if_spppsubr.c revision 183550
1214152Sed/* 2214152Sed * Synchronous PPP/Cisco/Frame Relay link level subroutines. 3214152Sed * Keepalive protocol implemented in both Cisco and PPP modes. 4214152Sed */ 5222656Sed/*- 6222656Sed * Copyright (C) 1994-2000 Cronyx Engineering. 7214152Sed * Author: Serge Vakulenko, <vak@cronyx.ru> 8214152Sed * 9214152Sed * Heavily revamped to conform to RFC 1661. 10214152Sed * Copyright (C) 1997, 2001 Joerg Wunsch. 11214152Sed * 12214152Sed * This software is distributed with NO WARRANTIES, not even the implied 13214152Sed * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 14214152Sed * 15214152Sed * Authors grant any other persons or organisations permission to use 16214152Sed * or modify this software as long as this message is kept with the software, 17214152Sed * all derivative works or modified versions. 18214152Sed * 19222656Sed * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 20222656Sed * 21239138Sandrew * $FreeBSD: head/sys/net/if_spppsubr.c 183550 2008-10-02 15:37:58Z zec $ 22222656Sed */ 23214152Sed 24214152Sed#include <sys/param.h> 25214152Sed 26214152Sed#include "opt_inet.h" 27214152Sed#include "opt_inet6.h" 28214152Sed#include "opt_ipx.h" 29214152Sed 30214152Sed#include <sys/systm.h> 31214152Sed#include <sys/kernel.h> 32214152Sed#include <sys/module.h> 33214152Sed#include <sys/sockio.h> 34214152Sed#include <sys/socket.h> 35214152Sed#include <sys/syslog.h> 36214152Sed#include <sys/random.h> 37214152Sed#include <sys/malloc.h> 38214152Sed#include <sys/mbuf.h> 39214152Sed#include <sys/vimage.h> 40214152Sed 41214152Sed#include <sys/md5.h> 42214152Sed 43214152Sed#include <net/if.h> 44214152Sed#include <net/netisr.h> 45214152Sed#include <net/if_types.h> 46214152Sed#include <net/route.h> 47214152Sed#include <netinet/in.h> 48214152Sed#include <netinet/in_systm.h> 49214152Sed#include <netinet/ip.h> 50#include <net/slcompress.h> 51 52#include <machine/stdarg.h> 53 54#include <netinet/in_var.h> 55 56#ifdef INET 57#include <netinet/ip.h> 58#include <netinet/tcp.h> 59#endif 60 61#ifdef INET6 62#include <netinet6/scope6_var.h> 63#endif 64 65#include <netinet/if_ether.h> 66 67#ifdef IPX 68#include <netipx/ipx.h> 69#include <netipx/ipx_if.h> 70#endif 71 72#include <net/if_sppp.h> 73 74#define IOCTL_CMD_T u_long 75#define MAXALIVECNT 3 /* max. alive packets */ 76 77/* 78 * Interface flags that can be set in an ifconfig command. 79 * 80 * Setting link0 will make the link passive, i.e. it will be marked 81 * as being administrative openable, but won't be opened to begin 82 * with. Incoming calls will be answered, or subsequent calls with 83 * -link1 will cause the administrative open of the LCP layer. 84 * 85 * Setting link1 will cause the link to auto-dial only as packets 86 * arrive to be sent. 87 * 88 * Setting IFF_DEBUG will syslog the option negotiation and state 89 * transitions at level kern.debug. Note: all logs consistently look 90 * like 91 * 92 * <if-name><unit>: <proto-name> <additional info...> 93 * 94 * with <if-name><unit> being something like "bppp0", and <proto-name> 95 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 96 */ 97 98#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 99#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 100#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 101 102#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 103#define PPP_UI 0x03 /* Unnumbered Information */ 104#define PPP_IP 0x0021 /* Internet Protocol */ 105#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 106#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 107#define PPP_IPX 0x002b /* Novell IPX Protocol */ 108#define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */ 109#define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */ 110#define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 111#define PPP_LCP 0xc021 /* Link Control Protocol */ 112#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 113#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 114#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 115#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 116 117#define CONF_REQ 1 /* PPP configure request */ 118#define CONF_ACK 2 /* PPP configure acknowledge */ 119#define CONF_NAK 3 /* PPP configure negative ack */ 120#define CONF_REJ 4 /* PPP configure reject */ 121#define TERM_REQ 5 /* PPP terminate request */ 122#define TERM_ACK 6 /* PPP terminate acknowledge */ 123#define CODE_REJ 7 /* PPP code reject */ 124#define PROTO_REJ 8 /* PPP protocol reject */ 125#define ECHO_REQ 9 /* PPP echo request */ 126#define ECHO_REPLY 10 /* PPP echo reply */ 127#define DISC_REQ 11 /* PPP discard request */ 128 129#define LCP_OPT_MRU 1 /* maximum receive unit */ 130#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 131#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 132#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 133#define LCP_OPT_MAGIC 5 /* magic number */ 134#define LCP_OPT_RESERVED 6 /* reserved */ 135#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 136#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 137 138#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 139#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 140#define IPCP_OPT_ADDRESS 3 /* local IP address */ 141 142#define IPV6CP_OPT_IFID 1 /* interface identifier */ 143#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 144 145#define IPCP_COMP_VJ 0x2d /* Code for VJ compression */ 146 147#define PAP_REQ 1 /* PAP name/password request */ 148#define PAP_ACK 2 /* PAP acknowledge */ 149#define PAP_NAK 3 /* PAP fail */ 150 151#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 152#define CHAP_RESPONSE 2 /* CHAP challenge response */ 153#define CHAP_SUCCESS 3 /* CHAP response ok */ 154#define CHAP_FAILURE 4 /* CHAP response failed */ 155 156#define CHAP_MD5 5 /* hash algorithm - MD5 */ 157 158#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 159#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 160#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 161#define CISCO_ADDR_REQ 0 /* Cisco address request */ 162#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 163#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 164 165/* states are named and numbered according to RFC 1661 */ 166#define STATE_INITIAL 0 167#define STATE_STARTING 1 168#define STATE_CLOSED 2 169#define STATE_STOPPED 3 170#define STATE_CLOSING 4 171#define STATE_STOPPING 5 172#define STATE_REQ_SENT 6 173#define STATE_ACK_RCVD 7 174#define STATE_ACK_SENT 8 175#define STATE_OPENED 9 176 177MALLOC_DEFINE(M_SPPP, "sppp", "synchronous PPP interface internals"); 178 179struct ppp_header { 180 u_char address; 181 u_char control; 182 u_short protocol; 183} __packed; 184#define PPP_HEADER_LEN sizeof (struct ppp_header) 185 186struct lcp_header { 187 u_char type; 188 u_char ident; 189 u_short len; 190} __packed; 191#define LCP_HEADER_LEN sizeof (struct lcp_header) 192 193struct cisco_packet { 194 u_long type; 195 u_long par1; 196 u_long par2; 197 u_short rel; 198 u_short time0; 199 u_short time1; 200} __packed; 201#define CISCO_PACKET_LEN sizeof (struct cisco_packet) 202 203/* 204 * We follow the spelling and capitalization of RFC 1661 here, to make 205 * it easier comparing with the standard. Please refer to this RFC in 206 * case you can't make sense out of these abbreviation; it will also 207 * explain the semantics related to the various events and actions. 208 */ 209struct cp { 210 u_short proto; /* PPP control protocol number */ 211 u_char protoidx; /* index into state table in struct sppp */ 212 u_char flags; 213#define CP_LCP 0x01 /* this is the LCP */ 214#define CP_AUTH 0x02 /* this is an authentication protocol */ 215#define CP_NCP 0x04 /* this is a NCP */ 216#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 217 const char *name; /* name of this control protocol */ 218 /* event handlers */ 219 void (*Up)(struct sppp *sp); 220 void (*Down)(struct sppp *sp); 221 void (*Open)(struct sppp *sp); 222 void (*Close)(struct sppp *sp); 223 void (*TO)(void *sp); 224 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 225 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 226 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 227 /* actions */ 228 void (*tlu)(struct sppp *sp); 229 void (*tld)(struct sppp *sp); 230 void (*tls)(struct sppp *sp); 231 void (*tlf)(struct sppp *sp); 232 void (*scr)(struct sppp *sp); 233}; 234 235#define SPP_FMT "%s: " 236#define SPP_ARGS(ifp) (ifp)->if_xname 237 238#define SPPP_LOCK(sp) \ 239 do { \ 240 if (!(SP2IFP(sp)->if_flags & IFF_NEEDSGIANT)) \ 241 mtx_lock (&(sp)->mtx); \ 242 } while (0) 243#define SPPP_UNLOCK(sp) \ 244 do { \ 245 if (!(SP2IFP(sp)->if_flags & IFF_NEEDSGIANT)) \ 246 mtx_unlock (&(sp)->mtx); \ 247 } while (0) 248 249#define SPPP_LOCK_ASSERT(sp) \ 250 do { \ 251 if (!(SP2IFP(sp)->if_flags & IFF_NEEDSGIANT)) \ 252 mtx_assert (&(sp)->mtx, MA_OWNED); \ 253 } while (0) 254#define SPPP_LOCK_OWNED(sp) \ 255 (!(SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) && \ 256 mtx_owned (&sp->mtx)) 257 258#ifdef INET 259/* 260 * The following disgusting hack gets around the problem that IP TOS 261 * can't be set yet. We want to put "interactive" traffic on a high 262 * priority queue. To decide if traffic is interactive, we check that 263 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 264 * 265 * XXX is this really still necessary? - joerg - 266 */ 267static const u_short interactive_ports[8] = { 268 0, 513, 0, 0, 269 0, 21, 0, 23, 270}; 271#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 272#endif 273 274/* almost every function needs these */ 275#define STDDCL \ 276 struct ifnet *ifp = SP2IFP(sp); \ 277 int debug = ifp->if_flags & IFF_DEBUG 278 279static int sppp_output(struct ifnet *ifp, struct mbuf *m, 280 struct sockaddr *dst, struct rtentry *rt); 281 282static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 283static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 284 285static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 286 struct mbuf *m); 287static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 288 u_char ident, u_short len, void *data); 289/* static void sppp_cp_timeout(void *arg); */ 290static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 291 int newstate); 292static void sppp_auth_send(const struct cp *cp, 293 struct sppp *sp, unsigned int type, unsigned int id, 294 ...); 295 296static void sppp_up_event(const struct cp *cp, struct sppp *sp); 297static void sppp_down_event(const struct cp *cp, struct sppp *sp); 298static void sppp_open_event(const struct cp *cp, struct sppp *sp); 299static void sppp_close_event(const struct cp *cp, struct sppp *sp); 300static void sppp_to_event(const struct cp *cp, struct sppp *sp); 301 302static void sppp_null(struct sppp *sp); 303 304static void sppp_pp_up(struct sppp *sp); 305static void sppp_pp_down(struct sppp *sp); 306 307static void sppp_lcp_init(struct sppp *sp); 308static void sppp_lcp_up(struct sppp *sp); 309static void sppp_lcp_down(struct sppp *sp); 310static void sppp_lcp_open(struct sppp *sp); 311static void sppp_lcp_close(struct sppp *sp); 312static void sppp_lcp_TO(void *sp); 313static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 314static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 315static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 316static void sppp_lcp_tlu(struct sppp *sp); 317static void sppp_lcp_tld(struct sppp *sp); 318static void sppp_lcp_tls(struct sppp *sp); 319static void sppp_lcp_tlf(struct sppp *sp); 320static void sppp_lcp_scr(struct sppp *sp); 321static void sppp_lcp_check_and_close(struct sppp *sp); 322static int sppp_ncp_check(struct sppp *sp); 323 324static void sppp_ipcp_init(struct sppp *sp); 325static void sppp_ipcp_up(struct sppp *sp); 326static void sppp_ipcp_down(struct sppp *sp); 327static void sppp_ipcp_open(struct sppp *sp); 328static void sppp_ipcp_close(struct sppp *sp); 329static void sppp_ipcp_TO(void *sp); 330static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 331static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 332static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 333static void sppp_ipcp_tlu(struct sppp *sp); 334static void sppp_ipcp_tld(struct sppp *sp); 335static void sppp_ipcp_tls(struct sppp *sp); 336static void sppp_ipcp_tlf(struct sppp *sp); 337static void sppp_ipcp_scr(struct sppp *sp); 338 339static void sppp_ipv6cp_init(struct sppp *sp); 340static void sppp_ipv6cp_up(struct sppp *sp); 341static void sppp_ipv6cp_down(struct sppp *sp); 342static void sppp_ipv6cp_open(struct sppp *sp); 343static void sppp_ipv6cp_close(struct sppp *sp); 344static void sppp_ipv6cp_TO(void *sp); 345static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 346static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 347static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 348static void sppp_ipv6cp_tlu(struct sppp *sp); 349static void sppp_ipv6cp_tld(struct sppp *sp); 350static void sppp_ipv6cp_tls(struct sppp *sp); 351static void sppp_ipv6cp_tlf(struct sppp *sp); 352static void sppp_ipv6cp_scr(struct sppp *sp); 353 354static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 355static void sppp_pap_init(struct sppp *sp); 356static void sppp_pap_open(struct sppp *sp); 357static void sppp_pap_close(struct sppp *sp); 358static void sppp_pap_TO(void *sp); 359static void sppp_pap_my_TO(void *sp); 360static void sppp_pap_tlu(struct sppp *sp); 361static void sppp_pap_tld(struct sppp *sp); 362static void sppp_pap_scr(struct sppp *sp); 363 364static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 365static void sppp_chap_init(struct sppp *sp); 366static void sppp_chap_open(struct sppp *sp); 367static void sppp_chap_close(struct sppp *sp); 368static void sppp_chap_TO(void *sp); 369static void sppp_chap_tlu(struct sppp *sp); 370static void sppp_chap_tld(struct sppp *sp); 371static void sppp_chap_scr(struct sppp *sp); 372 373static const char *sppp_auth_type_name(u_short proto, u_char type); 374static const char *sppp_cp_type_name(u_char type); 375static const char *sppp_dotted_quad(u_long addr); 376static const char *sppp_ipcp_opt_name(u_char opt); 377#ifdef INET6 378static const char *sppp_ipv6cp_opt_name(u_char opt); 379#endif 380static const char *sppp_lcp_opt_name(u_char opt); 381static const char *sppp_phase_name(enum ppp_phase phase); 382static const char *sppp_proto_name(u_short proto); 383static const char *sppp_state_name(int state); 384static int sppp_params(struct sppp *sp, u_long cmd, void *data); 385static int sppp_strnlen(u_char *p, int max); 386static void sppp_keepalive(void *dummy); 387static void sppp_phase_network(struct sppp *sp); 388static void sppp_print_bytes(const u_char *p, u_short len); 389static void sppp_print_string(const char *p, u_short len); 390static void sppp_qflush(struct ifqueue *ifq); 391static void sppp_set_ip_addr(struct sppp *sp, u_long src); 392#ifdef INET6 393static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 394 struct in6_addr *dst, struct in6_addr *srcmask); 395#ifdef IPV6CP_MYIFID_DYN 396static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 397static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 398#endif 399static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 400#endif 401 402/* if_start () wrapper */ 403static void sppp_ifstart (struct ifnet *ifp); 404 405/* our control protocol descriptors */ 406static const struct cp lcp = { 407 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 408 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 409 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 410 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 411 sppp_lcp_scr 412}; 413 414static const struct cp ipcp = { 415 PPP_IPCP, IDX_IPCP, 416#ifdef INET /* don't run IPCP if there's no IPv4 support */ 417 CP_NCP, 418#else 419 0, 420#endif 421 "ipcp", 422 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 423 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 424 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 425 sppp_ipcp_scr 426}; 427 428static const struct cp ipv6cp = { 429 PPP_IPV6CP, IDX_IPV6CP, 430#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 431 CP_NCP, 432#else 433 0, 434#endif 435 "ipv6cp", 436 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 437 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 438 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 439 sppp_ipv6cp_scr 440}; 441 442static const struct cp pap = { 443 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 444 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 445 sppp_pap_TO, 0, 0, 0, 446 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 447 sppp_pap_scr 448}; 449 450static const struct cp chap = { 451 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 452 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 453 sppp_chap_TO, 0, 0, 0, 454 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 455 sppp_chap_scr 456}; 457 458static const struct cp *cps[IDX_COUNT] = { 459 &lcp, /* IDX_LCP */ 460 &ipcp, /* IDX_IPCP */ 461 &ipv6cp, /* IDX_IPV6CP */ 462 &pap, /* IDX_PAP */ 463 &chap, /* IDX_CHAP */ 464}; 465 466static void* 467sppp_alloc(u_char type, struct ifnet *ifp) 468{ 469 struct sppp *sp; 470 471 sp = malloc(sizeof(struct sppp), M_SPPP, M_WAITOK | M_ZERO); 472 sp->pp_ifp = ifp; 473 474 return (sp); 475} 476 477static void 478sppp_free(void *com, u_char type) 479{ 480 481 free(com, M_SPPP); 482} 483 484static int 485sppp_modevent(module_t mod, int type, void *unused) 486{ 487 switch (type) { 488 case MOD_LOAD: 489 /* 490 * XXX: should probably be IFT_SPPP, but it's fairly 491 * harmless to allocate struct sppp's for non-sppp 492 * interfaces. 493 */ 494 495 if_register_com_alloc(IFT_PPP, sppp_alloc, sppp_free); 496 break; 497 case MOD_UNLOAD: 498 /* if_deregister_com_alloc(IFT_PPP); */ 499 return EACCES; 500 default: 501 return EOPNOTSUPP; 502 } 503 return 0; 504} 505static moduledata_t spppmod = { 506 "sppp", 507 sppp_modevent, 508 0 509}; 510MODULE_VERSION(sppp, 1); 511DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 512 513/* 514 * Exported functions, comprising our interface to the lower layer. 515 */ 516 517/* 518 * Process the received packet. 