if_spppsubr.c revision 170490
1/* 2 * Synchronous PPP/Cisco/Frame Relay link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 */ 5/*- 6 * Copyright (C) 1994-2000 Cronyx Engineering. 7 * Author: Serge Vakulenko, <vak@cronyx.ru> 8 * 9 * Heavily revamped to conform to RFC 1661. 10 * Copyright (C) 1997, 2001 Joerg Wunsch. 11 * 12 * This software is distributed with NO WARRANTIES, not even the implied 13 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 14 * 15 * Authors grant any other persons or organisations permission to use 16 * or modify this software as long as this message is kept with the software, 17 * all derivative works or modified versions. 18 * 19 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 20 * 21 * $FreeBSD: head/sys/net/if_spppsubr.c 170490 2007-06-10 04:53:13Z mjacob $ 22 */ 23 24#include <sys/param.h> 25 26#if defined(__FreeBSD__) && __FreeBSD__ >= 3 27#include "opt_inet.h" 28#include "opt_inet6.h" 29#include "opt_ipx.h" 30#endif 31 32#ifdef NetBSD1_3 33# if NetBSD1_3 > 6 34# include "opt_inet.h" 35# include "opt_inet6.h" 36# include "opt_iso.h" 37# endif 38#endif 39 40#include <sys/systm.h> 41#include <sys/kernel.h> 42#include <sys/module.h> 43#include <sys/sockio.h> 44#include <sys/socket.h> 45#include <sys/syslog.h> 46#if defined(__FreeBSD__) && __FreeBSD__ >= 3 47#include <sys/random.h> 48#endif 49#include <sys/malloc.h> 50#include <sys/mbuf.h> 51 52#if defined (__OpenBSD__) 53#include <sys/md5k.h> 54#else 55#include <sys/md5.h> 56#endif 57 58#include <net/if.h> 59#include <net/netisr.h> 60#include <net/if_types.h> 61#include <net/route.h> 62#include <netinet/in.h> 63#include <netinet/in_systm.h> 64#include <netinet/ip.h> 65#include <net/slcompress.h> 66 67#if defined (__NetBSD__) || defined (__OpenBSD__) 68#include <machine/cpu.h> /* XXX for softnet */ 69#endif 70 71#include <machine/stdarg.h> 72 73#include <netinet/in_var.h> 74 75#ifdef INET 76#include <netinet/ip.h> 77#include <netinet/tcp.h> 78#endif 79 80#ifdef INET6 81#include <netinet6/scope6_var.h> 82#endif 83 84#if defined (__FreeBSD__) || defined (__OpenBSD__) 85# include <netinet/if_ether.h> 86#else 87# include <net/ethertypes.h> 88#endif 89 90#ifdef IPX 91#include <netipx/ipx.h> 92#include <netipx/ipx_if.h> 93#endif 94 95#include <net/if_sppp.h> 96 97#if defined(__FreeBSD__) && __FreeBSD__ >= 3 98# define IOCTL_CMD_T u_long 99#else 100# define IOCTL_CMD_T int 101#endif 102 103#define MAXALIVECNT 3 /* max. alive packets */ 104 105/* 106 * Interface flags that can be set in an ifconfig command. 107 * 108 * Setting link0 will make the link passive, i.e. it will be marked 109 * as being administrative openable, but won't be opened to begin 110 * with. Incoming calls will be answered, or subsequent calls with 111 * -link1 will cause the administrative open of the LCP layer. 112 * 113 * Setting link1 will cause the link to auto-dial only as packets 114 * arrive to be sent. 115 * 116 * Setting IFF_DEBUG will syslog the option negotiation and state 117 * transitions at level kern.debug. Note: all logs consistently look 118 * like 119 * 120 * <if-name><unit>: <proto-name> <additional info...> 121 * 122 * with <if-name><unit> being something like "bppp0", and <proto-name> 123 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 124 */ 125 126#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 127#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 128#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 129 130#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 131#define PPP_UI 0x03 /* Unnumbered Information */ 132#define PPP_IP 0x0021 /* Internet Protocol */ 133#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 134#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 135#define PPP_IPX 0x002b /* Novell IPX Protocol */ 136#define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */ 137#define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */ 138#define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 139#define PPP_LCP 0xc021 /* Link Control Protocol */ 140#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 141#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 142#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 143#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 144 145#define CONF_REQ 1 /* PPP configure request */ 146#define CONF_ACK 2 /* PPP configure acknowledge */ 147#define CONF_NAK 3 /* PPP configure negative ack */ 148#define CONF_REJ 4 /* PPP configure reject */ 149#define TERM_REQ 5 /* PPP terminate request */ 150#define TERM_ACK 6 /* PPP terminate acknowledge */ 151#define CODE_REJ 7 /* PPP code reject */ 152#define PROTO_REJ 8 /* PPP protocol reject */ 153#define ECHO_REQ 9 /* PPP echo request */ 154#define ECHO_REPLY 10 /* PPP echo reply */ 155#define DISC_REQ 11 /* PPP discard request */ 156 157#define LCP_OPT_MRU 1 /* maximum receive unit */ 158#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 159#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 160#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 161#define LCP_OPT_MAGIC 5 /* magic number */ 162#define LCP_OPT_RESERVED 6 /* reserved */ 163#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 164#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 165 166#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 167#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 168#define IPCP_OPT_ADDRESS 3 /* local IP address */ 169 170#define IPV6CP_OPT_IFID 1 /* interface identifier */ 171#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 172 173#define IPCP_COMP_VJ 0x2d /* Code for VJ compression */ 174 175#define PAP_REQ 1 /* PAP name/password request */ 176#define PAP_ACK 2 /* PAP acknowledge */ 177#define PAP_NAK 3 /* PAP fail */ 178 179#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 180#define CHAP_RESPONSE 2 /* CHAP challenge response */ 181#define CHAP_SUCCESS 3 /* CHAP response ok */ 182#define CHAP_FAILURE 4 /* CHAP response failed */ 183 184#define CHAP_MD5 5 /* hash algorithm - MD5 */ 185 186#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 187#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 188#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 189#define CISCO_ADDR_REQ 0 /* Cisco address request */ 190#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 191#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 192 193/* states are named and numbered according to RFC 1661 */ 194#define STATE_INITIAL 0 195#define STATE_STARTING 1 196#define STATE_CLOSED 2 197#define STATE_STOPPED 3 198#define STATE_CLOSING 4 199#define STATE_STOPPING 5 200#define STATE_REQ_SENT 6 201#define STATE_ACK_RCVD 7 202#define STATE_ACK_SENT 8 203#define STATE_OPENED 9 204 205MALLOC_DEFINE(M_SPPP, "sppp", "synchronous PPP interface internals"); 206 207struct ppp_header { 208 u_char address; 209 u_char control; 210 u_short protocol; 211} __packed; 212#define PPP_HEADER_LEN sizeof (struct ppp_header) 213 214struct lcp_header { 215 u_char type; 216 u_char ident; 217 u_short len; 218} __packed; 219#define LCP_HEADER_LEN sizeof (struct lcp_header) 220 221struct cisco_packet { 222 u_long type; 223 u_long par1; 224 u_long par2; 225 u_short rel; 226 u_short time0; 227 u_short time1; 228} __packed; 229#define CISCO_PACKET_LEN sizeof (struct cisco_packet) 230 231/* 232 * We follow the spelling and capitalization of RFC 1661 here, to make 233 * it easier comparing with the standard. Please refer to this RFC in 234 * case you can't make sense out of these abbreviation; it will also 235 * explain the semantics related to the various events and actions. 236 */ 237struct cp { 238 u_short proto; /* PPP control protocol number */ 239 u_char protoidx; /* index into state table in struct sppp */ 240 u_char flags; 241#define CP_LCP 0x01 /* this is the LCP */ 242#define CP_AUTH 0x02 /* this is an authentication protocol */ 243#define CP_NCP 0x04 /* this is a NCP */ 244#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 245 const char *name; /* name of this control protocol */ 246 /* event handlers */ 247 void (*Up)(struct sppp *sp); 248 void (*Down)(struct sppp *sp); 249 void (*Open)(struct sppp *sp); 250 void (*Close)(struct sppp *sp); 251 void (*TO)(void *sp); 252 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 253 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 254 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 255 /* actions */ 256 void (*tlu)(struct sppp *sp); 257 void (*tld)(struct sppp *sp); 258 void (*tls)(struct sppp *sp); 259 void (*tlf)(struct sppp *sp); 260 void (*scr)(struct sppp *sp); 261}; 262 263#if defined(__FreeBSD__) && __FreeBSD__ >= 3 && __FreeBSD_version < 501113 264#define SPP_FMT "%s%d: " 265#define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 266#else 267#define SPP_FMT "%s: " 268#define SPP_ARGS(ifp) (ifp)->if_xname 269#endif 270 271#define SPPP_LOCK(sp) \ 272 do { \ 273 if (!(SP2IFP(sp)->if_flags & IFF_NEEDSGIANT)) \ 274 mtx_lock (&(sp)->mtx); \ 275 } while (0) 276#define SPPP_UNLOCK(sp) \ 277 do { \ 278 if (!(SP2IFP(sp)->if_flags & IFF_NEEDSGIANT)) \ 279 mtx_unlock (&(sp)->mtx); \ 280 } while (0) 281 282#define SPPP_LOCK_ASSERT(sp) \ 283 do { \ 284 if (!(SP2IFP(sp)->if_flags & IFF_NEEDSGIANT)) \ 285 mtx_assert (&(sp)->mtx, MA_OWNED); \ 286 } while (0) 287#define SPPP_LOCK_OWNED(sp) \ 288 (!(SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) && \ 289 mtx_owned (&sp->mtx)) 290 291#ifdef INET 292/* 293 * The following disgusting hack gets around the problem that IP TOS 294 * can't be set yet. We want to put "interactive" traffic on a high 295 * priority queue. To decide if traffic is interactive, we check that 296 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 297 * 298 * XXX is this really still necessary? - joerg - 299 */ 300static const u_short interactive_ports[8] = { 301 0, 513, 0, 0, 302 0, 21, 0, 23, 303}; 304#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 305#endif 306 307/* almost every function needs these */ 308#define STDDCL \ 309 struct ifnet *ifp = SP2IFP(sp); \ 310 int debug = ifp->if_flags & IFF_DEBUG 311 312static int sppp_output(struct ifnet *ifp, struct mbuf *m, 313 struct sockaddr *dst, struct rtentry *rt); 314 315static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 316static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 317 318static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 319 struct mbuf *m); 320static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 321 u_char ident, u_short len, void *data); 322/* static void sppp_cp_timeout(void *arg); */ 323static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 324 int newstate); 325static void sppp_auth_send(const struct cp *cp, 326 struct sppp *sp, unsigned int type, unsigned int id, 327 ...); 328 329static void sppp_up_event(const struct cp *cp, struct sppp *sp); 330static void sppp_down_event(const struct cp *cp, struct sppp *sp); 331static void sppp_open_event(const struct cp *cp, struct sppp *sp); 332static void sppp_close_event(const struct cp *cp, struct sppp *sp); 333static void sppp_to_event(const struct cp *cp, struct sppp *sp); 334 335static void sppp_null(struct sppp *sp); 336 337static void sppp_pp_up(struct sppp *sp); 338static void sppp_pp_down(struct sppp *sp); 339 340static void sppp_lcp_init(struct sppp *sp); 341static void sppp_lcp_up(struct sppp *sp); 342static void sppp_lcp_down(struct sppp *sp); 343static void sppp_lcp_open(struct sppp *sp); 344static void sppp_lcp_close(struct sppp *sp); 345static void sppp_lcp_TO(void *sp); 346static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 347static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 348static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 349static void sppp_lcp_tlu(struct sppp *sp); 350static void sppp_lcp_tld(struct sppp *sp); 351static void sppp_lcp_tls(struct sppp *sp); 352static void sppp_lcp_tlf(struct sppp *sp); 353static void sppp_lcp_scr(struct sppp *sp); 354static void sppp_lcp_check_and_close(struct sppp *sp); 355static int sppp_ncp_check(struct sppp *sp); 356 357static void sppp_ipcp_init(struct sppp *sp); 358static void sppp_ipcp_up(struct sppp *sp); 359static void sppp_ipcp_down(struct sppp *sp); 360static void sppp_ipcp_open(struct sppp *sp); 361static void sppp_ipcp_close(struct sppp *sp); 362static void sppp_ipcp_TO(void *sp); 363static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 364static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 365static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 366static void sppp_ipcp_tlu(struct sppp *sp); 367static void sppp_ipcp_tld(struct sppp *sp); 368static void sppp_ipcp_tls(struct sppp *sp); 369static void sppp_ipcp_tlf(struct sppp *sp); 370static void sppp_ipcp_scr(struct sppp *sp); 371 372static void sppp_ipv6cp_init(struct sppp *sp); 373static void sppp_ipv6cp_up(struct sppp *sp); 374static void sppp_ipv6cp_down(struct sppp *sp); 375static void sppp_ipv6cp_open(struct sppp *sp); 376static void sppp_ipv6cp_close(struct sppp *sp); 377static void sppp_ipv6cp_TO(void *sp); 378static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 379static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 380static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 381static void sppp_ipv6cp_tlu(struct sppp *sp); 382static void sppp_ipv6cp_tld(struct sppp *sp); 383static void sppp_ipv6cp_tls(struct sppp *sp); 384static void sppp_ipv6cp_tlf(struct sppp *sp); 385static void sppp_ipv6cp_scr(struct sppp *sp); 386 387static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 388static void sppp_pap_init(struct sppp *sp); 389static void sppp_pap_open(struct sppp *sp); 390static void sppp_pap_close(struct sppp *sp); 391static void sppp_pap_TO(void *sp); 392static void sppp_pap_my_TO(void *sp); 393static void sppp_pap_tlu(struct sppp *sp); 394static void sppp_pap_tld(struct sppp *sp); 395static void sppp_pap_scr(struct sppp *sp); 396 397static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 398static void sppp_chap_init(struct sppp *sp); 399static void sppp_chap_open(struct sppp *sp); 400static void sppp_chap_close(struct sppp *sp); 401static void sppp_chap_TO(void *sp); 402static void sppp_chap_tlu(struct sppp *sp); 403static void sppp_chap_tld(struct sppp *sp); 404static void sppp_chap_scr(struct sppp *sp); 405 406static const char *sppp_auth_type_name(u_short proto, u_char type); 407static const char *sppp_cp_type_name(u_char type); 408static const char *sppp_dotted_quad(u_long addr); 409static const char *sppp_ipcp_opt_name(u_char opt); 410#ifdef INET6 411static const char *sppp_ipv6cp_opt_name(u_char opt); 412#endif 413static const char *sppp_lcp_opt_name(u_char opt); 414static const char *sppp_phase_name(enum ppp_phase phase); 415static const char *sppp_proto_name(u_short proto); 416static const char *sppp_state_name(int state); 417static int sppp_params(struct sppp *sp, u_long cmd, void *data); 418static int sppp_strnlen(u_char *p, int max); 419static void sppp_keepalive(void *dummy); 420static void sppp_phase_network(struct sppp *sp); 421static void sppp_print_bytes(const u_char *p, u_short len); 422static void sppp_print_string(const char *p, u_short len); 423static void sppp_qflush(struct ifqueue *ifq); 424static void sppp_set_ip_addr(struct sppp *sp, u_long src); 425#ifdef INET6 426static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 427 struct in6_addr *dst, struct in6_addr *srcmask); 428#ifdef IPV6CP_MYIFID_DYN 429static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 430static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 431#endif 432static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 433#endif 434 435/* if_start () wrapper */ 436static void sppp_ifstart (struct ifnet *ifp); 437 438/* our control protocol descriptors */ 439static const struct cp lcp = { 440 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 441 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 442 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 443 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 444 sppp_lcp_scr 445}; 446 447static const struct cp ipcp = { 448 PPP_IPCP, IDX_IPCP, 449#ifdef INET /* don't run IPCP if there's no IPv4 support */ 450 CP_NCP, 451#else 452 0, 453#endif 454 "ipcp", 455 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 456 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 457 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 458 sppp_ipcp_scr 459}; 460 461static const struct cp ipv6cp = { 462 PPP_IPV6CP, IDX_IPV6CP, 463#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 464 CP_NCP, 465#else 466 0, 467#endif 468 "ipv6cp", 469 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 470 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 471 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 472 sppp_ipv6cp_scr 473}; 474 475static const struct cp pap = { 476 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 477 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 478 sppp_pap_TO, 0, 0, 0, 479 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 480 sppp_pap_scr 481}; 482 483static const struct cp chap = { 484 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 485 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 486 sppp_chap_TO, 0, 0, 0, 487 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 488 sppp_chap_scr 489}; 490 491static const struct cp *cps[IDX_COUNT] = { 492 &lcp, /* IDX_LCP */ 493 &ipcp, /* IDX_IPCP */ 494 &ipv6cp, /* IDX_IPV6CP */ 495 &pap, /* IDX_PAP */ 496 &chap, /* IDX_CHAP */ 497}; 498 499static void* 500sppp_alloc(u_char type, struct ifnet *ifp) 501{ 502 struct sppp *sp; 503 504 sp = malloc(sizeof(struct sppp), M_SPPP, M_WAITOK | M_ZERO); 505 sp->pp_ifp = ifp; 506 507 return (sp); 508} 509 510static void 511sppp_free(void *com, u_char type) 512{ 513 514 free(com, M_SPPP); 515} 516 517static int 518sppp_modevent(module_t mod, int type, void *unused) 519{ 520 switch (type) { 521 case MOD_LOAD: 522 /* 523 * XXX: should probably be IFT_SPPP, but it's fairly 524 * harmless to allocate struct sppp's for non-sppp 525 * interfaces. 526 */ 527 528 if_register_com_alloc(IFT_PPP, sppp_alloc, sppp_free); 529 break; 530 case MOD_UNLOAD: 531 /* if_deregister_com_alloc(IFT_PPP); */ 532 return EACCES; 533 default: 534 return EOPNOTSUPP; 535 } 536 return 0; 537} 538static moduledata_t spppmod = { 539 "sppp", 540 sppp_modevent, 541 0 542}; 543MODULE_VERSION(sppp, 1); 544DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 545 546/* 547 * Exported functions, comprising our interface to the lower layer. 548 */ 549 550/* 551 * Process the received packet. 