if_spppsubr.c revision 181803
1/* 2 * Synchronous PPP/Cisco/Frame Relay link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 */ 5/*- 6 * Copyright (C) 1994-2000 Cronyx Engineering. 7 * Author: Serge Vakulenko, <vak@cronyx.ru> 8 * 9 * Heavily revamped to conform to RFC 1661. 10 * Copyright (C) 1997, 2001 Joerg Wunsch. 11 * 12 * This software is distributed with NO WARRANTIES, not even the implied 13 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 14 * 15 * Authors grant any other persons or organisations permission to use 16 * or modify this software as long as this message is kept with the software, 17 * all derivative works or modified versions. 18 * 19 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 20 * 21 * $FreeBSD: head/sys/net/if_spppsubr.c 181803 2008-08-17 23:27:27Z bz $ 22 */ 23 24#include <sys/param.h> 25 26#if defined(__FreeBSD__) && __FreeBSD__ >= 3 27#include "opt_inet.h" 28#include "opt_inet6.h" 29#include "opt_ipx.h" 30#endif 31 32#ifdef NetBSD1_3 33# if NetBSD1_3 > 6 34# include "opt_inet.h" 35# include "opt_inet6.h" 36# include "opt_iso.h" 37# endif 38#endif 39 40#include <sys/systm.h> 41#include <sys/kernel.h> 42#include <sys/module.h> 43#include <sys/sockio.h> 44#include <sys/socket.h> 45#include <sys/syslog.h> 46#if defined(__FreeBSD__) && __FreeBSD__ >= 3 47#include <sys/random.h> 48#endif 49#include <sys/malloc.h> 50#include <sys/mbuf.h> 51#include <sys/vimage.h> 52 53#if defined (__OpenBSD__) 54#include <sys/md5k.h> 55#else 56#include <sys/md5.h> 57#endif 58 59#include <net/if.h> 60#include <net/netisr.h> 61#include <net/if_types.h> 62#include <net/route.h> 63#include <netinet/in.h> 64#include <netinet/in_systm.h> 65#include <netinet/ip.h> 66#include <net/slcompress.h> 67 68#if defined (__NetBSD__) || defined (__OpenBSD__) 69#include <machine/cpu.h> /* XXX for softnet */ 70#endif 71 72#include <machine/stdarg.h> 73 74#include <netinet/in_var.h> 75 76#ifdef INET 77#include <netinet/ip.h> 78#include <netinet/tcp.h> 79#endif 80 81#ifdef INET6 82#include <netinet6/scope6_var.h> 83#endif 84 85#if defined (__FreeBSD__) || defined (__OpenBSD__) 86# include <netinet/if_ether.h> 87#else 88# include <net/ethertypes.h> 89#endif 90 91#ifdef IPX 92#include <netipx/ipx.h> 93#include <netipx/ipx_if.h> 94#endif 95 96#include <net/if_sppp.h> 97 98#if defined(__FreeBSD__) && __FreeBSD__ >= 3 99# define IOCTL_CMD_T u_long 100#else 101# define IOCTL_CMD_T int 102#endif 103 104#define MAXALIVECNT 3 /* max. alive packets */ 105 106/* 107 * Interface flags that can be set in an ifconfig command. 108 * 109 * Setting link0 will make the link passive, i.e. it will be marked 110 * as being administrative openable, but won't be opened to begin 111 * with. Incoming calls will be answered, or subsequent calls with 112 * -link1 will cause the administrative open of the LCP layer. 113 * 114 * Setting link1 will cause the link to auto-dial only as packets 115 * arrive to be sent. 116 * 117 * Setting IFF_DEBUG will syslog the option negotiation and state 118 * transitions at level kern.debug. Note: all logs consistently look 119 * like 120 * 121 * <if-name><unit>: <proto-name> <additional info...> 122 * 123 * with <if-name><unit> being something like "bppp0", and <proto-name> 124 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 125 */ 126 127#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 128#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 129#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 130 131#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 132#define PPP_UI 0x03 /* Unnumbered Information */ 133#define PPP_IP 0x0021 /* Internet Protocol */ 134#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 135#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 136#define PPP_IPX 0x002b /* Novell IPX Protocol */ 137#define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */ 138#define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */ 139#define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 140#define PPP_LCP 0xc021 /* Link Control Protocol */ 141#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 142#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 143#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 144#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 145 146#define CONF_REQ 1 /* PPP configure request */ 147#define CONF_ACK 2 /* PPP configure acknowledge */ 148#define CONF_NAK 3 /* PPP configure negative ack */ 149#define CONF_REJ 4 /* PPP configure reject */ 150#define TERM_REQ 5 /* PPP terminate request */ 151#define TERM_ACK 6 /* PPP terminate acknowledge */ 152#define CODE_REJ 7 /* PPP code reject */ 153#define PROTO_REJ 8 /* PPP protocol reject */ 154#define ECHO_REQ 9 /* PPP echo request */ 155#define ECHO_REPLY 10 /* PPP echo reply */ 156#define DISC_REQ 11 /* PPP discard request */ 157 158#define LCP_OPT_MRU 1 /* maximum receive unit */ 159#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 160#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 161#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 162#define LCP_OPT_MAGIC 5 /* magic number */ 163#define LCP_OPT_RESERVED 6 /* reserved */ 164#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 165#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 166 167#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 168#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 169#define IPCP_OPT_ADDRESS 3 /* local IP address */ 170 171#define IPV6CP_OPT_IFID 1 /* interface identifier */ 172#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 173 174#define IPCP_COMP_VJ 0x2d /* Code for VJ compression */ 175 176#define PAP_REQ 1 /* PAP name/password request */ 177#define PAP_ACK 2 /* PAP acknowledge */ 178#define PAP_NAK 3 /* PAP fail */ 179 180#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 181#define CHAP_RESPONSE 2 /* CHAP challenge response */ 182#define CHAP_SUCCESS 3 /* CHAP response ok */ 183#define CHAP_FAILURE 4 /* CHAP response failed */ 184 185#define CHAP_MD5 5 /* hash algorithm - MD5 */ 186 187#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 188#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 189#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 190#define CISCO_ADDR_REQ 0 /* Cisco address request */ 191#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 192#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 193 194/* states are named and numbered according to RFC 1661 */ 195#define STATE_INITIAL 0 196#define STATE_STARTING 1 197#define STATE_CLOSED 2 198#define STATE_STOPPED 3 199#define STATE_CLOSING 4 200#define STATE_STOPPING 5 201#define STATE_REQ_SENT 6 202#define STATE_ACK_RCVD 7 203#define STATE_ACK_SENT 8 204#define STATE_OPENED 9 205 206MALLOC_DEFINE(M_SPPP, "sppp", "synchronous PPP interface internals"); 207 208struct ppp_header { 209 u_char address; 210 u_char control; 211 u_short protocol; 212} __packed; 213#define PPP_HEADER_LEN sizeof (struct ppp_header) 214 215struct lcp_header { 216 u_char type; 217 u_char ident; 218 u_short len; 219} __packed; 220#define LCP_HEADER_LEN sizeof (struct lcp_header) 221 222struct cisco_packet { 223 u_long type; 224 u_long par1; 225 u_long par2; 226 u_short rel; 227 u_short time0; 228 u_short time1; 229} __packed; 230#define CISCO_PACKET_LEN sizeof (struct cisco_packet) 231 232/* 233 * We follow the spelling and capitalization of RFC 1661 here, to make 234 * it easier comparing with the standard. Please refer to this RFC in 235 * case you can't make sense out of these abbreviation; it will also 236 * explain the semantics related to the various events and actions. 237 */ 238struct cp { 239 u_short proto; /* PPP control protocol number */ 240 u_char protoidx; /* index into state table in struct sppp */ 241 u_char flags; 242#define CP_LCP 0x01 /* this is the LCP */ 243#define CP_AUTH 0x02 /* this is an authentication protocol */ 244#define CP_NCP 0x04 /* this is a NCP */ 245#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 246 const char *name; /* name of this control protocol */ 247 /* event handlers */ 248 void (*Up)(struct sppp *sp); 249 void (*Down)(struct sppp *sp); 250 void (*Open)(struct sppp *sp); 251 void (*Close)(struct sppp *sp); 252 void (*TO)(void *sp); 253 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 254 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 255 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 256 /* actions */ 257 void (*tlu)(struct sppp *sp); 258 void (*tld)(struct sppp *sp); 259 void (*tls)(struct sppp *sp); 260 void (*tlf)(struct sppp *sp); 261 void (*scr)(struct sppp *sp); 262}; 263 264#if defined(__FreeBSD__) && __FreeBSD__ >= 3 && __FreeBSD_version < 501113 265#define SPP_FMT "%s%d: " 266#define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 267#else 268#define SPP_FMT "%s: " 269#define SPP_ARGS(ifp) (ifp)->if_xname 270#endif 271 272#define SPPP_LOCK(sp) \ 273 do { \ 274 if (!(SP2IFP(sp)->if_flags & IFF_NEEDSGIANT)) \ 275 mtx_lock (&(sp)->mtx); \ 276 } while (0) 277#define SPPP_UNLOCK(sp) \ 278 do { \ 279 if (!(SP2IFP(sp)->if_flags & IFF_NEEDSGIANT)) \ 280 mtx_unlock (&(sp)->mtx); \ 281 } while (0) 282 283#define SPPP_LOCK_ASSERT(sp) \ 284 do { \ 285 if (!(SP2IFP(sp)->if_flags & IFF_NEEDSGIANT)) \ 286 mtx_assert (&(sp)->mtx, MA_OWNED); \ 287 } while (0) 288#define SPPP_LOCK_OWNED(sp) \ 289 (!(SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) && \ 290 mtx_owned (&sp->mtx)) 291 292#ifdef INET 293/* 294 * The following disgusting hack gets around the problem that IP TOS 295 * can't be set yet. We want to put "interactive" traffic on a high 296 * priority queue. To decide if traffic is interactive, we check that 297 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 298 * 299 * XXX is this really still necessary? - joerg - 300 */ 301static const u_short interactive_ports[8] = { 302 0, 513, 0, 0, 303 0, 21, 0, 23, 304}; 305#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 306#endif 307 308/* almost every function needs these */ 309#define STDDCL \ 310 struct ifnet *ifp = SP2IFP(sp); \ 311 int debug = ifp->if_flags & IFF_DEBUG 312 313static int sppp_output(struct ifnet *ifp, struct mbuf *m, 314 struct sockaddr *dst, struct rtentry *rt); 315 316static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 317static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 318 319static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 320 struct mbuf *m); 321static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 322 u_char ident, u_short len, void *data); 323/* static void sppp_cp_timeout(void *arg); */ 324static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 325 int newstate); 326static void sppp_auth_send(const struct cp *cp, 327 struct sppp *sp, unsigned int type, unsigned int id, 328 ...); 329 330static void sppp_up_event(const struct cp *cp, struct sppp *sp); 331static void sppp_down_event(const struct cp *cp, struct sppp *sp); 332static void sppp_open_event(const struct cp *cp, struct sppp *sp); 333static void sppp_close_event(const struct cp *cp, struct sppp *sp); 334static void sppp_to_event(const struct cp *cp, struct sppp *sp); 335 336static void sppp_null(struct sppp *sp); 337 338static void sppp_pp_up(struct sppp *sp); 339static void sppp_pp_down(struct sppp *sp); 340 341static void sppp_lcp_init(struct sppp *sp); 342static void sppp_lcp_up(struct sppp *sp); 343static void sppp_lcp_down(struct sppp *sp); 344static void sppp_lcp_open(struct sppp *sp); 345static void sppp_lcp_close(struct sppp *sp); 346static void sppp_lcp_TO(void *sp); 347static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 348static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 349static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 350static void sppp_lcp_tlu(struct sppp *sp); 351static void sppp_lcp_tld(struct sppp *sp); 352static void sppp_lcp_tls(struct sppp *sp); 353static void sppp_lcp_tlf(struct sppp *sp); 354static void sppp_lcp_scr(struct sppp *sp); 355static void sppp_lcp_check_and_close(struct sppp *sp); 356static int sppp_ncp_check(struct sppp *sp); 357 358static void sppp_ipcp_init(struct sppp *sp); 359static void sppp_ipcp_up(struct sppp *sp); 360static void sppp_ipcp_down(struct sppp *sp); 361static void sppp_ipcp_open(struct sppp *sp); 362static void sppp_ipcp_close(struct sppp *sp); 363static void sppp_ipcp_TO(void *sp); 364static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 365static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 366static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 367static void sppp_ipcp_tlu(struct sppp *sp); 368static void sppp_ipcp_tld(struct sppp *sp); 369static void sppp_ipcp_tls(struct sppp *sp); 370static void sppp_ipcp_tlf(struct sppp *sp); 371static void sppp_ipcp_scr(struct sppp *sp); 372 373static void sppp_ipv6cp_init(struct sppp *sp); 374static void sppp_ipv6cp_up(struct sppp *sp); 375static void sppp_ipv6cp_down(struct sppp *sp); 376static void sppp_ipv6cp_open(struct sppp *sp); 377static void sppp_ipv6cp_close(struct sppp *sp); 378static void sppp_ipv6cp_TO(void *sp); 379static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 380static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 381static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 382static void sppp_ipv6cp_tlu(struct sppp *sp); 383static void sppp_ipv6cp_tld(struct sppp *sp); 384static void sppp_ipv6cp_tls(struct sppp *sp); 385static void sppp_ipv6cp_tlf(struct sppp *sp); 386static void sppp_ipv6cp_scr(struct sppp *sp); 387 388static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 389static void sppp_pap_init(struct sppp *sp); 390static void sppp_pap_open(struct sppp *sp); 391static void sppp_pap_close(struct sppp *sp); 392static void sppp_pap_TO(void *sp); 393static void sppp_pap_my_TO(void *sp); 394static void sppp_pap_tlu(struct sppp *sp); 395static void sppp_pap_tld(struct sppp *sp); 396static void sppp_pap_scr(struct sppp *sp); 397 398static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 399static void sppp_chap_init(struct sppp *sp); 400static void sppp_chap_open(struct sppp *sp); 401static void sppp_chap_close(struct sppp *sp); 402static void sppp_chap_TO(void *sp); 403static void sppp_chap_tlu(struct sppp *sp); 404static void sppp_chap_tld(struct sppp *sp); 405static void sppp_chap_scr(struct sppp *sp); 406 407static const char *sppp_auth_type_name(u_short proto, u_char type); 408static const char *sppp_cp_type_name(u_char type); 409static const char *sppp_dotted_quad(u_long addr); 410static const char *sppp_ipcp_opt_name(u_char opt); 411#ifdef INET6 412static const char *sppp_ipv6cp_opt_name(u_char opt); 413#endif 414static const char *sppp_lcp_opt_name(u_char opt); 415static const char *sppp_phase_name(enum ppp_phase phase); 416static const char *sppp_proto_name(u_short proto); 417static const char *sppp_state_name(int state); 418static int sppp_params(struct sppp *sp, u_long cmd, void *data); 419static int sppp_strnlen(u_char *p, int max); 420static void sppp_keepalive(void *dummy); 421static void sppp_phase_network(struct sppp *sp); 422static void sppp_print_bytes(const u_char *p, u_short len); 423static void sppp_print_string(const char *p, u_short len); 424static void sppp_qflush(struct ifqueue *ifq); 425static void sppp_set_ip_addr(struct sppp *sp, u_long src); 426#ifdef INET6 427static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 428 struct in6_addr *dst, struct in6_addr *srcmask); 429#ifdef IPV6CP_MYIFID_DYN 430static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 431static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 432#endif 433static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 434#endif 435 436/* if_start () wrapper */ 437static void sppp_ifstart (struct ifnet *ifp); 438 439/* our control protocol descriptors */ 440static const struct cp lcp = { 441 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 442 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 443 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 444 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 445 sppp_lcp_scr 446}; 447 448static const struct cp ipcp = { 449 PPP_IPCP, IDX_IPCP, 450#ifdef INET /* don't run IPCP if there's no IPv4 support */ 451 CP_NCP, 452#else 453 0, 454#endif 455 "ipcp", 456 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 457 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 458 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 459 sppp_ipcp_scr 460}; 461 462static const struct cp ipv6cp = { 463 PPP_IPV6CP, IDX_IPV6CP, 464#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 465 CP_NCP, 466#else 467 0, 468#endif 469 "ipv6cp", 470 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 471 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 472 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 473 sppp_ipv6cp_scr 474}; 475 476static const struct cp pap = { 477 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 478 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 479 sppp_pap_TO, 0, 0, 0, 480 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 481 sppp_pap_scr 482}; 483 484static const struct cp chap = { 485 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 486 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 487 sppp_chap_TO, 0, 0, 0, 488 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 489 sppp_chap_scr 490}; 491 492static const struct cp *cps[IDX_COUNT] = { 493 &lcp, /* IDX_LCP */ 494 &ipcp, /* IDX_IPCP */ 495 &ipv6cp, /* IDX_IPV6CP */ 496 &pap, /* IDX_PAP */ 497 &chap, /* IDX_CHAP */ 498}; 499 500static void* 501sppp_alloc(u_char type, struct ifnet *ifp) 502{ 503 struct sppp *sp; 504 505 sp = malloc(sizeof(struct sppp), M_SPPP, M_WAITOK | M_ZERO); 506 sp->pp_ifp = ifp; 507 508 return (sp); 509} 510 511static void 512sppp_free(void *com, u_char type) 513{ 514 515 free(com, M_SPPP); 516} 517 518static int 519sppp_modevent(module_t mod, int type, void *unused) 520{ 521 switch (type) { 522 case MOD_LOAD: 523 /* 524 * XXX: should probably be IFT_SPPP, but it's fairly 525 * harmless to allocate struct sppp's for non-sppp 526 * interfaces. 527 */ 528 529 if_register_com_alloc(IFT_PPP, sppp_alloc, sppp_free); 530 break; 531 case MOD_UNLOAD: 532 /* if_deregister_com_alloc(IFT_PPP); */ 533 return EACCES; 534 default: 535 return EOPNOTSUPP; 536 } 537 return 0; 538} 539static moduledata_t spppmod = { 540 "sppp", 541 sppp_modevent, 542 0 543}; 544MODULE_VERSION(sppp, 1); 545DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 546 547/* 548 * Exported functions, comprising our interface to the lower layer. 549 */ 550 551/* 552 * Process the received packet. 