519 */ 520void 521sppp_input(struct ifnet *ifp, struct mbuf *m) 522{ 523 struct ppp_header *h; 524 int isr = -1; 525 struct sppp *sp = IFP2SP(ifp); 526 u_char *iphdr; 527 int hlen, vjlen, do_account = 0; 528 int debug; 529 530 SPPP_LOCK(sp); 531 debug = ifp->if_flags & IFF_DEBUG; 532 533 if (ifp->if_flags & IFF_UP) 534 /* Count received bytes, add FCS and one flag */ 535 ifp->if_ibytes += m->m_pkthdr.len + 3; 536 537 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 538 /* Too small packet, drop it. */ 539 if (debug) 540 log(LOG_DEBUG, 541 SPP_FMT "input packet is too small, %d bytes\n", 542 SPP_ARGS(ifp), m->m_pkthdr.len); 543 drop: 544 m_freem (m); 545 SPPP_UNLOCK(sp); 546 drop2: 547 ++ifp->if_ierrors; 548 ++ifp->if_iqdrops; 549 return; 550 } 551 552 if (sp->pp_mode == PP_FR) { 553 sppp_fr_input (sp, m); 554 SPPP_UNLOCK(sp); 555 return; 556 } 557 558 /* Get PPP header. */ 559 h = mtod (m, struct ppp_header*); 560 m_adj (m, PPP_HEADER_LEN); 561 562 switch (h->address) { 563 case PPP_ALLSTATIONS: 564 if (h->control != PPP_UI) 565 goto invalid; 566 if (sp->pp_mode == IFF_CISCO) { 567 if (debug) 568 log(LOG_DEBUG, 569 SPP_FMT "PPP packet in Cisco mode " 570 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 571 SPP_ARGS(ifp), 572 h->address, h->control, ntohs(h->protocol)); 573 goto drop; 574 } 575 switch (ntohs (h->protocol)) { 576 default: 577 if (debug) 578 log(LOG_DEBUG, 579 SPP_FMT "rejecting protocol " 580 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 581 SPP_ARGS(ifp), 582 h->address, h->control, ntohs(h->protocol)); 583 if (sp->state[IDX_LCP] == STATE_OPENED) 584 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 585 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 586 &h->protocol); 587 ++ifp->if_noproto; 588 goto drop; 589 case PPP_LCP: 590 sppp_cp_input(&lcp, sp, m); 591 m_freem (m); 592 SPPP_UNLOCK(sp); 593 return; 594 case PPP_PAP: 595 if (sp->pp_phase >= PHASE_AUTHENTICATE) 596 sppp_pap_input(sp, m); 597 m_freem (m); 598 SPPP_UNLOCK(sp); 599 return; 600 case PPP_CHAP: 601 if (sp->pp_phase >= PHASE_AUTHENTICATE) 602 sppp_chap_input(sp, m); 603 m_freem (m); 604 SPPP_UNLOCK(sp); 605 return; 606#ifdef INET 607 case PPP_IPCP: 608 if (sp->pp_phase == PHASE_NETWORK) 609 sppp_cp_input(&ipcp, sp, m); 610 m_freem (m); 611 SPPP_UNLOCK(sp); 612 return; 613 case PPP_IP: 614 if (sp->state[IDX_IPCP] == STATE_OPENED) { 615 isr = NETISR_IP; 616 } 617 do_account++; 618 break; 619 case PPP_VJ_COMP: 620 if (sp->state[IDX_IPCP] == STATE_OPENED) { 621 if ((vjlen = 622 sl_uncompress_tcp_core(mtod(m, u_char *), 623 m->m_len, m->m_len, 624 TYPE_COMPRESSED_TCP, 625 sp->pp_comp, 626 &iphdr, &hlen)) <= 0) { 627 if (debug) 628 log(LOG_INFO, 629 SPP_FMT "VJ uncompress failed on compressed packet\n", 630 SPP_ARGS(ifp)); 631 goto drop; 632 } 633 634 /* 635 * Trim the VJ header off the packet, and prepend 636 * the uncompressed IP header (which will usually 637 * end up in two chained mbufs since there's not 638 * enough leading space in the existing mbuf). 639 */ 640 m_adj(m, vjlen); 641 M_PREPEND(m, hlen, M_DONTWAIT); 642 if (m == NULL) { 643 SPPP_UNLOCK(sp); 644 goto drop2; 645 } 646 bcopy(iphdr, mtod(m, u_char *), hlen); 647 isr = NETISR_IP; 648 } 649 do_account++; 650 break; 651 case PPP_VJ_UCOMP: 652 if (sp->state[IDX_IPCP] == STATE_OPENED) { 653 if (sl_uncompress_tcp_core(mtod(m, u_char *), 654 m->m_len, m->m_len, 655 TYPE_UNCOMPRESSED_TCP, 656 sp->pp_comp, 657 &iphdr, &hlen) != 0) { 658 if (debug) 659 log(LOG_INFO, 660 SPP_FMT "VJ uncompress failed on uncompressed packet\n", 661 SPP_ARGS(ifp)); 662 goto drop; 663 } 664 isr = NETISR_IP; 665 } 666 do_account++; 667 break; 668#endif 669#ifdef INET6 670 case PPP_IPV6CP: 671 if (sp->pp_phase == PHASE_NETWORK) 672 sppp_cp_input(&ipv6cp, sp, m); 673 m_freem (m); 674 SPPP_UNLOCK(sp); 675 return; 676 677 case PPP_IPV6: 678 if (sp->state[IDX_IPV6CP] == STATE_OPENED) 679 isr = NETISR_IPV6; 680 do_account++; 681 break; 682#endif 683#ifdef IPX 684 case PPP_IPX: 685 /* IPX IPXCP not implemented yet */ 686 if (sp->pp_phase == PHASE_NETWORK) 687 isr = NETISR_IPX; 688 do_account++; 689 break; 690#endif 691 } 692 break; 693 case CISCO_MULTICAST: 694 case CISCO_UNICAST: 695 /* Don't check the control field here (RFC 1547). */ 696 if (sp->pp_mode != IFF_CISCO) { 697 if (debug) 698 log(LOG_DEBUG, 699 SPP_FMT "Cisco packet in PPP mode " 700 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 701 SPP_ARGS(ifp), 702 h->address, h->control, ntohs(h->protocol)); 703 goto drop; 704 } 705 switch (ntohs (h->protocol)) { 706 default: 707 ++ifp->if_noproto; 708 goto invalid; 709 case CISCO_KEEPALIVE: 710 sppp_cisco_input (sp, m); 711 m_freem (m); 712 SPPP_UNLOCK(sp); 713 return; 714#ifdef INET 715 case ETHERTYPE_IP: 716 isr = NETISR_IP; 717 do_account++; 718 break; 719#endif 720#ifdef INET6 721 case ETHERTYPE_IPV6: 722 isr = NETISR_IPV6; 723 do_account++; 724 break; 725#endif 726#ifdef IPX 727 case ETHERTYPE_IPX: 728 isr = NETISR_IPX; 729 do_account++; 730 break; 731#endif 732 } 733 break; 734 default: /* Invalid PPP packet. */ 735 invalid: 736 if (debug) 737 log(LOG_DEBUG, 738 SPP_FMT "invalid input packet " 739 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 740 SPP_ARGS(ifp), 741 h->address, h->control, ntohs(h->protocol)); 742 goto drop; 743 } 744 745 if (! (ifp->if_flags & IFF_UP) || isr == -1) 746 goto drop; 747 748 SPPP_UNLOCK(sp); 749 /* Check queue. */ 750 if (netisr_queue(isr, m)) { /* (0) on success. */ 751 if (debug) 752 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 753 SPP_ARGS(ifp)); 754 goto drop2; 755 } 756 757 if (do_account) 758 /* 759 * Do only account for network packets, not for control 760 * packets. This is used by some subsystems to detect 761 * idle lines. 762 */ 763 sp->pp_last_recv = time_uptime; 764} 765 766static void 767sppp_ifstart_sched(void *dummy) 768{ 769 struct sppp *sp = dummy; 770 771 sp->if_start(SP2IFP(sp)); 772} 773 774/* if_start () wrapper function. We use it to schedule real if_start () for 775 * execution. We can't call it directly 776 */ 777static void 778sppp_ifstart(struct ifnet *ifp) 779{ 780 struct sppp *sp = IFP2SP(ifp); 781 782 if (SPPP_LOCK_OWNED(sp)) { 783 if (callout_pending(&sp->ifstart_callout)) 784 return; 785 callout_reset(&sp->ifstart_callout, 1, sppp_ifstart_sched, 786 (void *)sp); 787 } else { 788 sp->if_start(ifp); 789 } 790} 791 792/* 793 * Enqueue transmit packet. 794 */ 795static int 796sppp_output(struct ifnet *ifp, struct mbuf *m, 797 struct sockaddr *dst, struct rtentry *rt) 798{ 799 struct sppp *sp = IFP2SP(ifp); 800 struct ppp_header *h; 801 struct ifqueue *ifq = NULL; 802 int s, error, rv = 0; 803 int ipproto = PPP_IP; 804 int debug = ifp->if_flags & IFF_DEBUG; 805 806 s = splimp(); 807 SPPP_LOCK(sp); 808 809 if (!(ifp->if_flags & IFF_UP) || 810 (!(ifp->if_flags & IFF_AUTO) && 811 !(ifp->if_drv_flags & IFF_DRV_RUNNING))) { 812#ifdef INET6 813 drop: 814#endif 815 m_freem (m); 816 SPPP_UNLOCK(sp); 817 splx (s); 818 return (ENETDOWN); 819 } 820 821 if ((ifp->if_flags & IFF_AUTO) && 822 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 823#ifdef INET6 824 /* 825 * XXX 826 * 827 * Hack to prevent the initialization-time generated 828 * IPv6 multicast packet to erroneously cause a 829 * dialout event in case IPv6 has been 830 * administratively disabled on that interface. 831 */ 832 if (dst->sa_family == AF_INET6 && 833 !(sp->confflags & CONF_ENABLE_IPV6)) 834 goto drop; 835#endif 836 /* 837 * Interface is not yet running, but auto-dial. Need 838 * to start LCP for it. 839 */ 840 ifp->if_drv_flags |= IFF_DRV_RUNNING; 841 splx(s); 842 lcp.Open(sp); 843 s = splimp(); 844 } 845 846#ifdef INET 847 if (dst->sa_family == AF_INET) { 848 /* XXX Check mbuf length here? */ 849 struct ip *ip = mtod (m, struct ip*); 850 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 851 852 /* 853 * When using dynamic local IP address assignment by using 854 * 0.0.0.0 as a local address, the first TCP session will 855 * not connect because the local TCP checksum is computed 856 * using 0.0.0.0 which will later become our real IP address 857 * so the TCP checksum computed at the remote end will 858 * become invalid. So we 859 * - don't let packets with src ip addr 0 thru 860 * - we flag TCP packets with src ip 0 as an error 861 */ 862 863 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 864 { 865 m_freem(m); 866 SPPP_UNLOCK(sp); 867 splx(s); 868 if(ip->ip_p == IPPROTO_TCP) 869 return(EADDRNOTAVAIL); 870 else 871 return(0); 872 } 873 874 /* 875 * Put low delay, telnet, rlogin and ftp control packets 876 * in front of the queue or let ALTQ take care. 877 */ 878 if (ALTQ_IS_ENABLED(&ifp->if_snd)) 879 ; 880 else if (_IF_QFULL(&sp->pp_fastq)) 881 ; 882 else if (ip->ip_tos & IPTOS_LOWDELAY) 883 ifq = &sp->pp_fastq; 884 else if (m->m_len < sizeof *ip + sizeof *tcp) 885 ; 886 else if (ip->ip_p != IPPROTO_TCP) 887 ; 888 else if (INTERACTIVE (ntohs (tcp->th_sport))) 889 ifq = &sp->pp_fastq; 890 else if (INTERACTIVE (ntohs (tcp->th_dport))) 891 ifq = &sp->pp_fastq; 892 893 /* 894 * Do IP Header compression 895 */ 896 if (sp->pp_mode != IFF_CISCO && sp->pp_mode != PP_FR && 897 (sp->ipcp.flags & IPCP_VJ) && ip->ip_p == IPPROTO_TCP) 898 switch (sl_compress_tcp(m, ip, sp->pp_comp, 899 sp->ipcp.compress_cid)) { 900 case TYPE_COMPRESSED_TCP: 901 ipproto = PPP_VJ_COMP; 902 break; 903 case TYPE_UNCOMPRESSED_TCP: 904 ipproto = PPP_VJ_UCOMP; 905 break; 906 case TYPE_IP: 907 ipproto = PPP_IP; 908 break; 909 default: 910 m_freem(m); 911 SPPP_UNLOCK(sp); 912 splx(s); 913 return (EINVAL); 914 } 915 } 916#endif 917 918#ifdef INET6 919 if (dst->sa_family == AF_INET6) { 920 /* XXX do something tricky here? */ 921 } 922#endif 923 924 if (sp->pp_mode == PP_FR) { 925 /* Add frame relay header. */ 926 m = sppp_fr_header (sp, m, dst->sa_family); 927 if (! m) 928 goto nobufs; 929 goto out; 930 } 931 932 /* 933 * Prepend general data packet PPP header. For now, IP only. 934 */ 935 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 936 if (! m) { 937nobufs: if (debug) 938 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 939 SPP_ARGS(ifp)); 940 ++ifp->if_oerrors; 941 SPPP_UNLOCK(sp); 942 splx (s); 943 return (ENOBUFS); 944 } 945 /* 946 * May want to check size of packet 947 * (albeit due to the implementation it's always enough) 948 */ 949 h = mtod (m, struct ppp_header*); 950 if (sp->pp_mode == IFF_CISCO) { 951 h->address = CISCO_UNICAST; /* unicast address */ 952 h->control = 0; 953 } else { 954 h->address = PPP_ALLSTATIONS; /* broadcast address */ 955 h->control = PPP_UI; /* Unnumbered Info */ 956 } 957 958 switch (dst->sa_family) { 959#ifdef INET 960 case AF_INET: /* Internet Protocol */ 961 if (sp->pp_mode == IFF_CISCO) 962 h->protocol = htons (ETHERTYPE_IP); 963 else { 964 /* 965 * Don't choke with an ENETDOWN early. It's 966 * possible that we just started dialing out, 967 * so don't drop the packet immediately. If 968 * we notice that we run out of buffer space 969 * below, we will however remember that we are 970 * not ready to carry IP packets, and return 971 * ENETDOWN, as opposed to ENOBUFS. 972 */ 973 h->protocol = htons(ipproto); 974 if (sp->state[IDX_IPCP] != STATE_OPENED) 975 rv = ENETDOWN; 976 } 977 break; 978#endif 979#ifdef INET6 980 case AF_INET6: /* Internet Protocol */ 981 if (sp->pp_mode == IFF_CISCO) 982 h->protocol = htons (ETHERTYPE_IPV6); 983 else { 984 /* 985 * Don't choke with an ENETDOWN early. It's 986 * possible that we just started dialing out, 987 * so don't drop the packet immediately. If 988 * we notice that we run out of buffer space 989 * below, we will however remember that we are 990 * not ready to carry IP packets, and return 991 * ENETDOWN, as opposed to ENOBUFS. 992 */ 993 h->protocol = htons(PPP_IPV6); 994 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 995 rv = ENETDOWN; 996 } 997 break; 998#endif 999#ifdef IPX 1000 case AF_IPX: /* Novell IPX Protocol */ 1001 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 1002 ETHERTYPE_IPX : PPP_IPX); 1003 break; 1004#endif 1005 default: 1006 m_freem (m); 1007 ++ifp->if_oerrors; 1008 SPPP_UNLOCK(sp); 1009 splx (s); 1010 return (EAFNOSUPPORT); 1011 } 1012 1013 /* 1014 * Queue message on interface, and start output if interface 1015 * not yet active. 1016 */ 1017out: 1018 if (ifq != NULL) 1019 error = !(IF_HANDOFF_ADJ(ifq, m, ifp, 3)); 1020 else 1021 IFQ_HANDOFF_ADJ(ifp, m, 3, error); 1022 if (error) { 1023 ++ifp->if_oerrors; 1024 SPPP_UNLOCK(sp); 1025 splx (s); 1026 return (rv? rv: ENOBUFS); 1027 } 1028 SPPP_UNLOCK(sp); 1029 splx (s); 1030 /* 1031 * Unlike in sppp_input(), we can always bump the timestamp 1032 * here since sppp_output() is only called on behalf of 1033 * network-layer traffic; control-layer traffic is handled 1034 * by sppp_cp_send(). 1035 */ 1036 sp->pp_last_sent = time_uptime; 1037 return (0); 1038} 1039 1040void 1041sppp_attach(struct ifnet *ifp) 1042{ 1043 struct sppp *sp = IFP2SP(ifp); 1044 1045 /* Initialize mtx lock */ 1046 mtx_init(&sp->mtx, "sppp", MTX_NETWORK_LOCK, MTX_DEF | MTX_RECURSE); 1047 1048 /* Initialize keepalive handler. */ 1049 callout_init(&sp->keepalive_callout, 1050 (ifp->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 1051 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 1052 (void *)sp); 1053 1054 ifp->if_mtu = PP_MTU; 1055 ifp->if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 1056 ifp->if_output = sppp_output; 1057#if 0 1058 sp->pp_flags = PP_KEEPALIVE; 1059#endif 1060 ifp->if_snd.ifq_maxlen = 32; 1061 sp->pp_fastq.ifq_maxlen = 32; 1062 sp->pp_cpq.ifq_maxlen = 20; 1063 sp->pp_loopcnt = 0; 1064 sp->pp_alivecnt = 0; 1065 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 1066 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 1067 sp->pp_phase = PHASE_DEAD; 1068 sp->pp_up = sppp_pp_up; 1069 sp->pp_down = sppp_pp_down; 1070 if(!mtx_initialized(&sp->pp_cpq.ifq_mtx)) 1071 mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", NULL, MTX_DEF); 1072 if(!mtx_initialized(&sp->pp_fastq.ifq_mtx)) 1073 mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", NULL, MTX_DEF); 1074 sp->pp_last_recv = sp->pp_last_sent = time_uptime; 1075 sp->confflags = 0; 1076#ifdef INET 1077 sp->confflags |= CONF_ENABLE_VJ; 1078#endif 1079#ifdef INET6 1080 sp->confflags |= CONF_ENABLE_IPV6; 1081#endif 1082 callout_init(&sp->ifstart_callout, 1083 (ifp->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 1084 sp->if_start = ifp->if_start; 1085 ifp->if_start = sppp_ifstart; 1086 sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAITOK); 1087 sl_compress_init(sp->pp_comp, -1); 1088 sppp_lcp_init(sp); 1089 sppp_ipcp_init(sp); 1090 sppp_ipv6cp_init(sp); 1091 sppp_pap_init(sp); 1092 sppp_chap_init(sp); 1093} 1094 1095void 1096sppp_detach(struct ifnet *ifp) 1097{ 1098 struct sppp *sp = IFP2SP(ifp); 1099 int i; 1100 1101 KASSERT(mtx_initialized(&sp->mtx), ("sppp mutex is not initialized")); 1102 1103 /* Stop keepalive handler. */ 1104 if (!callout_drain(&sp->keepalive_callout)) 1105 callout_stop(&sp->keepalive_callout); 1106 1107 for (i = 0; i < IDX_COUNT; i++) { 1108 if (!callout_drain(&sp->ch[i])) 1109 callout_stop(&sp->ch[i]); 1110 } 1111 if (!callout_drain(&sp->pap_my_to_ch)) 1112 callout_stop(&sp->pap_my_to_ch); 1113 mtx_destroy(&sp->pp_cpq.ifq_mtx); 1114 mtx_destroy(&sp->pp_fastq.ifq_mtx); 1115 mtx_destroy(&sp->mtx); 1116} 1117 1118/* 1119 * Flush the interface output queue. 1120 */ 1121static void 1122sppp_flush_unlocked(struct ifnet *ifp) 1123{ 1124 struct sppp *sp = IFP2SP(ifp); 1125 1126 sppp_qflush ((struct ifqueue *)&SP2IFP(sp)->if_snd); 1127 sppp_qflush (&sp->pp_fastq); 1128 sppp_qflush (&sp->pp_cpq); 1129} 1130 1131void 1132sppp_flush(struct ifnet *ifp) 1133{ 1134 struct sppp *sp = IFP2SP(ifp); 1135 1136 SPPP_LOCK(sp); 1137 sppp_flush_unlocked (ifp); 1138 SPPP_UNLOCK(sp); 1139} 1140 1141/* 1142 * Check if the output queue is empty. 1143 */ 1144int 1145sppp_isempty(struct ifnet *ifp) 1146{ 1147 struct sppp *sp = IFP2SP(ifp); 1148 int empty, s; 1149 1150 s = splimp(); 1151 SPPP_LOCK(sp); 1152 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 1153 !SP2IFP(sp)->if_snd.ifq_head; 1154 SPPP_UNLOCK(sp); 1155 splx(s); 1156 return (empty); 1157} 1158 1159/* 1160 * Get next packet to send. 1161 */ 1162struct mbuf * 1163sppp_dequeue(struct ifnet *ifp) 1164{ 1165 struct sppp *sp = IFP2SP(ifp); 1166 struct mbuf *m; 1167 int s; 1168 1169 s = splimp(); 1170 SPPP_LOCK(sp); 1171 /* 1172 * Process only the control protocol queue until we have at 1173 * least one NCP open. 1174 * 1175 * Do always serve all three queues in Cisco mode. 1176 */ 1177 IF_DEQUEUE(&sp->pp_cpq, m); 1178 if (m == NULL && 1179 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO || 1180 sp->pp_mode == PP_FR)) { 1181 IF_DEQUEUE(&sp->pp_fastq, m); 1182 if (m == NULL) 1183 IF_DEQUEUE (&SP2IFP(sp)->if_snd, m); 1184 } 1185 SPPP_UNLOCK(sp); 1186 splx(s); 1187 return m; 1188} 1189 1190/* 1191 * Pick the next packet, do not remove it from the queue. 1192 */ 1193struct mbuf * 1194sppp_pick(struct ifnet *ifp) 1195{ 1196 struct sppp *sp = IFP2SP(ifp); 1197 struct mbuf *m; 1198 int s; 1199 1200 s = splimp (); 1201 SPPP_LOCK(sp); 1202 1203 m = sp->pp_cpq.ifq_head; 1204 if (m == NULL && 1205 (sp->pp_phase == PHASE_NETWORK || 1206 sp->pp_mode == IFF_CISCO || 1207 sp->pp_mode == PP_FR)) 1208 if ((m = sp->pp_fastq.ifq_head) == NULL) 1209 m = SP2IFP(sp)->if_snd.ifq_head; 1210 SPPP_UNLOCK(sp); 1211 splx (s); 1212 return (m); 1213} 1214 1215/* 1216 * Process an ioctl request. Called on low priority level. 1217 */ 1218int 1219sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1220{ 1221 struct ifreq *ifr = (struct ifreq*) data; 1222 struct sppp *sp = IFP2SP(ifp); 1223 int s, rv, going_up, going_down, newmode; 1224 1225 s = splimp(); 1226 SPPP_LOCK(sp); 1227 rv = 0; 1228 switch (cmd) { 1229 case SIOCAIFADDR: 1230 case SIOCSIFDSTADDR: 1231 break; 1232 1233 case SIOCSIFADDR: 1234 /* set the interface "up" when assigning an IP address */ 1235 ifp->if_flags |= IFF_UP; 1236 /* FALLTHROUGH */ 1237 1238 case SIOCSIFFLAGS: 1239 going_up = ifp->if_flags & IFF_UP && 1240 (ifp->if_drv_flags & IFF_DRV_RUNNING) == 0; 1241 going_down = (ifp->if_flags & IFF_UP) == 0 && 1242 ifp->if_drv_flags & IFF_DRV_RUNNING; 1243 1244 newmode = ifp->if_flags & IFF_PASSIVE; 1245 if (!newmode) 1246 newmode = ifp->if_flags & IFF_AUTO; 1247 if (!newmode) 1248 newmode = ifp->if_flags & IFF_CISCO; 1249 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1250 ifp->if_flags |= newmode; 1251 1252 if (!newmode) 1253 newmode = sp->pp_flags & PP_FR; 1254 1255 if (newmode != sp->pp_mode) { 1256 going_down = 1; 1257 if (!going_up) 1258 going_up = ifp->if_drv_flags & IFF_DRV_RUNNING; 1259 } 1260 1261 if (going_down) { 1262 if (sp->pp_mode != IFF_CISCO && 1263 sp->pp_mode != PP_FR) 1264 lcp.Close(sp); 1265 else if (sp->pp_tlf) 1266 (sp->pp_tlf)(sp); 1267 sppp_flush_unlocked(ifp); 1268 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1269 sp->pp_mode = newmode; 1270 } 1271 1272 if (going_up) { 1273 if (sp->pp_mode != IFF_CISCO && 1274 sp->pp_mode != PP_FR) 1275 lcp.Close(sp); 1276 sp->pp_mode = newmode; 1277 if (sp->pp_mode == 0) { 1278 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1279 lcp.Open(sp); 1280 } 1281 if ((sp->pp_mode == IFF_CISCO) || 1282 (sp->pp_mode == PP_FR)) { 1283 if (sp->pp_tls) 1284 (sp->pp_tls)(sp); 1285 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1286 } 1287 } 1288 1289 break; 1290 1291#ifdef SIOCSIFMTU 1292#ifndef ifr_mtu 1293#define ifr_mtu ifr_metric 1294#endif 1295 case SIOCSIFMTU: 1296 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1297 return (EINVAL); 1298 ifp->if_mtu = ifr->ifr_mtu; 1299 break; 1300#endif 1301#ifdef SLIOCSETMTU 1302 case SLIOCSETMTU: 1303 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1304 return (EINVAL); 1305 ifp->if_mtu = *(short*)data; 1306 break; 1307#endif 1308#ifdef SIOCGIFMTU 1309 case SIOCGIFMTU: 1310 ifr->ifr_mtu = ifp->if_mtu; 1311 break; 1312#endif 1313#ifdef SLIOCGETMTU 1314 case SLIOCGETMTU: 1315 *(short*)data = ifp->if_mtu; 1316 break; 1317#endif 1318 case SIOCADDMULTI: 1319 case SIOCDELMULTI: 1320 break; 1321 1322 case SIOCGIFGENERIC: 1323 case SIOCSIFGENERIC: 1324 rv = sppp_params(sp, cmd, data); 1325 break; 1326 1327 default: 1328 rv = ENOTTY; 1329 } 1330 SPPP_UNLOCK(sp); 1331 splx(s); 1332 return rv; 1333} 1334 1335/* 1336 * Cisco framing implementation. 