0; 2180 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2181 2182 /* Note that these values are relevant for all control protocols */ 2183 sp->lcp.timeout = 3 * hz; 2184 sp->lcp.max_terminate = 2; 2185 sp->lcp.max_configure = 10; 2186 sp->lcp.max_failure = 10; 2187 callout_init(&sp->ch[IDX_LCP], 2188 (sp->pp_if.if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 2189} 2190 2191static void 2192sppp_lcp_up(struct sppp *sp) 2193{ 2194 STDDCL; 2195 2196 sp->pp_alivecnt = 0; 2197 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2198 sp->lcp.magic = 0; 2199 sp->lcp.protos = 0; 2200 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2201 /* 2202 * If we are authenticator, negotiate LCP_AUTH 2203 */ 2204 if (sp->hisauth.proto != 0) 2205 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2206 else 2207 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2208 sp->pp_flags &= ~PP_NEEDAUTH; 2209 /* 2210 * If this interface is passive or dial-on-demand, and we are 2211 * still in Initial state, it means we've got an incoming 2212 * call. Activate the interface. 2213 */ 2214 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2215 if (debug) 2216 log(LOG_DEBUG, 2217 SPP_FMT "Up event", SPP_ARGS(ifp)); 2218 ifp->if_flags |= IFF_RUNNING; 2219 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2220 if (debug) 2221 log(-1, "(incoming call)\n"); 2222 sp->pp_flags |= PP_CALLIN; 2223 lcp.Open(sp); 2224 } else if (debug) 2225 log(-1, "\n"); 2226 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2227 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2228 ifp->if_flags |= IFF_RUNNING; 2229 lcp.Open(sp); 2230 } 2231 2232 sppp_up_event(&lcp, sp); 2233} 2234 2235static void 2236sppp_lcp_down(struct sppp *sp) 2237{ 2238 STDDCL; 2239 2240 sppp_down_event(&lcp, sp); 2241 2242 /* 2243 * If this is neither a dial-on-demand nor a passive 2244 * interface, simulate an ``ifconfig down'' action, so the 2245 * administrator can force a redial by another ``ifconfig 2246 * up''. XXX For leased line operation, should we immediately 2247 * try to reopen the connection here? 2248 */ 2249 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2250 log(LOG_INFO, 2251 SPP_FMT "Down event, taking interface down.\n", 2252 SPP_ARGS(ifp)); 2253 if_down(ifp); 2254 } else { 2255 if (debug) 2256 log(LOG_DEBUG, 2257 SPP_FMT "Down event (carrier loss)\n", 2258 SPP_ARGS(ifp)); 2259 sp->pp_flags &= ~PP_CALLIN; 2260 if (sp->state[IDX_LCP] != STATE_INITIAL) 2261 lcp.Close(sp); 2262 ifp->if_flags &= ~IFF_RUNNING; 2263 } 2264} 2265 2266static void 2267sppp_lcp_open(struct sppp *sp) 2268{ 2269 sppp_open_event(&lcp, sp); 2270} 2271 2272static void 2273sppp_lcp_close(struct sppp *sp) 2274{ 2275 sppp_close_event(&lcp, sp); 2276} 2277 2278static void 2279sppp_lcp_TO(void *cookie) 2280{ 2281 sppp_to_event(&lcp, (struct sppp *)cookie); 2282} 2283 2284/* 2285 * Analyze a configure request. Return true if it was agreeable, and 2286 * caused action sca, false if it has been rejected or nak'ed, and 2287 * caused action scn. (The return value is used to make the state 2288 * transition decision in the state automaton.) 2289 */ 2290static int 2291sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2292{ 2293 STDDCL; 2294 u_char *buf, *r, *p; 2295 int origlen, rlen; 2296 u_long nmagic; 2297 u_short authproto; 2298 2299 len -= 4; 2300 origlen = len; 2301 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2302 if (! buf) 2303 return (0); 2304 2305 if (debug) 2306 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2307 SPP_ARGS(ifp)); 2308 2309 /* pass 1: check for things that need to be rejected */ 2310 p = (void*) (h+1); 2311 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2312 if (debug) 2313 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2314 switch (*p) { 2315 case LCP_OPT_MAGIC: 2316 /* Magic number. */ 2317 if (len >= 6 && p[1] == 6) 2318 continue; 2319 if (debug) 2320 log(-1, "[invalid] "); 2321 break; 2322 case LCP_OPT_ASYNC_MAP: 2323 /* Async control character map. */ 2324 if (len >= 6 && p[1] == 6) 2325 continue; 2326 if (debug) 2327 log(-1, "[invalid] "); 2328 break; 2329 case LCP_OPT_MRU: 2330 /* Maximum receive unit. */ 2331 if (len >= 4 && p[1] == 4) 2332 continue; 2333 if (debug) 2334 log(-1, "[invalid] "); 2335 break; 2336 case LCP_OPT_AUTH_PROTO: 2337 if (len < 4) { 2338 if (debug) 2339 log(-1, "[invalid] "); 2340 break; 2341 } 2342 authproto = (p[2] << 8) + p[3]; 2343 if (authproto == PPP_CHAP && p[1] != 5) { 2344 if (debug) 2345 log(-1, "[invalid chap len] "); 2346 break; 2347 } 2348 if (sp->myauth.proto == 0) { 2349 /* we are not configured to do auth */ 2350 if (debug) 2351 log(-1, "[not configured] "); 2352 break; 2353 } 2354 /* 2355 * Remote want us to authenticate, remember this, 2356 * so we stay in PHASE_AUTHENTICATE after LCP got 2357 * up. 2358 */ 2359 sp->pp_flags |= PP_NEEDAUTH; 2360 continue; 2361 default: 2362 /* Others not supported. */ 2363 if (debug) 2364 log(-1, "[rej] "); 2365 break; 2366 } 2367 /* Add the option to rejected list. */ 2368 bcopy (p, r, p[1]); 2369 r += p[1]; 2370 rlen += p[1]; 2371 } 2372 if (rlen) { 2373 if (debug) 2374 log(-1, " send conf-rej\n"); 2375 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2376 return 0; 2377 } else if (debug) 2378 log(-1, "\n"); 2379 2380 /* 2381 * pass 2: check for option values that are unacceptable and 2382 * thus require to be nak'ed. 2383 */ 2384 if (debug) 2385 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2386 SPP_ARGS(ifp)); 2387 2388 p = (void*) (h+1); 2389 len = origlen; 2390 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2391 if (debug) 2392 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2393 switch (*p) { 2394 case LCP_OPT_MAGIC: 2395 /* Magic number -- extract. */ 2396 nmagic = (u_long)p[2] << 24 | 2397 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2398 if (nmagic != sp->lcp.magic) { 2399 sp->pp_loopcnt = 0; 2400 if (debug) 2401 log(-1, "0x%lx ", nmagic); 2402 continue; 2403 } 2404 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2405 log(-1, "[glitch] "); 2406 ++sp->pp_loopcnt; 2407 /* 2408 * We negate our magic here, and NAK it. If 2409 * we see it later in an NAK packet, we 2410 * suggest a new one. 2411 */ 2412 nmagic = ~sp->lcp.magic; 2413 /* Gonna NAK it. */ 2414 p[2] = nmagic >> 24; 2415 p[3] = nmagic >> 16; 2416 p[4] = nmagic >> 8; 2417 p[5] = nmagic; 2418 break; 2419 2420 case LCP_OPT_ASYNC_MAP: 2421 /* 2422 * Async control character map -- just ignore it. 2423 * 2424 * Quote from RFC 1662, chapter 6: 2425 * To enable this functionality, synchronous PPP 2426 * implementations MUST always respond to the 2427 * Async-Control-Character-Map Configuration 2428 * Option with the LCP Configure-Ack. However, 2429 * acceptance of the Configuration Option does 2430 * not imply that the synchronous implementation 2431 * will do any ACCM mapping. Instead, all such 2432 * octet mapping will be performed by the 2433 * asynchronous-to-synchronous converter. 2434 */ 2435 continue; 2436 2437 case LCP_OPT_MRU: 2438 /* 2439 * Maximum receive unit. Always agreeable, 2440 * but ignored by now. 2441 */ 2442 sp->lcp.their_mru = p[2] * 256 + p[3]; 2443 if (debug) 2444 log(-1, "%lu ", sp->lcp.their_mru); 2445 continue; 2446 2447 case LCP_OPT_AUTH_PROTO: 2448 authproto = (p[2] << 8) + p[3]; 2449 if (sp->myauth.proto != authproto) { 2450 /* not agreed, nak */ 2451 if (debug) 2452 log(-1, "[mine %s != his %s] ", 2453 sppp_proto_name(sp->hisauth.proto), 2454 sppp_proto_name(authproto)); 2455 p[2] = sp->myauth.proto >> 8; 2456 p[3] = sp->myauth.proto; 2457 break; 2458 } 2459 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2460 if (debug) 2461 log(-1, "[chap not MD5] "); 2462 p[4] = CHAP_MD5; 2463 break; 2464 } 2465 continue; 2466 } 2467 /* Add the option to nak'ed list. */ 2468 bcopy (p, r, p[1]); 2469 r += p[1]; 2470 rlen += p[1]; 2471 } 2472 if (rlen) { 2473 /* 2474 * Local and remote magics equal -- loopback? 2475 */ 2476 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2477 if (sp->pp_loopcnt == MAXALIVECNT*5) 2478 printf (SPP_FMT "loopback\n", 2479 SPP_ARGS(ifp)); 2480 if (ifp->if_flags & IFF_UP) { 2481 if_down(ifp); 2482 sppp_qflush(&sp->pp_cpq); 2483 /* XXX ? */ 2484 lcp.Down(sp); 2485 lcp.Up(sp); 2486 } 2487 } else if (!sp->pp_loopcnt && 2488 ++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2489 if (debug) 2490 log(-1, " max_failure (%d) exceeded, " 2491 "send conf-rej\n", 2492 sp->lcp.max_failure); 2493 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2494 } else { 2495 if (debug) 2496 log(-1, " send conf-nak\n"); 2497 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2498 } 2499 } else { 2500 if (debug) 2501 log(-1, " send conf-ack\n"); 2502 sp->fail_counter[IDX_LCP] = 0; 2503 sp->pp_loopcnt = 0; 2504 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2505 h->ident, origlen, h+1); 2506 } 2507 2508 free (buf, M_TEMP); 2509 return (rlen == 0); 2510} 2511 2512/* 2513 * Analyze the LCP Configure-Reject option list, and adjust our 2514 * negotiation. 2515 */ 2516static void 2517sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2518{ 2519 STDDCL; 2520 u_char *buf, *p; 2521 2522 len -= 4; 2523 buf = malloc (len, M_TEMP, M_NOWAIT); 2524 if (!buf) 2525 return; 2526 2527 if (debug) 2528 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2529 SPP_ARGS(ifp)); 2530 2531 p = (void*) (h+1); 2532 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2533 if (debug) 2534 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2535 switch (*p) { 2536 case LCP_OPT_MAGIC: 2537 /* Magic number -- can't use it, use 0 */ 2538 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2539 sp->lcp.magic = 0; 2540 break; 2541 case LCP_OPT_MRU: 2542 /* 2543 * Should not be rejected anyway, since we only 2544 * negotiate a MRU if explicitly requested by 2545 * peer. 2546 */ 2547 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2548 break; 2549 case LCP_OPT_AUTH_PROTO: 2550 /* 2551 * Peer doesn't want to authenticate himself, 2552 * deny unless this is a dialout call, and 2553 * AUTHFLAG_NOCALLOUT is set. 2554 */ 2555 if ((sp->pp_flags & PP_CALLIN) == 0 && 2556 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2557 if (debug) 2558 log(-1, "[don't insist on auth " 2559 "for callout]"); 2560 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2561 break; 2562 } 2563 if (debug) 2564 log(-1, "[access denied]\n"); 2565 lcp.Close(sp); 2566 break; 2567 } 2568 } 2569 if (debug) 2570 log(-1, "\n"); 2571 free (buf, M_TEMP); 2572 return; 2573} 2574 2575/* 2576 * Analyze the LCP Configure-NAK option list, and adjust our 2577 * negotiation. 2578 */ 2579static void 2580sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2581{ 2582 STDDCL; 2583 u_char *buf, *p; 2584 u_long magic; 2585 2586 len -= 4; 2587 buf = malloc (len, M_TEMP, M_NOWAIT); 2588 if (!buf) 2589 return; 2590 2591 if (debug) 2592 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2593 SPP_ARGS(ifp)); 2594 2595 p = (void*) (h+1); 2596 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2597 if (debug) 2598 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2599 switch (*p) { 2600 case LCP_OPT_MAGIC: 2601 /* Magic number -- renegotiate */ 2602 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2603 len >= 6 && p[1] == 6) { 2604 magic = (u_long)p[2] << 24 | 2605 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2606 /* 2607 * If the remote magic is our negated one, 2608 * this looks like a loopback problem. 