if_spppsubr.c revision 75321
1132718Skan/* 2132718Skan * Synchronous PPP/Cisco link level subroutines. 3132718Skan * Keepalive protocol implemented in both Cisco and PPP modes. 4132718Skan * 5132718Skan * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6132718Skan * Author: Serge Vakulenko, <vak@cronyx.ru> 7132718Skan * 8132718Skan * Heavily revamped to conform to RFC 1661. 9132718Skan * Copyright (C) 1997, Joerg Wunsch. 10132718Skan * 11132718Skan * This software is distributed with NO WARRANTIES, not even the implied 12132718Skan * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13132718Skan * 14132718Skan * Authors grant any other persons or organisations permission to use 15132718Skan * or modify this software as long as this message is kept with the software, 16132718Skan * all derivative works or modified versions. 17132718Skan * 18132718Skan * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 19132718Skan * 20132718Skan * $FreeBSD: head/sys/net/if_spppsubr.c 75321 2001-04-08 20:29:09Z joerg $ 21132718Skan */ 22132718Skan 23132718Skan#include <sys/param.h> 24132718Skan 25132718Skan#if defined(__FreeBSD__) && __FreeBSD__ >= 3 26132718Skan#include "opt_inet.h" 27132718Skan#include "opt_inet6.h" 28132718Skan#include "opt_ipx.h" 29132718Skan#endif 30132718Skan 31132718Skan#ifdef NetBSD1_3 32132718Skan# if NetBSD1_3 > 6 33132718Skan# include "opt_inet.h" 34132718Skan# include "opt_inet6.h" 35132718Skan# include "opt_iso.h" 36132718Skan# endif 37132718Skan#endif 38132718Skan 39132718Skan#include <sys/systm.h> 40132718Skan#include <sys/kernel.h> 41132718Skan#include <sys/module.h> 42132718Skan#include <sys/sockio.h> 43132718Skan#include <sys/socket.h> 44132718Skan#include <sys/syslog.h> 45132718Skan#if defined(__FreeBSD__) && __FreeBSD__ >= 3 46132718Skan#include <sys/random.h> 47132718Skan#endif 48132718Skan#include <sys/malloc.h> 49132718Skan#include <sys/mbuf.h> 50132718Skan 51132718Skan#if defined (__OpenBSD__) 52132718Skan#include <sys/md5k.h> 53132718Skan#else 54132718Skan#include <sys/md5.h> 55132718Skan#endif 56132718Skan 57132718Skan#include <net/if.h> 58132718Skan#include <net/netisr.h> 59132718Skan#include <net/if_types.h> 60132718Skan#include <net/route.h> 61132718Skan 62132718Skan#if defined (__NetBSD__) || defined (__OpenBSD__) 63132718Skan#include <machine/cpu.h> /* XXX for softnet */ 64132718Skan#endif 65132718Skan 66132718Skan#include <machine/stdarg.h> 67132718Skan 68132718Skan#ifdef INET 69#include <netinet/in.h> 70#include <netinet/in_systm.h> 71#include <netinet/in_var.h> 72#include <netinet/ip.h> 73#include <netinet/tcp.h> 74# if defined (__FreeBSD__) || defined (__OpenBSD__) 75# include <netinet/if_ether.h> 76# else 77# include <net/ethertypes.h> 78# endif 79#else 80# error Huh? sppp without INET? 81#endif 82 83#ifdef IPX 84#include <netipx/ipx.h> 85#include <netipx/ipx_if.h> 86#endif 87 88#ifdef NS 89#include <netns/ns.h> 90#include <netns/ns_if.h> 91#endif 92 93#include <net/if_sppp.h> 94 95#if defined(__FreeBSD__) && __FreeBSD__ >= 3 96# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg, handle) 97# define TIMEOUT(fun, arg1, arg2, handle) handle = timeout(fun, arg1, arg2) 98# define IOCTL_CMD_T u_long 99#else 100# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg) 101# define TIMEOUT(fun, arg1, arg2, handle) timeout(fun, arg1, arg2) 102# define IOCTL_CMD_T int 103#endif 104 105#define MAXALIVECNT 3 /* max. alive packets */ 106 107/* 108 * Interface flags that can be set in an ifconfig command. 109 * 110 * Setting link0 will make the link passive, i.e. it will be marked 111 * as being administrative openable, but won't be opened to begin 112 * with. Incoming calls will be answered, or subsequent calls with 113 * -link1 will cause the administrative open of the LCP layer. 114 * 115 * Setting link1 will cause the link to auto-dial only as packets 116 * arrive to be sent. 117 * 118 * Setting IFF_DEBUG will syslog the option negotiation and state 119 * transitions at level kern.debug. Note: all logs consistently look 120 * like 121 * 122 * <if-name><unit>: <proto-name> <additional info...> 123 * 124 * with <if-name><unit> being something like "bppp0", and <proto-name> 125 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 126 */ 127 128#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 129#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 130#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 131 132#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 133#define PPP_UI 0x03 /* Unnumbered Information */ 134#define PPP_IP 0x0021 /* Internet Protocol */ 135#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 136#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 137#define PPP_IPX 0x002b /* Novell IPX Protocol */ 138#define PPP_LCP 0xc021 /* Link Control Protocol */ 139#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 140#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 141#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 142 143#define CONF_REQ 1 /* PPP configure request */ 144#define CONF_ACK 2 /* PPP configure acknowledge */ 145#define CONF_NAK 3 /* PPP configure negative ack */ 146#define CONF_REJ 4 /* PPP configure reject */ 147#define TERM_REQ 5 /* PPP terminate request */ 148#define TERM_ACK 6 /* PPP terminate acknowledge */ 149#define CODE_REJ 7 /* PPP code reject */ 150#define PROTO_REJ 8 /* PPP protocol reject */ 151#define ECHO_REQ 9 /* PPP echo request */ 152#define ECHO_REPLY 10 /* PPP echo reply */ 153#define DISC_REQ 11 /* PPP discard request */ 154 155#define LCP_OPT_MRU 1 /* maximum receive unit */ 156#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 157#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 158#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 159#define LCP_OPT_MAGIC 5 /* magic number */ 160#define LCP_OPT_RESERVED 6 /* reserved */ 161#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 162#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 163 164#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 165#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 166#define IPCP_OPT_ADDRESS 3 /* local IP address */ 167 168#define PAP_REQ 1 /* PAP name/password request */ 169#define PAP_ACK 2 /* PAP acknowledge */ 170#define PAP_NAK 3 /* PAP fail */ 171 172#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 173#define CHAP_RESPONSE 2 /* CHAP challenge response */ 174#define CHAP_SUCCESS 3 /* CHAP response ok */ 175#define CHAP_FAILURE 4 /* CHAP response failed */ 176 177#define CHAP_MD5 5 /* hash algorithm - MD5 */ 178 179#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 180#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 181#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 182#define CISCO_ADDR_REQ 0 /* Cisco address request */ 183#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 184#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 185 186/* states are named and numbered according to RFC 1661 */ 187#define STATE_INITIAL 0 188#define STATE_STARTING 1 189#define STATE_CLOSED 2 190#define STATE_STOPPED 3 191#define STATE_CLOSING 4 192#define STATE_STOPPING 5 193#define STATE_REQ_SENT 6 194#define STATE_ACK_RCVD 7 195#define STATE_ACK_SENT 8 196#define STATE_OPENED 9 197 198struct ppp_header { 199 u_char address; 200 u_char control; 201 u_short protocol; 202}; 203#define PPP_HEADER_LEN sizeof (struct ppp_header) 204 205struct lcp_header { 206 u_char type; 207 u_char ident; 208 u_short len; 209}; 210#define LCP_HEADER_LEN sizeof (struct lcp_header) 211 212struct cisco_packet { 213 u_long type; 214 u_long par1; 215 u_long par2; 216 u_short rel; 217 u_short time0; 218 u_short time1; 219}; 220#define CISCO_PACKET_LEN 18 221 222/* 223 * We follow the spelling and capitalization of RFC 1661 here, to make 224 * it easier comparing with the standard. Please refer to this RFC in 225 * case you can't make sense out of these abbreviation; it will also 226 * explain the semantics related to the various events and actions. 227 */ 228struct cp { 229 u_short proto; /* PPP control protocol number */ 230 u_char protoidx; /* index into state table in struct sppp */ 231 u_char flags; 232#define CP_LCP 0x01 /* this is the LCP */ 233#define CP_AUTH 0x02 /* this is an authentication protocol */ 234#define CP_NCP 0x04 /* this is a NCP */ 235#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 236 const char *name; /* name of this control protocol */ 237 /* event handlers */ 238 void (*Up)(struct sppp *sp); 239 void (*Down)(struct sppp *sp); 240 void (*Open)(struct sppp *sp); 241 void (*Close)(struct sppp *sp); 242 void (*TO)(void *sp); 243 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 244 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 245 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 246 /* actions */ 247 void (*tlu)(struct sppp *sp); 248 void (*tld)(struct sppp *sp); 249 void (*tls)(struct sppp *sp); 250 void (*tlf)(struct sppp *sp); 251 void (*scr)(struct sppp *sp); 252}; 253 254static struct sppp *spppq; 255#if defined(__FreeBSD__) && __FreeBSD__ >= 3 256static struct callout_handle keepalive_ch; 257#endif 258 259#if defined(__FreeBSD__) && __FreeBSD__ >= 3 260#define SPP_FMT "%s%d: " 261#define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 262#else 263#define SPP_FMT "%s: " 264#define SPP_ARGS(ifp) (ifp)->if_xname 265#endif 266 267/* 268 * The following disgusting hack gets around the problem that IP TOS 269 * can't be set yet. We want to put "interactive" traffic on a high 270 * priority queue. To decide if traffic is interactive, we check that 271 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 272 * 273 * XXX is this really still necessary? - joerg - 274 */ 275static u_short interactive_ports[8] = { 276 0, 513, 0, 0, 277 0, 21, 0, 23, 278}; 279#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 280 281/* almost every function needs these */ 282#define STDDCL \ 283 struct ifnet *ifp = &sp->pp_if; \ 284 int debug = ifp->if_flags & IFF_DEBUG 285 286static int sppp_output(struct ifnet *ifp, struct mbuf *m, 287 struct sockaddr *dst, struct rtentry *rt); 288 289static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 290static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 291 292static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 293 struct mbuf *m); 294static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 295 u_char ident, u_short len, void *data); 296/* static void sppp_cp_timeout(void *arg); */ 297static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 298 int newstate); 299static void sppp_auth_send(const struct cp *cp, 300 struct sppp *sp, unsigned int type, unsigned int id, 301 ...); 302 303static void sppp_up_event(const struct cp *cp, struct sppp *sp); 304static void sppp_down_event(const struct cp *cp, struct sppp *sp); 305static void sppp_open_event(const struct cp *cp, struct sppp *sp); 306static void sppp_close_event(const struct cp *cp, struct sppp *sp); 307static void sppp_to_event(const struct cp *cp, struct sppp *sp); 308 309static void sppp_null(struct sppp *sp); 310 311static void sppp_lcp_init(struct sppp *sp); 312static void sppp_lcp_up(struct sppp *sp); 313static void sppp_lcp_down(struct sppp *sp); 314static void sppp_lcp_open(struct sppp *sp); 315static void sppp_lcp_close(struct sppp *sp); 316static void sppp_lcp_TO(void *sp); 317static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 318static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 319static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 320static void sppp_lcp_tlu(struct sppp *sp); 321static void sppp_lcp_tld(struct sppp *sp); 322static void sppp_lcp_tls(struct sppp *sp); 323static void sppp_lcp_tlf(struct sppp *sp); 324static void sppp_lcp_scr(struct sppp *sp); 325static void sppp_lcp_check_and_close(struct sppp *sp); 326static int sppp_ncp_check(struct sppp *sp); 327 328static void sppp_ipcp_init(struct sppp *sp); 329static void sppp_ipcp_up(struct sppp *sp); 330static void sppp_ipcp_down(struct sppp *sp); 331static void sppp_ipcp_open(struct sppp *sp); 332static void sppp_ipcp_close(struct sppp *sp); 333static void sppp_ipcp_TO(void *sp); 334static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 335static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 336static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 337static void sppp_ipcp_tlu(struct sppp *sp); 338static void sppp_ipcp_tld(struct sppp *sp); 339static void sppp_ipcp_tls(struct sppp *sp); 340static void sppp_ipcp_tlf(struct sppp *sp); 341static void sppp_ipcp_scr(struct sppp *sp); 342 343static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 344static void sppp_pap_init(struct sppp *sp); 345static void sppp_pap_open(struct sppp *sp); 346static void sppp_pap_close(struct sppp *sp); 347static void sppp_pap_TO(void *sp); 348static void sppp_pap_my_TO(void *sp); 349static void sppp_pap_tlu(struct sppp *sp); 350static void sppp_pap_tld(struct sppp *sp); 351static void sppp_pap_scr(struct sppp *sp); 352 353static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 354static void sppp_chap_init(struct sppp *sp); 355static void sppp_chap_open(struct sppp *sp); 356static void sppp_chap_close(struct sppp *sp); 357static void sppp_chap_TO(void *sp); 358static void sppp_chap_tlu(struct sppp *sp); 359static void sppp_chap_tld(struct sppp *sp); 360static void sppp_chap_scr(struct sppp *sp); 361 362static const char *sppp_auth_type_name(u_short proto, u_char type); 363static const char *sppp_cp_type_name(u_char type); 364static const char *sppp_dotted_quad(u_long addr); 365static const char *sppp_ipcp_opt_name(u_char opt); 366static const char *sppp_lcp_opt_name(u_char opt); 367static const char *sppp_phase_name(enum ppp_phase phase); 368static const char *sppp_proto_name(u_short proto); 369static const char *sppp_state_name(int state); 370static int sppp_params(struct sppp *sp, u_long cmd, void *data); 371static int sppp_strnlen(u_char *p, int max); 372static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 373 u_long *srcmask); 374static void sppp_keepalive(void *dummy); 375static void sppp_phase_network(struct sppp *sp); 376static void sppp_print_bytes(const u_char *p, u_short len); 377static void sppp_print_string(const char *p, u_short len); 378static void sppp_qflush(struct ifqueue *ifq); 379static void sppp_set_ip_addr(struct sppp *sp, u_long src); 380 381/* our control protocol descriptors */ 382static const struct cp lcp = { 383 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 384 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 385 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 386 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 387 sppp_lcp_scr 388}; 389 390static const struct cp ipcp = { 391 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp", 392 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 393 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 394 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 395 sppp_ipcp_scr 396}; 397 398static const struct cp pap = { 399 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 400 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 401 sppp_pap_TO, 0, 0, 0, 402 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 403 sppp_pap_scr 404}; 405 406static const struct cp chap = { 407 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 408 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 409 sppp_chap_TO, 0, 0, 0, 410 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 411 sppp_chap_scr 412}; 413 414static const struct cp *cps[IDX_COUNT] = { 415 &lcp, /* IDX_LCP */ 416 &ipcp, /* IDX_IPCP */ 417 &pap, /* IDX_PAP */ 418 &chap, /* IDX_CHAP */ 419}; 420 421static int 422sppp_modevent(module_t mod, int type, void *unused) 423{ 424 switch (type) { 425 case MOD_LOAD: 426 break; 427 case MOD_UNLOAD: 428 return EACCES; 429 break; 430 default: 431 break; 432 } 433 return 0; 434} 435static moduledata_t spppmod = { 436 "sppp", 437 sppp_modevent, 438 0 439}; 440MODULE_VERSION(sppp, 1); 441DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 442 443/* 444 * Exported functions, comprising our interface to the lower layer. 445 */ 446 447/* 448 * Process the received packet. 449 */ 450void 451sppp_input(struct ifnet *ifp, struct mbuf *m) 452{ 453 struct ppp_header *h; 454 struct ifqueue *inq = 0; 455 struct sppp *sp = (struct sppp *)ifp; 456 int debug = ifp->if_flags & IFF_DEBUG; 457 458 if (ifp->if_flags & IFF_UP) 459 /* Count received bytes, add FCS and one flag */ 460 ifp->if_ibytes += m->m_pkthdr.len + 3; 461 462 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 463 /* Too small packet, drop it. */ 464 if (debug) 465 log(LOG_DEBUG, 466 SPP_FMT "input packet is too small, %d bytes\n", 467 SPP_ARGS(ifp), m->m_pkthdr.len); 468 drop: 469 ++ifp->if_ierrors; 470 ++ifp->if_iqdrops; 471 m_freem (m); 472 return; 473 } 474 475 /* Get PPP header. */ 476 h = mtod (m, struct ppp_header*); 477 m_adj (m, PPP_HEADER_LEN); 478 479 switch (h->address) { 480 case PPP_ALLSTATIONS: 481 if (h->control != PPP_UI) 482 goto invalid; 483 if (sp->pp_mode == IFF_CISCO) { 484 if (debug) 485 log(LOG_DEBUG, 486 SPP_FMT "PPP packet in Cisco mode " 487 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 488 SPP_ARGS(ifp), 489 h->address, h->control, ntohs(h->protocol)); 490 goto drop; 491 } 492 switch (ntohs (h->protocol)) { 493 default: 494 if (debug) 495 log(LOG_DEBUG, 496 SPP_FMT "rejecting protocol " 497 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 498 SPP_ARGS(ifp), 499 h->address, h->control, ntohs(h->protocol)); 500 if (sp->state[IDX_LCP] == STATE_OPENED) 501 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 502 ++sp->pp_seq, m->m_pkthdr.len + 2, 503 &h->protocol); 504 ++ifp->if_noproto; 505 goto drop; 506 case PPP_LCP: 507 sppp_cp_input(&lcp, sp, m); 508 m_freem (m); 509 return; 510 case PPP_PAP: 511 if (sp->pp_phase >= PHASE_AUTHENTICATE) 512 sppp_pap_input(sp, m); 513 m_freem (m); 514 return; 515 case PPP_CHAP: 516 if (sp->pp_phase >= PHASE_AUTHENTICATE) 517 sppp_chap_input(sp, m); 518 m_freem (m); 519 return; 520#ifdef INET 521 case PPP_IPCP: 522 if (sp->pp_phase == PHASE_NETWORK) 523 sppp_cp_input(&ipcp, sp, m); 524 m_freem (m); 525 return; 526 case PPP_IP: 527 if (sp->state[IDX_IPCP] == STATE_OPENED) { 528 schednetisr (NETISR_IP); 529 inq = &ipintrq; 530 } 531 break; 532#endif 533#ifdef IPX 534 case PPP_IPX: 535 /* IPX IPXCP not implemented yet */ 536 if (sp->pp_phase == PHASE_NETWORK) { 537 schednetisr (NETISR_IPX); 538 inq = &ipxintrq; 539 } 540 break; 541#endif 542#ifdef NS 543 case PPP_XNS: 544 /* XNS IDPCP not implemented yet */ 545 if (sp->pp_phase == PHASE_NETWORK) { 546 schednetisr (NETISR_NS); 547 inq = &nsintrq; 548 } 549 break; 550#endif 551 } 552 break; 553 case CISCO_MULTICAST: 554 case CISCO_UNICAST: 555 /* Don't check the control field here (RFC 1547). */ 556 if (sp->pp_mode != IFF_CISCO) { 557 if (debug) 558 log(LOG_DEBUG, 559 SPP_FMT "Cisco packet in PPP mode " 560 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 561 SPP_ARGS(ifp), 562 h->address, h->control, ntohs(h->protocol)); 563 goto drop; 564 } 565 switch (ntohs (h->protocol)) { 566 default: 567 ++ifp->if_noproto; 568 goto invalid; 569 case CISCO_KEEPALIVE: 570 sppp_cisco_input ((struct sppp*) ifp, m); 571 m_freem (m); 572 return; 573#ifdef INET 574 case ETHERTYPE_IP: 575 schednetisr (NETISR_IP); 576 inq = &ipintrq; 577 break; 578#endif 579#ifdef INET6 580 case ETHERTYPE_IPV6: 581 schednetisr (NETISR_IPV6); 582 inq = &ip6intrq; 583 break; 584#endif 585#ifdef IPX 586 case ETHERTYPE_IPX: 587 schednetisr (NETISR_IPX); 588 inq = &ipxintrq; 589 break; 590#endif 591#ifdef NS 592 case ETHERTYPE_NS: 593 schednetisr (NETISR_NS); 594 inq = &nsintrq; 595 break; 596#endif 597 } 598 break; 599 default: /* Invalid PPP packet. */ 600 invalid: 601 if (debug) 602 log(LOG_DEBUG, 603 SPP_FMT "invalid input packet " 604 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 605 SPP_ARGS(ifp), 606 h->address, h->control, ntohs(h->protocol)); 607 goto drop; 608 } 609 610 if (! (ifp->if_flags & IFF_UP) || ! inq) 611 goto drop; 612 613 /* Check queue. */ 614 if (! IF_HANDOFF(inq, m, NULL)) { 615 if (debug) 616 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 617 SPP_ARGS(ifp)); 618 goto drop; 619 } 620} 621 622/* 623 * Enqueue transmit packet. 624 */ 625static int 626sppp_output(struct ifnet *ifp, struct mbuf *m, 627 struct sockaddr *dst, struct rtentry *rt) 628{ 629 struct sppp *sp = (struct sppp*) ifp; 630 struct ppp_header *h; 631 struct ifqueue *ifq; 632 int s, rv = 0; 633 int debug = ifp->if_flags & IFF_DEBUG; 634 635 s = splimp(); 636 637 if ((ifp->if_flags & IFF_UP) == 0 || 638 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 639 m_freem (m); 640 splx (s); 641 return (ENETDOWN); 642 } 643 644 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 645 /* 646 * Interface is not yet running, but auto-dial. Need 647 * to start LCP for it. 648 */ 649 ifp->if_flags |= IFF_RUNNING; 650 splx(s); 651 lcp.Open(sp); 652 s = splimp(); 653 } 654 655 ifq = &ifp->if_snd; 656#ifdef INET 657 if (dst->sa_family == AF_INET) { 658 /* XXX Check mbuf length here? */ 659 struct ip *ip = mtod (m, struct ip*); 660 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 661 662 /* 663 * When using dynamic local IP address assignment by using 664 * 0.0.0.0 as a local address, the first TCP session will 665 * not connect because the local TCP checksum is computed 666 * using 0.0.0.0 which will later become our real IP address 667 * so the TCP checksum computed at the remote end will 668 * become invalid. So we 669 * - don't let packets with src ip addr 0 thru 670 * - we flag TCP packets with src ip 0 as an error 671 */ 672 673 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 674 { 675 m_freem(m); 676 splx(s); 677 if(ip->ip_p == IPPROTO_TCP) 678 return(EADDRNOTAVAIL); 679 else 680 return(0); 681 } 682 683 /* 684 * Put low delay, telnet, rlogin and ftp control packets 685 * in front of the queue. 686 */ 687 if (_IF_QFULL(&sp->pp_fastq)) 688 ; 689 else if (ip->ip_tos & IPTOS_LOWDELAY) 690 ifq = &sp->pp_fastq; 691 else if (m->m_len < sizeof *ip + sizeof *tcp) 692 ; 693 else if (ip->ip_p != IPPROTO_TCP) 694 ; 695 else if (INTERACTIVE (ntohs (tcp->th_sport))) 696 ifq = &sp->pp_fastq; 697 else if (INTERACTIVE (ntohs (tcp->th_dport))) 698 ifq = &sp->pp_fastq; 699 } 700#endif 701 702 /* 703 * Prepend general data packet PPP header. For now, IP only. 704 */ 705 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 706 if (! m) { 707 if (debug) 708 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 709 SPP_ARGS(ifp)); 710 ++ifp->if_oerrors; 711 splx (s); 712 return (ENOBUFS); 713 } 714 /* 715 * May want to check size of packet 716 * (albeit due to the implementation it's always enough) 717 */ 718 h = mtod (m, struct ppp_header*); 719 if (sp->pp_mode == IFF_CISCO) { 720 h->address = CISCO_UNICAST; /* unicast address */ 721 h->control = 0; 722 } else { 723 h->address = PPP_ALLSTATIONS; /* broadcast address */ 724 h->control = PPP_UI; /* Unnumbered Info */ 725 } 726 727 switch (dst->sa_family) { 728#ifdef INET 729 case AF_INET: /* Internet Protocol */ 730 if (sp->pp_mode == IFF_CISCO) 731 h->protocol = htons (ETHERTYPE_IP); 732 else { 733 /* 734 * Don't choke with an ENETDOWN early. It's 735 * possible that we just started dialing out, 736 * so don't drop the packet immediately. If 737 * we notice that we run out of buffer space 738 * below, we will however remember that we are 739 * not ready to carry IP packets, and return 740 * ENETDOWN, as opposed to ENOBUFS. 