552 */ 553void 554sppp_input(struct ifnet *ifp, struct mbuf *m) 555{ 556 struct ppp_header *h; 557 int isr = -1; 558 struct sppp *sp = IFP2SP(ifp); 559 u_char *iphdr; 560 int hlen, vjlen, do_account = 0; 561 int debug; 562 563 SPPP_LOCK(sp); 564 debug = ifp->if_flags & IFF_DEBUG; 565 566 if (ifp->if_flags & IFF_UP) 567 /* Count received bytes, add FCS and one flag */ 568 ifp->if_ibytes += m->m_pkthdr.len + 3; 569 570 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 571 /* Too small packet, drop it. */ 572 if (debug) 573 log(LOG_DEBUG, 574 SPP_FMT "input packet is too small, %d bytes\n", 575 SPP_ARGS(ifp), m->m_pkthdr.len); 576 drop: 577 m_freem (m); 578 SPPP_UNLOCK(sp); 579 drop2: 580 ++ifp->if_ierrors; 581 ++ifp->if_iqdrops; 582 return; 583 } 584 585 if (sp->pp_mode == PP_FR) { 586 sppp_fr_input (sp, m); 587 SPPP_UNLOCK(sp); 588 return; 589 } 590 591 /* Get PPP header. */ 592 h = mtod (m, struct ppp_header*); 593 m_adj (m, PPP_HEADER_LEN); 594 595 switch (h->address) { 596 case PPP_ALLSTATIONS: 597 if (h->control != PPP_UI) 598 goto invalid; 599 if (sp->pp_mode == IFF_CISCO) { 600 if (debug) 601 log(LOG_DEBUG, 602 SPP_FMT "PPP packet in Cisco mode " 603 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 604 SPP_ARGS(ifp), 605 h->address, h->control, ntohs(h->protocol)); 606 goto drop; 607 } 608 switch (ntohs (h->protocol)) { 609 default: 610 if (debug) 611 log(LOG_DEBUG, 612 SPP_FMT "rejecting protocol " 613 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 614 SPP_ARGS(ifp), 615 h->address, h->control, ntohs(h->protocol)); 616 if (sp->state[IDX_LCP] == STATE_OPENED) 617 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 618 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 619 &h->protocol); 620 ++ifp->if_noproto; 621 goto drop; 622 case PPP_LCP: 623 sppp_cp_input(&lcp, sp, m); 624 m_freem (m); 625 SPPP_UNLOCK(sp); 626 return; 627 case PPP_PAP: 628 if (sp->pp_phase >= PHASE_AUTHENTICATE) 629 sppp_pap_input(sp, m); 630 m_freem (m); 631 SPPP_UNLOCK(sp); 632 return; 633 case PPP_CHAP: 634 if (sp->pp_phase >= PHASE_AUTHENTICATE) 635 sppp_chap_input(sp, m); 636 m_freem (m); 637 SPPP_UNLOCK(sp); 638 return; 639#ifdef INET 640 case PPP_IPCP: 641 if (sp->pp_phase == PHASE_NETWORK) 642 sppp_cp_input(&ipcp, sp, m); 643 m_freem (m); 644 SPPP_UNLOCK(sp); 645 return; 646 case PPP_IP: 647 if (sp->state[IDX_IPCP] == STATE_OPENED) { 648 isr = NETISR_IP; 649 } 650 do_account++; 651 break; 652 case PPP_VJ_COMP: 653 if (sp->state[IDX_IPCP] == STATE_OPENED) { 654 if ((vjlen = 655 sl_uncompress_tcp_core(mtod(m, u_char *), 656 m->m_len, m->m_len, 657 TYPE_COMPRESSED_TCP, 658 sp->pp_comp, 659 &iphdr, &hlen)) <= 0) { 660 if (debug) 661 log(LOG_INFO, 662 SPP_FMT "VJ uncompress failed on compressed packet\n", 663 SPP_ARGS(ifp)); 664 goto drop; 665 } 666 667 /* 668 * Trim the VJ header off the packet, and prepend 669 * the uncompressed IP header (which will usually 670 * end up in two chained mbufs since there's not 671 * enough leading space in the existing mbuf). 672 */ 673 m_adj(m, vjlen); 674 M_PREPEND(m, hlen, M_DONTWAIT); 675 if (m == NULL) { 676 SPPP_UNLOCK(sp); 677 goto drop2; 678 } 679 bcopy(iphdr, mtod(m, u_char *), hlen); 680 isr = NETISR_IP; 681 } 682 do_account++; 683 break; 684 case PPP_VJ_UCOMP: 685 if (sp->state[IDX_IPCP] == STATE_OPENED) { 686 if (sl_uncompress_tcp_core(mtod(m, u_char *), 687 m->m_len, m->m_len, 688 TYPE_UNCOMPRESSED_TCP, 689 sp->pp_comp, 690 &iphdr, &hlen) != 0) { 691 if (debug) 692 log(LOG_INFO, 693 SPP_FMT "VJ uncompress failed on uncompressed packet\n", 694 SPP_ARGS(ifp)); 695 goto drop; 696 } 697 isr = NETISR_IP; 698 } 699 do_account++; 700 break; 701#endif 702#ifdef INET6 703 case PPP_IPV6CP: 704 if (sp->pp_phase == PHASE_NETWORK) 705 sppp_cp_input(&ipv6cp, sp, m); 706 m_freem (m); 707 SPPP_UNLOCK(sp); 708 return; 709 710 case PPP_IPV6: 711 if (sp->state[IDX_IPV6CP] == STATE_OPENED) 712 isr = NETISR_IPV6; 713 do_account++; 714 break; 715#endif 716#ifdef IPX 717 case PPP_IPX: 718 /* IPX IPXCP not implemented yet */ 719 if (sp->pp_phase == PHASE_NETWORK) 720 isr = NETISR_IPX; 721 do_account++; 722 break; 723#endif 724 } 725 break; 726 case CISCO_MULTICAST: 727 case CISCO_UNICAST: 728 /* Don't check the control field here (RFC 1547). */ 729 if (sp->pp_mode != IFF_CISCO) { 730 if (debug) 731 log(LOG_DEBUG, 732 SPP_FMT "Cisco packet in PPP mode " 733 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 734 SPP_ARGS(ifp), 735 h->address, h->control, ntohs(h->protocol)); 736 goto drop; 737 } 738 switch (ntohs (h->protocol)) { 739 default: 740 ++ifp->if_noproto; 741 goto invalid; 742 case CISCO_KEEPALIVE: 743 sppp_cisco_input (sp, m); 744 m_freem (m); 745 SPPP_UNLOCK(sp); 746 return; 747#ifdef INET 748 case ETHERTYPE_IP: 749 isr = NETISR_IP; 750 do_account++; 751 break; 752#endif 753#ifdef INET6 754 case ETHERTYPE_IPV6: 755 isr = NETISR_IPV6; 756 do_account++; 757 break; 758#endif 759#ifdef IPX 760 case ETHERTYPE_IPX: 761 isr = NETISR_IPX; 762 do_account++; 763 break; 764#endif 765 } 766 break; 767 default: /* Invalid PPP packet. */ 768 invalid: 769 if (debug) 770 log(LOG_DEBUG, 771 SPP_FMT "invalid input packet " 772 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 773 SPP_ARGS(ifp), 774 h->address, h->control, ntohs(h->protocol)); 775 goto drop; 776 } 777 778 if (! (ifp->if_flags & IFF_UP) || isr == -1) 779 goto drop; 780 781 SPPP_UNLOCK(sp); 782 /* Check queue. */ 783 if (netisr_queue(isr, m)) { /* (0) on success. */ 784 if (debug) 785 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 786 SPP_ARGS(ifp)); 787 goto drop2; 788 } 789 790 if (do_account) 791 /* 792 * Do only account for network packets, not for control 793 * packets. This is used by some subsystems to detect 794 * idle lines. 795 */ 796 sp->pp_last_recv = time_uptime; 797} 798 799static void 800sppp_ifstart_sched(void *dummy) 801{ 802 struct sppp *sp = dummy; 803 804 sp->if_start(SP2IFP(sp)); 805} 806 807/* if_start () wrapper function. We use it to schedule real if_start () for 808 * execution. We can't call it directly 809 */ 810static void 811sppp_ifstart(struct ifnet *ifp) 812{ 813 struct sppp *sp = IFP2SP(ifp); 814 815 if (SPPP_LOCK_OWNED(sp)) { 816 if (callout_pending(&sp->ifstart_callout)) 817 return; 818 callout_reset(&sp->ifstart_callout, 1, sppp_ifstart_sched, 819 (void *)sp); 820 } else { 821 sp->if_start(ifp); 822 } 823} 824 825/* 826 * Enqueue transmit packet. 827 */ 828static int 829sppp_output(struct ifnet *ifp, struct mbuf *m, 830 struct sockaddr *dst, struct rtentry *rt) 831{ 832 struct sppp *sp = IFP2SP(ifp); 833 struct ppp_header *h; 834 struct ifqueue *ifq = NULL; 835 int s, error, rv = 0; 836 int ipproto = PPP_IP; 837 int debug = ifp->if_flags & IFF_DEBUG; 838 839 s = splimp(); 840 SPPP_LOCK(sp); 841 842 if (!(ifp->if_flags & IFF_UP) || 843 (!(ifp->if_flags & IFF_AUTO) && 844 !(ifp->if_drv_flags & IFF_DRV_RUNNING))) { 845#ifdef INET6 846 drop: 847#endif 848 m_freem (m); 849 SPPP_UNLOCK(sp); 850 splx (s); 851 return (ENETDOWN); 852 } 853 854 if ((ifp->if_flags & IFF_AUTO) && 855 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 856#ifdef INET6 857 /* 858 * XXX 859 * 860 * Hack to prevent the initialization-time generated 861 * IPv6 multicast packet to erroneously cause a 862 * dialout event in case IPv6 has been 863 * administratively disabled on that interface. 864 */ 865 if (dst->sa_family == AF_INET6 && 866 !(sp->confflags & CONF_ENABLE_IPV6)) 867 goto drop; 868#endif 869 /* 870 * Interface is not yet running, but auto-dial. Need 871 * to start LCP for it. 872 */ 873 ifp->if_drv_flags |= IFF_DRV_RUNNING; 874 splx(s); 875 lcp.Open(sp); 876 s = splimp(); 877 } 878 879#ifdef INET 880 if (dst->sa_family == AF_INET) { 881 /* XXX Check mbuf length here? */ 882 struct ip *ip = mtod (m, struct ip*); 883 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 884 885 /* 886 * When using dynamic local IP address assignment by using 887 * 0.0.0.0 as a local address, the first TCP session will 888 * not connect because the local TCP checksum is computed 889 * using 0.0.0.0 which will later become our real IP address 890 * so the TCP checksum computed at the remote end will 891 * become invalid. So we 892 * - don't let packets with src ip addr 0 thru 893 * - we flag TCP packets with src ip 0 as an error 894 */ 895 896 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 897 { 898 m_freem(m); 899 SPPP_UNLOCK(sp); 900 splx(s); 901 if(ip->ip_p == IPPROTO_TCP) 902 return(EADDRNOTAVAIL); 903 else 904 return(0); 905 } 906 907 /* 908 * Put low delay, telnet, rlogin and ftp control packets 909 * in front of the queue or let ALTQ take care. 910 */ 911 if (ALTQ_IS_ENABLED(&ifp->if_snd)) 912 ; 913 else if (_IF_QFULL(&sp->pp_fastq)) 914 ; 915 else if (ip->ip_tos & IPTOS_LOWDELAY) 916 ifq = &sp->pp_fastq; 917 else if (m->m_len < sizeof *ip + sizeof *tcp) 918 ; 919 else if (ip->ip_p != IPPROTO_TCP) 920 ; 921 else if (INTERACTIVE (ntohs (tcp->th_sport))) 922 ifq = &sp->pp_fastq; 923 else if (INTERACTIVE (ntohs (tcp->th_dport))) 924 ifq = &sp->pp_fastq; 925 926 /* 927 * Do IP Header compression 928 */ 929 if (sp->pp_mode != IFF_CISCO && sp->pp_mode != PP_FR && 930 (sp->ipcp.flags & IPCP_VJ) && ip->ip_p == IPPROTO_TCP) 931 switch (sl_compress_tcp(m, ip, sp->pp_comp, 932 sp->ipcp.compress_cid)) { 933 case TYPE_COMPRESSED_TCP: 934 ipproto = PPP_VJ_COMP; 935 break; 936 case TYPE_UNCOMPRESSED_TCP: 937 ipproto = PPP_VJ_UCOMP; 938 break; 939 case TYPE_IP: 940 ipproto = PPP_IP; 941 break; 942 default: 943 m_freem(m); 944 SPPP_UNLOCK(sp); 945 splx(s); 946 return (EINVAL); 947 } 948 } 949#endif 950 951#ifdef INET6 952 if (dst->sa_family == AF_INET6) { 953 /* XXX do something tricky here? */ 954 } 955#endif 956 957 if (sp->pp_mode == PP_FR) { 958 /* Add frame relay header. */ 959 m = sppp_fr_header (sp, m, dst->sa_family); 960 if (! m) 961 goto nobufs; 962 goto out; 963 } 964 965 /* 966 * Prepend general data packet PPP header. For now, IP only. 967 */ 968 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 969 if (! m) { 970nobufs: if (debug) 971 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 972 SPP_ARGS(ifp)); 973 ++ifp->if_oerrors; 974 SPPP_UNLOCK(sp); 975 splx (s); 976 return (ENOBUFS); 977 } 978 /* 979 * May want to check size of packet 980 * (albeit due to the implementation it's always enough) 981 */ 982 h = mtod (m, struct ppp_header*); 983 if (sp->pp_mode == IFF_CISCO) { 984 h->address = CISCO_UNICAST; /* unicast address */ 985 h->control = 0; 986 } else { 987 h->address = PPP_ALLSTATIONS; /* broadcast address */ 988 h->control = PPP_UI; /* Unnumbered Info */ 989 } 990 991 switch (dst->sa_family) { 992#ifdef INET 993 case AF_INET: /* Internet Protocol */ 994 if (sp->pp_mode == IFF_CISCO) 995 h->protocol = htons (ETHERTYPE_IP); 996 else { 997 /* 998 * Don't choke with an ENETDOWN early. It's 999 * possible that we just started dialing out, 1000 * so don't drop the packet immediately. If 1001 * we notice that we run out of buffer space 1002 * below, we will however remember that we are 1003 * not ready to carry IP packets, and return 1004 * ENETDOWN, as opposed to ENOBUFS. 1005 */ 1006 h->protocol = htons(ipproto); 1007 if (sp->state[IDX_IPCP] != STATE_OPENED) 1008 rv = ENETDOWN; 1009 } 1010 break; 1011#endif 1012#ifdef INET6 1013 case AF_INET6: /* Internet Protocol */ 1014 if (sp->pp_mode == IFF_CISCO) 1015 h->protocol = htons (ETHERTYPE_IPV6); 1016 else { 1017 /* 1018 * Don't choke with an ENETDOWN early. It's 1019 * possible that we just started dialing out, 1020 * so don't drop the packet immediately. If 1021 * we notice that we run out of buffer space 1022 * below, we will however remember that we are 1023 * not ready to carry IP packets, and return 1024 * ENETDOWN, as opposed to ENOBUFS. 1025 */ 1026 h->protocol = htons(PPP_IPV6); 1027 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 1028 rv = ENETDOWN; 1029 } 1030 break; 1031#endif 1032#ifdef IPX 1033 case AF_IPX: /* Novell IPX Protocol */ 1034 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 1035 ETHERTYPE_IPX : PPP_IPX); 1036 break; 1037#endif 1038 default: 1039 m_freem (m); 1040 ++ifp->if_oerrors; 1041 SPPP_UNLOCK(sp); 1042 splx (s); 1043 return (EAFNOSUPPORT); 1044 } 1045 1046 /* 1047 * Queue message on interface, and start output if interface 1048 * not yet active. 1049 */ 1050out: 1051 if (ifq != NULL) 1052 error = !(IF_HANDOFF_ADJ(ifq, m, ifp, 3)); 1053 else 1054 IFQ_HANDOFF_ADJ(ifp, m, 3, error); 1055 if (error) { 1056 ++ifp->if_oerrors; 1057 SPPP_UNLOCK(sp); 1058 splx (s); 1059 return (rv? rv: ENOBUFS); 1060 } 1061 SPPP_UNLOCK(sp); 1062 splx (s); 1063 /* 1064 * Unlike in sppp_input(), we can always bump the timestamp 1065 * here since sppp_output() is only called on behalf of 1066 * network-layer traffic; control-layer traffic is handled 1067 * by sppp_cp_send(). 1068 */ 1069 sp->pp_last_sent = time_uptime; 1070 return (0); 1071} 1072 1073void 1074sppp_attach(struct ifnet *ifp) 1075{ 1076 struct sppp *sp = IFP2SP(ifp); 1077 1078 /* Initialize mtx lock */ 1079 mtx_init(&sp->mtx, "sppp", MTX_NETWORK_LOCK, MTX_DEF | MTX_RECURSE); 1080 1081 /* Initialize keepalive handler. */ 1082 callout_init(&sp->keepalive_callout, 1083 (ifp->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 1084 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 1085 (void *)sp); 1086 1087 ifp->if_mtu = PP_MTU; 1088 ifp->if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 1089 ifp->if_output = sppp_output; 1090#if 0 1091 sp->pp_flags = PP_KEEPALIVE; 1092#endif 1093 ifp->if_snd.ifq_maxlen = 32; 1094 sp->pp_fastq.ifq_maxlen = 32; 1095 sp->pp_cpq.ifq_maxlen = 20; 1096 sp->pp_loopcnt = 0; 1097 sp->pp_alivecnt = 0; 1098 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 1099 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 1100 sp->pp_phase = PHASE_DEAD; 1101 sp->pp_up = sppp_pp_up; 1102 sp->pp_down = sppp_pp_down; 1103 if(!mtx_initialized(&sp->pp_cpq.ifq_mtx)) 1104 mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", NULL, MTX_DEF); 1105 if(!mtx_initialized(&sp->pp_fastq.ifq_mtx)) 1106 mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", NULL, MTX_DEF); 1107 sp->pp_last_recv = sp->pp_last_sent = time_uptime; 1108 sp->confflags = 0; 1109#ifdef INET 1110 sp->confflags |= CONF_ENABLE_VJ; 1111#endif 1112#ifdef INET6 1113 sp->confflags |= CONF_ENABLE_IPV6; 1114#endif 1115 callout_init(&sp->ifstart_callout, 1116 (ifp->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 1117 sp->if_start = ifp->if_start; 1118 ifp->if_start = sppp_ifstart; 1119 sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAITOK); 1120 sl_compress_init(sp->pp_comp, -1); 1121 sppp_lcp_init(sp); 1122 sppp_ipcp_init(sp); 1123 sppp_ipv6cp_init(sp); 1124 sppp_pap_init(sp); 1125 sppp_chap_init(sp); 1126} 1127 1128void 1129sppp_detach(struct ifnet *ifp) 1130{ 1131 struct sppp *sp = IFP2SP(ifp); 1132 int i; 1133 1134 KASSERT(mtx_initialized(&sp->mtx), ("sppp mutex is not initialized")); 1135 1136 /* Stop keepalive handler. */ 1137 if (!callout_drain(&sp->keepalive_callout)) 1138 callout_stop(&sp->keepalive_callout); 1139 1140 for (i = 0; i < IDX_COUNT; i++) { 1141 if (!callout_drain(&sp->ch[i])) 1142 callout_stop(&sp->ch[i]); 1143 } 1144 if (!callout_drain(&sp->pap_my_to_ch)) 1145 callout_stop(&sp->pap_my_to_ch); 1146 mtx_destroy(&sp->pp_cpq.ifq_mtx); 1147 mtx_destroy(&sp->pp_fastq.ifq_mtx); 1148 mtx_destroy(&sp->mtx); 1149} 1150 1151/* 1152 * Flush the interface output queue. 1153 */ 1154static void 1155sppp_flush_unlocked(struct ifnet *ifp) 1156{ 1157 struct sppp *sp = IFP2SP(ifp); 1158 1159 sppp_qflush ((struct ifqueue *)&SP2IFP(sp)->if_snd); 1160 sppp_qflush (&sp->pp_fastq); 1161 sppp_qflush (&sp->pp_cpq); 1162} 1163 1164void 1165sppp_flush(struct ifnet *ifp) 1166{ 1167 struct sppp *sp = IFP2SP(ifp); 1168 1169 SPPP_LOCK(sp); 1170 sppp_flush_unlocked (ifp); 1171 SPPP_UNLOCK(sp); 1172} 1173 1174/* 1175 * Check if the output queue is empty. 1176 */ 1177int 1178sppp_isempty(struct ifnet *ifp) 1179{ 1180 struct sppp *sp = IFP2SP(ifp); 1181 int empty, s; 1182 1183 s = splimp(); 1184 SPPP_LOCK(sp); 1185 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 1186 !SP2IFP(sp)->if_snd.ifq_head; 1187 SPPP_UNLOCK(sp); 1188 splx(s); 1189 return (empty); 1190} 1191 1192/* 1193 * Get next packet to send. 1194 */ 1195struct mbuf * 1196sppp_dequeue(struct ifnet *ifp) 1197{ 1198 struct sppp *sp = IFP2SP(ifp); 1199 struct mbuf *m; 1200 int s; 1201 1202 s = splimp(); 1203 SPPP_LOCK(sp); 1204 /* 1205 * Process only the control protocol queue until we have at 1206 * least one NCP open. 1207 * 1208 * Do always serve all three queues in Cisco mode. 1209 */ 1210 IF_DEQUEUE(&sp->pp_cpq, m); 1211 if (m == NULL && 1212 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO || 1213 sp->pp_mode == PP_FR)) { 1214 IF_DEQUEUE(&sp->pp_fastq, m); 1215 if (m == NULL) 1216 IF_DEQUEUE (&SP2IFP(sp)->if_snd, m); 1217 } 1218 SPPP_UNLOCK(sp); 1219 splx(s); 1220 return m; 1221} 1222 1223/* 1224 * Pick the next packet, do not remove it from the queue. 1225 */ 1226struct mbuf * 1227sppp_pick(struct ifnet *ifp) 1228{ 1229 struct sppp *sp = IFP2SP(ifp); 1230 struct mbuf *m; 1231 int s; 1232 1233 s = splimp (); 1234 SPPP_LOCK(sp); 1235 1236 m = sp->pp_cpq.ifq_head; 1237 if (m == NULL && 1238 (sp->pp_phase == PHASE_NETWORK || 1239 sp->pp_mode == IFF_CISCO || 1240 sp->pp_mode == PP_FR)) 1241 if ((m = sp->pp_fastq.ifq_head) == NULL) 1242 m = SP2IFP(sp)->if_snd.ifq_head; 1243 SPPP_UNLOCK(sp); 1244 splx (s); 1245 return (m); 1246} 1247 1248/* 1249 * Process an ioctl request. Called on low priority level. 1250 */ 1251int 1252sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1253{ 1254 struct ifreq *ifr = (struct ifreq*) data; 1255 struct sppp *sp = IFP2SP(ifp); 1256 int s, rv, going_up, going_down, newmode; 1257 1258 s = splimp(); 1259 SPPP_LOCK(sp); 1260 rv = 0; 1261 switch (cmd) { 1262 case SIOCAIFADDR: 1263 case SIOCSIFDSTADDR: 1264 break; 1265 1266 case SIOCSIFADDR: 1267 /* set the interface "up" when assigning an IP address */ 1268 ifp->if_flags |= IFF_UP; 1269 /* FALLTHROUGH */ 1270 1271 case SIOCSIFFLAGS: 1272 going_up = ifp->if_flags & IFF_UP && 1273 (ifp->if_drv_flags & IFF_DRV_RUNNING) == 0; 1274 going_down = (ifp->if_flags & IFF_UP) == 0 && 1275 ifp->if_drv_flags & IFF_DRV_RUNNING; 1276 1277 newmode = ifp->if_flags & IFF_PASSIVE; 1278 if (!newmode) 1279 newmode = ifp->if_flags & IFF_AUTO; 1280 if (!newmode) 1281 newmode = ifp->if_flags & IFF_CISCO; 1282 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1283 ifp->if_flags |= newmode; 1284 1285 if (!newmode) 1286 newmode = sp->pp_flags & PP_FR; 1287 1288 if (newmode != sp->pp_mode) { 1289 going_down = 1; 1290 if (!going_up) 1291 going_up = ifp->if_drv_flags & IFF_DRV_RUNNING; 1292 } 1293 1294 if (going_down) { 1295 if (sp->pp_mode != IFF_CISCO && 1296 sp->pp_mode != PP_FR) 1297 lcp.Close(sp); 1298 else if (sp->pp_tlf) 1299 (sp->pp_tlf)(sp); 1300 sppp_flush_unlocked(ifp); 1301 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1302 sp->pp_mode = newmode; 1303 } 1304 1305 if (going_up) { 1306 if (sp->pp_mode != IFF_CISCO && 1307 sp->pp_mode != PP_FR) 1308 lcp.Close(sp); 1309 sp->pp_mode = newmode; 1310 if (sp->pp_mode == 0) { 1311 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1312 lcp.Open(sp); 1313 } 1314 if ((sp->pp_mode == IFF_CISCO) || 1315 (sp->pp_mode == PP_FR)) { 1316 if (sp->pp_tls) 1317 (sp->pp_tls)(sp); 1318 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1319 } 1320 } 1321 1322 break; 1323 1324#ifdef SIOCSIFMTU 1325#ifndef ifr_mtu 1326#define ifr_mtu ifr_metric 1327#endif 1328 case SIOCSIFMTU: 1329 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1330 return (EINVAL); 1331 ifp->if_mtu = ifr->ifr_mtu; 1332 break; 1333#endif 1334#ifdef SLIOCSETMTU 1335 case SLIOCSETMTU: 1336 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1337 return (EINVAL); 1338 ifp->if_mtu = *(short*)data; 1339 break; 1340#endif 1341#ifdef SIOCGIFMTU 1342 case SIOCGIFMTU: 1343 ifr->ifr_mtu = ifp->if_mtu; 1344 break; 1345#endif 1346#ifdef SLIOCGETMTU 1347 case SLIOCGETMTU: 1348 *(short*)data = ifp->if_mtu; 1349 break; 1350#endif 1351 case SIOCADDMULTI: 1352 case SIOCDELMULTI: 1353 break; 1354 1355 case SIOCGIFGENERIC: 1356 case SIOCSIFGENERIC: 1357 rv = sppp_params(sp, cmd, data); 1358 break; 1359 1360 default: 1361 rv = ENOTTY; 1362 } 1363 SPPP_UNLOCK(sp); 1364 splx(s); 1365 return rv; 1366} 1367 1368/* 1369 * Cisco framing implementation. 