553 */ 554void 555sppp_input(struct ifnet *ifp, struct mbuf *m) 556{ 557 struct ppp_header *h; 558 int isr = -1; 559 struct sppp *sp = IFP2SP(ifp); 560 u_char *iphdr; 561 int hlen, vjlen, do_account = 0; 562 int debug; 563 564 SPPP_LOCK(sp); 565 debug = ifp->if_flags & IFF_DEBUG; 566 567 if (ifp->if_flags & IFF_UP) 568 /* Count received bytes, add FCS and one flag */ 569 ifp->if_ibytes += m->m_pkthdr.len + 3; 570 571 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 572 /* Too small packet, drop it. */ 573 if (debug) 574 log(LOG_DEBUG, 575 SPP_FMT "input packet is too small, %d bytes\n", 576 SPP_ARGS(ifp), m->m_pkthdr.len); 577 drop: 578 m_freem (m); 579 SPPP_UNLOCK(sp); 580 drop2: 581 ++ifp->if_ierrors; 582 ++ifp->if_iqdrops; 583 return; 584 } 585 586 if (sp->pp_mode == PP_FR) { 587 sppp_fr_input (sp, m); 588 SPPP_UNLOCK(sp); 589 return; 590 } 591 592 /* Get PPP header. */ 593 h = mtod (m, struct ppp_header*); 594 m_adj (m, PPP_HEADER_LEN); 595 596 switch (h->address) { 597 case PPP_ALLSTATIONS: 598 if (h->control != PPP_UI) 599 goto invalid; 600 if (sp->pp_mode == IFF_CISCO) { 601 if (debug) 602 log(LOG_DEBUG, 603 SPP_FMT "PPP packet in Cisco mode " 604 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 605 SPP_ARGS(ifp), 606 h->address, h->control, ntohs(h->protocol)); 607 goto drop; 608 } 609 switch (ntohs (h->protocol)) { 610 default: 611 if (debug) 612 log(LOG_DEBUG, 613 SPP_FMT "rejecting protocol " 614 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 615 SPP_ARGS(ifp), 616 h->address, h->control, ntohs(h->protocol)); 617 if (sp->state[IDX_LCP] == STATE_OPENED) 618 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 619 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 620 &h->protocol); 621 ++ifp->if_noproto; 622 goto drop; 623 case PPP_LCP: 624 sppp_cp_input(&lcp, sp, m); 625 m_freem (m); 626 SPPP_UNLOCK(sp); 627 return; 628 case PPP_PAP: 629 if (sp->pp_phase >= PHASE_AUTHENTICATE) 630 sppp_pap_input(sp, m); 631 m_freem (m); 632 SPPP_UNLOCK(sp); 633 return; 634 case PPP_CHAP: 635 if (sp->pp_phase >= PHASE_AUTHENTICATE) 636 sppp_chap_input(sp, m); 637 m_freem (m); 638 SPPP_UNLOCK(sp); 639 return; 640#ifdef INET 641 case PPP_IPCP: 642 if (sp->pp_phase == PHASE_NETWORK) 643 sppp_cp_input(&ipcp, sp, m); 644 m_freem (m); 645 SPPP_UNLOCK(sp); 646 return; 647 case PPP_IP: 648 if (sp->state[IDX_IPCP] == STATE_OPENED) { 649 isr = NETISR_IP; 650 } 651 do_account++; 652 break; 653 case PPP_VJ_COMP: 654 if (sp->state[IDX_IPCP] == STATE_OPENED) { 655 if ((vjlen = 656 sl_uncompress_tcp_core(mtod(m, u_char *), 657 m->m_len, m->m_len, 658 TYPE_COMPRESSED_TCP, 659 sp->pp_comp, 660 &iphdr, &hlen)) <= 0) { 661 if (debug) 662 log(LOG_INFO, 663 SPP_FMT "VJ uncompress failed on compressed packet\n", 664 SPP_ARGS(ifp)); 665 goto drop; 666 } 667 668 /* 669 * Trim the VJ header off the packet, and prepend 670 * the uncompressed IP header (which will usually 671 * end up in two chained mbufs since there's not 672 * enough leading space in the existing mbuf). 673 */ 674 m_adj(m, vjlen); 675 M_PREPEND(m, hlen, M_DONTWAIT); 676 if (m == NULL) { 677 SPPP_UNLOCK(sp); 678 goto drop2; 679 } 680 bcopy(iphdr, mtod(m, u_char *), hlen); 681 isr = NETISR_IP; 682 } 683 do_account++; 684 break; 685 case PPP_VJ_UCOMP: 686 if (sp->state[IDX_IPCP] == STATE_OPENED) { 687 if (sl_uncompress_tcp_core(mtod(m, u_char *), 688 m->m_len, m->m_len, 689 TYPE_UNCOMPRESSED_TCP, 690 sp->pp_comp, 691 &iphdr, &hlen) != 0) { 692 if (debug) 693 log(LOG_INFO, 694 SPP_FMT "VJ uncompress failed on uncompressed packet\n", 695 SPP_ARGS(ifp)); 696 goto drop; 697 } 698 isr = NETISR_IP; 699 } 700 do_account++; 701 break; 702#endif 703#ifdef INET6 704 case PPP_IPV6CP: 705 if (sp->pp_phase == PHASE_NETWORK) 706 sppp_cp_input(&ipv6cp, sp, m); 707 m_freem (m); 708 SPPP_UNLOCK(sp); 709 return; 710 711 case PPP_IPV6: 712 if (sp->state[IDX_IPV6CP] == STATE_OPENED) 713 isr = NETISR_IPV6; 714 do_account++; 715 break; 716#endif 717#ifdef IPX 718 case PPP_IPX: 719 /* IPX IPXCP not implemented yet */ 720 if (sp->pp_phase == PHASE_NETWORK) 721 isr = NETISR_IPX; 722 do_account++; 723 break; 724#endif 725 } 726 break; 727 case CISCO_MULTICAST: 728 case CISCO_UNICAST: 729 /* Don't check the control field here (RFC 1547). */ 730 if (sp->pp_mode != IFF_CISCO) { 731 if (debug) 732 log(LOG_DEBUG, 733 SPP_FMT "Cisco packet in PPP mode " 734 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 735 SPP_ARGS(ifp), 736 h->address, h->control, ntohs(h->protocol)); 737 goto drop; 738 } 739 switch (ntohs (h->protocol)) { 740 default: 741 ++ifp->if_noproto; 742 goto invalid; 743 case CISCO_KEEPALIVE: 744 sppp_cisco_input (sp, m); 745 m_freem (m); 746 SPPP_UNLOCK(sp); 747 return; 748#ifdef INET 749 case ETHERTYPE_IP: 750 isr = NETISR_IP; 751 do_account++; 752 break; 753#endif 754#ifdef INET6 755 case ETHERTYPE_IPV6: 756 isr = NETISR_IPV6; 757 do_account++; 758 break; 759#endif 760#ifdef IPX 761 case ETHERTYPE_IPX: 762 isr = NETISR_IPX; 763 do_account++; 764 break; 765#endif 766 } 767 break; 768 default: /* Invalid PPP packet. */ 769 invalid: 770 if (debug) 771 log(LOG_DEBUG, 772 SPP_FMT "invalid input packet " 773 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 774 SPP_ARGS(ifp), 775 h->address, h->control, ntohs(h->protocol)); 776 goto drop; 777 } 778 779 if (! (ifp->if_flags & IFF_UP) || isr == -1) 780 goto drop; 781 782 SPPP_UNLOCK(sp); 783 /* Check queue. */ 784 if (netisr_queue(isr, m)) { /* (0) on success. */ 785 if (debug) 786 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 787 SPP_ARGS(ifp)); 788 goto drop2; 789 } 790 791 if (do_account) 792 /* 793 * Do only account for network packets, not for control 794 * packets. This is used by some subsystems to detect 795 * idle lines. 796 */ 797 sp->pp_last_recv = time_uptime; 798} 799 800static void 801sppp_ifstart_sched(void *dummy) 802{ 803 struct sppp *sp = dummy; 804 805 sp->if_start(SP2IFP(sp)); 806} 807 808/* if_start () wrapper function. We use it to schedule real if_start () for 809 * execution. We can't call it directly 810 */ 811static void 812sppp_ifstart(struct ifnet *ifp) 813{ 814 struct sppp *sp = IFP2SP(ifp); 815 816 if (SPPP_LOCK_OWNED(sp)) { 817 if (callout_pending(&sp->ifstart_callout)) 818 return; 819 callout_reset(&sp->ifstart_callout, 1, sppp_ifstart_sched, 820 (void *)sp); 821 } else { 822 sp->if_start(ifp); 823 } 824} 825 826/* 827 * Enqueue transmit packet. 828 */ 829static int 830sppp_output(struct ifnet *ifp, struct mbuf *m, 831 struct sockaddr *dst, struct rtentry *rt) 832{ 833 struct sppp *sp = IFP2SP(ifp); 834 struct ppp_header *h; 835 struct ifqueue *ifq = NULL; 836 int s, error, rv = 0; 837 int ipproto = PPP_IP; 838 int debug = ifp->if_flags & IFF_DEBUG; 839 840 s = splimp(); 841 SPPP_LOCK(sp); 842 843 if (!(ifp->if_flags & IFF_UP) || 844 (!(ifp->if_flags & IFF_AUTO) && 845 !(ifp->if_drv_flags & IFF_DRV_RUNNING))) { 846#ifdef INET6 847 drop: 848#endif 849 m_freem (m); 850 SPPP_UNLOCK(sp); 851 splx (s); 852 return (ENETDOWN); 853 } 854 855 if ((ifp->if_flags & IFF_AUTO) && 856 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 857#ifdef INET6 858 /* 859 * XXX 860 * 861 * Hack to prevent the initialization-time generated 862 * IPv6 multicast packet to erroneously cause a 863 * dialout event in case IPv6 has been 864 * administratively disabled on that interface. 865 */ 866 if (dst->sa_family == AF_INET6 && 867 !(sp->confflags & CONF_ENABLE_IPV6)) 868 goto drop; 869#endif 870 /* 871 * Interface is not yet running, but auto-dial. Need 872 * to start LCP for it. 873 */ 874 ifp->if_drv_flags |= IFF_DRV_RUNNING; 875 splx(s); 876 lcp.Open(sp); 877 s = splimp(); 878 } 879 880#ifdef INET 881 if (dst->sa_family == AF_INET) { 882 /* XXX Check mbuf length here? */ 883 struct ip *ip = mtod (m, struct ip*); 884 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 885 886 /* 887 * When using dynamic local IP address assignment by using 888 * 0.0.0.0 as a local address, the first TCP session will 889 * not connect because the local TCP checksum is computed 890 * using 0.0.0.0 which will later become our real IP address 891 * so the TCP checksum computed at the remote end will 892 * become invalid. So we 893 * - don't let packets with src ip addr 0 thru 894 * - we flag TCP packets with src ip 0 as an error 895 */ 896 897 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 898 { 899 m_freem(m); 900 SPPP_UNLOCK(sp); 901 splx(s); 902 if(ip->ip_p == IPPROTO_TCP) 903 return(EADDRNOTAVAIL); 904 else 905 return(0); 906 } 907 908 /* 909 * Put low delay, telnet, rlogin and ftp control packets 910 * in front of the queue or let ALTQ take care. 911 */ 912 if (ALTQ_IS_ENABLED(&ifp->if_snd)) 913 ; 914 else if (_IF_QFULL(&sp->pp_fastq)) 915 ; 916 else if (ip->ip_tos & IPTOS_LOWDELAY) 917 ifq = &sp->pp_fastq; 918 else if (m->m_len < sizeof *ip + sizeof *tcp) 919 ; 920 else if (ip->ip_p != IPPROTO_TCP) 921 ; 922 else if (INTERACTIVE (ntohs (tcp->th_sport))) 923 ifq = &sp->pp_fastq; 924 else if (INTERACTIVE (ntohs (tcp->th_dport))) 925 ifq = &sp->pp_fastq; 926 927 /* 928 * Do IP Header compression 929 */ 930 if (sp->pp_mode != IFF_CISCO && sp->pp_mode != PP_FR && 931 (sp->ipcp.flags & IPCP_VJ) && ip->ip_p == IPPROTO_TCP) 932 switch (sl_compress_tcp(m, ip, sp->pp_comp, 933 sp->ipcp.compress_cid)) { 934 case TYPE_COMPRESSED_TCP: 935 ipproto = PPP_VJ_COMP; 936 break; 937 case TYPE_UNCOMPRESSED_TCP: 938 ipproto = PPP_VJ_UCOMP; 939 break; 940 case TYPE_IP: 941 ipproto = PPP_IP; 942 break; 943 default: 944 m_freem(m); 945 SPPP_UNLOCK(sp); 946 splx(s); 947 return (EINVAL); 948 } 949 } 950#endif 951 952#ifdef INET6 953 if (dst->sa_family == AF_INET6) { 954 /* XXX do something tricky here? */ 955 } 956#endif 957 958 if (sp->pp_mode == PP_FR) { 959 /* Add frame relay header. */ 960 m = sppp_fr_header (sp, m, dst->sa_family); 961 if (! m) 962 goto nobufs; 963 goto out; 964 } 965 966 /* 967 * Prepend general data packet PPP header. For now, IP only. 968 */ 969 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 970 if (! m) { 971nobufs: if (debug) 972 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 973 SPP_ARGS(ifp)); 974 ++ifp->if_oerrors; 975 SPPP_UNLOCK(sp); 976 splx (s); 977 return (ENOBUFS); 978 } 979 /* 980 * May want to check size of packet 981 * (albeit due to the implementation it's always enough) 982 */ 983 h = mtod (m, struct ppp_header*); 984 if (sp->pp_mode == IFF_CISCO) { 985 h->address = CISCO_UNICAST; /* unicast address */ 986 h->control = 0; 987 } else { 988 h->address = PPP_ALLSTATIONS; /* broadcast address */ 989 h->control = PPP_UI; /* Unnumbered Info */ 990 } 991 992 switch (dst->sa_family) { 993#ifdef INET 994 case AF_INET: /* Internet Protocol */ 995 if (sp->pp_mode == IFF_CISCO) 996 h->protocol = htons (ETHERTYPE_IP); 997 else { 998 /* 999 * Don't choke with an ENETDOWN early. It's 1000 * possible that we just started dialing out, 1001 * so don't drop the packet immediately. If 1002 * we notice that we run out of buffer space 1003 * below, we will however remember that we are 1004 * not ready to carry IP packets, and return 1005 * ENETDOWN, as opposed to ENOBUFS. 1006 */ 1007 h->protocol = htons(ipproto); 1008 if (sp->state[IDX_IPCP] != STATE_OPENED) 1009 rv = ENETDOWN; 1010 } 1011 break; 1012#endif 1013#ifdef INET6 1014 case AF_INET6: /* Internet Protocol */ 1015 if (sp->pp_mode == IFF_CISCO) 1016 h->protocol = htons (ETHERTYPE_IPV6); 1017 else { 1018 /* 1019 * Don't choke with an ENETDOWN early. It's 1020 * possible that we just started dialing out, 1021 * so don't drop the packet immediately. If 1022 * we notice that we run out of buffer space 1023 * below, we will however remember that we are 1024 * not ready to carry IP packets, and return 1025 * ENETDOWN, as opposed to ENOBUFS. 1026 */ 1027 h->protocol = htons(PPP_IPV6); 1028 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 1029 rv = ENETDOWN; 1030 } 1031 break; 1032#endif 1033#ifdef IPX 1034 case AF_IPX: /* Novell IPX Protocol */ 1035 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 1036 ETHERTYPE_IPX : PPP_IPX); 1037 break; 1038#endif 1039 default: 1040 m_freem (m); 1041 ++ifp->if_oerrors; 1042 SPPP_UNLOCK(sp); 1043 splx (s); 1044 return (EAFNOSUPPORT); 1045 } 1046 1047 /* 1048 * Queue message on interface, and start output if interface 1049 * not yet active. 1050 */ 1051out: 1052 if (ifq != NULL) 1053 error = !(IF_HANDOFF_ADJ(ifq, m, ifp, 3)); 1054 else 1055 IFQ_HANDOFF_ADJ(ifp, m, 3, error); 1056 if (error) { 1057 ++ifp->if_oerrors; 1058 SPPP_UNLOCK(sp); 1059 splx (s); 1060 return (rv? rv: ENOBUFS); 1061 } 1062 SPPP_UNLOCK(sp); 1063 splx (s); 1064 /* 1065 * Unlike in sppp_input(), we can always bump the timestamp 1066 * here since sppp_output() is only called on behalf of 1067 * network-layer traffic; control-layer traffic is handled 1068 * by sppp_cp_send(). 1069 */ 1070 sp->pp_last_sent = time_uptime; 1071 return (0); 1072} 1073 1074void 1075sppp_attach(struct ifnet *ifp) 1076{ 1077 struct sppp *sp = IFP2SP(ifp); 1078 1079 /* Initialize mtx lock */ 1080 mtx_init(&sp->mtx, "sppp", MTX_NETWORK_LOCK, MTX_DEF | MTX_RECURSE); 1081 1082 /* Initialize keepalive handler. */ 1083 callout_init(&sp->keepalive_callout, 1084 (ifp->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 1085 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 1086 (void *)sp); 1087 1088 ifp->if_mtu = PP_MTU; 1089 ifp->if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 1090 ifp->if_output = sppp_output; 1091#if 0 1092 sp->pp_flags = PP_KEEPALIVE; 1093#endif 1094 ifp->if_snd.ifq_maxlen = 32; 1095 sp->pp_fastq.ifq_maxlen = 32; 1096 sp->pp_cpq.ifq_maxlen = 20; 1097 sp->pp_loopcnt = 0; 1098 sp->pp_alivecnt = 0; 1099 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 1100 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 1101 sp->pp_phase = PHASE_DEAD; 1102 sp->pp_up = sppp_pp_up; 1103 sp->pp_down = sppp_pp_down; 1104 if(!mtx_initialized(&sp->pp_cpq.ifq_mtx)) 1105 mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", NULL, MTX_DEF); 1106 if(!mtx_initialized(&sp->pp_fastq.ifq_mtx)) 1107 mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", NULL, MTX_DEF); 1108 sp->pp_last_recv = sp->pp_last_sent = time_uptime; 1109 sp->confflags = 0; 1110#ifdef INET 1111 sp->confflags |= CONF_ENABLE_VJ; 1112#endif 1113#ifdef INET6 1114 sp->confflags |= CONF_ENABLE_IPV6; 1115#endif 1116 callout_init(&sp->ifstart_callout, 1117 (ifp->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 1118 sp->if_start = ifp->if_start; 1119 ifp->if_start = sppp_ifstart; 1120 sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAITOK); 1121 sl_compress_init(sp->pp_comp, -1); 1122 sppp_lcp_init(sp); 1123 sppp_ipcp_init(sp); 1124 sppp_ipv6cp_init(sp); 1125 sppp_pap_init(sp); 1126 sppp_chap_init(sp); 1127} 1128 1129void 1130sppp_detach(struct ifnet *ifp) 1131{ 1132 struct sppp *sp = IFP2SP(ifp); 1133 int i; 1134 1135 KASSERT(mtx_initialized(&sp->mtx), ("sppp mutex is not initialized")); 1136 1137 /* Stop keepalive handler. */ 1138 if (!callout_drain(&sp->keepalive_callout)) 1139 callout_stop(&sp->keepalive_callout); 1140 1141 for (i = 0; i < IDX_COUNT; i++) { 1142 if (!callout_drain(&sp->ch[i])) 1143 callout_stop(&sp->ch[i]); 1144 } 1145 if (!callout_drain(&sp->pap_my_to_ch)) 1146 callout_stop(&sp->pap_my_to_ch); 1147 mtx_destroy(&sp->pp_cpq.ifq_mtx); 1148 mtx_destroy(&sp->pp_fastq.ifq_mtx); 1149 mtx_destroy(&sp->mtx); 1150} 1151 1152/* 1153 * Flush the interface output queue. 1154 */ 1155static void 1156sppp_flush_unlocked(struct ifnet *ifp) 1157{ 1158 struct sppp *sp = IFP2SP(ifp); 1159 1160 sppp_qflush ((struct ifqueue *)&SP2IFP(sp)->if_snd); 1161 sppp_qflush (&sp->pp_fastq); 1162 sppp_qflush (&sp->pp_cpq); 1163} 1164 1165void 1166sppp_flush(struct ifnet *ifp) 1167{ 1168 struct sppp *sp = IFP2SP(ifp); 1169 1170 SPPP_LOCK(sp); 1171 sppp_flush_unlocked (ifp); 1172 SPPP_UNLOCK(sp); 1173} 1174 1175/* 1176 * Check if the output queue is empty. 1177 */ 1178int 1179sppp_isempty(struct ifnet *ifp) 1180{ 1181 struct sppp *sp = IFP2SP(ifp); 1182 int empty, s; 1183 1184 s = splimp(); 1185 SPPP_LOCK(sp); 1186 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 1187 !SP2IFP(sp)->if_snd.ifq_head; 1188 SPPP_UNLOCK(sp); 1189 splx(s); 1190 return (empty); 1191} 1192 1193/* 1194 * Get next packet to send. 1195 */ 1196struct mbuf * 1197sppp_dequeue(struct ifnet *ifp) 1198{ 1199 struct sppp *sp = IFP2SP(ifp); 1200 struct mbuf *m; 1201 int s; 1202 1203 s = splimp(); 1204 SPPP_LOCK(sp); 1205 /* 1206 * Process only the control protocol queue until we have at 1207 * least one NCP open. 1208 * 1209 * Do always serve all three queues in Cisco mode. 1210 */ 1211 IF_DEQUEUE(&sp->pp_cpq, m); 1212 if (m == NULL && 1213 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO || 1214 sp->pp_mode == PP_FR)) { 1215 IF_DEQUEUE(&sp->pp_fastq, m); 1216 if (m == NULL) 1217 IF_DEQUEUE (&SP2IFP(sp)->if_snd, m); 1218 } 1219 SPPP_UNLOCK(sp); 1220 splx(s); 1221 return m; 1222} 1223 1224/* 1225 * Pick the next packet, do not remove it from the queue. 1226 */ 1227struct mbuf * 1228sppp_pick(struct ifnet *ifp) 1229{ 1230 struct sppp *sp = IFP2SP(ifp); 1231 struct mbuf *m; 1232 int s; 1233 1234 s = splimp (); 1235 SPPP_LOCK(sp); 1236 1237 m = sp->pp_cpq.ifq_head; 1238 if (m == NULL && 1239 (sp->pp_phase == PHASE_NETWORK || 1240 sp->pp_mode == IFF_CISCO || 1241 sp->pp_mode == PP_FR)) 1242 if ((m = sp->pp_fastq.ifq_head) == NULL) 1243 m = SP2IFP(sp)->if_snd.ifq_head; 1244 SPPP_UNLOCK(sp); 1245 splx (s); 1246 return (m); 1247} 1248 1249/* 1250 * Process an ioctl request. Called on low priority level. 1251 */ 1252int 1253sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1254{ 1255 struct ifreq *ifr = (struct ifreq*) data; 1256 struct sppp *sp = IFP2SP(ifp); 1257 int s, rv, going_up, going_down, newmode; 1258 1259 s = splimp(); 1260 SPPP_LOCK(sp); 1261 rv = 0; 1262 switch (cmd) { 1263 case SIOCAIFADDR: 1264 case SIOCSIFDSTADDR: 1265 break; 1266 1267 case SIOCSIFADDR: 1268 /* set the interface "up" when assigning an IP address */ 1269 ifp->if_flags |= IFF_UP; 1270 /* FALLTHROUGH */ 1271 1272 case SIOCSIFFLAGS: 1273 going_up = ifp->if_flags & IFF_UP && 1274 (ifp->if_drv_flags & IFF_DRV_RUNNING) == 0; 1275 going_down = (ifp->if_flags & IFF_UP) == 0 && 1276 ifp->if_drv_flags & IFF_DRV_RUNNING; 1277 1278 newmode = ifp->if_flags & IFF_PASSIVE; 1279 if (!newmode) 1280 newmode = ifp->if_flags & IFF_AUTO; 1281 if (!newmode) 1282 newmode = ifp->if_flags & IFF_CISCO; 1283 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1284 ifp->if_flags |= newmode; 1285 1286 if (!newmode) 1287 newmode = sp->pp_flags & PP_FR; 1288 1289 if (newmode != sp->pp_mode) { 1290 going_down = 1; 1291 if (!going_up) 1292 going_up = ifp->if_drv_flags & IFF_DRV_RUNNING; 1293 } 1294 1295 if (going_down) { 1296 if (sp->pp_mode != IFF_CISCO && 1297 sp->pp_mode != PP_FR) 1298 lcp.Close(sp); 1299 else if (sp->pp_tlf) 1300 (sp->pp_tlf)(sp); 1301 sppp_flush_unlocked(ifp); 1302 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1303 sp->pp_mode = newmode; 1304 } 1305 1306 if (going_up) { 1307 if (sp->pp_mode != IFF_CISCO && 1308 sp->pp_mode != PP_FR) 1309 lcp.Close(sp); 1310 sp->pp_mode = newmode; 1311 if (sp->pp_mode == 0) { 1312 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1313 lcp.Open(sp); 1314 } 1315 if ((sp->pp_mode == IFF_CISCO) || 1316 (sp->pp_mode == PP_FR)) { 1317 if (sp->pp_tls) 1318 (sp->pp_tls)(sp); 1319 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1320 } 1321 } 1322 1323 break; 1324 1325#ifdef SIOCSIFMTU 1326#ifndef ifr_mtu 1327#define ifr_mtu ifr_metric 1328#endif 1329 case SIOCSIFMTU: 1330 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1331 return (EINVAL); 1332 ifp->if_mtu = ifr->ifr_mtu; 1333 break; 1334#endif 1335#ifdef SLIOCSETMTU 1336 case SLIOCSETMTU: 1337 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1338 return (EINVAL); 1339 ifp->if_mtu = *(short*)data; 1340 break; 1341#endif 1342#ifdef SIOCGIFMTU 1343 case SIOCGIFMTU: 1344 ifr->ifr_mtu = ifp->if_mtu; 1345 break; 1346#endif 1347#ifdef SLIOCGETMTU 1348 case SLIOCGETMTU: 1349 *(short*)data = ifp->if_mtu; 1350 break; 1351#endif 1352 case SIOCADDMULTI: 1353 case SIOCDELMULTI: 1354 break; 1355 1356 case SIOCGIFGENERIC: 1357 case SIOCSIFGENERIC: 1358 rv = sppp_params(sp, cmd, data); 1359 break; 1360 1361 default: 1362 rv = ENOTTY; 1363 } 1364 SPPP_UNLOCK(sp); 1365 splx(s); 1366 return rv; 1367} 1368 1369/* 1370 * Cisco framing implementation. 