741 */ 742 h->protocol = htons(PPP_IP); 743 if (sp->state[IDX_IPCP] != STATE_OPENED) 744 rv = ENETDOWN; 745 } 746 break; 747#endif 748#ifdef INET6 749 case AF_INET6: /* Internet Protocol */ 750 if (sp->pp_mode == IFF_CISCO) 751 h->protocol = htons (ETHERTYPE_IPV6); 752 else { 753 goto nosupport; 754 } 755 break; 756#endif 757#ifdef NS 758 case AF_NS: /* Xerox NS Protocol */ 759 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 760 ETHERTYPE_NS : PPP_XNS); 761 break; 762#endif 763#ifdef IPX 764 case AF_IPX: /* Novell IPX Protocol */ 765 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 766 ETHERTYPE_IPX : PPP_IPX); 767 break; 768#endif 769nosupport: 770 default: 771 m_freem (m); 772 ++ifp->if_oerrors; 773 splx (s); 774 return (EAFNOSUPPORT); 775 } 776 777 /* 778 * Queue message on interface, and start output if interface 779 * not yet active. Also adjust output byte count. 780 * The packet length includes header, FCS and 1 flag, 781 * according to RFC 1333. 782 */ 783 if (! IF_HANDOFF_ADJ(ifq, m, ifp, 3)) { 784 ++ifp->if_oerrors; 785 return (rv? rv: ENOBUFS); 786 } 787 return (0); 788} 789 790void 791sppp_attach(struct ifnet *ifp) 792{ 793 struct sppp *sp = (struct sppp*) ifp; 794 795 /* Initialize keepalive handler. */ 796 if (! spppq) 797 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 798 799 /* Insert new entry into the keepalive list. */ 800 sp->pp_next = spppq; 801 spppq = sp; 802 803 sp->pp_if.if_mtu = PP_MTU; 804 sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 805 sp->pp_if.if_type = IFT_PPP; 806 sp->pp_if.if_output = sppp_output; 807#if 0 808 sp->pp_flags = PP_KEEPALIVE; 809#endif 810 sp->pp_if.if_snd.ifq_maxlen = 32; 811 sp->pp_fastq.ifq_maxlen = 32; 812 sp->pp_cpq.ifq_maxlen = 20; 813 sp->pp_loopcnt = 0; 814 sp->pp_alivecnt = 0; 815 sp->pp_seq = 0; 816 sp->pp_rseq = 0; 817 sp->pp_phase = PHASE_DEAD; 818 sp->pp_up = lcp.Up; 819 sp->pp_down = lcp.Down; 820 mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", MTX_DEF); 821 mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", MTX_DEF); 822 823 sppp_lcp_init(sp); 824 sppp_ipcp_init(sp); 825 sppp_pap_init(sp); 826 sppp_chap_init(sp); 827} 828 829void 830sppp_detach(struct ifnet *ifp) 831{ 832 struct sppp **q, *p, *sp = (struct sppp*) ifp; 833 int i; 834 835 /* Remove the entry from the keepalive list. */ 836 for (q = &spppq; (p = *q); q = &p->pp_next) 837 if (p == sp) { 838 *q = p->pp_next; 839 break; 840 } 841 842 /* Stop keepalive handler. */ 843 if (! spppq) 844 UNTIMEOUT(sppp_keepalive, 0, keepalive_ch); 845 846 for (i = 0; i < IDX_COUNT; i++) 847 UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]); 848 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 849 mtx_destroy(&sp->pp_cpq.ifq_mtx); 850 mtx_destroy(&sp->pp_fastq.ifq_mtx); 851} 852 853/* 854 * Flush the interface output queue. 855 */ 856void 857sppp_flush(struct ifnet *ifp) 858{ 859 struct sppp *sp = (struct sppp*) ifp; 860 861 sppp_qflush (&sp->pp_if.if_snd); 862 sppp_qflush (&sp->pp_fastq); 863 sppp_qflush (&sp->pp_cpq); 864} 865 866/* 867 * Check if the output queue is empty. 868 */ 869int 870sppp_isempty(struct ifnet *ifp) 871{ 872 struct sppp *sp = (struct sppp*) ifp; 873 int empty, s; 874 875 s = splimp(); 876 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 877 !sp->pp_if.if_snd.ifq_head; 878 splx(s); 879 return (empty); 880} 881 882/* 883 * Get next packet to send. 884 */ 885struct mbuf * 886sppp_dequeue(struct ifnet *ifp) 887{ 888 struct sppp *sp = (struct sppp*) ifp; 889 struct mbuf *m; 890 int s; 891 892 s = splimp(); 893 /* 894 * Process only the control protocol queue until we have at 895 * least one NCP open. 896 * 897 * Do always serve all three queues in Cisco mode. 898 */ 899 IF_DEQUEUE(&sp->pp_cpq, m); 900 if (m == NULL && 901 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO)) { 902 IF_DEQUEUE(&sp->pp_fastq, m); 903 if (m == NULL) 904 IF_DEQUEUE (&sp->pp_if.if_snd, m); 905 } 906 splx(s); 907 return m; 908} 909 910/* 911 * Pick the next packet, do not remove it from the queue. 912 */ 913struct mbuf * 914sppp_pick(struct ifnet *ifp) 915{ 916 struct sppp *sp = (struct sppp*)ifp; 917 struct mbuf *m; 918 int s; 919 920 s= splimp (); 921 922 m = sp->pp_cpq.ifq_head; 923 if (m == NULL && 924 (sp->pp_phase == PHASE_NETWORK || sp->pp_mode == IFF_CISCO)) 925 if ((m = sp->pp_fastq.ifq_head) == NULL) 926 m = sp->pp_if.if_snd.ifq_head; 927 splx (s); 928 return (m); 929} 930 931/* 932 * Process an ioctl request. Called on low priority level. 933 */ 934int 935sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 936{ 937 struct ifreq *ifr = (struct ifreq*) data; 938 struct sppp *sp = (struct sppp*) ifp; 939 int s, rv, going_up, going_down, newmode; 940 941 s = splimp(); 942 rv = 0; 943 switch (cmd) { 944 case SIOCAIFADDR: 945 case SIOCSIFDSTADDR: 946 break; 947 948 case SIOCSIFADDR: 949 if_up(ifp); 950 /* fall through... */ 951 952 case SIOCSIFFLAGS: 953 going_up = ifp->if_flags & IFF_UP && 954 (ifp->if_flags & IFF_RUNNING) == 0; 955 going_down = (ifp->if_flags & IFF_UP) == 0 && 956 ifp->if_flags & IFF_RUNNING; 957 958 newmode = ifp->if_flags & IFF_PASSIVE; 959 if (!newmode) 960 newmode = ifp->if_flags & IFF_AUTO; 961 if (!newmode) 962 newmode = ifp->if_flags & IFF_CISCO; 963 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 964 ifp->if_flags |= newmode; 965 966 if (newmode != sp->pp_mode) { 967 going_down = 1; 968 if (!going_up) 969 going_up = ifp->if_flags & IFF_RUNNING; 970 } 971 972 if (going_down) { 973 if (sp->pp_mode != IFF_CISCO) 974 lcp.Close(sp); 975 else if (sp->pp_tlf) 976 (sp->pp_tlf)(sp); 977 sppp_flush(ifp); 978 ifp->if_flags &= ~IFF_RUNNING; 979 sp->pp_mode = newmode; 980 } 981 982 if (going_up) { 983 if (sp->pp_mode != IFF_CISCO) 984 lcp.Close(sp); 985 sp->pp_mode = newmode; 986 if (sp->pp_mode == 0) { 987 ifp->if_flags |= IFF_RUNNING; 988 lcp.Open(sp); 989 } 990 if (sp->pp_mode == IFF_CISCO) { 991 if (sp->pp_tls) 992 (sp->pp_tls)(sp); 993 ifp->if_flags |= IFF_RUNNING; 994 } 995 } 996 997 break; 998 999#ifdef SIOCSIFMTU 1000#ifndef ifr_mtu 1001#define ifr_mtu ifr_metric 1002#endif 1003 case SIOCSIFMTU: 1004 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1005 return (EINVAL); 1006 ifp->if_mtu = ifr->ifr_mtu; 1007 break; 1008#endif 1009#ifdef SLIOCSETMTU 1010 case SLIOCSETMTU: 1011 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1012 return (EINVAL); 1013 ifp->if_mtu = *(short*)data; 1014 break; 1015#endif 1016#ifdef SIOCGIFMTU 1017 case SIOCGIFMTU: 1018 ifr->ifr_mtu = ifp->if_mtu; 1019 break; 1020#endif 1021#ifdef SLIOCGETMTU 1022 case SLIOCGETMTU: 1023 *(short*)data = ifp->if_mtu; 1024 break; 1025#endif 1026 case SIOCADDMULTI: 1027 case SIOCDELMULTI: 1028 break; 1029 1030 case SIOCGIFGENERIC: 1031 case SIOCSIFGENERIC: 1032 rv = sppp_params(sp, cmd, data); 1033 break; 1034 1035 default: 1036 rv = ENOTTY; 1037 } 1038 splx(s); 1039 return rv; 1040} 1041 1042/* 1043 * Cisco framing implementation. 1044 */ 1045 1046/* 1047 * Handle incoming Cisco keepalive protocol packets. 1048 */ 1049static void 1050sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1051{ 1052 STDDCL; 1053 struct cisco_packet *h; 1054 u_long me, mymask; 1055 1056 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1057 if (debug) 1058 log(LOG_DEBUG, 1059 SPP_FMT "cisco invalid packet length: %d bytes\n", 1060 SPP_ARGS(ifp), m->m_pkthdr.len); 1061 return; 1062 } 1063 h = mtod (m, struct cisco_packet*); 1064 if (debug) 1065 log(LOG_DEBUG, 1066 SPP_FMT "cisco input: %d bytes " 1067 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1068 SPP_ARGS(ifp), m->m_pkthdr.len, 1069 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1070 (u_int)h->time0, (u_int)h->time1); 1071 switch (ntohl (h->type)) { 1072 default: 1073 if (debug) 1074 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1075 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1076 break; 1077 case CISCO_ADDR_REPLY: 1078 /* Reply on address request, ignore */ 1079 break; 1080 case CISCO_KEEPALIVE_REQ: 1081 sp->pp_alivecnt = 0; 1082 sp->pp_rseq = ntohl (h->par1); 1083 if (sp->pp_seq == sp->pp_rseq) { 1084 /* Local and remote sequence numbers are equal. 1085 * Probably, the line is in loopback mode. */ 1086 if (sp->pp_loopcnt >= MAXALIVECNT) { 1087 printf (SPP_FMT "loopback\n", 1088 SPP_ARGS(ifp)); 1089 sp->pp_loopcnt = 0; 1090 if (ifp->if_flags & IFF_UP) { 1091 if_down (ifp); 1092 sppp_qflush (&sp->pp_cpq); 1093 } 1094 } 1095 ++sp->pp_loopcnt; 1096 1097 /* Generate new local sequence number */ 1098#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1099 sp->pp_seq = random(); 1100#else 1101 sp->pp_seq ^= time.tv_sec ^ time.tv_usec; 1102#endif 1103 break; 1104 } 1105 sp->pp_loopcnt = 0; 1106 if (! (ifp->if_flags & IFF_UP) && 1107 (ifp->if_flags & IFF_RUNNING)) { 1108 if_up(ifp); 1109 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1110 } 1111 break; 1112 case CISCO_ADDR_REQ: 1113 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1114 if (me != 0L) 1115 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1116 break; 1117 } 1118} 1119 1120/* 1121 * Send Cisco keepalive packet. 1122 */ 1123static void 1124sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1125{ 1126 STDDCL; 1127 struct ppp_header *h; 1128 struct cisco_packet *ch; 1129 struct mbuf *m; 1130#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1131 struct timeval tv; 1132#else 1133 u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1134#endif 1135 1136#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1137 getmicrouptime(&tv); 1138#endif 1139 1140 MGETHDR (m, M_DONTWAIT, MT_DATA); 1141 if (! m) 1142 return; 1143 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1144 m->m_pkthdr.rcvif = 0; 1145 1146 h = mtod (m, struct ppp_header*); 1147 h->address = CISCO_MULTICAST; 1148 h->control = 0; 1149 h->protocol = htons (CISCO_KEEPALIVE); 1150 1151 ch = (struct cisco_packet*) (h + 1); 1152 ch->type = htonl (type); 1153 ch->par1 = htonl (par1); 1154 ch->par2 = htonl (par2); 1155 ch->rel = -1; 1156 1157#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1158 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1159 ch->time1 = htons ((u_short) tv.tv_sec); 1160#else 1161 ch->time0 = htons ((u_short) (t >> 16)); 1162 ch->time1 = htons ((u_short) t); 1163#endif 1164 1165 if (debug) 1166 log(LOG_DEBUG, 1167 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1168 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1169 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1170 1171 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1172 ifp->if_oerrors++; 1173} 1174 1175/* 1176 * PPP protocol implementation. 1177 */ 1178 1179/* 1180 * Send PPP control protocol packet. 1181 */ 1182static void 1183sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1184 u_char ident, u_short len, void *data) 1185{ 1186 STDDCL; 1187 struct ppp_header *h; 1188 struct lcp_header *lh; 1189 struct mbuf *m; 1190 1191 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1192 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1193 MGETHDR (m, M_DONTWAIT, MT_DATA); 1194 if (! m) 1195 return; 1196 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1197 m->m_pkthdr.rcvif = 0; 1198 1199 h = mtod (m, struct ppp_header*); 1200 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1201 h->control = PPP_UI; /* Unnumbered Info */ 1202 h->protocol = htons (proto); /* Link Control Protocol */ 1203 1204 lh = (struct lcp_header*) (h + 1); 1205 lh->type = type; 1206 lh->ident = ident; 1207 lh->len = htons (LCP_HEADER_LEN + len); 1208 if (len) 1209 bcopy (data, lh+1, len); 1210 1211 if (debug) { 1212 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1213 SPP_ARGS(ifp), 1214 sppp_proto_name(proto), 1215 sppp_cp_type_name (lh->type), lh->ident, 1216 ntohs (lh->len)); 1217 sppp_print_bytes ((u_char*) (lh+1), len); 1218 log(-1, ">\n"); 1219 } 1220 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1221 ifp->if_oerrors++; 1222} 1223 1224/* 1225 * Handle incoming PPP control protocol packets. 