1337 */ 1338 1339/* 1340 * Handle incoming Cisco keepalive protocol packets. 1341 */ 1342static void 1343sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1344{ 1345 STDDCL; 1346 struct cisco_packet *h; 1347 u_long me, mymask; 1348 1349 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1350 if (debug) 1351 log(LOG_DEBUG, 1352 SPP_FMT "cisco invalid packet length: %d bytes\n", 1353 SPP_ARGS(ifp), m->m_pkthdr.len); 1354 return; 1355 } 1356 h = mtod (m, struct cisco_packet*); 1357 if (debug) 1358 log(LOG_DEBUG, 1359 SPP_FMT "cisco input: %d bytes " 1360 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1361 SPP_ARGS(ifp), m->m_pkthdr.len, 1362 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1363 (u_int)h->time0, (u_int)h->time1); 1364 switch (ntohl (h->type)) { 1365 default: 1366 if (debug) 1367 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1368 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1369 break; 1370 case CISCO_ADDR_REPLY: 1371 /* Reply on address request, ignore */ 1372 break; 1373 case CISCO_KEEPALIVE_REQ: 1374 sp->pp_alivecnt = 0; 1375 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1376 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1377 /* Local and remote sequence numbers are equal. 1378 * Probably, the line is in loopback mode. */ 1379 if (sp->pp_loopcnt >= MAXALIVECNT) { 1380 printf (SPP_FMT "loopback\n", 1381 SPP_ARGS(ifp)); 1382 sp->pp_loopcnt = 0; 1383 if (ifp->if_flags & IFF_UP) { 1384 if_down (ifp); 1385 sppp_qflush (&sp->pp_cpq); 1386 } 1387 } 1388 ++sp->pp_loopcnt; 1389 1390 /* Generate new local sequence number */ 1391 sp->pp_seq[IDX_LCP] = random(); 1392 break; 1393 } 1394 sp->pp_loopcnt = 0; 1395 if (! (ifp->if_flags & IFF_UP) && 1396 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 1397 if_up(ifp); 1398 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1399 } 1400 break; 1401 case CISCO_ADDR_REQ: 1402 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1403 if (me != 0L) 1404 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1405 break; 1406 } 1407} 1408 1409/* 1410 * Send Cisco keepalive packet. 1411 */ 1412static void 1413sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1414{ 1415 STDDCL; 1416 struct ppp_header *h; 1417 struct cisco_packet *ch; 1418 struct mbuf *m; 1419 struct timeval tv; 1420 1421 getmicrouptime(&tv); 1422 1423 MGETHDR (m, M_DONTWAIT, MT_DATA); 1424 if (! m) 1425 return; 1426 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1427 m->m_pkthdr.rcvif = 0; 1428 1429 h = mtod (m, struct ppp_header*); 1430 h->address = CISCO_MULTICAST; 1431 h->control = 0; 1432 h->protocol = htons (CISCO_KEEPALIVE); 1433 1434 ch = (struct cisco_packet*) (h + 1); 1435 ch->type = htonl (type); 1436 ch->par1 = htonl (par1); 1437 ch->par2 = htonl (par2); 1438 ch->rel = -1; 1439 1440 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1441 ch->time1 = htons ((u_short) tv.tv_sec); 1442 1443 if (debug) 1444 log(LOG_DEBUG, 1445 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1446 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1447 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1448 1449 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1450 ifp->if_oerrors++; 1451} 1452 1453/* 1454 * PPP protocol implementation. 1455 */ 1456 1457/* 1458 * Send PPP control protocol packet. 1459 */ 1460static void 1461sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1462 u_char ident, u_short len, void *data) 1463{ 1464 STDDCL; 1465 struct ppp_header *h; 1466 struct lcp_header *lh; 1467 struct mbuf *m; 1468 1469 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1470 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1471 MGETHDR (m, M_DONTWAIT, MT_DATA); 1472 if (! m) 1473 return; 1474 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1475 m->m_pkthdr.rcvif = 0; 1476 1477 h = mtod (m, struct ppp_header*); 1478 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1479 h->control = PPP_UI; /* Unnumbered Info */ 1480 h->protocol = htons (proto); /* Link Control Protocol */ 1481 1482 lh = (struct lcp_header*) (h + 1); 1483 lh->type = type; 1484 lh->ident = ident; 1485 lh->len = htons (LCP_HEADER_LEN + len); 1486 if (len) 1487 bcopy (data, lh+1, len); 1488 1489 if (debug) { 1490 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1491 SPP_ARGS(ifp), 1492 sppp_proto_name(proto), 1493 sppp_cp_type_name (lh->type), lh->ident, 1494 ntohs (lh->len)); 1495 sppp_print_bytes ((u_char*) (lh+1), len); 1496 log(-1, ">\n"); 1497 } 1498 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1499 ifp->if_oerrors++; 1500} 1501 1502/* 1503 * Handle incoming PPP control protocol packets. 1504 */ 1505static void 1506sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1507{ 1508 STDDCL; 1509 struct lcp_header *h; 1510 int len = m->m_pkthdr.len; 1511 int rv; 1512 u_char *p; 1513 1514 if (len < 4) { 1515 if (debug) 1516 log(LOG_DEBUG, 1517 SPP_FMT "%s invalid packet length: %d bytes\n", 1518 SPP_ARGS(ifp), cp->name, len); 1519 return; 1520 } 1521 h = mtod (m, struct lcp_header*); 1522 if (debug) { 1523 log(LOG_DEBUG, 1524 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1525 SPP_ARGS(ifp), cp->name, 1526 sppp_state_name(sp->state[cp->protoidx]), 1527 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1528 sppp_print_bytes ((u_char*) (h+1), len-4); 1529 log(-1, ">\n"); 1530 } 1531 if (len > ntohs (h->len)) 1532 len = ntohs (h->len); 1533 p = (u_char *)(h + 1); 1534 switch (h->type) { 1535 case CONF_REQ: 1536 if (len < 4) { 1537 if (debug) 1538 log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1539 SPP_ARGS(ifp), cp->name, 1540 len); 1541 ++ifp->if_ierrors; 1542 break; 1543 } 1544 /* handle states where RCR doesn't get a SCA/SCN */ 1545 switch (sp->state[cp->protoidx]) { 1546 case STATE_CLOSING: 1547 case STATE_STOPPING: 1548 return; 1549 case STATE_CLOSED: 1550 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1551 0, 0); 1552 return; 1553 } 1554 rv = (cp->RCR)(sp, h, len); 1555 switch (sp->state[cp->protoidx]) { 1556 case STATE_OPENED: 1557 (cp->tld)(sp); 1558 (cp->scr)(sp); 1559 /* FALLTHROUGH */ 1560 case STATE_ACK_SENT: 1561 case STATE_REQ_SENT: 1562 /* 1563 * sppp_cp_change_state() have the side effect of 1564 * restarting the timeouts. We want to avoid that 1565 * if the state don't change, otherwise we won't 1566 * ever timeout and resend a configuration request 1567 * that got lost. 1568 */ 1569 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1570 STATE_REQ_SENT)) 1571 break; 1572 sppp_cp_change_state(cp, sp, rv? 1573 STATE_ACK_SENT: STATE_REQ_SENT); 1574 break; 1575 case STATE_STOPPED: 1576 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1577 (cp->scr)(sp); 1578 sppp_cp_change_state(cp, sp, rv? 1579 STATE_ACK_SENT: STATE_REQ_SENT); 1580 break; 1581 case STATE_ACK_RCVD: 1582 if (rv) { 1583 sppp_cp_change_state(cp, sp, STATE_OPENED); 1584 if (debug) 1585 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1586 SPP_ARGS(ifp), 1587 cp->name); 1588 (cp->tlu)(sp); 1589 } else 1590 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1591 break; 1592 default: 1593 printf(SPP_FMT "%s illegal %s in state %s\n", 1594 SPP_ARGS(ifp), cp->name, 1595 sppp_cp_type_name(h->type), 1596 sppp_state_name(sp->state[cp->protoidx])); 1597 ++ifp->if_ierrors; 1598 } 1599 break; 1600 case CONF_ACK: 1601 if (h->ident != sp->confid[cp->protoidx]) { 1602 if (debug) 1603 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1604 SPP_ARGS(ifp), cp->name, 1605 h->ident, sp->confid[cp->protoidx]); 1606 ++ifp->if_ierrors; 1607 break; 1608 } 1609 switch (sp->state[cp->protoidx]) { 1610 case STATE_CLOSED: 1611 case STATE_STOPPED: 1612 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1613 break; 1614 case STATE_CLOSING: 1615 case STATE_STOPPING: 1616 break; 1617 case STATE_REQ_SENT: 1618 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1619 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1620 break; 1621 case STATE_OPENED: 1622 (cp->tld)(sp); 1623 /* FALLTHROUGH */ 1624 case STATE_ACK_RCVD: 1625 (cp->scr)(sp); 1626 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1627 break; 1628 case STATE_ACK_SENT: 1629 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1630 sppp_cp_change_state(cp, sp, STATE_OPENED); 1631 if (debug) 1632 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1633 SPP_ARGS(ifp), cp->name); 1634 (cp->tlu)(sp); 1635 break; 1636 default: 1637 printf(SPP_FMT "%s illegal %s in state %s\n", 1638 SPP_ARGS(ifp), cp->name, 1639 sppp_cp_type_name(h->type), 1640 sppp_state_name(sp->state[cp->protoidx])); 1641 ++ifp->if_ierrors; 1642 } 1643 break; 1644 case CONF_NAK: 1645 case CONF_REJ: 1646 if (h->ident != sp->confid[cp->protoidx]) { 1647 if (debug) 1648 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1649 SPP_ARGS(ifp), cp->name, 1650 h->ident, sp->confid[cp->protoidx]); 1651 ++ifp->if_ierrors; 1652 break; 1653 } 1654 if (h->type == CONF_NAK) 1655 (cp->RCN_nak)(sp, h, len); 1656 else /* CONF_REJ */ 1657 (cp->RCN_rej)(sp, h, len); 1658 1659 switch (sp->state[cp->protoidx]) { 1660 case STATE_CLOSED: 1661 case STATE_STOPPED: 1662 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1663 break; 1664 case STATE_REQ_SENT: 1665 case STATE_ACK_SENT: 1666 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1667 /* 1668 * Slow things down a bit if we think we might be 1669 * in loopback. Depend on the timeout to send the 1670 * next configuration request. 1671 */ 1672 if (sp->pp_loopcnt) 1673 break; 1674 (cp->scr)(sp); 1675 break; 1676 case STATE_OPENED: 1677 (cp->tld)(sp); 1678 /* FALLTHROUGH */ 1679 case STATE_ACK_RCVD: 1680 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1681 (cp->scr)(sp); 1682 break; 1683 case STATE_CLOSING: 1684 case STATE_STOPPING: 1685 break; 1686 default: 1687 printf(SPP_FMT "%s illegal %s in state %s\n", 1688 SPP_ARGS(ifp), cp->name, 1689 sppp_cp_type_name(h->type), 1690 sppp_state_name(sp->state[cp->protoidx])); 1691 ++ifp->if_ierrors; 1692 } 1693 break; 1694 1695 case TERM_REQ: 1696 switch (sp->state[cp->protoidx]) { 1697 case STATE_ACK_RCVD: 1698 case STATE_ACK_SENT: 1699 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1700 /* FALLTHROUGH */ 1701 case STATE_CLOSED: 1702 case STATE_STOPPED: 1703 case STATE_CLOSING: 1704 case STATE_STOPPING: 1705 case STATE_REQ_SENT: 1706 sta: 1707 /* Send Terminate-Ack packet. */ 1708 if (debug) 1709 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1710 SPP_ARGS(ifp), cp->name); 1711 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1712 break; 1713 case STATE_OPENED: 1714 (cp->tld)(sp); 1715 sp->rst_counter[cp->protoidx] = 0; 1716 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1717 goto sta; 1718 break; 1719 default: 1720 printf(SPP_FMT "%s illegal %s in state %s\n", 1721 SPP_ARGS(ifp), cp->name, 1722 sppp_cp_type_name(h->type), 1723 sppp_state_name(sp->state[cp->protoidx])); 1724 ++ifp->if_ierrors; 1725 } 1726 break; 1727 case TERM_ACK: 1728 switch (sp->state[cp->protoidx]) { 1729 case STATE_CLOSED: 1730 case STATE_STOPPED: 1731 case STATE_REQ_SENT: 1732 case STATE_ACK_SENT: 1733 break; 1734 case STATE_CLOSING: 1735 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1736 (cp->tlf)(sp); 1737 break; 1738 case STATE_STOPPING: 1739 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1740 (cp->tlf)(sp); 1741 break; 1742 case STATE_ACK_RCVD: 1743 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1744 break; 1745 case STATE_OPENED: 1746 (cp->tld)(sp); 1747 (cp->scr)(sp); 1748 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1749 break; 1750 default: 1751 printf(SPP_FMT "%s illegal %s in state %s\n", 1752 SPP_ARGS(ifp), cp->name, 1753 sppp_cp_type_name(h->type), 1754 sppp_state_name(sp->state[cp->protoidx])); 1755 ++ifp->if_ierrors; 1756 } 1757 break; 1758 case CODE_REJ: 1759 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1760 log(LOG_INFO, 1761 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1762 "danger will robinson\n", 1763 SPP_ARGS(ifp), cp->name, 1764 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1765 switch (sp->state[cp->protoidx]) { 1766 case STATE_CLOSED: 1767 case STATE_STOPPED: 1768 case STATE_REQ_SENT: 1769 case STATE_ACK_SENT: 1770 case STATE_CLOSING: 1771 case STATE_STOPPING: 1772 case STATE_OPENED: 1773 break; 1774 case STATE_ACK_RCVD: 1775 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1776 break; 1777 default: 1778 printf(SPP_FMT "%s illegal %s in state %s\n", 1779 SPP_ARGS(ifp), cp->name, 1780 sppp_cp_type_name(h->type), 1781 sppp_state_name(sp->state[cp->protoidx])); 1782 ++ifp->if_ierrors; 1783 } 1784 break; 1785 case PROTO_REJ: 1786 { 1787 int catastrophic; 1788 const struct cp *upper; 1789 int i; 1790 u_int16_t proto; 1791 1792 catastrophic = 0; 1793 upper = NULL; 1794 proto = ntohs(*((u_int16_t *)p)); 1795 for (i = 0; i < IDX_COUNT; i++) { 1796 if (cps[i]->proto == proto) { 1797 upper = cps[i]; 1798 break; 1799 } 1800 } 1801 if (upper == NULL) 1802 catastrophic++; 1803 1804 if (catastrophic || debug) 1805 log(catastrophic? LOG_INFO: LOG_DEBUG, 1806 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1807 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1808 sppp_cp_type_name(h->type), proto, 1809 upper ? upper->name : "unknown", 1810 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1811 1812 /* 1813 * if we got RXJ+ against conf-req, the peer does not implement 1814 * this particular protocol type. terminate the protocol. 1815 */ 1816 if (upper && !catastrophic) { 1817 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1818 upper->Close(sp); 1819 break; 1820 } 1821 } 1822 1823 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1824 switch (sp->state[cp->protoidx]) { 1825 case STATE_CLOSED: 1826 case STATE_STOPPED: 1827 case STATE_REQ_SENT: 1828 case STATE_ACK_SENT: 1829 case STATE_CLOSING: 1830 case STATE_STOPPING: 1831 case STATE_OPENED: 1832 break; 1833 case STATE_ACK_RCVD: 1834 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1835 break; 1836 default: 1837 printf(SPP_FMT "%s illegal %s in state %s\n", 1838 SPP_ARGS(ifp), cp->name, 1839 sppp_cp_type_name(h->type), 1840 sppp_state_name(sp->state[cp->protoidx])); 1841 ++ifp->if_ierrors; 1842 } 1843 break; 1844 } 1845 case DISC_REQ: 1846 if (cp->proto != PPP_LCP) 1847 goto illegal; 1848 /* Discard the packet. */ 1849 break; 1850 case ECHO_REQ: 1851 if (cp->proto != PPP_LCP) 1852 goto illegal; 1853 if (sp->state[cp->protoidx] != STATE_OPENED) { 1854 if (debug) 1855 log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1856 SPP_ARGS(ifp)); 1857 ++ifp->if_ierrors; 1858 break; 1859 } 1860 if (len < 8) { 1861 if (debug) 1862 log(-1, SPP_FMT "invalid lcp echo request " 1863 "packet length: %d bytes\n", 1864 SPP_ARGS(ifp), len); 1865 break; 1866 } 1867 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1868 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1869 /* Line loopback mode detected. */ 1870 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1871 sp->pp_loopcnt = MAXALIVECNT * 5; 1872 if_down (ifp); 1873 sppp_qflush (&sp->pp_cpq); 1874 1875 /* Shut down the PPP link. */ 1876 /* XXX */ 1877 lcp.Down(sp); 1878 lcp.Up(sp); 1879 break; 1880 } 1881 *(long*)(h+1) = htonl (sp->lcp.magic); 1882 if (debug) 1883 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1884 SPP_ARGS(ifp)); 1885 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1886 break; 1887 case ECHO_REPLY: 1888 if (cp->proto != PPP_LCP) 1889 goto illegal; 1890 if (h->ident != sp->lcp.echoid) { 1891 ++ifp->if_ierrors; 1892 break; 1893 } 1894 if (len < 8) { 1895 if (debug) 1896 log(-1, SPP_FMT "lcp invalid echo reply " 1897 "packet length: %d bytes\n", 1898 SPP_ARGS(ifp), len); 1899 break; 1900 } 1901 if (debug) 1902 log(-1, SPP_FMT "lcp got echo rep\n", 1903 SPP_ARGS(ifp)); 1904 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1905 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1906 sp->pp_alivecnt = 0; 1907 break; 1908 default: 1909 /* Unknown packet type -- send Code-Reject packet. */ 1910 illegal: 1911 if (debug) 1912 log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1913 SPP_ARGS(ifp), cp->name, h->type); 1914 sppp_cp_send(sp, cp->proto, CODE_REJ, 1915 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1916 ++ifp->if_ierrors; 1917 } 1918} 1919 1920 1921/* 1922 * The generic part of all Up/Down/Open/Close/TO event handlers. 1923 * Basically, the state transition handling in the automaton. 