1371 */ 1372 1373/* 1374 * Handle incoming Cisco keepalive protocol packets. 1375 */ 1376static void 1377sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1378{ 1379 STDDCL; 1380 struct cisco_packet *h; 1381 u_long me, mymask; 1382 1383 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1384 if (debug) 1385 log(LOG_DEBUG, 1386 SPP_FMT "cisco invalid packet length: %d bytes\n", 1387 SPP_ARGS(ifp), m->m_pkthdr.len); 1388 return; 1389 } 1390 h = mtod (m, struct cisco_packet*); 1391 if (debug) 1392 log(LOG_DEBUG, 1393 SPP_FMT "cisco input: %d bytes " 1394 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1395 SPP_ARGS(ifp), m->m_pkthdr.len, 1396 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1397 (u_int)h->time0, (u_int)h->time1); 1398 switch (ntohl (h->type)) { 1399 default: 1400 if (debug) 1401 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1402 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1403 break; 1404 case CISCO_ADDR_REPLY: 1405 /* Reply on address request, ignore */ 1406 break; 1407 case CISCO_KEEPALIVE_REQ: 1408 sp->pp_alivecnt = 0; 1409 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1410 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1411 /* Local and remote sequence numbers are equal. 1412 * Probably, the line is in loopback mode. */ 1413 if (sp->pp_loopcnt >= MAXALIVECNT) { 1414 printf (SPP_FMT "loopback\n", 1415 SPP_ARGS(ifp)); 1416 sp->pp_loopcnt = 0; 1417 if (ifp->if_flags & IFF_UP) { 1418 if_down (ifp); 1419 sppp_qflush (&sp->pp_cpq); 1420 } 1421 } 1422 ++sp->pp_loopcnt; 1423 1424 /* Generate new local sequence number */ 1425#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1426 sp->pp_seq[IDX_LCP] = random(); 1427#else 1428 sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec; 1429#endif 1430 break; 1431 } 1432 sp->pp_loopcnt = 0; 1433 if (! (ifp->if_flags & IFF_UP) && 1434 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 1435 if_up(ifp); 1436 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1437 } 1438 break; 1439 case CISCO_ADDR_REQ: 1440 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1441 if (me != 0L) 1442 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1443 break; 1444 } 1445} 1446 1447/* 1448 * Send Cisco keepalive packet. 1449 */ 1450static void 1451sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1452{ 1453 STDDCL; 1454 struct ppp_header *h; 1455 struct cisco_packet *ch; 1456 struct mbuf *m; 1457 struct timeval tv; 1458 1459 getmicrouptime(&tv); 1460 1461 MGETHDR (m, M_DONTWAIT, MT_DATA); 1462 if (! m) 1463 return; 1464 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1465 m->m_pkthdr.rcvif = 0; 1466 1467 h = mtod (m, struct ppp_header*); 1468 h->address = CISCO_MULTICAST; 1469 h->control = 0; 1470 h->protocol = htons (CISCO_KEEPALIVE); 1471 1472 ch = (struct cisco_packet*) (h + 1); 1473 ch->type = htonl (type); 1474 ch->par1 = htonl (par1); 1475 ch->par2 = htonl (par2); 1476 ch->rel = -1; 1477 1478 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1479 ch->time1 = htons ((u_short) tv.tv_sec); 1480 1481 if (debug) 1482 log(LOG_DEBUG, 1483 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1484 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1485 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1486 1487 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1488 ifp->if_oerrors++; 1489} 1490 1491/* 1492 * PPP protocol implementation. 1493 */ 1494 1495/* 1496 * Send PPP control protocol packet. 1497 */ 1498static void 1499sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1500 u_char ident, u_short len, void *data) 1501{ 1502 STDDCL; 1503 struct ppp_header *h; 1504 struct lcp_header *lh; 1505 struct mbuf *m; 1506 1507 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1508 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1509 MGETHDR (m, M_DONTWAIT, MT_DATA); 1510 if (! m) 1511 return; 1512 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1513 m->m_pkthdr.rcvif = 0; 1514 1515 h = mtod (m, struct ppp_header*); 1516 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1517 h->control = PPP_UI; /* Unnumbered Info */ 1518 h->protocol = htons (proto); /* Link Control Protocol */ 1519 1520 lh = (struct lcp_header*) (h + 1); 1521 lh->type = type; 1522 lh->ident = ident; 1523 lh->len = htons (LCP_HEADER_LEN + len); 1524 if (len) 1525 bcopy (data, lh+1, len); 1526 1527 if (debug) { 1528 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1529 SPP_ARGS(ifp), 1530 sppp_proto_name(proto), 1531 sppp_cp_type_name (lh->type), lh->ident, 1532 ntohs (lh->len)); 1533 sppp_print_bytes ((u_char*) (lh+1), len); 1534 log(-1, ">\n"); 1535 } 1536 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1537 ifp->if_oerrors++; 1538} 1539 1540/* 1541 * Handle incoming PPP control protocol packets. 1542 */ 1543static void 1544sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1545{ 1546 STDDCL; 1547 struct lcp_header *h; 1548 int len = m->m_pkthdr.len; 1549 int rv; 1550 u_char *p; 1551 1552 if (len < 4) { 1553 if (debug) 1554 log(LOG_DEBUG, 1555 SPP_FMT "%s invalid packet length: %d bytes\n", 1556 SPP_ARGS(ifp), cp->name, len); 1557 return; 1558 } 1559 h = mtod (m, struct lcp_header*); 1560 if (debug) { 1561 log(LOG_DEBUG, 1562 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1563 SPP_ARGS(ifp), cp->name, 1564 sppp_state_name(sp->state[cp->protoidx]), 1565 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1566 sppp_print_bytes ((u_char*) (h+1), len-4); 1567 log(-1, ">\n"); 1568 } 1569 if (len > ntohs (h->len)) 1570 len = ntohs (h->len); 1571 p = (u_char *)(h + 1); 1572 switch (h->type) { 1573 case CONF_REQ: 1574 if (len < 4) { 1575 if (debug) 1576 log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1577 SPP_ARGS(ifp), cp->name, 1578 len); 1579 ++ifp->if_ierrors; 1580 break; 1581 } 1582 /* handle states where RCR doesn't get a SCA/SCN */ 1583 switch (sp->state[cp->protoidx]) { 1584 case STATE_CLOSING: 1585 case STATE_STOPPING: 1586 return; 1587 case STATE_CLOSED: 1588 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1589 0, 0); 1590 return; 1591 } 1592 rv = (cp->RCR)(sp, h, len); 1593 switch (sp->state[cp->protoidx]) { 1594 case STATE_OPENED: 1595 (cp->tld)(sp); 1596 (cp->scr)(sp); 1597 /* FALLTHROUGH */ 1598 case STATE_ACK_SENT: 1599 case STATE_REQ_SENT: 1600 /* 1601 * sppp_cp_change_state() have the side effect of 1602 * restarting the timeouts. We want to avoid that 1603 * if the state don't change, otherwise we won't 1604 * ever timeout and resend a configuration request 1605 * that got lost. 1606 */ 1607 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1608 STATE_REQ_SENT)) 1609 break; 1610 sppp_cp_change_state(cp, sp, rv? 1611 STATE_ACK_SENT: STATE_REQ_SENT); 1612 break; 1613 case STATE_STOPPED: 1614 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1615 (cp->scr)(sp); 1616 sppp_cp_change_state(cp, sp, rv? 1617 STATE_ACK_SENT: STATE_REQ_SENT); 1618 break; 1619 case STATE_ACK_RCVD: 1620 if (rv) { 1621 sppp_cp_change_state(cp, sp, STATE_OPENED); 1622 if (debug) 1623 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1624 SPP_ARGS(ifp), 1625 cp->name); 1626 (cp->tlu)(sp); 1627 } else 1628 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1629 break; 1630 default: 1631 printf(SPP_FMT "%s illegal %s in state %s\n", 1632 SPP_ARGS(ifp), cp->name, 1633 sppp_cp_type_name(h->type), 1634 sppp_state_name(sp->state[cp->protoidx])); 1635 ++ifp->if_ierrors; 1636 } 1637 break; 1638 case CONF_ACK: 1639 if (h->ident != sp->confid[cp->protoidx]) { 1640 if (debug) 1641 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1642 SPP_ARGS(ifp), cp->name, 1643 h->ident, sp->confid[cp->protoidx]); 1644 ++ifp->if_ierrors; 1645 break; 1646 } 1647 switch (sp->state[cp->protoidx]) { 1648 case STATE_CLOSED: 1649 case STATE_STOPPED: 1650 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1651 break; 1652 case STATE_CLOSING: 1653 case STATE_STOPPING: 1654 break; 1655 case STATE_REQ_SENT: 1656 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1657 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1658 break; 1659 case STATE_OPENED: 1660 (cp->tld)(sp); 1661 /* FALLTHROUGH */ 1662 case STATE_ACK_RCVD: 1663 (cp->scr)(sp); 1664 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1665 break; 1666 case STATE_ACK_SENT: 1667 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1668 sppp_cp_change_state(cp, sp, STATE_OPENED); 1669 if (debug) 1670 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1671 SPP_ARGS(ifp), cp->name); 1672 (cp->tlu)(sp); 1673 break; 1674 default: 1675 printf(SPP_FMT "%s illegal %s in state %s\n", 1676 SPP_ARGS(ifp), cp->name, 1677 sppp_cp_type_name(h->type), 1678 sppp_state_name(sp->state[cp->protoidx])); 1679 ++ifp->if_ierrors; 1680 } 1681 break; 1682 case CONF_NAK: 1683 case CONF_REJ: 1684 if (h->ident != sp->confid[cp->protoidx]) { 1685 if (debug) 1686 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1687 SPP_ARGS(ifp), cp->name, 1688 h->ident, sp->confid[cp->protoidx]); 1689 ++ifp->if_ierrors; 1690 break; 1691 } 1692 if (h->type == CONF_NAK) 1693 (cp->RCN_nak)(sp, h, len); 1694 else /* CONF_REJ */ 1695 (cp->RCN_rej)(sp, h, len); 1696 1697 switch (sp->state[cp->protoidx]) { 1698 case STATE_CLOSED: 1699 case STATE_STOPPED: 1700 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1701 break; 1702 case STATE_REQ_SENT: 1703 case STATE_ACK_SENT: 1704 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1705 /* 1706 * Slow things down a bit if we think we might be 1707 * in loopback. Depend on the timeout to send the 1708 * next configuration request. 1709 */ 1710 if (sp->pp_loopcnt) 1711 break; 1712 (cp->scr)(sp); 1713 break; 1714 case STATE_OPENED: 1715 (cp->tld)(sp); 1716 /* FALLTHROUGH */ 1717 case STATE_ACK_RCVD: 1718 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1719 (cp->scr)(sp); 1720 break; 1721 case STATE_CLOSING: 1722 case STATE_STOPPING: 1723 break; 1724 default: 1725 printf(SPP_FMT "%s illegal %s in state %s\n", 1726 SPP_ARGS(ifp), cp->name, 1727 sppp_cp_type_name(h->type), 1728 sppp_state_name(sp->state[cp->protoidx])); 1729 ++ifp->if_ierrors; 1730 } 1731 break; 1732 1733 case TERM_REQ: 1734 switch (sp->state[cp->protoidx]) { 1735 case STATE_ACK_RCVD: 1736 case STATE_ACK_SENT: 1737 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1738 /* FALLTHROUGH */ 1739 case STATE_CLOSED: 1740 case STATE_STOPPED: 1741 case STATE_CLOSING: 1742 case STATE_STOPPING: 1743 case STATE_REQ_SENT: 1744 sta: 1745 /* Send Terminate-Ack packet. */ 1746 if (debug) 1747 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1748 SPP_ARGS(ifp), cp->name); 1749 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1750 break; 1751 case STATE_OPENED: 1752 (cp->tld)(sp); 1753 sp->rst_counter[cp->protoidx] = 0; 1754 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1755 goto sta; 1756 break; 1757 default: 1758 printf(SPP_FMT "%s illegal %s in state %s\n", 1759 SPP_ARGS(ifp), cp->name, 1760 sppp_cp_type_name(h->type), 1761 sppp_state_name(sp->state[cp->protoidx])); 1762 ++ifp->if_ierrors; 1763 } 1764 break; 1765 case TERM_ACK: 1766 switch (sp->state[cp->protoidx]) { 1767 case STATE_CLOSED: 1768 case STATE_STOPPED: 1769 case STATE_REQ_SENT: 1770 case STATE_ACK_SENT: 1771 break; 1772 case STATE_CLOSING: 1773 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1774 (cp->tlf)(sp); 1775 break; 1776 case STATE_STOPPING: 1777 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1778 (cp->tlf)(sp); 1779 break; 1780 case STATE_ACK_RCVD: 1781 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1782 break; 1783 case STATE_OPENED: 1784 (cp->tld)(sp); 1785 (cp->scr)(sp); 1786 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1787 break; 1788 default: 1789 printf(SPP_FMT "%s illegal %s in state %s\n", 1790 SPP_ARGS(ifp), cp->name, 1791 sppp_cp_type_name(h->type), 1792 sppp_state_name(sp->state[cp->protoidx])); 1793 ++ifp->if_ierrors; 1794 } 1795 break; 1796 case CODE_REJ: 1797 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1798 log(LOG_INFO, 1799 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1800 "danger will robinson\n", 1801 SPP_ARGS(ifp), cp->name, 1802 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1803 switch (sp->state[cp->protoidx]) { 1804 case STATE_CLOSED: 1805 case STATE_STOPPED: 1806 case STATE_REQ_SENT: 1807 case STATE_ACK_SENT: 1808 case STATE_CLOSING: 1809 case STATE_STOPPING: 1810 case STATE_OPENED: 1811 break; 1812 case STATE_ACK_RCVD: 1813 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1814 break; 1815 default: 1816 printf(SPP_FMT "%s illegal %s in state %s\n", 1817 SPP_ARGS(ifp), cp->name, 1818 sppp_cp_type_name(h->type), 1819 sppp_state_name(sp->state[cp->protoidx])); 1820 ++ifp->if_ierrors; 1821 } 1822 break; 1823 case PROTO_REJ: 1824 { 1825 int catastrophic; 1826 const struct cp *upper; 1827 int i; 1828 u_int16_t proto; 1829 1830 catastrophic = 0; 1831 upper = NULL; 1832 proto = ntohs(*((u_int16_t *)p)); 1833 for (i = 0; i < IDX_COUNT; i++) { 1834 if (cps[i]->proto == proto) { 1835 upper = cps[i]; 1836 break; 1837 } 1838 } 1839 if (upper == NULL) 1840 catastrophic++; 1841 1842 if (catastrophic || debug) 1843 log(catastrophic? LOG_INFO: LOG_DEBUG, 1844 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1845 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1846 sppp_cp_type_name(h->type), proto, 1847 upper ? upper->name : "unknown", 1848 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1849 1850 /* 1851 * if we got RXJ+ against conf-req, the peer does not implement 1852 * this particular protocol type. terminate the protocol. 1853 */ 1854 if (upper && !catastrophic) { 1855 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1856 upper->Close(sp); 1857 break; 1858 } 1859 } 1860 1861 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1862 switch (sp->state[cp->protoidx]) { 1863 case STATE_CLOSED: 1864 case STATE_STOPPED: 1865 case STATE_REQ_SENT: 1866 case STATE_ACK_SENT: 1867 case STATE_CLOSING: 1868 case STATE_STOPPING: 1869 case STATE_OPENED: 1870 break; 1871 case STATE_ACK_RCVD: 1872 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1873 break; 1874 default: 1875 printf(SPP_FMT "%s illegal %s in state %s\n", 1876 SPP_ARGS(ifp), cp->name, 1877 sppp_cp_type_name(h->type), 1878 sppp_state_name(sp->state[cp->protoidx])); 1879 ++ifp->if_ierrors; 1880 } 1881 break; 1882 } 1883 case DISC_REQ: 1884 if (cp->proto != PPP_LCP) 1885 goto illegal; 1886 /* Discard the packet. */ 1887 break; 1888 case ECHO_REQ: 1889 if (cp->proto != PPP_LCP) 1890 goto illegal; 1891 if (sp->state[cp->protoidx] != STATE_OPENED) { 1892 if (debug) 1893 log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1894 SPP_ARGS(ifp)); 1895 ++ifp->if_ierrors; 1896 break; 1897 } 1898 if (len < 8) { 1899 if (debug) 1900 log(-1, SPP_FMT "invalid lcp echo request " 1901 "packet length: %d bytes\n", 1902 SPP_ARGS(ifp), len); 1903 break; 1904 } 1905 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1906 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1907 /* Line loopback mode detected. */ 1908 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1909 sp->pp_loopcnt = MAXALIVECNT * 5; 1910 if_down (ifp); 1911 sppp_qflush (&sp->pp_cpq); 1912 1913 /* Shut down the PPP link. */ 1914 /* XXX */ 1915 lcp.Down(sp); 1916 lcp.Up(sp); 1917 break; 1918 } 1919 *(long*)(h+1) = htonl (sp->lcp.magic); 1920 if (debug) 1921 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1922 SPP_ARGS(ifp)); 1923 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1924 break; 1925 case ECHO_REPLY: 1926 if (cp->proto != PPP_LCP) 1927 goto illegal; 1928 if (h->ident != sp->lcp.echoid) { 1929 ++ifp->if_ierrors; 1930 break; 1931 } 1932 if (len < 8) { 1933 if (debug) 1934 log(-1, SPP_FMT "lcp invalid echo reply " 1935 "packet length: %d bytes\n", 1936 SPP_ARGS(ifp), len); 1937 break; 1938 } 1939 if (debug) 1940 log(-1, SPP_FMT "lcp got echo rep\n", 1941 SPP_ARGS(ifp)); 1942 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1943 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1944 sp->pp_alivecnt = 0; 1945 break; 1946 default: 1947 /* Unknown packet type -- send Code-Reject packet. */ 1948 illegal: 1949 if (debug) 1950 log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1951 SPP_ARGS(ifp), cp->name, h->type); 1952 sppp_cp_send(sp, cp->proto, CODE_REJ, 1953 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1954 ++ifp->if_ierrors; 1955 } 1956} 1957 1958 1959/* 1960 * The generic part of all Up/Down/Open/Close/TO event handlers. 1961 * Basically, the state transition handling in the automaton. 1962 */ 1963static void 1964sppp_up_event(const struct cp *cp, struct sppp *sp) 1965{ 1966 STDDCL; 1967 1968 if (debug) 1969 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1970 SPP_ARGS(ifp), cp->name, 1971 sppp_state_name(sp->state[cp->protoidx])); 1972 1973 switch (sp->state[cp->protoidx]) { 1974 case STATE_INITIAL: 1975 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1976 break; 1977 case STATE_STARTING: 1978 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1979 (cp->scr)(sp); 1980 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1981 break; 1982 default: 1983 printf(SPP_FMT "%s illegal up in state %s\n", 1984 SPP_ARGS(ifp), cp->name, 1985 sppp_state_name(sp->state[cp->protoidx])); 1986 } 1987} 1988 1989static void 1990sppp_down_event(const struct cp *cp, struct sppp *sp) 1991{ 1992 STDDCL; 1993 1994 if (debug) 1995 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1996 SPP_ARGS(ifp), cp->name, 1997 sppp_state_name(sp->state[cp->protoidx])); 1998 1999 switch (sp->state[cp->protoidx]) { 2000 case STATE_CLOSED: 2001 case STATE_CLOSING: 2002 sppp_cp_change_state(cp, sp, STATE_INITIAL); 2003 break; 2004 case STATE_STOPPED: 2005 sppp_cp_change_state(cp, sp, STATE_STARTING); 2006 (cp->tls)(sp); 2007 break; 2008 case STATE_STOPPING: 2009 case STATE_REQ_SENT: 2010 case STATE_ACK_RCVD: 2011 case STATE_ACK_SENT: 2012 sppp_cp_change_state(cp, sp, STATE_STARTING); 2013 break; 2014 case STATE_OPENED: 2015 (cp->tld)(sp); 2016 sppp_cp_change_state(cp, sp, STATE_STARTING); 2017 break; 2018 default: 2019 printf(SPP_FMT "%s illegal down in state %s\n", 2020 SPP_ARGS(ifp), cp->name, 2021 sppp_state_name(sp->state[cp->protoidx])); 2022 } 2023} 2024 2025 2026static void 2027sppp_open_event(const struct cp *cp, struct sppp *sp) 2028{ 2029 STDDCL; 2030 2031 if (debug) 2032 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 2033 SPP_ARGS(ifp), cp->name, 2034 sppp_state_name(sp->state[cp->protoidx])); 2035 2036 switch (sp->state[cp->protoidx]) { 2037 case STATE_INITIAL: 2038 sppp_cp_change_state(cp, sp, STATE_STARTING); 2039 (cp->tls)(sp); 2040 break; 2041 case STATE_STARTING: 2042 break; 2043 case STATE_CLOSED: 2044 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 2045 (cp->scr)(sp); 2046 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2047 break; 2048 case STATE_STOPPED: 2049 /* 2050 * Try escaping stopped state. This seems to bite 2051 * people occasionally, in particular for IPCP, 2052 * presumably following previous IPCP negotiation 2053 * aborts. Somehow, we must have missed a Down event 2054 * which would have caused a transition into starting 2055 * state, so as a bandaid we force the Down event now. 2056 * This effectively implements (something like the) 2057 * `restart' option mentioned in the state transition 2058 * table of RFC 1661. 