1370 */ 1371 1372/* 1373 * Handle incoming Cisco keepalive protocol packets. 1374 */ 1375static void 1376sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1377{ 1378 STDDCL; 1379 struct cisco_packet *h; 1380 u_long me, mymask; 1381 1382 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1383 if (debug) 1384 log(LOG_DEBUG, 1385 SPP_FMT "cisco invalid packet length: %d bytes\n", 1386 SPP_ARGS(ifp), m->m_pkthdr.len); 1387 return; 1388 } 1389 h = mtod (m, struct cisco_packet*); 1390 if (debug) 1391 log(LOG_DEBUG, 1392 SPP_FMT "cisco input: %d bytes " 1393 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1394 SPP_ARGS(ifp), m->m_pkthdr.len, 1395 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1396 (u_int)h->time0, (u_int)h->time1); 1397 switch (ntohl (h->type)) { 1398 default: 1399 if (debug) 1400 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1401 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1402 break; 1403 case CISCO_ADDR_REPLY: 1404 /* Reply on address request, ignore */ 1405 break; 1406 case CISCO_KEEPALIVE_REQ: 1407 sp->pp_alivecnt = 0; 1408 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1409 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1410 /* Local and remote sequence numbers are equal. 1411 * Probably, the line is in loopback mode. */ 1412 if (sp->pp_loopcnt >= MAXALIVECNT) { 1413 printf (SPP_FMT "loopback\n", 1414 SPP_ARGS(ifp)); 1415 sp->pp_loopcnt = 0; 1416 if (ifp->if_flags & IFF_UP) { 1417 if_down (ifp); 1418 sppp_qflush (&sp->pp_cpq); 1419 } 1420 } 1421 ++sp->pp_loopcnt; 1422 1423 /* Generate new local sequence number */ 1424#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1425 sp->pp_seq[IDX_LCP] = random(); 1426#else 1427 sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec; 1428#endif 1429 break; 1430 } 1431 sp->pp_loopcnt = 0; 1432 if (! (ifp->if_flags & IFF_UP) && 1433 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 1434 if_up(ifp); 1435 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1436 } 1437 break; 1438 case CISCO_ADDR_REQ: 1439 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1440 if (me != 0L) 1441 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1442 break; 1443 } 1444} 1445 1446/* 1447 * Send Cisco keepalive packet. 1448 */ 1449static void 1450sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1451{ 1452 STDDCL; 1453 struct ppp_header *h; 1454 struct cisco_packet *ch; 1455 struct mbuf *m; 1456 struct timeval tv; 1457 1458 getmicrouptime(&tv); 1459 1460 MGETHDR (m, M_DONTWAIT, MT_DATA); 1461 if (! m) 1462 return; 1463 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1464 m->m_pkthdr.rcvif = 0; 1465 1466 h = mtod (m, struct ppp_header*); 1467 h->address = CISCO_MULTICAST; 1468 h->control = 0; 1469 h->protocol = htons (CISCO_KEEPALIVE); 1470 1471 ch = (struct cisco_packet*) (h + 1); 1472 ch->type = htonl (type); 1473 ch->par1 = htonl (par1); 1474 ch->par2 = htonl (par2); 1475 ch->rel = -1; 1476 1477 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1478 ch->time1 = htons ((u_short) tv.tv_sec); 1479 1480 if (debug) 1481 log(LOG_DEBUG, 1482 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1483 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1484 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1485 1486 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1487 ifp->if_oerrors++; 1488} 1489 1490/* 1491 * PPP protocol implementation. 1492 */ 1493 1494/* 1495 * Send PPP control protocol packet. 1496 */ 1497static void 1498sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1499 u_char ident, u_short len, void *data) 1500{ 1501 STDDCL; 1502 struct ppp_header *h; 1503 struct lcp_header *lh; 1504 struct mbuf *m; 1505 1506 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1507 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1508 MGETHDR (m, M_DONTWAIT, MT_DATA); 1509 if (! m) 1510 return; 1511 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1512 m->m_pkthdr.rcvif = 0; 1513 1514 h = mtod (m, struct ppp_header*); 1515 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1516 h->control = PPP_UI; /* Unnumbered Info */ 1517 h->protocol = htons (proto); /* Link Control Protocol */ 1518 1519 lh = (struct lcp_header*) (h + 1); 1520 lh->type = type; 1521 lh->ident = ident; 1522 lh->len = htons (LCP_HEADER_LEN + len); 1523 if (len) 1524 bcopy (data, lh+1, len); 1525 1526 if (debug) { 1527 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1528 SPP_ARGS(ifp), 1529 sppp_proto_name(proto), 1530 sppp_cp_type_name (lh->type), lh->ident, 1531 ntohs (lh->len)); 1532 sppp_print_bytes ((u_char*) (lh+1), len); 1533 log(-1, ">\n"); 1534 } 1535 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1536 ifp->if_oerrors++; 1537} 1538 1539/* 1540 * Handle incoming PPP control protocol packets. 1541 */ 1542static void 1543sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1544{ 1545 STDDCL; 1546 struct lcp_header *h; 1547 int len = m->m_pkthdr.len; 1548 int rv; 1549 u_char *p; 1550 1551 if (len < 4) { 1552 if (debug) 1553 log(LOG_DEBUG, 1554 SPP_FMT "%s invalid packet length: %d bytes\n", 1555 SPP_ARGS(ifp), cp->name, len); 1556 return; 1557 } 1558 h = mtod (m, struct lcp_header*); 1559 if (debug) { 1560 log(LOG_DEBUG, 1561 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1562 SPP_ARGS(ifp), cp->name, 1563 sppp_state_name(sp->state[cp->protoidx]), 1564 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1565 sppp_print_bytes ((u_char*) (h+1), len-4); 1566 log(-1, ">\n"); 1567 } 1568 if (len > ntohs (h->len)) 1569 len = ntohs (h->len); 1570 p = (u_char *)(h + 1); 1571 switch (h->type) { 1572 case CONF_REQ: 1573 if (len < 4) { 1574 if (debug) 1575 log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1576 SPP_ARGS(ifp), cp->name, 1577 len); 1578 ++ifp->if_ierrors; 1579 break; 1580 } 1581 /* handle states where RCR doesn't get a SCA/SCN */ 1582 switch (sp->state[cp->protoidx]) { 1583 case STATE_CLOSING: 1584 case STATE_STOPPING: 1585 return; 1586 case STATE_CLOSED: 1587 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1588 0, 0); 1589 return; 1590 } 1591 rv = (cp->RCR)(sp, h, len); 1592 switch (sp->state[cp->protoidx]) { 1593 case STATE_OPENED: 1594 (cp->tld)(sp); 1595 (cp->scr)(sp); 1596 /* FALLTHROUGH */ 1597 case STATE_ACK_SENT: 1598 case STATE_REQ_SENT: 1599 /* 1600 * sppp_cp_change_state() have the side effect of 1601 * restarting the timeouts. We want to avoid that 1602 * if the state don't change, otherwise we won't 1603 * ever timeout and resend a configuration request 1604 * that got lost. 1605 */ 1606 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1607 STATE_REQ_SENT)) 1608 break; 1609 sppp_cp_change_state(cp, sp, rv? 1610 STATE_ACK_SENT: STATE_REQ_SENT); 1611 break; 1612 case STATE_STOPPED: 1613 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1614 (cp->scr)(sp); 1615 sppp_cp_change_state(cp, sp, rv? 1616 STATE_ACK_SENT: STATE_REQ_SENT); 1617 break; 1618 case STATE_ACK_RCVD: 1619 if (rv) { 1620 sppp_cp_change_state(cp, sp, STATE_OPENED); 1621 if (debug) 1622 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1623 SPP_ARGS(ifp), 1624 cp->name); 1625 (cp->tlu)(sp); 1626 } else 1627 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1628 break; 1629 default: 1630 printf(SPP_FMT "%s illegal %s in state %s\n", 1631 SPP_ARGS(ifp), cp->name, 1632 sppp_cp_type_name(h->type), 1633 sppp_state_name(sp->state[cp->protoidx])); 1634 ++ifp->if_ierrors; 1635 } 1636 break; 1637 case CONF_ACK: 1638 if (h->ident != sp->confid[cp->protoidx]) { 1639 if (debug) 1640 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1641 SPP_ARGS(ifp), cp->name, 1642 h->ident, sp->confid[cp->protoidx]); 1643 ++ifp->if_ierrors; 1644 break; 1645 } 1646 switch (sp->state[cp->protoidx]) { 1647 case STATE_CLOSED: 1648 case STATE_STOPPED: 1649 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1650 break; 1651 case STATE_CLOSING: 1652 case STATE_STOPPING: 1653 break; 1654 case STATE_REQ_SENT: 1655 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1656 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1657 break; 1658 case STATE_OPENED: 1659 (cp->tld)(sp); 1660 /* FALLTHROUGH */ 1661 case STATE_ACK_RCVD: 1662 (cp->scr)(sp); 1663 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1664 break; 1665 case STATE_ACK_SENT: 1666 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1667 sppp_cp_change_state(cp, sp, STATE_OPENED); 1668 if (debug) 1669 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1670 SPP_ARGS(ifp), cp->name); 1671 (cp->tlu)(sp); 1672 break; 1673 default: 1674 printf(SPP_FMT "%s illegal %s in state %s\n", 1675 SPP_ARGS(ifp), cp->name, 1676 sppp_cp_type_name(h->type), 1677 sppp_state_name(sp->state[cp->protoidx])); 1678 ++ifp->if_ierrors; 1679 } 1680 break; 1681 case CONF_NAK: 1682 case CONF_REJ: 1683 if (h->ident != sp->confid[cp->protoidx]) { 1684 if (debug) 1685 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1686 SPP_ARGS(ifp), cp->name, 1687 h->ident, sp->confid[cp->protoidx]); 1688 ++ifp->if_ierrors; 1689 break; 1690 } 1691 if (h->type == CONF_NAK) 1692 (cp->RCN_nak)(sp, h, len); 1693 else /* CONF_REJ */ 1694 (cp->RCN_rej)(sp, h, len); 1695 1696 switch (sp->state[cp->protoidx]) { 1697 case STATE_CLOSED: 1698 case STATE_STOPPED: 1699 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1700 break; 1701 case STATE_REQ_SENT: 1702 case STATE_ACK_SENT: 1703 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1704 /* 1705 * Slow things down a bit if we think we might be 1706 * in loopback. Depend on the timeout to send the 1707 * next configuration request. 1708 */ 1709 if (sp->pp_loopcnt) 1710 break; 1711 (cp->scr)(sp); 1712 break; 1713 case STATE_OPENED: 1714 (cp->tld)(sp); 1715 /* FALLTHROUGH */ 1716 case STATE_ACK_RCVD: 1717 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1718 (cp->scr)(sp); 1719 break; 1720 case STATE_CLOSING: 1721 case STATE_STOPPING: 1722 break; 1723 default: 1724 printf(SPP_FMT "%s illegal %s in state %s\n", 1725 SPP_ARGS(ifp), cp->name, 1726 sppp_cp_type_name(h->type), 1727 sppp_state_name(sp->state[cp->protoidx])); 1728 ++ifp->if_ierrors; 1729 } 1730 break; 1731 1732 case TERM_REQ: 1733 switch (sp->state[cp->protoidx]) { 1734 case STATE_ACK_RCVD: 1735 case STATE_ACK_SENT: 1736 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1737 /* FALLTHROUGH */ 1738 case STATE_CLOSED: 1739 case STATE_STOPPED: 1740 case STATE_CLOSING: 1741 case STATE_STOPPING: 1742 case STATE_REQ_SENT: 1743 sta: 1744 /* Send Terminate-Ack packet. */ 1745 if (debug) 1746 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1747 SPP_ARGS(ifp), cp->name); 1748 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1749 break; 1750 case STATE_OPENED: 1751 (cp->tld)(sp); 1752 sp->rst_counter[cp->protoidx] = 0; 1753 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1754 goto sta; 1755 break; 1756 default: 1757 printf(SPP_FMT "%s illegal %s in state %s\n", 1758 SPP_ARGS(ifp), cp->name, 1759 sppp_cp_type_name(h->type), 1760 sppp_state_name(sp->state[cp->protoidx])); 1761 ++ifp->if_ierrors; 1762 } 1763 break; 1764 case TERM_ACK: 1765 switch (sp->state[cp->protoidx]) { 1766 case STATE_CLOSED: 1767 case STATE_STOPPED: 1768 case STATE_REQ_SENT: 1769 case STATE_ACK_SENT: 1770 break; 1771 case STATE_CLOSING: 1772 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1773 (cp->tlf)(sp); 1774 break; 1775 case STATE_STOPPING: 1776 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1777 (cp->tlf)(sp); 1778 break; 1779 case STATE_ACK_RCVD: 1780 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1781 break; 1782 case STATE_OPENED: 1783 (cp->tld)(sp); 1784 (cp->scr)(sp); 1785 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1786 break; 1787 default: 1788 printf(SPP_FMT "%s illegal %s in state %s\n", 1789 SPP_ARGS(ifp), cp->name, 1790 sppp_cp_type_name(h->type), 1791 sppp_state_name(sp->state[cp->protoidx])); 1792 ++ifp->if_ierrors; 1793 } 1794 break; 1795 case CODE_REJ: 1796 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1797 log(LOG_INFO, 1798 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1799 "danger will robinson\n", 1800 SPP_ARGS(ifp), cp->name, 1801 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1802 switch (sp->state[cp->protoidx]) { 1803 case STATE_CLOSED: 1804 case STATE_STOPPED: 1805 case STATE_REQ_SENT: 1806 case STATE_ACK_SENT: 1807 case STATE_CLOSING: 1808 case STATE_STOPPING: 1809 case STATE_OPENED: 1810 break; 1811 case STATE_ACK_RCVD: 1812 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1813 break; 1814 default: 1815 printf(SPP_FMT "%s illegal %s in state %s\n", 1816 SPP_ARGS(ifp), cp->name, 1817 sppp_cp_type_name(h->type), 1818 sppp_state_name(sp->state[cp->protoidx])); 1819 ++ifp->if_ierrors; 1820 } 1821 break; 1822 case PROTO_REJ: 1823 { 1824 int catastrophic; 1825 const struct cp *upper; 1826 int i; 1827 u_int16_t proto; 1828 1829 catastrophic = 0; 1830 upper = NULL; 1831 proto = ntohs(*((u_int16_t *)p)); 1832 for (i = 0; i < IDX_COUNT; i++) { 1833 if (cps[i]->proto == proto) { 1834 upper = cps[i]; 1835 break; 1836 } 1837 } 1838 if (upper == NULL) 1839 catastrophic++; 1840 1841 if (catastrophic || debug) 1842 log(catastrophic? LOG_INFO: LOG_DEBUG, 1843 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1844 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1845 sppp_cp_type_name(h->type), proto, 1846 upper ? upper->name : "unknown", 1847 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1848 1849 /* 1850 * if we got RXJ+ against conf-req, the peer does not implement 1851 * this particular protocol type. terminate the protocol. 1852 */ 1853 if (upper && !catastrophic) { 1854 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1855 upper->Close(sp); 1856 break; 1857 } 1858 } 1859 1860 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1861 switch (sp->state[cp->protoidx]) { 1862 case STATE_CLOSED: 1863 case STATE_STOPPED: 1864 case STATE_REQ_SENT: 1865 case STATE_ACK_SENT: 1866 case STATE_CLOSING: 1867 case STATE_STOPPING: 1868 case STATE_OPENED: 1869 break; 1870 case STATE_ACK_RCVD: 1871 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1872 break; 1873 default: 1874 printf(SPP_FMT "%s illegal %s in state %s\n", 1875 SPP_ARGS(ifp), cp->name, 1876 sppp_cp_type_name(h->type), 1877 sppp_state_name(sp->state[cp->protoidx])); 1878 ++ifp->if_ierrors; 1879 } 1880 break; 1881 } 1882 case DISC_REQ: 1883 if (cp->proto != PPP_LCP) 1884 goto illegal; 1885 /* Discard the packet. */ 1886 break; 1887 case ECHO_REQ: 1888 if (cp->proto != PPP_LCP) 1889 goto illegal; 1890 if (sp->state[cp->protoidx] != STATE_OPENED) { 1891 if (debug) 1892 log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1893 SPP_ARGS(ifp)); 1894 ++ifp->if_ierrors; 1895 break; 1896 } 1897 if (len < 8) { 1898 if (debug) 1899 log(-1, SPP_FMT "invalid lcp echo request " 1900 "packet length: %d bytes\n", 1901 SPP_ARGS(ifp), len); 1902 break; 1903 } 1904 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1905 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1906 /* Line loopback mode detected. */ 1907 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1908 sp->pp_loopcnt = MAXALIVECNT * 5; 1909 if_down (ifp); 1910 sppp_qflush (&sp->pp_cpq); 1911 1912 /* Shut down the PPP link. */ 1913 /* XXX */ 1914 lcp.Down(sp); 1915 lcp.Up(sp); 1916 break; 1917 } 1918 *(long*)(h+1) = htonl (sp->lcp.magic); 1919 if (debug) 1920 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1921 SPP_ARGS(ifp)); 1922 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1923 break; 1924 case ECHO_REPLY: 1925 if (cp->proto != PPP_LCP) 1926 goto illegal; 1927 if (h->ident != sp->lcp.echoid) { 1928 ++ifp->if_ierrors; 1929 break; 1930 } 1931 if (len < 8) { 1932 if (debug) 1933 log(-1, SPP_FMT "lcp invalid echo reply " 1934 "packet length: %d bytes\n", 1935 SPP_ARGS(ifp), len); 1936 break; 1937 } 1938 if (debug) 1939 log(-1, SPP_FMT "lcp got echo rep\n", 1940 SPP_ARGS(ifp)); 1941 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1942 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1943 sp->pp_alivecnt = 0; 1944 break; 1945 default: 1946 /* Unknown packet type -- send Code-Reject packet. */ 1947 illegal: 1948 if (debug) 1949 log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1950 SPP_ARGS(ifp), cp->name, h->type); 1951 sppp_cp_send(sp, cp->proto, CODE_REJ, 1952 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1953 ++ifp->if_ierrors; 1954 } 1955} 1956 1957 1958/* 1959 * The generic part of all Up/Down/Open/Close/TO event handlers. 1960 * Basically, the state transition handling in the automaton. 1961 */ 1962static void 1963sppp_up_event(const struct cp *cp, struct sppp *sp) 1964{ 1965 STDDCL; 1966 1967 if (debug) 1968 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1969 SPP_ARGS(ifp), cp->name, 1970 sppp_state_name(sp->state[cp->protoidx])); 1971 1972 switch (sp->state[cp->protoidx]) { 1973 case STATE_INITIAL: 1974 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1975 break; 1976 case STATE_STARTING: 1977 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1978 (cp->scr)(sp); 1979 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1980 break; 1981 default: 1982 printf(SPP_FMT "%s illegal up in state %s\n", 1983 SPP_ARGS(ifp), cp->name, 1984 sppp_state_name(sp->state[cp->protoidx])); 1985 } 1986} 1987 1988static void 1989sppp_down_event(const struct cp *cp, struct sppp *sp) 1990{ 1991 STDDCL; 1992 1993 if (debug) 1994 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1995 SPP_ARGS(ifp), cp->name, 1996 sppp_state_name(sp->state[cp->protoidx])); 1997 1998 switch (sp->state[cp->protoidx]) { 1999 case STATE_CLOSED: 2000 case STATE_CLOSING: 2001 sppp_cp_change_state(cp, sp, STATE_INITIAL); 2002 break; 2003 case STATE_STOPPED: 2004 sppp_cp_change_state(cp, sp, STATE_STARTING); 2005 (cp->tls)(sp); 2006 break; 2007 case STATE_STOPPING: 2008 case STATE_REQ_SENT: 2009 case STATE_ACK_RCVD: 2010 case STATE_ACK_SENT: 2011 sppp_cp_change_state(cp, sp, STATE_STARTING); 2012 break; 2013 case STATE_OPENED: 2014 (cp->tld)(sp); 2015 sppp_cp_change_state(cp, sp, STATE_STARTING); 2016 break; 2017 default: 2018 printf(SPP_FMT "%s illegal down in state %s\n", 2019 SPP_ARGS(ifp), cp->name, 2020 sppp_state_name(sp->state[cp->protoidx])); 2021 } 2022} 2023 2024 2025static void 2026sppp_open_event(const struct cp *cp, struct sppp *sp) 2027{ 2028 STDDCL; 2029 2030 if (debug) 2031 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 2032 SPP_ARGS(ifp), cp->name, 2033 sppp_state_name(sp->state[cp->protoidx])); 2034 2035 switch (sp->state[cp->protoidx]) { 2036 case STATE_INITIAL: 2037 sppp_cp_change_state(cp, sp, STATE_STARTING); 2038 (cp->tls)(sp); 2039 break; 2040 case STATE_STARTING: 2041 break; 2042 case STATE_CLOSED: 2043 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 2044 (cp->scr)(sp); 2045 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2046 break; 2047 case STATE_STOPPED: 2048 /* 2049 * Try escaping stopped state. This seems to bite 2050 * people occasionally, in particular for IPCP, 2051 * presumably following previous IPCP negotiation 2052 * aborts. Somehow, we must have missed a Down event 2053 * which would have caused a transition into starting 2054 * state, so as a bandaid we force the Down event now. 2055 * This effectively implements (something like the) 2056 * `restart' option mentioned in the state transition 2057 * table of RFC 1661. 