1924 */ 1925static void 1926sppp_up_event(const struct cp *cp, struct sppp *sp) 1927{ 1928 STDDCL; 1929 1930 if (debug) 1931 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1932 SPP_ARGS(ifp), cp->name, 1933 sppp_state_name(sp->state[cp->protoidx])); 1934 1935 switch (sp->state[cp->protoidx]) { 1936 case STATE_INITIAL: 1937 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1938 break; 1939 case STATE_STARTING: 1940 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1941 (cp->scr)(sp); 1942 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1943 break; 1944 default: 1945 printf(SPP_FMT "%s illegal up in state %s\n", 1946 SPP_ARGS(ifp), cp->name, 1947 sppp_state_name(sp->state[cp->protoidx])); 1948 } 1949} 1950 1951static void 1952sppp_down_event(const struct cp *cp, struct sppp *sp) 1953{ 1954 STDDCL; 1955 1956 if (debug) 1957 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1958 SPP_ARGS(ifp), cp->name, 1959 sppp_state_name(sp->state[cp->protoidx])); 1960 1961 switch (sp->state[cp->protoidx]) { 1962 case STATE_CLOSED: 1963 case STATE_CLOSING: 1964 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1965 break; 1966 case STATE_STOPPED: 1967 sppp_cp_change_state(cp, sp, STATE_STARTING); 1968 (cp->tls)(sp); 1969 break; 1970 case STATE_STOPPING: 1971 case STATE_REQ_SENT: 1972 case STATE_ACK_RCVD: 1973 case STATE_ACK_SENT: 1974 sppp_cp_change_state(cp, sp, STATE_STARTING); 1975 break; 1976 case STATE_OPENED: 1977 (cp->tld)(sp); 1978 sppp_cp_change_state(cp, sp, STATE_STARTING); 1979 break; 1980 default: 1981 printf(SPP_FMT "%s illegal down in state %s\n", 1982 SPP_ARGS(ifp), cp->name, 1983 sppp_state_name(sp->state[cp->protoidx])); 1984 } 1985} 1986 1987 1988static void 1989sppp_open_event(const struct cp *cp, struct sppp *sp) 1990{ 1991 STDDCL; 1992 1993 if (debug) 1994 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1995 SPP_ARGS(ifp), cp->name, 1996 sppp_state_name(sp->state[cp->protoidx])); 1997 1998 switch (sp->state[cp->protoidx]) { 1999 case STATE_INITIAL: 2000 sppp_cp_change_state(cp, sp, STATE_STARTING); 2001 (cp->tls)(sp); 2002 break; 2003 case STATE_STARTING: 2004 break; 2005 case STATE_CLOSED: 2006 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 2007 (cp->scr)(sp); 2008 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2009 break; 2010 case STATE_STOPPED: 2011 /* 2012 * Try escaping stopped state. This seems to bite 2013 * people occasionally, in particular for IPCP, 2014 * presumably following previous IPCP negotiation 2015 * aborts. Somehow, we must have missed a Down event 2016 * which would have caused a transition into starting 2017 * state, so as a bandaid we force the Down event now. 2018 * This effectively implements (something like the) 2019 * `restart' option mentioned in the state transition 2020 * table of RFC 1661. 2021 */ 2022 sppp_cp_change_state(cp, sp, STATE_STARTING); 2023 (cp->tls)(sp); 2024 break; 2025 case STATE_STOPPING: 2026 case STATE_REQ_SENT: 2027 case STATE_ACK_RCVD: 2028 case STATE_ACK_SENT: 2029 case STATE_OPENED: 2030 break; 2031 case STATE_CLOSING: 2032 sppp_cp_change_state(cp, sp, STATE_STOPPING); 2033 break; 2034 } 2035} 2036 2037 2038static void 2039sppp_close_event(const struct cp *cp, struct sppp *sp) 2040{ 2041 STDDCL; 2042 2043 if (debug) 2044 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 2045 SPP_ARGS(ifp), cp->name, 2046 sppp_state_name(sp->state[cp->protoidx])); 2047 2048 switch (sp->state[cp->protoidx]) { 2049 case STATE_INITIAL: 2050 case STATE_CLOSED: 2051 case STATE_CLOSING: 2052 break; 2053 case STATE_STARTING: 2054 sppp_cp_change_state(cp, sp, STATE_INITIAL); 2055 (cp->tlf)(sp); 2056 break; 2057 case STATE_STOPPED: 2058 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2059 break; 2060 case STATE_STOPPING: 2061 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2062 break; 2063 case STATE_OPENED: 2064 (cp->tld)(sp); 2065 /* FALLTHROUGH */ 2066 case STATE_REQ_SENT: 2067 case STATE_ACK_RCVD: 2068 case STATE_ACK_SENT: 2069 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 2070 sppp_cp_send(sp, cp->proto, TERM_REQ, 2071 ++sp->pp_seq[cp->protoidx], 0, 0); 2072 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2073 break; 2074 } 2075} 2076 2077static void 2078sppp_to_event(const struct cp *cp, struct sppp *sp) 2079{ 2080 STDDCL; 2081 int s; 2082 2083 s = splimp(); 2084 SPPP_LOCK(sp); 2085 if (debug) 2086 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 2087 SPP_ARGS(ifp), cp->name, 2088 sppp_state_name(sp->state[cp->protoidx]), 2089 sp->rst_counter[cp->protoidx]); 2090 2091 if (--sp->rst_counter[cp->protoidx] < 0) 2092 /* TO- event */ 2093 switch (sp->state[cp->protoidx]) { 2094 case STATE_CLOSING: 2095 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2096 (cp->tlf)(sp); 2097 break; 2098 case STATE_STOPPING: 2099 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2100 (cp->tlf)(sp); 2101 break; 2102 case STATE_REQ_SENT: 2103 case STATE_ACK_RCVD: 2104 case STATE_ACK_SENT: 2105 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2106 (cp->tlf)(sp); 2107 break; 2108 } 2109 else 2110 /* TO+ event */ 2111 switch (sp->state[cp->protoidx]) { 2112 case STATE_CLOSING: 2113 case STATE_STOPPING: 2114 sppp_cp_send(sp, cp->proto, TERM_REQ, 2115 ++sp->pp_seq[cp->protoidx], 0, 0); 2116 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2117 cp->TO, (void *)sp); 2118 break; 2119 case STATE_REQ_SENT: 2120 case STATE_ACK_RCVD: 2121 (cp->scr)(sp); 2122 /* sppp_cp_change_state() will restart the timer */ 2123 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2124 break; 2125 case STATE_ACK_SENT: 2126 (cp->scr)(sp); 2127 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2128 cp->TO, (void *)sp); 2129 break; 2130 } 2131 2132 SPPP_UNLOCK(sp); 2133 splx(s); 2134} 2135 2136/* 2137 * Change the state of a control protocol in the state automaton. 2138 * Takes care of starting/stopping the restart timer. 2139 */ 2140static void 2141sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2142{ 2143 sp->state[cp->protoidx] = newstate; 2144 2145 callout_stop (&sp->ch[cp->protoidx]); 2146 2147 switch (newstate) { 2148 case STATE_INITIAL: 2149 case STATE_STARTING: 2150 case STATE_CLOSED: 2151 case STATE_STOPPED: 2152 case STATE_OPENED: 2153 break; 2154 case STATE_CLOSING: 2155 case STATE_STOPPING: 2156 case STATE_REQ_SENT: 2157 case STATE_ACK_RCVD: 2158 case STATE_ACK_SENT: 2159 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2160 cp->TO, (void *)sp); 2161 break; 2162 } 2163} 2164 2165/* 2166 *--------------------------------------------------------------------------* 2167 * * 2168 * The LCP implementation. * 2169 * * 2170 *--------------------------------------------------------------------------* 2171 */ 2172static void 2173sppp_pp_up(struct sppp *sp) 2174{ 2175 SPPP_LOCK(sp); 2176 lcp.Up(sp); 2177 SPPP_UNLOCK(sp); 2178} 2179 2180static void 2181sppp_pp_down(struct sppp *sp) 2182{ 2183 SPPP_LOCK(sp); 2184 lcp.Down(sp); 2185 SPPP_UNLOCK(sp); 2186} 2187 2188static void 2189sppp_lcp_init(struct sppp *sp) 2190{ 2191 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2192 sp->lcp.magic = 0; 2193 sp->state[IDX_LCP] = STATE_INITIAL; 2194 sp->fail_counter[IDX_LCP] = 0; 2195 sp->pp_seq[IDX_LCP] = 0; 2196 sp->pp_rseq[IDX_LCP] = 0; 2197 sp->lcp.protos = 0; 2198 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2199 2200 /* Note that these values are relevant for all control protocols */ 2201 sp->lcp.timeout = 3 * hz; 2202 sp->lcp.max_terminate = 2; 2203 sp->lcp.max_configure = 10; 2204 sp->lcp.max_failure = 10; 2205 callout_init(&sp->ch[IDX_LCP], 2206 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 2207} 2208 2209static void 2210sppp_lcp_up(struct sppp *sp) 2211{ 2212 STDDCL; 2213 2214 sp->pp_alivecnt = 0; 2215 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2216 sp->lcp.magic = 0; 2217 sp->lcp.protos = 0; 2218 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2219 /* 2220 * If we are authenticator, negotiate LCP_AUTH 2221 */ 2222 if (sp->hisauth.proto != 0) 2223 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2224 else 2225 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2226 sp->pp_flags &= ~PP_NEEDAUTH; 2227 /* 2228 * If this interface is passive or dial-on-demand, and we are 2229 * still in Initial state, it means we've got an incoming 2230 * call. Activate the interface. 2231 */ 2232 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2233 if (debug) 2234 log(LOG_DEBUG, 2235 SPP_FMT "Up event", SPP_ARGS(ifp)); 2236 ifp->if_drv_flags |= IFF_DRV_RUNNING; 2237 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2238 if (debug) 2239 log(-1, "(incoming call)\n"); 2240 sp->pp_flags |= PP_CALLIN; 2241 lcp.Open(sp); 2242 } else if (debug) 2243 log(-1, "\n"); 2244 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2245 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2246 ifp->if_drv_flags |= IFF_DRV_RUNNING; 2247 lcp.Open(sp); 2248 } 2249 2250 sppp_up_event(&lcp, sp); 2251} 2252 2253static void 2254sppp_lcp_down(struct sppp *sp) 2255{ 2256 STDDCL; 2257 2258 sppp_down_event(&lcp, sp); 2259 2260 /* 2261 * If this is neither a dial-on-demand nor a passive 2262 * interface, simulate an ``ifconfig down'' action, so the 2263 * administrator can force a redial by another ``ifconfig 2264 * up''. XXX For leased line operation, should we immediately 2265 * try to reopen the connection here? 2266 */ 2267 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2268 log(LOG_INFO, 2269 SPP_FMT "Down event, taking interface down.\n", 2270 SPP_ARGS(ifp)); 2271 if_down(ifp); 2272 } else { 2273 if (debug) 2274 log(LOG_DEBUG, 2275 SPP_FMT "Down event (carrier loss)\n", 2276 SPP_ARGS(ifp)); 2277 sp->pp_flags &= ~PP_CALLIN; 2278 if (sp->state[IDX_LCP] != STATE_INITIAL) 2279 lcp.Close(sp); 2280 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 2281 } 2282} 2283 2284static void 2285sppp_lcp_open(struct sppp *sp) 2286{ 2287 sppp_open_event(&lcp, sp); 2288} 2289 2290static void 2291sppp_lcp_close(struct sppp *sp) 2292{ 2293 sppp_close_event(&lcp, sp); 2294} 2295 2296static void 2297sppp_lcp_TO(void *cookie) 2298{ 2299 sppp_to_event(&lcp, (struct sppp *)cookie); 2300} 2301 2302/* 2303 * Analyze a configure request. Return true if it was agreeable, and 2304 * caused action sca, false if it has been rejected or nak'ed, and 2305 * caused action scn. (The return value is used to make the state 2306 * transition decision in the state automaton.) 2307 */ 2308static int 2309sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2310{ 2311 STDDCL; 2312 u_char *buf, *r, *p; 2313 int origlen, rlen; 2314 u_long nmagic; 2315 u_short authproto; 2316 2317 len -= 4; 2318 origlen = len; 2319 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2320 if (! buf) 2321 return (0); 2322 2323 if (debug) 2324 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2325 SPP_ARGS(ifp)); 2326 2327 /* pass 1: check for things that need to be rejected */ 2328 p = (void*) (h+1); 2329 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2330 len-=p[1], p+=p[1]) { 2331 if (debug) 2332 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2333 switch (*p) { 2334 case LCP_OPT_MAGIC: 2335 /* Magic number. */ 2336 if (len >= 6 && p[1] == 6) 2337 continue; 2338 if (debug) 2339 log(-1, "[invalid] "); 2340 break; 2341 case LCP_OPT_ASYNC_MAP: 2342 /* Async control character map. */ 2343 if (len >= 6 && p[1] == 6) 2344 continue; 2345 if (debug) 2346 log(-1, "[invalid] "); 2347 break; 2348 case LCP_OPT_MRU: 2349 /* Maximum receive unit. */ 2350 if (len >= 4 && p[1] == 4) 2351 continue; 2352 if (debug) 2353 log(-1, "[invalid] "); 2354 break; 2355 case LCP_OPT_AUTH_PROTO: 2356 if (len < 4) { 2357 if (debug) 2358 log(-1, "[invalid] "); 2359 break; 2360 } 2361 authproto = (p[2] << 8) + p[3]; 2362 if (authproto == PPP_CHAP && p[1] != 5) { 2363 if (debug) 2364 log(-1, "[invalid chap len] "); 2365 break; 2366 } 2367 if (sp->myauth.proto == 0) { 2368 /* we are not configured to do auth */ 2369 if (debug) 2370 log(-1, "[not configured] "); 2371 break; 2372 } 2373 /* 2374 * Remote want us to authenticate, remember this, 2375 * so we stay in PHASE_AUTHENTICATE after LCP got 2376 * up. 2377 */ 2378 sp->pp_flags |= PP_NEEDAUTH; 2379 continue; 2380 default: 2381 /* Others not supported. */ 2382 if (debug) 2383 log(-1, "[rej] "); 2384 break; 2385 } 2386 /* Add the option to rejected list. */ 2387 bcopy (p, r, p[1]); 2388 r += p[1]; 2389 rlen += p[1]; 2390 } 2391 if (rlen) { 2392 if (debug) 2393 log(-1, " send conf-rej\n"); 2394 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2395 return 0; 2396 } else if (debug) 2397 log(-1, "\n"); 2398 2399 /* 2400 * pass 2: check for option values that are unacceptable and 2401 * thus require to be nak'ed. 2402 */ 2403 if (debug) 2404 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2405 SPP_ARGS(ifp)); 2406 2407 p = (void*) (h+1); 2408 len = origlen; 2409 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2410 len-=p[1], p+=p[1]) { 2411 if (debug) 2412 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2413 switch (*p) { 2414 case LCP_OPT_MAGIC: 2415 /* Magic number -- extract. */ 2416 nmagic = (u_long)p[2] << 24 | 2417 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2418 if (nmagic != sp->lcp.magic) { 2419 sp->pp_loopcnt = 0; 2420 if (debug) 2421 log(-1, "0x%lx ", nmagic); 2422 continue; 2423 } 2424 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2425 log(-1, "[glitch] "); 2426 ++sp->pp_loopcnt; 2427 /* 2428 * We negate our magic here, and NAK it. If 2429 * we see it later in an NAK packet, we 2430 * suggest a new one. 2431 */ 2432 nmagic = ~sp->lcp.magic; 2433 /* Gonna NAK it. */ 2434 p[2] = nmagic >> 24; 2435 p[3] = nmagic >> 16; 2436 p[4] = nmagic >> 8; 2437 p[5] = nmagic; 2438 break; 2439 2440 case LCP_OPT_ASYNC_MAP: 2441 /* 2442 * Async control character map -- just ignore it. 2443 * 2444 * Quote from RFC 1662, chapter 6: 2445 * To enable this functionality, synchronous PPP 2446 * implementations MUST always respond to the 2447 * Async-Control-Character-Map Configuration 2448 * Option with the LCP Configure-Ack. However, 2449 * acceptance of the Configuration Option does 2450 * not imply that the synchronous implementation 2451 * will do any ACCM mapping. Instead, all such 2452 * octet mapping will be performed by the 2453 * asynchronous-to-synchronous converter. 2454 */ 2455 continue; 2456 2457 case LCP_OPT_MRU: 2458 /* 2459 * Maximum receive unit. Always agreeable, 2460 * but ignored by now. 2461 */ 2462 sp->lcp.their_mru = p[2] * 256 + p[3]; 2463 if (debug) 2464 log(-1, "%lu ", sp->lcp.their_mru); 2465 continue; 2466 2467 case LCP_OPT_AUTH_PROTO: 2468 authproto = (p[2] << 8) + p[3]; 2469 if (sp->myauth.proto != authproto) { 2470 /* not agreed, nak */ 2471 if (debug) 2472 log(-1, "[mine %s != his %s] ", 2473 sppp_proto_name(sp->hisauth.proto), 2474 sppp_proto_name(authproto)); 2475 p[2] = sp->myauth.proto >> 8; 2476 p[3] = sp->myauth.proto; 2477 break; 2478 } 2479 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2480 if (debug) 2481 log(-1, "[chap not MD5] "); 2482 p[4] = CHAP_MD5; 2483 break; 2484 } 2485 continue; 2486 } 2487 /* Add the option to nak'ed list. */ 2488 bcopy (p, r, p[1]); 2489 r += p[1]; 2490 rlen += p[1]; 2491 } 2492 if (rlen) { 2493 /* 2494 * Local and remote magics equal -- loopback? 2495 */ 2496 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2497 if (sp->pp_loopcnt == MAXALIVECNT*5) 2498 printf (SPP_FMT "loopback\n", 2499 SPP_ARGS(ifp)); 2500 if (ifp->if_flags & IFF_UP) { 2501 if_down(ifp); 2502 sppp_qflush(&sp->pp_cpq); 2503 /* XXX ? */ 2504 lcp.Down(sp); 2505 lcp.Up(sp); 2506 } 2507 } else if (!sp->pp_loopcnt && 2508 ++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2509 if (debug) 2510 log(-1, " max_failure (%d) exceeded, " 2511 "send conf-rej\n", 2512 sp->lcp.max_failure); 2513 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2514 } else { 2515 if (debug) 2516 log(-1, " send conf-nak\n"); 2517 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2518 } 2519 } else { 2520 if (debug) 2521 log(-1, " send conf-ack\n"); 2522 sp->fail_counter[IDX_LCP] = 0; 2523 sp->pp_loopcnt = 0; 2524 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2525 h->ident, origlen, h+1); 2526 } 2527 2528 free (buf, M_TEMP); 2529 return (rlen == 0); 2530} 2531 2532/* 2533 * Analyze the LCP Configure-Reject option list, and adjust our 2534 * negotiation. 2535 */ 2536static void 2537sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2538{ 2539 STDDCL; 2540 u_char *buf, *p; 2541 2542 len -= 4; 2543 buf = malloc (len, M_TEMP, M_NOWAIT); 2544 if (!buf) 2545 return; 2546 2547 if (debug) 2548 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2549 SPP_ARGS(ifp)); 2550 2551 p = (void*) (h+1); 2552 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 2553 len -= p[1], p += p[1]) { 2554 if (debug) 2555 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2556 switch (*p) { 2557 case LCP_OPT_MAGIC: 2558 /* Magic number -- can't use it, use 0 */ 2559 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2560 sp->lcp.magic = 0; 2561 break; 2562 case LCP_OPT_MRU: 2563 /* 2564 * Should not be rejected anyway, since we only 2565 * negotiate a MRU if explicitly requested by 2566 * peer. 2567 */ 2568 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2569 break; 2570 case LCP_OPT_AUTH_PROTO: 2571 /* 2572 * Peer doesn't want to authenticate himself, 2573 * deny unless this is a dialout call, and 2574 * AUTHFLAG_NOCALLOUT is set. 2575 */ 2576 if ((sp->pp_flags & PP_CALLIN) == 0 && 2577 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2578 if (debug) 2579 log(-1, "[don't insist on auth " 2580 "for callout]"); 2581 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2582 break; 2583 } 2584 if (debug) 2585 log(-1, "[access denied]\n"); 2586 lcp.Close(sp); 2587 break; 2588 } 2589 } 2590 if (debug) 2591 log(-1, "\n"); 2592 free (buf, M_TEMP); 2593 return; 2594} 2595 2596/* 2597 * Analyze the LCP Configure-NAK option list, and adjust our 2598 * negotiation. 2599 */ 2600static void 2601sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2602{ 2603 STDDCL; 2604 u_char *buf, *p; 2605 u_long magic; 2606 2607 len -= 4; 2608 buf = malloc (len, M_TEMP, M_NOWAIT); 2609 if (!buf) 2610 return; 2611 2612 if (debug) 2613 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2614 SPP_ARGS(ifp)); 2615 2616 p = (void*) (h+1); 2617 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 2618 len -= p[1], p += p[1]) { 2619 if (debug) 2620 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2621 switch (*p) { 2622 case LCP_OPT_MAGIC: 2623 /* Magic number -- renegotiate */ 2624 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2625 len >= 6 && p[1] == 6) { 2626 magic = (u_long)p[2] << 24 | 2627 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2628 /* 2629 * If the remote magic is our negated one, 2630 * this looks like a loopback problem. 2631 * Suggest a new magic to make sure. 2632 */ 2633 if (magic == ~sp->lcp.magic) { 2634 if (debug) 2635 log(-1, "magic glitch "); 2636 sp->lcp.magic = random(); 2637 } else { 2638 sp->lcp.magic = magic; 2639 if (debug) 2640 log(-1, "%lu ", magic); 2641 } 2642 } 2643 break; 2644 case LCP_OPT_MRU: 2645 /* 2646 * Peer wants to advise us to negotiate an MRU. 2647 * Agree on it if it's reasonable, or use 2648 * default otherwise. 