1226 */ 1227static void 1228sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1229{ 1230 STDDCL; 1231 struct lcp_header *h; 1232 int len = m->m_pkthdr.len; 1233 int rv; 1234 u_char *p; 1235 1236 if (len < 4) { 1237 if (debug) 1238 log(LOG_DEBUG, 1239 SPP_FMT "%s invalid packet length: %d bytes\n", 1240 SPP_ARGS(ifp), cp->name, len); 1241 return; 1242 } 1243 h = mtod (m, struct lcp_header*); 1244 if (debug) { 1245 log(LOG_DEBUG, 1246 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1247 SPP_ARGS(ifp), cp->name, 1248 sppp_state_name(sp->state[cp->protoidx]), 1249 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1250 sppp_print_bytes ((u_char*) (h+1), len-4); 1251 log(-1, ">\n"); 1252 } 1253 if (len > ntohs (h->len)) 1254 len = ntohs (h->len); 1255 p = (u_char *)(h + 1); 1256 switch (h->type) { 1257 case CONF_REQ: 1258 if (len < 4) { 1259 if (debug) 1260 log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1261 SPP_ARGS(ifp), cp->name, 1262 len); 1263 ++ifp->if_ierrors; 1264 break; 1265 } 1266 /* handle states where RCR doesn't get a SCA/SCN */ 1267 switch (sp->state[cp->protoidx]) { 1268 case STATE_CLOSING: 1269 case STATE_STOPPING: 1270 return; 1271 case STATE_CLOSED: 1272 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1273 0, 0); 1274 return; 1275 } 1276 rv = (cp->RCR)(sp, h, len); 1277 switch (sp->state[cp->protoidx]) { 1278 case STATE_OPENED: 1279 (cp->tld)(sp); 1280 (cp->scr)(sp); 1281 /* fall through... */ 1282 case STATE_ACK_SENT: 1283 case STATE_REQ_SENT: 1284 /* 1285 * sppp_cp_change_state() have the side effect of 1286 * restarting the timeouts. We want to avoid that 1287 * if the state don't change, otherwise we won't 1288 * ever timeout and resend a configuration request 1289 * that got lost. 1290 */ 1291 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1292 STATE_REQ_SENT)) 1293 break; 1294 sppp_cp_change_state(cp, sp, rv? 1295 STATE_ACK_SENT: STATE_REQ_SENT); 1296 break; 1297 case STATE_STOPPED: 1298 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1299 (cp->scr)(sp); 1300 sppp_cp_change_state(cp, sp, rv? 1301 STATE_ACK_SENT: STATE_REQ_SENT); 1302 break; 1303 case STATE_ACK_RCVD: 1304 if (rv) { 1305 sppp_cp_change_state(cp, sp, STATE_OPENED); 1306 if (debug) 1307 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1308 SPP_ARGS(ifp), 1309 cp->name); 1310 (cp->tlu)(sp); 1311 } else 1312 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1313 break; 1314 default: 1315 printf(SPP_FMT "%s illegal %s in state %s\n", 1316 SPP_ARGS(ifp), cp->name, 1317 sppp_cp_type_name(h->type), 1318 sppp_state_name(sp->state[cp->protoidx])); 1319 ++ifp->if_ierrors; 1320 } 1321 break; 1322 case CONF_ACK: 1323 if (h->ident != sp->confid[cp->protoidx]) { 1324 if (debug) 1325 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1326 SPP_ARGS(ifp), cp->name, 1327 h->ident, sp->confid[cp->protoidx]); 1328 ++ifp->if_ierrors; 1329 break; 1330 } 1331 switch (sp->state[cp->protoidx]) { 1332 case STATE_CLOSED: 1333 case STATE_STOPPED: 1334 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1335 break; 1336 case STATE_CLOSING: 1337 case STATE_STOPPING: 1338 break; 1339 case STATE_REQ_SENT: 1340 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1341 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1342 break; 1343 case STATE_OPENED: 1344 (cp->tld)(sp); 1345 /* fall through */ 1346 case STATE_ACK_RCVD: 1347 (cp->scr)(sp); 1348 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1349 break; 1350 case STATE_ACK_SENT: 1351 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1352 sppp_cp_change_state(cp, sp, STATE_OPENED); 1353 if (debug) 1354 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1355 SPP_ARGS(ifp), cp->name); 1356 (cp->tlu)(sp); 1357 break; 1358 default: 1359 printf(SPP_FMT "%s illegal %s in state %s\n", 1360 SPP_ARGS(ifp), cp->name, 1361 sppp_cp_type_name(h->type), 1362 sppp_state_name(sp->state[cp->protoidx])); 1363 ++ifp->if_ierrors; 1364 } 1365 break; 1366 case CONF_NAK: 1367 case CONF_REJ: 1368 if (h->ident != sp->confid[cp->protoidx]) { 1369 if (debug) 1370 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1371 SPP_ARGS(ifp), cp->name, 1372 h->ident, sp->confid[cp->protoidx]); 1373 ++ifp->if_ierrors; 1374 break; 1375 } 1376 if (h->type == CONF_NAK) 1377 (cp->RCN_nak)(sp, h, len); 1378 else /* CONF_REJ */ 1379 (cp->RCN_rej)(sp, h, len); 1380 1381 switch (sp->state[cp->protoidx]) { 1382 case STATE_CLOSED: 1383 case STATE_STOPPED: 1384 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1385 break; 1386 case STATE_REQ_SENT: 1387 case STATE_ACK_SENT: 1388 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1389 /* 1390 * Slow things down a bit if we think we might be 1391 * in loopback. Depend on the timeout to send the 1392 * next configuration request. 1393 */ 1394 if (sp->pp_loopcnt) 1395 break; 1396 (cp->scr)(sp); 1397 break; 1398 case STATE_OPENED: 1399 (cp->tld)(sp); 1400 /* fall through */ 1401 case STATE_ACK_RCVD: 1402 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1403 (cp->scr)(sp); 1404 break; 1405 case STATE_CLOSING: 1406 case STATE_STOPPING: 1407 break; 1408 default: 1409 printf(SPP_FMT "%s illegal %s in state %s\n", 1410 SPP_ARGS(ifp), cp->name, 1411 sppp_cp_type_name(h->type), 1412 sppp_state_name(sp->state[cp->protoidx])); 1413 ++ifp->if_ierrors; 1414 } 1415 break; 1416 1417 case TERM_REQ: 1418 switch (sp->state[cp->protoidx]) { 1419 case STATE_ACK_RCVD: 1420 case STATE_ACK_SENT: 1421 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1422 /* fall through */ 1423 case STATE_CLOSED: 1424 case STATE_STOPPED: 1425 case STATE_CLOSING: 1426 case STATE_STOPPING: 1427 case STATE_REQ_SENT: 1428 sta: 1429 /* Send Terminate-Ack packet. */ 1430 if (debug) 1431 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1432 SPP_ARGS(ifp), cp->name); 1433 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1434 break; 1435 case STATE_OPENED: 1436 (cp->tld)(sp); 1437 sp->rst_counter[cp->protoidx] = 0; 1438 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1439 goto sta; 1440 break; 1441 default: 1442 printf(SPP_FMT "%s illegal %s in state %s\n", 1443 SPP_ARGS(ifp), cp->name, 1444 sppp_cp_type_name(h->type), 1445 sppp_state_name(sp->state[cp->protoidx])); 1446 ++ifp->if_ierrors; 1447 } 1448 break; 1449 case TERM_ACK: 1450 switch (sp->state[cp->protoidx]) { 1451 case STATE_CLOSED: 1452 case STATE_STOPPED: 1453 case STATE_REQ_SENT: 1454 case STATE_ACK_SENT: 1455 break; 1456 case STATE_CLOSING: 1457 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1458 (cp->tlf)(sp); 1459 break; 1460 case STATE_STOPPING: 1461 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1462 (cp->tlf)(sp); 1463 break; 1464 case STATE_ACK_RCVD: 1465 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1466 break; 1467 case STATE_OPENED: 1468 (cp->tld)(sp); 1469 (cp->scr)(sp); 1470 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1471 break; 1472 default: 1473 printf(SPP_FMT "%s illegal %s in state %s\n", 1474 SPP_ARGS(ifp), cp->name, 1475 sppp_cp_type_name(h->type), 1476 sppp_state_name(sp->state[cp->protoidx])); 1477 ++ifp->if_ierrors; 1478 } 1479 break; 1480 case CODE_REJ: 1481 case PROTO_REJ: 1482 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1483 log(LOG_INFO, 1484 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1485 "danger will robinson\n", 1486 SPP_ARGS(ifp), cp->name, 1487 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1488 switch (sp->state[cp->protoidx]) { 1489 case STATE_CLOSED: 1490 case STATE_STOPPED: 1491 case STATE_REQ_SENT: 1492 case STATE_ACK_SENT: 1493 case STATE_CLOSING: 1494 case STATE_STOPPING: 1495 case STATE_OPENED: 1496 break; 1497 case STATE_ACK_RCVD: 1498 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1499 break; 1500 default: 1501 printf(SPP_FMT "%s illegal %s in state %s\n", 1502 SPP_ARGS(ifp), cp->name, 1503 sppp_cp_type_name(h->type), 1504 sppp_state_name(sp->state[cp->protoidx])); 1505 ++ifp->if_ierrors; 1506 } 1507 break; 1508 case DISC_REQ: 1509 if (cp->proto != PPP_LCP) 1510 goto illegal; 1511 /* Discard the packet. */ 1512 break; 1513 case ECHO_REQ: 1514 if (cp->proto != PPP_LCP) 1515 goto illegal; 1516 if (sp->state[cp->protoidx] != STATE_OPENED) { 1517 if (debug) 1518 log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1519 SPP_ARGS(ifp)); 1520 ++ifp->if_ierrors; 1521 break; 1522 } 1523 if (len < 8) { 1524 if (debug) 1525 log(-1, SPP_FMT "invalid lcp echo request " 1526 "packet length: %d bytes\n", 1527 SPP_ARGS(ifp), len); 1528 break; 1529 } 1530 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1531 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1532 /* Line loopback mode detected. */ 1533 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1534 sp->pp_loopcnt = MAXALIVECNT * 5; 1535 if_down (ifp); 1536 sppp_qflush (&sp->pp_cpq); 1537 1538 /* Shut down the PPP link. */ 1539 /* XXX */ 1540 lcp.Down(sp); 1541 lcp.Up(sp); 1542 break; 1543 } 1544 *(long*)(h+1) = htonl (sp->lcp.magic); 1545 if (debug) 1546 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1547 SPP_ARGS(ifp)); 1548 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1549 break; 1550 case ECHO_REPLY: 1551 if (cp->proto != PPP_LCP) 1552 goto illegal; 1553 if (h->ident != sp->lcp.echoid) { 1554 ++ifp->if_ierrors; 1555 break; 1556 } 1557 if (len < 8) { 1558 if (debug) 1559 log(-1, SPP_FMT "lcp invalid echo reply " 1560 "packet length: %d bytes\n", 1561 SPP_ARGS(ifp), len); 1562 break; 1563 } 1564 if (debug) 1565 log(-1, SPP_FMT "lcp got echo rep\n", 1566 SPP_ARGS(ifp)); 1567 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1568 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1569 sp->pp_alivecnt = 0; 1570 break; 1571 default: 1572 /* Unknown packet type -- send Code-Reject packet. */ 1573 illegal: 1574 if (debug) 1575 log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1576 SPP_ARGS(ifp), cp->name, h->type); 1577 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq, 1578 m->m_pkthdr.len, h); 1579 ++ifp->if_ierrors; 1580 } 1581} 1582 1583 1584/* 1585 * The generic part of all Up/Down/Open/Close/TO event handlers. 1586 * Basically, the state transition handling in the automaton. 