2058 */ 2059 sppp_cp_change_state(cp, sp, STATE_STARTING); 2060 (cp->tls)(sp); 2061 break; 2062 case STATE_STOPPING: 2063 case STATE_REQ_SENT: 2064 case STATE_ACK_RCVD: 2065 case STATE_ACK_SENT: 2066 case STATE_OPENED: 2067 break; 2068 case STATE_CLOSING: 2069 sppp_cp_change_state(cp, sp, STATE_STOPPING); 2070 break; 2071 } 2072} 2073 2074 2075static void 2076sppp_close_event(const struct cp *cp, struct sppp *sp) 2077{ 2078 STDDCL; 2079 2080 if (debug) 2081 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 2082 SPP_ARGS(ifp), cp->name, 2083 sppp_state_name(sp->state[cp->protoidx])); 2084 2085 switch (sp->state[cp->protoidx]) { 2086 case STATE_INITIAL: 2087 case STATE_CLOSED: 2088 case STATE_CLOSING: 2089 break; 2090 case STATE_STARTING: 2091 sppp_cp_change_state(cp, sp, STATE_INITIAL); 2092 (cp->tlf)(sp); 2093 break; 2094 case STATE_STOPPED: 2095 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2096 break; 2097 case STATE_STOPPING: 2098 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2099 break; 2100 case STATE_OPENED: 2101 (cp->tld)(sp); 2102 /* FALLTHROUGH */ 2103 case STATE_REQ_SENT: 2104 case STATE_ACK_RCVD: 2105 case STATE_ACK_SENT: 2106 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 2107 sppp_cp_send(sp, cp->proto, TERM_REQ, 2108 ++sp->pp_seq[cp->protoidx], 0, 0); 2109 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2110 break; 2111 } 2112} 2113 2114static void 2115sppp_to_event(const struct cp *cp, struct sppp *sp) 2116{ 2117 STDDCL; 2118 int s; 2119 2120 s = splimp(); 2121 SPPP_LOCK(sp); 2122 if (debug) 2123 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 2124 SPP_ARGS(ifp), cp->name, 2125 sppp_state_name(sp->state[cp->protoidx]), 2126 sp->rst_counter[cp->protoidx]); 2127 2128 if (--sp->rst_counter[cp->protoidx] < 0) 2129 /* TO- event */ 2130 switch (sp->state[cp->protoidx]) { 2131 case STATE_CLOSING: 2132 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2133 (cp->tlf)(sp); 2134 break; 2135 case STATE_STOPPING: 2136 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2137 (cp->tlf)(sp); 2138 break; 2139 case STATE_REQ_SENT: 2140 case STATE_ACK_RCVD: 2141 case STATE_ACK_SENT: 2142 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2143 (cp->tlf)(sp); 2144 break; 2145 } 2146 else 2147 /* TO+ event */ 2148 switch (sp->state[cp->protoidx]) { 2149 case STATE_CLOSING: 2150 case STATE_STOPPING: 2151 sppp_cp_send(sp, cp->proto, TERM_REQ, 2152 ++sp->pp_seq[cp->protoidx], 0, 0); 2153 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2154 cp->TO, (void *)sp); 2155 break; 2156 case STATE_REQ_SENT: 2157 case STATE_ACK_RCVD: 2158 (cp->scr)(sp); 2159 /* sppp_cp_change_state() will restart the timer */ 2160 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2161 break; 2162 case STATE_ACK_SENT: 2163 (cp->scr)(sp); 2164 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2165 cp->TO, (void *)sp); 2166 break; 2167 } 2168 2169 SPPP_UNLOCK(sp); 2170 splx(s); 2171} 2172 2173/* 2174 * Change the state of a control protocol in the state automaton. 2175 * Takes care of starting/stopping the restart timer. 2176 */ 2177static void 2178sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2179{ 2180 sp->state[cp->protoidx] = newstate; 2181 2182 callout_stop (&sp->ch[cp->protoidx]); 2183 2184 switch (newstate) { 2185 case STATE_INITIAL: 2186 case STATE_STARTING: 2187 case STATE_CLOSED: 2188 case STATE_STOPPED: 2189 case STATE_OPENED: 2190 break; 2191 case STATE_CLOSING: 2192 case STATE_STOPPING: 2193 case STATE_REQ_SENT: 2194 case STATE_ACK_RCVD: 2195 case STATE_ACK_SENT: 2196 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2197 cp->TO, (void *)sp); 2198 break; 2199 } 2200} 2201 2202/* 2203 *--------------------------------------------------------------------------* 2204 * * 2205 * The LCP implementation. * 2206 * * 2207 *--------------------------------------------------------------------------* 2208 */ 2209static void 2210sppp_pp_up(struct sppp *sp) 2211{ 2212 SPPP_LOCK(sp); 2213 lcp.Up(sp); 2214 SPPP_UNLOCK(sp); 2215} 2216 2217static void 2218sppp_pp_down(struct sppp *sp) 2219{ 2220 SPPP_LOCK(sp); 2221 lcp.Down(sp); 2222 SPPP_UNLOCK(sp); 2223} 2224 2225static void 2226sppp_lcp_init(struct sppp *sp) 2227{ 2228 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2229 sp->lcp.magic = 0; 2230 sp->state[IDX_LCP] = STATE_INITIAL; 2231 sp->fail_counter[IDX_LCP] = 0; 2232 sp->pp_seq[IDX_LCP] = 0; 2233 sp->pp_rseq[IDX_LCP] = 0; 2234 sp->lcp.protos = 0; 2235 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2236 2237 /* Note that these values are relevant for all control protocols */ 2238 sp->lcp.timeout = 3 * hz; 2239 sp->lcp.max_terminate = 2; 2240 sp->lcp.max_configure = 10; 2241 sp->lcp.max_failure = 10; 2242 callout_init(&sp->ch[IDX_LCP], 2243 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 2244} 2245 2246static void 2247sppp_lcp_up(struct sppp *sp) 2248{ 2249 STDDCL; 2250 2251 sp->pp_alivecnt = 0; 2252 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2253 sp->lcp.magic = 0; 2254 sp->lcp.protos = 0; 2255 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2256 /* 2257 * If we are authenticator, negotiate LCP_AUTH 2258 */ 2259 if (sp->hisauth.proto != 0) 2260 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2261 else 2262 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2263 sp->pp_flags &= ~PP_NEEDAUTH; 2264 /* 2265 * If this interface is passive or dial-on-demand, and we are 2266 * still in Initial state, it means we've got an incoming 2267 * call. Activate the interface. 2268 */ 2269 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2270 if (debug) 2271 log(LOG_DEBUG, 2272 SPP_FMT "Up event", SPP_ARGS(ifp)); 2273 ifp->if_drv_flags |= IFF_DRV_RUNNING; 2274 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2275 if (debug) 2276 log(-1, "(incoming call)\n"); 2277 sp->pp_flags |= PP_CALLIN; 2278 lcp.Open(sp); 2279 } else if (debug) 2280 log(-1, "\n"); 2281 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2282 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2283 ifp->if_drv_flags |= IFF_DRV_RUNNING; 2284 lcp.Open(sp); 2285 } 2286 2287 sppp_up_event(&lcp, sp); 2288} 2289 2290static void 2291sppp_lcp_down(struct sppp *sp) 2292{ 2293 STDDCL; 2294 2295 sppp_down_event(&lcp, sp); 2296 2297 /* 2298 * If this is neither a dial-on-demand nor a passive 2299 * interface, simulate an ``ifconfig down'' action, so the 2300 * administrator can force a redial by another ``ifconfig 2301 * up''. XXX For leased line operation, should we immediately 2302 * try to reopen the connection here? 2303 */ 2304 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2305 log(LOG_INFO, 2306 SPP_FMT "Down event, taking interface down.\n", 2307 SPP_ARGS(ifp)); 2308 if_down(ifp); 2309 } else { 2310 if (debug) 2311 log(LOG_DEBUG, 2312 SPP_FMT "Down event (carrier loss)\n", 2313 SPP_ARGS(ifp)); 2314 sp->pp_flags &= ~PP_CALLIN; 2315 if (sp->state[IDX_LCP] != STATE_INITIAL) 2316 lcp.Close(sp); 2317 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 2318 } 2319} 2320 2321static void 2322sppp_lcp_open(struct sppp *sp) 2323{ 2324 sppp_open_event(&lcp, sp); 2325} 2326 2327static void 2328sppp_lcp_close(struct sppp *sp) 2329{ 2330 sppp_close_event(&lcp, sp); 2331} 2332 2333static void 2334sppp_lcp_TO(void *cookie) 2335{ 2336 sppp_to_event(&lcp, (struct sppp *)cookie); 2337} 2338 2339/* 2340 * Analyze a configure request. Return true if it was agreeable, and 2341 * caused action sca, false if it has been rejected or nak'ed, and 2342 * caused action scn. (The return value is used to make the state 2343 * transition decision in the state automaton.) 2344 */ 2345static int 2346sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2347{ 2348 STDDCL; 2349 u_char *buf, *r, *p; 2350 int origlen, rlen; 2351 u_long nmagic; 2352 u_short authproto; 2353 2354 len -= 4; 2355 origlen = len; 2356 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2357 if (! buf) 2358 return (0); 2359 2360 if (debug) 2361 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2362 SPP_ARGS(ifp)); 2363 2364 /* pass 1: check for things that need to be rejected */ 2365 p = (void*) (h+1); 2366 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2367 len-=p[1], p+=p[1]) { 2368 if (debug) 2369 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2370 switch (*p) { 2371 case LCP_OPT_MAGIC: 2372 /* Magic number. */ 2373 if (len >= 6 && p[1] == 6) 2374 continue; 2375 if (debug) 2376 log(-1, "[invalid] "); 2377 break; 2378 case LCP_OPT_ASYNC_MAP: 2379 /* Async control character map. */ 2380 if (len >= 6 && p[1] == 6) 2381 continue; 2382 if (debug) 2383 log(-1, "[invalid] "); 2384 break; 2385 case LCP_OPT_MRU: 2386 /* Maximum receive unit. */ 2387 if (len >= 4 && p[1] == 4) 2388 continue; 2389 if (debug) 2390 log(-1, "[invalid] "); 2391 break; 2392 case LCP_OPT_AUTH_PROTO: 2393 if (len < 4) { 2394 if (debug) 2395 log(-1, "[invalid] "); 2396 break; 2397 } 2398 authproto = (p[2] << 8) + p[3]; 2399 if (authproto == PPP_CHAP && p[1] != 5) { 2400 if (debug) 2401 log(-1, "[invalid chap len] "); 2402 break; 2403 } 2404 if (sp->myauth.proto == 0) { 2405 /* we are not configured to do auth */ 2406 if (debug) 2407 log(-1, "[not configured] "); 2408 break; 2409 } 2410 /* 2411 * Remote want us to authenticate, remember this, 2412 * so we stay in PHASE_AUTHENTICATE after LCP got 2413 * up. 2414 */ 2415 sp->pp_flags |= PP_NEEDAUTH; 2416 continue; 2417 default: 2418 /* Others not supported. */ 2419 if (debug) 2420 log(-1, "[rej] "); 2421 break; 2422 } 2423 /* Add the option to rejected list. */ 2424 bcopy (p, r, p[1]); 2425 r += p[1]; 2426 rlen += p[1]; 2427 } 2428 if (rlen) { 2429 if (debug) 2430 log(-1, " send conf-rej\n"); 2431 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2432 return 0; 2433 } else if (debug) 2434 log(-1, "\n"); 2435 2436 /* 2437 * pass 2: check for option values that are unacceptable and 2438 * thus require to be nak'ed. 2439 */ 2440 if (debug) 2441 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2442 SPP_ARGS(ifp)); 2443 2444 p = (void*) (h+1); 2445 len = origlen; 2446 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2447 len-=p[1], p+=p[1]) { 2448 if (debug) 2449 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2450 switch (*p) { 2451 case LCP_OPT_MAGIC: 2452 /* Magic number -- extract. */ 2453 nmagic = (u_long)p[2] << 24 | 2454 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2455 if (nmagic != sp->lcp.magic) { 2456 sp->pp_loopcnt = 0; 2457 if (debug) 2458 log(-1, "0x%lx ", nmagic); 2459 continue; 2460 } 2461 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2462 log(-1, "[glitch] "); 2463 ++sp->pp_loopcnt; 2464 /* 2465 * We negate our magic here, and NAK it. If 2466 * we see it later in an NAK packet, we 2467 * suggest a new one. 2468 */ 2469 nmagic = ~sp->lcp.magic; 2470 /* Gonna NAK it. */ 2471 p[2] = nmagic >> 24; 2472 p[3] = nmagic >> 16; 2473 p[4] = nmagic >> 8; 2474 p[5] = nmagic; 2475 break; 2476 2477 case LCP_OPT_ASYNC_MAP: 2478 /* 2479 * Async control character map -- just ignore it. 2480 * 2481 * Quote from RFC 1662, chapter 6: 2482 * To enable this functionality, synchronous PPP 2483 * implementations MUST always respond to the 2484 * Async-Control-Character-Map Configuration 2485 * Option with the LCP Configure-Ack. However, 2486 * acceptance of the Configuration Option does 2487 * not imply that the synchronous implementation 2488 * will do any ACCM mapping. Instead, all such 2489 * octet mapping will be performed by the 2490 * asynchronous-to-synchronous converter. 2491 */ 2492 continue; 2493 2494 case LCP_OPT_MRU: 2495 /* 2496 * Maximum receive unit. Always agreeable, 2497 * but ignored by now. 2498 */ 2499 sp->lcp.their_mru = p[2] * 256 + p[3]; 2500 if (debug) 2501 log(-1, "%lu ", sp->lcp.their_mru); 2502 continue; 2503 2504 case LCP_OPT_AUTH_PROTO: 2505 authproto = (p[2] << 8) + p[3]; 2506 if (sp->myauth.proto != authproto) { 2507 /* not agreed, nak */ 2508 if (debug) 2509 log(-1, "[mine %s != his %s] ", 2510 sppp_proto_name(sp->hisauth.proto), 2511 sppp_proto_name(authproto)); 2512 p[2] = sp->myauth.proto >> 8; 2513 p[3] = sp->myauth.proto; 2514 break; 2515 } 2516 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2517 if (debug) 2518 log(-1, "[chap not MD5] "); 2519 p[4] = CHAP_MD5; 2520 break; 2521 } 2522 continue; 2523 } 2524 /* Add the option to nak'ed list. */ 2525 bcopy (p, r, p[1]); 2526 r += p[1]; 2527 rlen += p[1]; 2528 } 2529 if (rlen) { 2530 /* 2531 * Local and remote magics equal -- loopback? 2532 */ 2533 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2534 if (sp->pp_loopcnt == MAXALIVECNT*5) 2535 printf (SPP_FMT "loopback\n", 2536 SPP_ARGS(ifp)); 2537 if (ifp->if_flags & IFF_UP) { 2538 if_down(ifp); 2539 sppp_qflush(&sp->pp_cpq); 2540 /* XXX ? */ 2541 lcp.Down(sp); 2542 lcp.Up(sp); 2543 } 2544 } else if (!sp->pp_loopcnt && 2545 ++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2546 if (debug) 2547 log(-1, " max_failure (%d) exceeded, " 2548 "send conf-rej\n", 2549 sp->lcp.max_failure); 2550 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2551 } else { 2552 if (debug) 2553 log(-1, " send conf-nak\n"); 2554 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2555 } 2556 } else { 2557 if (debug) 2558 log(-1, " send conf-ack\n"); 2559 sp->fail_counter[IDX_LCP] = 0; 2560 sp->pp_loopcnt = 0; 2561 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2562 h->ident, origlen, h+1); 2563 } 2564 2565 free (buf, M_TEMP); 2566 return (rlen == 0); 2567} 2568 2569/* 2570 * Analyze the LCP Configure-Reject option list, and adjust our 2571 * negotiation. 2572 */ 2573static void 2574sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2575{ 2576 STDDCL; 2577 u_char *buf, *p; 2578 2579 len -= 4; 2580 buf = malloc (len, M_TEMP, M_NOWAIT); 2581 if (!buf) 2582 return; 2583 2584 if (debug) 2585 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2586 SPP_ARGS(ifp)); 2587 2588 p = (void*) (h+1); 2589 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 2590 len -= p[1], p += p[1]) { 2591 if (debug) 2592 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2593 switch (*p) { 2594 case LCP_OPT_MAGIC: 2595 /* Magic number -- can't use it, use 0 */ 2596 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2597 sp->lcp.magic = 0; 2598 break; 2599 case LCP_OPT_MRU: 2600 /* 2601 * Should not be rejected anyway, since we only 2602 * negotiate a MRU if explicitly requested by 2603 * peer. 2604 */ 2605 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2606 break; 2607 case LCP_OPT_AUTH_PROTO: 2608 /* 2609 * Peer doesn't want to authenticate himself, 2610 * deny unless this is a dialout call, and 2611 * AUTHFLAG_NOCALLOUT is set. 2612 */ 2613 if ((sp->pp_flags & PP_CALLIN) == 0 && 2614 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2615 if (debug) 2616 log(-1, "[don't insist on auth " 2617 "for callout]"); 2618 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2619 break; 2620 } 2621 if (debug) 2622 log(-1, "[access denied]\n"); 2623 lcp.Close(sp); 2624 break; 2625 } 2626 } 2627 if (debug) 2628 log(-1, "\n"); 2629 free (buf, M_TEMP); 2630 return; 2631} 2632 2633/* 2634 * Analyze the LCP Configure-NAK option list, and adjust our 2635 * negotiation. 2636 */ 2637static void 2638sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2639{ 2640 STDDCL; 2641 u_char *buf, *p; 2642 u_long magic; 2643 2644 len -= 4; 2645 buf = malloc (len, M_TEMP, M_NOWAIT); 2646 if (!buf) 2647 return; 2648 2649 if (debug) 2650 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2651 SPP_ARGS(ifp)); 2652 2653 p = (void*) (h+1); 2654 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 2655 len -= p[1], p += p[1]) { 2656 if (debug) 2657 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2658 switch (*p) { 2659 case LCP_OPT_MAGIC: 2660 /* Magic number -- renegotiate */ 2661 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2662 len >= 6 && p[1] == 6) { 2663 magic = (u_long)p[2] << 24 | 2664 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2665 /* 2666 * If the remote magic is our negated one, 2667 * this looks like a loopback problem. 2668 * Suggest a new magic to make sure. 2669 */ 2670 if (magic == ~sp->lcp.magic) { 2671 if (debug) 2672 log(-1, "magic glitch "); 2673#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2674 sp->lcp.magic = random(); 2675#else 2676 sp->lcp.magic = time.tv_sec + time.tv_usec; 2677#endif 2678 } else { 2679 sp->lcp.magic = magic; 2680 if (debug) 2681 log(-1, "%lu ", magic); 2682 } 2683 } 2684 break; 2685 case LCP_OPT_MRU: 2686 /* 2687 * Peer wants to advise us to negotiate an MRU. 2688 * Agree on it if it's reasonable, or use 2689 * default otherwise. 2690 */ 2691 if (len >= 4 && p[1] == 4) { 2692 u_int mru = p[2] * 256 + p[3]; 2693 if (debug) 2694 log(-1, "%d ", mru); 2695 if (mru < PP_MTU || mru > PP_MAX_MRU) 2696 mru = PP_MTU; 2697 sp->lcp.mru = mru; 2698 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2699 } 2700 break; 2701 case LCP_OPT_AUTH_PROTO: 2702 /* 2703 * Peer doesn't like our authentication method, 2704 * deny. 2705 */ 2706 if (debug) 2707 log(-1, "[access denied]\n"); 2708 lcp.Close(sp); 2709 break; 2710 } 2711 } 2712 if (debug) 2713 log(-1, "\n"); 2714 free (buf, M_TEMP); 2715 return; 2716} 2717 2718static void 2719sppp_lcp_tlu(struct sppp *sp) 2720{ 2721 STDDCL; 2722 int i; 2723 u_long mask; 2724 2725 /* XXX ? */ 2726 if (! (ifp->if_flags & IFF_UP) && 2727 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 2728 /* Coming out of loopback mode. */ 2729 if_up(ifp); 2730 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2731 } 2732 2733 for (i = 0; i < IDX_COUNT; i++) 2734 if ((cps[i])->flags & CP_QUAL) 2735 (cps[i])->Open(sp); 2736 2737 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2738 (sp->pp_flags & PP_NEEDAUTH) != 0) 2739 sp->pp_phase = PHASE_AUTHENTICATE; 2740 else 2741 sp->pp_phase = PHASE_NETWORK; 2742 2743 if (debug) 2744 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2745 sppp_phase_name(sp->pp_phase)); 2746 2747 /* 2748 * Open all authentication protocols. This is even required 2749 * if we already proceeded to network phase, since it might be 2750 * that remote wants us to authenticate, so we might have to 2751 * send a PAP request. Undesired authentication protocols 2752 * don't do anything when they get an Open event. 