2649 */ 2650 if (len >= 4 && p[1] == 4) { 2651 u_int mru = p[2] * 256 + p[3]; 2652 if (debug) 2653 log(-1, "%d ", mru); 2654 if (mru < PP_MTU || mru > PP_MAX_MRU) 2655 mru = PP_MTU; 2656 sp->lcp.mru = mru; 2657 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2658 } 2659 break; 2660 case LCP_OPT_AUTH_PROTO: 2661 /* 2662 * Peer doesn't like our authentication method, 2663 * deny. 2664 */ 2665 if (debug) 2666 log(-1, "[access denied]\n"); 2667 lcp.Close(sp); 2668 break; 2669 } 2670 } 2671 if (debug) 2672 log(-1, "\n"); 2673 free (buf, M_TEMP); 2674 return; 2675} 2676 2677static void 2678sppp_lcp_tlu(struct sppp *sp) 2679{ 2680 STDDCL; 2681 int i; 2682 u_long mask; 2683 2684 /* XXX ? */ 2685 if (! (ifp->if_flags & IFF_UP) && 2686 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 2687 /* Coming out of loopback mode. */ 2688 if_up(ifp); 2689 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2690 } 2691 2692 for (i = 0; i < IDX_COUNT; i++) 2693 if ((cps[i])->flags & CP_QUAL) 2694 (cps[i])->Open(sp); 2695 2696 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2697 (sp->pp_flags & PP_NEEDAUTH) != 0) 2698 sp->pp_phase = PHASE_AUTHENTICATE; 2699 else 2700 sp->pp_phase = PHASE_NETWORK; 2701 2702 if (debug) 2703 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2704 sppp_phase_name(sp->pp_phase)); 2705 2706 /* 2707 * Open all authentication protocols. This is even required 2708 * if we already proceeded to network phase, since it might be 2709 * that remote wants us to authenticate, so we might have to 2710 * send a PAP request. Undesired authentication protocols 2711 * don't do anything when they get an Open event. 2712 */ 2713 for (i = 0; i < IDX_COUNT; i++) 2714 if ((cps[i])->flags & CP_AUTH) 2715 (cps[i])->Open(sp); 2716 2717 if (sp->pp_phase == PHASE_NETWORK) { 2718 /* Notify all NCPs. */ 2719 for (i = 0; i < IDX_COUNT; i++) 2720 if (((cps[i])->flags & CP_NCP) && 2721 /* 2722 * XXX 2723 * Hack to administratively disable IPv6 if 2724 * not desired. Perhaps we should have another 2725 * flag for this, but right now, we can make 2726 * all struct cp's read/only. 2727 */ 2728 (cps[i] != &ipv6cp || 2729 (sp->confflags & CONF_ENABLE_IPV6))) 2730 (cps[i])->Open(sp); 2731 } 2732 2733 /* Send Up events to all started protos. */ 2734 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2735 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2736 (cps[i])->Up(sp); 2737 2738 /* notify low-level driver of state change */ 2739 if (sp->pp_chg) 2740 sp->pp_chg(sp, (int)sp->pp_phase); 2741 2742 if (sp->pp_phase == PHASE_NETWORK) 2743 /* if no NCP is starting, close down */ 2744 sppp_lcp_check_and_close(sp); 2745} 2746 2747static void 2748sppp_lcp_tld(struct sppp *sp) 2749{ 2750 STDDCL; 2751 int i; 2752 u_long mask; 2753 2754 sp->pp_phase = PHASE_TERMINATE; 2755 2756 if (debug) 2757 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2758 sppp_phase_name(sp->pp_phase)); 2759 2760 /* 2761 * Take upper layers down. We send the Down event first and 2762 * the Close second to prevent the upper layers from sending 2763 * ``a flurry of terminate-request packets'', as the RFC 2764 * describes it. 2765 */ 2766 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2767 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2768 (cps[i])->Down(sp); 2769 (cps[i])->Close(sp); 2770 } 2771} 2772 2773static void 2774sppp_lcp_tls(struct sppp *sp) 2775{ 2776 STDDCL; 2777 2778 sp->pp_phase = PHASE_ESTABLISH; 2779 2780 if (debug) 2781 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2782 sppp_phase_name(sp->pp_phase)); 2783 2784 /* Notify lower layer if desired. */ 2785 if (sp->pp_tls) 2786 (sp->pp_tls)(sp); 2787 else 2788 (sp->pp_up)(sp); 2789} 2790 2791static void 2792sppp_lcp_tlf(struct sppp *sp) 2793{ 2794 STDDCL; 2795 2796 sp->pp_phase = PHASE_DEAD; 2797 if (debug) 2798 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2799 sppp_phase_name(sp->pp_phase)); 2800 2801 /* Notify lower layer if desired. */ 2802 if (sp->pp_tlf) 2803 (sp->pp_tlf)(sp); 2804 else 2805 (sp->pp_down)(sp); 2806} 2807 2808static void 2809sppp_lcp_scr(struct sppp *sp) 2810{ 2811 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2812 int i = 0; 2813 u_short authproto; 2814 2815 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2816 if (! sp->lcp.magic) 2817 sp->lcp.magic = random(); 2818 opt[i++] = LCP_OPT_MAGIC; 2819 opt[i++] = 6; 2820 opt[i++] = sp->lcp.magic >> 24; 2821 opt[i++] = sp->lcp.magic >> 16; 2822 opt[i++] = sp->lcp.magic >> 8; 2823 opt[i++] = sp->lcp.magic; 2824 } 2825 2826 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2827 opt[i++] = LCP_OPT_MRU; 2828 opt[i++] = 4; 2829 opt[i++] = sp->lcp.mru >> 8; 2830 opt[i++] = sp->lcp.mru; 2831 } 2832 2833 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2834 authproto = sp->hisauth.proto; 2835 opt[i++] = LCP_OPT_AUTH_PROTO; 2836 opt[i++] = authproto == PPP_CHAP? 5: 4; 2837 opt[i++] = authproto >> 8; 2838 opt[i++] = authproto; 2839 if (authproto == PPP_CHAP) 2840 opt[i++] = CHAP_MD5; 2841 } 2842 2843 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2844 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2845} 2846 2847/* 2848 * Check the open NCPs, return true if at least one NCP is open. 2849 */ 2850static int 2851sppp_ncp_check(struct sppp *sp) 2852{ 2853 int i, mask; 2854 2855 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2856 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2857 return 1; 2858 return 0; 2859} 2860 2861/* 2862 * Re-check the open NCPs and see if we should terminate the link. 2863 * Called by the NCPs during their tlf action handling. 2864 */ 2865static void 2866sppp_lcp_check_and_close(struct sppp *sp) 2867{ 2868 2869 if (sp->pp_phase < PHASE_NETWORK) 2870 /* don't bother, we are already going down */ 2871 return; 2872 2873 if (sppp_ncp_check(sp)) 2874 return; 2875 2876 lcp.Close(sp); 2877} 2878 2879/* 2880 *--------------------------------------------------------------------------* 2881 * * 2882 * The IPCP implementation. * 2883 * * 2884 *--------------------------------------------------------------------------* 2885 */ 2886 2887static void 2888sppp_ipcp_init(struct sppp *sp) 2889{ 2890 sp->ipcp.opts = 0; 2891 sp->ipcp.flags = 0; 2892 sp->state[IDX_IPCP] = STATE_INITIAL; 2893 sp->fail_counter[IDX_IPCP] = 0; 2894 sp->pp_seq[IDX_IPCP] = 0; 2895 sp->pp_rseq[IDX_IPCP] = 0; 2896 callout_init(&sp->ch[IDX_IPCP], 2897 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 2898} 2899 2900static void 2901sppp_ipcp_up(struct sppp *sp) 2902{ 2903 sppp_up_event(&ipcp, sp); 2904} 2905 2906static void 2907sppp_ipcp_down(struct sppp *sp) 2908{ 2909 sppp_down_event(&ipcp, sp); 2910} 2911 2912static void 2913sppp_ipcp_open(struct sppp *sp) 2914{ 2915 STDDCL; 2916 u_long myaddr, hisaddr; 2917 2918 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN | 2919 IPCP_MYADDR_DYN | IPCP_VJ); 2920 sp->ipcp.opts = 0; 2921 2922 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2923 /* 2924 * If we don't have his address, this probably means our 2925 * interface doesn't want to talk IP at all. (This could 2926 * be the case if somebody wants to speak only IPX, for 2927 * example.) Don't open IPCP in this case. 2928 */ 2929 if (hisaddr == 0L) { 2930 /* XXX this message should go away */ 2931 if (debug) 2932 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2933 SPP_ARGS(ifp)); 2934 return; 2935 } 2936 if (myaddr == 0L) { 2937 /* 2938 * I don't have an assigned address, so i need to 2939 * negotiate my address. 2940 */ 2941 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2942 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2943 } else 2944 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2945 if (sp->confflags & CONF_ENABLE_VJ) { 2946 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION); 2947 sp->ipcp.max_state = MAX_STATES - 1; 2948 sp->ipcp.compress_cid = 1; 2949 } 2950 sppp_open_event(&ipcp, sp); 2951} 2952 2953static void 2954sppp_ipcp_close(struct sppp *sp) 2955{ 2956 sppp_close_event(&ipcp, sp); 2957 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2958 /* 2959 * My address was dynamic, clear it again. 2960 */ 2961 sppp_set_ip_addr(sp, 0L); 2962} 2963 2964static void 2965sppp_ipcp_TO(void *cookie) 2966{ 2967 sppp_to_event(&ipcp, (struct sppp *)cookie); 2968} 2969 2970/* 2971 * Analyze a configure request. Return true if it was agreeable, and 2972 * caused action sca, false if it has been rejected or nak'ed, and 2973 * caused action scn. (The return value is used to make the state 2974 * transition decision in the state automaton.) 2975 */ 2976static int 2977sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2978{ 2979 u_char *buf, *r, *p; 2980 struct ifnet *ifp = SP2IFP(sp); 2981 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2982 u_long hisaddr, desiredaddr; 2983 int gotmyaddr = 0; 2984 int desiredcomp; 2985 2986 len -= 4; 2987 origlen = len; 2988 /* 2989 * Make sure to allocate a buf that can at least hold a 2990 * conf-nak with an `address' option. We might need it below. 2991 */ 2992 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2993 if (! buf) 2994 return (0); 2995 2996 /* pass 1: see if we can recognize them */ 2997 if (debug) 2998 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2999 SPP_ARGS(ifp)); 3000 p = (void*) (h+1); 3001 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3002 len-=p[1], p+=p[1]) { 3003 if (debug) 3004 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3005 switch (*p) { 3006 case IPCP_OPT_COMPRESSION: 3007 if (!(sp->confflags & CONF_ENABLE_VJ)) { 3008 /* VJ compression administratively disabled */ 3009 if (debug) 3010 log(-1, "[locally disabled] "); 3011 break; 3012 } 3013 /* 3014 * In theory, we should only conf-rej an 3015 * option that is shorter than RFC 1618 3016 * requires (i.e. < 4), and should conf-nak 3017 * anything else that is not VJ. However, 3018 * since our algorithm always uses the 3019 * original option to NAK it with new values, 3020 * things would become more complicated. In 3021 * pratice, the only commonly implemented IP 3022 * compression option is VJ anyway, so the 3023 * difference is negligible. 3024 */ 3025 if (len >= 6 && p[1] == 6) { 3026 /* 3027 * correctly formed compression option 3028 * that could be VJ compression 3029 */ 3030 continue; 3031 } 3032 if (debug) 3033 log(-1, 3034 "optlen %d [invalid/unsupported] ", 3035 p[1]); 3036 break; 3037 case IPCP_OPT_ADDRESS: 3038 if (len >= 6 && p[1] == 6) { 3039 /* correctly formed address option */ 3040 continue; 3041 } 3042 if (debug) 3043 log(-1, "[invalid] "); 3044 break; 3045 default: 3046 /* Others not supported. */ 3047 if (debug) 3048 log(-1, "[rej] "); 3049 break; 3050 } 3051 /* Add the option to rejected list. */ 3052 bcopy (p, r, p[1]); 3053 r += p[1]; 3054 rlen += p[1]; 3055 } 3056 if (rlen) { 3057 if (debug) 3058 log(-1, " send conf-rej\n"); 3059 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 3060 return 0; 3061 } else if (debug) 3062 log(-1, "\n"); 3063 3064 /* pass 2: parse option values */ 3065 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 3066 if (debug) 3067 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 3068 SPP_ARGS(ifp)); 3069 p = (void*) (h+1); 3070 len = origlen; 3071 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3072 len-=p[1], p+=p[1]) { 3073 if (debug) 3074 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3075 switch (*p) { 3076 case IPCP_OPT_COMPRESSION: 3077 desiredcomp = p[2] << 8 | p[3]; 3078 /* We only support VJ */ 3079 if (desiredcomp == IPCP_COMP_VJ) { 3080 if (debug) 3081 log(-1, "VJ [ack] "); 3082 sp->ipcp.flags |= IPCP_VJ; 3083 sl_compress_init(sp->pp_comp, p[4]); 3084 sp->ipcp.max_state = p[4]; 3085 sp->ipcp.compress_cid = p[5]; 3086 continue; 3087 } 3088 if (debug) 3089 log(-1, 3090 "compproto %#04x [not supported] ", 3091 desiredcomp); 3092 p[2] = IPCP_COMP_VJ >> 8; 3093 p[3] = IPCP_COMP_VJ; 3094 p[4] = sp->ipcp.max_state; 3095 p[5] = sp->ipcp.compress_cid; 3096 break; 3097 case IPCP_OPT_ADDRESS: 3098 /* This is the address he wants in his end */ 3099 desiredaddr = p[2] << 24 | p[3] << 16 | 3100 p[4] << 8 | p[5]; 3101 if (desiredaddr == hisaddr || 3102 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) { 3103 /* 3104 * Peer's address is same as our value, 3105 * or we have set it to 0.0.0.* to 3106 * indicate that we do not really care, 3107 * this is agreeable. Gonna conf-ack 3108 * it. 3109 */ 3110 if (debug) 3111 log(-1, "%s [ack] ", 3112 sppp_dotted_quad(hisaddr)); 3113 /* record that we've seen it already */ 3114 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3115 continue; 3116 } 3117 /* 3118 * The address wasn't agreeable. This is either 3119 * he sent us 0.0.0.0, asking to assign him an 3120 * address, or he send us another address not 3121 * matching our value. Either case, we gonna 3122 * conf-nak it with our value. 3123 * XXX: we should "rej" if hisaddr == 0 3124 */ 3125 if (debug) { 3126 if (desiredaddr == 0) 3127 log(-1, "[addr requested] "); 3128 else 3129 log(-1, "%s [not agreed] ", 3130 sppp_dotted_quad(desiredaddr)); 3131 3132 } 3133 p[2] = hisaddr >> 24; 3134 p[3] = hisaddr >> 16; 3135 p[4] = hisaddr >> 8; 3136 p[5] = hisaddr; 3137 break; 3138 } 3139 /* Add the option to nak'ed list. */ 3140 bcopy (p, r, p[1]); 3141 r += p[1]; 3142 rlen += p[1]; 3143 } 3144 3145 /* 3146 * If we are about to conf-ack the request, but haven't seen 3147 * his address so far, gonna conf-nak it instead, with the 3148 * `address' option present and our idea of his address being 3149 * filled in there, to request negotiation of both addresses. 3150 * 3151 * XXX This can result in an endless req - nak loop if peer 3152 * doesn't want to send us his address. Q: What should we do 3153 * about it? XXX A: implement the max-failure counter. 3154 */ 3155 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 3156 buf[0] = IPCP_OPT_ADDRESS; 3157 buf[1] = 6; 3158 buf[2] = hisaddr >> 24; 3159 buf[3] = hisaddr >> 16; 3160 buf[4] = hisaddr >> 8; 3161 buf[5] = hisaddr; 3162 rlen = 6; 3163 if (debug) 3164 log(-1, "still need hisaddr "); 3165 } 3166 3167 if (rlen) { 3168 if (debug) 3169 log(-1, " send conf-nak\n"); 3170 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3171 } else { 3172 if (debug) 3173 log(-1, " send conf-ack\n"); 3174 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 3175 h->ident, origlen, h+1); 3176 } 3177 3178 free (buf, M_TEMP); 3179 return (rlen == 0); 3180} 3181 3182/* 3183 * Analyze the IPCP Configure-Reject option list, and adjust our 3184 * negotiation. 3185 */ 3186static void 3187sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3188{ 3189 u_char *buf, *p; 3190 struct ifnet *ifp = SP2IFP(sp); 3191 int debug = ifp->if_flags & IFF_DEBUG; 3192 3193 len -= 4; 3194 buf = malloc (len, M_TEMP, M_NOWAIT); 3195 if (!buf) 3196 return; 3197 3198 if (debug) 3199 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 3200 SPP_ARGS(ifp)); 3201 3202 p = (void*) (h+1); 3203 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3204 len -= p[1], p += p[1]) { 3205 if (debug) 3206 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3207 switch (*p) { 3208 case IPCP_OPT_COMPRESSION: 3209 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION); 3210 break; 3211 case IPCP_OPT_ADDRESS: 3212 /* 3213 * Peer doesn't grok address option. This is 3214 * bad. XXX Should we better give up here? 3215 * XXX We could try old "addresses" option... 3216 */ 3217 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3218 break; 3219 } 3220 } 3221 if (debug) 3222 log(-1, "\n"); 3223 free (buf, M_TEMP); 3224 return; 3225} 3226 3227/* 3228 * Analyze the IPCP Configure-NAK option list, and adjust our 3229 * negotiation. 3230 */ 3231static void 3232sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3233{ 3234 u_char *buf, *p; 3235 struct ifnet *ifp = SP2IFP(sp); 3236 int debug = ifp->if_flags & IFF_DEBUG; 3237 int desiredcomp; 3238 u_long wantaddr; 3239 3240 len -= 4; 3241 buf = malloc (len, M_TEMP, M_NOWAIT); 3242 if (!buf) 3243 return; 3244 3245 if (debug) 3246 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 3247 SPP_ARGS(ifp)); 3248 3249 p = (void*) (h+1); 3250 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3251 len -= p[1], p += p[1]) { 3252 if (debug) 3253 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3254 switch (*p) { 3255 case IPCP_OPT_COMPRESSION: 3256 if (len >= 6 && p[1] == 6) { 3257 desiredcomp = p[2] << 8 | p[3]; 3258 if (debug) 3259 log(-1, "[wantcomp %#04x] ", 3260 desiredcomp); 3261 if (desiredcomp == IPCP_COMP_VJ) { 3262 sl_compress_init(sp->pp_comp, p[4]); 3263 sp->ipcp.max_state = p[4]; 3264 sp->ipcp.compress_cid = p[5]; 3265 if (debug) 3266 log(-1, "[agree] "); 3267 } else 3268 sp->ipcp.opts &= 3269 ~(1 << IPCP_OPT_COMPRESSION); 3270 } 3271 break; 3272 case IPCP_OPT_ADDRESS: 3273 /* 3274 * Peer doesn't like our local IP address. See 3275 * if we can do something for him. We'll drop 3276 * him our address then. 3277 */ 3278 if (len >= 6 && p[1] == 6) { 3279 wantaddr = p[2] << 24 | p[3] << 16 | 3280 p[4] << 8 | p[5]; 3281 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3282 if (debug) 3283 log(-1, "[wantaddr %s] ", 3284 sppp_dotted_quad(wantaddr)); 3285 /* 3286 * When doing dynamic address assignment, 3287 * we accept his offer. Otherwise, we 3288 * ignore it and thus continue to negotiate 3289 * our already existing value. 