2059 */ 2060 sppp_cp_change_state(cp, sp, STATE_STARTING); 2061 (cp->tls)(sp); 2062 break; 2063 case STATE_STOPPING: 2064 case STATE_REQ_SENT: 2065 case STATE_ACK_RCVD: 2066 case STATE_ACK_SENT: 2067 case STATE_OPENED: 2068 break; 2069 case STATE_CLOSING: 2070 sppp_cp_change_state(cp, sp, STATE_STOPPING); 2071 break; 2072 } 2073} 2074 2075 2076static void 2077sppp_close_event(const struct cp *cp, struct sppp *sp) 2078{ 2079 STDDCL; 2080 2081 if (debug) 2082 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 2083 SPP_ARGS(ifp), cp->name, 2084 sppp_state_name(sp->state[cp->protoidx])); 2085 2086 switch (sp->state[cp->protoidx]) { 2087 case STATE_INITIAL: 2088 case STATE_CLOSED: 2089 case STATE_CLOSING: 2090 break; 2091 case STATE_STARTING: 2092 sppp_cp_change_state(cp, sp, STATE_INITIAL); 2093 (cp->tlf)(sp); 2094 break; 2095 case STATE_STOPPED: 2096 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2097 break; 2098 case STATE_STOPPING: 2099 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2100 break; 2101 case STATE_OPENED: 2102 (cp->tld)(sp); 2103 /* FALLTHROUGH */ 2104 case STATE_REQ_SENT: 2105 case STATE_ACK_RCVD: 2106 case STATE_ACK_SENT: 2107 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 2108 sppp_cp_send(sp, cp->proto, TERM_REQ, 2109 ++sp->pp_seq[cp->protoidx], 0, 0); 2110 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2111 break; 2112 } 2113} 2114 2115static void 2116sppp_to_event(const struct cp *cp, struct sppp *sp) 2117{ 2118 STDDCL; 2119 int s; 2120 2121 s = splimp(); 2122 SPPP_LOCK(sp); 2123 if (debug) 2124 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 2125 SPP_ARGS(ifp), cp->name, 2126 sppp_state_name(sp->state[cp->protoidx]), 2127 sp->rst_counter[cp->protoidx]); 2128 2129 if (--sp->rst_counter[cp->protoidx] < 0) 2130 /* TO- event */ 2131 switch (sp->state[cp->protoidx]) { 2132 case STATE_CLOSING: 2133 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2134 (cp->tlf)(sp); 2135 break; 2136 case STATE_STOPPING: 2137 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2138 (cp->tlf)(sp); 2139 break; 2140 case STATE_REQ_SENT: 2141 case STATE_ACK_RCVD: 2142 case STATE_ACK_SENT: 2143 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2144 (cp->tlf)(sp); 2145 break; 2146 } 2147 else 2148 /* TO+ event */ 2149 switch (sp->state[cp->protoidx]) { 2150 case STATE_CLOSING: 2151 case STATE_STOPPING: 2152 sppp_cp_send(sp, cp->proto, TERM_REQ, 2153 ++sp->pp_seq[cp->protoidx], 0, 0); 2154 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2155 cp->TO, (void *)sp); 2156 break; 2157 case STATE_REQ_SENT: 2158 case STATE_ACK_RCVD: 2159 (cp->scr)(sp); 2160 /* sppp_cp_change_state() will restart the timer */ 2161 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2162 break; 2163 case STATE_ACK_SENT: 2164 (cp->scr)(sp); 2165 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2166 cp->TO, (void *)sp); 2167 break; 2168 } 2169 2170 SPPP_UNLOCK(sp); 2171 splx(s); 2172} 2173 2174/* 2175 * Change the state of a control protocol in the state automaton. 2176 * Takes care of starting/stopping the restart timer. 2177 */ 2178static void 2179sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2180{ 2181 sp->state[cp->protoidx] = newstate; 2182 2183 callout_stop (&sp->ch[cp->protoidx]); 2184 2185 switch (newstate) { 2186 case STATE_INITIAL: 2187 case STATE_STARTING: 2188 case STATE_CLOSED: 2189 case STATE_STOPPED: 2190 case STATE_OPENED: 2191 break; 2192 case STATE_CLOSING: 2193 case STATE_STOPPING: 2194 case STATE_REQ_SENT: 2195 case STATE_ACK_RCVD: 2196 case STATE_ACK_SENT: 2197 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2198 cp->TO, (void *)sp); 2199 break; 2200 } 2201} 2202 2203/* 2204 *--------------------------------------------------------------------------* 2205 * * 2206 * The LCP implementation. * 2207 * * 2208 *--------------------------------------------------------------------------* 2209 */ 2210static void 2211sppp_pp_up(struct sppp *sp) 2212{ 2213 SPPP_LOCK(sp); 2214 lcp.Up(sp); 2215 SPPP_UNLOCK(sp); 2216} 2217 2218static void 2219sppp_pp_down(struct sppp *sp) 2220{ 2221 SPPP_LOCK(sp); 2222 lcp.Down(sp); 2223 SPPP_UNLOCK(sp); 2224} 2225 2226static void 2227sppp_lcp_init(struct sppp *sp) 2228{ 2229 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2230 sp->lcp.magic = 0; 2231 sp->state[IDX_LCP] = STATE_INITIAL; 2232 sp->fail_counter[IDX_LCP] = 0; 2233 sp->pp_seq[IDX_LCP] = 0; 2234 sp->pp_rseq[IDX_LCP] = 0; 2235 sp->lcp.protos = 0; 2236 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2237 2238 /* Note that these values are relevant for all control protocols */ 2239 sp->lcp.timeout = 3 * hz; 2240 sp->lcp.max_terminate = 2; 2241 sp->lcp.max_configure = 10; 2242 sp->lcp.max_failure = 10; 2243 callout_init(&sp->ch[IDX_LCP], 2244 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 2245} 2246 2247static void 2248sppp_lcp_up(struct sppp *sp) 2249{ 2250 STDDCL; 2251 2252 sp->pp_alivecnt = 0; 2253 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2254 sp->lcp.magic = 0; 2255 sp->lcp.protos = 0; 2256 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2257 /* 2258 * If we are authenticator, negotiate LCP_AUTH 2259 */ 2260 if (sp->hisauth.proto != 0) 2261 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2262 else 2263 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2264 sp->pp_flags &= ~PP_NEEDAUTH; 2265 /* 2266 * If this interface is passive or dial-on-demand, and we are 2267 * still in Initial state, it means we've got an incoming 2268 * call. Activate the interface. 2269 */ 2270 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2271 if (debug) 2272 log(LOG_DEBUG, 2273 SPP_FMT "Up event", SPP_ARGS(ifp)); 2274 ifp->if_drv_flags |= IFF_DRV_RUNNING; 2275 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2276 if (debug) 2277 log(-1, "(incoming call)\n"); 2278 sp->pp_flags |= PP_CALLIN; 2279 lcp.Open(sp); 2280 } else if (debug) 2281 log(-1, "\n"); 2282 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2283 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2284 ifp->if_drv_flags |= IFF_DRV_RUNNING; 2285 lcp.Open(sp); 2286 } 2287 2288 sppp_up_event(&lcp, sp); 2289} 2290 2291static void 2292sppp_lcp_down(struct sppp *sp) 2293{ 2294 STDDCL; 2295 2296 sppp_down_event(&lcp, sp); 2297 2298 /* 2299 * If this is neither a dial-on-demand nor a passive 2300 * interface, simulate an ``ifconfig down'' action, so the 2301 * administrator can force a redial by another ``ifconfig 2302 * up''. XXX For leased line operation, should we immediately 2303 * try to reopen the connection here? 2304 */ 2305 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2306 log(LOG_INFO, 2307 SPP_FMT "Down event, taking interface down.\n", 2308 SPP_ARGS(ifp)); 2309 if_down(ifp); 2310 } else { 2311 if (debug) 2312 log(LOG_DEBUG, 2313 SPP_FMT "Down event (carrier loss)\n", 2314 SPP_ARGS(ifp)); 2315 sp->pp_flags &= ~PP_CALLIN; 2316 if (sp->state[IDX_LCP] != STATE_INITIAL) 2317 lcp.Close(sp); 2318 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 2319 } 2320} 2321 2322static void 2323sppp_lcp_open(struct sppp *sp) 2324{ 2325 sppp_open_event(&lcp, sp); 2326} 2327 2328static void 2329sppp_lcp_close(struct sppp *sp) 2330{ 2331 sppp_close_event(&lcp, sp); 2332} 2333 2334static void 2335sppp_lcp_TO(void *cookie) 2336{ 2337 sppp_to_event(&lcp, (struct sppp *)cookie); 2338} 2339 2340/* 2341 * Analyze a configure request. Return true if it was agreeable, and 2342 * caused action sca, false if it has been rejected or nak'ed, and 2343 * caused action scn. (The return value is used to make the state 2344 * transition decision in the state automaton.) 2345 */ 2346static int 2347sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2348{ 2349 STDDCL; 2350 u_char *buf, *r, *p; 2351 int origlen, rlen; 2352 u_long nmagic; 2353 u_short authproto; 2354 2355 len -= 4; 2356 origlen = len; 2357 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2358 if (! buf) 2359 return (0); 2360 2361 if (debug) 2362 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2363 SPP_ARGS(ifp)); 2364 2365 /* pass 1: check for things that need to be rejected */ 2366 p = (void*) (h+1); 2367 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2368 len-=p[1], p+=p[1]) { 2369 if (debug) 2370 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2371 switch (*p) { 2372 case LCP_OPT_MAGIC: 2373 /* Magic number. */ 2374 if (len >= 6 && p[1] == 6) 2375 continue; 2376 if (debug) 2377 log(-1, "[invalid] "); 2378 break; 2379 case LCP_OPT_ASYNC_MAP: 2380 /* Async control character map. */ 2381 if (len >= 6 && p[1] == 6) 2382 continue; 2383 if (debug) 2384 log(-1, "[invalid] "); 2385 break; 2386 case LCP_OPT_MRU: 2387 /* Maximum receive unit. */ 2388 if (len >= 4 && p[1] == 4) 2389 continue; 2390 if (debug) 2391 log(-1, "[invalid] "); 2392 break; 2393 case LCP_OPT_AUTH_PROTO: 2394 if (len < 4) { 2395 if (debug) 2396 log(-1, "[invalid] "); 2397 break; 2398 } 2399 authproto = (p[2] << 8) + p[3]; 2400 if (authproto == PPP_CHAP && p[1] != 5) { 2401 if (debug) 2402 log(-1, "[invalid chap len] "); 2403 break; 2404 } 2405 if (sp->myauth.proto == 0) { 2406 /* we are not configured to do auth */ 2407 if (debug) 2408 log(-1, "[not configured] "); 2409 break; 2410 } 2411 /* 2412 * Remote want us to authenticate, remember this, 2413 * so we stay in PHASE_AUTHENTICATE after LCP got 2414 * up. 2415 */ 2416 sp->pp_flags |= PP_NEEDAUTH; 2417 continue; 2418 default: 2419 /* Others not supported. */ 2420 if (debug) 2421 log(-1, "[rej] "); 2422 break; 2423 } 2424 /* Add the option to rejected list. */ 2425 bcopy (p, r, p[1]); 2426 r += p[1]; 2427 rlen += p[1]; 2428 } 2429 if (rlen) { 2430 if (debug) 2431 log(-1, " send conf-rej\n"); 2432 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2433 return 0; 2434 } else if (debug) 2435 log(-1, "\n"); 2436 2437 /* 2438 * pass 2: check for option values that are unacceptable and 2439 * thus require to be nak'ed. 2440 */ 2441 if (debug) 2442 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2443 SPP_ARGS(ifp)); 2444 2445 p = (void*) (h+1); 2446 len = origlen; 2447 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2448 len-=p[1], p+=p[1]) { 2449 if (debug) 2450 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2451 switch (*p) { 2452 case LCP_OPT_MAGIC: 2453 /* Magic number -- extract. */ 2454 nmagic = (u_long)p[2] << 24 | 2455 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2456 if (nmagic != sp->lcp.magic) { 2457 sp->pp_loopcnt = 0; 2458 if (debug) 2459 log(-1, "0x%lx ", nmagic); 2460 continue; 2461 } 2462 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2463 log(-1, "[glitch] "); 2464 ++sp->pp_loopcnt; 2465 /* 2466 * We negate our magic here, and NAK it. If 2467 * we see it later in an NAK packet, we 2468 * suggest a new one. 2469 */ 2470 nmagic = ~sp->lcp.magic; 2471 /* Gonna NAK it. */ 2472 p[2] = nmagic >> 24; 2473 p[3] = nmagic >> 16; 2474 p[4] = nmagic >> 8; 2475 p[5] = nmagic; 2476 break; 2477 2478 case LCP_OPT_ASYNC_MAP: 2479 /* 2480 * Async control character map -- just ignore it. 2481 * 2482 * Quote from RFC 1662, chapter 6: 2483 * To enable this functionality, synchronous PPP 2484 * implementations MUST always respond to the 2485 * Async-Control-Character-Map Configuration 2486 * Option with the LCP Configure-Ack. However, 2487 * acceptance of the Configuration Option does 2488 * not imply that the synchronous implementation 2489 * will do any ACCM mapping. Instead, all such 2490 * octet mapping will be performed by the 2491 * asynchronous-to-synchronous converter. 2492 */ 2493 continue; 2494 2495 case LCP_OPT_MRU: 2496 /* 2497 * Maximum receive unit. Always agreeable, 2498 * but ignored by now. 2499 */ 2500 sp->lcp.their_mru = p[2] * 256 + p[3]; 2501 if (debug) 2502 log(-1, "%lu ", sp->lcp.their_mru); 2503 continue; 2504 2505 case LCP_OPT_AUTH_PROTO: 2506 authproto = (p[2] << 8) + p[3]; 2507 if (sp->myauth.proto != authproto) { 2508 /* not agreed, nak */ 2509 if (debug) 2510 log(-1, "[mine %s != his %s] ", 2511 sppp_proto_name(sp->hisauth.proto), 2512 sppp_proto_name(authproto)); 2513 p[2] = sp->myauth.proto >> 8; 2514 p[3] = sp->myauth.proto; 2515 break; 2516 } 2517 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2518 if (debug) 2519 log(-1, "[chap not MD5] "); 2520 p[4] = CHAP_MD5; 2521 break; 2522 } 2523 continue; 2524 } 2525 /* Add the option to nak'ed list. */ 2526 bcopy (p, r, p[1]); 2527 r += p[1]; 2528 rlen += p[1]; 2529 } 2530 if (rlen) { 2531 /* 2532 * Local and remote magics equal -- loopback? 2533 */ 2534 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2535 if (sp->pp_loopcnt == MAXALIVECNT*5) 2536 printf (SPP_FMT "loopback\n", 2537 SPP_ARGS(ifp)); 2538 if (ifp->if_flags & IFF_UP) { 2539 if_down(ifp); 2540 sppp_qflush(&sp->pp_cpq); 2541 /* XXX ? */ 2542 lcp.Down(sp); 2543 lcp.Up(sp); 2544 } 2545 } else if (!sp->pp_loopcnt && 2546 ++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2547 if (debug) 2548 log(-1, " max_failure (%d) exceeded, " 2549 "send conf-rej\n", 2550 sp->lcp.max_failure); 2551 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2552 } else { 2553 if (debug) 2554 log(-1, " send conf-nak\n"); 2555 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2556 } 2557 } else { 2558 if (debug) 2559 log(-1, " send conf-ack\n"); 2560 sp->fail_counter[IDX_LCP] = 0; 2561 sp->pp_loopcnt = 0; 2562 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2563 h->ident, origlen, h+1); 2564 } 2565 2566 free (buf, M_TEMP); 2567 return (rlen == 0); 2568} 2569 2570/* 2571 * Analyze the LCP Configure-Reject option list, and adjust our 2572 * negotiation. 2573 */ 2574static void 2575sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2576{ 2577 STDDCL; 2578 u_char *buf, *p; 2579 2580 len -= 4; 2581 buf = malloc (len, M_TEMP, M_NOWAIT); 2582 if (!buf) 2583 return; 2584 2585 if (debug) 2586 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2587 SPP_ARGS(ifp)); 2588 2589 p = (void*) (h+1); 2590 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 2591 len -= p[1], p += p[1]) { 2592 if (debug) 2593 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2594 switch (*p) { 2595 case LCP_OPT_MAGIC: 2596 /* Magic number -- can't use it, use 0 */ 2597 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2598 sp->lcp.magic = 0; 2599 break; 2600 case LCP_OPT_MRU: 2601 /* 2602 * Should not be rejected anyway, since we only 2603 * negotiate a MRU if explicitly requested by 2604 * peer. 2605 */ 2606 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2607 break; 2608 case LCP_OPT_AUTH_PROTO: 2609 /* 2610 * Peer doesn't want to authenticate himself, 2611 * deny unless this is a dialout call, and 2612 * AUTHFLAG_NOCALLOUT is set. 2613 */ 2614 if ((sp->pp_flags & PP_CALLIN) == 0 && 2615 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2616 if (debug) 2617 log(-1, "[don't insist on auth " 2618 "for callout]"); 2619 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2620 break; 2621 } 2622 if (debug) 2623 log(-1, "[access denied]\n"); 2624 lcp.Close(sp); 2625 break; 2626 } 2627 } 2628 if (debug) 2629 log(-1, "\n"); 2630 free (buf, M_TEMP); 2631 return; 2632} 2633 2634/* 2635 * Analyze the LCP Configure-NAK option list, and adjust our 2636 * negotiation. 2637 */ 2638static void 2639sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2640{ 2641 STDDCL; 2642 u_char *buf, *p; 2643 u_long magic; 2644 2645 len -= 4; 2646 buf = malloc (len, M_TEMP, M_NOWAIT); 2647 if (!buf) 2648 return; 2649 2650 if (debug) 2651 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2652 SPP_ARGS(ifp)); 2653 2654 p = (void*) (h+1); 2655 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 2656 len -= p[1], p += p[1]) { 2657 if (debug) 2658 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2659 switch (*p) { 2660 case LCP_OPT_MAGIC: 2661 /* Magic number -- renegotiate */ 2662 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2663 len >= 6 && p[1] == 6) { 2664 magic = (u_long)p[2] << 24 | 2665 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2666 /* 2667 * If the remote magic is our negated one, 2668 * this looks like a loopback problem. 2669 * Suggest a new magic to make sure. 2670 */ 2671 if (magic == ~sp->lcp.magic) { 2672 if (debug) 2673 log(-1, "magic glitch "); 2674#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2675 sp->lcp.magic = random(); 2676#else 2677 sp->lcp.magic = time.tv_sec + time.tv_usec; 2678#endif 2679 } else { 2680 sp->lcp.magic = magic; 2681 if (debug) 2682 log(-1, "%lu ", magic); 2683 } 2684 } 2685 break; 2686 case LCP_OPT_MRU: 2687 /* 2688 * Peer wants to advise us to negotiate an MRU. 2689 * Agree on it if it's reasonable, or use 2690 * default otherwise. 2691 */ 2692 if (len >= 4 && p[1] == 4) { 2693 u_int mru = p[2] * 256 + p[3]; 2694 if (debug) 2695 log(-1, "%d ", mru); 2696 if (mru < PP_MTU || mru > PP_MAX_MRU) 2697 mru = PP_MTU; 2698 sp->lcp.mru = mru; 2699 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2700 } 2701 break; 2702 case LCP_OPT_AUTH_PROTO: 2703 /* 2704 * Peer doesn't like our authentication method, 2705 * deny. 2706 */ 2707 if (debug) 2708 log(-1, "[access denied]\n"); 2709 lcp.Close(sp); 2710 break; 2711 } 2712 } 2713 if (debug) 2714 log(-1, "\n"); 2715 free (buf, M_TEMP); 2716 return; 2717} 2718 2719static void 2720sppp_lcp_tlu(struct sppp *sp) 2721{ 2722 STDDCL; 2723 int i; 2724 u_long mask; 2725 2726 /* XXX ? */ 2727 if (! (ifp->if_flags & IFF_UP) && 2728 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 2729 /* Coming out of loopback mode. */ 2730 if_up(ifp); 2731 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2732 } 2733 2734 for (i = 0; i < IDX_COUNT; i++) 2735 if ((cps[i])->flags & CP_QUAL) 2736 (cps[i])->Open(sp); 2737 2738 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2739 (sp->pp_flags & PP_NEEDAUTH) != 0) 2740 sp->pp_phase = PHASE_AUTHENTICATE; 2741 else 2742 sp->pp_phase = PHASE_NETWORK; 2743 2744 if (debug) 2745 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2746 sppp_phase_name(sp->pp_phase)); 2747 2748 /* 2749 * Open all authentication protocols. This is even required 2750 * if we already proceeded to network phase, since it might be 2751 * that remote wants us to authenticate, so we might have to 2752 * send a PAP request. Undesired authentication protocols 2753 * don't do anything when they get an Open event. 