1587 */ 1588static void 1589sppp_up_event(const struct cp *cp, struct sppp *sp) 1590{ 1591 STDDCL; 1592 1593 if (debug) 1594 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1595 SPP_ARGS(ifp), cp->name, 1596 sppp_state_name(sp->state[cp->protoidx])); 1597 1598 switch (sp->state[cp->protoidx]) { 1599 case STATE_INITIAL: 1600 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1601 break; 1602 case STATE_STARTING: 1603 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1604 (cp->scr)(sp); 1605 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1606 break; 1607 default: 1608 printf(SPP_FMT "%s illegal up in state %s\n", 1609 SPP_ARGS(ifp), cp->name, 1610 sppp_state_name(sp->state[cp->protoidx])); 1611 } 1612} 1613 1614static void 1615sppp_down_event(const struct cp *cp, struct sppp *sp) 1616{ 1617 STDDCL; 1618 1619 if (debug) 1620 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1621 SPP_ARGS(ifp), cp->name, 1622 sppp_state_name(sp->state[cp->protoidx])); 1623 1624 switch (sp->state[cp->protoidx]) { 1625 case STATE_CLOSED: 1626 case STATE_CLOSING: 1627 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1628 break; 1629 case STATE_STOPPED: 1630 sppp_cp_change_state(cp, sp, STATE_STARTING); 1631 (cp->tls)(sp); 1632 break; 1633 case STATE_STOPPING: 1634 case STATE_REQ_SENT: 1635 case STATE_ACK_RCVD: 1636 case STATE_ACK_SENT: 1637 sppp_cp_change_state(cp, sp, STATE_STARTING); 1638 break; 1639 case STATE_OPENED: 1640 (cp->tld)(sp); 1641 sppp_cp_change_state(cp, sp, STATE_STARTING); 1642 break; 1643 default: 1644 printf(SPP_FMT "%s illegal down in state %s\n", 1645 SPP_ARGS(ifp), cp->name, 1646 sppp_state_name(sp->state[cp->protoidx])); 1647 } 1648} 1649 1650 1651static void 1652sppp_open_event(const struct cp *cp, struct sppp *sp) 1653{ 1654 STDDCL; 1655 1656 if (debug) 1657 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1658 SPP_ARGS(ifp), cp->name, 1659 sppp_state_name(sp->state[cp->protoidx])); 1660 1661 switch (sp->state[cp->protoidx]) { 1662 case STATE_INITIAL: 1663 sppp_cp_change_state(cp, sp, STATE_STARTING); 1664 (cp->tls)(sp); 1665 break; 1666 case STATE_STARTING: 1667 break; 1668 case STATE_CLOSED: 1669 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1670 (cp->scr)(sp); 1671 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1672 break; 1673 case STATE_STOPPED: 1674 /* 1675 * Try escaping stopped state. This seems to bite 1676 * people occasionally, in particular for IPCP, 1677 * presumably following previous IPCP negotiation 1678 * aborts. Somehow, we must have missed a Down event 1679 * which would have caused a transition into starting 1680 * state, so as a bandaid we force the Down event now. 1681 * This effectively implements (something like the) 1682 * `restart' option mentioned in the state transition 1683 * table of RFC 1661. 1684 */ 1685 sppp_cp_change_state(cp, sp, STATE_STARTING); 1686 (cp->tls)(sp); 1687 break; 1688 case STATE_STOPPING: 1689 case STATE_REQ_SENT: 1690 case STATE_ACK_RCVD: 1691 case STATE_ACK_SENT: 1692 case STATE_OPENED: 1693 break; 1694 case STATE_CLOSING: 1695 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1696 break; 1697 } 1698} 1699 1700 1701static void 1702sppp_close_event(const struct cp *cp, struct sppp *sp) 1703{ 1704 STDDCL; 1705 1706 if (debug) 1707 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1708 SPP_ARGS(ifp), cp->name, 1709 sppp_state_name(sp->state[cp->protoidx])); 1710 1711 switch (sp->state[cp->protoidx]) { 1712 case STATE_INITIAL: 1713 case STATE_CLOSED: 1714 case STATE_CLOSING: 1715 break; 1716 case STATE_STARTING: 1717 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1718 (cp->tlf)(sp); 1719 break; 1720 case STATE_STOPPED: 1721 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1722 break; 1723 case STATE_STOPPING: 1724 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1725 break; 1726 case STATE_OPENED: 1727 (cp->tld)(sp); 1728 /* fall through */ 1729 case STATE_REQ_SENT: 1730 case STATE_ACK_RCVD: 1731 case STATE_ACK_SENT: 1732 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1733 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1734 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1735 break; 1736 } 1737} 1738 1739static void 1740sppp_to_event(const struct cp *cp, struct sppp *sp) 1741{ 1742 STDDCL; 1743 int s; 1744 1745 s = splimp(); 1746 if (debug) 1747 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1748 SPP_ARGS(ifp), cp->name, 1749 sppp_state_name(sp->state[cp->protoidx]), 1750 sp->rst_counter[cp->protoidx]); 1751 1752 if (--sp->rst_counter[cp->protoidx] < 0) 1753 /* TO- event */ 1754 switch (sp->state[cp->protoidx]) { 1755 case STATE_CLOSING: 1756 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1757 (cp->tlf)(sp); 1758 break; 1759 case STATE_STOPPING: 1760 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1761 (cp->tlf)(sp); 1762 break; 1763 case STATE_REQ_SENT: 1764 case STATE_ACK_RCVD: 1765 case STATE_ACK_SENT: 1766 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1767 (cp->tlf)(sp); 1768 break; 1769 } 1770 else 1771 /* TO+ event */ 1772 switch (sp->state[cp->protoidx]) { 1773 case STATE_CLOSING: 1774 case STATE_STOPPING: 1775 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 1776 0, 0); 1777 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1778 sp->ch[cp->protoidx]); 1779 break; 1780 case STATE_REQ_SENT: 1781 case STATE_ACK_RCVD: 1782 (cp->scr)(sp); 1783 /* sppp_cp_change_state() will restart the timer */ 1784 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1785 break; 1786 case STATE_ACK_SENT: 1787 (cp->scr)(sp); 1788 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1789 sp->ch[cp->protoidx]); 1790 break; 1791 } 1792 1793 splx(s); 1794} 1795 1796/* 1797 * Change the state of a control protocol in the state automaton. 1798 * Takes care of starting/stopping the restart timer. 1799 */ 1800void 1801sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1802{ 1803 sp->state[cp->protoidx] = newstate; 1804 1805 UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 1806 switch (newstate) { 1807 case STATE_INITIAL: 1808 case STATE_STARTING: 1809 case STATE_CLOSED: 1810 case STATE_STOPPED: 1811 case STATE_OPENED: 1812 break; 1813 case STATE_CLOSING: 1814 case STATE_STOPPING: 1815 case STATE_REQ_SENT: 1816 case STATE_ACK_RCVD: 1817 case STATE_ACK_SENT: 1818 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1819 sp->ch[cp->protoidx]); 1820 break; 1821 } 1822} 1823 1824/* 1825 *--------------------------------------------------------------------------* 1826 * * 1827 * The LCP implementation. * 1828 * * 1829 *--------------------------------------------------------------------------* 1830 */ 1831static void 1832sppp_lcp_init(struct sppp *sp) 1833{ 1834 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1835 sp->lcp.magic = 0; 1836 sp->state[IDX_LCP] = STATE_INITIAL; 1837 sp->fail_counter[IDX_LCP] = 0; 1838 sp->lcp.protos = 0; 1839 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 1840 1841 /* Note that these values are relevant for all control protocols */ 1842 sp->lcp.timeout = 3 * hz; 1843 sp->lcp.max_terminate = 2; 1844 sp->lcp.max_configure = 10; 1845 sp->lcp.max_failure = 10; 1846#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1847 callout_handle_init(&sp->ch[IDX_LCP]); 1848#endif 1849} 1850 1851static void 1852sppp_lcp_up(struct sppp *sp) 1853{ 1854 STDDCL; 1855 1856 sp->pp_alivecnt = 0; 1857 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1858 sp->lcp.magic = 0; 1859 sp->lcp.protos = 0; 1860 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 1861 /* 1862 * If we are authenticator, negotiate LCP_AUTH 1863 */ 1864 if (sp->hisauth.proto != 0) 1865 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 1866 else 1867 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1868 sp->pp_flags &= ~PP_NEEDAUTH; 1869 /* 1870 * If this interface is passive or dial-on-demand, and we are 1871 * still in Initial state, it means we've got an incoming 1872 * call. Activate the interface. 1873 */ 1874 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 1875 if (debug) 1876 log(LOG_DEBUG, 1877 SPP_FMT "Up event", SPP_ARGS(ifp)); 1878 ifp->if_flags |= IFF_RUNNING; 1879 if (sp->state[IDX_LCP] == STATE_INITIAL) { 1880 if (debug) 1881 log(-1, "(incoming call)\n"); 1882 sp->pp_flags |= PP_CALLIN; 1883 lcp.Open(sp); 1884 } else if (debug) 1885 log(-1, "\n"); 1886 } 1887 1888 sppp_up_event(&lcp, sp); 1889} 1890 1891static void 1892sppp_lcp_down(struct sppp *sp) 1893{ 1894 STDDCL; 1895 1896 sppp_down_event(&lcp, sp); 1897 1898 /* 1899 * If this is neither a dial-on-demand nor a passive 1900 * interface, simulate an ``ifconfig down'' action, so the 1901 * administrator can force a redial by another ``ifconfig 1902 * up''. XXX For leased line operation, should we immediately 1903 * try to reopen the connection here? 1904 */ 1905 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 1906 log(LOG_INFO, 1907 SPP_FMT "Down event, taking interface down.\n", 1908 SPP_ARGS(ifp)); 1909 if_down(ifp); 1910 } else { 1911 if (debug) 1912 log(LOG_DEBUG, 1913 SPP_FMT "Down event (carrier loss)\n", 1914 SPP_ARGS(ifp)); 1915 sp->pp_flags &= ~PP_CALLIN; 1916 if (sp->state[IDX_LCP] != STATE_INITIAL) 1917 lcp.Close(sp); 1918 ifp->if_flags &= ~IFF_RUNNING; 1919 } 1920} 1921 1922static void 1923sppp_lcp_open(struct sppp *sp) 1924{ 1925 sppp_open_event(&lcp, sp); 1926} 1927 1928static void 1929sppp_lcp_close(struct sppp *sp) 1930{ 1931 sppp_close_event(&lcp, sp); 1932} 1933 1934static void 1935sppp_lcp_TO(void *cookie) 1936{ 1937 sppp_to_event(&lcp, (struct sppp *)cookie); 1938} 1939 1940/* 1941 * Analyze a configure request. Return true if it was agreeable, and 1942 * caused action sca, false if it has been rejected or nak'ed, and 1943 * caused action scn. (The return value is used to make the state 1944 * transition decision in the state automaton.) 1945 */ 1946static int 1947sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 1948{ 1949 STDDCL; 1950 u_char *buf, *r, *p; 1951 int origlen, rlen; 1952 u_long nmagic; 1953 u_short authproto; 1954 1955 len -= 4; 1956 origlen = len; 1957 buf = r = malloc (len, M_TEMP, M_NOWAIT); 1958 if (! buf) 1959 return (0); 1960 1961 if (debug) 1962 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 1963 SPP_ARGS(ifp)); 1964 1965 /* pass 1: check for things that need to be rejected */ 1966 p = (void*) (h+1); 1967 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 1968 if (debug) 1969 log(-1, " %s ", sppp_lcp_opt_name(*p)); 1970 switch (*p) { 1971 case LCP_OPT_MAGIC: 1972 /* Magic number. */ 1973 if (len >= 6 && p[1] == 6) 1974 continue; 1975 if (debug) 1976 log(-1, "[invalid] "); 1977 break; 1978 case LCP_OPT_ASYNC_MAP: 1979 /* Async control character map. */ 1980 if (len >= 6 && p[1] == 6) 1981 continue; 1982 if (debug) 1983 log(-1, "[invalid] "); 1984 break; 1985 case LCP_OPT_MRU: 1986 /* Maximum receive unit. */ 1987 if (len >= 4 && p[1] == 4) 1988 continue; 1989 if (debug) 1990 log(-1, "[invalid] "); 1991 break; 1992 case LCP_OPT_AUTH_PROTO: 1993 if (len < 4) { 1994 if (debug) 1995 log(-1, "[invalid] "); 1996 break; 1997 } 1998 authproto = (p[2] << 8) + p[3]; 1999 if (authproto == PPP_CHAP && p[1] != 5) { 2000 if (debug) 2001 log(-1, "[invalid chap len] "); 2002 break; 2003 } 2004 if (sp->myauth.proto == 0) { 2005 /* we are not configured to do auth */ 2006 if (debug) 2007 log(-1, "[not configured] "); 2008 break; 2009 } 2010 /* 2011 * Remote want us to authenticate, remember this, 2012 * so we stay in PHASE_AUTHENTICATE after LCP got 2013 * up. 2014 */ 2015 sp->pp_flags |= PP_NEEDAUTH; 2016 continue; 2017 default: 2018 /* Others not supported. */ 2019 if (debug) 2020 log(-1, "[rej] "); 2021 break; 2022 } 2023 /* Add the option to rejected list. */ 2024 bcopy (p, r, p[1]); 2025 r += p[1]; 2026 rlen += p[1]; 2027 } 2028 if (rlen) { 2029 if (debug) 2030 log(-1, " send conf-rej\n"); 2031 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2032 return 0; 2033 } else if (debug) 2034 log(-1, "\n"); 2035 2036 /* 2037 * pass 2: check for option values that are unacceptable and 2038 * thus require to be nak'ed. 2039 */ 2040 if (debug) 2041 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2042 SPP_ARGS(ifp)); 2043 2044 p = (void*) (h+1); 2045 len = origlen; 2046 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2047 if (debug) 2048 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2049 switch (*p) { 2050 case LCP_OPT_MAGIC: 2051 /* Magic number -- extract. */ 2052 nmagic = (u_long)p[2] << 24 | 2053 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2054 if (nmagic != sp->lcp.magic) { 2055 sp->pp_loopcnt = 0; 2056 if (debug) 2057 log(-1, "0x%lx ", nmagic); 2058 continue; 2059 } 2060 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2061 log(-1, "[glitch] "); 2062 ++sp->pp_loopcnt; 2063 /* 2064 * We negate our magic here, and NAK it. If 2065 * we see it later in an NAK packet, we 2066 * suggest a new one. 2067 */ 2068 nmagic = ~sp->lcp.magic; 2069 /* Gonna NAK it. */ 2070 p[2] = nmagic >> 24; 2071 p[3] = nmagic >> 16; 2072 p[4] = nmagic >> 8; 2073 p[5] = nmagic; 2074 break; 2075 2076 case LCP_OPT_ASYNC_MAP: 2077 /* Async control character map -- check to be zero. */ 2078 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 2079 if (debug) 2080 log(-1, "[empty] "); 2081 continue; 2082 } 2083 if (debug) 2084 log(-1, "[non-empty] "); 2085 /* suggest a zero one */ 2086 p[2] = p[3] = p[4] = p[5] = 0; 2087 break; 2088 2089 case LCP_OPT_MRU: 2090 /* 2091 * Maximum receive unit. Always agreeable, 2092 * but ignored by now. 2093 */ 2094 sp->lcp.their_mru = p[2] * 256 + p[3]; 2095 if (debug) 2096 log(-1, "%lu ", sp->lcp.their_mru); 2097 continue; 2098 2099 case LCP_OPT_AUTH_PROTO: 2100 authproto = (p[2] << 8) + p[3]; 2101 if (sp->myauth.proto != authproto) { 2102 /* not agreed, nak */ 2103 if (debug) 2104 log(-1, "[mine %s != his %s] ", 2105 sppp_proto_name(sp->hisauth.proto), 2106 sppp_proto_name(authproto)); 2107 p[2] = sp->myauth.proto >> 8; 2108 p[3] = sp->myauth.proto; 2109 break; 2110 } 2111 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2112 if (debug) 2113 log(-1, "[chap not MD5] "); 2114 p[4] = CHAP_MD5; 2115 break; 2116 } 2117 continue; 2118 } 2119 /* Add the option to nak'ed list. */ 2120 bcopy (p, r, p[1]); 2121 r += p[1]; 2122 rlen += p[1]; 2123 } 2124 if (rlen) { 2125 /* 2126 * Local and remote magics equal -- loopback? 