3290 * XXX: Bogus, if he said no once, he'll 3291 * just say no again, might as well die. 3292 */ 3293 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3294 sppp_set_ip_addr(sp, wantaddr); 3295 if (debug) 3296 log(-1, "[agree] "); 3297 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3298 } 3299 } 3300 break; 3301 } 3302 } 3303 if (debug) 3304 log(-1, "\n"); 3305 free (buf, M_TEMP); 3306 return; 3307} 3308 3309static void 3310sppp_ipcp_tlu(struct sppp *sp) 3311{ 3312 /* we are up - notify isdn daemon */ 3313 if (sp->pp_con) 3314 sp->pp_con(sp); 3315} 3316 3317static void 3318sppp_ipcp_tld(struct sppp *sp) 3319{ 3320} 3321 3322static void 3323sppp_ipcp_tls(struct sppp *sp) 3324{ 3325 /* indicate to LCP that it must stay alive */ 3326 sp->lcp.protos |= (1 << IDX_IPCP); 3327} 3328 3329static void 3330sppp_ipcp_tlf(struct sppp *sp) 3331{ 3332 /* we no longer need LCP */ 3333 sp->lcp.protos &= ~(1 << IDX_IPCP); 3334 sppp_lcp_check_and_close(sp); 3335} 3336 3337static void 3338sppp_ipcp_scr(struct sppp *sp) 3339{ 3340 char opt[6 /* compression */ + 6 /* address */]; 3341 u_long ouraddr; 3342 int i = 0; 3343 3344 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3345 opt[i++] = IPCP_OPT_COMPRESSION; 3346 opt[i++] = 6; 3347 opt[i++] = IPCP_COMP_VJ >> 8; 3348 opt[i++] = IPCP_COMP_VJ; 3349 opt[i++] = sp->ipcp.max_state; 3350 opt[i++] = sp->ipcp.compress_cid; 3351 } 3352 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3353 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3354 opt[i++] = IPCP_OPT_ADDRESS; 3355 opt[i++] = 6; 3356 opt[i++] = ouraddr >> 24; 3357 opt[i++] = ouraddr >> 16; 3358 opt[i++] = ouraddr >> 8; 3359 opt[i++] = ouraddr; 3360 } 3361 3362 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3363 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3364} 3365 3366/* 3367 *--------------------------------------------------------------------------* 3368 * * 3369 * The IPv6CP implementation. * 3370 * * 3371 *--------------------------------------------------------------------------* 3372 */ 3373 3374#ifdef INET6 3375static void 3376sppp_ipv6cp_init(struct sppp *sp) 3377{ 3378 sp->ipv6cp.opts = 0; 3379 sp->ipv6cp.flags = 0; 3380 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3381 sp->fail_counter[IDX_IPV6CP] = 0; 3382 sp->pp_seq[IDX_IPV6CP] = 0; 3383 sp->pp_rseq[IDX_IPV6CP] = 0; 3384 callout_init(&sp->ch[IDX_IPV6CP], 3385 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 3386} 3387 3388static void 3389sppp_ipv6cp_up(struct sppp *sp) 3390{ 3391 sppp_up_event(&ipv6cp, sp); 3392} 3393 3394static void 3395sppp_ipv6cp_down(struct sppp *sp) 3396{ 3397 sppp_down_event(&ipv6cp, sp); 3398} 3399 3400static void 3401sppp_ipv6cp_open(struct sppp *sp) 3402{ 3403 STDDCL; 3404 struct in6_addr myaddr, hisaddr; 3405 3406#ifdef IPV6CP_MYIFID_DYN 3407 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3408#else 3409 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3410#endif 3411 3412 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3413 /* 3414 * If we don't have our address, this probably means our 3415 * interface doesn't want to talk IPv6 at all. (This could 3416 * be the case if somebody wants to speak only IPX, for 3417 * example.) Don't open IPv6CP in this case. 3418 */ 3419 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3420 /* XXX this message should go away */ 3421 if (debug) 3422 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3423 SPP_ARGS(ifp)); 3424 return; 3425 } 3426 3427 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3428 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3429 sppp_open_event(&ipv6cp, sp); 3430} 3431 3432static void 3433sppp_ipv6cp_close(struct sppp *sp) 3434{ 3435 sppp_close_event(&ipv6cp, sp); 3436} 3437 3438static void 3439sppp_ipv6cp_TO(void *cookie) 3440{ 3441 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3442} 3443 3444/* 3445 * Analyze a configure request. Return true if it was agreeable, and 3446 * caused action sca, false if it has been rejected or nak'ed, and 3447 * caused action scn. (The return value is used to make the state 3448 * transition decision in the state automaton.) 3449 */ 3450static int 3451sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3452{ 3453 u_char *buf, *r, *p; 3454 struct ifnet *ifp = SP2IFP(sp); 3455 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3456 struct in6_addr myaddr, desiredaddr, suggestaddr; 3457 int ifidcount; 3458 int type; 3459 int collision, nohisaddr; 3460 char ip6buf[INET6_ADDRSTRLEN]; 3461 3462 len -= 4; 3463 origlen = len; 3464 /* 3465 * Make sure to allocate a buf that can at least hold a 3466 * conf-nak with an `address' option. We might need it below. 3467 */ 3468 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3469 if (! buf) 3470 return (0); 3471 3472 /* pass 1: see if we can recognize them */ 3473 if (debug) 3474 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3475 SPP_ARGS(ifp)); 3476 p = (void*) (h+1); 3477 ifidcount = 0; 3478 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3479 len-=p[1], p+=p[1]) { 3480 if (debug) 3481 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3482 switch (*p) { 3483 case IPV6CP_OPT_IFID: 3484 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3485 /* correctly formed address option */ 3486 ifidcount++; 3487 continue; 3488 } 3489 if (debug) 3490 log(-1, " [invalid]"); 3491 break; 3492#ifdef notyet 3493 case IPV6CP_OPT_COMPRESSION: 3494 if (len >= 4 && p[1] >= 4) { 3495 /* correctly formed compress option */ 3496 continue; 3497 } 3498 if (debug) 3499 log(-1, " [invalid]"); 3500 break; 3501#endif 3502 default: 3503 /* Others not supported. */ 3504 if (debug) 3505 log(-1, " [rej]"); 3506 break; 3507 } 3508 /* Add the option to rejected list. */ 3509 bcopy (p, r, p[1]); 3510 r += p[1]; 3511 rlen += p[1]; 3512 } 3513 if (rlen) { 3514 if (debug) 3515 log(-1, " send conf-rej\n"); 3516 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3517 goto end; 3518 } else if (debug) 3519 log(-1, "\n"); 3520 3521 /* pass 2: parse option values */ 3522 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3523 if (debug) 3524 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3525 SPP_ARGS(ifp)); 3526 p = (void*) (h+1); 3527 len = origlen; 3528 type = CONF_ACK; 3529 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3530 len-=p[1], p+=p[1]) { 3531 if (debug) 3532 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3533 switch (*p) { 3534#ifdef notyet 3535 case IPV6CP_OPT_COMPRESSION: 3536 continue; 3537#endif 3538 case IPV6CP_OPT_IFID: 3539 bzero(&desiredaddr, sizeof(desiredaddr)); 3540 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3541 collision = (bcmp(&desiredaddr.s6_addr[8], 3542 &myaddr.s6_addr[8], 8) == 0); 3543 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3544 3545 desiredaddr.s6_addr16[0] = htons(0xfe80); 3546 (void)in6_setscope(&desiredaddr, SP2IFP(sp), NULL); 3547 3548 if (!collision && !nohisaddr) { 3549 /* no collision, hisaddr known - Conf-Ack */ 3550 type = CONF_ACK; 3551 3552 if (debug) { 3553 log(-1, " %s [%s]", 3554 ip6_sprintf(ip6buf, &desiredaddr), 3555 sppp_cp_type_name(type)); 3556 } 3557 continue; 3558 } 3559 3560 bzero(&suggestaddr, sizeof(&suggestaddr)); 3561 if (collision && nohisaddr) { 3562 /* collision, hisaddr unknown - Conf-Rej */ 3563 type = CONF_REJ; 3564 bzero(&p[2], 8); 3565 } else { 3566 /* 3567 * - no collision, hisaddr unknown, or 3568 * - collision, hisaddr known 3569 * Conf-Nak, suggest hisaddr 3570 */ 3571 type = CONF_NAK; 3572 sppp_suggest_ip6_addr(sp, &suggestaddr); 3573 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3574 } 3575 if (debug) 3576 log(-1, " %s [%s]", 3577 ip6_sprintf(ip6buf, &desiredaddr), 3578 sppp_cp_type_name(type)); 3579 break; 3580 } 3581 /* Add the option to nak'ed list. */ 3582 bcopy (p, r, p[1]); 3583 r += p[1]; 3584 rlen += p[1]; 3585 } 3586 3587 if (rlen == 0 && type == CONF_ACK) { 3588 if (debug) 3589 log(-1, " send %s\n", sppp_cp_type_name(type)); 3590 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3591 } else { 3592#ifdef DIAGNOSTIC 3593 if (type == CONF_ACK) 3594 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3595#endif 3596 3597 if (debug) { 3598 log(-1, " send %s suggest %s\n", 3599 sppp_cp_type_name(type), 3600 ip6_sprintf(ip6buf, &suggestaddr)); 3601 } 3602 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3603 } 3604 3605 end: 3606 free (buf, M_TEMP); 3607 return (rlen == 0); 3608} 3609 3610/* 3611 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3612 * negotiation. 3613 */ 3614static void 3615sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3616{ 3617 u_char *buf, *p; 3618 struct ifnet *ifp = SP2IFP(sp); 3619 int debug = ifp->if_flags & IFF_DEBUG; 3620 3621 len -= 4; 3622 buf = malloc (len, M_TEMP, M_NOWAIT); 3623 if (!buf) 3624 return; 3625 3626 if (debug) 3627 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3628 SPP_ARGS(ifp)); 3629 3630 p = (void*) (h+1); 3631 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3632 len -= p[1], p += p[1]) { 3633 if (debug) 3634 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3635 switch (*p) { 3636 case IPV6CP_OPT_IFID: 3637 /* 3638 * Peer doesn't grok address option. This is 3639 * bad. XXX Should we better give up here? 3640 */ 3641 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3642 break; 3643#ifdef notyet 3644 case IPV6CP_OPT_COMPRESS: 3645 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3646 break; 3647#endif 3648 } 3649 } 3650 if (debug) 3651 log(-1, "\n"); 3652 free (buf, M_TEMP); 3653 return; 3654} 3655 3656/* 3657 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3658 * negotiation. 3659 */ 3660static void 3661sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3662{ 3663 u_char *buf, *p; 3664 struct ifnet *ifp = SP2IFP(sp); 3665 int debug = ifp->if_flags & IFF_DEBUG; 3666 struct in6_addr suggestaddr; 3667 char ip6buf[INET6_ADDRSTRLEN]; 3668 3669 len -= 4; 3670 buf = malloc (len, M_TEMP, M_NOWAIT); 3671 if (!buf) 3672 return; 3673 3674 if (debug) 3675 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3676 SPP_ARGS(ifp)); 3677 3678 p = (void*) (h+1); 3679 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3680 len -= p[1], p += p[1]) { 3681 if (debug) 3682 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3683 switch (*p) { 3684 case IPV6CP_OPT_IFID: 3685 /* 3686 * Peer doesn't like our local ifid. See 3687 * if we can do something for him. We'll drop 3688 * him our address then. 3689 */ 3690 if (len < 10 || p[1] != 10) 3691 break; 3692 bzero(&suggestaddr, sizeof(suggestaddr)); 3693 suggestaddr.s6_addr16[0] = htons(0xfe80); 3694 (void)in6_setscope(&suggestaddr, SP2IFP(sp), NULL); 3695 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3696 3697 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3698 if (debug) 3699 log(-1, " [suggestaddr %s]", 3700 ip6_sprintf(ip6buf, &suggestaddr)); 3701#ifdef IPV6CP_MYIFID_DYN 3702 /* 3703 * When doing dynamic address assignment, 3704 * we accept his offer. 3705 */ 3706 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3707 struct in6_addr lastsuggest; 3708 /* 3709 * If <suggested myaddr from peer> equals to 3710 * <hisaddr we have suggested last time>, 3711 * we have a collision. generate new random 3712 * ifid. 3713 */ 3714 sppp_suggest_ip6_addr(&lastsuggest); 3715 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3716 lastsuggest)) { 3717 if (debug) 3718 log(-1, " [random]"); 3719 sppp_gen_ip6_addr(sp, &suggestaddr); 3720 } 3721 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3722 if (debug) 3723 log(-1, " [agree]"); 3724 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3725 } 3726#else 3727 /* 3728 * Since we do not do dynamic address assignment, 3729 * we ignore it and thus continue to negotiate 3730 * our already existing value. This can possibly 3731 * go into infinite request-reject loop. 3732 * 3733 * This is not likely because we normally use 3734 * ifid based on MAC-address. 3735 * If you have no ethernet card on the node, too bad. 3736 * XXX should we use fail_counter? 3737 */ 3738#endif 3739 break; 3740#ifdef notyet 3741 case IPV6CP_OPT_COMPRESS: 3742 /* 3743 * Peer wants different compression parameters. 3744 */ 3745 break; 3746#endif 3747 } 3748 } 3749 if (debug) 3750 log(-1, "\n"); 3751 free (buf, M_TEMP); 3752 return; 3753} 3754static void 3755sppp_ipv6cp_tlu(struct sppp *sp) 3756{ 3757 /* we are up - notify isdn daemon */ 3758 if (sp->pp_con) 3759 sp->pp_con(sp); 3760} 3761 3762static void 3763sppp_ipv6cp_tld(struct sppp *sp) 3764{ 3765} 3766 3767static void 3768sppp_ipv6cp_tls(struct sppp *sp) 3769{ 3770 /* indicate to LCP that it must stay alive */ 3771 sp->lcp.protos |= (1 << IDX_IPV6CP); 3772} 3773 3774static void 3775sppp_ipv6cp_tlf(struct sppp *sp) 3776{ 3777 3778#if 0 /* need #if 0 to close IPv6CP properly */ 3779 /* we no longer need LCP */ 3780 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3781 sppp_lcp_check_and_close(sp); 3782#endif 3783} 3784 3785static void 3786sppp_ipv6cp_scr(struct sppp *sp) 3787{ 3788 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3789 struct in6_addr ouraddr; 3790 int i = 0; 3791 3792 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3793 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3794 opt[i++] = IPV6CP_OPT_IFID; 3795 opt[i++] = 10; 3796 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3797 i += 8; 3798 } 3799 3800#ifdef notyet 3801 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3802 opt[i++] = IPV6CP_OPT_COMPRESSION; 3803 opt[i++] = 4; 3804 opt[i++] = 0; /* TBD */ 3805 opt[i++] = 0; /* TBD */ 3806 /* variable length data may follow */ 3807 } 3808#endif 3809 3810 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3811 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3812} 3813#else /*INET6*/ 3814static void sppp_ipv6cp_init(struct sppp *sp) 3815{ 3816} 3817 3818static void sppp_ipv6cp_up(struct sppp *sp) 3819{ 3820} 3821 3822static void sppp_ipv6cp_down(struct sppp *sp) 3823{ 3824} 3825 3826 3827static void sppp_ipv6cp_open(struct sppp *sp) 3828{ 3829} 3830 3831static void sppp_ipv6cp_close(struct sppp *sp) 3832{ 3833} 3834 3835static void sppp_ipv6cp_TO(void *sp) 3836{ 3837} 3838 3839static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3840{ 3841 return 0; 3842} 3843 3844static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3845{ 3846} 3847 3848static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3849{ 3850} 3851 3852static void sppp_ipv6cp_tlu(struct sppp *sp) 3853{ 3854} 3855 3856static void sppp_ipv6cp_tld(struct sppp *sp) 3857{ 3858} 3859 3860static void sppp_ipv6cp_tls(struct sppp *sp) 3861{ 3862} 3863 3864static void sppp_ipv6cp_tlf(struct sppp *sp) 3865{ 3866} 3867 3868static void sppp_ipv6cp_scr(struct sppp *sp) 3869{ 3870} 3871#endif /*INET6*/ 3872 3873/* 3874 *--------------------------------------------------------------------------* 3875 * * 3876 * The CHAP implementation. * 3877 * * 3878 *--------------------------------------------------------------------------* 3879 */ 3880 3881/* 3882 * The authentication protocols don't employ a full-fledged state machine as 3883 * the control protocols do, since they do have Open and Close events, but 3884 * not Up and Down, nor are they explicitly terminated. Also, use of the 3885 * authentication protocols may be different in both directions (this makes 3886 * sense, think of a machine that never accepts incoming calls but only 3887 * calls out, it doesn't require the called party to authenticate itself). 3888 * 3889 * Our state machine for the local authentication protocol (we are requesting 3890 * the peer to authenticate) looks like: 3891 * 3892 * RCA- 3893 * +--------------------------------------------+ 3894 * V scn,tld| 3895 * +--------+ Close +---------+ RCA+ 3896 * | |<----------------------------------| |------+ 3897 * +--->| Closed | TO* | Opened | sca | 3898 * | | |-----+ +-------| |<-----+ 3899 * | +--------+ irc | | +---------+ 3900 * | ^ | | ^ 3901 * | | | | | 3902 * | | | | | 3903 * | TO-| | | | 3904 * | |tld TO+ V | | 3905 * | | +------->+ | | 3906 * | | | | | | 3907 * | +--------+ V | | 3908 * | | |<----+<--------------------+ | 3909 * | | Req- | scr | 3910 * | | Sent | | 3911 * | | | | 3912 * | +--------+ | 3913 * | RCA- | | RCA+ | 3914 * +------+ +------------------------------------------+ 3915 * scn,tld sca,irc,ict,tlu 3916 * 3917 * 3918 * with: 3919 * 3920 * Open: LCP reached authentication phase 3921 * Close: LCP reached terminate phase 3922 * 3923 * RCA+: received reply (pap-req, chap-response), acceptable 3924 * RCN: received reply (pap-req, chap-response), not acceptable 3925 * TO+: timeout with restart counter >= 0 3926 * TO-: timeout with restart counter < 0 3927 * TO*: reschedule timeout for CHAP 3928 * 3929 * scr: send request packet (none for PAP, chap-challenge) 3930 * sca: send ack packet (pap-ack, chap-success) 3931 * scn: send nak packet (pap-nak, chap-failure) 3932 * ict: initialize re-challenge timer (CHAP only) 3933 * 3934 * tlu: this-layer-up, LCP reaches network phase 3935 * tld: this-layer-down, LCP enters terminate phase 3936 * 3937 * Note that in CHAP mode, after sending a new challenge, while the state 3938 * automaton falls back into Req-Sent state, it doesn't signal a tld 3939 * event to LCP, so LCP remains in network phase. Only after not getting 3940 * any response (or after getting an unacceptable response), CHAP closes, 3941 * causing LCP to enter terminate phase. 3942 * 3943 * With PAP, there is no initial request that can be sent. The peer is 3944 * expected to send one based on the successful negotiation of PAP as 3945 * the authentication protocol during the LCP option negotiation. 3946 * 3947 * Incoming authentication protocol requests (remote requests 3948 * authentication, we are peer) don't employ a state machine at all, 3949 * they are simply answered. Some peers [Ascend P50 firmware rev 3950 * 4.50] react allergically when sending IPCP requests while they are 3951 * still in authentication phase (thereby violating the standard that 3952 * demands that these NCP packets are to be discarded), so we keep 3953 * track of the peer demanding us to authenticate, and only proceed to 3954 * phase network once we've seen a positive acknowledge for the 3955 * authentication. 3956 */ 3957 3958/* 3959 * Handle incoming CHAP packets. 3960 */ 3961static void 3962sppp_chap_input(struct sppp *sp, struct mbuf *m) 3963{ 3964 STDDCL; 3965 struct lcp_header *h; 3966 int len, x; 3967 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3968 int value_len, name_len; 3969 MD5_CTX ctx; 3970 3971 len = m->m_pkthdr.len; 3972 if (len < 4) { 3973 if (debug) 3974 log(LOG_DEBUG, 3975 SPP_FMT "chap invalid packet length: %d bytes\n", 3976 SPP_ARGS(ifp), len); 3977 return; 3978 } 3979 h = mtod (m, struct lcp_header*); 3980 if (len > ntohs (h->len)) 3981 len = ntohs (h->len); 3982 3983 switch (h->type) { 3984 /* challenge, failure and success are his authproto */ 3985 case CHAP_CHALLENGE: 3986 value = 1 + (u_char*)(h+1); 3987 value_len = value[-1]; 3988 name = value + value_len; 3989 name_len = len - value_len - 5; 3990 if (name_len < 0) { 3991 if (debug) { 3992 log(LOG_DEBUG, 3993 SPP_FMT "chap corrupted challenge " 3994 "<%s id=0x%x len=%d", 3995 SPP_ARGS(ifp), 3996 sppp_auth_type_name(PPP_CHAP, h->type), 3997 h->ident, ntohs(h->len)); 3998 sppp_print_bytes((u_char*) (h+1), len-4); 3999 log(-1, ">\n"); 4000 } 4001 break; 4002 } 4003 4004 if (debug) { 4005 log(LOG_DEBUG, 4006 SPP_FMT "chap input <%s id=0x%x len=%d name=", 4007 SPP_ARGS(ifp), 4008 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 4009 ntohs(h->len)); 4010 sppp_print_string((char*) name, name_len); 4011 log(-1, " value-size=%d value=", value_len); 4012 sppp_print_bytes(value, value_len); 4013 log(-1, ">\n"); 4014 } 4015 4016 /* Compute reply value. */ 4017 MD5Init(&ctx); 4018 MD5Update(&ctx, &h->ident, 1); 4019 MD5Update(&ctx, sp->myauth.secret, 4020 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 4021 MD5Update(&ctx, value, value_len); 4022 MD5Final(digest, &ctx); 4023 dsize = sizeof digest; 4024 4025 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 4026 sizeof dsize, (const char *)&dsize, 4027 sizeof digest, digest, 4028 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4029 sp->myauth.name, 4030 0); 4031 break; 4032 4033 case CHAP_SUCCESS: 4034 if (debug) { 4035 log(LOG_DEBUG, SPP_FMT "chap success", 4036 SPP_ARGS(ifp)); 4037 if (len > 4) { 4038 log(-1, ": "); 4039 sppp_print_string((char*)(h + 1), len - 4); 4040 } 4041 log(-1, "\n"); 4042 } 4043 x = splimp(); 4044 SPPP_LOCK(sp); 4045 sp->pp_flags &= ~PP_NEEDAUTH; 4046 if (sp->myauth.proto == PPP_CHAP && 4047 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4048 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 4049 /* 4050 * We are authenticator for CHAP but didn't 4051 * complete yet. Leave it to tlu to proceed 4052 * to network phase. 