2609 * Suggest a new magic to make sure. 2610 */ 2611 if (magic == ~sp->lcp.magic) { 2612 if (debug) 2613 log(-1, "magic glitch "); 2614#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2615 sp->lcp.magic = random(); 2616#else 2617 sp->lcp.magic = time.tv_sec + time.tv_usec; 2618#endif 2619 } else { 2620 sp->lcp.magic = magic; 2621 if (debug) 2622 log(-1, "%lu ", magic); 2623 } 2624 } 2625 break; 2626 case LCP_OPT_MRU: 2627 /* 2628 * Peer wants to advise us to negotiate an MRU. 2629 * Agree on it if it's reasonable, or use 2630 * default otherwise. 2631 */ 2632 if (len >= 4 && p[1] == 4) { 2633 u_int mru = p[2] * 256 + p[3]; 2634 if (debug) 2635 log(-1, "%d ", mru); 2636 if (mru < PP_MTU || mru > PP_MAX_MRU) 2637 mru = PP_MTU; 2638 sp->lcp.mru = mru; 2639 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2640 } 2641 break; 2642 case LCP_OPT_AUTH_PROTO: 2643 /* 2644 * Peer doesn't like our authentication method, 2645 * deny. 2646 */ 2647 if (debug) 2648 log(-1, "[access denied]\n"); 2649 lcp.Close(sp); 2650 break; 2651 } 2652 } 2653 if (debug) 2654 log(-1, "\n"); 2655 free (buf, M_TEMP); 2656 return; 2657} 2658 2659static void 2660sppp_lcp_tlu(struct sppp *sp) 2661{ 2662 STDDCL; 2663 int i; 2664 u_long mask; 2665 2666 /* XXX ? */ 2667 if (! (ifp->if_flags & IFF_UP) && 2668 (ifp->if_flags & IFF_RUNNING)) { 2669 /* Coming out of loopback mode. */ 2670 if_up(ifp); 2671 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2672 } 2673 2674 for (i = 0; i < IDX_COUNT; i++) 2675 if ((cps[i])->flags & CP_QUAL) 2676 (cps[i])->Open(sp); 2677 2678 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2679 (sp->pp_flags & PP_NEEDAUTH) != 0) 2680 sp->pp_phase = PHASE_AUTHENTICATE; 2681 else 2682 sp->pp_phase = PHASE_NETWORK; 2683 2684 if (debug) 2685 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2686 sppp_phase_name(sp->pp_phase)); 2687 2688 /* 2689 * Open all authentication protocols. This is even required 2690 * if we already proceeded to network phase, since it might be 2691 * that remote wants us to authenticate, so we might have to 2692 * send a PAP request. Undesired authentication protocols 2693 * don't do anything when they get an Open event. 2694 */ 2695 for (i = 0; i < IDX_COUNT; i++) 2696 if ((cps[i])->flags & CP_AUTH) 2697 (cps[i])->Open(sp); 2698 2699 if (sp->pp_phase == PHASE_NETWORK) { 2700 /* Notify all NCPs. */ 2701 for (i = 0; i < IDX_COUNT; i++) 2702 if (((cps[i])->flags & CP_NCP) && 2703 /* 2704 * XXX 2705 * Hack to administratively disable IPv6 if 2706 * not desired. Perhaps we should have another 2707 * flag for this, but right now, we can make 2708 * all struct cp's read/only. 2709 */ 2710 (cps[i] != &ipv6cp || 2711 (sp->confflags & CONF_ENABLE_IPV6))) 2712 (cps[i])->Open(sp); 2713 } 2714 2715 /* Send Up events to all started protos. */ 2716 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2717 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2718 (cps[i])->Up(sp); 2719 2720 /* notify low-level driver of state change */ 2721 if (sp->pp_chg) 2722 sp->pp_chg(sp, (int)sp->pp_phase); 2723 2724 if (sp->pp_phase == PHASE_NETWORK) 2725 /* if no NCP is starting, close down */ 2726 sppp_lcp_check_and_close(sp); 2727} 2728 2729static void 2730sppp_lcp_tld(struct sppp *sp) 2731{ 2732 STDDCL; 2733 int i; 2734 u_long mask; 2735 2736 sp->pp_phase = PHASE_TERMINATE; 2737 2738 if (debug) 2739 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2740 sppp_phase_name(sp->pp_phase)); 2741 2742 /* 2743 * Take upper layers down. We send the Down event first and 2744 * the Close second to prevent the upper layers from sending 2745 * ``a flurry of terminate-request packets'', as the RFC 2746 * describes it. 2747 */ 2748 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2749 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2750 (cps[i])->Down(sp); 2751 (cps[i])->Close(sp); 2752 } 2753} 2754 2755static void 2756sppp_lcp_tls(struct sppp *sp) 2757{ 2758 STDDCL; 2759 2760 sp->pp_phase = PHASE_ESTABLISH; 2761 2762 if (debug) 2763 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2764 sppp_phase_name(sp->pp_phase)); 2765 2766 /* Notify lower layer if desired. */ 2767 if (sp->pp_tls) 2768 (sp->pp_tls)(sp); 2769 else 2770 (sp->pp_up)(sp); 2771} 2772 2773static void 2774sppp_lcp_tlf(struct sppp *sp) 2775{ 2776 STDDCL; 2777 2778 sp->pp_phase = PHASE_DEAD; 2779 if (debug) 2780 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2781 sppp_phase_name(sp->pp_phase)); 2782 2783 /* Notify lower layer if desired. */ 2784 if (sp->pp_tlf) 2785 (sp->pp_tlf)(sp); 2786 else 2787 (sp->pp_down)(sp); 2788} 2789 2790static void 2791sppp_lcp_scr(struct sppp *sp) 2792{ 2793 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2794 int i = 0; 2795 u_short authproto; 2796 2797 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2798 if (! sp->lcp.magic) 2799#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2800 sp->lcp.magic = random(); 2801#else 2802 sp->lcp.magic = time.tv_sec + time.tv_usec; 2803#endif 2804 opt[i++] = LCP_OPT_MAGIC; 2805 opt[i++] = 6; 2806 opt[i++] = sp->lcp.magic >> 24; 2807 opt[i++] = sp->lcp.magic >> 16; 2808 opt[i++] = sp->lcp.magic >> 8; 2809 opt[i++] = sp->lcp.magic; 2810 } 2811 2812 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2813 opt[i++] = LCP_OPT_MRU; 2814 opt[i++] = 4; 2815 opt[i++] = sp->lcp.mru >> 8; 2816 opt[i++] = sp->lcp.mru; 2817 } 2818 2819 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2820 authproto = sp->hisauth.proto; 2821 opt[i++] = LCP_OPT_AUTH_PROTO; 2822 opt[i++] = authproto == PPP_CHAP? 5: 4; 2823 opt[i++] = authproto >> 8; 2824 opt[i++] = authproto; 2825 if (authproto == PPP_CHAP) 2826 opt[i++] = CHAP_MD5; 2827 } 2828 2829 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2830 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2831} 2832 2833/* 2834 * Check the open NCPs, return true if at least one NCP is open. 2835 */ 2836static int 2837sppp_ncp_check(struct sppp *sp) 2838{ 2839 int i, mask; 2840 2841 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2842 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2843 return 1; 2844 return 0; 2845} 2846 2847/* 2848 * Re-check the open NCPs and see if we should terminate the link. 2849 * Called by the NCPs during their tlf action handling. 2850 */ 2851static void 2852sppp_lcp_check_and_close(struct sppp *sp) 2853{ 2854 2855 if (sp->pp_phase < PHASE_NETWORK) 2856 /* don't bother, we are already going down */ 2857 return; 2858 2859 if (sppp_ncp_check(sp)) 2860 return; 2861 2862 lcp.Close(sp); 2863} 2864 2865/* 2866 *--------------------------------------------------------------------------* 2867 * * 2868 * The IPCP implementation. * 2869 * * 2870 *--------------------------------------------------------------------------* 2871 */ 2872 2873static void 2874sppp_ipcp_init(struct sppp *sp) 2875{ 2876 sp->ipcp.opts = 0; 2877 sp->ipcp.flags = 0; 2878 sp->state[IDX_IPCP] = STATE_INITIAL; 2879 sp->fail_counter[IDX_IPCP] = 0; 2880 sp->pp_seq[IDX_IPCP] = 0; 2881 sp->pp_rseq[IDX_IPCP] = 0; 2882 callout_init(&sp->ch[IDX_IPCP], 2883 (sp->pp_if.if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 2884} 2885 2886static void 2887sppp_ipcp_up(struct sppp *sp) 2888{ 2889 sppp_up_event(&ipcp, sp); 2890} 2891 2892static void 2893sppp_ipcp_down(struct sppp *sp) 2894{ 2895 sppp_down_event(&ipcp, sp); 2896} 2897 2898static void 2899sppp_ipcp_open(struct sppp *sp) 2900{ 2901 STDDCL; 2902 u_long myaddr, hisaddr; 2903 2904 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN | 2905 IPCP_MYADDR_DYN | IPCP_VJ); 2906 sp->ipcp.opts = 0; 2907 2908 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2909 /* 2910 * If we don't have his address, this probably means our 2911 * interface doesn't want to talk IP at all. (This could 2912 * be the case if somebody wants to speak only IPX, for 2913 * example.) Don't open IPCP in this case. 2914 */ 2915 if (hisaddr == 0L) { 2916 /* XXX this message should go away */ 2917 if (debug) 2918 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2919 SPP_ARGS(ifp)); 2920 return; 2921 } 2922 if (myaddr == 0L) { 2923 /* 2924 * I don't have an assigned address, so i need to 2925 * negotiate my address. 2926 */ 2927 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2928 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2929 } else 2930 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2931 if (sp->confflags & CONF_ENABLE_VJ) { 2932 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION); 2933 sp->ipcp.max_state = MAX_STATES - 1; 2934 sp->ipcp.compress_cid = 1; 2935 } 2936 sppp_open_event(&ipcp, sp); 2937} 2938 2939static void 2940sppp_ipcp_close(struct sppp *sp) 2941{ 2942 sppp_close_event(&ipcp, sp); 2943 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2944 /* 2945 * My address was dynamic, clear it again. 2946 */ 2947 sppp_set_ip_addr(sp, 0L); 2948} 2949 2950static void 2951sppp_ipcp_TO(void *cookie) 2952{ 2953 sppp_to_event(&ipcp, (struct sppp *)cookie); 2954} 2955 2956/* 2957 * Analyze a configure request. Return true if it was agreeable, and 2958 * caused action sca, false if it has been rejected or nak'ed, and 2959 * caused action scn. (The return value is used to make the state 2960 * transition decision in the state automaton.) 2961 */ 2962static int 2963sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2964{ 2965 u_char *buf, *r, *p; 2966 struct ifnet *ifp = &sp->pp_if; 2967 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2968 u_long hisaddr, desiredaddr; 2969 int gotmyaddr = 0; 2970 int desiredcomp; 2971 2972 len -= 4; 2973 origlen = len; 2974 /* 2975 * Make sure to allocate a buf that can at least hold a 2976 * conf-nak with an `address' option. We might need it below. 2977 */ 2978 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2979 if (! buf) 2980 return (0); 2981 2982 /* pass 1: see if we can recognize them */ 2983 if (debug) 2984 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2985 SPP_ARGS(ifp)); 2986 p = (void*) (h+1); 2987 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2988 if (debug) 2989 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2990 switch (*p) { 2991 case IPCP_OPT_COMPRESSION: 2992 if (!(sp->confflags & CONF_ENABLE_VJ)) { 2993 /* VJ compression administratively disabled */ 2994 if (debug) 2995 log(-1, "[locally disabled] "); 2996 break; 2997 } 2998 /* 2999 * In theory, we should only conf-rej an 3000 * option that is shorter than RFC 1618 3001 * requires (i.e. < 4), and should conf-nak 3002 * anything else that is not VJ. However, 3003 * since our algorithm always uses the 3004 * original option to NAK it with new values, 3005 * things would become more complicated. In 3006 * pratice, the only commonly implemented IP 3007 * compression option is VJ anyway, so the 3008 * difference is negligible. 