2754 */ 2755 for (i = 0; i < IDX_COUNT; i++) 2756 if ((cps[i])->flags & CP_AUTH) 2757 (cps[i])->Open(sp); 2758 2759 if (sp->pp_phase == PHASE_NETWORK) { 2760 /* Notify all NCPs. */ 2761 for (i = 0; i < IDX_COUNT; i++) 2762 if (((cps[i])->flags & CP_NCP) && 2763 /* 2764 * XXX 2765 * Hack to administratively disable IPv6 if 2766 * not desired. Perhaps we should have another 2767 * flag for this, but right now, we can make 2768 * all struct cp's read/only. 2769 */ 2770 (cps[i] != &ipv6cp || 2771 (sp->confflags & CONF_ENABLE_IPV6))) 2772 (cps[i])->Open(sp); 2773 } 2774 2775 /* Send Up events to all started protos. */ 2776 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2777 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2778 (cps[i])->Up(sp); 2779 2780 /* notify low-level driver of state change */ 2781 if (sp->pp_chg) 2782 sp->pp_chg(sp, (int)sp->pp_phase); 2783 2784 if (sp->pp_phase == PHASE_NETWORK) 2785 /* if no NCP is starting, close down */ 2786 sppp_lcp_check_and_close(sp); 2787} 2788 2789static void 2790sppp_lcp_tld(struct sppp *sp) 2791{ 2792 STDDCL; 2793 int i; 2794 u_long mask; 2795 2796 sp->pp_phase = PHASE_TERMINATE; 2797 2798 if (debug) 2799 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2800 sppp_phase_name(sp->pp_phase)); 2801 2802 /* 2803 * Take upper layers down. We send the Down event first and 2804 * the Close second to prevent the upper layers from sending 2805 * ``a flurry of terminate-request packets'', as the RFC 2806 * describes it. 2807 */ 2808 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2809 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2810 (cps[i])->Down(sp); 2811 (cps[i])->Close(sp); 2812 } 2813} 2814 2815static void 2816sppp_lcp_tls(struct sppp *sp) 2817{ 2818 STDDCL; 2819 2820 sp->pp_phase = PHASE_ESTABLISH; 2821 2822 if (debug) 2823 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2824 sppp_phase_name(sp->pp_phase)); 2825 2826 /* Notify lower layer if desired. */ 2827 if (sp->pp_tls) 2828 (sp->pp_tls)(sp); 2829 else 2830 (sp->pp_up)(sp); 2831} 2832 2833static void 2834sppp_lcp_tlf(struct sppp *sp) 2835{ 2836 STDDCL; 2837 2838 sp->pp_phase = PHASE_DEAD; 2839 if (debug) 2840 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2841 sppp_phase_name(sp->pp_phase)); 2842 2843 /* Notify lower layer if desired. */ 2844 if (sp->pp_tlf) 2845 (sp->pp_tlf)(sp); 2846 else 2847 (sp->pp_down)(sp); 2848} 2849 2850static void 2851sppp_lcp_scr(struct sppp *sp) 2852{ 2853 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2854 int i = 0; 2855 u_short authproto; 2856 2857 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2858 if (! sp->lcp.magic) 2859#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2860 sp->lcp.magic = random(); 2861#else 2862 sp->lcp.magic = time.tv_sec + time.tv_usec; 2863#endif 2864 opt[i++] = LCP_OPT_MAGIC; 2865 opt[i++] = 6; 2866 opt[i++] = sp->lcp.magic >> 24; 2867 opt[i++] = sp->lcp.magic >> 16; 2868 opt[i++] = sp->lcp.magic >> 8; 2869 opt[i++] = sp->lcp.magic; 2870 } 2871 2872 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2873 opt[i++] = LCP_OPT_MRU; 2874 opt[i++] = 4; 2875 opt[i++] = sp->lcp.mru >> 8; 2876 opt[i++] = sp->lcp.mru; 2877 } 2878 2879 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2880 authproto = sp->hisauth.proto; 2881 opt[i++] = LCP_OPT_AUTH_PROTO; 2882 opt[i++] = authproto == PPP_CHAP? 5: 4; 2883 opt[i++] = authproto >> 8; 2884 opt[i++] = authproto; 2885 if (authproto == PPP_CHAP) 2886 opt[i++] = CHAP_MD5; 2887 } 2888 2889 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2890 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2891} 2892 2893/* 2894 * Check the open NCPs, return true if at least one NCP is open. 2895 */ 2896static int 2897sppp_ncp_check(struct sppp *sp) 2898{ 2899 int i, mask; 2900 2901 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2902 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2903 return 1; 2904 return 0; 2905} 2906 2907/* 2908 * Re-check the open NCPs and see if we should terminate the link. 2909 * Called by the NCPs during their tlf action handling. 2910 */ 2911static void 2912sppp_lcp_check_and_close(struct sppp *sp) 2913{ 2914 2915 if (sp->pp_phase < PHASE_NETWORK) 2916 /* don't bother, we are already going down */ 2917 return; 2918 2919 if (sppp_ncp_check(sp)) 2920 return; 2921 2922 lcp.Close(sp); 2923} 2924 2925/* 2926 *--------------------------------------------------------------------------* 2927 * * 2928 * The IPCP implementation. * 2929 * * 2930 *--------------------------------------------------------------------------* 2931 */ 2932 2933static void 2934sppp_ipcp_init(struct sppp *sp) 2935{ 2936 sp->ipcp.opts = 0; 2937 sp->ipcp.flags = 0; 2938 sp->state[IDX_IPCP] = STATE_INITIAL; 2939 sp->fail_counter[IDX_IPCP] = 0; 2940 sp->pp_seq[IDX_IPCP] = 0; 2941 sp->pp_rseq[IDX_IPCP] = 0; 2942 callout_init(&sp->ch[IDX_IPCP], 2943 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 2944} 2945 2946static void 2947sppp_ipcp_up(struct sppp *sp) 2948{ 2949 sppp_up_event(&ipcp, sp); 2950} 2951 2952static void 2953sppp_ipcp_down(struct sppp *sp) 2954{ 2955 sppp_down_event(&ipcp, sp); 2956} 2957 2958static void 2959sppp_ipcp_open(struct sppp *sp) 2960{ 2961 STDDCL; 2962 u_long myaddr, hisaddr; 2963 2964 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN | 2965 IPCP_MYADDR_DYN | IPCP_VJ); 2966 sp->ipcp.opts = 0; 2967 2968 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2969 /* 2970 * If we don't have his address, this probably means our 2971 * interface doesn't want to talk IP at all. (This could 2972 * be the case if somebody wants to speak only IPX, for 2973 * example.) Don't open IPCP in this case. 2974 */ 2975 if (hisaddr == 0L) { 2976 /* XXX this message should go away */ 2977 if (debug) 2978 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2979 SPP_ARGS(ifp)); 2980 return; 2981 } 2982 if (myaddr == 0L) { 2983 /* 2984 * I don't have an assigned address, so i need to 2985 * negotiate my address. 2986 */ 2987 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2988 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2989 } else 2990 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2991 if (sp->confflags & CONF_ENABLE_VJ) { 2992 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION); 2993 sp->ipcp.max_state = MAX_STATES - 1; 2994 sp->ipcp.compress_cid = 1; 2995 } 2996 sppp_open_event(&ipcp, sp); 2997} 2998 2999static void 3000sppp_ipcp_close(struct sppp *sp) 3001{ 3002 sppp_close_event(&ipcp, sp); 3003 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 3004 /* 3005 * My address was dynamic, clear it again. 3006 */ 3007 sppp_set_ip_addr(sp, 0L); 3008} 3009 3010static void 3011sppp_ipcp_TO(void *cookie) 3012{ 3013 sppp_to_event(&ipcp, (struct sppp *)cookie); 3014} 3015 3016/* 3017 * Analyze a configure request. Return true if it was agreeable, and 3018 * caused action sca, false if it has been rejected or nak'ed, and 3019 * caused action scn. (The return value is used to make the state 3020 * transition decision in the state automaton.) 3021 */ 3022static int 3023sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3024{ 3025 u_char *buf, *r, *p; 3026 struct ifnet *ifp = SP2IFP(sp); 3027 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3028 u_long hisaddr, desiredaddr; 3029 int gotmyaddr = 0; 3030 int desiredcomp; 3031 3032 len -= 4; 3033 origlen = len; 3034 /* 3035 * Make sure to allocate a buf that can at least hold a 3036 * conf-nak with an `address' option. We might need it below. 3037 */ 3038 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3039 if (! buf) 3040 return (0); 3041 3042 /* pass 1: see if we can recognize them */ 3043 if (debug) 3044 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 3045 SPP_ARGS(ifp)); 3046 p = (void*) (h+1); 3047 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3048 len-=p[1], p+=p[1]) { 3049 if (debug) 3050 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3051 switch (*p) { 3052 case IPCP_OPT_COMPRESSION: 3053 if (!(sp->confflags & CONF_ENABLE_VJ)) { 3054 /* VJ compression administratively disabled */ 3055 if (debug) 3056 log(-1, "[locally disabled] "); 3057 break; 3058 } 3059 /* 3060 * In theory, we should only conf-rej an 3061 * option that is shorter than RFC 1618 3062 * requires (i.e. < 4), and should conf-nak 3063 * anything else that is not VJ. However, 3064 * since our algorithm always uses the 3065 * original option to NAK it with new values, 3066 * things would become more complicated. In 3067 * pratice, the only commonly implemented IP 3068 * compression option is VJ anyway, so the 3069 * difference is negligible. 3070 */ 3071 if (len >= 6 && p[1] == 6) { 3072 /* 3073 * correctly formed compression option 3074 * that could be VJ compression 3075 */ 3076 continue; 3077 } 3078 if (debug) 3079 log(-1, 3080 "optlen %d [invalid/unsupported] ", 3081 p[1]); 3082 break; 3083 case IPCP_OPT_ADDRESS: 3084 if (len >= 6 && p[1] == 6) { 3085 /* correctly formed address option */ 3086 continue; 3087 } 3088 if (debug) 3089 log(-1, "[invalid] "); 3090 break; 3091 default: 3092 /* Others not supported. */ 3093 if (debug) 3094 log(-1, "[rej] "); 3095 break; 3096 } 3097 /* Add the option to rejected list. */ 3098 bcopy (p, r, p[1]); 3099 r += p[1]; 3100 rlen += p[1]; 3101 } 3102 if (rlen) { 3103 if (debug) 3104 log(-1, " send conf-rej\n"); 3105 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 3106 return 0; 3107 } else if (debug) 3108 log(-1, "\n"); 3109 3110 /* pass 2: parse option values */ 3111 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 3112 if (debug) 3113 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 3114 SPP_ARGS(ifp)); 3115 p = (void*) (h+1); 3116 len = origlen; 3117 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3118 len-=p[1], p+=p[1]) { 3119 if (debug) 3120 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3121 switch (*p) { 3122 case IPCP_OPT_COMPRESSION: 3123 desiredcomp = p[2] << 8 | p[3]; 3124 /* We only support VJ */ 3125 if (desiredcomp == IPCP_COMP_VJ) { 3126 if (debug) 3127 log(-1, "VJ [ack] "); 3128 sp->ipcp.flags |= IPCP_VJ; 3129 sl_compress_init(sp->pp_comp, p[4]); 3130 sp->ipcp.max_state = p[4]; 3131 sp->ipcp.compress_cid = p[5]; 3132 continue; 3133 } 3134 if (debug) 3135 log(-1, 3136 "compproto %#04x [not supported] ", 3137 desiredcomp); 3138 p[2] = IPCP_COMP_VJ >> 8; 3139 p[3] = IPCP_COMP_VJ; 3140 p[4] = sp->ipcp.max_state; 3141 p[5] = sp->ipcp.compress_cid; 3142 break; 3143 case IPCP_OPT_ADDRESS: 3144 /* This is the address he wants in his end */ 3145 desiredaddr = p[2] << 24 | p[3] << 16 | 3146 p[4] << 8 | p[5]; 3147 if (desiredaddr == hisaddr || 3148 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) { 3149 /* 3150 * Peer's address is same as our value, 3151 * or we have set it to 0.0.0.* to 3152 * indicate that we do not really care, 3153 * this is agreeable. Gonna conf-ack 3154 * it. 3155 */ 3156 if (debug) 3157 log(-1, "%s [ack] ", 3158 sppp_dotted_quad(hisaddr)); 3159 /* record that we've seen it already */ 3160 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3161 continue; 3162 } 3163 /* 3164 * The address wasn't agreeable. This is either 3165 * he sent us 0.0.0.0, asking to assign him an 3166 * address, or he send us another address not 3167 * matching our value. Either case, we gonna 3168 * conf-nak it with our value. 3169 * XXX: we should "rej" if hisaddr == 0 3170 */ 3171 if (debug) { 3172 if (desiredaddr == 0) 3173 log(-1, "[addr requested] "); 3174 else 3175 log(-1, "%s [not agreed] ", 3176 sppp_dotted_quad(desiredaddr)); 3177 3178 } 3179 p[2] = hisaddr >> 24; 3180 p[3] = hisaddr >> 16; 3181 p[4] = hisaddr >> 8; 3182 p[5] = hisaddr; 3183 break; 3184 } 3185 /* Add the option to nak'ed list. */ 3186 bcopy (p, r, p[1]); 3187 r += p[1]; 3188 rlen += p[1]; 3189 } 3190 3191 /* 3192 * If we are about to conf-ack the request, but haven't seen 3193 * his address so far, gonna conf-nak it instead, with the 3194 * `address' option present and our idea of his address being 3195 * filled in there, to request negotiation of both addresses. 3196 * 3197 * XXX This can result in an endless req - nak loop if peer 3198 * doesn't want to send us his address. Q: What should we do 3199 * about it? XXX A: implement the max-failure counter. 3200 */ 3201 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 3202 buf[0] = IPCP_OPT_ADDRESS; 3203 buf[1] = 6; 3204 buf[2] = hisaddr >> 24; 3205 buf[3] = hisaddr >> 16; 3206 buf[4] = hisaddr >> 8; 3207 buf[5] = hisaddr; 3208 rlen = 6; 3209 if (debug) 3210 log(-1, "still need hisaddr "); 3211 } 3212 3213 if (rlen) { 3214 if (debug) 3215 log(-1, " send conf-nak\n"); 3216 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3217 } else { 3218 if (debug) 3219 log(-1, " send conf-ack\n"); 3220 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 3221 h->ident, origlen, h+1); 3222 } 3223 3224 free (buf, M_TEMP); 3225 return (rlen == 0); 3226} 3227 3228/* 3229 * Analyze the IPCP Configure-Reject option list, and adjust our 3230 * negotiation. 3231 */ 3232static void 3233sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3234{ 3235 u_char *buf, *p; 3236 struct ifnet *ifp = SP2IFP(sp); 3237 int debug = ifp->if_flags & IFF_DEBUG; 3238 3239 len -= 4; 3240 buf = malloc (len, M_TEMP, M_NOWAIT); 3241 if (!buf) 3242 return; 3243 3244 if (debug) 3245 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 3246 SPP_ARGS(ifp)); 3247 3248 p = (void*) (h+1); 3249 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3250 len -= p[1], p += p[1]) { 3251 if (debug) 3252 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3253 switch (*p) { 3254 case IPCP_OPT_COMPRESSION: 3255 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION); 3256 break; 3257 case IPCP_OPT_ADDRESS: 3258 /* 3259 * Peer doesn't grok address option. This is 3260 * bad. XXX Should we better give up here? 3261 * XXX We could try old "addresses" option... 3262 */ 3263 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3264 break; 3265 } 3266 } 3267 if (debug) 3268 log(-1, "\n"); 3269 free (buf, M_TEMP); 3270 return; 3271} 3272 3273/* 3274 * Analyze the IPCP Configure-NAK option list, and adjust our 3275 * negotiation. 3276 */ 3277static void 3278sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3279{ 3280 u_char *buf, *p; 3281 struct ifnet *ifp = SP2IFP(sp); 3282 int debug = ifp->if_flags & IFF_DEBUG; 3283 int desiredcomp; 3284 u_long wantaddr; 3285 3286 len -= 4; 3287 buf = malloc (len, M_TEMP, M_NOWAIT); 3288 if (!buf) 3289 return; 3290 3291 if (debug) 3292 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 3293 SPP_ARGS(ifp)); 3294 3295 p = (void*) (h+1); 3296 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3297 len -= p[1], p += p[1]) { 3298 if (debug) 3299 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3300 switch (*p) { 3301 case IPCP_OPT_COMPRESSION: 3302 if (len >= 6 && p[1] == 6) { 3303 desiredcomp = p[2] << 8 | p[3]; 3304 if (debug) 3305 log(-1, "[wantcomp %#04x] ", 3306 desiredcomp); 3307 if (desiredcomp == IPCP_COMP_VJ) { 3308 sl_compress_init(sp->pp_comp, p[4]); 3309 sp->ipcp.max_state = p[4]; 3310 sp->ipcp.compress_cid = p[5]; 3311 if (debug) 3312 log(-1, "[agree] "); 3313 } else 3314 sp->ipcp.opts &= 3315 ~(1 << IPCP_OPT_COMPRESSION); 3316 } 3317 break; 3318 case IPCP_OPT_ADDRESS: 3319 /* 3320 * Peer doesn't like our local IP address. See 3321 * if we can do something for him. We'll drop 3322 * him our address then. 3323 */ 3324 if (len >= 6 && p[1] == 6) { 3325 wantaddr = p[2] << 24 | p[3] << 16 | 3326 p[4] << 8 | p[5]; 3327 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3328 if (debug) 3329 log(-1, "[wantaddr %s] ", 3330 sppp_dotted_quad(wantaddr)); 3331 /* 3332 * When doing dynamic address assignment, 3333 * we accept his offer. Otherwise, we 3334 * ignore it and thus continue to negotiate 3335 * our already existing value. 3336 * XXX: Bogus, if he said no once, he'll 3337 * just say no again, might as well die. 3338 */ 3339 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3340 sppp_set_ip_addr(sp, wantaddr); 3341 if (debug) 3342 log(-1, "[agree] "); 3343 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3344 } 3345 } 3346 break; 3347 } 3348 } 3349 if (debug) 3350 log(-1, "\n"); 3351 free (buf, M_TEMP); 3352 return; 3353} 3354 3355static void 3356sppp_ipcp_tlu(struct sppp *sp) 3357{ 3358 /* we are up - notify isdn daemon */ 3359 if (sp->pp_con) 3360 sp->pp_con(sp); 3361} 3362 3363static void 3364sppp_ipcp_tld(struct sppp *sp) 3365{ 3366} 3367 3368static void 3369sppp_ipcp_tls(struct sppp *sp) 3370{ 3371 /* indicate to LCP that it must stay alive */ 3372 sp->lcp.protos |= (1 << IDX_IPCP); 3373} 3374 3375static void 3376sppp_ipcp_tlf(struct sppp *sp) 3377{ 3378 /* we no longer need LCP */ 3379 sp->lcp.protos &= ~(1 << IDX_IPCP); 3380 sppp_lcp_check_and_close(sp); 3381} 3382 3383static void 3384sppp_ipcp_scr(struct sppp *sp) 3385{ 3386 char opt[6 /* compression */ + 6 /* address */]; 3387 u_long ouraddr; 3388 int i = 0; 3389 3390 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3391 opt[i++] = IPCP_OPT_COMPRESSION; 3392 opt[i++] = 6; 3393 opt[i++] = IPCP_COMP_VJ >> 8; 3394 opt[i++] = IPCP_COMP_VJ; 3395 opt[i++] = sp->ipcp.max_state; 3396 opt[i++] = sp->ipcp.compress_cid; 3397 } 3398 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3399 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3400 opt[i++] = IPCP_OPT_ADDRESS; 3401 opt[i++] = 6; 3402 opt[i++] = ouraddr >> 24; 3403 opt[i++] = ouraddr >> 16; 3404 opt[i++] = ouraddr >> 8; 3405 opt[i++] = ouraddr; 3406 } 3407 3408 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3409 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3410} 3411 3412/* 3413 *--------------------------------------------------------------------------* 3414 * * 3415 * The IPv6CP implementation. * 3416 * * 3417 *--------------------------------------------------------------------------* 3418 */ 3419 3420#ifdef INET6 3421static void 3422sppp_ipv6cp_init(struct sppp *sp) 3423{ 3424 sp->ipv6cp.opts = 0; 3425 sp->ipv6cp.flags = 0; 3426 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3427 sp->fail_counter[IDX_IPV6CP] = 0; 3428 sp->pp_seq[IDX_IPV6CP] = 0; 3429 sp->pp_rseq[IDX_IPV6CP] = 0; 3430 callout_init(&sp->ch[IDX_IPV6CP], 3431 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 3432} 3433 3434static void 3435sppp_ipv6cp_up(struct sppp *sp) 3436{ 3437 sppp_up_event(&ipv6cp, sp); 3438} 3439 3440static void 3441sppp_ipv6cp_down(struct sppp *sp) 3442{ 3443 sppp_down_event(&ipv6cp, sp); 3444} 3445 3446static void 3447sppp_ipv6cp_open(struct sppp *sp) 3448{ 3449 STDDCL; 3450 struct in6_addr myaddr, hisaddr; 3451 3452#ifdef IPV6CP_MYIFID_DYN 3453 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3454#else 3455 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3456#endif 3457 3458 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3459 /* 3460 * If we don't have our address, this probably means our 3461 * interface doesn't want to talk IPv6 at all. (This could 3462 * be the case if somebody wants to speak only IPX, for 3463 * example.) Don't open IPv6CP in this case. 3464 */ 3465 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3466 /* XXX this message should go away */ 3467 if (debug) 3468 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3469 SPP_ARGS(ifp)); 3470 return; 3471 } 3472 3473 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3474 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3475 sppp_open_event(&ipv6cp, sp); 3476} 3477 3478static void 3479sppp_ipv6cp_close(struct sppp *sp) 3480{ 3481 sppp_close_event(&ipv6cp, sp); 3482} 3483 3484static void 3485sppp_ipv6cp_TO(void *cookie) 3486{ 3487 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3488} 3489 3490/* 3491 * Analyze a configure request. Return true if it was agreeable, and 3492 * caused action sca, false if it has been rejected or nak'ed, and 3493 * caused action scn. (The return value is used to make the state 3494 * transition decision in the state automaton.) 