4053 */ 4054 SPPP_UNLOCK(sp); 4055 splx(x); 4056 break; 4057 } 4058 SPPP_UNLOCK(sp); 4059 splx(x); 4060 sppp_phase_network(sp); 4061 break; 4062 4063 case CHAP_FAILURE: 4064 if (debug) { 4065 log(LOG_INFO, SPP_FMT "chap failure", 4066 SPP_ARGS(ifp)); 4067 if (len > 4) { 4068 log(-1, ": "); 4069 sppp_print_string((char*)(h + 1), len - 4); 4070 } 4071 log(-1, "\n"); 4072 } else 4073 log(LOG_INFO, SPP_FMT "chap failure\n", 4074 SPP_ARGS(ifp)); 4075 /* await LCP shutdown by authenticator */ 4076 break; 4077 4078 /* response is my authproto */ 4079 case CHAP_RESPONSE: 4080 value = 1 + (u_char*)(h+1); 4081 value_len = value[-1]; 4082 name = value + value_len; 4083 name_len = len - value_len - 5; 4084 if (name_len < 0) { 4085 if (debug) { 4086 log(LOG_DEBUG, 4087 SPP_FMT "chap corrupted response " 4088 "<%s id=0x%x len=%d", 4089 SPP_ARGS(ifp), 4090 sppp_auth_type_name(PPP_CHAP, h->type), 4091 h->ident, ntohs(h->len)); 4092 sppp_print_bytes((u_char*)(h+1), len-4); 4093 log(-1, ">\n"); 4094 } 4095 break; 4096 } 4097 if (h->ident != sp->confid[IDX_CHAP]) { 4098 if (debug) 4099 log(LOG_DEBUG, 4100 SPP_FMT "chap dropping response for old ID " 4101 "(got %d, expected %d)\n", 4102 SPP_ARGS(ifp), 4103 h->ident, sp->confid[IDX_CHAP]); 4104 break; 4105 } 4106 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 4107 || bcmp(name, sp->hisauth.name, name_len) != 0) { 4108 log(LOG_INFO, SPP_FMT "chap response, his name ", 4109 SPP_ARGS(ifp)); 4110 sppp_print_string(name, name_len); 4111 log(-1, " != expected "); 4112 sppp_print_string(sp->hisauth.name, 4113 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 4114 log(-1, "\n"); 4115 } 4116 if (debug) { 4117 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 4118 "<%s id=0x%x len=%d name=", 4119 SPP_ARGS(ifp), 4120 sppp_state_name(sp->state[IDX_CHAP]), 4121 sppp_auth_type_name(PPP_CHAP, h->type), 4122 h->ident, ntohs (h->len)); 4123 sppp_print_string((char*)name, name_len); 4124 log(-1, " value-size=%d value=", value_len); 4125 sppp_print_bytes(value, value_len); 4126 log(-1, ">\n"); 4127 } 4128 if (value_len != AUTHKEYLEN) { 4129 if (debug) 4130 log(LOG_DEBUG, 4131 SPP_FMT "chap bad hash value length: " 4132 "%d bytes, should be %d\n", 4133 SPP_ARGS(ifp), value_len, 4134 AUTHKEYLEN); 4135 break; 4136 } 4137 4138 MD5Init(&ctx); 4139 MD5Update(&ctx, &h->ident, 1); 4140 MD5Update(&ctx, sp->hisauth.secret, 4141 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 4142 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 4143 MD5Final(digest, &ctx); 4144 4145#define FAILMSG "Failed..." 4146#define SUCCMSG "Welcome!" 4147 4148 if (value_len != sizeof digest || 4149 bcmp(digest, value, value_len) != 0) { 4150 /* action scn, tld */ 4151 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4152 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4153 0); 4154 chap.tld(sp); 4155 break; 4156 } 4157 /* action sca, perhaps tlu */ 4158 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4159 sp->state[IDX_CHAP] == STATE_OPENED) 4160 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4161 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4162 0); 4163 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4164 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4165 chap.tlu(sp); 4166 } 4167 break; 4168 4169 default: 4170 /* Unknown CHAP packet type -- ignore. */ 4171 if (debug) { 4172 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4173 "<0x%x id=0x%xh len=%d", 4174 SPP_ARGS(ifp), 4175 sppp_state_name(sp->state[IDX_CHAP]), 4176 h->type, h->ident, ntohs(h->len)); 4177 sppp_print_bytes((u_char*)(h+1), len-4); 4178 log(-1, ">\n"); 4179 } 4180 break; 4181 4182 } 4183} 4184 4185static void 4186sppp_chap_init(struct sppp *sp) 4187{ 4188 /* Chap doesn't have STATE_INITIAL at all. */ 4189 sp->state[IDX_CHAP] = STATE_CLOSED; 4190 sp->fail_counter[IDX_CHAP] = 0; 4191 sp->pp_seq[IDX_CHAP] = 0; 4192 sp->pp_rseq[IDX_CHAP] = 0; 4193 callout_init(&sp->ch[IDX_CHAP], 4194 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 4195} 4196 4197static void 4198sppp_chap_open(struct sppp *sp) 4199{ 4200 if (sp->myauth.proto == PPP_CHAP && 4201 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4202 /* we are authenticator for CHAP, start it */ 4203 chap.scr(sp); 4204 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4205 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4206 } 4207 /* nothing to be done if we are peer, await a challenge */ 4208} 4209 4210static void 4211sppp_chap_close(struct sppp *sp) 4212{ 4213 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4214 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4215} 4216 4217static void 4218sppp_chap_TO(void *cookie) 4219{ 4220 struct sppp *sp = (struct sppp *)cookie; 4221 STDDCL; 4222 int s; 4223 4224 s = splimp(); 4225 SPPP_LOCK(sp); 4226 if (debug) 4227 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4228 SPP_ARGS(ifp), 4229 sppp_state_name(sp->state[IDX_CHAP]), 4230 sp->rst_counter[IDX_CHAP]); 4231 4232 if (--sp->rst_counter[IDX_CHAP] < 0) 4233 /* TO- event */ 4234 switch (sp->state[IDX_CHAP]) { 4235 case STATE_REQ_SENT: 4236 chap.tld(sp); 4237 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4238 break; 4239 } 4240 else 4241 /* TO+ (or TO*) event */ 4242 switch (sp->state[IDX_CHAP]) { 4243 case STATE_OPENED: 4244 /* TO* event */ 4245 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4246 /* FALLTHROUGH */ 4247 case STATE_REQ_SENT: 4248 chap.scr(sp); 4249 /* sppp_cp_change_state() will restart the timer */ 4250 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4251 break; 4252 } 4253 4254 SPPP_UNLOCK(sp); 4255 splx(s); 4256} 4257 4258static void 4259sppp_chap_tlu(struct sppp *sp) 4260{ 4261 STDDCL; 4262 int i, x; 4263 4264 i = 0; 4265 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4266 4267 /* 4268 * Some broken CHAP implementations (Conware CoNet, firmware 4269 * 4.0.?) don't want to re-authenticate their CHAP once the 4270 * initial challenge-response exchange has taken place. 4271 * Provide for an option to avoid rechallenges. 4272 */ 4273 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4274 /* 4275 * Compute the re-challenge timeout. This will yield 4276 * a number between 300 and 810 seconds. 4277 */ 4278 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4279 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, (void *)sp); 4280 } 4281 4282 if (debug) { 4283 log(LOG_DEBUG, 4284 SPP_FMT "chap %s, ", 4285 SPP_ARGS(ifp), 4286 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4287 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4288 log(-1, "next re-challenge in %d seconds\n", i); 4289 else 4290 log(-1, "re-challenging supressed\n"); 4291 } 4292 4293 x = splimp(); 4294 SPPP_LOCK(sp); 4295 /* indicate to LCP that we need to be closed down */ 4296 sp->lcp.protos |= (1 << IDX_CHAP); 4297 4298 if (sp->pp_flags & PP_NEEDAUTH) { 4299 /* 4300 * Remote is authenticator, but his auth proto didn't 4301 * complete yet. Defer the transition to network 4302 * phase. 4303 */ 4304 SPPP_UNLOCK(sp); 4305 splx(x); 4306 return; 4307 } 4308 SPPP_UNLOCK(sp); 4309 splx(x); 4310 4311 /* 4312 * If we are already in phase network, we are done here. This 4313 * is the case if this is a dummy tlu event after a re-challenge. 4314 */ 4315 if (sp->pp_phase != PHASE_NETWORK) 4316 sppp_phase_network(sp); 4317} 4318 4319static void 4320sppp_chap_tld(struct sppp *sp) 4321{ 4322 STDDCL; 4323 4324 if (debug) 4325 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4326 callout_stop(&sp->ch[IDX_CHAP]); 4327 sp->lcp.protos &= ~(1 << IDX_CHAP); 4328 4329 lcp.Close(sp); 4330} 4331 4332static void 4333sppp_chap_scr(struct sppp *sp) 4334{ 4335 u_long *ch, seed; 4336 u_char clen; 4337 4338 /* Compute random challenge. */ 4339 ch = (u_long *)sp->myauth.challenge; 4340 read_random(&seed, sizeof seed); 4341 ch[0] = seed ^ random(); 4342 ch[1] = seed ^ random(); 4343 ch[2] = seed ^ random(); 4344 ch[3] = seed ^ random(); 4345 clen = AUTHKEYLEN; 4346 4347 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4348 4349 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4350 sizeof clen, (const char *)&clen, 4351 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4352 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4353 sp->myauth.name, 4354 0); 4355} 4356 4357/* 4358 *--------------------------------------------------------------------------* 4359 * * 4360 * The PAP implementation. * 4361 * * 4362 *--------------------------------------------------------------------------* 4363 */ 4364/* 4365 * For PAP, we need to keep a little state also if we are the peer, not the 4366 * authenticator. This is since we don't get a request to authenticate, but 4367 * have to repeatedly authenticate ourself until we got a response (or the 4368 * retry counter is expired). 4369 */ 4370 4371/* 4372 * Handle incoming PAP packets. */ 4373static void 4374sppp_pap_input(struct sppp *sp, struct mbuf *m) 4375{ 4376 STDDCL; 4377 struct lcp_header *h; 4378 int len, x; 4379 u_char *name, *passwd, mlen; 4380 int name_len, passwd_len; 4381 4382 len = m->m_pkthdr.len; 4383 if (len < 5) { 4384 if (debug) 4385 log(LOG_DEBUG, 4386 SPP_FMT "pap invalid packet length: %d bytes\n", 4387 SPP_ARGS(ifp), len); 4388 return; 4389 } 4390 h = mtod (m, struct lcp_header*); 4391 if (len > ntohs (h->len)) 4392 len = ntohs (h->len); 4393 switch (h->type) { 4394 /* PAP request is my authproto */ 4395 case PAP_REQ: 4396 name = 1 + (u_char*)(h+1); 4397 name_len = name[-1]; 4398 passwd = name + name_len + 1; 4399 if (name_len > len - 6 || 4400 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4401 if (debug) { 4402 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4403 "<%s id=0x%x len=%d", 4404 SPP_ARGS(ifp), 4405 sppp_auth_type_name(PPP_PAP, h->type), 4406 h->ident, ntohs(h->len)); 4407 sppp_print_bytes((u_char*)(h+1), len-4); 4408 log(-1, ">\n"); 4409 } 4410 break; 4411 } 4412 if (debug) { 4413 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4414 "<%s id=0x%x len=%d name=", 4415 SPP_ARGS(ifp), 4416 sppp_state_name(sp->state[IDX_PAP]), 4417 sppp_auth_type_name(PPP_PAP, h->type), 4418 h->ident, ntohs(h->len)); 4419 sppp_print_string((char*)name, name_len); 4420 log(-1, " passwd="); 4421 sppp_print_string((char*)passwd, passwd_len); 4422 log(-1, ">\n"); 4423 } 4424 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4425 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4426 bcmp(name, sp->hisauth.name, name_len) != 0 || 4427 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4428 /* action scn, tld */ 4429 mlen = sizeof(FAILMSG) - 1; 4430 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4431 sizeof mlen, (const char *)&mlen, 4432 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4433 0); 4434 pap.tld(sp); 4435 break; 4436 } 4437 /* action sca, perhaps tlu */ 4438 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4439 sp->state[IDX_PAP] == STATE_OPENED) { 4440 mlen = sizeof(SUCCMSG) - 1; 4441 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4442 sizeof mlen, (const char *)&mlen, 4443 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4444 0); 4445 } 4446 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4447 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4448 pap.tlu(sp); 4449 } 4450 break; 4451 4452 /* ack and nak are his authproto */ 4453 case PAP_ACK: 4454 callout_stop(&sp->pap_my_to_ch); 4455 if (debug) { 4456 log(LOG_DEBUG, SPP_FMT "pap success", 4457 SPP_ARGS(ifp)); 4458 name_len = *((char *)h); 4459 if (len > 5 && name_len) { 4460 log(-1, ": "); 4461 sppp_print_string((char*)(h+1), name_len); 4462 } 4463 log(-1, "\n"); 4464 } 4465 x = splimp(); 4466 SPPP_LOCK(sp); 4467 sp->pp_flags &= ~PP_NEEDAUTH; 4468 if (sp->myauth.proto == PPP_PAP && 4469 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4470 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4471 /* 4472 * We are authenticator for PAP but didn't 4473 * complete yet. Leave it to tlu to proceed 4474 * to network phase. 4475 */ 4476 SPPP_UNLOCK(sp); 4477 splx(x); 4478 break; 4479 } 4480 SPPP_UNLOCK(sp); 4481 splx(x); 4482 sppp_phase_network(sp); 4483 break; 4484 4485 case PAP_NAK: 4486 callout_stop (&sp->pap_my_to_ch); 4487 if (debug) { 4488 log(LOG_INFO, SPP_FMT "pap failure", 4489 SPP_ARGS(ifp)); 4490 name_len = *((char *)h); 4491 if (len > 5 && name_len) { 4492 log(-1, ": "); 4493 sppp_print_string((char*)(h+1), name_len); 4494 } 4495 log(-1, "\n"); 4496 } else 4497 log(LOG_INFO, SPP_FMT "pap failure\n", 4498 SPP_ARGS(ifp)); 4499 /* await LCP shutdown by authenticator */ 4500 break; 4501 4502 default: 4503 /* Unknown PAP packet type -- ignore. */ 4504 if (debug) { 4505 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4506 "<0x%x id=0x%x len=%d", 4507 SPP_ARGS(ifp), 4508 h->type, h->ident, ntohs(h->len)); 4509 sppp_print_bytes((u_char*)(h+1), len-4); 4510 log(-1, ">\n"); 4511 } 4512 break; 4513 4514 } 4515} 4516 4517static void 4518sppp_pap_init(struct sppp *sp) 4519{ 4520 /* PAP doesn't have STATE_INITIAL at all. */ 4521 sp->state[IDX_PAP] = STATE_CLOSED; 4522 sp->fail_counter[IDX_PAP] = 0; 4523 sp->pp_seq[IDX_PAP] = 0; 4524 sp->pp_rseq[IDX_PAP] = 0; 4525 callout_init(&sp->ch[IDX_PAP], 4526 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 4527 callout_init(&sp->pap_my_to_ch, 4528 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 4529} 4530 4531static void 4532sppp_pap_open(struct sppp *sp) 4533{ 4534 if (sp->hisauth.proto == PPP_PAP && 4535 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4536 /* we are authenticator for PAP, start our timer */ 4537 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4538 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4539 } 4540 if (sp->myauth.proto == PPP_PAP) { 4541 /* we are peer, send a request, and start a timer */ 4542 pap.scr(sp); 4543 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 4544 sppp_pap_my_TO, (void *)sp); 4545 } 4546} 4547 4548static void 4549sppp_pap_close(struct sppp *sp) 4550{ 4551 if (sp->state[IDX_PAP] != STATE_CLOSED) 4552 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4553} 4554 4555/* 4556 * That's the timeout routine if we are authenticator. Since the 4557 * authenticator is basically passive in PAP, we can't do much here. 4558 */ 4559static void 4560sppp_pap_TO(void *cookie) 4561{ 4562 struct sppp *sp = (struct sppp *)cookie; 4563 STDDCL; 4564 int s; 4565 4566 s = splimp(); 4567 SPPP_LOCK(sp); 4568 if (debug) 4569 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4570 SPP_ARGS(ifp), 4571 sppp_state_name(sp->state[IDX_PAP]), 4572 sp->rst_counter[IDX_PAP]); 4573 4574 if (--sp->rst_counter[IDX_PAP] < 0) 4575 /* TO- event */ 4576 switch (sp->state[IDX_PAP]) { 4577 case STATE_REQ_SENT: 4578 pap.tld(sp); 4579 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4580 break; 4581 } 4582 else 4583 /* TO+ event, not very much we could do */ 4584 switch (sp->state[IDX_PAP]) { 4585 case STATE_REQ_SENT: 4586 /* sppp_cp_change_state() will restart the timer */ 4587 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4588 break; 4589 } 4590 4591 SPPP_UNLOCK(sp); 4592 splx(s); 4593} 4594 4595/* 4596 * That's the timeout handler if we are peer. Since the peer is active, 4597 * we need to retransmit our PAP request since it is apparently lost. 4598 * XXX We should impose a max counter. 4599 */ 4600static void 4601sppp_pap_my_TO(void *cookie) 4602{ 4603 struct sppp *sp = (struct sppp *)cookie; 4604 STDDCL; 4605 4606 if (debug) 4607 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4608 SPP_ARGS(ifp)); 4609 4610 SPPP_LOCK(sp); 4611 pap.scr(sp); 4612 SPPP_UNLOCK(sp); 4613} 4614 4615static void 4616sppp_pap_tlu(struct sppp *sp) 4617{ 4618 STDDCL; 4619 int x; 4620 4621 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4622 4623 if (debug) 4624 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4625 SPP_ARGS(ifp), pap.name); 4626 4627 x = splimp(); 4628 SPPP_LOCK(sp); 4629 /* indicate to LCP that we need to be closed down */ 4630 sp->lcp.protos |= (1 << IDX_PAP); 4631 4632 if (sp->pp_flags & PP_NEEDAUTH) { 4633 /* 4634 * Remote is authenticator, but his auth proto didn't 4635 * complete yet. Defer the transition to network 4636 * phase. 4637 */ 4638 SPPP_UNLOCK(sp); 4639 splx(x); 4640 return; 4641 } 4642 SPPP_UNLOCK(sp); 4643 splx(x); 4644 sppp_phase_network(sp); 4645} 4646 4647static void 4648sppp_pap_tld(struct sppp *sp) 4649{ 4650 STDDCL; 4651 4652 if (debug) 4653 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4654 callout_stop (&sp->ch[IDX_PAP]); 4655 callout_stop (&sp->pap_my_to_ch); 4656 sp->lcp.protos &= ~(1 << IDX_PAP); 4657 4658 lcp.Close(sp); 4659} 4660 4661static void 4662sppp_pap_scr(struct sppp *sp) 4663{ 4664 u_char idlen, pwdlen; 4665 4666 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4667 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4668 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4669 4670 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4671 sizeof idlen, (const char *)&idlen, 4672 (size_t)idlen, sp->myauth.name, 4673 sizeof pwdlen, (const char *)&pwdlen, 4674 (size_t)pwdlen, sp->myauth.secret, 4675 0); 4676} 4677 4678/* 4679 * Random miscellaneous functions. 4680 */ 4681 4682/* 4683 * Send a PAP or CHAP proto packet. 4684 * 4685 * Varadic function, each of the elements for the ellipsis is of type 4686 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4687 * mlen == 0. 4688 * NOTE: never declare variadic functions with types subject to type 4689 * promotion (i.e. u_char). This is asking for big trouble depending 4690 * on the architecture you are on... 4691 */ 4692 4693static void 4694sppp_auth_send(const struct cp *cp, struct sppp *sp, 4695 unsigned int type, unsigned int id, 4696 ...) 4697{ 4698 STDDCL; 4699 struct ppp_header *h; 4700 struct lcp_header *lh; 4701 struct mbuf *m; 4702 u_char *p; 4703 int len; 4704 unsigned int mlen; 4705 const char *msg; 4706 va_list ap; 4707 4708 MGETHDR (m, M_DONTWAIT, MT_DATA); 4709 if (! m) 4710 return; 4711 m->m_pkthdr.rcvif = 0; 4712 4713 h = mtod (m, struct ppp_header*); 4714 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4715 h->control = PPP_UI; /* Unnumbered Info */ 4716 h->protocol = htons(cp->proto); 4717 4718 lh = (struct lcp_header*)(h + 1); 4719 lh->type = type; 4720 lh->ident = id; 4721 p = (u_char*) (lh+1); 4722 4723 va_start(ap, id); 4724 len = 0; 4725 4726 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4727 msg = va_arg(ap, const char *); 4728 len += mlen; 4729 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4730 va_end(ap); 4731 m_freem(m); 4732 return; 4733 } 4734 4735 bcopy(msg, p, mlen); 4736 p += mlen; 4737 } 4738 va_end(ap); 4739 4740 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4741 lh->len = htons (LCP_HEADER_LEN + len); 4742 4743 if (debug) { 4744 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4745 SPP_ARGS(ifp), cp->name, 4746 sppp_auth_type_name(cp->proto, lh->type), 4747 lh->ident, ntohs(lh->len)); 4748 sppp_print_bytes((u_char*) (lh+1), len); 4749 log(-1, ">\n"); 4750 } 4751 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 4752 ifp->if_oerrors++; 4753} 4754 4755/* 4756 * Flush interface queue. 