3009 */ 3010 if (len >= 6 && p[1] == 6) { 3011 /* 3012 * correctly formed compression option 3013 * that could be VJ compression 3014 */ 3015 continue; 3016 } 3017 if (debug) 3018 log(-1, 3019 "optlen %d [invalid/unsupported] ", 3020 p[1]); 3021 break; 3022 case IPCP_OPT_ADDRESS: 3023 if (len >= 6 && p[1] == 6) { 3024 /* correctly formed address option */ 3025 continue; 3026 } 3027 if (debug) 3028 log(-1, "[invalid] "); 3029 break; 3030 default: 3031 /* Others not supported. */ 3032 if (debug) 3033 log(-1, "[rej] "); 3034 break; 3035 } 3036 /* Add the option to rejected list. */ 3037 bcopy (p, r, p[1]); 3038 r += p[1]; 3039 rlen += p[1]; 3040 } 3041 if (rlen) { 3042 if (debug) 3043 log(-1, " send conf-rej\n"); 3044 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 3045 return 0; 3046 } else if (debug) 3047 log(-1, "\n"); 3048 3049 /* pass 2: parse option values */ 3050 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 3051 if (debug) 3052 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 3053 SPP_ARGS(ifp)); 3054 p = (void*) (h+1); 3055 len = origlen; 3056 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3057 if (debug) 3058 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3059 switch (*p) { 3060 case IPCP_OPT_COMPRESSION: 3061 desiredcomp = p[2] << 8 | p[3]; 3062 /* We only support VJ */ 3063 if (desiredcomp == IPCP_COMP_VJ) { 3064 if (debug) 3065 log(-1, "VJ [ack] "); 3066 sp->ipcp.flags |= IPCP_VJ; 3067 sl_compress_init(sp->pp_comp, p[4]); 3068 sp->ipcp.max_state = p[4]; 3069 sp->ipcp.compress_cid = p[5]; 3070 continue; 3071 } 3072 if (debug) 3073 log(-1, 3074 "compproto %#04x [not supported] ", 3075 desiredcomp); 3076 p[2] = IPCP_COMP_VJ >> 8; 3077 p[3] = IPCP_COMP_VJ; 3078 p[4] = sp->ipcp.max_state; 3079 p[5] = sp->ipcp.compress_cid; 3080 break; 3081 case IPCP_OPT_ADDRESS: 3082 /* This is the address he wants in his end */ 3083 desiredaddr = p[2] << 24 | p[3] << 16 | 3084 p[4] << 8 | p[5]; 3085 if (desiredaddr == hisaddr || 3086 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) { 3087 /* 3088 * Peer's address is same as our value, 3089 * or we have set it to 0.0.0.* to 3090 * indicate that we do not really care, 3091 * this is agreeable. Gonna conf-ack 3092 * it. 3093 */ 3094 if (debug) 3095 log(-1, "%s [ack] ", 3096 sppp_dotted_quad(hisaddr)); 3097 /* record that we've seen it already */ 3098 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3099 continue; 3100 } 3101 /* 3102 * The address wasn't agreeable. This is either 3103 * he sent us 0.0.0.0, asking to assign him an 3104 * address, or he send us another address not 3105 * matching our value. Either case, we gonna 3106 * conf-nak it with our value. 3107 * XXX: we should "rej" if hisaddr == 0 3108 */ 3109 if (debug) { 3110 if (desiredaddr == 0) 3111 log(-1, "[addr requested] "); 3112 else 3113 log(-1, "%s [not agreed] ", 3114 sppp_dotted_quad(desiredaddr)); 3115 3116 } 3117 p[2] = hisaddr >> 24; 3118 p[3] = hisaddr >> 16; 3119 p[4] = hisaddr >> 8; 3120 p[5] = hisaddr; 3121 break; 3122 } 3123 /* Add the option to nak'ed list. */ 3124 bcopy (p, r, p[1]); 3125 r += p[1]; 3126 rlen += p[1]; 3127 } 3128 3129 /* 3130 * If we are about to conf-ack the request, but haven't seen 3131 * his address so far, gonna conf-nak it instead, with the 3132 * `address' option present and our idea of his address being 3133 * filled in there, to request negotiation of both addresses. 3134 * 3135 * XXX This can result in an endless req - nak loop if peer 3136 * doesn't want to send us his address. Q: What should we do 3137 * about it? XXX A: implement the max-failure counter. 3138 */ 3139 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 3140 buf[0] = IPCP_OPT_ADDRESS; 3141 buf[1] = 6; 3142 buf[2] = hisaddr >> 24; 3143 buf[3] = hisaddr >> 16; 3144 buf[4] = hisaddr >> 8; 3145 buf[5] = hisaddr; 3146 rlen = 6; 3147 if (debug) 3148 log(-1, "still need hisaddr "); 3149 } 3150 3151 if (rlen) { 3152 if (debug) 3153 log(-1, " send conf-nak\n"); 3154 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3155 } else { 3156 if (debug) 3157 log(-1, " send conf-ack\n"); 3158 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 3159 h->ident, origlen, h+1); 3160 } 3161 3162 free (buf, M_TEMP); 3163 return (rlen == 0); 3164} 3165 3166/* 3167 * Analyze the IPCP Configure-Reject option list, and adjust our 3168 * negotiation. 3169 */ 3170static void 3171sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3172{ 3173 u_char *buf, *p; 3174 struct ifnet *ifp = &sp->pp_if; 3175 int debug = ifp->if_flags & IFF_DEBUG; 3176 3177 len -= 4; 3178 buf = malloc (len, M_TEMP, M_NOWAIT); 3179 if (!buf) 3180 return; 3181 3182 if (debug) 3183 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 3184 SPP_ARGS(ifp)); 3185 3186 p = (void*) (h+1); 3187 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3188 if (debug) 3189 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3190 switch (*p) { 3191 case IPCP_OPT_COMPRESSION: 3192 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION); 3193 break; 3194 case IPCP_OPT_ADDRESS: 3195 /* 3196 * Peer doesn't grok address option. This is 3197 * bad. XXX Should we better give up here? 3198 * XXX We could try old "addresses" option... 3199 */ 3200 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3201 break; 3202 } 3203 } 3204 if (debug) 3205 log(-1, "\n"); 3206 free (buf, M_TEMP); 3207 return; 3208} 3209 3210/* 3211 * Analyze the IPCP Configure-NAK option list, and adjust our 3212 * negotiation. 3213 */ 3214static void 3215sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3216{ 3217 u_char *buf, *p; 3218 struct ifnet *ifp = &sp->pp_if; 3219 int debug = ifp->if_flags & IFF_DEBUG; 3220 int desiredcomp; 3221 u_long wantaddr; 3222 3223 len -= 4; 3224 buf = malloc (len, M_TEMP, M_NOWAIT); 3225 if (!buf) 3226 return; 3227 3228 if (debug) 3229 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 3230 SPP_ARGS(ifp)); 3231 3232 p = (void*) (h+1); 3233 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3234 if (debug) 3235 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3236 switch (*p) { 3237 case IPCP_OPT_COMPRESSION: 3238 if (len >= 6 && p[1] == 6) { 3239 desiredcomp = p[2] << 8 | p[3]; 3240 if (debug) 3241 log(-1, "[wantcomp %#04x] ", 3242 desiredcomp); 3243 if (desiredcomp == IPCP_COMP_VJ) { 3244 sl_compress_init(sp->pp_comp, p[4]); 3245 sp->ipcp.max_state = p[4]; 3246 sp->ipcp.compress_cid = p[5]; 3247 if (debug) 3248 log(-1, "[agree] "); 3249 } else 3250 sp->ipcp.opts &= 3251 ~(1 << IPCP_OPT_COMPRESSION); 3252 } 3253 break; 3254 case IPCP_OPT_ADDRESS: 3255 /* 3256 * Peer doesn't like our local IP address. See 3257 * if we can do something for him. We'll drop 3258 * him our address then. 3259 */ 3260 if (len >= 6 && p[1] == 6) { 3261 wantaddr = p[2] << 24 | p[3] << 16 | 3262 p[4] << 8 | p[5]; 3263 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3264 if (debug) 3265 log(-1, "[wantaddr %s] ", 3266 sppp_dotted_quad(wantaddr)); 3267 /* 3268 * When doing dynamic address assignment, 3269 * we accept his offer. Otherwise, we 3270 * ignore it and thus continue to negotiate 3271 * our already existing value. 3272 * XXX: Bogus, if he said no once, he'll 3273 * just say no again, might as well die. 3274 */ 3275 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3276 sppp_set_ip_addr(sp, wantaddr); 3277 if (debug) 3278 log(-1, "[agree] "); 3279 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3280 } 3281 } 3282 break; 3283 } 3284 } 3285 if (debug) 3286 log(-1, "\n"); 3287 free (buf, M_TEMP); 3288 return; 3289} 3290 3291static void 3292sppp_ipcp_tlu(struct sppp *sp) 3293{ 3294 /* we are up - notify isdn daemon */ 3295 if (sp->pp_con) 3296 sp->pp_con(sp); 3297} 3298 3299static void 3300sppp_ipcp_tld(struct sppp *sp) 3301{ 3302} 3303 3304static void 3305sppp_ipcp_tls(struct sppp *sp) 3306{ 3307 /* indicate to LCP that it must stay alive */ 3308 sp->lcp.protos |= (1 << IDX_IPCP); 3309} 3310 3311static void 3312sppp_ipcp_tlf(struct sppp *sp) 3313{ 3314 /* we no longer need LCP */ 3315 sp->lcp.protos &= ~(1 << IDX_IPCP); 3316 sppp_lcp_check_and_close(sp); 3317} 3318 3319static void 3320sppp_ipcp_scr(struct sppp *sp) 3321{ 3322 char opt[6 /* compression */ + 6 /* address */]; 3323 u_long ouraddr; 3324 int i = 0; 3325 3326 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3327 opt[i++] = IPCP_OPT_COMPRESSION; 3328 opt[i++] = 6; 3329 opt[i++] = IPCP_COMP_VJ >> 8; 3330 opt[i++] = IPCP_COMP_VJ; 3331 opt[i++] = sp->ipcp.max_state; 3332 opt[i++] = sp->ipcp.compress_cid; 3333 } 3334 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3335 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3336 opt[i++] = IPCP_OPT_ADDRESS; 3337 opt[i++] = 6; 3338 opt[i++] = ouraddr >> 24; 3339 opt[i++] = ouraddr >> 16; 3340 opt[i++] = ouraddr >> 8; 3341 opt[i++] = ouraddr; 3342 } 3343 3344 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3345 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3346} 3347 3348/* 3349 *--------------------------------------------------------------------------* 3350 * * 3351 * The IPv6CP implementation. * 3352 * * 3353 *--------------------------------------------------------------------------* 3354 */ 3355 3356#ifdef INET6 3357static void 3358sppp_ipv6cp_init(struct sppp *sp) 3359{ 3360 sp->ipv6cp.opts = 0; 3361 sp->ipv6cp.flags = 0; 3362 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3363 sp->fail_counter[IDX_IPV6CP] = 0; 3364 sp->pp_seq[IDX_IPV6CP] = 0; 3365 sp->pp_rseq[IDX_IPV6CP] = 0; 3366 callout_init(&sp->ch[IDX_IPV6CP], 3367 (sp->pp_if.if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 3368} 3369 3370static void 3371sppp_ipv6cp_up(struct sppp *sp) 3372{ 3373 sppp_up_event(&ipv6cp, sp); 3374} 3375 3376static void 3377sppp_ipv6cp_down(struct sppp *sp) 3378{ 3379 sppp_down_event(&ipv6cp, sp); 3380} 3381 3382static void 3383sppp_ipv6cp_open(struct sppp *sp) 3384{ 3385 STDDCL; 3386 struct in6_addr myaddr, hisaddr; 3387 3388#ifdef IPV6CP_MYIFID_DYN 3389 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3390#else 3391 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3392#endif 3393 3394 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3395 /* 3396 * If we don't have our address, this probably means our 3397 * interface doesn't want to talk IPv6 at all. (This could 3398 * be the case if somebody wants to speak only IPX, for 3399 * example.) Don't open IPv6CP in this case. 3400 */ 3401 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3402 /* XXX this message should go away */ 3403 if (debug) 3404 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3405 SPP_ARGS(ifp)); 3406 return; 3407 } 3408 3409 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3410 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3411 sppp_open_event(&ipv6cp, sp); 3412} 3413 3414static void 3415sppp_ipv6cp_close(struct sppp *sp) 3416{ 3417 sppp_close_event(&ipv6cp, sp); 3418} 3419 3420static void 3421sppp_ipv6cp_TO(void *cookie) 3422{ 3423 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3424} 3425 3426/* 3427 * Analyze a configure request. Return true if it was agreeable, and 3428 * caused action sca, false if it has been rejected or nak'ed, and 3429 * caused action scn. (The return value is used to make the state 3430 * transition decision in the state automaton.) 