3495 */ 3496static int 3497sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3498{ 3499 u_char *buf, *r, *p; 3500 struct ifnet *ifp = SP2IFP(sp); 3501 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3502 struct in6_addr myaddr, desiredaddr, suggestaddr; 3503 int ifidcount; 3504 int type; 3505 int collision, nohisaddr; 3506 char ip6buf[INET6_ADDRSTRLEN]; 3507 3508 len -= 4; 3509 origlen = len; 3510 /* 3511 * Make sure to allocate a buf that can at least hold a 3512 * conf-nak with an `address' option. We might need it below. 3513 */ 3514 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3515 if (! buf) 3516 return (0); 3517 3518 /* pass 1: see if we can recognize them */ 3519 if (debug) 3520 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3521 SPP_ARGS(ifp)); 3522 p = (void*) (h+1); 3523 ifidcount = 0; 3524 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3525 len-=p[1], p+=p[1]) { 3526 if (debug) 3527 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3528 switch (*p) { 3529 case IPV6CP_OPT_IFID: 3530 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3531 /* correctly formed address option */ 3532 ifidcount++; 3533 continue; 3534 } 3535 if (debug) 3536 log(-1, " [invalid]"); 3537 break; 3538#ifdef notyet 3539 case IPV6CP_OPT_COMPRESSION: 3540 if (len >= 4 && p[1] >= 4) { 3541 /* correctly formed compress option */ 3542 continue; 3543 } 3544 if (debug) 3545 log(-1, " [invalid]"); 3546 break; 3547#endif 3548 default: 3549 /* Others not supported. */ 3550 if (debug) 3551 log(-1, " [rej]"); 3552 break; 3553 } 3554 /* Add the option to rejected list. */ 3555 bcopy (p, r, p[1]); 3556 r += p[1]; 3557 rlen += p[1]; 3558 } 3559 if (rlen) { 3560 if (debug) 3561 log(-1, " send conf-rej\n"); 3562 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3563 goto end; 3564 } else if (debug) 3565 log(-1, "\n"); 3566 3567 /* pass 2: parse option values */ 3568 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3569 if (debug) 3570 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3571 SPP_ARGS(ifp)); 3572 p = (void*) (h+1); 3573 len = origlen; 3574 type = CONF_ACK; 3575 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3576 len-=p[1], p+=p[1]) { 3577 if (debug) 3578 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3579 switch (*p) { 3580#ifdef notyet 3581 case IPV6CP_OPT_COMPRESSION: 3582 continue; 3583#endif 3584 case IPV6CP_OPT_IFID: 3585 bzero(&desiredaddr, sizeof(desiredaddr)); 3586 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3587 collision = (bcmp(&desiredaddr.s6_addr[8], 3588 &myaddr.s6_addr[8], 8) == 0); 3589 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3590 3591 desiredaddr.s6_addr16[0] = htons(0xfe80); 3592 (void)in6_setscope(&desiredaddr, SP2IFP(sp), NULL); 3593 3594 if (!collision && !nohisaddr) { 3595 /* no collision, hisaddr known - Conf-Ack */ 3596 type = CONF_ACK; 3597 3598 if (debug) { 3599 log(-1, " %s [%s]", 3600 ip6_sprintf(ip6buf, &desiredaddr), 3601 sppp_cp_type_name(type)); 3602 } 3603 continue; 3604 } 3605 3606 bzero(&suggestaddr, sizeof(&suggestaddr)); 3607 if (collision && nohisaddr) { 3608 /* collision, hisaddr unknown - Conf-Rej */ 3609 type = CONF_REJ; 3610 bzero(&p[2], 8); 3611 } else { 3612 /* 3613 * - no collision, hisaddr unknown, or 3614 * - collision, hisaddr known 3615 * Conf-Nak, suggest hisaddr 3616 */ 3617 type = CONF_NAK; 3618 sppp_suggest_ip6_addr(sp, &suggestaddr); 3619 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3620 } 3621 if (debug) 3622 log(-1, " %s [%s]", 3623 ip6_sprintf(ip6buf, &desiredaddr), 3624 sppp_cp_type_name(type)); 3625 break; 3626 } 3627 /* Add the option to nak'ed list. */ 3628 bcopy (p, r, p[1]); 3629 r += p[1]; 3630 rlen += p[1]; 3631 } 3632 3633 if (rlen == 0 && type == CONF_ACK) { 3634 if (debug) 3635 log(-1, " send %s\n", sppp_cp_type_name(type)); 3636 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3637 } else { 3638#ifdef DIAGNOSTIC 3639 if (type == CONF_ACK) 3640 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3641#endif 3642 3643 if (debug) { 3644 log(-1, " send %s suggest %s\n", 3645 sppp_cp_type_name(type), 3646 ip6_sprintf(ip6buf, &suggestaddr)); 3647 } 3648 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3649 } 3650 3651 end: 3652 free (buf, M_TEMP); 3653 return (rlen == 0); 3654} 3655 3656/* 3657 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3658 * negotiation. 3659 */ 3660static void 3661sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3662{ 3663 u_char *buf, *p; 3664 struct ifnet *ifp = SP2IFP(sp); 3665 int debug = ifp->if_flags & IFF_DEBUG; 3666 3667 len -= 4; 3668 buf = malloc (len, M_TEMP, M_NOWAIT); 3669 if (!buf) 3670 return; 3671 3672 if (debug) 3673 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3674 SPP_ARGS(ifp)); 3675 3676 p = (void*) (h+1); 3677 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3678 len -= p[1], p += p[1]) { 3679 if (debug) 3680 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3681 switch (*p) { 3682 case IPV6CP_OPT_IFID: 3683 /* 3684 * Peer doesn't grok address option. This is 3685 * bad. XXX Should we better give up here? 3686 */ 3687 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3688 break; 3689#ifdef notyet 3690 case IPV6CP_OPT_COMPRESS: 3691 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3692 break; 3693#endif 3694 } 3695 } 3696 if (debug) 3697 log(-1, "\n"); 3698 free (buf, M_TEMP); 3699 return; 3700} 3701 3702/* 3703 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3704 * negotiation. 3705 */ 3706static void 3707sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3708{ 3709 u_char *buf, *p; 3710 struct ifnet *ifp = SP2IFP(sp); 3711 int debug = ifp->if_flags & IFF_DEBUG; 3712 struct in6_addr suggestaddr; 3713 char ip6buf[INET6_ADDRSTRLEN]; 3714 3715 len -= 4; 3716 buf = malloc (len, M_TEMP, M_NOWAIT); 3717 if (!buf) 3718 return; 3719 3720 if (debug) 3721 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3722 SPP_ARGS(ifp)); 3723 3724 p = (void*) (h+1); 3725 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3726 len -= p[1], p += p[1]) { 3727 if (debug) 3728 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3729 switch (*p) { 3730 case IPV6CP_OPT_IFID: 3731 /* 3732 * Peer doesn't like our local ifid. See 3733 * if we can do something for him. We'll drop 3734 * him our address then. 3735 */ 3736 if (len < 10 || p[1] != 10) 3737 break; 3738 bzero(&suggestaddr, sizeof(suggestaddr)); 3739 suggestaddr.s6_addr16[0] = htons(0xfe80); 3740 (void)in6_setscope(&suggestaddr, SP2IFP(sp), NULL); 3741 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3742 3743 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3744 if (debug) 3745 log(-1, " [suggestaddr %s]", 3746 ip6_sprintf(ip6buf, &suggestaddr)); 3747#ifdef IPV6CP_MYIFID_DYN 3748 /* 3749 * When doing dynamic address assignment, 3750 * we accept his offer. 3751 */ 3752 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3753 struct in6_addr lastsuggest; 3754 /* 3755 * If <suggested myaddr from peer> equals to 3756 * <hisaddr we have suggested last time>, 3757 * we have a collision. generate new random 3758 * ifid. 3759 */ 3760 sppp_suggest_ip6_addr(&lastsuggest); 3761 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3762 lastsuggest)) { 3763 if (debug) 3764 log(-1, " [random]"); 3765 sppp_gen_ip6_addr(sp, &suggestaddr); 3766 } 3767 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3768 if (debug) 3769 log(-1, " [agree]"); 3770 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3771 } 3772#else 3773 /* 3774 * Since we do not do dynamic address assignment, 3775 * we ignore it and thus continue to negotiate 3776 * our already existing value. This can possibly 3777 * go into infinite request-reject loop. 3778 * 3779 * This is not likely because we normally use 3780 * ifid based on MAC-address. 3781 * If you have no ethernet card on the node, too bad. 3782 * XXX should we use fail_counter? 3783 */ 3784#endif 3785 break; 3786#ifdef notyet 3787 case IPV6CP_OPT_COMPRESS: 3788 /* 3789 * Peer wants different compression parameters. 3790 */ 3791 break; 3792#endif 3793 } 3794 } 3795 if (debug) 3796 log(-1, "\n"); 3797 free (buf, M_TEMP); 3798 return; 3799} 3800static void 3801sppp_ipv6cp_tlu(struct sppp *sp) 3802{ 3803 /* we are up - notify isdn daemon */ 3804 if (sp->pp_con) 3805 sp->pp_con(sp); 3806} 3807 3808static void 3809sppp_ipv6cp_tld(struct sppp *sp) 3810{ 3811} 3812 3813static void 3814sppp_ipv6cp_tls(struct sppp *sp) 3815{ 3816 /* indicate to LCP that it must stay alive */ 3817 sp->lcp.protos |= (1 << IDX_IPV6CP); 3818} 3819 3820static void 3821sppp_ipv6cp_tlf(struct sppp *sp) 3822{ 3823 3824#if 0 /* need #if 0 to close IPv6CP properly */ 3825 /* we no longer need LCP */ 3826 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3827 sppp_lcp_check_and_close(sp); 3828#endif 3829} 3830 3831static void 3832sppp_ipv6cp_scr(struct sppp *sp) 3833{ 3834 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3835 struct in6_addr ouraddr; 3836 int i = 0; 3837 3838 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3839 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3840 opt[i++] = IPV6CP_OPT_IFID; 3841 opt[i++] = 10; 3842 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3843 i += 8; 3844 } 3845 3846#ifdef notyet 3847 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3848 opt[i++] = IPV6CP_OPT_COMPRESSION; 3849 opt[i++] = 4; 3850 opt[i++] = 0; /* TBD */ 3851 opt[i++] = 0; /* TBD */ 3852 /* variable length data may follow */ 3853 } 3854#endif 3855 3856 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3857 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3858} 3859#else /*INET6*/ 3860static void sppp_ipv6cp_init(struct sppp *sp) 3861{ 3862} 3863 3864static void sppp_ipv6cp_up(struct sppp *sp) 3865{ 3866} 3867 3868static void sppp_ipv6cp_down(struct sppp *sp) 3869{ 3870} 3871 3872 3873static void sppp_ipv6cp_open(struct sppp *sp) 3874{ 3875} 3876 3877static void sppp_ipv6cp_close(struct sppp *sp) 3878{ 3879} 3880 3881static void sppp_ipv6cp_TO(void *sp) 3882{ 3883} 3884 3885static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3886{ 3887 return 0; 3888} 3889 3890static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3891{ 3892} 3893 3894static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3895{ 3896} 3897 3898static void sppp_ipv6cp_tlu(struct sppp *sp) 3899{ 3900} 3901 3902static void sppp_ipv6cp_tld(struct sppp *sp) 3903{ 3904} 3905 3906static void sppp_ipv6cp_tls(struct sppp *sp) 3907{ 3908} 3909 3910static void sppp_ipv6cp_tlf(struct sppp *sp) 3911{ 3912} 3913 3914static void sppp_ipv6cp_scr(struct sppp *sp) 3915{ 3916} 3917#endif /*INET6*/ 3918 3919/* 3920 *--------------------------------------------------------------------------* 3921 * * 3922 * The CHAP implementation. * 3923 * * 3924 *--------------------------------------------------------------------------* 3925 */ 3926 3927/* 3928 * The authentication protocols don't employ a full-fledged state machine as 3929 * the control protocols do, since they do have Open and Close events, but 3930 * not Up and Down, nor are they explicitly terminated. Also, use of the 3931 * authentication protocols may be different in both directions (this makes 3932 * sense, think of a machine that never accepts incoming calls but only 3933 * calls out, it doesn't require the called party to authenticate itself). 3934 * 3935 * Our state machine for the local authentication protocol (we are requesting 3936 * the peer to authenticate) looks like: 3937 * 3938 * RCA- 3939 * +--------------------------------------------+ 3940 * V scn,tld| 3941 * +--------+ Close +---------+ RCA+ 3942 * | |<----------------------------------| |------+ 3943 * +--->| Closed | TO* | Opened | sca | 3944 * | | |-----+ +-------| |<-----+ 3945 * | +--------+ irc | | +---------+ 3946 * | ^ | | ^ 3947 * | | | | | 3948 * | | | | | 3949 * | TO-| | | | 3950 * | |tld TO+ V | | 3951 * | | +------->+ | | 3952 * | | | | | | 3953 * | +--------+ V | | 3954 * | | |<----+<--------------------+ | 3955 * | | Req- | scr | 3956 * | | Sent | | 3957 * | | | | 3958 * | +--------+ | 3959 * | RCA- | | RCA+ | 3960 * +------+ +------------------------------------------+ 3961 * scn,tld sca,irc,ict,tlu 3962 * 3963 * 3964 * with: 3965 * 3966 * Open: LCP reached authentication phase 3967 * Close: LCP reached terminate phase 3968 * 3969 * RCA+: received reply (pap-req, chap-response), acceptable 3970 * RCN: received reply (pap-req, chap-response), not acceptable 3971 * TO+: timeout with restart counter >= 0 3972 * TO-: timeout with restart counter < 0 3973 * TO*: reschedule timeout for CHAP 3974 * 3975 * scr: send request packet (none for PAP, chap-challenge) 3976 * sca: send ack packet (pap-ack, chap-success) 3977 * scn: send nak packet (pap-nak, chap-failure) 3978 * ict: initialize re-challenge timer (CHAP only) 3979 * 3980 * tlu: this-layer-up, LCP reaches network phase 3981 * tld: this-layer-down, LCP enters terminate phase 3982 * 3983 * Note that in CHAP mode, after sending a new challenge, while the state 3984 * automaton falls back into Req-Sent state, it doesn't signal a tld 3985 * event to LCP, so LCP remains in network phase. Only after not getting 3986 * any response (or after getting an unacceptable response), CHAP closes, 3987 * causing LCP to enter terminate phase. 3988 * 3989 * With PAP, there is no initial request that can be sent. The peer is 3990 * expected to send one based on the successful negotiation of PAP as 3991 * the authentication protocol during the LCP option negotiation. 3992 * 3993 * Incoming authentication protocol requests (remote requests 3994 * authentication, we are peer) don't employ a state machine at all, 3995 * they are simply answered. Some peers [Ascend P50 firmware rev 3996 * 4.50] react allergically when sending IPCP requests while they are 3997 * still in authentication phase (thereby violating the standard that 3998 * demands that these NCP packets are to be discarded), so we keep 3999 * track of the peer demanding us to authenticate, and only proceed to 4000 * phase network once we've seen a positive acknowledge for the 4001 * authentication. 4002 */ 4003 4004/* 4005 * Handle incoming CHAP packets. 4006 */ 4007static void 4008sppp_chap_input(struct sppp *sp, struct mbuf *m) 4009{ 4010 STDDCL; 4011 struct lcp_header *h; 4012 int len, x; 4013 u_char *value, *name, digest[AUTHKEYLEN], dsize; 4014 int value_len, name_len; 4015 MD5_CTX ctx; 4016 4017 len = m->m_pkthdr.len; 4018 if (len < 4) { 4019 if (debug) 4020 log(LOG_DEBUG, 4021 SPP_FMT "chap invalid packet length: %d bytes\n", 4022 SPP_ARGS(ifp), len); 4023 return; 4024 } 4025 h = mtod (m, struct lcp_header*); 4026 if (len > ntohs (h->len)) 4027 len = ntohs (h->len); 4028 4029 switch (h->type) { 4030 /* challenge, failure and success are his authproto */ 4031 case CHAP_CHALLENGE: 4032 value = 1 + (u_char*)(h+1); 4033 value_len = value[-1]; 4034 name = value + value_len; 4035 name_len = len - value_len - 5; 4036 if (name_len < 0) { 4037 if (debug) { 4038 log(LOG_DEBUG, 4039 SPP_FMT "chap corrupted challenge " 4040 "<%s id=0x%x len=%d", 4041 SPP_ARGS(ifp), 4042 sppp_auth_type_name(PPP_CHAP, h->type), 4043 h->ident, ntohs(h->len)); 4044 sppp_print_bytes((u_char*) (h+1), len-4); 4045 log(-1, ">\n"); 4046 } 4047 break; 4048 } 4049 4050 if (debug) { 4051 log(LOG_DEBUG, 4052 SPP_FMT "chap input <%s id=0x%x len=%d name=", 4053 SPP_ARGS(ifp), 4054 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 4055 ntohs(h->len)); 4056 sppp_print_string((char*) name, name_len); 4057 log(-1, " value-size=%d value=", value_len); 4058 sppp_print_bytes(value, value_len); 4059 log(-1, ">\n"); 4060 } 4061 4062 /* Compute reply value. */ 4063 MD5Init(&ctx); 4064 MD5Update(&ctx, &h->ident, 1); 4065 MD5Update(&ctx, sp->myauth.secret, 4066 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 4067 MD5Update(&ctx, value, value_len); 4068 MD5Final(digest, &ctx); 4069 dsize = sizeof digest; 4070 4071 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 4072 sizeof dsize, (const char *)&dsize, 4073 sizeof digest, digest, 4074 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4075 sp->myauth.name, 4076 0); 4077 break; 4078 4079 case CHAP_SUCCESS: 4080 if (debug) { 4081 log(LOG_DEBUG, SPP_FMT "chap success", 4082 SPP_ARGS(ifp)); 4083 if (len > 4) { 4084 log(-1, ": "); 4085 sppp_print_string((char*)(h + 1), len - 4); 4086 } 4087 log(-1, "\n"); 4088 } 4089 x = splimp(); 4090 SPPP_LOCK(sp); 4091 sp->pp_flags &= ~PP_NEEDAUTH; 4092 if (sp->myauth.proto == PPP_CHAP && 4093 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4094 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 4095 /* 4096 * We are authenticator for CHAP but didn't 4097 * complete yet. Leave it to tlu to proceed 4098 * to network phase. 