2127 */ 2128 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2129 if (sp->pp_loopcnt == MAXALIVECNT*5) 2130 printf (SPP_FMT "loopback\n", 2131 SPP_ARGS(ifp)); 2132 if (ifp->if_flags & IFF_UP) { 2133 if_down(ifp); 2134 sppp_qflush(&sp->pp_cpq); 2135 /* XXX ? */ 2136 lcp.Down(sp); 2137 lcp.Up(sp); 2138 } 2139 } else if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2140 if (debug) 2141 log(-1, " max_failure (%d) exceeded, " 2142 "send conf-rej\n", 2143 sp->lcp.max_failure); 2144 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2145 } else { 2146 if (debug) 2147 log(-1, " send conf-nak\n"); 2148 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2149 } 2150 } else { 2151 if (debug) 2152 log(-1, " send conf-ack\n"); 2153 sp->fail_counter[IDX_LCP] = 0; 2154 sp->pp_loopcnt = 0; 2155 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2156 h->ident, origlen, h+1); 2157 } 2158 2159 free (buf, M_TEMP); 2160 return (rlen == 0); 2161} 2162 2163/* 2164 * Analyze the LCP Configure-Reject option list, and adjust our 2165 * negotiation. 2166 */ 2167static void 2168sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2169{ 2170 STDDCL; 2171 u_char *buf, *p; 2172 2173 len -= 4; 2174 buf = malloc (len, M_TEMP, M_NOWAIT); 2175 if (!buf) 2176 return; 2177 2178 if (debug) 2179 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2180 SPP_ARGS(ifp)); 2181 2182 p = (void*) (h+1); 2183 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2184 if (debug) 2185 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2186 switch (*p) { 2187 case LCP_OPT_MAGIC: 2188 /* Magic number -- can't use it, use 0 */ 2189 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2190 sp->lcp.magic = 0; 2191 break; 2192 case LCP_OPT_MRU: 2193 /* 2194 * Should not be rejected anyway, since we only 2195 * negotiate a MRU if explicitly requested by 2196 * peer. 2197 */ 2198 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2199 break; 2200 case LCP_OPT_AUTH_PROTO: 2201 /* 2202 * Peer doesn't want to authenticate himself, 2203 * deny unless this is a dialout call, and 2204 * AUTHFLAG_NOCALLOUT is set. 2205 */ 2206 if ((sp->pp_flags & PP_CALLIN) == 0 && 2207 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2208 if (debug) 2209 log(-1, "[don't insist on auth " 2210 "for callout]"); 2211 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2212 break; 2213 } 2214 if (debug) 2215 log(-1, "[access denied]\n"); 2216 lcp.Close(sp); 2217 break; 2218 } 2219 } 2220 if (debug) 2221 log(-1, "\n"); 2222 free (buf, M_TEMP); 2223 return; 2224} 2225 2226/* 2227 * Analyze the LCP Configure-NAK option list, and adjust our 2228 * negotiation. 2229 */ 2230static void 2231sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2232{ 2233 STDDCL; 2234 u_char *buf, *p; 2235 u_long magic; 2236 2237 len -= 4; 2238 buf = malloc (len, M_TEMP, M_NOWAIT); 2239 if (!buf) 2240 return; 2241 2242 if (debug) 2243 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2244 SPP_ARGS(ifp)); 2245 2246 p = (void*) (h+1); 2247 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2248 if (debug) 2249 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2250 switch (*p) { 2251 case LCP_OPT_MAGIC: 2252 /* Magic number -- renegotiate */ 2253 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2254 len >= 6 && p[1] == 6) { 2255 magic = (u_long)p[2] << 24 | 2256 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2257 /* 2258 * If the remote magic is our negated one, 2259 * this looks like a loopback problem. 2260 * Suggest a new magic to make sure. 2261 */ 2262 if (magic == ~sp->lcp.magic) { 2263 if (debug) 2264 log(-1, "magic glitch "); 2265#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2266 sp->lcp.magic = random(); 2267#else 2268 sp->lcp.magic = time.tv_sec + time.tv_usec; 2269#endif 2270 } else { 2271 sp->lcp.magic = magic; 2272 if (debug) 2273 log(-1, "%lu ", magic); 2274 } 2275 } 2276 break; 2277 case LCP_OPT_MRU: 2278 /* 2279 * Peer wants to advise us to negotiate an MRU. 2280 * Agree on it if it's reasonable, or use 2281 * default otherwise. 2282 */ 2283 if (len >= 4 && p[1] == 4) { 2284 u_int mru = p[2] * 256 + p[3]; 2285 if (debug) 2286 log(-1, "%d ", mru); 2287 if (mru < PP_MTU || mru > PP_MAX_MRU) 2288 mru = PP_MTU; 2289 sp->lcp.mru = mru; 2290 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2291 } 2292 break; 2293 case LCP_OPT_AUTH_PROTO: 2294 /* 2295 * Peer doesn't like our authentication method, 2296 * deny. 2297 */ 2298 if (debug) 2299 log(-1, "[access denied]\n"); 2300 lcp.Close(sp); 2301 break; 2302 } 2303 } 2304 if (debug) 2305 log(-1, "\n"); 2306 free (buf, M_TEMP); 2307 return; 2308} 2309 2310static void 2311sppp_lcp_tlu(struct sppp *sp) 2312{ 2313 STDDCL; 2314 int i; 2315 u_long mask; 2316 2317 /* XXX ? */ 2318 if (! (ifp->if_flags & IFF_UP) && 2319 (ifp->if_flags & IFF_RUNNING)) { 2320 /* Coming out of loopback mode. */ 2321 if_up(ifp); 2322 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2323 } 2324 2325 for (i = 0; i < IDX_COUNT; i++) 2326 if ((cps[i])->flags & CP_QUAL) 2327 (cps[i])->Open(sp); 2328 2329 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2330 (sp->pp_flags & PP_NEEDAUTH) != 0) 2331 sp->pp_phase = PHASE_AUTHENTICATE; 2332 else 2333 sp->pp_phase = PHASE_NETWORK; 2334 2335 if (debug) 2336 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2337 sppp_phase_name(sp->pp_phase)); 2338 2339 /* 2340 * Open all authentication protocols. This is even required 2341 * if we already proceeded to network phase, since it might be 2342 * that remote wants us to authenticate, so we might have to 2343 * send a PAP request. Undesired authentication protocols 2344 * don't do anything when they get an Open event. 2345 */ 2346 for (i = 0; i < IDX_COUNT; i++) 2347 if ((cps[i])->flags & CP_AUTH) 2348 (cps[i])->Open(sp); 2349 2350 if (sp->pp_phase == PHASE_NETWORK) { 2351 /* Notify all NCPs. */ 2352 for (i = 0; i < IDX_COUNT; i++) 2353 if ((cps[i])->flags & CP_NCP) 2354 (cps[i])->Open(sp); 2355 } 2356 2357 /* Send Up events to all started protos. */ 2358 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2359 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2360 (cps[i])->Up(sp); 2361 2362 /* notify low-level driver of state change */ 2363 if (sp->pp_chg) 2364 sp->pp_chg(sp, (int)sp->pp_phase); 2365 2366 if (sp->pp_phase == PHASE_NETWORK) 2367 /* if no NCP is starting, close down */ 2368 sppp_lcp_check_and_close(sp); 2369} 2370 2371static void 2372sppp_lcp_tld(struct sppp *sp) 2373{ 2374 STDDCL; 2375 int i; 2376 u_long mask; 2377 2378 sp->pp_phase = PHASE_TERMINATE; 2379 2380 if (debug) 2381 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2382 sppp_phase_name(sp->pp_phase)); 2383 2384 /* 2385 * Take upper layers down. We send the Down event first and 2386 * the Close second to prevent the upper layers from sending 2387 * ``a flurry of terminate-request packets'', as the RFC 2388 * describes it. 2389 */ 2390 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2391 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2392 (cps[i])->Down(sp); 2393 (cps[i])->Close(sp); 2394 } 2395} 2396 2397static void 2398sppp_lcp_tls(struct sppp *sp) 2399{ 2400 STDDCL; 2401 2402 sp->pp_phase = PHASE_ESTABLISH; 2403 2404 if (debug) 2405 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2406 sppp_phase_name(sp->pp_phase)); 2407 2408 /* Notify lower layer if desired. */ 2409 if (sp->pp_tls) 2410 (sp->pp_tls)(sp); 2411 else 2412 (sp->pp_up)(sp); 2413} 2414 2415static void 2416sppp_lcp_tlf(struct sppp *sp) 2417{ 2418 STDDCL; 2419 2420 sp->pp_phase = PHASE_DEAD; 2421 if (debug) 2422 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2423 sppp_phase_name(sp->pp_phase)); 2424 2425 /* Notify lower layer if desired. */ 2426 if (sp->pp_tlf) 2427 (sp->pp_tlf)(sp); 2428 else 2429 (sp->pp_down)(sp); 2430} 2431 2432static void 2433sppp_lcp_scr(struct sppp *sp) 2434{ 2435 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2436 int i = 0; 2437 u_short authproto; 2438 2439 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2440 if (! sp->lcp.magic) 2441#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2442 sp->lcp.magic = random(); 2443#else 2444 sp->lcp.magic = time.tv_sec + time.tv_usec; 2445#endif 2446 opt[i++] = LCP_OPT_MAGIC; 2447 opt[i++] = 6; 2448 opt[i++] = sp->lcp.magic >> 24; 2449 opt[i++] = sp->lcp.magic >> 16; 2450 opt[i++] = sp->lcp.magic >> 8; 2451 opt[i++] = sp->lcp.magic; 2452 } 2453 2454 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2455 opt[i++] = LCP_OPT_MRU; 2456 opt[i++] = 4; 2457 opt[i++] = sp->lcp.mru >> 8; 2458 opt[i++] = sp->lcp.mru; 2459 } 2460 2461 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2462 authproto = sp->hisauth.proto; 2463 opt[i++] = LCP_OPT_AUTH_PROTO; 2464 opt[i++] = authproto == PPP_CHAP? 5: 4; 2465 opt[i++] = authproto >> 8; 2466 opt[i++] = authproto; 2467 if (authproto == PPP_CHAP) 2468 opt[i++] = CHAP_MD5; 2469 } 2470 2471 sp->confid[IDX_LCP] = ++sp->pp_seq; 2472 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2473} 2474 2475/* 2476 * Check the open NCPs, return true if at least one NCP is open. 2477 */ 2478static int 2479sppp_ncp_check(struct sppp *sp) 2480{ 2481 int i, mask; 2482 2483 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2484 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2485 return 1; 2486 return 0; 2487} 2488 2489/* 2490 * Re-check the open NCPs and see if we should terminate the link. 2491 * Called by the NCPs during their tlf action handling. 