3431 */ 3432static int 3433sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3434{ 3435 u_char *buf, *r, *p; 3436 struct ifnet *ifp = &sp->pp_if; 3437 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3438 struct in6_addr myaddr, desiredaddr, suggestaddr; 3439 int ifidcount; 3440 int type; 3441 int collision, nohisaddr; 3442 3443 len -= 4; 3444 origlen = len; 3445 /* 3446 * Make sure to allocate a buf that can at least hold a 3447 * conf-nak with an `address' option. We might need it below. 3448 */ 3449 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3450 if (! buf) 3451 return (0); 3452 3453 /* pass 1: see if we can recognize them */ 3454 if (debug) 3455 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3456 SPP_ARGS(ifp)); 3457 p = (void*) (h+1); 3458 ifidcount = 0; 3459 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3460 if (debug) 3461 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3462 switch (*p) { 3463 case IPV6CP_OPT_IFID: 3464 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3465 /* correctly formed address option */ 3466 ifidcount++; 3467 continue; 3468 } 3469 if (debug) 3470 log(-1, " [invalid]"); 3471 break; 3472#ifdef notyet 3473 case IPV6CP_OPT_COMPRESSION: 3474 if (len >= 4 && p[1] >= 4) { 3475 /* correctly formed compress option */ 3476 continue; 3477 } 3478 if (debug) 3479 log(-1, " [invalid]"); 3480 break; 3481#endif 3482 default: 3483 /* Others not supported. */ 3484 if (debug) 3485 log(-1, " [rej]"); 3486 break; 3487 } 3488 /* Add the option to rejected list. */ 3489 bcopy (p, r, p[1]); 3490 r += p[1]; 3491 rlen += p[1]; 3492 } 3493 if (rlen) { 3494 if (debug) 3495 log(-1, " send conf-rej\n"); 3496 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3497 goto end; 3498 } else if (debug) 3499 log(-1, "\n"); 3500 3501 /* pass 2: parse option values */ 3502 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3503 if (debug) 3504 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3505 SPP_ARGS(ifp)); 3506 p = (void*) (h+1); 3507 len = origlen; 3508 type = CONF_ACK; 3509 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3510 if (debug) 3511 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3512 switch (*p) { 3513#ifdef notyet 3514 case IPV6CP_OPT_COMPRESSION: 3515 continue; 3516#endif 3517 case IPV6CP_OPT_IFID: 3518 bzero(&desiredaddr, sizeof(desiredaddr)); 3519 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3520 collision = (bcmp(&desiredaddr.s6_addr[8], 3521 &myaddr.s6_addr[8], 8) == 0); 3522 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3523 3524 desiredaddr.s6_addr16[0] = htons(0xfe80); 3525 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3526 3527 if (!collision && !nohisaddr) { 3528 /* no collision, hisaddr known - Conf-Ack */ 3529 type = CONF_ACK; 3530 3531 if (debug) { 3532 log(-1, " %s [%s]", 3533 ip6_sprintf(&desiredaddr), 3534 sppp_cp_type_name(type)); 3535 } 3536 continue; 3537 } 3538 3539 bzero(&suggestaddr, sizeof(&suggestaddr)); 3540 if (collision && nohisaddr) { 3541 /* collision, hisaddr unknown - Conf-Rej */ 3542 type = CONF_REJ; 3543 bzero(&p[2], 8); 3544 } else { 3545 /* 3546 * - no collision, hisaddr unknown, or 3547 * - collision, hisaddr known 3548 * Conf-Nak, suggest hisaddr 3549 */ 3550 type = CONF_NAK; 3551 sppp_suggest_ip6_addr(sp, &suggestaddr); 3552 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3553 } 3554 if (debug) 3555 log(-1, " %s [%s]", ip6_sprintf(&desiredaddr), 3556 sppp_cp_type_name(type)); 3557 break; 3558 } 3559 /* Add the option to nak'ed list. */ 3560 bcopy (p, r, p[1]); 3561 r += p[1]; 3562 rlen += p[1]; 3563 } 3564 3565 if (rlen == 0 && type == CONF_ACK) { 3566 if (debug) 3567 log(-1, " send %s\n", sppp_cp_type_name(type)); 3568 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3569 } else { 3570#ifdef DIAGNOSTIC 3571 if (type == CONF_ACK) 3572 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3573#endif 3574 3575 if (debug) { 3576 log(-1, " send %s suggest %s\n", 3577 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3578 } 3579 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3580 } 3581 3582 end: 3583 free (buf, M_TEMP); 3584 return (rlen == 0); 3585} 3586 3587/* 3588 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3589 * negotiation. 3590 */ 3591static void 3592sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3593{ 3594 u_char *buf, *p; 3595 struct ifnet *ifp = &sp->pp_if; 3596 int debug = ifp->if_flags & IFF_DEBUG; 3597 3598 len -= 4; 3599 buf = malloc (len, M_TEMP, M_NOWAIT); 3600 if (!buf) 3601 return; 3602 3603 if (debug) 3604 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3605 SPP_ARGS(ifp)); 3606 3607 p = (void*) (h+1); 3608 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3609 if (debug) 3610 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3611 switch (*p) { 3612 case IPV6CP_OPT_IFID: 3613 /* 3614 * Peer doesn't grok address option. This is 3615 * bad. XXX Should we better give up here? 3616 */ 3617 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3618 break; 3619#ifdef notyet 3620 case IPV6CP_OPT_COMPRESS: 3621 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3622 break; 3623#endif 3624 } 3625 } 3626 if (debug) 3627 log(-1, "\n"); 3628 free (buf, M_TEMP); 3629 return; 3630} 3631 3632/* 3633 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3634 * negotiation. 3635 */ 3636static void 3637sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3638{ 3639 u_char *buf, *p; 3640 struct ifnet *ifp = &sp->pp_if; 3641 int debug = ifp->if_flags & IFF_DEBUG; 3642 struct in6_addr suggestaddr; 3643 3644 len -= 4; 3645 buf = malloc (len, M_TEMP, M_NOWAIT); 3646 if (!buf) 3647 return; 3648 3649 if (debug) 3650 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3651 SPP_ARGS(ifp)); 3652 3653 p = (void*) (h+1); 3654 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3655 if (debug) 3656 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3657 switch (*p) { 3658 case IPV6CP_OPT_IFID: 3659 /* 3660 * Peer doesn't like our local ifid. See 3661 * if we can do something for him. We'll drop 3662 * him our address then. 3663 */ 3664 if (len < 10 || p[1] != 10) 3665 break; 3666 bzero(&suggestaddr, sizeof(suggestaddr)); 3667 suggestaddr.s6_addr16[0] = htons(0xfe80); 3668 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3669 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3670 3671 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3672 if (debug) 3673 log(-1, " [suggestaddr %s]", 3674 ip6_sprintf(&suggestaddr)); 3675#ifdef IPV6CP_MYIFID_DYN 3676 /* 3677 * When doing dynamic address assignment, 3678 * we accept his offer. 3679 */ 3680 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3681 struct in6_addr lastsuggest; 3682 /* 3683 * If <suggested myaddr from peer> equals to 3684 * <hisaddr we have suggested last time>, 3685 * we have a collision. generate new random 3686 * ifid. 3687 */ 3688 sppp_suggest_ip6_addr(&lastsuggest); 3689 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3690 lastsuggest)) { 3691 if (debug) 3692 log(-1, " [random]"); 3693 sppp_gen_ip6_addr(sp, &suggestaddr); 3694 } 3695 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3696 if (debug) 3697 log(-1, " [agree]"); 3698 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3699 } 3700#else 3701 /* 3702 * Since we do not do dynamic address assignment, 3703 * we ignore it and thus continue to negotiate 3704 * our already existing value. This can possibly 3705 * go into infinite request-reject loop. 3706 * 3707 * This is not likely because we normally use 3708 * ifid based on MAC-address. 3709 * If you have no ethernet card on the node, too bad. 3710 * XXX should we use fail_counter? 3711 */ 3712#endif 3713 break; 3714#ifdef notyet 3715 case IPV6CP_OPT_COMPRESS: 3716 /* 3717 * Peer wants different compression parameters. 3718 */ 3719 break; 3720#endif 3721 } 3722 } 3723 if (debug) 3724 log(-1, "\n"); 3725 free (buf, M_TEMP); 3726 return; 3727} 3728static void 3729sppp_ipv6cp_tlu(struct sppp *sp) 3730{ 3731 /* we are up - notify isdn daemon */ 3732 if (sp->pp_con) 3733 sp->pp_con(sp); 3734} 3735 3736static void 3737sppp_ipv6cp_tld(struct sppp *sp) 3738{ 3739} 3740 3741static void 3742sppp_ipv6cp_tls(struct sppp *sp) 3743{ 3744 /* indicate to LCP that it must stay alive */ 3745 sp->lcp.protos |= (1 << IDX_IPV6CP); 3746} 3747 3748static void 3749sppp_ipv6cp_tlf(struct sppp *sp) 3750{ 3751 3752#if 0 /* need #if 0 to close IPv6CP properly */ 3753 /* we no longer need LCP */ 3754 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3755 sppp_lcp_check_and_close(sp); 3756#endif 3757} 3758 3759static void 3760sppp_ipv6cp_scr(struct sppp *sp) 3761{ 3762 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3763 struct in6_addr ouraddr; 3764 int i = 0; 3765 3766 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3767 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3768 opt[i++] = IPV6CP_OPT_IFID; 3769 opt[i++] = 10; 3770 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3771 i += 8; 3772 } 3773 3774#ifdef notyet 3775 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3776 opt[i++] = IPV6CP_OPT_COMPRESSION; 3777 opt[i++] = 4; 3778 opt[i++] = 0; /* TBD */ 3779 opt[i++] = 0; /* TBD */ 3780 /* variable length data may follow */ 3781 } 3782#endif 3783 3784 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3785 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3786} 3787#else /*INET6*/ 3788static void sppp_ipv6cp_init(struct sppp *sp) 3789{ 3790} 3791 3792static void sppp_ipv6cp_up(struct sppp *sp) 3793{ 3794} 3795 3796static void sppp_ipv6cp_down(struct sppp *sp) 3797{ 3798} 3799 3800 3801static void sppp_ipv6cp_open(struct sppp *sp) 3802{ 3803} 3804 3805static void sppp_ipv6cp_close(struct sppp *sp) 3806{ 3807} 3808 3809static void sppp_ipv6cp_TO(void *sp) 3810{ 3811} 3812 3813static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3814{ 3815 return 0; 3816} 3817 3818static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3819{ 3820} 3821 3822static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3823{ 3824} 3825 3826static void sppp_ipv6cp_tlu(struct sppp *sp) 3827{ 3828} 3829 3830static void sppp_ipv6cp_tld(struct sppp *sp) 3831{ 3832} 3833 3834static void sppp_ipv6cp_tls(struct sppp *sp) 3835{ 3836} 3837 3838static void sppp_ipv6cp_tlf(struct sppp *sp) 3839{ 3840} 3841 3842static void sppp_ipv6cp_scr(struct sppp *sp) 3843{ 3844} 3845#endif /*INET6*/ 3846 3847/* 3848 *--------------------------------------------------------------------------* 3849 * * 3850 * The CHAP implementation. * 3851 * * 3852 *--------------------------------------------------------------------------* 3853 */ 3854 3855/* 3856 * The authentication protocols don't employ a full-fledged state machine as 3857 * the control protocols do, since they do have Open and Close events, but 3858 * not Up and Down, nor are they explicitly terminated. Also, use of the 3859 * authentication protocols may be different in both directions (this makes 3860 * sense, think of a machine that never accepts incoming calls but only 3861 * calls out, it doesn't require the called party to authenticate itself). 