4099 */ 4100 SPPP_UNLOCK(sp); 4101 splx(x); 4102 break; 4103 } 4104 SPPP_UNLOCK(sp); 4105 splx(x); 4106 sppp_phase_network(sp); 4107 break; 4108 4109 case CHAP_FAILURE: 4110 if (debug) { 4111 log(LOG_INFO, SPP_FMT "chap failure", 4112 SPP_ARGS(ifp)); 4113 if (len > 4) { 4114 log(-1, ": "); 4115 sppp_print_string((char*)(h + 1), len - 4); 4116 } 4117 log(-1, "\n"); 4118 } else 4119 log(LOG_INFO, SPP_FMT "chap failure\n", 4120 SPP_ARGS(ifp)); 4121 /* await LCP shutdown by authenticator */ 4122 break; 4123 4124 /* response is my authproto */ 4125 case CHAP_RESPONSE: 4126 value = 1 + (u_char*)(h+1); 4127 value_len = value[-1]; 4128 name = value + value_len; 4129 name_len = len - value_len - 5; 4130 if (name_len < 0) { 4131 if (debug) { 4132 log(LOG_DEBUG, 4133 SPP_FMT "chap corrupted response " 4134 "<%s id=0x%x len=%d", 4135 SPP_ARGS(ifp), 4136 sppp_auth_type_name(PPP_CHAP, h->type), 4137 h->ident, ntohs(h->len)); 4138 sppp_print_bytes((u_char*)(h+1), len-4); 4139 log(-1, ">\n"); 4140 } 4141 break; 4142 } 4143 if (h->ident != sp->confid[IDX_CHAP]) { 4144 if (debug) 4145 log(LOG_DEBUG, 4146 SPP_FMT "chap dropping response for old ID " 4147 "(got %d, expected %d)\n", 4148 SPP_ARGS(ifp), 4149 h->ident, sp->confid[IDX_CHAP]); 4150 break; 4151 } 4152 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 4153 || bcmp(name, sp->hisauth.name, name_len) != 0) { 4154 log(LOG_INFO, SPP_FMT "chap response, his name ", 4155 SPP_ARGS(ifp)); 4156 sppp_print_string(name, name_len); 4157 log(-1, " != expected "); 4158 sppp_print_string(sp->hisauth.name, 4159 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 4160 log(-1, "\n"); 4161 } 4162 if (debug) { 4163 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 4164 "<%s id=0x%x len=%d name=", 4165 SPP_ARGS(ifp), 4166 sppp_state_name(sp->state[IDX_CHAP]), 4167 sppp_auth_type_name(PPP_CHAP, h->type), 4168 h->ident, ntohs (h->len)); 4169 sppp_print_string((char*)name, name_len); 4170 log(-1, " value-size=%d value=", value_len); 4171 sppp_print_bytes(value, value_len); 4172 log(-1, ">\n"); 4173 } 4174 if (value_len != AUTHKEYLEN) { 4175 if (debug) 4176 log(LOG_DEBUG, 4177 SPP_FMT "chap bad hash value length: " 4178 "%d bytes, should be %d\n", 4179 SPP_ARGS(ifp), value_len, 4180 AUTHKEYLEN); 4181 break; 4182 } 4183 4184 MD5Init(&ctx); 4185 MD5Update(&ctx, &h->ident, 1); 4186 MD5Update(&ctx, sp->hisauth.secret, 4187 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 4188 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 4189 MD5Final(digest, &ctx); 4190 4191#define FAILMSG "Failed..." 4192#define SUCCMSG "Welcome!" 4193 4194 if (value_len != sizeof digest || 4195 bcmp(digest, value, value_len) != 0) { 4196 /* action scn, tld */ 4197 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4198 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4199 0); 4200 chap.tld(sp); 4201 break; 4202 } 4203 /* action sca, perhaps tlu */ 4204 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4205 sp->state[IDX_CHAP] == STATE_OPENED) 4206 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4207 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4208 0); 4209 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4210 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4211 chap.tlu(sp); 4212 } 4213 break; 4214 4215 default: 4216 /* Unknown CHAP packet type -- ignore. */ 4217 if (debug) { 4218 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4219 "<0x%x id=0x%xh len=%d", 4220 SPP_ARGS(ifp), 4221 sppp_state_name(sp->state[IDX_CHAP]), 4222 h->type, h->ident, ntohs(h->len)); 4223 sppp_print_bytes((u_char*)(h+1), len-4); 4224 log(-1, ">\n"); 4225 } 4226 break; 4227 4228 } 4229} 4230 4231static void 4232sppp_chap_init(struct sppp *sp) 4233{ 4234 /* Chap doesn't have STATE_INITIAL at all. */ 4235 sp->state[IDX_CHAP] = STATE_CLOSED; 4236 sp->fail_counter[IDX_CHAP] = 0; 4237 sp->pp_seq[IDX_CHAP] = 0; 4238 sp->pp_rseq[IDX_CHAP] = 0; 4239 callout_init(&sp->ch[IDX_CHAP], 4240 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 4241} 4242 4243static void 4244sppp_chap_open(struct sppp *sp) 4245{ 4246 if (sp->myauth.proto == PPP_CHAP && 4247 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4248 /* we are authenticator for CHAP, start it */ 4249 chap.scr(sp); 4250 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4251 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4252 } 4253 /* nothing to be done if we are peer, await a challenge */ 4254} 4255 4256static void 4257sppp_chap_close(struct sppp *sp) 4258{ 4259 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4260 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4261} 4262 4263static void 4264sppp_chap_TO(void *cookie) 4265{ 4266 struct sppp *sp = (struct sppp *)cookie; 4267 STDDCL; 4268 int s; 4269 4270 s = splimp(); 4271 SPPP_LOCK(sp); 4272 if (debug) 4273 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4274 SPP_ARGS(ifp), 4275 sppp_state_name(sp->state[IDX_CHAP]), 4276 sp->rst_counter[IDX_CHAP]); 4277 4278 if (--sp->rst_counter[IDX_CHAP] < 0) 4279 /* TO- event */ 4280 switch (sp->state[IDX_CHAP]) { 4281 case STATE_REQ_SENT: 4282 chap.tld(sp); 4283 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4284 break; 4285 } 4286 else 4287 /* TO+ (or TO*) event */ 4288 switch (sp->state[IDX_CHAP]) { 4289 case STATE_OPENED: 4290 /* TO* event */ 4291 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4292 /* FALLTHROUGH */ 4293 case STATE_REQ_SENT: 4294 chap.scr(sp); 4295 /* sppp_cp_change_state() will restart the timer */ 4296 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4297 break; 4298 } 4299 4300 SPPP_UNLOCK(sp); 4301 splx(s); 4302} 4303 4304static void 4305sppp_chap_tlu(struct sppp *sp) 4306{ 4307 STDDCL; 4308 int i, x; 4309 4310 i = 0; 4311 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4312 4313 /* 4314 * Some broken CHAP implementations (Conware CoNet, firmware 4315 * 4.0.?) don't want to re-authenticate their CHAP once the 4316 * initial challenge-response exchange has taken place. 4317 * Provide for an option to avoid rechallenges. 4318 */ 4319 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4320 /* 4321 * Compute the re-challenge timeout. This will yield 4322 * a number between 300 and 810 seconds. 4323 */ 4324 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4325 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, (void *)sp); 4326 } 4327 4328 if (debug) { 4329 log(LOG_DEBUG, 4330 SPP_FMT "chap %s, ", 4331 SPP_ARGS(ifp), 4332 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4333 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4334 log(-1, "next re-challenge in %d seconds\n", i); 4335 else 4336 log(-1, "re-challenging supressed\n"); 4337 } 4338 4339 x = splimp(); 4340 SPPP_LOCK(sp); 4341 /* indicate to LCP that we need to be closed down */ 4342 sp->lcp.protos |= (1 << IDX_CHAP); 4343 4344 if (sp->pp_flags & PP_NEEDAUTH) { 4345 /* 4346 * Remote is authenticator, but his auth proto didn't 4347 * complete yet. Defer the transition to network 4348 * phase. 4349 */ 4350 SPPP_UNLOCK(sp); 4351 splx(x); 4352 return; 4353 } 4354 SPPP_UNLOCK(sp); 4355 splx(x); 4356 4357 /* 4358 * If we are already in phase network, we are done here. This 4359 * is the case if this is a dummy tlu event after a re-challenge. 4360 */ 4361 if (sp->pp_phase != PHASE_NETWORK) 4362 sppp_phase_network(sp); 4363} 4364 4365static void 4366sppp_chap_tld(struct sppp *sp) 4367{ 4368 STDDCL; 4369 4370 if (debug) 4371 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4372 callout_stop(&sp->ch[IDX_CHAP]); 4373 sp->lcp.protos &= ~(1 << IDX_CHAP); 4374 4375 lcp.Close(sp); 4376} 4377 4378static void 4379sppp_chap_scr(struct sppp *sp) 4380{ 4381 u_long *ch, seed; 4382 u_char clen; 4383 4384 /* Compute random challenge. */ 4385 ch = (u_long *)sp->myauth.challenge; 4386#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4387 read_random(&seed, sizeof seed); 4388#else 4389 { 4390 struct timeval tv; 4391 microtime(&tv); 4392 seed = tv.tv_sec ^ tv.tv_usec; 4393 } 4394#endif 4395 ch[0] = seed ^ random(); 4396 ch[1] = seed ^ random(); 4397 ch[2] = seed ^ random(); 4398 ch[3] = seed ^ random(); 4399 clen = AUTHKEYLEN; 4400 4401 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4402 4403 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4404 sizeof clen, (const char *)&clen, 4405 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4406 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4407 sp->myauth.name, 4408 0); 4409} 4410 4411/* 4412 *--------------------------------------------------------------------------* 4413 * * 4414 * The PAP implementation. * 4415 * * 4416 *--------------------------------------------------------------------------* 4417 */ 4418/* 4419 * For PAP, we need to keep a little state also if we are the peer, not the 4420 * authenticator. This is since we don't get a request to authenticate, but 4421 * have to repeatedly authenticate ourself until we got a response (or the 4422 * retry counter is expired). 4423 */ 4424 4425/* 4426 * Handle incoming PAP packets. */ 4427static void 4428sppp_pap_input(struct sppp *sp, struct mbuf *m) 4429{ 4430 STDDCL; 4431 struct lcp_header *h; 4432 int len, x; 4433 u_char *name, *passwd, mlen; 4434 int name_len, passwd_len; 4435 4436 len = m->m_pkthdr.len; 4437 if (len < 5) { 4438 if (debug) 4439 log(LOG_DEBUG, 4440 SPP_FMT "pap invalid packet length: %d bytes\n", 4441 SPP_ARGS(ifp), len); 4442 return; 4443 } 4444 h = mtod (m, struct lcp_header*); 4445 if (len > ntohs (h->len)) 4446 len = ntohs (h->len); 4447 switch (h->type) { 4448 /* PAP request is my authproto */ 4449 case PAP_REQ: 4450 name = 1 + (u_char*)(h+1); 4451 name_len = name[-1]; 4452 passwd = name + name_len + 1; 4453 if (name_len > len - 6 || 4454 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4455 if (debug) { 4456 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4457 "<%s id=0x%x len=%d", 4458 SPP_ARGS(ifp), 4459 sppp_auth_type_name(PPP_PAP, h->type), 4460 h->ident, ntohs(h->len)); 4461 sppp_print_bytes((u_char*)(h+1), len-4); 4462 log(-1, ">\n"); 4463 } 4464 break; 4465 } 4466 if (debug) { 4467 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4468 "<%s id=0x%x len=%d name=", 4469 SPP_ARGS(ifp), 4470 sppp_state_name(sp->state[IDX_PAP]), 4471 sppp_auth_type_name(PPP_PAP, h->type), 4472 h->ident, ntohs(h->len)); 4473 sppp_print_string((char*)name, name_len); 4474 log(-1, " passwd="); 4475 sppp_print_string((char*)passwd, passwd_len); 4476 log(-1, ">\n"); 4477 } 4478 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4479 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4480 bcmp(name, sp->hisauth.name, name_len) != 0 || 4481 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4482 /* action scn, tld */ 4483 mlen = sizeof(FAILMSG) - 1; 4484 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4485 sizeof mlen, (const char *)&mlen, 4486 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4487 0); 4488 pap.tld(sp); 4489 break; 4490 } 4491 /* action sca, perhaps tlu */ 4492 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4493 sp->state[IDX_PAP] == STATE_OPENED) { 4494 mlen = sizeof(SUCCMSG) - 1; 4495 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4496 sizeof mlen, (const char *)&mlen, 4497 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4498 0); 4499 } 4500 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4501 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4502 pap.tlu(sp); 4503 } 4504 break; 4505 4506 /* ack and nak are his authproto */ 4507 case PAP_ACK: 4508 callout_stop(&sp->pap_my_to_ch); 4509 if (debug) { 4510 log(LOG_DEBUG, SPP_FMT "pap success", 4511 SPP_ARGS(ifp)); 4512 name_len = *((char *)h); 4513 if (len > 5 && name_len) { 4514 log(-1, ": "); 4515 sppp_print_string((char*)(h+1), name_len); 4516 } 4517 log(-1, "\n"); 4518 } 4519 x = splimp(); 4520 SPPP_LOCK(sp); 4521 sp->pp_flags &= ~PP_NEEDAUTH; 4522 if (sp->myauth.proto == PPP_PAP && 4523 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4524 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4525 /* 4526 * We are authenticator for PAP but didn't 4527 * complete yet. Leave it to tlu to proceed 4528 * to network phase. 4529 */ 4530 SPPP_UNLOCK(sp); 4531 splx(x); 4532 break; 4533 } 4534 SPPP_UNLOCK(sp); 4535 splx(x); 4536 sppp_phase_network(sp); 4537 break; 4538 4539 case PAP_NAK: 4540 callout_stop (&sp->pap_my_to_ch); 4541 if (debug) { 4542 log(LOG_INFO, SPP_FMT "pap failure", 4543 SPP_ARGS(ifp)); 4544 name_len = *((char *)h); 4545 if (len > 5 && name_len) { 4546 log(-1, ": "); 4547 sppp_print_string((char*)(h+1), name_len); 4548 } 4549 log(-1, "\n"); 4550 } else 4551 log(LOG_INFO, SPP_FMT "pap failure\n", 4552 SPP_ARGS(ifp)); 4553 /* await LCP shutdown by authenticator */ 4554 break; 4555 4556 default: 4557 /* Unknown PAP packet type -- ignore. */ 4558 if (debug) { 4559 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4560 "<0x%x id=0x%x len=%d", 4561 SPP_ARGS(ifp), 4562 h->type, h->ident, ntohs(h->len)); 4563 sppp_print_bytes((u_char*)(h+1), len-4); 4564 log(-1, ">\n"); 4565 } 4566 break; 4567 4568 } 4569} 4570 4571static void 4572sppp_pap_init(struct sppp *sp) 4573{ 4574 /* PAP doesn't have STATE_INITIAL at all. */ 4575 sp->state[IDX_PAP] = STATE_CLOSED; 4576 sp->fail_counter[IDX_PAP] = 0; 4577 sp->pp_seq[IDX_PAP] = 0; 4578 sp->pp_rseq[IDX_PAP] = 0; 4579 callout_init(&sp->ch[IDX_PAP], 4580 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 4581 callout_init(&sp->pap_my_to_ch, 4582 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 4583} 4584 4585static void 4586sppp_pap_open(struct sppp *sp) 4587{ 4588 if (sp->hisauth.proto == PPP_PAP && 4589 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4590 /* we are authenticator for PAP, start our timer */ 4591 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4592 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4593 } 4594 if (sp->myauth.proto == PPP_PAP) { 4595 /* we are peer, send a request, and start a timer */ 4596 pap.scr(sp); 4597 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 4598 sppp_pap_my_TO, (void *)sp); 4599 } 4600} 4601 4602static void 4603sppp_pap_close(struct sppp *sp) 4604{ 4605 if (sp->state[IDX_PAP] != STATE_CLOSED) 4606 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4607} 4608 4609/* 4610 * That's the timeout routine if we are authenticator. Since the 4611 * authenticator is basically passive in PAP, we can't do much here. 4612 */ 4613static void 4614sppp_pap_TO(void *cookie) 4615{ 4616 struct sppp *sp = (struct sppp *)cookie; 4617 STDDCL; 4618 int s; 4619 4620 s = splimp(); 4621 SPPP_LOCK(sp); 4622 if (debug) 4623 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4624 SPP_ARGS(ifp), 4625 sppp_state_name(sp->state[IDX_PAP]), 4626 sp->rst_counter[IDX_PAP]); 4627 4628 if (--sp->rst_counter[IDX_PAP] < 0) 4629 /* TO- event */ 4630 switch (sp->state[IDX_PAP]) { 4631 case STATE_REQ_SENT: 4632 pap.tld(sp); 4633 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4634 break; 4635 } 4636 else 4637 /* TO+ event, not very much we could do */ 4638 switch (sp->state[IDX_PAP]) { 4639 case STATE_REQ_SENT: 4640 /* sppp_cp_change_state() will restart the timer */ 4641 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4642 break; 4643 } 4644 4645 SPPP_UNLOCK(sp); 4646 splx(s); 4647} 4648 4649/* 4650 * That's the timeout handler if we are peer. Since the peer is active, 4651 * we need to retransmit our PAP request since it is apparently lost. 4652 * XXX We should impose a max counter. 4653 */ 4654static void 4655sppp_pap_my_TO(void *cookie) 4656{ 4657 struct sppp *sp = (struct sppp *)cookie; 4658 STDDCL; 4659 4660 if (debug) 4661 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4662 SPP_ARGS(ifp)); 4663 4664 SPPP_LOCK(sp); 4665 pap.scr(sp); 4666 SPPP_UNLOCK(sp); 4667} 4668 4669static void 4670sppp_pap_tlu(struct sppp *sp) 4671{ 4672 STDDCL; 4673 int x; 4674 4675 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4676 4677 if (debug) 4678 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4679 SPP_ARGS(ifp), pap.name); 4680 4681 x = splimp(); 4682 SPPP_LOCK(sp); 4683 /* indicate to LCP that we need to be closed down */ 4684 sp->lcp.protos |= (1 << IDX_PAP); 4685 4686 if (sp->pp_flags & PP_NEEDAUTH) { 4687 /* 4688 * Remote is authenticator, but his auth proto didn't 4689 * complete yet. Defer the transition to network 4690 * phase. 4691 */ 4692 SPPP_UNLOCK(sp); 4693 splx(x); 4694 return; 4695 } 4696 SPPP_UNLOCK(sp); 4697 splx(x); 4698 sppp_phase_network(sp); 4699} 4700 4701static void 4702sppp_pap_tld(struct sppp *sp) 4703{ 4704 STDDCL; 4705 4706 if (debug) 4707 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4708 callout_stop (&sp->ch[IDX_PAP]); 4709 callout_stop (&sp->pap_my_to_ch); 4710 sp->lcp.protos &= ~(1 << IDX_PAP); 4711 4712 lcp.Close(sp); 4713} 4714 4715static void 4716sppp_pap_scr(struct sppp *sp) 4717{ 4718 u_char idlen, pwdlen; 4719 4720 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4721 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4722 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4723 4724 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4725 sizeof idlen, (const char *)&idlen, 4726 (size_t)idlen, sp->myauth.name, 4727 sizeof pwdlen, (const char *)&pwdlen, 4728 (size_t)pwdlen, sp->myauth.secret, 4729 0); 4730} 4731 4732/* 4733 * Random miscellaneous functions. 4734 */ 4735 4736/* 4737 * Send a PAP or CHAP proto packet. 4738 * 4739 * Varadic function, each of the elements for the ellipsis is of type 4740 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4741 * mlen == 0. 4742 * NOTE: never declare variadic functions with types subject to type 4743 * promotion (i.e. u_char). This is asking for big trouble depending 4744 * on the architecture you are on... 4745 */ 4746 4747static void 4748sppp_auth_send(const struct cp *cp, struct sppp *sp, 4749 unsigned int type, unsigned int id, 4750 ...) 4751{ 4752 STDDCL; 4753 struct ppp_header *h; 4754 struct lcp_header *lh; 4755 struct mbuf *m; 4756 u_char *p; 4757 int len; 4758 unsigned int mlen; 4759 const char *msg; 4760 va_list ap; 4761 4762 MGETHDR (m, M_DONTWAIT, MT_DATA); 4763 if (! m) 4764 return; 4765 m->m_pkthdr.rcvif = 0; 4766 4767 h = mtod (m, struct ppp_header*); 4768 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4769 h->control = PPP_UI; /* Unnumbered Info */ 4770 h->protocol = htons(cp->proto); 4771 4772 lh = (struct lcp_header*)(h + 1); 4773 lh->type = type; 4774 lh->ident = id; 4775 p = (u_char*) (lh+1); 4776 4777 va_start(ap, id); 4778 len = 0; 4779 4780 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4781 msg = va_arg(ap, const char *); 4782 len += mlen; 4783 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4784 va_end(ap); 4785 m_freem(m); 4786 return; 4787 } 4788 4789 bcopy(msg, p, mlen); 4790 p += mlen; 4791 } 4792 va_end(ap); 4793 4794 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4795 lh->len = htons (LCP_HEADER_LEN + len); 4796 4797 if (debug) { 4798 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4799 SPP_ARGS(ifp), cp->name, 4800 sppp_auth_type_name(cp->proto, lh->type), 4801 lh->ident, ntohs(lh->len)); 4802 sppp_print_bytes((u_char*) (lh+1), len); 4803 log(-1, ">\n"); 4804 } 4805 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 4806 ifp->if_oerrors++; 4807} 4808 4809/* 4810 * Flush interface queue. 4811 */ 4812static void 4813sppp_qflush(struct ifqueue *ifq) 4814{ 4815 struct mbuf *m, *n; 4816 4817 n = ifq->ifq_head; 4818 while ((m = n)) { 4819 n = m->m_act; 4820 m_freem (m); 4821 } 4822 ifq->ifq_head = 0; 4823 ifq->ifq_tail = 0; 4824 ifq->ifq_len = 0; 4825} 4826 4827/* 4828 * Send keepalive packets, every 10 seconds. 