2753 */ 2754 for (i = 0; i < IDX_COUNT; i++) 2755 if ((cps[i])->flags & CP_AUTH) 2756 (cps[i])->Open(sp); 2757 2758 if (sp->pp_phase == PHASE_NETWORK) { 2759 /* Notify all NCPs. */ 2760 for (i = 0; i < IDX_COUNT; i++) 2761 if (((cps[i])->flags & CP_NCP) && 2762 /* 2763 * XXX 2764 * Hack to administratively disable IPv6 if 2765 * not desired. Perhaps we should have another 2766 * flag for this, but right now, we can make 2767 * all struct cp's read/only. 2768 */ 2769 (cps[i] != &ipv6cp || 2770 (sp->confflags & CONF_ENABLE_IPV6))) 2771 (cps[i])->Open(sp); 2772 } 2773 2774 /* Send Up events to all started protos. */ 2775 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2776 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2777 (cps[i])->Up(sp); 2778 2779 /* notify low-level driver of state change */ 2780 if (sp->pp_chg) 2781 sp->pp_chg(sp, (int)sp->pp_phase); 2782 2783 if (sp->pp_phase == PHASE_NETWORK) 2784 /* if no NCP is starting, close down */ 2785 sppp_lcp_check_and_close(sp); 2786} 2787 2788static void 2789sppp_lcp_tld(struct sppp *sp) 2790{ 2791 STDDCL; 2792 int i; 2793 u_long mask; 2794 2795 sp->pp_phase = PHASE_TERMINATE; 2796 2797 if (debug) 2798 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2799 sppp_phase_name(sp->pp_phase)); 2800 2801 /* 2802 * Take upper layers down. We send the Down event first and 2803 * the Close second to prevent the upper layers from sending 2804 * ``a flurry of terminate-request packets'', as the RFC 2805 * describes it. 2806 */ 2807 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2808 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2809 (cps[i])->Down(sp); 2810 (cps[i])->Close(sp); 2811 } 2812} 2813 2814static void 2815sppp_lcp_tls(struct sppp *sp) 2816{ 2817 STDDCL; 2818 2819 sp->pp_phase = PHASE_ESTABLISH; 2820 2821 if (debug) 2822 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2823 sppp_phase_name(sp->pp_phase)); 2824 2825 /* Notify lower layer if desired. */ 2826 if (sp->pp_tls) 2827 (sp->pp_tls)(sp); 2828 else 2829 (sp->pp_up)(sp); 2830} 2831 2832static void 2833sppp_lcp_tlf(struct sppp *sp) 2834{ 2835 STDDCL; 2836 2837 sp->pp_phase = PHASE_DEAD; 2838 if (debug) 2839 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2840 sppp_phase_name(sp->pp_phase)); 2841 2842 /* Notify lower layer if desired. */ 2843 if (sp->pp_tlf) 2844 (sp->pp_tlf)(sp); 2845 else 2846 (sp->pp_down)(sp); 2847} 2848 2849static void 2850sppp_lcp_scr(struct sppp *sp) 2851{ 2852 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2853 int i = 0; 2854 u_short authproto; 2855 2856 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2857 if (! sp->lcp.magic) 2858#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2859 sp->lcp.magic = random(); 2860#else 2861 sp->lcp.magic = time.tv_sec + time.tv_usec; 2862#endif 2863 opt[i++] = LCP_OPT_MAGIC; 2864 opt[i++] = 6; 2865 opt[i++] = sp->lcp.magic >> 24; 2866 opt[i++] = sp->lcp.magic >> 16; 2867 opt[i++] = sp->lcp.magic >> 8; 2868 opt[i++] = sp->lcp.magic; 2869 } 2870 2871 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2872 opt[i++] = LCP_OPT_MRU; 2873 opt[i++] = 4; 2874 opt[i++] = sp->lcp.mru >> 8; 2875 opt[i++] = sp->lcp.mru; 2876 } 2877 2878 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2879 authproto = sp->hisauth.proto; 2880 opt[i++] = LCP_OPT_AUTH_PROTO; 2881 opt[i++] = authproto == PPP_CHAP? 5: 4; 2882 opt[i++] = authproto >> 8; 2883 opt[i++] = authproto; 2884 if (authproto == PPP_CHAP) 2885 opt[i++] = CHAP_MD5; 2886 } 2887 2888 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2889 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2890} 2891 2892/* 2893 * Check the open NCPs, return true if at least one NCP is open. 2894 */ 2895static int 2896sppp_ncp_check(struct sppp *sp) 2897{ 2898 int i, mask; 2899 2900 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2901 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2902 return 1; 2903 return 0; 2904} 2905 2906/* 2907 * Re-check the open NCPs and see if we should terminate the link. 2908 * Called by the NCPs during their tlf action handling. 2909 */ 2910static void 2911sppp_lcp_check_and_close(struct sppp *sp) 2912{ 2913 2914 if (sp->pp_phase < PHASE_NETWORK) 2915 /* don't bother, we are already going down */ 2916 return; 2917 2918 if (sppp_ncp_check(sp)) 2919 return; 2920 2921 lcp.Close(sp); 2922} 2923 2924/* 2925 *--------------------------------------------------------------------------* 2926 * * 2927 * The IPCP implementation. * 2928 * * 2929 *--------------------------------------------------------------------------* 2930 */ 2931 2932static void 2933sppp_ipcp_init(struct sppp *sp) 2934{ 2935 sp->ipcp.opts = 0; 2936 sp->ipcp.flags = 0; 2937 sp->state[IDX_IPCP] = STATE_INITIAL; 2938 sp->fail_counter[IDX_IPCP] = 0; 2939 sp->pp_seq[IDX_IPCP] = 0; 2940 sp->pp_rseq[IDX_IPCP] = 0; 2941 callout_init(&sp->ch[IDX_IPCP], 2942 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 2943} 2944 2945static void 2946sppp_ipcp_up(struct sppp *sp) 2947{ 2948 sppp_up_event(&ipcp, sp); 2949} 2950 2951static void 2952sppp_ipcp_down(struct sppp *sp) 2953{ 2954 sppp_down_event(&ipcp, sp); 2955} 2956 2957static void 2958sppp_ipcp_open(struct sppp *sp) 2959{ 2960 STDDCL; 2961 u_long myaddr, hisaddr; 2962 2963 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN | 2964 IPCP_MYADDR_DYN | IPCP_VJ); 2965 sp->ipcp.opts = 0; 2966 2967 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2968 /* 2969 * If we don't have his address, this probably means our 2970 * interface doesn't want to talk IP at all. (This could 2971 * be the case if somebody wants to speak only IPX, for 2972 * example.) Don't open IPCP in this case. 2973 */ 2974 if (hisaddr == 0L) { 2975 /* XXX this message should go away */ 2976 if (debug) 2977 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2978 SPP_ARGS(ifp)); 2979 return; 2980 } 2981 if (myaddr == 0L) { 2982 /* 2983 * I don't have an assigned address, so i need to 2984 * negotiate my address. 2985 */ 2986 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2987 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2988 } else 2989 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2990 if (sp->confflags & CONF_ENABLE_VJ) { 2991 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION); 2992 sp->ipcp.max_state = MAX_STATES - 1; 2993 sp->ipcp.compress_cid = 1; 2994 } 2995 sppp_open_event(&ipcp, sp); 2996} 2997 2998static void 2999sppp_ipcp_close(struct sppp *sp) 3000{ 3001 sppp_close_event(&ipcp, sp); 3002 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 3003 /* 3004 * My address was dynamic, clear it again. 3005 */ 3006 sppp_set_ip_addr(sp, 0L); 3007} 3008 3009static void 3010sppp_ipcp_TO(void *cookie) 3011{ 3012 sppp_to_event(&ipcp, (struct sppp *)cookie); 3013} 3014 3015/* 3016 * Analyze a configure request. Return true if it was agreeable, and 3017 * caused action sca, false if it has been rejected or nak'ed, and 3018 * caused action scn. (The return value is used to make the state 3019 * transition decision in the state automaton.) 3020 */ 3021static int 3022sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3023{ 3024 u_char *buf, *r, *p; 3025 struct ifnet *ifp = SP2IFP(sp); 3026 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3027 u_long hisaddr, desiredaddr; 3028 int gotmyaddr = 0; 3029 int desiredcomp; 3030 3031 len -= 4; 3032 origlen = len; 3033 /* 3034 * Make sure to allocate a buf that can at least hold a 3035 * conf-nak with an `address' option. We might need it below. 3036 */ 3037 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3038 if (! buf) 3039 return (0); 3040 3041 /* pass 1: see if we can recognize them */ 3042 if (debug) 3043 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 3044 SPP_ARGS(ifp)); 3045 p = (void*) (h+1); 3046 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3047 len-=p[1], p+=p[1]) { 3048 if (debug) 3049 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3050 switch (*p) { 3051 case IPCP_OPT_COMPRESSION: 3052 if (!(sp->confflags & CONF_ENABLE_VJ)) { 3053 /* VJ compression administratively disabled */ 3054 if (debug) 3055 log(-1, "[locally disabled] "); 3056 break; 3057 } 3058 /* 3059 * In theory, we should only conf-rej an 3060 * option that is shorter than RFC 1618 3061 * requires (i.e. < 4), and should conf-nak 3062 * anything else that is not VJ. However, 3063 * since our algorithm always uses the 3064 * original option to NAK it with new values, 3065 * things would become more complicated. In 3066 * pratice, the only commonly implemented IP 3067 * compression option is VJ anyway, so the 3068 * difference is negligible. 3069 */ 3070 if (len >= 6 && p[1] == 6) { 3071 /* 3072 * correctly formed compression option 3073 * that could be VJ compression 3074 */ 3075 continue; 3076 } 3077 if (debug) 3078 log(-1, 3079 "optlen %d [invalid/unsupported] ", 3080 p[1]); 3081 break; 3082 case IPCP_OPT_ADDRESS: 3083 if (len >= 6 && p[1] == 6) { 3084 /* correctly formed address option */ 3085 continue; 3086 } 3087 if (debug) 3088 log(-1, "[invalid] "); 3089 break; 3090 default: 3091 /* Others not supported. */ 3092 if (debug) 3093 log(-1, "[rej] "); 3094 break; 3095 } 3096 /* Add the option to rejected list. */ 3097 bcopy (p, r, p[1]); 3098 r += p[1]; 3099 rlen += p[1]; 3100 } 3101 if (rlen) { 3102 if (debug) 3103 log(-1, " send conf-rej\n"); 3104 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 3105 return 0; 3106 } else if (debug) 3107 log(-1, "\n"); 3108 3109 /* pass 2: parse option values */ 3110 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 3111 if (debug) 3112 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 3113 SPP_ARGS(ifp)); 3114 p = (void*) (h+1); 3115 len = origlen; 3116 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3117 len-=p[1], p+=p[1]) { 3118 if (debug) 3119 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3120 switch (*p) { 3121 case IPCP_OPT_COMPRESSION: 3122 desiredcomp = p[2] << 8 | p[3]; 3123 /* We only support VJ */ 3124 if (desiredcomp == IPCP_COMP_VJ) { 3125 if (debug) 3126 log(-1, "VJ [ack] "); 3127 sp->ipcp.flags |= IPCP_VJ; 3128 sl_compress_init(sp->pp_comp, p[4]); 3129 sp->ipcp.max_state = p[4]; 3130 sp->ipcp.compress_cid = p[5]; 3131 continue; 3132 } 3133 if (debug) 3134 log(-1, 3135 "compproto %#04x [not supported] ", 3136 desiredcomp); 3137 p[2] = IPCP_COMP_VJ >> 8; 3138 p[3] = IPCP_COMP_VJ; 3139 p[4] = sp->ipcp.max_state; 3140 p[5] = sp->ipcp.compress_cid; 3141 break; 3142 case IPCP_OPT_ADDRESS: 3143 /* This is the address he wants in his end */ 3144 desiredaddr = p[2] << 24 | p[3] << 16 | 3145 p[4] << 8 | p[5]; 3146 if (desiredaddr == hisaddr || 3147 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) { 3148 /* 3149 * Peer's address is same as our value, 3150 * or we have set it to 0.0.0.* to 3151 * indicate that we do not really care, 3152 * this is agreeable. Gonna conf-ack 3153 * it. 3154 */ 3155 if (debug) 3156 log(-1, "%s [ack] ", 3157 sppp_dotted_quad(hisaddr)); 3158 /* record that we've seen it already */ 3159 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3160 continue; 3161 } 3162 /* 3163 * The address wasn't agreeable. This is either 3164 * he sent us 0.0.0.0, asking to assign him an 3165 * address, or he send us another address not 3166 * matching our value. Either case, we gonna 3167 * conf-nak it with our value. 3168 * XXX: we should "rej" if hisaddr == 0 3169 */ 3170 if (debug) { 3171 if (desiredaddr == 0) 3172 log(-1, "[addr requested] "); 3173 else 3174 log(-1, "%s [not agreed] ", 3175 sppp_dotted_quad(desiredaddr)); 3176 3177 } 3178 p[2] = hisaddr >> 24; 3179 p[3] = hisaddr >> 16; 3180 p[4] = hisaddr >> 8; 3181 p[5] = hisaddr; 3182 break; 3183 } 3184 /* Add the option to nak'ed list. */ 3185 bcopy (p, r, p[1]); 3186 r += p[1]; 3187 rlen += p[1]; 3188 } 3189 3190 /* 3191 * If we are about to conf-ack the request, but haven't seen 3192 * his address so far, gonna conf-nak it instead, with the 3193 * `address' option present and our idea of his address being 3194 * filled in there, to request negotiation of both addresses. 3195 * 3196 * XXX This can result in an endless req - nak loop if peer 3197 * doesn't want to send us his address. Q: What should we do 3198 * about it? XXX A: implement the max-failure counter. 3199 */ 3200 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 3201 buf[0] = IPCP_OPT_ADDRESS; 3202 buf[1] = 6; 3203 buf[2] = hisaddr >> 24; 3204 buf[3] = hisaddr >> 16; 3205 buf[4] = hisaddr >> 8; 3206 buf[5] = hisaddr; 3207 rlen = 6; 3208 if (debug) 3209 log(-1, "still need hisaddr "); 3210 } 3211 3212 if (rlen) { 3213 if (debug) 3214 log(-1, " send conf-nak\n"); 3215 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3216 } else { 3217 if (debug) 3218 log(-1, " send conf-ack\n"); 3219 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 3220 h->ident, origlen, h+1); 3221 } 3222 3223 free (buf, M_TEMP); 3224 return (rlen == 0); 3225} 3226 3227/* 3228 * Analyze the IPCP Configure-Reject option list, and adjust our 3229 * negotiation. 3230 */ 3231static void 3232sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3233{ 3234 u_char *buf, *p; 3235 struct ifnet *ifp = SP2IFP(sp); 3236 int debug = ifp->if_flags & IFF_DEBUG; 3237 3238 len -= 4; 3239 buf = malloc (len, M_TEMP, M_NOWAIT); 3240 if (!buf) 3241 return; 3242 3243 if (debug) 3244 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 3245 SPP_ARGS(ifp)); 3246 3247 p = (void*) (h+1); 3248 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3249 len -= p[1], p += p[1]) { 3250 if (debug) 3251 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3252 switch (*p) { 3253 case IPCP_OPT_COMPRESSION: 3254 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION); 3255 break; 3256 case IPCP_OPT_ADDRESS: 3257 /* 3258 * Peer doesn't grok address option. This is 3259 * bad. XXX Should we better give up here? 3260 * XXX We could try old "addresses" option... 3261 */ 3262 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3263 break; 3264 } 3265 } 3266 if (debug) 3267 log(-1, "\n"); 3268 free (buf, M_TEMP); 3269 return; 3270} 3271 3272/* 3273 * Analyze the IPCP Configure-NAK option list, and adjust our 3274 * negotiation. 3275 */ 3276static void 3277sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3278{ 3279 u_char *buf, *p; 3280 struct ifnet *ifp = SP2IFP(sp); 3281 int debug = ifp->if_flags & IFF_DEBUG; 3282 int desiredcomp; 3283 u_long wantaddr; 3284 3285 len -= 4; 3286 buf = malloc (len, M_TEMP, M_NOWAIT); 3287 if (!buf) 3288 return; 3289 3290 if (debug) 3291 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 3292 SPP_ARGS(ifp)); 3293 3294 p = (void*) (h+1); 3295 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3296 len -= p[1], p += p[1]) { 3297 if (debug) 3298 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3299 switch (*p) { 3300 case IPCP_OPT_COMPRESSION: 3301 if (len >= 6 && p[1] == 6) { 3302 desiredcomp = p[2] << 8 | p[3]; 3303 if (debug) 3304 log(-1, "[wantcomp %#04x] ", 3305 desiredcomp); 3306 if (desiredcomp == IPCP_COMP_VJ) { 3307 sl_compress_init(sp->pp_comp, p[4]); 3308 sp->ipcp.max_state = p[4]; 3309 sp->ipcp.compress_cid = p[5]; 3310 if (debug) 3311 log(-1, "[agree] "); 3312 } else 3313 sp->ipcp.opts &= 3314 ~(1 << IPCP_OPT_COMPRESSION); 3315 } 3316 break; 3317 case IPCP_OPT_ADDRESS: 3318 /* 3319 * Peer doesn't like our local IP address. See 3320 * if we can do something for him. We'll drop 3321 * him our address then. 3322 */ 3323 if (len >= 6 && p[1] == 6) { 3324 wantaddr = p[2] << 24 | p[3] << 16 | 3325 p[4] << 8 | p[5]; 3326 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3327 if (debug) 3328 log(-1, "[wantaddr %s] ", 3329 sppp_dotted_quad(wantaddr)); 3330 /* 3331 * When doing dynamic address assignment, 3332 * we accept his offer. Otherwise, we 3333 * ignore it and thus continue to negotiate 3334 * our already existing value. 3335 * XXX: Bogus, if he said no once, he'll 3336 * just say no again, might as well die. 3337 */ 3338 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3339 sppp_set_ip_addr(sp, wantaddr); 3340 if (debug) 3341 log(-1, "[agree] "); 3342 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3343 } 3344 } 3345 break; 3346 } 3347 } 3348 if (debug) 3349 log(-1, "\n"); 3350 free (buf, M_TEMP); 3351 return; 3352} 3353 3354static void 3355sppp_ipcp_tlu(struct sppp *sp) 3356{ 3357 /* we are up - notify isdn daemon */ 3358 if (sp->pp_con) 3359 sp->pp_con(sp); 3360} 3361 3362static void 3363sppp_ipcp_tld(struct sppp *sp) 3364{ 3365} 3366 3367static void 3368sppp_ipcp_tls(struct sppp *sp) 3369{ 3370 /* indicate to LCP that it must stay alive */ 3371 sp->lcp.protos |= (1 << IDX_IPCP); 3372} 3373 3374static void 3375sppp_ipcp_tlf(struct sppp *sp) 3376{ 3377 /* we no longer need LCP */ 3378 sp->lcp.protos &= ~(1 << IDX_IPCP); 3379 sppp_lcp_check_and_close(sp); 3380} 3381 3382static void 3383sppp_ipcp_scr(struct sppp *sp) 3384{ 3385 char opt[6 /* compression */ + 6 /* address */]; 3386 u_long ouraddr; 3387 int i = 0; 3388 3389 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3390 opt[i++] = IPCP_OPT_COMPRESSION; 3391 opt[i++] = 6; 3392 opt[i++] = IPCP_COMP_VJ >> 8; 3393 opt[i++] = IPCP_COMP_VJ; 3394 opt[i++] = sp->ipcp.max_state; 3395 opt[i++] = sp->ipcp.compress_cid; 3396 } 3397 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3398 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3399 opt[i++] = IPCP_OPT_ADDRESS; 3400 opt[i++] = 6; 3401 opt[i++] = ouraddr >> 24; 3402 opt[i++] = ouraddr >> 16; 3403 opt[i++] = ouraddr >> 8; 3404 opt[i++] = ouraddr; 3405 } 3406 3407 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3408 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3409} 3410 3411/* 3412 *--------------------------------------------------------------------------* 3413 * * 3414 * The IPv6CP implementation. * 3415 * * 3416 *--------------------------------------------------------------------------* 3417 */ 3418 3419#ifdef INET6 3420static void 3421sppp_ipv6cp_init(struct sppp *sp) 3422{ 3423 sp->ipv6cp.opts = 0; 3424 sp->ipv6cp.flags = 0; 3425 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3426 sp->fail_counter[IDX_IPV6CP] = 0; 3427 sp->pp_seq[IDX_IPV6CP] = 0; 3428 sp->pp_rseq[IDX_IPV6CP] = 0; 3429 callout_init(&sp->ch[IDX_IPV6CP], 3430 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 3431} 3432 3433static void 3434sppp_ipv6cp_up(struct sppp *sp) 3435{ 3436 sppp_up_event(&ipv6cp, sp); 3437} 3438 3439static void 3440sppp_ipv6cp_down(struct sppp *sp) 3441{ 3442 sppp_down_event(&ipv6cp, sp); 3443} 3444 3445static void 3446sppp_ipv6cp_open(struct sppp *sp) 3447{ 3448 STDDCL; 3449 struct in6_addr myaddr, hisaddr; 3450 3451#ifdef IPV6CP_MYIFID_DYN 3452 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3453#else 3454 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3455#endif 3456 3457 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3458 /* 3459 * If we don't have our address, this probably means our 3460 * interface doesn't want to talk IPv6 at all. (This could 3461 * be the case if somebody wants to speak only IPX, for 3462 * example.) Don't open IPv6CP in this case. 3463 */ 3464 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3465 /* XXX this message should go away */ 3466 if (debug) 3467 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3468 SPP_ARGS(ifp)); 3469 return; 3470 } 3471 3472 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3473 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3474 sppp_open_event(&ipv6cp, sp); 3475} 3476 3477static void 3478sppp_ipv6cp_close(struct sppp *sp) 3479{ 3480 sppp_close_event(&ipv6cp, sp); 3481} 3482 3483static void 3484sppp_ipv6cp_TO(void *cookie) 3485{ 3486 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3487} 3488 3489/* 3490 * Analyze a configure request. Return true if it was agreeable, and 3491 * caused action sca, false if it has been rejected or nak'ed, and 3492 * caused action scn. (The return value is used to make the state 3493 * transition decision in the state automaton.) 