3862 * 3863 * Our state machine for the local authentication protocol (we are requesting 3864 * the peer to authenticate) looks like: 3865 * 3866 * RCA- 3867 * +--------------------------------------------+ 3868 * V scn,tld| 3869 * +--------+ Close +---------+ RCA+ 3870 * | |<----------------------------------| |------+ 3871 * +--->| Closed | TO* | Opened | sca | 3872 * | | |-----+ +-------| |<-----+ 3873 * | +--------+ irc | | +---------+ 3874 * | ^ | | ^ 3875 * | | | | | 3876 * | | | | | 3877 * | TO-| | | | 3878 * | |tld TO+ V | | 3879 * | | +------->+ | | 3880 * | | | | | | 3881 * | +--------+ V | | 3882 * | | |<----+<--------------------+ | 3883 * | | Req- | scr | 3884 * | | Sent | | 3885 * | | | | 3886 * | +--------+ | 3887 * | RCA- | | RCA+ | 3888 * +------+ +------------------------------------------+ 3889 * scn,tld sca,irc,ict,tlu 3890 * 3891 * 3892 * with: 3893 * 3894 * Open: LCP reached authentication phase 3895 * Close: LCP reached terminate phase 3896 * 3897 * RCA+: received reply (pap-req, chap-response), acceptable 3898 * RCN: received reply (pap-req, chap-response), not acceptable 3899 * TO+: timeout with restart counter >= 0 3900 * TO-: timeout with restart counter < 0 3901 * TO*: reschedule timeout for CHAP 3902 * 3903 * scr: send request packet (none for PAP, chap-challenge) 3904 * sca: send ack packet (pap-ack, chap-success) 3905 * scn: send nak packet (pap-nak, chap-failure) 3906 * ict: initialize re-challenge timer (CHAP only) 3907 * 3908 * tlu: this-layer-up, LCP reaches network phase 3909 * tld: this-layer-down, LCP enters terminate phase 3910 * 3911 * Note that in CHAP mode, after sending a new challenge, while the state 3912 * automaton falls back into Req-Sent state, it doesn't signal a tld 3913 * event to LCP, so LCP remains in network phase. Only after not getting 3914 * any response (or after getting an unacceptable response), CHAP closes, 3915 * causing LCP to enter terminate phase. 3916 * 3917 * With PAP, there is no initial request that can be sent. The peer is 3918 * expected to send one based on the successful negotiation of PAP as 3919 * the authentication protocol during the LCP option negotiation. 3920 * 3921 * Incoming authentication protocol requests (remote requests 3922 * authentication, we are peer) don't employ a state machine at all, 3923 * they are simply answered. Some peers [Ascend P50 firmware rev 3924 * 4.50] react allergically when sending IPCP requests while they are 3925 * still in authentication phase (thereby violating the standard that 3926 * demands that these NCP packets are to be discarded), so we keep 3927 * track of the peer demanding us to authenticate, and only proceed to 3928 * phase network once we've seen a positive acknowledge for the 3929 * authentication. 3930 */ 3931 3932/* 3933 * Handle incoming CHAP packets. 3934 */ 3935static void 3936sppp_chap_input(struct sppp *sp, struct mbuf *m) 3937{ 3938 STDDCL; 3939 struct lcp_header *h; 3940 int len, x; 3941 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3942 int value_len, name_len; 3943 MD5_CTX ctx; 3944 3945 len = m->m_pkthdr.len; 3946 if (len < 4) { 3947 if (debug) 3948 log(LOG_DEBUG, 3949 SPP_FMT "chap invalid packet length: %d bytes\n", 3950 SPP_ARGS(ifp), len); 3951 return; 3952 } 3953 h = mtod (m, struct lcp_header*); 3954 if (len > ntohs (h->len)) 3955 len = ntohs (h->len); 3956 3957 switch (h->type) { 3958 /* challenge, failure and success are his authproto */ 3959 case CHAP_CHALLENGE: 3960 value = 1 + (u_char*)(h+1); 3961 value_len = value[-1]; 3962 name = value + value_len; 3963 name_len = len - value_len - 5; 3964 if (name_len < 0) { 3965 if (debug) { 3966 log(LOG_DEBUG, 3967 SPP_FMT "chap corrupted challenge " 3968 "<%s id=0x%x len=%d", 3969 SPP_ARGS(ifp), 3970 sppp_auth_type_name(PPP_CHAP, h->type), 3971 h->ident, ntohs(h->len)); 3972 sppp_print_bytes((u_char*) (h+1), len-4); 3973 log(-1, ">\n"); 3974 } 3975 break; 3976 } 3977 3978 if (debug) { 3979 log(LOG_DEBUG, 3980 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3981 SPP_ARGS(ifp), 3982 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3983 ntohs(h->len)); 3984 sppp_print_string((char*) name, name_len); 3985 log(-1, " value-size=%d value=", value_len); 3986 sppp_print_bytes(value, value_len); 3987 log(-1, ">\n"); 3988 } 3989 3990 /* Compute reply value. */ 3991 MD5Init(&ctx); 3992 MD5Update(&ctx, &h->ident, 1); 3993 MD5Update(&ctx, sp->myauth.secret, 3994 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3995 MD5Update(&ctx, value, value_len); 3996 MD5Final(digest, &ctx); 3997 dsize = sizeof digest; 3998 3999 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 4000 sizeof dsize, (const char *)&dsize, 4001 sizeof digest, digest, 4002 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4003 sp->myauth.name, 4004 0); 4005 break; 4006 4007 case CHAP_SUCCESS: 4008 if (debug) { 4009 log(LOG_DEBUG, SPP_FMT "chap success", 4010 SPP_ARGS(ifp)); 4011 if (len > 4) { 4012 log(-1, ": "); 4013 sppp_print_string((char*)(h + 1), len - 4); 4014 } 4015 log(-1, "\n"); 4016 } 4017 x = splimp(); 4018 SPPP_LOCK(sp); 4019 sp->pp_flags &= ~PP_NEEDAUTH; 4020 if (sp->myauth.proto == PPP_CHAP && 4021 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4022 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 4023 /* 4024 * We are authenticator for CHAP but didn't 4025 * complete yet. Leave it to tlu to proceed 4026 * to network phase. 4027 */ 4028 SPPP_UNLOCK(sp); 4029 splx(x); 4030 break; 4031 } 4032 SPPP_UNLOCK(sp); 4033 splx(x); 4034 sppp_phase_network(sp); 4035 break; 4036 4037 case CHAP_FAILURE: 4038 if (debug) { 4039 log(LOG_INFO, SPP_FMT "chap failure", 4040 SPP_ARGS(ifp)); 4041 if (len > 4) { 4042 log(-1, ": "); 4043 sppp_print_string((char*)(h + 1), len - 4); 4044 } 4045 log(-1, "\n"); 4046 } else 4047 log(LOG_INFO, SPP_FMT "chap failure\n", 4048 SPP_ARGS(ifp)); 4049 /* await LCP shutdown by authenticator */ 4050 break; 4051 4052 /* response is my authproto */ 4053 case CHAP_RESPONSE: 4054 value = 1 + (u_char*)(h+1); 4055 value_len = value[-1]; 4056 name = value + value_len; 4057 name_len = len - value_len - 5; 4058 if (name_len < 0) { 4059 if (debug) { 4060 log(LOG_DEBUG, 4061 SPP_FMT "chap corrupted response " 4062 "<%s id=0x%x len=%d", 4063 SPP_ARGS(ifp), 4064 sppp_auth_type_name(PPP_CHAP, h->type), 4065 h->ident, ntohs(h->len)); 4066 sppp_print_bytes((u_char*)(h+1), len-4); 4067 log(-1, ">\n"); 4068 } 4069 break; 4070 } 4071 if (h->ident != sp->confid[IDX_CHAP]) { 4072 if (debug) 4073 log(LOG_DEBUG, 4074 SPP_FMT "chap dropping response for old ID " 4075 "(got %d, expected %d)\n", 4076 SPP_ARGS(ifp), 4077 h->ident, sp->confid[IDX_CHAP]); 4078 break; 4079 } 4080 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 4081 || bcmp(name, sp->hisauth.name, name_len) != 0) { 4082 log(LOG_INFO, SPP_FMT "chap response, his name ", 4083 SPP_ARGS(ifp)); 4084 sppp_print_string(name, name_len); 4085 log(-1, " != expected "); 4086 sppp_print_string(sp->hisauth.name, 4087 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 4088 log(-1, "\n"); 4089 } 4090 if (debug) { 4091 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 4092 "<%s id=0x%x len=%d name=", 4093 SPP_ARGS(ifp), 4094 sppp_state_name(sp->state[IDX_CHAP]), 4095 sppp_auth_type_name(PPP_CHAP, h->type), 4096 h->ident, ntohs (h->len)); 4097 sppp_print_string((char*)name, name_len); 4098 log(-1, " value-size=%d value=", value_len); 4099 sppp_print_bytes(value, value_len); 4100 log(-1, ">\n"); 4101 } 4102 if (value_len != AUTHKEYLEN) { 4103 if (debug) 4104 log(LOG_DEBUG, 4105 SPP_FMT "chap bad hash value length: " 4106 "%d bytes, should be %d\n", 4107 SPP_ARGS(ifp), value_len, 4108 AUTHKEYLEN); 4109 break; 4110 } 4111 4112 MD5Init(&ctx); 4113 MD5Update(&ctx, &h->ident, 1); 4114 MD5Update(&ctx, sp->hisauth.secret, 4115 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 4116 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 4117 MD5Final(digest, &ctx); 4118 4119#define FAILMSG "Failed..." 4120#define SUCCMSG "Welcome!" 4121 4122 if (value_len != sizeof digest || 4123 bcmp(digest, value, value_len) != 0) { 4124 /* action scn, tld */ 4125 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4126 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4127 0); 4128 chap.tld(sp); 4129 break; 4130 } 4131 /* action sca, perhaps tlu */ 4132 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4133 sp->state[IDX_CHAP] == STATE_OPENED) 4134 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4135 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4136 0); 4137 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4138 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4139 chap.tlu(sp); 4140 } 4141 break; 4142 4143 default: 4144 /* Unknown CHAP packet type -- ignore. */ 4145 if (debug) { 4146 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4147 "<0x%x id=0x%xh len=%d", 4148 SPP_ARGS(ifp), 4149 sppp_state_name(sp->state[IDX_CHAP]), 4150 h->type, h->ident, ntohs(h->len)); 4151 sppp_print_bytes((u_char*)(h+1), len-4); 4152 log(-1, ">\n"); 4153 } 4154 break; 4155 4156 } 4157} 4158 4159static void 4160sppp_chap_init(struct sppp *sp) 4161{ 4162 /* Chap doesn't have STATE_INITIAL at all. */ 4163 sp->state[IDX_CHAP] = STATE_CLOSED; 4164 sp->fail_counter[IDX_CHAP] = 0; 4165 sp->pp_seq[IDX_CHAP] = 0; 4166 sp->pp_rseq[IDX_CHAP] = 0; 4167 callout_init(&sp->ch[IDX_CHAP], 4168 (sp->pp_if.if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 4169} 4170 4171static void 4172sppp_chap_open(struct sppp *sp) 4173{ 4174 if (sp->myauth.proto == PPP_CHAP && 4175 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4176 /* we are authenticator for CHAP, start it */ 4177 chap.scr(sp); 4178 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4179 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4180 } 4181 /* nothing to be done if we are peer, await a challenge */ 4182} 4183 4184static void 4185sppp_chap_close(struct sppp *sp) 4186{ 4187 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4188 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4189} 4190 4191static void 4192sppp_chap_TO(void *cookie) 4193{ 4194 struct sppp *sp = (struct sppp *)cookie; 4195 STDDCL; 4196 int s; 4197 4198 s = splimp(); 4199 SPPP_LOCK(sp); 4200 if (debug) 4201 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4202 SPP_ARGS(ifp), 4203 sppp_state_name(sp->state[IDX_CHAP]), 4204 sp->rst_counter[IDX_CHAP]); 4205 4206 if (--sp->rst_counter[IDX_CHAP] < 0) 4207 /* TO- event */ 4208 switch (sp->state[IDX_CHAP]) { 4209 case STATE_REQ_SENT: 4210 chap.tld(sp); 4211 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4212 break; 4213 } 4214 else 4215 /* TO+ (or TO*) event */ 4216 switch (sp->state[IDX_CHAP]) { 4217 case STATE_OPENED: 4218 /* TO* event */ 4219 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4220 /* FALLTHROUGH */ 4221 case STATE_REQ_SENT: 4222 chap.scr(sp); 4223 /* sppp_cp_change_state() will restart the timer */ 4224 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4225 break; 4226 } 4227 4228 SPPP_UNLOCK(sp); 4229 splx(s); 4230} 4231 4232static void 4233sppp_chap_tlu(struct sppp *sp) 4234{ 4235 STDDCL; 4236 int i, x; 4237 4238 i = 0; 4239 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4240 4241 /* 4242 * Some broken CHAP implementations (Conware CoNet, firmware 4243 * 4.0.?) don't want to re-authenticate their CHAP once the 4244 * initial challenge-response exchange has taken place. 