2492 */ 2493static void 2494sppp_lcp_check_and_close(struct sppp *sp) 2495{ 2496 2497 if (sp->pp_phase < PHASE_NETWORK) 2498 /* don't bother, we are already going down */ 2499 return; 2500 2501 if (sppp_ncp_check(sp)) 2502 return; 2503 2504 lcp.Close(sp); 2505} 2506 2507/* 2508 *--------------------------------------------------------------------------* 2509 * * 2510 * The IPCP implementation. * 2511 * * 2512 *--------------------------------------------------------------------------* 2513 */ 2514 2515static void 2516sppp_ipcp_init(struct sppp *sp) 2517{ 2518 sp->ipcp.opts = 0; 2519 sp->ipcp.flags = 0; 2520 sp->state[IDX_IPCP] = STATE_INITIAL; 2521 sp->fail_counter[IDX_IPCP] = 0; 2522#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2523 callout_handle_init(&sp->ch[IDX_IPCP]); 2524#endif 2525} 2526 2527static void 2528sppp_ipcp_up(struct sppp *sp) 2529{ 2530 sppp_up_event(&ipcp, sp); 2531} 2532 2533static void 2534sppp_ipcp_down(struct sppp *sp) 2535{ 2536 sppp_down_event(&ipcp, sp); 2537} 2538 2539static void 2540sppp_ipcp_open(struct sppp *sp) 2541{ 2542 STDDCL; 2543 u_long myaddr, hisaddr; 2544 2545 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN); 2546 2547 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2548 /* 2549 * If we don't have his address, this probably means our 2550 * interface doesn't want to talk IP at all. (This could 2551 * be the case if somebody wants to speak only IPX, for 2552 * example.) Don't open IPCP in this case. 2553 */ 2554 if (hisaddr == 0L) { 2555 /* XXX this message should go away */ 2556 if (debug) 2557 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2558 SPP_ARGS(ifp)); 2559 return; 2560 } 2561 2562 if (myaddr == 0L) { 2563 /* 2564 * I don't have an assigned address, so i need to 2565 * negotiate my address. 2566 */ 2567 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2568 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2569 } else 2570 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2571 sppp_open_event(&ipcp, sp); 2572} 2573 2574static void 2575sppp_ipcp_close(struct sppp *sp) 2576{ 2577 sppp_close_event(&ipcp, sp); 2578 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2579 /* 2580 * My address was dynamic, clear it again. 2581 */ 2582 sppp_set_ip_addr(sp, 0L); 2583} 2584 2585static void 2586sppp_ipcp_TO(void *cookie) 2587{ 2588 sppp_to_event(&ipcp, (struct sppp *)cookie); 2589} 2590 2591/* 2592 * Analyze a configure request. Return true if it was agreeable, and 2593 * caused action sca, false if it has been rejected or nak'ed, and 2594 * caused action scn. (The return value is used to make the state 2595 * transition decision in the state automaton.) 2596 */ 2597static int 2598sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2599{ 2600 u_char *buf, *r, *p; 2601 struct ifnet *ifp = &sp->pp_if; 2602 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2603 u_long hisaddr, desiredaddr; 2604 int gotmyaddr = 0; 2605 2606 len -= 4; 2607 origlen = len; 2608 /* 2609 * Make sure to allocate a buf that can at least hold a 2610 * conf-nak with an `address' option. We might need it below. 2611 */ 2612 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2613 if (! buf) 2614 return (0); 2615 2616 /* pass 1: see if we can recognize them */ 2617 if (debug) 2618 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2619 SPP_ARGS(ifp)); 2620 p = (void*) (h+1); 2621 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2622 if (debug) 2623 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2624 switch (*p) { 2625 case IPCP_OPT_ADDRESS: 2626 if (len >= 6 && p[1] == 6) { 2627 /* correctly formed address option */ 2628 continue; 2629 } 2630 if (debug) 2631 log(-1, "[invalid] "); 2632 break; 2633 default: 2634 /* Others not supported. */ 2635 if (debug) 2636 log(-1, "[rej] "); 2637 break; 2638 } 2639 /* Add the option to rejected list. */ 2640 bcopy (p, r, p[1]); 2641 r += p[1]; 2642 rlen += p[1]; 2643 } 2644 if (rlen) { 2645 if (debug) 2646 log(-1, " send conf-rej\n"); 2647 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2648 return 0; 2649 } else if (debug) 2650 log(-1, "\n"); 2651 2652 /* pass 2: parse option values */ 2653 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2654 if (debug) 2655 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2656 SPP_ARGS(ifp)); 2657 p = (void*) (h+1); 2658 len = origlen; 2659 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2660 if (debug) 2661 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2662 switch (*p) { 2663 case IPCP_OPT_ADDRESS: 2664 /* This is the address he wants in his end */ 2665 desiredaddr = p[2] << 24 | p[3] << 16 | 2666 p[4] << 8 | p[5]; 2667 if (desiredaddr == hisaddr || 2668 (hisaddr == 1 && desiredaddr != 0)) { 2669 /* 2670 * Peer's address is same as our value, 2671 * or we have set it to 0.0.0.1 to 2672 * indicate that we do not really care, 2673 * this is agreeable. Gonna conf-ack 2674 * it. 2675 */ 2676 if (debug) 2677 log(-1, "%s [ack] ", 2678 sppp_dotted_quad(hisaddr)); 2679 /* record that we've seen it already */ 2680 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2681 continue; 2682 } 2683 /* 2684 * The address wasn't agreeable. This is either 2685 * he sent us 0.0.0.0, asking to assign him an 2686 * address, or he send us another address not 2687 * matching our value. Either case, we gonna 2688 * conf-nak it with our value. 2689 * XXX: we should "rej" if hisaddr == 0 2690 */ 2691 if (debug) { 2692 if (desiredaddr == 0) 2693 log(-1, "[addr requested] "); 2694 else 2695 log(-1, "%s [not agreed] ", 2696 sppp_dotted_quad(desiredaddr)); 2697 2698 } 2699 p[2] = hisaddr >> 24; 2700 p[3] = hisaddr >> 16; 2701 p[4] = hisaddr >> 8; 2702 p[5] = hisaddr; 2703 break; 2704 } 2705 /* Add the option to nak'ed list. */ 2706 bcopy (p, r, p[1]); 2707 r += p[1]; 2708 rlen += p[1]; 2709 } 2710 2711 /* 2712 * If we are about to conf-ack the request, but haven't seen 2713 * his address so far, gonna conf-nak it instead, with the 2714 * `address' option present and our idea of his address being 2715 * filled in there, to request negotiation of both addresses. 2716 * 2717 * XXX This can result in an endless req - nak loop if peer 2718 * doesn't want to send us his address. Q: What should we do 2719 * about it? XXX A: implement the max-failure counter. 2720 */ 2721 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 2722 buf[0] = IPCP_OPT_ADDRESS; 2723 buf[1] = 6; 2724 buf[2] = hisaddr >> 24; 2725 buf[3] = hisaddr >> 16; 2726 buf[4] = hisaddr >> 8; 2727 buf[5] = hisaddr; 2728 rlen = 6; 2729 if (debug) 2730 log(-1, "still need hisaddr "); 2731 } 2732 2733 if (rlen) { 2734 if (debug) 2735 log(-1, " send conf-nak\n"); 2736 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2737 } else { 2738 if (debug) 2739 log(-1, " send conf-ack\n"); 2740 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2741 h->ident, origlen, h+1); 2742 } 2743 2744 free (buf, M_TEMP); 2745 return (rlen == 0); 2746} 2747 2748/* 2749 * Analyze the IPCP Configure-Reject option list, and adjust our 2750 * negotiation. 2751 */ 2752static void 2753sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2754{ 2755 u_char *buf, *p; 2756 struct ifnet *ifp = &sp->pp_if; 2757 int debug = ifp->if_flags & IFF_DEBUG; 2758 2759 len -= 4; 2760 buf = malloc (len, M_TEMP, M_NOWAIT); 2761 if (!buf) 2762 return; 2763 2764 if (debug) 2765 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 2766 SPP_ARGS(ifp)); 2767 2768 p = (void*) (h+1); 2769 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2770 if (debug) 2771 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2772 switch (*p) { 2773 case IPCP_OPT_ADDRESS: 2774 /* 2775 * Peer doesn't grok address option. This is 2776 * bad. XXX Should we better give up here? 2777 * XXX We could try old "addresses" option... 2778 */ 2779 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 2780 break; 2781 } 2782 } 2783 if (debug) 2784 log(-1, "\n"); 2785 free (buf, M_TEMP); 2786 return; 2787} 2788 2789/* 2790 * Analyze the IPCP Configure-NAK option list, and adjust our 2791 * negotiation. 2792 */ 2793static void 2794sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2795{ 2796 u_char *buf, *p; 2797 struct ifnet *ifp = &sp->pp_if; 2798 int debug = ifp->if_flags & IFF_DEBUG; 2799 u_long wantaddr; 2800 2801 len -= 4; 2802 buf = malloc (len, M_TEMP, M_NOWAIT); 2803 if (!buf) 2804 return; 2805 2806 if (debug) 2807 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 2808 SPP_ARGS(ifp)); 2809 2810 p = (void*) (h+1); 2811 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2812 if (debug) 2813 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2814 switch (*p) { 2815 case IPCP_OPT_ADDRESS: 2816 /* 2817 * Peer doesn't like our local IP address. See 2818 * if we can do something for him. We'll drop 2819 * him our address then. 2820 */ 2821 if (len >= 6 && p[1] == 6) { 2822 wantaddr = p[2] << 24 | p[3] << 16 | 2823 p[4] << 8 | p[5]; 2824 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2825 if (debug) 2826 log(-1, "[wantaddr %s] ", 2827 sppp_dotted_quad(wantaddr)); 2828 /* 2829 * When doing dynamic address assignment, 2830 * we accept his offer. Otherwise, we 2831 * ignore it and thus continue to negotiate 2832 * our already existing value. 2833 * XXX: Bogus, if he said no once, he'll 2834 * just say no again, might as well die. 2835 */ 2836 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 2837 sppp_set_ip_addr(sp, wantaddr); 2838 if (debug) 2839 log(-1, "[agree] "); 2840 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2841 } 2842 } 2843 break; 2844 } 2845 } 2846 if (debug) 2847 log(-1, "\n"); 2848 free (buf, M_TEMP); 2849 return; 2850} 2851 2852static void 2853sppp_ipcp_tlu(struct sppp *sp) 2854{ 2855 /* we are up - notify isdn daemon */ 2856 if (sp->pp_con) 2857 sp->pp_con(sp); 2858} 2859 2860static void 2861sppp_ipcp_tld(struct sppp *sp) 2862{ 2863} 2864 2865static void 2866sppp_ipcp_tls(struct sppp *sp) 2867{ 2868 /* indicate to LCP that it must stay alive */ 2869 sp->lcp.protos |= (1 << IDX_IPCP); 2870} 2871 2872static void 2873sppp_ipcp_tlf(struct sppp *sp) 2874{ 2875 /* we no longer need LCP */ 2876 sp->lcp.protos &= ~(1 << IDX_IPCP); 2877 sppp_lcp_check_and_close(sp); 2878} 2879 2880static void 2881sppp_ipcp_scr(struct sppp *sp) 2882{ 2883 char opt[6 /* compression */ + 6 /* address */]; 2884 u_long ouraddr; 2885 int i = 0; 2886 2887 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 2888 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 2889 opt[i++] = IPCP_OPT_ADDRESS; 2890 opt[i++] = 6; 2891 opt[i++] = ouraddr >> 24; 2892 opt[i++] = ouraddr >> 16; 2893 opt[i++] = ouraddr >> 8; 2894 opt[i++] = ouraddr; 2895 } 2896 2897 sp->confid[IDX_IPCP] = ++sp->pp_seq; 2898 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 2899} 2900 2901/* 2902 *--------------------------------------------------------------------------* 2903 * * 2904 * The CHAP implementation. * 2905 * * 2906 *--------------------------------------------------------------------------* 2907 */ 2908 2909/* 2910 * The authentication protocols don't employ a full-fledged state machine as 2911 * the control protocols do, since they do have Open and Close events, but 2912 * not Up and Down, nor are they explicitly terminated. Also, use of the 2913 * authentication protocols may be different in both directions (this makes 2914 * sense, think of a machine that never accepts incoming calls but only 2915 * calls out, it doesn't require the called party to authenticate itself). 