3494 */ 3495static int 3496sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3497{ 3498 u_char *buf, *r, *p; 3499 struct ifnet *ifp = SP2IFP(sp); 3500 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3501 struct in6_addr myaddr, desiredaddr, suggestaddr; 3502 int ifidcount; 3503 int type; 3504 int collision, nohisaddr; 3505 char ip6buf[INET6_ADDRSTRLEN]; 3506 3507 len -= 4; 3508 origlen = len; 3509 /* 3510 * Make sure to allocate a buf that can at least hold a 3511 * conf-nak with an `address' option. We might need it below. 3512 */ 3513 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3514 if (! buf) 3515 return (0); 3516 3517 /* pass 1: see if we can recognize them */ 3518 if (debug) 3519 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3520 SPP_ARGS(ifp)); 3521 p = (void*) (h+1); 3522 ifidcount = 0; 3523 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3524 len-=p[1], p+=p[1]) { 3525 if (debug) 3526 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3527 switch (*p) { 3528 case IPV6CP_OPT_IFID: 3529 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3530 /* correctly formed address option */ 3531 ifidcount++; 3532 continue; 3533 } 3534 if (debug) 3535 log(-1, " [invalid]"); 3536 break; 3537#ifdef notyet 3538 case IPV6CP_OPT_COMPRESSION: 3539 if (len >= 4 && p[1] >= 4) { 3540 /* correctly formed compress option */ 3541 continue; 3542 } 3543 if (debug) 3544 log(-1, " [invalid]"); 3545 break; 3546#endif 3547 default: 3548 /* Others not supported. */ 3549 if (debug) 3550 log(-1, " [rej]"); 3551 break; 3552 } 3553 /* Add the option to rejected list. */ 3554 bcopy (p, r, p[1]); 3555 r += p[1]; 3556 rlen += p[1]; 3557 } 3558 if (rlen) { 3559 if (debug) 3560 log(-1, " send conf-rej\n"); 3561 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3562 goto end; 3563 } else if (debug) 3564 log(-1, "\n"); 3565 3566 /* pass 2: parse option values */ 3567 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3568 if (debug) 3569 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3570 SPP_ARGS(ifp)); 3571 p = (void*) (h+1); 3572 len = origlen; 3573 type = CONF_ACK; 3574 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3575 len-=p[1], p+=p[1]) { 3576 if (debug) 3577 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3578 switch (*p) { 3579#ifdef notyet 3580 case IPV6CP_OPT_COMPRESSION: 3581 continue; 3582#endif 3583 case IPV6CP_OPT_IFID: 3584 bzero(&desiredaddr, sizeof(desiredaddr)); 3585 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3586 collision = (bcmp(&desiredaddr.s6_addr[8], 3587 &myaddr.s6_addr[8], 8) == 0); 3588 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3589 3590 desiredaddr.s6_addr16[0] = htons(0xfe80); 3591 (void)in6_setscope(&desiredaddr, SP2IFP(sp), NULL); 3592 3593 if (!collision && !nohisaddr) { 3594 /* no collision, hisaddr known - Conf-Ack */ 3595 type = CONF_ACK; 3596 3597 if (debug) { 3598 log(-1, " %s [%s]", 3599 ip6_sprintf(ip6buf, &desiredaddr), 3600 sppp_cp_type_name(type)); 3601 } 3602 continue; 3603 } 3604 3605 bzero(&suggestaddr, sizeof(&suggestaddr)); 3606 if (collision && nohisaddr) { 3607 /* collision, hisaddr unknown - Conf-Rej */ 3608 type = CONF_REJ; 3609 bzero(&p[2], 8); 3610 } else { 3611 /* 3612 * - no collision, hisaddr unknown, or 3613 * - collision, hisaddr known 3614 * Conf-Nak, suggest hisaddr 3615 */ 3616 type = CONF_NAK; 3617 sppp_suggest_ip6_addr(sp, &suggestaddr); 3618 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3619 } 3620 if (debug) 3621 log(-1, " %s [%s]", 3622 ip6_sprintf(ip6buf, &desiredaddr), 3623 sppp_cp_type_name(type)); 3624 break; 3625 } 3626 /* Add the option to nak'ed list. */ 3627 bcopy (p, r, p[1]); 3628 r += p[1]; 3629 rlen += p[1]; 3630 } 3631 3632 if (rlen == 0 && type == CONF_ACK) { 3633 if (debug) 3634 log(-1, " send %s\n", sppp_cp_type_name(type)); 3635 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3636 } else { 3637#ifdef DIAGNOSTIC 3638 if (type == CONF_ACK) 3639 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3640#endif 3641 3642 if (debug) { 3643 log(-1, " send %s suggest %s\n", 3644 sppp_cp_type_name(type), 3645 ip6_sprintf(ip6buf, &suggestaddr)); 3646 } 3647 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3648 } 3649 3650 end: 3651 free (buf, M_TEMP); 3652 return (rlen == 0); 3653} 3654 3655/* 3656 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3657 * negotiation. 3658 */ 3659static void 3660sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3661{ 3662 u_char *buf, *p; 3663 struct ifnet *ifp = SP2IFP(sp); 3664 int debug = ifp->if_flags & IFF_DEBUG; 3665 3666 len -= 4; 3667 buf = malloc (len, M_TEMP, M_NOWAIT); 3668 if (!buf) 3669 return; 3670 3671 if (debug) 3672 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3673 SPP_ARGS(ifp)); 3674 3675 p = (void*) (h+1); 3676 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3677 len -= p[1], p += p[1]) { 3678 if (debug) 3679 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3680 switch (*p) { 3681 case IPV6CP_OPT_IFID: 3682 /* 3683 * Peer doesn't grok address option. This is 3684 * bad. XXX Should we better give up here? 3685 */ 3686 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3687 break; 3688#ifdef notyet 3689 case IPV6CP_OPT_COMPRESS: 3690 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3691 break; 3692#endif 3693 } 3694 } 3695 if (debug) 3696 log(-1, "\n"); 3697 free (buf, M_TEMP); 3698 return; 3699} 3700 3701/* 3702 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3703 * negotiation. 3704 */ 3705static void 3706sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3707{ 3708 u_char *buf, *p; 3709 struct ifnet *ifp = SP2IFP(sp); 3710 int debug = ifp->if_flags & IFF_DEBUG; 3711 struct in6_addr suggestaddr; 3712 char ip6buf[INET6_ADDRSTRLEN]; 3713 3714 len -= 4; 3715 buf = malloc (len, M_TEMP, M_NOWAIT); 3716 if (!buf) 3717 return; 3718 3719 if (debug) 3720 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3721 SPP_ARGS(ifp)); 3722 3723 p = (void*) (h+1); 3724 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3725 len -= p[1], p += p[1]) { 3726 if (debug) 3727 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3728 switch (*p) { 3729 case IPV6CP_OPT_IFID: 3730 /* 3731 * Peer doesn't like our local ifid. See 3732 * if we can do something for him. We'll drop 3733 * him our address then. 3734 */ 3735 if (len < 10 || p[1] != 10) 3736 break; 3737 bzero(&suggestaddr, sizeof(suggestaddr)); 3738 suggestaddr.s6_addr16[0] = htons(0xfe80); 3739 (void)in6_setscope(&suggestaddr, SP2IFP(sp), NULL); 3740 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3741 3742 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3743 if (debug) 3744 log(-1, " [suggestaddr %s]", 3745 ip6_sprintf(ip6buf, &suggestaddr)); 3746#ifdef IPV6CP_MYIFID_DYN 3747 /* 3748 * When doing dynamic address assignment, 3749 * we accept his offer. 3750 */ 3751 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3752 struct in6_addr lastsuggest; 3753 /* 3754 * If <suggested myaddr from peer> equals to 3755 * <hisaddr we have suggested last time>, 3756 * we have a collision. generate new random 3757 * ifid. 3758 */ 3759 sppp_suggest_ip6_addr(&lastsuggest); 3760 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3761 lastsuggest)) { 3762 if (debug) 3763 log(-1, " [random]"); 3764 sppp_gen_ip6_addr(sp, &suggestaddr); 3765 } 3766 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3767 if (debug) 3768 log(-1, " [agree]"); 3769 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3770 } 3771#else 3772 /* 3773 * Since we do not do dynamic address assignment, 3774 * we ignore it and thus continue to negotiate 3775 * our already existing value. This can possibly 3776 * go into infinite request-reject loop. 3777 * 3778 * This is not likely because we normally use 3779 * ifid based on MAC-address. 3780 * If you have no ethernet card on the node, too bad. 3781 * XXX should we use fail_counter? 3782 */ 3783#endif 3784 break; 3785#ifdef notyet 3786 case IPV6CP_OPT_COMPRESS: 3787 /* 3788 * Peer wants different compression parameters. 3789 */ 3790 break; 3791#endif 3792 } 3793 } 3794 if (debug) 3795 log(-1, "\n"); 3796 free (buf, M_TEMP); 3797 return; 3798} 3799static void 3800sppp_ipv6cp_tlu(struct sppp *sp) 3801{ 3802 /* we are up - notify isdn daemon */ 3803 if (sp->pp_con) 3804 sp->pp_con(sp); 3805} 3806 3807static void 3808sppp_ipv6cp_tld(struct sppp *sp) 3809{ 3810} 3811 3812static void 3813sppp_ipv6cp_tls(struct sppp *sp) 3814{ 3815 /* indicate to LCP that it must stay alive */ 3816 sp->lcp.protos |= (1 << IDX_IPV6CP); 3817} 3818 3819static void 3820sppp_ipv6cp_tlf(struct sppp *sp) 3821{ 3822 3823#if 0 /* need #if 0 to close IPv6CP properly */ 3824 /* we no longer need LCP */ 3825 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3826 sppp_lcp_check_and_close(sp); 3827#endif 3828} 3829 3830static void 3831sppp_ipv6cp_scr(struct sppp *sp) 3832{ 3833 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3834 struct in6_addr ouraddr; 3835 int i = 0; 3836 3837 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3838 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3839 opt[i++] = IPV6CP_OPT_IFID; 3840 opt[i++] = 10; 3841 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3842 i += 8; 3843 } 3844 3845#ifdef notyet 3846 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3847 opt[i++] = IPV6CP_OPT_COMPRESSION; 3848 opt[i++] = 4; 3849 opt[i++] = 0; /* TBD */ 3850 opt[i++] = 0; /* TBD */ 3851 /* variable length data may follow */ 3852 } 3853#endif 3854 3855 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3856 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3857} 3858#else /*INET6*/ 3859static void sppp_ipv6cp_init(struct sppp *sp) 3860{ 3861} 3862 3863static void sppp_ipv6cp_up(struct sppp *sp) 3864{ 3865} 3866 3867static void sppp_ipv6cp_down(struct sppp *sp) 3868{ 3869} 3870 3871 3872static void sppp_ipv6cp_open(struct sppp *sp) 3873{ 3874} 3875 3876static void sppp_ipv6cp_close(struct sppp *sp) 3877{ 3878} 3879 3880static void sppp_ipv6cp_TO(void *sp) 3881{ 3882} 3883 3884static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3885{ 3886 return 0; 3887} 3888 3889static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3890{ 3891} 3892 3893static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3894{ 3895} 3896 3897static void sppp_ipv6cp_tlu(struct sppp *sp) 3898{ 3899} 3900 3901static void sppp_ipv6cp_tld(struct sppp *sp) 3902{ 3903} 3904 3905static void sppp_ipv6cp_tls(struct sppp *sp) 3906{ 3907} 3908 3909static void sppp_ipv6cp_tlf(struct sppp *sp) 3910{ 3911} 3912 3913static void sppp_ipv6cp_scr(struct sppp *sp) 3914{ 3915} 3916#endif /*INET6*/ 3917 3918/* 3919 *--------------------------------------------------------------------------* 3920 * * 3921 * The CHAP implementation. * 3922 * * 3923 *--------------------------------------------------------------------------* 3924 */ 3925 3926/* 3927 * The authentication protocols don't employ a full-fledged state machine as 3928 * the control protocols do, since they do have Open and Close events, but 3929 * not Up and Down, nor are they explicitly terminated. Also, use of the 3930 * authentication protocols may be different in both directions (this makes 3931 * sense, think of a machine that never accepts incoming calls but only 3932 * calls out, it doesn't require the called party to authenticate itself). 3933 * 3934 * Our state machine for the local authentication protocol (we are requesting 3935 * the peer to authenticate) looks like: 3936 * 3937 * RCA- 3938 * +--------------------------------------------+ 3939 * V scn,tld| 3940 * +--------+ Close +---------+ RCA+ 3941 * | |<----------------------------------| |------+ 3942 * +--->| Closed | TO* | Opened | sca | 3943 * | | |-----+ +-------| |<-----+ 3944 * | +--------+ irc | | +---------+ 3945 * | ^ | | ^ 3946 * | | | | | 3947 * | | | | | 3948 * | TO-| | | | 3949 * | |tld TO+ V | | 3950 * | | +------->+ | | 3951 * | | | | | | 3952 * | +--------+ V | | 3953 * | | |<----+<--------------------+ | 3954 * | | Req- | scr | 3955 * | | Sent | | 3956 * | | | | 3957 * | +--------+ | 3958 * | RCA- | | RCA+ | 3959 * +------+ +------------------------------------------+ 3960 * scn,tld sca,irc,ict,tlu 3961 * 3962 * 3963 * with: 3964 * 3965 * Open: LCP reached authentication phase 3966 * Close: LCP reached terminate phase 3967 * 3968 * RCA+: received reply (pap-req, chap-response), acceptable 3969 * RCN: received reply (pap-req, chap-response), not acceptable 3970 * TO+: timeout with restart counter >= 0 3971 * TO-: timeout with restart counter < 0 3972 * TO*: reschedule timeout for CHAP 3973 * 3974 * scr: send request packet (none for PAP, chap-challenge) 3975 * sca: send ack packet (pap-ack, chap-success) 3976 * scn: send nak packet (pap-nak, chap-failure) 3977 * ict: initialize re-challenge timer (CHAP only) 3978 * 3979 * tlu: this-layer-up, LCP reaches network phase 3980 * tld: this-layer-down, LCP enters terminate phase 3981 * 3982 * Note that in CHAP mode, after sending a new challenge, while the state 3983 * automaton falls back into Req-Sent state, it doesn't signal a tld 3984 * event to LCP, so LCP remains in network phase. Only after not getting 3985 * any response (or after getting an unacceptable response), CHAP closes, 3986 * causing LCP to enter terminate phase. 3987 * 3988 * With PAP, there is no initial request that can be sent. The peer is 3989 * expected to send one based on the successful negotiation of PAP as 3990 * the authentication protocol during the LCP option negotiation. 3991 * 3992 * Incoming authentication protocol requests (remote requests 3993 * authentication, we are peer) don't employ a state machine at all, 3994 * they are simply answered. Some peers [Ascend P50 firmware rev 3995 * 4.50] react allergically when sending IPCP requests while they are 3996 * still in authentication phase (thereby violating the standard that 3997 * demands that these NCP packets are to be discarded), so we keep 3998 * track of the peer demanding us to authenticate, and only proceed to 3999 * phase network once we've seen a positive acknowledge for the 4000 * authentication. 4001 */ 4002 4003/* 4004 * Handle incoming CHAP packets. 4005 */ 4006static void 4007sppp_chap_input(struct sppp *sp, struct mbuf *m) 4008{ 4009 STDDCL; 4010 struct lcp_header *h; 4011 int len, x; 4012 u_char *value, *name, digest[AUTHKEYLEN], dsize; 4013 int value_len, name_len; 4014 MD5_CTX ctx; 4015 4016 len = m->m_pkthdr.len; 4017 if (len < 4) { 4018 if (debug) 4019 log(LOG_DEBUG, 4020 SPP_FMT "chap invalid packet length: %d bytes\n", 4021 SPP_ARGS(ifp), len); 4022 return; 4023 } 4024 h = mtod (m, struct lcp_header*); 4025 if (len > ntohs (h->len)) 4026 len = ntohs (h->len); 4027 4028 switch (h->type) { 4029 /* challenge, failure and success are his authproto */ 4030 case CHAP_CHALLENGE: 4031 value = 1 + (u_char*)(h+1); 4032 value_len = value[-1]; 4033 name = value + value_len; 4034 name_len = len - value_len - 5; 4035 if (name_len < 0) { 4036 if (debug) { 4037 log(LOG_DEBUG, 4038 SPP_FMT "chap corrupted challenge " 4039 "<%s id=0x%x len=%d", 4040 SPP_ARGS(ifp), 4041 sppp_auth_type_name(PPP_CHAP, h->type), 4042 h->ident, ntohs(h->len)); 4043 sppp_print_bytes((u_char*) (h+1), len-4); 4044 log(-1, ">\n"); 4045 } 4046 break; 4047 } 4048 4049 if (debug) { 4050 log(LOG_DEBUG, 4051 SPP_FMT "chap input <%s id=0x%x len=%d name=", 4052 SPP_ARGS(ifp), 4053 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 4054 ntohs(h->len)); 4055 sppp_print_string((char*) name, name_len); 4056 log(-1, " value-size=%d value=", value_len); 4057 sppp_print_bytes(value, value_len); 4058 log(-1, ">\n"); 4059 } 4060 4061 /* Compute reply value. */ 4062 MD5Init(&ctx); 4063 MD5Update(&ctx, &h->ident, 1); 4064 MD5Update(&ctx, sp->myauth.secret, 4065 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 4066 MD5Update(&ctx, value, value_len); 4067 MD5Final(digest, &ctx); 4068 dsize = sizeof digest; 4069 4070 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 4071 sizeof dsize, (const char *)&dsize, 4072 sizeof digest, digest, 4073 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4074 sp->myauth.name, 4075 0); 4076 break; 4077 4078 case CHAP_SUCCESS: 4079 if (debug) { 4080 log(LOG_DEBUG, SPP_FMT "chap success", 4081 SPP_ARGS(ifp)); 4082 if (len > 4) { 4083 log(-1, ": "); 4084 sppp_print_string((char*)(h + 1), len - 4); 4085 } 4086 log(-1, "\n"); 4087 } 4088 x = splimp(); 4089 SPPP_LOCK(sp); 4090 sp->pp_flags &= ~PP_NEEDAUTH; 4091 if (sp->myauth.proto == PPP_CHAP && 4092 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4093 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 4094 /* 4095 * We are authenticator for CHAP but didn't 4096 * complete yet. Leave it to tlu to proceed 4097 * to network phase. 