4245 * Provide for an option to avoid rechallenges. 4246 */ 4247 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4248 /* 4249 * Compute the re-challenge timeout. This will yield 4250 * a number between 300 and 810 seconds. 4251 */ 4252 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4253 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, (void *)sp); 4254 } 4255 4256 if (debug) { 4257 log(LOG_DEBUG, 4258 SPP_FMT "chap %s, ", 4259 SPP_ARGS(ifp), 4260 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4261 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4262 log(-1, "next re-challenge in %d seconds\n", i); 4263 else 4264 log(-1, "re-challenging supressed\n"); 4265 } 4266 4267 x = splimp(); 4268 SPPP_LOCK(sp); 4269 /* indicate to LCP that we need to be closed down */ 4270 sp->lcp.protos |= (1 << IDX_CHAP); 4271 4272 if (sp->pp_flags & PP_NEEDAUTH) { 4273 /* 4274 * Remote is authenticator, but his auth proto didn't 4275 * complete yet. Defer the transition to network 4276 * phase. 4277 */ 4278 SPPP_UNLOCK(sp); 4279 splx(x); 4280 return; 4281 } 4282 SPPP_UNLOCK(sp); 4283 splx(x); 4284 4285 /* 4286 * If we are already in phase network, we are done here. This 4287 * is the case if this is a dummy tlu event after a re-challenge. 4288 */ 4289 if (sp->pp_phase != PHASE_NETWORK) 4290 sppp_phase_network(sp); 4291} 4292 4293static void 4294sppp_chap_tld(struct sppp *sp) 4295{ 4296 STDDCL; 4297 4298 if (debug) 4299 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4300 callout_stop(&sp->ch[IDX_CHAP]); 4301 sp->lcp.protos &= ~(1 << IDX_CHAP); 4302 4303 lcp.Close(sp); 4304} 4305 4306static void 4307sppp_chap_scr(struct sppp *sp) 4308{ 4309 u_long *ch, seed; 4310 u_char clen; 4311 4312 /* Compute random challenge. */ 4313 ch = (u_long *)sp->myauth.challenge; 4314#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4315 read_random(&seed, sizeof seed); 4316#else 4317 { 4318 struct timeval tv; 4319 microtime(&tv); 4320 seed = tv.tv_sec ^ tv.tv_usec; 4321 } 4322#endif 4323 ch[0] = seed ^ random(); 4324 ch[1] = seed ^ random(); 4325 ch[2] = seed ^ random(); 4326 ch[3] = seed ^ random(); 4327 clen = AUTHKEYLEN; 4328 4329 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4330 4331 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4332 sizeof clen, (const char *)&clen, 4333 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4334 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4335 sp->myauth.name, 4336 0); 4337} 4338 4339/* 4340 *--------------------------------------------------------------------------* 4341 * * 4342 * The PAP implementation. * 4343 * * 4344 *--------------------------------------------------------------------------* 4345 */ 4346/* 4347 * For PAP, we need to keep a little state also if we are the peer, not the 4348 * authenticator. This is since we don't get a request to authenticate, but 4349 * have to repeatedly authenticate ourself until we got a response (or the 4350 * retry counter is expired). 4351 */ 4352 4353/* 4354 * Handle incoming PAP packets. */ 4355static void 4356sppp_pap_input(struct sppp *sp, struct mbuf *m) 4357{ 4358 STDDCL; 4359 struct lcp_header *h; 4360 int len, x; 4361 u_char *name, *passwd, mlen; 4362 int name_len, passwd_len; 4363 4364 len = m->m_pkthdr.len; 4365 if (len < 5) { 4366 if (debug) 4367 log(LOG_DEBUG, 4368 SPP_FMT "pap invalid packet length: %d bytes\n", 4369 SPP_ARGS(ifp), len); 4370 return; 4371 } 4372 h = mtod (m, struct lcp_header*); 4373 if (len > ntohs (h->len)) 4374 len = ntohs (h->len); 4375 switch (h->type) { 4376 /* PAP request is my authproto */ 4377 case PAP_REQ: 4378 name = 1 + (u_char*)(h+1); 4379 name_len = name[-1]; 4380 passwd = name + name_len + 1; 4381 if (name_len > len - 6 || 4382 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4383 if (debug) { 4384 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4385 "<%s id=0x%x len=%d", 4386 SPP_ARGS(ifp), 4387 sppp_auth_type_name(PPP_PAP, h->type), 4388 h->ident, ntohs(h->len)); 4389 sppp_print_bytes((u_char*)(h+1), len-4); 4390 log(-1, ">\n"); 4391 } 4392 break; 4393 } 4394 if (debug) { 4395 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4396 "<%s id=0x%x len=%d name=", 4397 SPP_ARGS(ifp), 4398 sppp_state_name(sp->state[IDX_PAP]), 4399 sppp_auth_type_name(PPP_PAP, h->type), 4400 h->ident, ntohs(h->len)); 4401 sppp_print_string((char*)name, name_len); 4402 log(-1, " passwd="); 4403 sppp_print_string((char*)passwd, passwd_len); 4404 log(-1, ">\n"); 4405 } 4406 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4407 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4408 bcmp(name, sp->hisauth.name, name_len) != 0 || 4409 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4410 /* action scn, tld */ 4411 mlen = sizeof(FAILMSG) - 1; 4412 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4413 sizeof mlen, (const char *)&mlen, 4414 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4415 0); 4416 pap.tld(sp); 4417 break; 4418 } 4419 /* action sca, perhaps tlu */ 4420 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4421 sp->state[IDX_PAP] == STATE_OPENED) { 4422 mlen = sizeof(SUCCMSG) - 1; 4423 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4424 sizeof mlen, (const char *)&mlen, 4425 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4426 0); 4427 } 4428 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4429 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4430 pap.tlu(sp); 4431 } 4432 break; 4433 4434 /* ack and nak are his authproto */ 4435 case PAP_ACK: 4436 callout_stop(&sp->pap_my_to_ch); 4437 if (debug) { 4438 log(LOG_DEBUG, SPP_FMT "pap success", 4439 SPP_ARGS(ifp)); 4440 name_len = *((char *)h); 4441 if (len > 5 && name_len) { 4442 log(-1, ": "); 4443 sppp_print_string((char*)(h+1), name_len); 4444 } 4445 log(-1, "\n"); 4446 } 4447 x = splimp(); 4448 SPPP_LOCK(sp); 4449 sp->pp_flags &= ~PP_NEEDAUTH; 4450 if (sp->myauth.proto == PPP_PAP && 4451 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4452 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4453 /* 4454 * We are authenticator for PAP but didn't 4455 * complete yet. Leave it to tlu to proceed 4456 * to network phase. 4457 */ 4458 SPPP_UNLOCK(sp); 4459 splx(x); 4460 break; 4461 } 4462 SPPP_UNLOCK(sp); 4463 splx(x); 4464 sppp_phase_network(sp); 4465 break; 4466 4467 case PAP_NAK: 4468 callout_stop (&sp->pap_my_to_ch); 4469 if (debug) { 4470 log(LOG_INFO, SPP_FMT "pap failure", 4471 SPP_ARGS(ifp)); 4472 name_len = *((char *)h); 4473 if (len > 5 && name_len) { 4474 log(-1, ": "); 4475 sppp_print_string((char*)(h+1), name_len); 4476 } 4477 log(-1, "\n"); 4478 } else 4479 log(LOG_INFO, SPP_FMT "pap failure\n", 4480 SPP_ARGS(ifp)); 4481 /* await LCP shutdown by authenticator */ 4482 break; 4483 4484 default: 4485 /* Unknown PAP packet type -- ignore. */ 4486 if (debug) { 4487 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4488 "<0x%x id=0x%x len=%d", 4489 SPP_ARGS(ifp), 4490 h->type, h->ident, ntohs(h->len)); 4491 sppp_print_bytes((u_char*)(h+1), len-4); 4492 log(-1, ">\n"); 4493 } 4494 break; 4495 4496 } 4497} 4498 4499static void 4500sppp_pap_init(struct sppp *sp) 4501{ 4502 /* PAP doesn't have STATE_INITIAL at all. */ 4503 sp->state[IDX_PAP] = STATE_CLOSED; 4504 sp->fail_counter[IDX_PAP] = 0; 4505 sp->pp_seq[IDX_PAP] = 0; 4506 sp->pp_rseq[IDX_PAP] = 0; 4507 callout_init(&sp->ch[IDX_PAP], 4508 (sp->pp_if.if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 4509 callout_init(&sp->pap_my_to_ch, 4510 (sp->pp_if.if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 4511} 4512 4513static void 4514sppp_pap_open(struct sppp *sp) 4515{ 4516 if (sp->hisauth.proto == PPP_PAP && 4517 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4518 /* we are authenticator for PAP, start our timer */ 4519 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4520 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4521 } 4522 if (sp->myauth.proto == PPP_PAP) { 4523 /* we are peer, send a request, and start a timer */ 4524 pap.scr(sp); 4525 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 4526 sppp_pap_my_TO, (void *)sp); 4527 } 4528} 4529 4530static void 4531sppp_pap_close(struct sppp *sp) 4532{ 4533 if (sp->state[IDX_PAP] != STATE_CLOSED) 4534 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4535} 4536 4537/* 4538 * That's the timeout routine if we are authenticator. Since the 4539 * authenticator is basically passive in PAP, we can't do much here. 4540 */ 4541static void 4542sppp_pap_TO(void *cookie) 4543{ 4544 struct sppp *sp = (struct sppp *)cookie; 4545 STDDCL; 4546 int s; 4547 4548 s = splimp(); 4549 SPPP_LOCK(sp); 4550 if (debug) 4551 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4552 SPP_ARGS(ifp), 4553 sppp_state_name(sp->state[IDX_PAP]), 4554 sp->rst_counter[IDX_PAP]); 4555 4556 if (--sp->rst_counter[IDX_PAP] < 0) 4557 /* TO- event */ 4558 switch (sp->state[IDX_PAP]) { 4559 case STATE_REQ_SENT: 4560 pap.tld(sp); 4561 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4562 break; 4563 } 4564 else 4565 /* TO+ event, not very much we could do */ 4566 switch (sp->state[IDX_PAP]) { 4567 case STATE_REQ_SENT: 4568 /* sppp_cp_change_state() will restart the timer */ 4569 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4570 break; 4571 } 4572 4573 SPPP_UNLOCK(sp); 4574 splx(s); 4575} 4576 4577/* 4578 * That's the timeout handler if we are peer. Since the peer is active, 4579 * we need to retransmit our PAP request since it is apparently lost. 4580 * XXX We should impose a max counter. 4581 */ 4582static void 4583sppp_pap_my_TO(void *cookie) 4584{ 4585 struct sppp *sp = (struct sppp *)cookie; 4586 STDDCL; 4587 4588 if (debug) 4589 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4590 SPP_ARGS(ifp)); 4591 4592 SPPP_LOCK(sp); 4593 pap.scr(sp); 4594 SPPP_UNLOCK(sp); 4595} 4596 4597static void 4598sppp_pap_tlu(struct sppp *sp) 4599{ 4600 STDDCL; 4601 int x; 4602 4603 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4604 4605 if (debug) 4606 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4607 SPP_ARGS(ifp), pap.name); 4608 4609 x = splimp(); 4610 SPPP_LOCK(sp); 4611 /* indicate to LCP that we need to be closed down */ 4612 sp->lcp.protos |= (1 << IDX_PAP); 4613 4614 if (sp->pp_flags & PP_NEEDAUTH) { 4615 /* 4616 * Remote is authenticator, but his auth proto didn't 4617 * complete yet. Defer the transition to network 4618 * phase. 