4757 */ 4758static void 4759sppp_qflush(struct ifqueue *ifq) 4760{ 4761 struct mbuf *m, *n; 4762 4763 n = ifq->ifq_head; 4764 while ((m = n)) { 4765 n = m->m_act; 4766 m_freem (m); 4767 } 4768 ifq->ifq_head = 0; 4769 ifq->ifq_tail = 0; 4770 ifq->ifq_len = 0; 4771} 4772 4773/* 4774 * Send keepalive packets, every 10 seconds. 4775 */ 4776static void 4777sppp_keepalive(void *dummy) 4778{ 4779 struct sppp *sp = (struct sppp*)dummy; 4780 struct ifnet *ifp = SP2IFP(sp); 4781 int s; 4782 4783 s = splimp(); 4784 SPPP_LOCK(sp); 4785 /* Keepalive mode disabled or channel down? */ 4786 if (! (sp->pp_flags & PP_KEEPALIVE) || 4787 ! (ifp->if_drv_flags & IFF_DRV_RUNNING)) 4788 goto out; 4789 4790 if (sp->pp_mode == PP_FR) { 4791 sppp_fr_keepalive (sp); 4792 goto out; 4793 } 4794 4795 /* No keepalive in PPP mode if LCP not opened yet. */ 4796 if (sp->pp_mode != IFF_CISCO && 4797 sp->pp_phase < PHASE_AUTHENTICATE) 4798 goto out; 4799 4800 if (sp->pp_alivecnt == MAXALIVECNT) { 4801 /* No keepalive packets got. Stop the interface. */ 4802 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4803 if_down (ifp); 4804 sppp_qflush (&sp->pp_cpq); 4805 if (sp->pp_mode != IFF_CISCO) { 4806 /* XXX */ 4807 /* Shut down the PPP link. */ 4808 lcp.Down(sp); 4809 /* Initiate negotiation. XXX */ 4810 lcp.Up(sp); 4811 } 4812 } 4813 if (sp->pp_alivecnt <= MAXALIVECNT) 4814 ++sp->pp_alivecnt; 4815 if (sp->pp_mode == IFF_CISCO) 4816 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4817 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4818 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4819 long nmagic = htonl (sp->lcp.magic); 4820 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4821 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4822 sp->lcp.echoid, 4, &nmagic); 4823 } 4824out: 4825 SPPP_UNLOCK(sp); 4826 splx(s); 4827 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 4828 (void *)sp); 4829} 4830 4831/* 4832 * Get both IP addresses. 4833 */ 4834void 4835sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4836{ 4837 struct ifnet *ifp = SP2IFP(sp); 4838 struct ifaddr *ifa; 4839 struct sockaddr_in *si, *sm; 4840 u_long ssrc, ddst; 4841 4842 sm = NULL; 4843 ssrc = ddst = 0L; 4844 /* 4845 * Pick the first AF_INET address from the list, 4846 * aliases don't make any sense on a p2p link anyway. 4847 */ 4848 si = 0; 4849 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4850 if (ifa->ifa_addr->sa_family == AF_INET) { 4851 si = (struct sockaddr_in *)ifa->ifa_addr; 4852 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4853 if (si) 4854 break; 4855 } 4856 if (ifa) { 4857 if (si && si->sin_addr.s_addr) { 4858 ssrc = si->sin_addr.s_addr; 4859 if (srcmask) 4860 *srcmask = ntohl(sm->sin_addr.s_addr); 4861 } 4862 4863 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4864 if (si && si->sin_addr.s_addr) 4865 ddst = si->sin_addr.s_addr; 4866 } 4867 4868 if (dst) *dst = ntohl(ddst); 4869 if (src) *src = ntohl(ssrc); 4870} 4871 4872/* 4873 * Set my IP address. Must be called at splimp. 4874 */ 4875static void 4876sppp_set_ip_addr(struct sppp *sp, u_long src) 4877{ 4878 INIT_VNET_INET(curvnet); 4879 STDDCL; 4880 struct ifaddr *ifa; 4881 struct sockaddr_in *si; 4882 struct in_ifaddr *ia; 4883 4884 /* 4885 * Pick the first AF_INET address from the list, 4886 * aliases don't make any sense on a p2p link anyway. 4887 */ 4888 si = 0; 4889 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4890 { 4891 if (ifa->ifa_addr->sa_family == AF_INET) 4892 { 4893 si = (struct sockaddr_in *)ifa->ifa_addr; 4894 if (si) 4895 break; 4896 } 4897 } 4898 4899 if (ifa && si) 4900 { 4901 int error; 4902 /* delete old route */ 4903 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4904 if(debug && error) 4905 { 4906 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4907 SPP_ARGS(ifp), error); 4908 } 4909 4910 /* set new address */ 4911 si->sin_addr.s_addr = htonl(src); 4912 ia = ifatoia(ifa); 4913 LIST_REMOVE(ia, ia_hash); 4914 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4915 4916 /* add new route */ 4917 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4918 if (debug && error) 4919 { 4920 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4921 SPP_ARGS(ifp), error); 4922 } 4923 } 4924} 4925 4926#ifdef INET6 4927/* 4928 * Get both IPv6 addresses. 4929 */ 4930static void 4931sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4932 struct in6_addr *srcmask) 4933{ 4934 struct ifnet *ifp = SP2IFP(sp); 4935 struct ifaddr *ifa; 4936 struct sockaddr_in6 *si, *sm; 4937 struct in6_addr ssrc, ddst; 4938 4939 sm = NULL; 4940 bzero(&ssrc, sizeof(ssrc)); 4941 bzero(&ddst, sizeof(ddst)); 4942 /* 4943 * Pick the first link-local AF_INET6 address from the list, 4944 * aliases don't make any sense on a p2p link anyway. 4945 */ 4946 si = 0; 4947 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4948 if (ifa->ifa_addr->sa_family == AF_INET6) { 4949 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4950 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4951 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4952 break; 4953 } 4954 if (ifa) { 4955 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4956 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4957 if (srcmask) { 4958 bcopy(&sm->sin6_addr, srcmask, 4959 sizeof(*srcmask)); 4960 } 4961 } 4962 4963 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4964 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4965 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4966 } 4967 4968 if (dst) 4969 bcopy(&ddst, dst, sizeof(*dst)); 4970 if (src) 4971 bcopy(&ssrc, src, sizeof(*src)); 4972} 4973 4974#ifdef IPV6CP_MYIFID_DYN 4975/* 4976 * Generate random ifid. 4977 */ 4978static void 4979sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4980{ 4981 /* TBD */ 4982} 4983 4984/* 4985 * Set my IPv6 address. Must be called at splimp. 4986 */ 4987static void 4988sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4989{ 4990 STDDCL; 4991 struct ifaddr *ifa; 4992 struct sockaddr_in6 *sin6; 4993 4994 /* 4995 * Pick the first link-local AF_INET6 address from the list, 4996 * aliases don't make any sense on a p2p link anyway. 4997 */ 4998 4999 sin6 = NULL; 5000 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 5001 { 5002 if (ifa->ifa_addr->sa_family == AF_INET6) 5003 { 5004 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 5005 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 5006 break; 5007 } 5008 } 5009 5010 if (ifa && sin6) 5011 { 5012 int error; 5013 struct sockaddr_in6 new_sin6 = *sin6; 5014 5015 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 5016 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 5017 if (debug && error) 5018 { 5019 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 5020 " failed, error=%d\n", SPP_ARGS(ifp), error); 5021 } 5022 } 5023} 5024#endif 5025 5026/* 5027 * Suggest a candidate address to be used by peer. 5028 */ 5029static void 5030sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5031{ 5032 struct in6_addr myaddr; 5033 struct timeval tv; 5034 5035 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5036 5037 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5038 microtime(&tv); 5039 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5040 myaddr.s6_addr[14] ^= 0xff; 5041 myaddr.s6_addr[15] ^= 0xff; 5042 } else { 5043 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5044 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5045 } 5046 if (suggest) 5047 bcopy(&myaddr, suggest, sizeof(myaddr)); 5048} 5049#endif /*INET6*/ 5050 5051static int 5052sppp_params(struct sppp *sp, u_long cmd, void *data) 5053{ 5054 u_long subcmd; 5055 struct ifreq *ifr = (struct ifreq *)data; 5056 struct spppreq *spr; 5057 int rv = 0; 5058 5059 if ((spr = malloc(sizeof(struct spppreq), M_TEMP, M_NOWAIT)) == 0) 5060 return (EAGAIN); 5061 /* 5062 * ifr->ifr_data is supposed to point to a struct spppreq. 5063 * Check the cmd word first before attempting to fetch all the 5064 * data. 5065 */ 5066 if ((subcmd = fuword(ifr->ifr_data)) == -1) { 5067 rv = EFAULT; 5068 goto quit; 5069 } 5070 5071 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(struct spppreq)) != 0) { 5072 rv = EFAULT; 5073 goto quit; 5074 } 5075 5076 switch (subcmd) { 5077 case (u_long)SPPPIOGDEFS: 5078 if (cmd != SIOCGIFGENERIC) { 5079 rv = EINVAL; 5080 break; 5081 } 5082 /* 5083 * We copy over the entire current state, but clean 5084 * out some of the stuff we don't wanna pass up. 5085 * Remember, SIOCGIFGENERIC is unprotected, and can be 5086 * called by any user. No need to ever get PAP or 5087 * CHAP secrets back to userland anyway. 5088 */ 5089 spr->defs.pp_phase = sp->pp_phase; 5090 spr->defs.enable_vj = (sp->confflags & CONF_ENABLE_VJ) != 0; 5091 spr->defs.enable_ipv6 = (sp->confflags & CONF_ENABLE_IPV6) != 0; 5092 spr->defs.lcp = sp->lcp; 5093 spr->defs.ipcp = sp->ipcp; 5094 spr->defs.ipv6cp = sp->ipv6cp; 5095 spr->defs.myauth = sp->myauth; 5096 spr->defs.hisauth = sp->hisauth; 5097 bzero(spr->defs.myauth.secret, AUTHKEYLEN); 5098 bzero(spr->defs.myauth.challenge, AUTHKEYLEN); 5099 bzero(spr->defs.hisauth.secret, AUTHKEYLEN); 5100 bzero(spr->defs.hisauth.challenge, AUTHKEYLEN); 5101 /* 5102 * Fixup the LCP timeout value to milliseconds so 5103 * spppcontrol doesn't need to bother about the value 5104 * of "hz". We do the reverse calculation below when 5105 * setting it. 5106 */ 5107 spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz; 5108 rv = copyout(spr, (caddr_t)ifr->ifr_data, 5109 sizeof(struct spppreq)); 5110 break; 5111 5112 case (u_long)SPPPIOSDEFS: 5113 if (cmd != SIOCSIFGENERIC) { 5114 rv = EINVAL; 5115 break; 5116 } 5117 /* 5118 * We have a very specific idea of which fields we 5119 * allow being passed back from userland, so to not 5120 * clobber our current state. For one, we only allow 5121 * setting anything if LCP is in dead or establish 5122 * phase. Once the authentication negotiations 5123 * started, the authentication settings must not be 5124 * changed again. (The administrator can force an 5125 * ifconfig down in order to get LCP back into dead 5126 * phase.) 5127 * 5128 * Also, we only allow for authentication parameters to be 5129 * specified. 5130 * 5131 * XXX Should allow to set or clear pp_flags. 5132 * 5133 * Finally, if the respective authentication protocol to 5134 * be used is set differently than 0, but the secret is 5135 * passed as all zeros, we don't trash the existing secret. 5136 * This allows an administrator to change the system name 5137 * only without clobbering the secret (which he didn't get 5138 * back in a previous SPPPIOGDEFS call). However, the 5139 * secrets are cleared if the authentication protocol is 5140 * reset to 0. */ 5141 if (sp->pp_phase != PHASE_DEAD && 5142 sp->pp_phase != PHASE_ESTABLISH) { 5143 rv = EBUSY; 5144 break; 5145 } 5146 5147 if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP && 5148 spr->defs.myauth.proto != PPP_CHAP) || 5149 (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP && 5150 spr->defs.hisauth.proto != PPP_CHAP)) { 5151 rv = EINVAL; 5152 break; 5153 } 5154 5155 if (spr->defs.myauth.proto == 0) 5156 /* resetting myauth */ 5157 bzero(&sp->myauth, sizeof sp->myauth); 5158 else { 5159 /* setting/changing myauth */ 5160 sp->myauth.proto = spr->defs.myauth.proto; 5161 bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 5162 if (spr->defs.myauth.secret[0] != '\0') 5163 bcopy(spr->defs.myauth.secret, sp->myauth.secret, 5164 AUTHKEYLEN); 5165 } 5166 if (spr->defs.hisauth.proto == 0) 5167 /* resetting hisauth */ 5168 bzero(&sp->hisauth, sizeof sp->hisauth); 5169 else { 5170 /* setting/changing hisauth */ 5171 sp->hisauth.proto = spr->defs.hisauth.proto; 5172 sp->hisauth.flags = spr->defs.hisauth.flags; 5173 bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5174 if (spr->defs.hisauth.secret[0] != '\0') 5175 bcopy(spr->defs.hisauth.secret, sp->hisauth.secret, 5176 AUTHKEYLEN); 5177 } 5178 /* set LCP restart timer timeout */ 5179 if (spr->defs.lcp.timeout != 0) 5180 sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000; 5181 /* set VJ enable and IPv6 disable flags */ 5182#ifdef INET 5183 if (spr->defs.enable_vj) 5184 sp->confflags |= CONF_ENABLE_VJ; 5185 else 5186 sp->confflags &= ~CONF_ENABLE_VJ; 5187#endif 5188#ifdef INET6 5189 if (spr->defs.enable_ipv6) 5190 sp->confflags |= CONF_ENABLE_IPV6; 5191 else 5192 sp->confflags &= ~CONF_ENABLE_IPV6; 5193#endif 5194 break; 5195 5196 default: 5197 rv = EINVAL; 5198 } 5199 5200 quit: 5201 free(spr, M_TEMP); 5202 5203 return (rv); 5204} 5205 5206static void 5207sppp_phase_network(struct sppp *sp) 5208{ 5209 STDDCL; 5210 int i; 5211 u_long mask; 5212 5213 sp->pp_phase = PHASE_NETWORK; 5214 5215 if (debug) 5216 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5217 sppp_phase_name(sp->pp_phase)); 5218 5219 /* Notify NCPs now. */ 5220 for (i = 0; i < IDX_COUNT; i++) 5221 if ((cps[i])->flags & CP_NCP) 5222 (cps[i])->Open(sp); 5223 5224 /* Send Up events to all NCPs. */ 5225 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5226 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5227 (cps[i])->Up(sp); 5228 5229 /* if no NCP is starting, all this was in vain, close down */ 5230 sppp_lcp_check_and_close(sp); 5231} 5232 5233 5234static const char * 5235sppp_cp_type_name(u_char type) 5236{ 5237 static char buf[12]; 5238 switch (type) { 5239 case CONF_REQ: return "conf-req"; 5240 case CONF_ACK: return "conf-ack"; 5241 case CONF_NAK: return "conf-nak"; 5242 case CONF_REJ: return "conf-rej"; 5243 case TERM_REQ: return "term-req"; 5244 case TERM_ACK: return "term-ack"; 5245 case CODE_REJ: return "code-rej"; 5246 case PROTO_REJ: return "proto-rej"; 5247 case ECHO_REQ: return "echo-req"; 5248 case ECHO_REPLY: return "echo-reply"; 5249 case DISC_REQ: return "discard-req"; 5250 } 5251 snprintf (buf, sizeof(buf), "cp/0x%x", type); 5252 return buf; 5253} 5254 5255static const char * 5256sppp_auth_type_name(u_short proto, u_char type) 5257{ 5258 static char buf[12]; 5259 switch (proto) { 5260 case PPP_CHAP: 5261 switch (type) { 5262 case CHAP_CHALLENGE: return "challenge"; 5263 case CHAP_RESPONSE: return "response"; 5264 case CHAP_SUCCESS: return "success"; 5265 case CHAP_FAILURE: return "failure"; 5266 } 5267 case PPP_PAP: 5268 switch (type) { 5269 case PAP_REQ: return "req"; 5270 case PAP_ACK: return "ack"; 5271 case PAP_NAK: return "nak"; 5272 } 5273 } 5274 snprintf (buf, sizeof(buf), "auth/0x%x", type); 5275 return buf; 5276} 5277 5278static const char * 5279sppp_lcp_opt_name(u_char opt) 5280{ 5281 static char buf[12]; 5282 switch (opt) { 5283 case LCP_OPT_MRU: return "mru"; 5284 case LCP_OPT_ASYNC_MAP: return "async-map"; 5285 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5286 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5287 case LCP_OPT_MAGIC: return "magic"; 5288 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5289 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5290 } 5291 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 5292 return buf; 5293} 5294 5295static const char * 5296sppp_ipcp_opt_name(u_char opt) 5297{ 5298 static char buf[12]; 5299 switch (opt) { 5300 case IPCP_OPT_ADDRESSES: return "addresses"; 5301 case IPCP_OPT_COMPRESSION: return "compression"; 5302 case IPCP_OPT_ADDRESS: return "address"; 5303 } 5304 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 5305 return buf; 5306} 5307 5308#ifdef INET6 5309static const char * 5310sppp_ipv6cp_opt_name(u_char opt) 5311{ 5312 static char buf[12]; 5313 switch (opt) { 5314 case IPV6CP_OPT_IFID: return "ifid"; 5315 case IPV6CP_OPT_COMPRESSION: return "compression"; 5316 } 5317 sprintf (buf, "0x%x", opt); 5318 return buf; 5319} 5320#endif 5321 5322static const char * 5323sppp_state_name(int state) 5324{ 5325 switch (state) { 5326 case STATE_INITIAL: return "initial"; 5327 case STATE_STARTING: return "starting"; 5328 case STATE_CLOSED: return "closed"; 5329 case STATE_STOPPED: return "stopped"; 5330 case STATE_CLOSING: return "closing"; 5331 case STATE_STOPPING: return "stopping"; 5332 case STATE_REQ_SENT: return "req-sent"; 5333 case STATE_ACK_RCVD: return "ack-rcvd"; 5334 case STATE_ACK_SENT: return "ack-sent"; 5335 case STATE_OPENED: return "opened"; 5336 } 5337 return "illegal"; 5338} 5339 5340static const char * 5341sppp_phase_name(enum ppp_phase phase) 5342{ 5343 switch (phase) { 5344 case PHASE_DEAD: return "dead"; 5345 case PHASE_ESTABLISH: return "establish"; 5346 case PHASE_TERMINATE: return "terminate"; 5347 case PHASE_AUTHENTICATE: return "authenticate"; 5348 case PHASE_NETWORK: return "network"; 5349 } 5350 return "illegal"; 5351} 5352 5353static const char * 5354sppp_proto_name(u_short proto) 5355{ 5356 static char buf[12]; 5357 switch (proto) { 5358 case PPP_LCP: return "lcp"; 5359 case PPP_IPCP: return "ipcp"; 5360 case PPP_PAP: return "pap"; 5361 case PPP_CHAP: return "chap"; 5362 case PPP_IPV6CP: return "ipv6cp"; 5363 } 5364 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5365 return buf; 5366} 5367 5368static void 5369sppp_print_bytes(const u_char *p, u_short len) 5370{ 5371 if (len) 5372 log(-1, " %*D", len, p, "-"); 5373} 5374 5375static void 5376sppp_print_string(const char *p, u_short len) 5377{ 5378 u_char c; 5379 5380 while (len-- > 0) { 5381 c = *p++; 5382 /* 5383 * Print only ASCII chars directly. RFC 1994 recommends 5384 * using only them, but we don't rely on it. */ 5385 if (c < ' ' || c > '~') 5386 log(-1, "\\x%x", c); 5387 else 5388 log(-1, "%c", c); 5389 } 5390} 5391 5392static const char * 5393sppp_dotted_quad(u_long addr) 5394{ 5395 static char s[16]; 5396 sprintf(s, "%d.%d.%d.%d", 5397 (int)((addr >> 24) & 0xff), 5398 (int)((addr >> 16) & 0xff), 5399 (int)((addr >> 8) & 0xff), 5400 (int)(addr & 0xff)); 5401 return s; 5402} 5403 5404static int 5405sppp_strnlen(u_char *p, int max) 5406{ 5407 int len; 5408 5409 for (len = 0; len < max && *p; ++p) 5410 ++len; 5411 return len; 5412} 5413 5414/* a dummy, used to drop uninteresting events */ 5415static void 5416sppp_null(struct sppp *unused) 5417{ 5418 /* do just nothing */ 5419} 5420