4098 */ 4099 SPPP_UNLOCK(sp); 4100 splx(x); 4101 break; 4102 } 4103 SPPP_UNLOCK(sp); 4104 splx(x); 4105 sppp_phase_network(sp); 4106 break; 4107 4108 case CHAP_FAILURE: 4109 if (debug) { 4110 log(LOG_INFO, SPP_FMT "chap failure", 4111 SPP_ARGS(ifp)); 4112 if (len > 4) { 4113 log(-1, ": "); 4114 sppp_print_string((char*)(h + 1), len - 4); 4115 } 4116 log(-1, "\n"); 4117 } else 4118 log(LOG_INFO, SPP_FMT "chap failure\n", 4119 SPP_ARGS(ifp)); 4120 /* await LCP shutdown by authenticator */ 4121 break; 4122 4123 /* response is my authproto */ 4124 case CHAP_RESPONSE: 4125 value = 1 + (u_char*)(h+1); 4126 value_len = value[-1]; 4127 name = value + value_len; 4128 name_len = len - value_len - 5; 4129 if (name_len < 0) { 4130 if (debug) { 4131 log(LOG_DEBUG, 4132 SPP_FMT "chap corrupted response " 4133 "<%s id=0x%x len=%d", 4134 SPP_ARGS(ifp), 4135 sppp_auth_type_name(PPP_CHAP, h->type), 4136 h->ident, ntohs(h->len)); 4137 sppp_print_bytes((u_char*)(h+1), len-4); 4138 log(-1, ">\n"); 4139 } 4140 break; 4141 } 4142 if (h->ident != sp->confid[IDX_CHAP]) { 4143 if (debug) 4144 log(LOG_DEBUG, 4145 SPP_FMT "chap dropping response for old ID " 4146 "(got %d, expected %d)\n", 4147 SPP_ARGS(ifp), 4148 h->ident, sp->confid[IDX_CHAP]); 4149 break; 4150 } 4151 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 4152 || bcmp(name, sp->hisauth.name, name_len) != 0) { 4153 log(LOG_INFO, SPP_FMT "chap response, his name ", 4154 SPP_ARGS(ifp)); 4155 sppp_print_string(name, name_len); 4156 log(-1, " != expected "); 4157 sppp_print_string(sp->hisauth.name, 4158 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 4159 log(-1, "\n"); 4160 } 4161 if (debug) { 4162 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 4163 "<%s id=0x%x len=%d name=", 4164 SPP_ARGS(ifp), 4165 sppp_state_name(sp->state[IDX_CHAP]), 4166 sppp_auth_type_name(PPP_CHAP, h->type), 4167 h->ident, ntohs (h->len)); 4168 sppp_print_string((char*)name, name_len); 4169 log(-1, " value-size=%d value=", value_len); 4170 sppp_print_bytes(value, value_len); 4171 log(-1, ">\n"); 4172 } 4173 if (value_len != AUTHKEYLEN) { 4174 if (debug) 4175 log(LOG_DEBUG, 4176 SPP_FMT "chap bad hash value length: " 4177 "%d bytes, should be %d\n", 4178 SPP_ARGS(ifp), value_len, 4179 AUTHKEYLEN); 4180 break; 4181 } 4182 4183 MD5Init(&ctx); 4184 MD5Update(&ctx, &h->ident, 1); 4185 MD5Update(&ctx, sp->hisauth.secret, 4186 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 4187 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 4188 MD5Final(digest, &ctx); 4189 4190#define FAILMSG "Failed..." 4191#define SUCCMSG "Welcome!" 4192 4193 if (value_len != sizeof digest || 4194 bcmp(digest, value, value_len) != 0) { 4195 /* action scn, tld */ 4196 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4197 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4198 0); 4199 chap.tld(sp); 4200 break; 4201 } 4202 /* action sca, perhaps tlu */ 4203 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4204 sp->state[IDX_CHAP] == STATE_OPENED) 4205 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4206 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4207 0); 4208 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4209 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4210 chap.tlu(sp); 4211 } 4212 break; 4213 4214 default: 4215 /* Unknown CHAP packet type -- ignore. */ 4216 if (debug) { 4217 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4218 "<0x%x id=0x%xh len=%d", 4219 SPP_ARGS(ifp), 4220 sppp_state_name(sp->state[IDX_CHAP]), 4221 h->type, h->ident, ntohs(h->len)); 4222 sppp_print_bytes((u_char*)(h+1), len-4); 4223 log(-1, ">\n"); 4224 } 4225 break; 4226 4227 } 4228} 4229 4230static void 4231sppp_chap_init(struct sppp *sp) 4232{ 4233 /* Chap doesn't have STATE_INITIAL at all. */ 4234 sp->state[IDX_CHAP] = STATE_CLOSED; 4235 sp->fail_counter[IDX_CHAP] = 0; 4236 sp->pp_seq[IDX_CHAP] = 0; 4237 sp->pp_rseq[IDX_CHAP] = 0; 4238 callout_init(&sp->ch[IDX_CHAP], 4239 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 4240} 4241 4242static void 4243sppp_chap_open(struct sppp *sp) 4244{ 4245 if (sp->myauth.proto == PPP_CHAP && 4246 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4247 /* we are authenticator for CHAP, start it */ 4248 chap.scr(sp); 4249 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4250 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4251 } 4252 /* nothing to be done if we are peer, await a challenge */ 4253} 4254 4255static void 4256sppp_chap_close(struct sppp *sp) 4257{ 4258 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4259 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4260} 4261 4262static void 4263sppp_chap_TO(void *cookie) 4264{ 4265 struct sppp *sp = (struct sppp *)cookie; 4266 STDDCL; 4267 int s; 4268 4269 s = splimp(); 4270 SPPP_LOCK(sp); 4271 if (debug) 4272 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4273 SPP_ARGS(ifp), 4274 sppp_state_name(sp->state[IDX_CHAP]), 4275 sp->rst_counter[IDX_CHAP]); 4276 4277 if (--sp->rst_counter[IDX_CHAP] < 0) 4278 /* TO- event */ 4279 switch (sp->state[IDX_CHAP]) { 4280 case STATE_REQ_SENT: 4281 chap.tld(sp); 4282 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4283 break; 4284 } 4285 else 4286 /* TO+ (or TO*) event */ 4287 switch (sp->state[IDX_CHAP]) { 4288 case STATE_OPENED: 4289 /* TO* event */ 4290 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4291 /* FALLTHROUGH */ 4292 case STATE_REQ_SENT: 4293 chap.scr(sp); 4294 /* sppp_cp_change_state() will restart the timer */ 4295 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4296 break; 4297 } 4298 4299 SPPP_UNLOCK(sp); 4300 splx(s); 4301} 4302 4303static void 4304sppp_chap_tlu(struct sppp *sp) 4305{ 4306 STDDCL; 4307 int i, x; 4308 4309 i = 0; 4310 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4311 4312 /* 4313 * Some broken CHAP implementations (Conware CoNet, firmware 4314 * 4.0.?) don't want to re-authenticate their CHAP once the 4315 * initial challenge-response exchange has taken place. 4316 * Provide for an option to avoid rechallenges. 4317 */ 4318 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4319 /* 4320 * Compute the re-challenge timeout. This will yield 4321 * a number between 300 and 810 seconds. 4322 */ 4323 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4324 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, (void *)sp); 4325 } 4326 4327 if (debug) { 4328 log(LOG_DEBUG, 4329 SPP_FMT "chap %s, ", 4330 SPP_ARGS(ifp), 4331 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4332 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4333 log(-1, "next re-challenge in %d seconds\n", i); 4334 else 4335 log(-1, "re-challenging supressed\n"); 4336 } 4337 4338 x = splimp(); 4339 SPPP_LOCK(sp); 4340 /* indicate to LCP that we need to be closed down */ 4341 sp->lcp.protos |= (1 << IDX_CHAP); 4342 4343 if (sp->pp_flags & PP_NEEDAUTH) { 4344 /* 4345 * Remote is authenticator, but his auth proto didn't 4346 * complete yet. Defer the transition to network 4347 * phase. 4348 */ 4349 SPPP_UNLOCK(sp); 4350 splx(x); 4351 return; 4352 } 4353 SPPP_UNLOCK(sp); 4354 splx(x); 4355 4356 /* 4357 * If we are already in phase network, we are done here. This 4358 * is the case if this is a dummy tlu event after a re-challenge. 4359 */ 4360 if (sp->pp_phase != PHASE_NETWORK) 4361 sppp_phase_network(sp); 4362} 4363 4364static void 4365sppp_chap_tld(struct sppp *sp) 4366{ 4367 STDDCL; 4368 4369 if (debug) 4370 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4371 callout_stop(&sp->ch[IDX_CHAP]); 4372 sp->lcp.protos &= ~(1 << IDX_CHAP); 4373 4374 lcp.Close(sp); 4375} 4376 4377static void 4378sppp_chap_scr(struct sppp *sp) 4379{ 4380 u_long *ch, seed; 4381 u_char clen; 4382 4383 /* Compute random challenge. */ 4384 ch = (u_long *)sp->myauth.challenge; 4385#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4386 read_random(&seed, sizeof seed); 4387#else 4388 { 4389 struct timeval tv; 4390 microtime(&tv); 4391 seed = tv.tv_sec ^ tv.tv_usec; 4392 } 4393#endif 4394 ch[0] = seed ^ random(); 4395 ch[1] = seed ^ random(); 4396 ch[2] = seed ^ random(); 4397 ch[3] = seed ^ random(); 4398 clen = AUTHKEYLEN; 4399 4400 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4401 4402 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4403 sizeof clen, (const char *)&clen, 4404 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4405 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4406 sp->myauth.name, 4407 0); 4408} 4409 4410/* 4411 *--------------------------------------------------------------------------* 4412 * * 4413 * The PAP implementation. * 4414 * * 4415 *--------------------------------------------------------------------------* 4416 */ 4417/* 4418 * For PAP, we need to keep a little state also if we are the peer, not the 4419 * authenticator. This is since we don't get a request to authenticate, but 4420 * have to repeatedly authenticate ourself until we got a response (or the 4421 * retry counter is expired). 4422 */ 4423 4424/* 4425 * Handle incoming PAP packets. */ 4426static void 4427sppp_pap_input(struct sppp *sp, struct mbuf *m) 4428{ 4429 STDDCL; 4430 struct lcp_header *h; 4431 int len, x; 4432 u_char *name, *passwd, mlen; 4433 int name_len, passwd_len; 4434 4435 len = m->m_pkthdr.len; 4436 if (len < 5) { 4437 if (debug) 4438 log(LOG_DEBUG, 4439 SPP_FMT "pap invalid packet length: %d bytes\n", 4440 SPP_ARGS(ifp), len); 4441 return; 4442 } 4443 h = mtod (m, struct lcp_header*); 4444 if (len > ntohs (h->len)) 4445 len = ntohs (h->len); 4446 switch (h->type) { 4447 /* PAP request is my authproto */ 4448 case PAP_REQ: 4449 name = 1 + (u_char*)(h+1); 4450 name_len = name[-1]; 4451 passwd = name + name_len + 1; 4452 if (name_len > len - 6 || 4453 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4454 if (debug) { 4455 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4456 "<%s id=0x%x len=%d", 4457 SPP_ARGS(ifp), 4458 sppp_auth_type_name(PPP_PAP, h->type), 4459 h->ident, ntohs(h->len)); 4460 sppp_print_bytes((u_char*)(h+1), len-4); 4461 log(-1, ">\n"); 4462 } 4463 break; 4464 } 4465 if (debug) { 4466 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4467 "<%s id=0x%x len=%d name=", 4468 SPP_ARGS(ifp), 4469 sppp_state_name(sp->state[IDX_PAP]), 4470 sppp_auth_type_name(PPP_PAP, h->type), 4471 h->ident, ntohs(h->len)); 4472 sppp_print_string((char*)name, name_len); 4473 log(-1, " passwd="); 4474 sppp_print_string((char*)passwd, passwd_len); 4475 log(-1, ">\n"); 4476 } 4477 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4478 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4479 bcmp(name, sp->hisauth.name, name_len) != 0 || 4480 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4481 /* action scn, tld */ 4482 mlen = sizeof(FAILMSG) - 1; 4483 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4484 sizeof mlen, (const char *)&mlen, 4485 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4486 0); 4487 pap.tld(sp); 4488 break; 4489 } 4490 /* action sca, perhaps tlu */ 4491 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4492 sp->state[IDX_PAP] == STATE_OPENED) { 4493 mlen = sizeof(SUCCMSG) - 1; 4494 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4495 sizeof mlen, (const char *)&mlen, 4496 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4497 0); 4498 } 4499 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4500 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4501 pap.tlu(sp); 4502 } 4503 break; 4504 4505 /* ack and nak are his authproto */ 4506 case PAP_ACK: 4507 callout_stop(&sp->pap_my_to_ch); 4508 if (debug) { 4509 log(LOG_DEBUG, SPP_FMT "pap success", 4510 SPP_ARGS(ifp)); 4511 name_len = *((char *)h); 4512 if (len > 5 && name_len) { 4513 log(-1, ": "); 4514 sppp_print_string((char*)(h+1), name_len); 4515 } 4516 log(-1, "\n"); 4517 } 4518 x = splimp(); 4519 SPPP_LOCK(sp); 4520 sp->pp_flags &= ~PP_NEEDAUTH; 4521 if (sp->myauth.proto == PPP_PAP && 4522 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4523 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4524 /* 4525 * We are authenticator for PAP but didn't 4526 * complete yet. Leave it to tlu to proceed 4527 * to network phase. 4528 */ 4529 SPPP_UNLOCK(sp); 4530 splx(x); 4531 break; 4532 } 4533 SPPP_UNLOCK(sp); 4534 splx(x); 4535 sppp_phase_network(sp); 4536 break; 4537 4538 case PAP_NAK: 4539 callout_stop (&sp->pap_my_to_ch); 4540 if (debug) { 4541 log(LOG_INFO, SPP_FMT "pap failure", 4542 SPP_ARGS(ifp)); 4543 name_len = *((char *)h); 4544 if (len > 5 && name_len) { 4545 log(-1, ": "); 4546 sppp_print_string((char*)(h+1), name_len); 4547 } 4548 log(-1, "\n"); 4549 } else 4550 log(LOG_INFO, SPP_FMT "pap failure\n", 4551 SPP_ARGS(ifp)); 4552 /* await LCP shutdown by authenticator */ 4553 break; 4554 4555 default: 4556 /* Unknown PAP packet type -- ignore. */ 4557 if (debug) { 4558 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4559 "<0x%x id=0x%x len=%d", 4560 SPP_ARGS(ifp), 4561 h->type, h->ident, ntohs(h->len)); 4562 sppp_print_bytes((u_char*)(h+1), len-4); 4563 log(-1, ">\n"); 4564 } 4565 break; 4566 4567 } 4568} 4569 4570static void 4571sppp_pap_init(struct sppp *sp) 4572{ 4573 /* PAP doesn't have STATE_INITIAL at all. */ 4574 sp->state[IDX_PAP] = STATE_CLOSED; 4575 sp->fail_counter[IDX_PAP] = 0; 4576 sp->pp_seq[IDX_PAP] = 0; 4577 sp->pp_rseq[IDX_PAP] = 0; 4578 callout_init(&sp->ch[IDX_PAP], 4579 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 4580 callout_init(&sp->pap_my_to_ch, 4581 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 4582} 4583 4584static void 4585sppp_pap_open(struct sppp *sp) 4586{ 4587 if (sp->hisauth.proto == PPP_PAP && 4588 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4589 /* we are authenticator for PAP, start our timer */ 4590 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4591 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4592 } 4593 if (sp->myauth.proto == PPP_PAP) { 4594 /* we are peer, send a request, and start a timer */ 4595 pap.scr(sp); 4596 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 4597 sppp_pap_my_TO, (void *)sp); 4598 } 4599} 4600 4601static void 4602sppp_pap_close(struct sppp *sp) 4603{ 4604 if (sp->state[IDX_PAP] != STATE_CLOSED) 4605 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4606} 4607 4608/* 4609 * That's the timeout routine if we are authenticator. Since the 4610 * authenticator is basically passive in PAP, we can't do much here. 4611 */ 4612static void 4613sppp_pap_TO(void *cookie) 4614{ 4615 struct sppp *sp = (struct sppp *)cookie; 4616 STDDCL; 4617 int s; 4618 4619 s = splimp(); 4620 SPPP_LOCK(sp); 4621 if (debug) 4622 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4623 SPP_ARGS(ifp), 4624 sppp_state_name(sp->state[IDX_PAP]), 4625 sp->rst_counter[IDX_PAP]); 4626 4627 if (--sp->rst_counter[IDX_PAP] < 0) 4628 /* TO- event */ 4629 switch (sp->state[IDX_PAP]) { 4630 case STATE_REQ_SENT: 4631 pap.tld(sp); 4632 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4633 break; 4634 } 4635 else 4636 /* TO+ event, not very much we could do */ 4637 switch (sp->state[IDX_PAP]) { 4638 case STATE_REQ_SENT: 4639 /* sppp_cp_change_state() will restart the timer */ 4640 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4641 break; 4642 } 4643 4644 SPPP_UNLOCK(sp); 4645 splx(s); 4646} 4647 4648/* 4649 * That's the timeout handler if we are peer. Since the peer is active, 4650 * we need to retransmit our PAP request since it is apparently lost. 4651 * XXX We should impose a max counter. 4652 */ 4653static void 4654sppp_pap_my_TO(void *cookie) 4655{ 4656 struct sppp *sp = (struct sppp *)cookie; 4657 STDDCL; 4658 4659 if (debug) 4660 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4661 SPP_ARGS(ifp)); 4662 4663 SPPP_LOCK(sp); 4664 pap.scr(sp); 4665 SPPP_UNLOCK(sp); 4666} 4667 4668static void 4669sppp_pap_tlu(struct sppp *sp) 4670{ 4671 STDDCL; 4672 int x; 4673 4674 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4675 4676 if (debug) 4677 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4678 SPP_ARGS(ifp), pap.name); 4679 4680 x = splimp(); 4681 SPPP_LOCK(sp); 4682 /* indicate to LCP that we need to be closed down */ 4683 sp->lcp.protos |= (1 << IDX_PAP); 4684 4685 if (sp->pp_flags & PP_NEEDAUTH) { 4686 /* 4687 * Remote is authenticator, but his auth proto didn't 4688 * complete yet. Defer the transition to network 4689 * phase. 4690 */ 4691 SPPP_UNLOCK(sp); 4692 splx(x); 4693 return; 4694 } 4695 SPPP_UNLOCK(sp); 4696 splx(x); 4697 sppp_phase_network(sp); 4698} 4699 4700static void 4701sppp_pap_tld(struct sppp *sp) 4702{ 4703 STDDCL; 4704 4705 if (debug) 4706 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4707 callout_stop (&sp->ch[IDX_PAP]); 4708 callout_stop (&sp->pap_my_to_ch); 4709 sp->lcp.protos &= ~(1 << IDX_PAP); 4710 4711 lcp.Close(sp); 4712} 4713 4714static void 4715sppp_pap_scr(struct sppp *sp) 4716{ 4717 u_char idlen, pwdlen; 4718 4719 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4720 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4721 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4722 4723 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4724 sizeof idlen, (const char *)&idlen, 4725 (size_t)idlen, sp->myauth.name, 4726 sizeof pwdlen, (const char *)&pwdlen, 4727 (size_t)pwdlen, sp->myauth.secret, 4728 0); 4729} 4730 4731/* 4732 * Random miscellaneous functions. 4733 */ 4734 4735/* 4736 * Send a PAP or CHAP proto packet. 4737 * 4738 * Varadic function, each of the elements for the ellipsis is of type 4739 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4740 * mlen == 0. 4741 * NOTE: never declare variadic functions with types subject to type 4742 * promotion (i.e. u_char). This is asking for big trouble depending 4743 * on the architecture you are on... 4744 */ 4745 4746static void 4747sppp_auth_send(const struct cp *cp, struct sppp *sp, 4748 unsigned int type, unsigned int id, 4749 ...) 4750{ 4751 STDDCL; 4752 struct ppp_header *h; 4753 struct lcp_header *lh; 4754 struct mbuf *m; 4755 u_char *p; 4756 int len; 4757 unsigned int mlen; 4758 const char *msg; 4759 va_list ap; 4760 4761 MGETHDR (m, M_DONTWAIT, MT_DATA); 4762 if (! m) 4763 return; 4764 m->m_pkthdr.rcvif = 0; 4765 4766 h = mtod (m, struct ppp_header*); 4767 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4768 h->control = PPP_UI; /* Unnumbered Info */ 4769 h->protocol = htons(cp->proto); 4770 4771 lh = (struct lcp_header*)(h + 1); 4772 lh->type = type; 4773 lh->ident = id; 4774 p = (u_char*) (lh+1); 4775 4776 va_start(ap, id); 4777 len = 0; 4778 4779 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4780 msg = va_arg(ap, const char *); 4781 len += mlen; 4782 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4783 va_end(ap); 4784 m_freem(m); 4785 return; 4786 } 4787 4788 bcopy(msg, p, mlen); 4789 p += mlen; 4790 } 4791 va_end(ap); 4792 4793 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4794 lh->len = htons (LCP_HEADER_LEN + len); 4795 4796 if (debug) { 4797 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4798 SPP_ARGS(ifp), cp->name, 4799 sppp_auth_type_name(cp->proto, lh->type), 4800 lh->ident, ntohs(lh->len)); 4801 sppp_print_bytes((u_char*) (lh+1), len); 4802 log(-1, ">\n"); 4803 } 4804 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 4805 ifp->if_oerrors++; 4806} 4807 4808/* 4809 * Flush interface queue. 4810 */ 4811static void 4812sppp_qflush(struct ifqueue *ifq) 4813{ 4814 struct mbuf *m, *n; 4815 4816 n = ifq->ifq_head; 4817 while ((m = n)) { 4818 n = m->m_act; 4819 m_freem (m); 4820 } 4821 ifq->ifq_head = 0; 4822 ifq->ifq_tail = 0; 4823 ifq->ifq_len = 0; 4824} 4825 4826/* 4827 * Send keepalive packets, every 10 seconds. 