4619 */ 4620 SPPP_UNLOCK(sp); 4621 splx(x); 4622 return; 4623 } 4624 SPPP_UNLOCK(sp); 4625 splx(x); 4626 sppp_phase_network(sp); 4627} 4628 4629static void 4630sppp_pap_tld(struct sppp *sp) 4631{ 4632 STDDCL; 4633 4634 if (debug) 4635 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4636 callout_stop (&sp->ch[IDX_PAP]); 4637 callout_stop (&sp->pap_my_to_ch); 4638 sp->lcp.protos &= ~(1 << IDX_PAP); 4639 4640 lcp.Close(sp); 4641} 4642 4643static void 4644sppp_pap_scr(struct sppp *sp) 4645{ 4646 u_char idlen, pwdlen; 4647 4648 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4649 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4650 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4651 4652 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4653 sizeof idlen, (const char *)&idlen, 4654 (size_t)idlen, sp->myauth.name, 4655 sizeof pwdlen, (const char *)&pwdlen, 4656 (size_t)pwdlen, sp->myauth.secret, 4657 0); 4658} 4659 4660/* 4661 * Random miscellaneous functions. 4662 */ 4663 4664/* 4665 * Send a PAP or CHAP proto packet. 4666 * 4667 * Varadic function, each of the elements for the ellipsis is of type 4668 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4669 * mlen == 0. 4670 * NOTE: never declare variadic functions with types subject to type 4671 * promotion (i.e. u_char). This is asking for big trouble depending 4672 * on the architecture you are on... 4673 */ 4674 4675static void 4676sppp_auth_send(const struct cp *cp, struct sppp *sp, 4677 unsigned int type, unsigned int id, 4678 ...) 4679{ 4680 STDDCL; 4681 struct ppp_header *h; 4682 struct lcp_header *lh; 4683 struct mbuf *m; 4684 u_char *p; 4685 int len; 4686 unsigned int mlen; 4687 const char *msg; 4688 va_list ap; 4689 4690 MGETHDR (m, M_DONTWAIT, MT_DATA); 4691 if (! m) 4692 return; 4693 m->m_pkthdr.rcvif = 0; 4694 4695 h = mtod (m, struct ppp_header*); 4696 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4697 h->control = PPP_UI; /* Unnumbered Info */ 4698 h->protocol = htons(cp->proto); 4699 4700 lh = (struct lcp_header*)(h + 1); 4701 lh->type = type; 4702 lh->ident = id; 4703 p = (u_char*) (lh+1); 4704 4705 va_start(ap, id); 4706 len = 0; 4707 4708 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4709 msg = va_arg(ap, const char *); 4710 len += mlen; 4711 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4712 va_end(ap); 4713 m_freem(m); 4714 return; 4715 } 4716 4717 bcopy(msg, p, mlen); 4718 p += mlen; 4719 } 4720 va_end(ap); 4721 4722 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4723 lh->len = htons (LCP_HEADER_LEN + len); 4724 4725 if (debug) { 4726 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4727 SPP_ARGS(ifp), cp->name, 4728 sppp_auth_type_name(cp->proto, lh->type), 4729 lh->ident, ntohs(lh->len)); 4730 sppp_print_bytes((u_char*) (lh+1), len); 4731 log(-1, ">\n"); 4732 } 4733 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 4734 ifp->if_oerrors++; 4735} 4736 4737/* 4738 * Flush interface queue. 4739 */ 4740static void 4741sppp_qflush(struct ifqueue *ifq) 4742{ 4743 struct mbuf *m, *n; 4744 4745 n = ifq->ifq_head; 4746 while ((m = n)) { 4747 n = m->m_act; 4748 m_freem (m); 4749 } 4750 ifq->ifq_head = 0; 4751 ifq->ifq_tail = 0; 4752 ifq->ifq_len = 0; 4753} 4754 4755/* 4756 * Send keepalive packets, every 10 seconds. 4757 */ 4758static void 4759sppp_keepalive(void *dummy) 4760{ 4761 struct sppp *sp = (struct sppp*)dummy; 4762 struct ifnet *ifp = &sp->pp_if; 4763 int s; 4764 4765 s = splimp(); 4766 SPPP_LOCK(sp); 4767 /* Keepalive mode disabled or channel down? */ 4768 if (! (sp->pp_flags & PP_KEEPALIVE) || 4769 ! (ifp->if_flags & IFF_RUNNING)) 4770 goto out; 4771 4772 /* No keepalive in PPP mode if LCP not opened yet. */ 4773 if (sp->pp_mode != IFF_CISCO && 4774 sp->pp_phase < PHASE_AUTHENTICATE) 4775 goto out; 4776 4777 if (sp->pp_alivecnt == MAXALIVECNT) { 4778 /* No keepalive packets got. Stop the interface. */ 4779 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4780 if_down (ifp); 4781 sppp_qflush (&sp->pp_cpq); 4782 if (sp->pp_mode != IFF_CISCO) { 4783 /* XXX */ 4784 /* Shut down the PPP link. */ 4785 lcp.Down(sp); 4786 /* Initiate negotiation. XXX */ 4787 lcp.Up(sp); 4788 } 4789 } 4790 if (sp->pp_alivecnt <= MAXALIVECNT) 4791 ++sp->pp_alivecnt; 4792 if (sp->pp_mode == IFF_CISCO) 4793 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4794 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4795 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4796 long nmagic = htonl (sp->lcp.magic); 4797 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4798 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4799 sp->lcp.echoid, 4, &nmagic); 4800 } 4801out: 4802 SPPP_UNLOCK(sp); 4803 splx(s); 4804 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 4805 (void *)sp); 4806} 4807 4808/* 4809 * Get both IP addresses. 4810 */ 4811static void 4812sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4813{ 4814 struct ifnet *ifp = &sp->pp_if; 4815 struct ifaddr *ifa; 4816 struct sockaddr_in *si, *sm; 4817 u_long ssrc, ddst; 4818 4819 sm = NULL; 4820 ssrc = ddst = 0L; 4821 /* 4822 * Pick the first AF_INET address from the list, 4823 * aliases don't make any sense on a p2p link anyway. 4824 */ 4825 si = 0; 4826#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4827 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4828#elif defined(__NetBSD__) || defined (__OpenBSD__) 4829 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4830 ifa; 4831 ifa = TAILQ_NEXT(ifa, ifa_list)) 4832#else 4833 for (ifa = ifp->if_addrlist; 4834 ifa; 4835 ifa = ifa->ifa_next) 4836#endif 4837 if (ifa->ifa_addr->sa_family == AF_INET) { 4838 si = (struct sockaddr_in *)ifa->ifa_addr; 4839 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4840 if (si) 4841 break; 4842 } 4843 if (ifa) { 4844 if (si && si->sin_addr.s_addr) { 4845 ssrc = si->sin_addr.s_addr; 4846 if (srcmask) 4847 *srcmask = ntohl(sm->sin_addr.s_addr); 4848 } 4849 4850 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4851 if (si && si->sin_addr.s_addr) 4852 ddst = si->sin_addr.s_addr; 4853 } 4854 4855 if (dst) *dst = ntohl(ddst); 4856 if (src) *src = ntohl(ssrc); 4857} 4858 4859/* 4860 * Set my IP address. Must be called at splimp. 4861 */ 4862static void 4863sppp_set_ip_addr(struct sppp *sp, u_long src) 4864{ 4865 STDDCL; 4866 struct ifaddr *ifa; 4867 struct sockaddr_in *si; 4868 struct in_ifaddr *ia; 4869 4870 /* 4871 * Pick the first AF_INET address from the list, 4872 * aliases don't make any sense on a p2p link anyway. 4873 */ 4874 si = 0; 4875#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4876 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4877#elif defined(__NetBSD__) || defined (__OpenBSD__) 4878 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4879 ifa; 4880 ifa = TAILQ_NEXT(ifa, ifa_list)) 4881#else 4882 for (ifa = ifp->if_addrlist; 4883 ifa; 4884 ifa = ifa->ifa_next) 4885#endif 4886 { 4887 if (ifa->ifa_addr->sa_family == AF_INET) 4888 { 4889 si = (struct sockaddr_in *)ifa->ifa_addr; 4890 if (si) 4891 break; 4892 } 4893 } 4894 4895 if (ifa && si) 4896 { 4897 int error; 4898#if __NetBSD_Version__ >= 103080000 4899 struct sockaddr_in new_sin = *si; 4900 4901 new_sin.sin_addr.s_addr = htonl(src); 4902 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4903 if(debug && error) 4904 { 4905 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4906 " failed, error=%d\n", SPP_ARGS(ifp), error); 4907 } 4908#else 4909 /* delete old route */ 4910 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4911 if(debug && error) 4912 { 4913 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4914 SPP_ARGS(ifp), error); 4915 } 4916 4917 /* set new address */ 4918 si->sin_addr.s_addr = htonl(src); 4919 ia = ifatoia(ifa); 4920 LIST_REMOVE(ia, ia_hash); 4921 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4922 4923 /* add new route */ 4924 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4925 if (debug && error) 4926 { 4927 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4928 SPP_ARGS(ifp), error); 4929 } 4930#endif 4931 } 4932} 4933 4934#ifdef INET6 4935/* 4936 * Get both IPv6 addresses. 4937 */ 4938static void 4939sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4940 struct in6_addr *srcmask) 4941{ 4942 struct ifnet *ifp = &sp->pp_if; 4943 struct ifaddr *ifa; 4944 struct sockaddr_in6 *si, *sm; 4945 struct in6_addr ssrc, ddst; 4946 4947 sm = NULL; 4948 bzero(&ssrc, sizeof(ssrc)); 4949 bzero(&ddst, sizeof(ddst)); 4950 /* 4951 * Pick the first link-local AF_INET6 address from the list, 4952 * aliases don't make any sense on a p2p link anyway. 4953 */ 4954#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4955 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 4956 ifa; 4957 ifa = ifa->ifa_link.tqe_next) 4958#elif defined(__NetBSD__) || defined (__OpenBSD__) 4959 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 4960 ifa; 4961 ifa = ifa->ifa_list.tqe_next) 4962#else 4963 for (ifa = ifp->if_addrlist, si = 0; 4964 ifa; 4965 ifa = ifa->ifa_next) 4966#endif 4967 if (ifa->ifa_addr->sa_family == AF_INET6) { 4968 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4969 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4970 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4971 break; 4972 } 4973 if (ifa) { 4974 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4975 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4976 if (srcmask) { 4977 bcopy(&sm->sin6_addr, srcmask, 4978 sizeof(*srcmask)); 4979 } 4980 } 4981 4982 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4983 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4984 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4985 } 4986 4987 if (dst) 4988 bcopy(&ddst, dst, sizeof(*dst)); 4989 if (src) 4990 bcopy(&ssrc, src, sizeof(*src)); 4991} 4992 4993#ifdef IPV6CP_MYIFID_DYN 4994/* 4995 * Generate random ifid. 4996 */ 4997static void 4998sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4999{ 5000 /* TBD */ 5001} 5002 5003/* 5004 * Set my IPv6 address. Must be called at splimp. 5005 */ 5006static void 5007sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 5008{ 5009 STDDCL; 5010 struct ifaddr *ifa; 5011 struct sockaddr_in6 *sin6; 5012 5013 /* 5014 * Pick the first link-local AF_INET6 address from the list, 5015 * aliases don't make any sense on a p2p link anyway. 5016 */ 5017 5018 sin6 = NULL; 5019#if defined(__FreeBSD__) && __FreeBSD__ >= 3 5020 for (ifa = ifp->if_addrhead.tqh_first; 5021 ifa; 5022 ifa = ifa->ifa_link.tqe_next) 5023#elif defined(__NetBSD__) || defined (__OpenBSD__) 5024 for (ifa = ifp->if_addrlist.tqh_first; 5025 ifa; 5026 ifa = ifa->ifa_list.tqe_next) 5027#else 5028 for (ifa = ifp->if_addrlist; ifa; ifa = ifa->ifa_next) 5029#endif 5030 { 5031 if (ifa->ifa_addr->sa_family == AF_INET6) 5032 { 5033 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 5034 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 5035 break; 5036 } 5037 } 5038 5039 if (ifa && sin6) 5040 { 5041 int error; 5042 struct sockaddr_in6 new_sin6 = *sin6; 5043 5044 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 5045 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 5046 if (debug && error) 5047 { 5048 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 5049 " failed, error=%d\n", SPP_ARGS(ifp), error); 5050 } 5051 } 5052} 5053#endif 5054 5055/* 5056 * Suggest a candidate address to be used by peer. 5057 */ 5058static void 5059sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5060{ 5061 struct in6_addr myaddr; 5062 struct timeval tv; 5063 5064 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5065 5066 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5067 microtime(&tv); 5068 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5069 myaddr.s6_addr[14] ^= 0xff; 5070 myaddr.s6_addr[15] ^= 0xff; 5071 } else { 5072 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5073 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5074 } 5075 if (suggest) 5076 bcopy(&myaddr, suggest, sizeof(myaddr)); 5077} 5078#endif /*INET6*/ 5079 5080static int 5081sppp_params(struct sppp *sp, u_long cmd, void *data) 5082{ 5083 u_long subcmd; 5084 struct ifreq *ifr = (struct ifreq *)data; 5085 struct spppreq *spr; 5086 int rv = 0; 5087 5088 if ((spr = malloc(sizeof(struct spppreq), M_TEMP, M_NOWAIT)) == 0) 5089 return (EAGAIN); 5090 /* 5091 * ifr->ifr_data is supposed to point to a struct spppreq. 