4829 */ 4830static void 4831sppp_keepalive(void *dummy) 4832{ 4833 struct sppp *sp = (struct sppp*)dummy; 4834 struct ifnet *ifp = SP2IFP(sp); 4835 int s; 4836 4837 s = splimp(); 4838 SPPP_LOCK(sp); 4839 /* Keepalive mode disabled or channel down? */ 4840 if (! (sp->pp_flags & PP_KEEPALIVE) || 4841 ! (ifp->if_drv_flags & IFF_DRV_RUNNING)) 4842 goto out; 4843 4844 if (sp->pp_mode == PP_FR) { 4845 sppp_fr_keepalive (sp); 4846 goto out; 4847 } 4848 4849 /* No keepalive in PPP mode if LCP not opened yet. */ 4850 if (sp->pp_mode != IFF_CISCO && 4851 sp->pp_phase < PHASE_AUTHENTICATE) 4852 goto out; 4853 4854 if (sp->pp_alivecnt == MAXALIVECNT) { 4855 /* No keepalive packets got. Stop the interface. */ 4856 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4857 if_down (ifp); 4858 sppp_qflush (&sp->pp_cpq); 4859 if (sp->pp_mode != IFF_CISCO) { 4860 /* XXX */ 4861 /* Shut down the PPP link. */ 4862 lcp.Down(sp); 4863 /* Initiate negotiation. XXX */ 4864 lcp.Up(sp); 4865 } 4866 } 4867 if (sp->pp_alivecnt <= MAXALIVECNT) 4868 ++sp->pp_alivecnt; 4869 if (sp->pp_mode == IFF_CISCO) 4870 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4871 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4872 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4873 long nmagic = htonl (sp->lcp.magic); 4874 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4875 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4876 sp->lcp.echoid, 4, &nmagic); 4877 } 4878out: 4879 SPPP_UNLOCK(sp); 4880 splx(s); 4881 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 4882 (void *)sp); 4883} 4884 4885/* 4886 * Get both IP addresses. 4887 */ 4888void 4889sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4890{ 4891 struct ifnet *ifp = SP2IFP(sp); 4892 struct ifaddr *ifa; 4893 struct sockaddr_in *si, *sm; 4894 u_long ssrc, ddst; 4895 4896 sm = NULL; 4897 ssrc = ddst = 0L; 4898 /* 4899 * Pick the first AF_INET address from the list, 4900 * aliases don't make any sense on a p2p link anyway. 4901 */ 4902 si = 0; 4903#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4904 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4905#elif defined(__NetBSD__) || defined (__OpenBSD__) 4906 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4907 ifa; 4908 ifa = TAILQ_NEXT(ifa, ifa_list)) 4909#else 4910 for (ifa = ifp->if_addrlist; 4911 ifa; 4912 ifa = ifa->ifa_next) 4913#endif 4914 if (ifa->ifa_addr->sa_family == AF_INET) { 4915 si = (struct sockaddr_in *)ifa->ifa_addr; 4916 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4917 if (si) 4918 break; 4919 } 4920 if (ifa) { 4921 if (si && si->sin_addr.s_addr) { 4922 ssrc = si->sin_addr.s_addr; 4923 if (srcmask) 4924 *srcmask = ntohl(sm->sin_addr.s_addr); 4925 } 4926 4927 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4928 if (si && si->sin_addr.s_addr) 4929 ddst = si->sin_addr.s_addr; 4930 } 4931 4932 if (dst) *dst = ntohl(ddst); 4933 if (src) *src = ntohl(ssrc); 4934} 4935 4936/* 4937 * Set my IP address. Must be called at splimp. 4938 */ 4939static void 4940sppp_set_ip_addr(struct sppp *sp, u_long src) 4941{ 4942 STDDCL; 4943 struct ifaddr *ifa; 4944 struct sockaddr_in *si; 4945 struct in_ifaddr *ia; 4946 4947 /* 4948 * Pick the first AF_INET address from the list, 4949 * aliases don't make any sense on a p2p link anyway. 4950 */ 4951 si = 0; 4952#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4953 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4954#elif defined(__NetBSD__) || defined (__OpenBSD__) 4955 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4956 ifa; 4957 ifa = TAILQ_NEXT(ifa, ifa_list)) 4958#else 4959 for (ifa = ifp->if_addrlist; 4960 ifa; 4961 ifa = ifa->ifa_next) 4962#endif 4963 { 4964 if (ifa->ifa_addr->sa_family == AF_INET) 4965 { 4966 si = (struct sockaddr_in *)ifa->ifa_addr; 4967 if (si) 4968 break; 4969 } 4970 } 4971 4972 if (ifa && si) 4973 { 4974 int error; 4975#if defined(__NetBSD__) && __NetBSD_Version__ >= 103080000 4976 struct sockaddr_in new_sin = *si; 4977 4978 new_sin.sin_addr.s_addr = htonl(src); 4979 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4980 if(debug && error) 4981 { 4982 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4983 " failed, error=%d\n", SPP_ARGS(ifp), error); 4984 } 4985#else 4986 /* delete old route */ 4987 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4988 if(debug && error) 4989 { 4990 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4991 SPP_ARGS(ifp), error); 4992 } 4993 4994 /* set new address */ 4995 si->sin_addr.s_addr = htonl(src); 4996 ia = ifatoia(ifa); 4997 LIST_REMOVE(ia, ia_hash); 4998 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4999 5000 /* add new route */ 5001 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 5002 if (debug && error) 5003 { 5004 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 5005 SPP_ARGS(ifp), error); 5006 } 5007#endif 5008 } 5009} 5010 5011#ifdef INET6 5012/* 5013 * Get both IPv6 addresses. 5014 */ 5015static void 5016sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 5017 struct in6_addr *srcmask) 5018{ 5019 struct ifnet *ifp = SP2IFP(sp); 5020 struct ifaddr *ifa; 5021 struct sockaddr_in6 *si, *sm; 5022 struct in6_addr ssrc, ddst; 5023 5024 sm = NULL; 5025 bzero(&ssrc, sizeof(ssrc)); 5026 bzero(&ddst, sizeof(ddst)); 5027 /* 5028 * Pick the first link-local AF_INET6 address from the list, 5029 * aliases don't make any sense on a p2p link anyway. 5030 */ 5031 si = 0; 5032#if defined(__FreeBSD__) && __FreeBSD__ >= 3 5033 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 5034#elif defined(__NetBSD__) || defined (__OpenBSD__) 5035 for (ifa = ifp->if_addrlist.tqh_first; 5036 ifa; 5037 ifa = ifa->ifa_list.tqe_next) 5038#else 5039 for (ifa = ifp->if_addrlist; 5040 ifa; 5041 ifa = ifa->ifa_next) 5042#endif 5043 if (ifa->ifa_addr->sa_family == AF_INET6) { 5044 si = (struct sockaddr_in6 *)ifa->ifa_addr; 5045 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 5046 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 5047 break; 5048 } 5049 if (ifa) { 5050 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 5051 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 5052 if (srcmask) { 5053 bcopy(&sm->sin6_addr, srcmask, 5054 sizeof(*srcmask)); 5055 } 5056 } 5057 5058 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 5059 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 5060 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 5061 } 5062 5063 if (dst) 5064 bcopy(&ddst, dst, sizeof(*dst)); 5065 if (src) 5066 bcopy(&ssrc, src, sizeof(*src)); 5067} 5068 5069#ifdef IPV6CP_MYIFID_DYN 5070/* 5071 * Generate random ifid. 5072 */ 5073static void 5074sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 5075{ 5076 /* TBD */ 5077} 5078 5079/* 5080 * Set my IPv6 address. Must be called at splimp. 5081 */ 5082static void 5083sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 5084{ 5085 STDDCL; 5086 struct ifaddr *ifa; 5087 struct sockaddr_in6 *sin6; 5088 5089 /* 5090 * Pick the first link-local AF_INET6 address from the list, 5091 * aliases don't make any sense on a p2p link anyway. 5092 */ 5093 5094 sin6 = NULL; 5095#if defined(__FreeBSD__) && __FreeBSD__ >= 3 5096 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 5097#elif defined(__NetBSD__) || defined (__OpenBSD__) 5098 for (ifa = ifp->if_addrlist.tqh_first; 5099 ifa; 5100 ifa = ifa->ifa_list.tqe_next) 5101#else 5102 for (ifa = ifp->if_addrlist; ifa; ifa = ifa->ifa_next) 5103#endif 5104 { 5105 if (ifa->ifa_addr->sa_family == AF_INET6) 5106 { 5107 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 5108 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 5109 break; 5110 } 5111 } 5112 5113 if (ifa && sin6) 5114 { 5115 int error; 5116 struct sockaddr_in6 new_sin6 = *sin6; 5117 5118 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 5119 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 5120 if (debug && error) 5121 { 5122 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 5123 " failed, error=%d\n", SPP_ARGS(ifp), error); 5124 } 5125 } 5126} 5127#endif 5128 5129/* 5130 * Suggest a candidate address to be used by peer. 5131 */ 5132static void 5133sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5134{ 5135 struct in6_addr myaddr; 5136 struct timeval tv; 5137 5138 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5139 5140 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5141 microtime(&tv); 5142 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5143 myaddr.s6_addr[14] ^= 0xff; 5144 myaddr.s6_addr[15] ^= 0xff; 5145 } else { 5146 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5147 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5148 } 5149 if (suggest) 5150 bcopy(&myaddr, suggest, sizeof(myaddr)); 5151} 5152#endif /*INET6*/ 5153 5154static int 5155sppp_params(struct sppp *sp, u_long cmd, void *data) 5156{ 5157 u_long subcmd; 5158 struct ifreq *ifr = (struct ifreq *)data; 5159 struct spppreq *spr; 5160 int rv = 0; 5161 5162 if ((spr = malloc(sizeof(struct spppreq), M_TEMP, M_NOWAIT)) == 0) 5163 return (EAGAIN); 5164 /* 5165 * ifr->ifr_data is supposed to point to a struct spppreq. 5166 * Check the cmd word first before attempting to fetch all the 5167 * data. 5168 */ 5169 if ((subcmd = fuword(ifr->ifr_data)) == -1) { 5170 rv = EFAULT; 5171 goto quit; 5172 } 5173 5174 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(struct spppreq)) != 0) { 5175 rv = EFAULT; 5176 goto quit; 5177 } 5178 5179 switch (subcmd) { 5180 case (u_long)SPPPIOGDEFS: 5181 if (cmd != SIOCGIFGENERIC) { 5182 rv = EINVAL; 5183 break; 5184 } 5185 /* 5186 * We copy over the entire current state, but clean 5187 * out some of the stuff we don't wanna pass up. 5188 * Remember, SIOCGIFGENERIC is unprotected, and can be 5189 * called by any user. No need to ever get PAP or 5190 * CHAP secrets back to userland anyway. 5191 */ 5192 spr->defs.pp_phase = sp->pp_phase; 5193 spr->defs.enable_vj = (sp->confflags & CONF_ENABLE_VJ) != 0; 5194 spr->defs.enable_ipv6 = (sp->confflags & CONF_ENABLE_IPV6) != 0; 5195 spr->defs.lcp = sp->lcp; 5196 spr->defs.ipcp = sp->ipcp; 5197 spr->defs.ipv6cp = sp->ipv6cp; 5198 spr->defs.myauth = sp->myauth; 5199 spr->defs.hisauth = sp->hisauth; 5200 bzero(spr->defs.myauth.secret, AUTHKEYLEN); 5201 bzero(spr->defs.myauth.challenge, AUTHKEYLEN); 5202 bzero(spr->defs.hisauth.secret, AUTHKEYLEN); 5203 bzero(spr->defs.hisauth.challenge, AUTHKEYLEN); 5204 /* 5205 * Fixup the LCP timeout value to milliseconds so 5206 * spppcontrol doesn't need to bother about the value 5207 * of "hz". We do the reverse calculation below when 5208 * setting it. 5209 */ 5210 spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz; 5211 rv = copyout(spr, (caddr_t)ifr->ifr_data, 5212 sizeof(struct spppreq)); 5213 break; 5214 5215 case (u_long)SPPPIOSDEFS: 5216 if (cmd != SIOCSIFGENERIC) { 5217 rv = EINVAL; 5218 break; 5219 } 5220 /* 5221 * We have a very specific idea of which fields we 5222 * allow being passed back from userland, so to not 5223 * clobber our current state. For one, we only allow 5224 * setting anything if LCP is in dead or establish 5225 * phase. Once the authentication negotiations 5226 * started, the authentication settings must not be 5227 * changed again. (The administrator can force an 5228 * ifconfig down in order to get LCP back into dead 5229 * phase.) 5230 * 5231 * Also, we only allow for authentication parameters to be 5232 * specified. 5233 * 5234 * XXX Should allow to set or clear pp_flags. 5235 * 5236 * Finally, if the respective authentication protocol to 5237 * be used is set differently than 0, but the secret is 5238 * passed as all zeros, we don't trash the existing secret. 5239 * This allows an administrator to change the system name 5240 * only without clobbering the secret (which he didn't get 5241 * back in a previous SPPPIOGDEFS call). However, the 5242 * secrets are cleared if the authentication protocol is 5243 * reset to 0. */ 5244 if (sp->pp_phase != PHASE_DEAD && 5245 sp->pp_phase != PHASE_ESTABLISH) { 5246 rv = EBUSY; 5247 break; 5248 } 5249 5250 if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP && 5251 spr->defs.myauth.proto != PPP_CHAP) || 5252 (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP && 5253 spr->defs.hisauth.proto != PPP_CHAP)) { 5254 rv = EINVAL; 5255 break; 5256 } 5257 5258 if (spr->defs.myauth.proto == 0) 5259 /* resetting myauth */ 5260 bzero(&sp->myauth, sizeof sp->myauth); 5261 else { 5262 /* setting/changing myauth */ 5263 sp->myauth.proto = spr->defs.myauth.proto; 5264 bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 5265 if (spr->defs.myauth.secret[0] != '\0') 5266 bcopy(spr->defs.myauth.secret, sp->myauth.secret, 5267 AUTHKEYLEN); 5268 } 5269 if (spr->defs.hisauth.proto == 0) 5270 /* resetting hisauth */ 5271 bzero(&sp->hisauth, sizeof sp->hisauth); 5272 else { 5273 /* setting/changing hisauth */ 5274 sp->hisauth.proto = spr->defs.hisauth.proto; 5275 sp->hisauth.flags = spr->defs.hisauth.flags; 5276 bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5277 if (spr->defs.hisauth.secret[0] != '\0') 5278 bcopy(spr->defs.hisauth.secret, sp->hisauth.secret, 5279 AUTHKEYLEN); 5280 } 5281 /* set LCP restart timer timeout */ 5282 if (spr->defs.lcp.timeout != 0) 5283 sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000; 5284 /* set VJ enable and IPv6 disable flags */ 5285#ifdef INET 5286 if (spr->defs.enable_vj) 5287 sp->confflags |= CONF_ENABLE_VJ; 5288 else 5289 sp->confflags &= ~CONF_ENABLE_VJ; 5290#endif 5291#ifdef INET6 5292 if (spr->defs.enable_ipv6) 5293 sp->confflags |= CONF_ENABLE_IPV6; 5294 else 5295 sp->confflags &= ~CONF_ENABLE_IPV6; 5296#endif 5297 break; 5298 5299 default: 5300 rv = EINVAL; 5301 } 5302 5303 quit: 5304 free(spr, M_TEMP); 5305 5306 return (rv); 5307} 5308 5309static void 5310sppp_phase_network(struct sppp *sp) 5311{ 5312 STDDCL; 5313 int i; 5314 u_long mask; 5315 5316 sp->pp_phase = PHASE_NETWORK; 5317 5318 if (debug) 5319 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5320 sppp_phase_name(sp->pp_phase)); 5321 5322 /* Notify NCPs now. */ 5323 for (i = 0; i < IDX_COUNT; i++) 5324 if ((cps[i])->flags & CP_NCP) 5325 (cps[i])->Open(sp); 5326 5327 /* Send Up events to all NCPs. */ 5328 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5329 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5330 (cps[i])->Up(sp); 5331 5332 /* if no NCP is starting, all this was in vain, close down */ 5333 sppp_lcp_check_and_close(sp); 5334} 5335 5336 5337static const char * 5338sppp_cp_type_name(u_char type) 5339{ 5340 static char buf[12]; 5341 switch (type) { 5342 case CONF_REQ: return "conf-req"; 5343 case CONF_ACK: return "conf-ack"; 5344 case CONF_NAK: return "conf-nak"; 5345 case CONF_REJ: return "conf-rej"; 5346 case TERM_REQ: return "term-req"; 5347 case TERM_ACK: return "term-ack"; 5348 case CODE_REJ: return "code-rej"; 5349 case PROTO_REJ: return "proto-rej"; 5350 case ECHO_REQ: return "echo-req"; 5351 case ECHO_REPLY: return "echo-reply"; 5352 case DISC_REQ: return "discard-req"; 5353 } 5354 snprintf (buf, sizeof(buf), "cp/0x%x", type); 5355 return buf; 5356} 5357 5358static const char * 5359sppp_auth_type_name(u_short proto, u_char type) 5360{ 5361 static char buf[12]; 5362 switch (proto) { 5363 case PPP_CHAP: 5364 switch (type) { 5365 case CHAP_CHALLENGE: return "challenge"; 5366 case CHAP_RESPONSE: return "response"; 5367 case CHAP_SUCCESS: return "success"; 5368 case CHAP_FAILURE: return "failure"; 5369 } 5370 case PPP_PAP: 5371 switch (type) { 5372 case PAP_REQ: return "req"; 5373 case PAP_ACK: return "ack"; 5374 case PAP_NAK: return "nak"; 5375 } 5376 } 5377 snprintf (buf, sizeof(buf), "auth/0x%x", type); 5378 return buf; 5379} 5380 5381static const char * 5382sppp_lcp_opt_name(u_char opt) 5383{ 5384 static char buf[12]; 5385 switch (opt) { 5386 case LCP_OPT_MRU: return "mru"; 5387 case LCP_OPT_ASYNC_MAP: return "async-map"; 5388 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5389 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5390 case LCP_OPT_MAGIC: return "magic"; 5391 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5392 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5393 } 5394 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 5395 return buf; 5396} 5397 5398static const char * 5399sppp_ipcp_opt_name(u_char opt) 5400{ 5401 static char buf[12]; 5402 switch (opt) { 5403 case IPCP_OPT_ADDRESSES: return "addresses"; 5404 case IPCP_OPT_COMPRESSION: return "compression"; 5405 case IPCP_OPT_ADDRESS: return "address"; 5406 } 5407 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 5408 return buf; 5409} 5410 5411#ifdef INET6 5412static const char * 5413sppp_ipv6cp_opt_name(u_char opt) 5414{ 5415 static char buf[12]; 5416 switch (opt) { 5417 case IPV6CP_OPT_IFID: return "ifid"; 5418 case IPV6CP_OPT_COMPRESSION: return "compression"; 5419 } 5420 sprintf (buf, "0x%x", opt); 5421 return buf; 5422} 5423#endif 5424 5425static const char * 5426sppp_state_name(int state) 5427{ 5428 switch (state) { 5429 case STATE_INITIAL: return "initial"; 5430 case STATE_STARTING: return "starting"; 5431 case STATE_CLOSED: return "closed"; 5432 case STATE_STOPPED: return "stopped"; 5433 case STATE_CLOSING: return "closing"; 5434 case STATE_STOPPING: return "stopping"; 5435 case STATE_REQ_SENT: return "req-sent"; 5436 case STATE_ACK_RCVD: return "ack-rcvd"; 5437 case STATE_ACK_SENT: return "ack-sent"; 5438 case STATE_OPENED: return "opened"; 5439 } 5440 return "illegal"; 5441} 5442 5443static const char * 5444sppp_phase_name(enum ppp_phase phase) 5445{ 5446 switch (phase) { 5447 case PHASE_DEAD: return "dead"; 5448 case PHASE_ESTABLISH: return "establish"; 5449 case PHASE_TERMINATE: return "terminate"; 5450 case PHASE_AUTHENTICATE: return "authenticate"; 5451 case PHASE_NETWORK: return "network"; 5452 } 5453 return "illegal"; 5454} 5455 5456static const char * 5457sppp_proto_name(u_short proto) 5458{ 5459 static char buf[12]; 5460 switch (proto) { 5461 case PPP_LCP: return "lcp"; 5462 case PPP_IPCP: return "ipcp"; 5463 case PPP_PAP: return "pap"; 5464 case PPP_CHAP: return "chap"; 5465 case PPP_IPV6CP: return "ipv6cp"; 5466 } 5467 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5468 return buf; 5469} 5470 5471static void 5472sppp_print_bytes(const u_char *p, u_short len) 5473{ 5474 if (len) 5475 log(-1, " %*D", len, p, "-"); 5476} 5477 5478static void 5479sppp_print_string(const char *p, u_short len) 5480{ 5481 u_char c; 5482 5483 while (len-- > 0) { 5484 c = *p++; 5485 /* 5486 * Print only ASCII chars directly. RFC 1994 recommends 5487 * using only them, but we don't rely on it. */ 5488 if (c < ' ' || c > '~') 5489 log(-1, "\\x%x", c); 5490 else 5491 log(-1, "%c", c); 5492 } 5493} 5494 5495static const char * 5496sppp_dotted_quad(u_long addr) 5497{ 5498 static char s[16]; 5499 sprintf(s, "%d.%d.%d.%d", 5500 (int)((addr >> 24) & 0xff), 5501 (int)((addr >> 16) & 0xff), 5502 (int)((addr >> 8) & 0xff), 5503 (int)(addr & 0xff)); 5504 return s; 5505} 5506 5507static int 5508sppp_strnlen(u_char *p, int max) 5509{ 5510 int len; 5511 5512 for (len = 0; len < max && *p; ++p) 5513 ++len; 5514 return len; 5515} 5516 5517/* a dummy, used to drop uninteresting events */ 5518static void 5519sppp_null(struct sppp *unused) 5520{ 5521 /* do just nothing */ 5522} 5523