4828 */ 4829static void 4830sppp_keepalive(void *dummy) 4831{ 4832 struct sppp *sp = (struct sppp*)dummy; 4833 struct ifnet *ifp = SP2IFP(sp); 4834 int s; 4835 4836 s = splimp(); 4837 SPPP_LOCK(sp); 4838 /* Keepalive mode disabled or channel down? */ 4839 if (! (sp->pp_flags & PP_KEEPALIVE) || 4840 ! (ifp->if_drv_flags & IFF_DRV_RUNNING)) 4841 goto out; 4842 4843 if (sp->pp_mode == PP_FR) { 4844 sppp_fr_keepalive (sp); 4845 goto out; 4846 } 4847 4848 /* No keepalive in PPP mode if LCP not opened yet. */ 4849 if (sp->pp_mode != IFF_CISCO && 4850 sp->pp_phase < PHASE_AUTHENTICATE) 4851 goto out; 4852 4853 if (sp->pp_alivecnt == MAXALIVECNT) { 4854 /* No keepalive packets got. Stop the interface. */ 4855 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4856 if_down (ifp); 4857 sppp_qflush (&sp->pp_cpq); 4858 if (sp->pp_mode != IFF_CISCO) { 4859 /* XXX */ 4860 /* Shut down the PPP link. */ 4861 lcp.Down(sp); 4862 /* Initiate negotiation. XXX */ 4863 lcp.Up(sp); 4864 } 4865 } 4866 if (sp->pp_alivecnt <= MAXALIVECNT) 4867 ++sp->pp_alivecnt; 4868 if (sp->pp_mode == IFF_CISCO) 4869 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4870 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4871 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4872 long nmagic = htonl (sp->lcp.magic); 4873 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4874 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4875 sp->lcp.echoid, 4, &nmagic); 4876 } 4877out: 4878 SPPP_UNLOCK(sp); 4879 splx(s); 4880 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 4881 (void *)sp); 4882} 4883 4884/* 4885 * Get both IP addresses. 4886 */ 4887void 4888sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4889{ 4890 struct ifnet *ifp = SP2IFP(sp); 4891 struct ifaddr *ifa; 4892 struct sockaddr_in *si, *sm; 4893 u_long ssrc, ddst; 4894 4895 sm = NULL; 4896 ssrc = ddst = 0L; 4897 /* 4898 * Pick the first AF_INET address from the list, 4899 * aliases don't make any sense on a p2p link anyway. 4900 */ 4901 si = 0; 4902#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4903 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4904#elif defined(__NetBSD__) || defined (__OpenBSD__) 4905 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4906 ifa; 4907 ifa = TAILQ_NEXT(ifa, ifa_list)) 4908#else 4909 for (ifa = ifp->if_addrlist; 4910 ifa; 4911 ifa = ifa->ifa_next) 4912#endif 4913 if (ifa->ifa_addr->sa_family == AF_INET) { 4914 si = (struct sockaddr_in *)ifa->ifa_addr; 4915 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4916 if (si) 4917 break; 4918 } 4919 if (ifa) { 4920 if (si && si->sin_addr.s_addr) { 4921 ssrc = si->sin_addr.s_addr; 4922 if (srcmask) 4923 *srcmask = ntohl(sm->sin_addr.s_addr); 4924 } 4925 4926 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4927 if (si && si->sin_addr.s_addr) 4928 ddst = si->sin_addr.s_addr; 4929 } 4930 4931 if (dst) *dst = ntohl(ddst); 4932 if (src) *src = ntohl(ssrc); 4933} 4934 4935/* 4936 * Set my IP address. Must be called at splimp. 4937 */ 4938static void 4939sppp_set_ip_addr(struct sppp *sp, u_long src) 4940{ 4941 STDDCL; 4942 struct ifaddr *ifa; 4943 struct sockaddr_in *si; 4944 struct in_ifaddr *ia; 4945 4946 /* 4947 * Pick the first AF_INET address from the list, 4948 * aliases don't make any sense on a p2p link anyway. 4949 */ 4950 si = 0; 4951#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4952 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4953#elif defined(__NetBSD__) || defined (__OpenBSD__) 4954 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4955 ifa; 4956 ifa = TAILQ_NEXT(ifa, ifa_list)) 4957#else 4958 for (ifa = ifp->if_addrlist; 4959 ifa; 4960 ifa = ifa->ifa_next) 4961#endif 4962 { 4963 if (ifa->ifa_addr->sa_family == AF_INET) 4964 { 4965 si = (struct sockaddr_in *)ifa->ifa_addr; 4966 if (si) 4967 break; 4968 } 4969 } 4970 4971 if (ifa && si) 4972 { 4973 int error; 4974#if defined(__NetBSD__) && __NetBSD_Version__ >= 103080000 4975 struct sockaddr_in new_sin = *si; 4976 4977 new_sin.sin_addr.s_addr = htonl(src); 4978 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4979 if(debug && error) 4980 { 4981 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4982 " failed, error=%d\n", SPP_ARGS(ifp), error); 4983 } 4984#else 4985 /* delete old route */ 4986 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4987 if(debug && error) 4988 { 4989 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4990 SPP_ARGS(ifp), error); 4991 } 4992 4993 /* set new address */ 4994 si->sin_addr.s_addr = htonl(src); 4995 ia = ifatoia(ifa); 4996 LIST_REMOVE(ia, ia_hash); 4997 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4998 4999 /* add new route */ 5000 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 5001 if (debug && error) 5002 { 5003 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 5004 SPP_ARGS(ifp), error); 5005 } 5006#endif 5007 } 5008} 5009 5010#ifdef INET6 5011/* 5012 * Get both IPv6 addresses. 5013 */ 5014static void 5015sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 5016 struct in6_addr *srcmask) 5017{ 5018 struct ifnet *ifp = SP2IFP(sp); 5019 struct ifaddr *ifa; 5020 struct sockaddr_in6 *si, *sm; 5021 struct in6_addr ssrc, ddst; 5022 5023 sm = NULL; 5024 bzero(&ssrc, sizeof(ssrc)); 5025 bzero(&ddst, sizeof(ddst)); 5026 /* 5027 * Pick the first link-local AF_INET6 address from the list, 5028 * aliases don't make any sense on a p2p link anyway. 5029 */ 5030 si = 0; 5031#if defined(__FreeBSD__) && __FreeBSD__ >= 3 5032 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 5033#elif defined(__NetBSD__) || defined (__OpenBSD__) 5034 for (ifa = ifp->if_addrlist.tqh_first; 5035 ifa; 5036 ifa = ifa->ifa_list.tqe_next) 5037#else 5038 for (ifa = ifp->if_addrlist; 5039 ifa; 5040 ifa = ifa->ifa_next) 5041#endif 5042 if (ifa->ifa_addr->sa_family == AF_INET6) { 5043 si = (struct sockaddr_in6 *)ifa->ifa_addr; 5044 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 5045 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 5046 break; 5047 } 5048 if (ifa) { 5049 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 5050 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 5051 if (srcmask) { 5052 bcopy(&sm->sin6_addr, srcmask, 5053 sizeof(*srcmask)); 5054 } 5055 } 5056 5057 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 5058 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 5059 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 5060 } 5061 5062 if (dst) 5063 bcopy(&ddst, dst, sizeof(*dst)); 5064 if (src) 5065 bcopy(&ssrc, src, sizeof(*src)); 5066} 5067 5068#ifdef IPV6CP_MYIFID_DYN 5069/* 5070 * Generate random ifid. 5071 */ 5072static void 5073sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 5074{ 5075 /* TBD */ 5076} 5077 5078/* 5079 * Set my IPv6 address. Must be called at splimp. 5080 */ 5081static void 5082sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 5083{ 5084 STDDCL; 5085 struct ifaddr *ifa; 5086 struct sockaddr_in6 *sin6; 5087 5088 /* 5089 * Pick the first link-local AF_INET6 address from the list, 5090 * aliases don't make any sense on a p2p link anyway. 5091 */ 5092 5093 sin6 = NULL; 5094#if defined(__FreeBSD__) && __FreeBSD__ >= 3 5095 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 5096#elif defined(__NetBSD__) || defined (__OpenBSD__) 5097 for (ifa = ifp->if_addrlist.tqh_first; 5098 ifa; 5099 ifa = ifa->ifa_list.tqe_next) 5100#else 5101 for (ifa = ifp->if_addrlist; ifa; ifa = ifa->ifa_next) 5102#endif 5103 { 5104 if (ifa->ifa_addr->sa_family == AF_INET6) 5105 { 5106 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 5107 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 5108 break; 5109 } 5110 } 5111 5112 if (ifa && sin6) 5113 { 5114 int error; 5115 struct sockaddr_in6 new_sin6 = *sin6; 5116 5117 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 5118 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 5119 if (debug && error) 5120 { 5121 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 5122 " failed, error=%d\n", SPP_ARGS(ifp), error); 5123 } 5124 } 5125} 5126#endif 5127 5128/* 5129 * Suggest a candidate address to be used by peer. 5130 */ 5131static void 5132sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5133{ 5134 struct in6_addr myaddr; 5135 struct timeval tv; 5136 5137 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5138 5139 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5140 microtime(&tv); 5141 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5142 myaddr.s6_addr[14] ^= 0xff; 5143 myaddr.s6_addr[15] ^= 0xff; 5144 } else { 5145 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5146 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5147 } 5148 if (suggest) 5149 bcopy(&myaddr, suggest, sizeof(myaddr)); 5150} 5151#endif /*INET6*/ 5152 5153static int 5154sppp_params(struct sppp *sp, u_long cmd, void *data) 5155{ 5156 u_long subcmd; 5157 struct ifreq *ifr = (struct ifreq *)data; 5158 struct spppreq *spr; 5159 int rv = 0; 5160 5161 if ((spr = malloc(sizeof(struct spppreq), M_TEMP, M_NOWAIT)) == 0) 5162 return (EAGAIN); 5163 /* 5164 * ifr->ifr_data is supposed to point to a struct spppreq. 5165 * Check the cmd word first before attempting to fetch all the 5166 * data. 5167 */ 5168 if ((subcmd = fuword(ifr->ifr_data)) == -1) { 5169 rv = EFAULT; 5170 goto quit; 5171 } 5172 5173 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(struct spppreq)) != 0) { 5174 rv = EFAULT; 5175 goto quit; 5176 } 5177 5178 switch (subcmd) { 5179 case (u_long)SPPPIOGDEFS: 5180 if (cmd != SIOCGIFGENERIC) { 5181 rv = EINVAL; 5182 break; 5183 } 5184 /* 5185 * We copy over the entire current state, but clean 5186 * out some of the stuff we don't wanna pass up. 5187 * Remember, SIOCGIFGENERIC is unprotected, and can be 5188 * called by any user. No need to ever get PAP or 5189 * CHAP secrets back to userland anyway. 5190 */ 5191 spr->defs.pp_phase = sp->pp_phase; 5192 spr->defs.enable_vj = (sp->confflags & CONF_ENABLE_VJ) != 0; 5193 spr->defs.enable_ipv6 = (sp->confflags & CONF_ENABLE_IPV6) != 0; 5194 spr->defs.lcp = sp->lcp; 5195 spr->defs.ipcp = sp->ipcp; 5196 spr->defs.ipv6cp = sp->ipv6cp; 5197 spr->defs.myauth = sp->myauth; 5198 spr->defs.hisauth = sp->hisauth; 5199 bzero(spr->defs.myauth.secret, AUTHKEYLEN); 5200 bzero(spr->defs.myauth.challenge, AUTHKEYLEN); 5201 bzero(spr->defs.hisauth.secret, AUTHKEYLEN); 5202 bzero(spr->defs.hisauth.challenge, AUTHKEYLEN); 5203 /* 5204 * Fixup the LCP timeout value to milliseconds so 5205 * spppcontrol doesn't need to bother about the value 5206 * of "hz". We do the reverse calculation below when 5207 * setting it. 5208 */ 5209 spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz; 5210 rv = copyout(spr, (caddr_t)ifr->ifr_data, 5211 sizeof(struct spppreq)); 5212 break; 5213 5214 case (u_long)SPPPIOSDEFS: 5215 if (cmd != SIOCSIFGENERIC) { 5216 rv = EINVAL; 5217 break; 5218 } 5219 /* 5220 * We have a very specific idea of which fields we 5221 * allow being passed back from userland, so to not 5222 * clobber our current state. For one, we only allow 5223 * setting anything if LCP is in dead or establish 5224 * phase. Once the authentication negotiations 5225 * started, the authentication settings must not be 5226 * changed again. (The administrator can force an 5227 * ifconfig down in order to get LCP back into dead 5228 * phase.) 5229 * 5230 * Also, we only allow for authentication parameters to be 5231 * specified. 5232 * 5233 * XXX Should allow to set or clear pp_flags. 5234 * 5235 * Finally, if the respective authentication protocol to 5236 * be used is set differently than 0, but the secret is 5237 * passed as all zeros, we don't trash the existing secret. 5238 * This allows an administrator to change the system name 5239 * only without clobbering the secret (which he didn't get 5240 * back in a previous SPPPIOGDEFS call). However, the 5241 * secrets are cleared if the authentication protocol is 5242 * reset to 0. */ 5243 if (sp->pp_phase != PHASE_DEAD && 5244 sp->pp_phase != PHASE_ESTABLISH) { 5245 rv = EBUSY; 5246 break; 5247 } 5248 5249 if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP && 5250 spr->defs.myauth.proto != PPP_CHAP) || 5251 (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP && 5252 spr->defs.hisauth.proto != PPP_CHAP)) { 5253 rv = EINVAL; 5254 break; 5255 } 5256 5257 if (spr->defs.myauth.proto == 0) 5258 /* resetting myauth */ 5259 bzero(&sp->myauth, sizeof sp->myauth); 5260 else { 5261 /* setting/changing myauth */ 5262 sp->myauth.proto = spr->defs.myauth.proto; 5263 bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 5264 if (spr->defs.myauth.secret[0] != '\0') 5265 bcopy(spr->defs.myauth.secret, sp->myauth.secret, 5266 AUTHKEYLEN); 5267 } 5268 if (spr->defs.hisauth.proto == 0) 5269 /* resetting hisauth */ 5270 bzero(&sp->hisauth, sizeof sp->hisauth); 5271 else { 5272 /* setting/changing hisauth */ 5273 sp->hisauth.proto = spr->defs.hisauth.proto; 5274 sp->hisauth.flags = spr->defs.hisauth.flags; 5275 bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5276 if (spr->defs.hisauth.secret[0] != '\0') 5277 bcopy(spr->defs.hisauth.secret, sp->hisauth.secret, 5278 AUTHKEYLEN); 5279 } 5280 /* set LCP restart timer timeout */ 5281 if (spr->defs.lcp.timeout != 0) 5282 sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000; 5283 /* set VJ enable and IPv6 disable flags */ 5284#ifdef INET 5285 if (spr->defs.enable_vj) 5286 sp->confflags |= CONF_ENABLE_VJ; 5287 else 5288 sp->confflags &= ~CONF_ENABLE_VJ; 5289#endif 5290#ifdef INET6 5291 if (spr->defs.enable_ipv6) 5292 sp->confflags |= CONF_ENABLE_IPV6; 5293 else 5294 sp->confflags &= ~CONF_ENABLE_IPV6; 5295#endif 5296 break; 5297 5298 default: 5299 rv = EINVAL; 5300 } 5301 5302 quit: 5303 free(spr, M_TEMP); 5304 5305 return (rv); 5306} 5307 5308static void 5309sppp_phase_network(struct sppp *sp) 5310{ 5311 STDDCL; 5312 int i; 5313 u_long mask; 5314 5315 sp->pp_phase = PHASE_NETWORK; 5316 5317 if (debug) 5318 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5319 sppp_phase_name(sp->pp_phase)); 5320 5321 /* Notify NCPs now. */ 5322 for (i = 0; i < IDX_COUNT; i++) 5323 if ((cps[i])->flags & CP_NCP) 5324 (cps[i])->Open(sp); 5325 5326 /* Send Up events to all NCPs. */ 5327 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5328 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5329 (cps[i])->Up(sp); 5330 5331 /* if no NCP is starting, all this was in vain, close down */ 5332 sppp_lcp_check_and_close(sp); 5333} 5334 5335 5336static const char * 5337sppp_cp_type_name(u_char type) 5338{ 5339 static char buf[12]; 5340 switch (type) { 5341 case CONF_REQ: return "conf-req"; 5342 case CONF_ACK: return "conf-ack"; 5343 case CONF_NAK: return "conf-nak"; 5344 case CONF_REJ: return "conf-rej"; 5345 case TERM_REQ: return "term-req"; 5346 case TERM_ACK: return "term-ack"; 5347 case CODE_REJ: return "code-rej"; 5348 case PROTO_REJ: return "proto-rej"; 5349 case ECHO_REQ: return "echo-req"; 5350 case ECHO_REPLY: return "echo-reply"; 5351 case DISC_REQ: return "discard-req"; 5352 } 5353 snprintf (buf, sizeof(buf), "cp/0x%x", type); 5354 return buf; 5355} 5356 5357static const char * 5358sppp_auth_type_name(u_short proto, u_char type) 5359{ 5360 static char buf[12]; 5361 switch (proto) { 5362 case PPP_CHAP: 5363 switch (type) { 5364 case CHAP_CHALLENGE: return "challenge"; 5365 case CHAP_RESPONSE: return "response"; 5366 case CHAP_SUCCESS: return "success"; 5367 case CHAP_FAILURE: return "failure"; 5368 } 5369 case PPP_PAP: 5370 switch (type) { 5371 case PAP_REQ: return "req"; 5372 case PAP_ACK: return "ack"; 5373 case PAP_NAK: return "nak"; 5374 } 5375 } 5376 snprintf (buf, sizeof(buf), "auth/0x%x", type); 5377 return buf; 5378} 5379 5380static const char * 5381sppp_lcp_opt_name(u_char opt) 5382{ 5383 static char buf[12]; 5384 switch (opt) { 5385 case LCP_OPT_MRU: return "mru"; 5386 case LCP_OPT_ASYNC_MAP: return "async-map"; 5387 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5388 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5389 case LCP_OPT_MAGIC: return "magic"; 5390 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5391 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5392 } 5393 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 5394 return buf; 5395} 5396 5397static const char * 5398sppp_ipcp_opt_name(u_char opt) 5399{ 5400 static char buf[12]; 5401 switch (opt) { 5402 case IPCP_OPT_ADDRESSES: return "addresses"; 5403 case IPCP_OPT_COMPRESSION: return "compression"; 5404 case IPCP_OPT_ADDRESS: return "address"; 5405 } 5406 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 5407 return buf; 5408} 5409 5410#ifdef INET6 5411static const char * 5412sppp_ipv6cp_opt_name(u_char opt) 5413{ 5414 static char buf[12]; 5415 switch (opt) { 5416 case IPV6CP_OPT_IFID: return "ifid"; 5417 case IPV6CP_OPT_COMPRESSION: return "compression"; 5418 } 5419 sprintf (buf, "0x%x", opt); 5420 return buf; 5421} 5422#endif 5423 5424static const char * 5425sppp_state_name(int state) 5426{ 5427 switch (state) { 5428 case STATE_INITIAL: return "initial"; 5429 case STATE_STARTING: return "starting"; 5430 case STATE_CLOSED: return "closed"; 5431 case STATE_STOPPED: return "stopped"; 5432 case STATE_CLOSING: return "closing"; 5433 case STATE_STOPPING: return "stopping"; 5434 case STATE_REQ_SENT: return "req-sent"; 5435 case STATE_ACK_RCVD: return "ack-rcvd"; 5436 case STATE_ACK_SENT: return "ack-sent"; 5437 case STATE_OPENED: return "opened"; 5438 } 5439 return "illegal"; 5440} 5441 5442static const char * 5443sppp_phase_name(enum ppp_phase phase) 5444{ 5445 switch (phase) { 5446 case PHASE_DEAD: return "dead"; 5447 case PHASE_ESTABLISH: return "establish"; 5448 case PHASE_TERMINATE: return "terminate"; 5449 case PHASE_AUTHENTICATE: return "authenticate"; 5450 case PHASE_NETWORK: return "network"; 5451 } 5452 return "illegal"; 5453} 5454 5455static const char * 5456sppp_proto_name(u_short proto) 5457{ 5458 static char buf[12]; 5459 switch (proto) { 5460 case PPP_LCP: return "lcp"; 5461 case PPP_IPCP: return "ipcp"; 5462 case PPP_PAP: return "pap"; 5463 case PPP_CHAP: return "chap"; 5464 case PPP_IPV6CP: return "ipv6cp"; 5465 } 5466 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5467 return buf; 5468} 5469 5470static void 5471sppp_print_bytes(const u_char *p, u_short len) 5472{ 5473 if (len) 5474 log(-1, " %*D", len, p, "-"); 5475} 5476 5477static void 5478sppp_print_string(const char *p, u_short len) 5479{ 5480 u_char c; 5481 5482 while (len-- > 0) { 5483 c = *p++; 5484 /* 5485 * Print only ASCII chars directly. RFC 1994 recommends 5486 * using only them, but we don't rely on it. */ 5487 if (c < ' ' || c > '~') 5488 log(-1, "\\x%x", c); 5489 else 5490 log(-1, "%c", c); 5491 } 5492} 5493 5494static const char * 5495sppp_dotted_quad(u_long addr) 5496{ 5497 static char s[16]; 5498 sprintf(s, "%d.%d.%d.%d", 5499 (int)((addr >> 24) & 0xff), 5500 (int)((addr >> 16) & 0xff), 5501 (int)((addr >> 8) & 0xff), 5502 (int)(addr & 0xff)); 5503 return s; 5504} 5505 5506static int 5507sppp_strnlen(u_char *p, int max) 5508{ 5509 int len; 5510 5511 for (len = 0; len < max && *p; ++p) 5512 ++len; 5513 return len; 5514} 5515 5516/* a dummy, used to drop uninteresting events */ 5517static void 5518sppp_null(struct sppp *unused) 5519{ 5520 /* do just nothing */ 5521} 5522