5092 * Check the cmd word first before attempting to fetch all the 5093 * data. 5094 */ 5095 if ((subcmd = fuword(ifr->ifr_data)) == -1) { 5096 rv = EFAULT; 5097 goto quit; 5098 } 5099 5100 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(struct spppreq)) != 0) { 5101 rv = EFAULT; 5102 goto quit; 5103 } 5104 5105 switch (subcmd) { 5106 case (int)SPPPIOGDEFS: 5107 if (cmd != SIOCGIFGENERIC) { 5108 rv = EINVAL; 5109 break; 5110 } 5111 /* 5112 * We copy over the entire current state, but clean 5113 * out some of the stuff we don't wanna pass up. 5114 * Remember, SIOCGIFGENERIC is unprotected, and can be 5115 * called by any user. No need to ever get PAP or 5116 * CHAP secrets back to userland anyway. 5117 */ 5118 spr->defs.pp_phase = sp->pp_phase; 5119 spr->defs.enable_vj = (sp->confflags & CONF_ENABLE_VJ) != 0; 5120 spr->defs.enable_ipv6 = (sp->confflags & CONF_ENABLE_IPV6) != 0; 5121 spr->defs.lcp = sp->lcp; 5122 spr->defs.ipcp = sp->ipcp; 5123 spr->defs.ipv6cp = sp->ipv6cp; 5124 spr->defs.myauth = sp->myauth; 5125 spr->defs.hisauth = sp->hisauth; 5126 bzero(spr->defs.myauth.secret, AUTHKEYLEN); 5127 bzero(spr->defs.myauth.challenge, AUTHKEYLEN); 5128 bzero(spr->defs.hisauth.secret, AUTHKEYLEN); 5129 bzero(spr->defs.hisauth.challenge, AUTHKEYLEN); 5130 /* 5131 * Fixup the LCP timeout value to milliseconds so 5132 * spppcontrol doesn't need to bother about the value 5133 * of "hz". We do the reverse calculation below when 5134 * setting it. 5135 */ 5136 spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz; 5137 rv = copyout(spr, (caddr_t)ifr->ifr_data, 5138 sizeof(struct spppreq)); 5139 break; 5140 5141 case (int)SPPPIOSDEFS: 5142 if (cmd != SIOCSIFGENERIC) { 5143 rv = EINVAL; 5144 break; 5145 } 5146 /* 5147 * We have a very specific idea of which fields we 5148 * allow being passed back from userland, so to not 5149 * clobber our current state. For one, we only allow 5150 * setting anything if LCP is in dead or establish 5151 * phase. Once the authentication negotiations 5152 * started, the authentication settings must not be 5153 * changed again. (The administrator can force an 5154 * ifconfig down in order to get LCP back into dead 5155 * phase.) 5156 * 5157 * Also, we only allow for authentication parameters to be 5158 * specified. 5159 * 5160 * XXX Should allow to set or clear pp_flags. 5161 * 5162 * Finally, if the respective authentication protocol to 5163 * be used is set differently than 0, but the secret is 5164 * passed as all zeros, we don't trash the existing secret. 5165 * This allows an administrator to change the system name 5166 * only without clobbering the secret (which he didn't get 5167 * back in a previous SPPPIOGDEFS call). However, the 5168 * secrets are cleared if the authentication protocol is 5169 * reset to 0. */ 5170 if (sp->pp_phase != PHASE_DEAD && 5171 sp->pp_phase != PHASE_ESTABLISH) { 5172 rv = EBUSY; 5173 break; 5174 } 5175 5176 if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP && 5177 spr->defs.myauth.proto != PPP_CHAP) || 5178 (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP && 5179 spr->defs.hisauth.proto != PPP_CHAP)) { 5180 rv = EINVAL; 5181 break; 5182 } 5183 5184 if (spr->defs.myauth.proto == 0) 5185 /* resetting myauth */ 5186 bzero(&sp->myauth, sizeof sp->myauth); 5187 else { 5188 /* setting/changing myauth */ 5189 sp->myauth.proto = spr->defs.myauth.proto; 5190 bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 5191 if (spr->defs.myauth.secret[0] != '\0') 5192 bcopy(spr->defs.myauth.secret, sp->myauth.secret, 5193 AUTHKEYLEN); 5194 } 5195 if (spr->defs.hisauth.proto == 0) 5196 /* resetting hisauth */ 5197 bzero(&sp->hisauth, sizeof sp->hisauth); 5198 else { 5199 /* setting/changing hisauth */ 5200 sp->hisauth.proto = spr->defs.hisauth.proto; 5201 sp->hisauth.flags = spr->defs.hisauth.flags; 5202 bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5203 if (spr->defs.hisauth.secret[0] != '\0') 5204 bcopy(spr->defs.hisauth.secret, sp->hisauth.secret, 5205 AUTHKEYLEN); 5206 } 5207 /* set LCP restart timer timeout */ 5208 if (spr->defs.lcp.timeout != 0) 5209 sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000; 5210 /* set VJ enable and IPv6 disable flags */ 5211#ifdef INET 5212 if (spr->defs.enable_vj) 5213 sp->confflags |= CONF_ENABLE_VJ; 5214 else 5215 sp->confflags &= ~CONF_ENABLE_VJ; 5216#endif 5217#ifdef INET6 5218 if (spr->defs.enable_ipv6) 5219 sp->confflags |= CONF_ENABLE_IPV6; 5220 else 5221 sp->confflags &= ~CONF_ENABLE_IPV6; 5222#endif 5223 break; 5224 5225 default: 5226 rv = EINVAL; 5227 } 5228 5229 quit: 5230 free(spr, M_TEMP); 5231 5232 return (rv); 5233} 5234 5235static void 5236sppp_phase_network(struct sppp *sp) 5237{ 5238 STDDCL; 5239 int i; 5240 u_long mask; 5241 5242 sp->pp_phase = PHASE_NETWORK; 5243 5244 if (debug) 5245 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5246 sppp_phase_name(sp->pp_phase)); 5247 5248 /* Notify NCPs now. */ 5249 for (i = 0; i < IDX_COUNT; i++) 5250 if ((cps[i])->flags & CP_NCP) 5251 (cps[i])->Open(sp); 5252 5253 /* Send Up events to all NCPs. */ 5254 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5255 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5256 (cps[i])->Up(sp); 5257 5258 /* if no NCP is starting, all this was in vain, close down */ 5259 sppp_lcp_check_and_close(sp); 5260} 5261 5262 5263static const char * 5264sppp_cp_type_name(u_char type) 5265{ 5266 static char buf[12]; 5267 switch (type) { 5268 case CONF_REQ: return "conf-req"; 5269 case CONF_ACK: return "conf-ack"; 5270 case CONF_NAK: return "conf-nak"; 5271 case CONF_REJ: return "conf-rej"; 5272 case TERM_REQ: return "term-req"; 5273 case TERM_ACK: return "term-ack"; 5274 case CODE_REJ: return "code-rej"; 5275 case PROTO_REJ: return "proto-rej"; 5276 case ECHO_REQ: return "echo-req"; 5277 case ECHO_REPLY: return "echo-reply"; 5278 case DISC_REQ: return "discard-req"; 5279 } 5280 snprintf (buf, sizeof(buf), "cp/0x%x", type); 5281 return buf; 5282} 5283 5284static const char * 5285sppp_auth_type_name(u_short proto, u_char type) 5286{ 5287 static char buf[12]; 5288 switch (proto) { 5289 case PPP_CHAP: 5290 switch (type) { 5291 case CHAP_CHALLENGE: return "challenge"; 5292 case CHAP_RESPONSE: return "response"; 5293 case CHAP_SUCCESS: return "success"; 5294 case CHAP_FAILURE: return "failure"; 5295 } 5296 case PPP_PAP: 5297 switch (type) { 5298 case PAP_REQ: return "req"; 5299 case PAP_ACK: return "ack"; 5300 case PAP_NAK: return "nak"; 5301 } 5302 } 5303 snprintf (buf, sizeof(buf), "auth/0x%x", type); 5304 return buf; 5305} 5306 5307static const char * 5308sppp_lcp_opt_name(u_char opt) 5309{ 5310 static char buf[12]; 5311 switch (opt) { 5312 case LCP_OPT_MRU: return "mru"; 5313 case LCP_OPT_ASYNC_MAP: return "async-map"; 5314 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5315 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5316 case LCP_OPT_MAGIC: return "magic"; 5317 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5318 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5319 } 5320 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 5321 return buf; 5322} 5323 5324static const char * 5325sppp_ipcp_opt_name(u_char opt) 5326{ 5327 static char buf[12]; 5328 switch (opt) { 5329 case IPCP_OPT_ADDRESSES: return "addresses"; 5330 case IPCP_OPT_COMPRESSION: return "compression"; 5331 case IPCP_OPT_ADDRESS: return "address"; 5332 } 5333 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 5334 return buf; 5335} 5336 5337#ifdef INET6 5338static const char * 5339sppp_ipv6cp_opt_name(u_char opt) 5340{ 5341 static char buf[12]; 5342 switch (opt) { 5343 case IPV6CP_OPT_IFID: return "ifid"; 5344 case IPV6CP_OPT_COMPRESSION: return "compression"; 5345 } 5346 sprintf (buf, "0x%x", opt); 5347 return buf; 5348} 5349#endif 5350 5351static const char * 5352sppp_state_name(int state) 5353{ 5354 switch (state) { 5355 case STATE_INITIAL: return "initial"; 5356 case STATE_STARTING: return "starting"; 5357 case STATE_CLOSED: return "closed"; 5358 case STATE_STOPPED: return "stopped"; 5359 case STATE_CLOSING: return "closing"; 5360 case STATE_STOPPING: return "stopping"; 5361 case STATE_REQ_SENT: return "req-sent"; 5362 case STATE_ACK_RCVD: return "ack-rcvd"; 5363 case STATE_ACK_SENT: return "ack-sent"; 5364 case STATE_OPENED: return "opened"; 5365 } 5366 return "illegal"; 5367} 5368 5369static const char * 5370sppp_phase_name(enum ppp_phase phase) 5371{ 5372 switch (phase) { 5373 case PHASE_DEAD: return "dead"; 5374 case PHASE_ESTABLISH: return "establish"; 5375 case PHASE_TERMINATE: return "terminate"; 5376 case PHASE_AUTHENTICATE: return "authenticate"; 5377 case PHASE_NETWORK: return "network"; 5378 } 5379 return "illegal"; 5380} 5381 5382static const char * 5383sppp_proto_name(u_short proto) 5384{ 5385 static char buf[12]; 5386 switch (proto) { 5387 case PPP_LCP: return "lcp"; 5388 case PPP_IPCP: return "ipcp"; 5389 case PPP_PAP: return "pap"; 5390 case PPP_CHAP: return "chap"; 5391 case PPP_IPV6CP: return "ipv6cp"; 5392 } 5393 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5394 return buf; 5395} 5396 5397static void 5398sppp_print_bytes(const u_char *p, u_short len) 5399{ 5400 if (len) 5401 log(-1, " %*D", len, p, "-"); 5402} 5403 5404static void 5405sppp_print_string(const char *p, u_short len) 5406{ 5407 u_char c; 5408 5409 while (len-- > 0) { 5410 c = *p++; 5411 /* 5412 * Print only ASCII chars directly. RFC 1994 recommends 5413 * using only them, but we don't rely on it. */ 5414 if (c < ' ' || c > '~') 5415 log(-1, "\\x%x", c); 5416 else 5417 log(-1, "%c", c); 5418 } 5419} 5420 5421static const char * 5422sppp_dotted_quad(u_long addr) 5423{ 5424 static char s[16]; 5425 sprintf(s, "%d.%d.%d.%d", 5426 (int)((addr >> 24) & 0xff), 5427 (int)((addr >> 16) & 0xff), 5428 (int)((addr >> 8) & 0xff), 5429 (int)(addr & 0xff)); 5430 return s; 5431} 5432 5433static int 5434sppp_strnlen(u_char *p, int max) 5435{ 5436 int len; 5437 5438 for (len = 0; len < max && *p; ++p) 5439 ++len; 5440 return len; 5441} 5442 5443/* a dummy, used to drop uninteresting events */ 5444static void 5445sppp_null(struct sppp *unused) 5446{ 5447 /* do just nothing */ 5448} 5449