2916 * 2917 * Our state machine for the local authentication protocol (we are requesting 2918 * the peer to authenticate) looks like: 2919 * 2920 * RCA- 2921 * +--------------------------------------------+ 2922 * V scn,tld| 2923 * +--------+ Close +---------+ RCA+ 2924 * | |<----------------------------------| |------+ 2925 * +--->| Closed | TO* | Opened | sca | 2926 * | | |-----+ +-------| |<-----+ 2927 * | +--------+ irc | | +---------+ 2928 * | ^ | | ^ 2929 * | | | | | 2930 * | | | | | 2931 * | TO-| | | | 2932 * | |tld TO+ V | | 2933 * | | +------->+ | | 2934 * | | | | | | 2935 * | +--------+ V | | 2936 * | | |<----+<--------------------+ | 2937 * | | Req- | scr | 2938 * | | Sent | | 2939 * | | | | 2940 * | +--------+ | 2941 * | RCA- | | RCA+ | 2942 * +------+ +------------------------------------------+ 2943 * scn,tld sca,irc,ict,tlu 2944 * 2945 * 2946 * with: 2947 * 2948 * Open: LCP reached authentication phase 2949 * Close: LCP reached terminate phase 2950 * 2951 * RCA+: received reply (pap-req, chap-response), acceptable 2952 * RCN: received reply (pap-req, chap-response), not acceptable 2953 * TO+: timeout with restart counter >= 0 2954 * TO-: timeout with restart counter < 0 2955 * TO*: reschedule timeout for CHAP 2956 * 2957 * scr: send request packet (none for PAP, chap-challenge) 2958 * sca: send ack packet (pap-ack, chap-success) 2959 * scn: send nak packet (pap-nak, chap-failure) 2960 * ict: initialize re-challenge timer (CHAP only) 2961 * 2962 * tlu: this-layer-up, LCP reaches network phase 2963 * tld: this-layer-down, LCP enters terminate phase 2964 * 2965 * Note that in CHAP mode, after sending a new challenge, while the state 2966 * automaton falls back into Req-Sent state, it doesn't signal a tld 2967 * event to LCP, so LCP remains in network phase. Only after not getting 2968 * any response (or after getting an unacceptable response), CHAP closes, 2969 * causing LCP to enter terminate phase. 2970 * 2971 * With PAP, there is no initial request that can be sent. The peer is 2972 * expected to send one based on the successful negotiation of PAP as 2973 * the authentication protocol during the LCP option negotiation. 2974 * 2975 * Incoming authentication protocol requests (remote requests 2976 * authentication, we are peer) don't employ a state machine at all, 2977 * they are simply answered. Some peers [Ascend P50 firmware rev 2978 * 4.50] react allergically when sending IPCP requests while they are 2979 * still in authentication phase (thereby violating the standard that 2980 * demands that these NCP packets are to be discarded), so we keep 2981 * track of the peer demanding us to authenticate, and only proceed to 2982 * phase network once we've seen a positive acknowledge for the 2983 * authentication. 2984 */ 2985 2986/* 2987 * Handle incoming CHAP packets. 2988 */ 2989void 2990sppp_chap_input(struct sppp *sp, struct mbuf *m) 2991{ 2992 STDDCL; 2993 struct lcp_header *h; 2994 int len, x; 2995 u_char *value, *name, digest[AUTHKEYLEN], dsize; 2996 int value_len, name_len; 2997 MD5_CTX ctx; 2998 2999 len = m->m_pkthdr.len; 3000 if (len < 4) { 3001 if (debug) 3002 log(LOG_DEBUG, 3003 SPP_FMT "chap invalid packet length: %d bytes\n", 3004 SPP_ARGS(ifp), len); 3005 return; 3006 } 3007 h = mtod (m, struct lcp_header*); 3008 if (len > ntohs (h->len)) 3009 len = ntohs (h->len); 3010 3011 switch (h->type) { 3012 /* challenge, failure and success are his authproto */ 3013 case CHAP_CHALLENGE: 3014 value = 1 + (u_char*)(h+1); 3015 value_len = value[-1]; 3016 name = value + value_len; 3017 name_len = len - value_len - 5; 3018 if (name_len < 0) { 3019 if (debug) { 3020 log(LOG_DEBUG, 3021 SPP_FMT "chap corrupted challenge " 3022 "<%s id=0x%x len=%d", 3023 SPP_ARGS(ifp), 3024 sppp_auth_type_name(PPP_CHAP, h->type), 3025 h->ident, ntohs(h->len)); 3026 sppp_print_bytes((u_char*) (h+1), len-4); 3027 log(-1, ">\n"); 3028 } 3029 break; 3030 } 3031 3032 if (debug) { 3033 log(LOG_DEBUG, 3034 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3035 SPP_ARGS(ifp), 3036 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3037 ntohs(h->len)); 3038 sppp_print_string((char*) name, name_len); 3039 log(-1, " value-size=%d value=", value_len); 3040 sppp_print_bytes(value, value_len); 3041 log(-1, ">\n"); 3042 } 3043 3044 /* Compute reply value. */ 3045 MD5Init(&ctx); 3046 MD5Update(&ctx, &h->ident, 1); 3047 MD5Update(&ctx, sp->myauth.secret, 3048 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3049 MD5Update(&ctx, value, value_len); 3050 MD5Final(digest, &ctx); 3051 dsize = sizeof digest; 3052 3053 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3054 sizeof dsize, (const char *)&dsize, 3055 sizeof digest, digest, 3056 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3057 sp->myauth.name, 3058 0); 3059 break; 3060 3061 case CHAP_SUCCESS: 3062 if (debug) { 3063 log(LOG_DEBUG, SPP_FMT "chap success", 3064 SPP_ARGS(ifp)); 3065 if (len > 4) { 3066 log(-1, ": "); 3067 sppp_print_string((char*)(h + 1), len - 4); 3068 } 3069 log(-1, "\n"); 3070 } 3071 x = splimp(); 3072 sp->pp_flags &= ~PP_NEEDAUTH; 3073 if (sp->myauth.proto == PPP_CHAP && 3074 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3075 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3076 /* 3077 * We are authenticator for CHAP but didn't 3078 * complete yet. Leave it to tlu to proceed 3079 * to network phase. 3080 */ 3081 splx(x); 3082 break; 3083 } 3084 splx(x); 3085 sppp_phase_network(sp); 3086 break; 3087 3088 case CHAP_FAILURE: 3089 if (debug) { 3090 log(LOG_INFO, SPP_FMT "chap failure", 3091 SPP_ARGS(ifp)); 3092 if (len > 4) { 3093 log(-1, ": "); 3094 sppp_print_string((char*)(h + 1), len - 4); 3095 } 3096 log(-1, "\n"); 3097 } else 3098 log(LOG_INFO, SPP_FMT "chap failure\n", 3099 SPP_ARGS(ifp)); 3100 /* await LCP shutdown by authenticator */ 3101 break; 3102 3103 /* response is my authproto */ 3104 case CHAP_RESPONSE: 3105 value = 1 + (u_char*)(h+1); 3106 value_len = value[-1]; 3107 name = value + value_len; 3108 name_len = len - value_len - 5; 3109 if (name_len < 0) { 3110 if (debug) { 3111 log(LOG_DEBUG, 3112 SPP_FMT "chap corrupted response " 3113 "<%s id=0x%x len=%d", 3114 SPP_ARGS(ifp), 3115 sppp_auth_type_name(PPP_CHAP, h->type), 3116 h->ident, ntohs(h->len)); 3117 sppp_print_bytes((u_char*)(h+1), len-4); 3118 log(-1, ">\n"); 3119 } 3120 break; 3121 } 3122 if (h->ident != sp->confid[IDX_CHAP]) { 3123 if (debug) 3124 log(LOG_DEBUG, 3125 SPP_FMT "chap dropping response for old ID " 3126 "(got %d, expected %d)\n", 3127 SPP_ARGS(ifp), 3128 h->ident, sp->confid[IDX_CHAP]); 3129 break; 3130 } 3131 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 3132 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3133 log(LOG_INFO, SPP_FMT "chap response, his name ", 3134 SPP_ARGS(ifp)); 3135 sppp_print_string(name, name_len); 3136 log(-1, " != expected "); 3137 sppp_print_string(sp->hisauth.name, 3138 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 3139 log(-1, "\n"); 3140 } 3141 if (debug) { 3142 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3143 "<%s id=0x%x len=%d name=", 3144 SPP_ARGS(ifp), 3145 sppp_state_name(sp->state[IDX_CHAP]), 3146 sppp_auth_type_name(PPP_CHAP, h->type), 3147 h->ident, ntohs (h->len)); 3148 sppp_print_string((char*)name, name_len); 3149 log(-1, " value-size=%d value=", value_len); 3150 sppp_print_bytes(value, value_len); 3151 log(-1, ">\n"); 3152 } 3153 if (value_len != AUTHKEYLEN) { 3154 if (debug) 3155 log(LOG_DEBUG, 3156 SPP_FMT "chap bad hash value length: " 3157 "%d bytes, should be %d\n", 3158 SPP_ARGS(ifp), value_len, 3159 AUTHKEYLEN); 3160 break; 3161 } 3162 3163 MD5Init(&ctx); 3164 MD5Update(&ctx, &h->ident, 1); 3165 MD5Update(&ctx, sp->hisauth.secret, 3166 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 3167 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 3168 MD5Final(digest, &ctx); 3169 3170#define FAILMSG "Failed..." 3171#define SUCCMSG "Welcome!" 3172 3173 if (value_len != sizeof digest || 3174 bcmp(digest, value, value_len) != 0) { 3175 /* action scn, tld */ 3176 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3177 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3178 0); 3179 chap.tld(sp); 3180 break; 3181 } 3182 /* action sca, perhaps tlu */ 3183 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3184 sp->state[IDX_CHAP] == STATE_OPENED) 3185 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3186 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3187 0); 3188 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3189 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3190 chap.tlu(sp); 3191 } 3192 break; 3193 3194 default: 3195 /* Unknown CHAP packet type -- ignore. */ 3196 if (debug) { 3197 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 3198 "<0x%x id=0x%xh len=%d", 3199 SPP_ARGS(ifp), 3200 sppp_state_name(sp->state[IDX_CHAP]), 3201 h->type, h->ident, ntohs(h->len)); 3202 sppp_print_bytes((u_char*)(h+1), len-4); 3203 log(-1, ">\n"); 3204 } 3205 break; 3206 3207 } 3208} 3209 3210static void 3211sppp_chap_init(struct sppp *sp) 3212{ 3213 /* Chap doesn't have STATE_INITIAL at all. */ 3214 sp->state[IDX_CHAP] = STATE_CLOSED; 3215 sp->fail_counter[IDX_CHAP] = 0; 3216#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3217 callout_handle_init(&sp->ch[IDX_CHAP]); 3218#endif 3219} 3220 3221static void 3222sppp_chap_open(struct sppp *sp) 3223{ 3224 if (sp->myauth.proto == PPP_CHAP && 3225 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3226 /* we are authenticator for CHAP, start it */ 3227 chap.scr(sp); 3228 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3229 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3230 } 3231 /* nothing to be done if we are peer, await a challenge */ 3232} 3233 3234static void 3235sppp_chap_close(struct sppp *sp) 3236{ 3237 if (sp->state[IDX_CHAP] != STATE_CLOSED) 3238 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3239} 3240 3241static void 3242sppp_chap_TO(void *cookie) 3243{ 3244 struct sppp *sp = (struct sppp *)cookie; 3245 STDDCL; 3246 int s; 3247 3248 s = splimp(); 3249 if (debug) 3250 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 3251 SPP_ARGS(ifp), 3252 sppp_state_name(sp->state[IDX_CHAP]), 3253 sp->rst_counter[IDX_CHAP]); 3254 3255 if (--sp->rst_counter[IDX_CHAP] < 0) 3256 /* TO- event */ 3257 switch (sp->state[IDX_CHAP]) { 3258 case STATE_REQ_SENT: 3259 chap.tld(sp); 3260 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3261 break; 3262 } 3263 else 3264 /* TO+ (or TO*) event */ 3265 switch (sp->state[IDX_CHAP]) { 3266 case STATE_OPENED: 3267 /* TO* event */ 3268 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3269 /* fall through */ 3270 case STATE_REQ_SENT: 3271 chap.scr(sp); 3272 /* sppp_cp_change_state() will restart the timer */ 3273 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3274 break; 3275 } 3276 3277 splx(s); 3278} 3279 3280static void 3281sppp_chap_tlu(struct sppp *sp) 3282{ 3283 STDDCL; 3284 int i, x; 3285 3286 i = 0; 3287 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3288 3289 /* 3290 * Some broken CHAP implementations (Conware CoNet, firmware 3291 * 4.0.?) don't want to re-authenticate their CHAP once the 3292 * initial challenge-response exchange has taken place. 3293 * Provide for an option to avoid rechallenges. 3294 */ 3295 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 3296 /* 3297 * Compute the re-challenge timeout. This will yield 3298 * a number between 300 and 810 seconds. 3299 */ 3300 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 3301 TIMEOUT(chap.TO, (void *)sp, i * hz, sp->ch[IDX_CHAP]); 3302 } 3303 3304 if (debug) { 3305 log(LOG_DEBUG, 3306 SPP_FMT "chap %s, ", 3307 SPP_ARGS(ifp), 3308 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 3309 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 3310 log(-1, "next re-challenge in %d seconds\n", i); 3311 else 3312 log(-1, "re-challenging supressed\n"); 3313 } 3314 3315 x = splimp(); 3316 /* indicate to LCP that we need to be closed down */ 3317 sp->lcp.protos |= (1 << IDX_CHAP); 3318 3319 if (sp->pp_flags & PP_NEEDAUTH) { 3320 /* 3321 * Remote is authenticator, but his auth proto didn't 3322 * complete yet. Defer the transition to network 3323 * phase. 3324 */ 3325 splx(x); 3326 return; 3327 } 3328 splx(x); 3329 3330 /* 3331 * If we are already in phase network, we are done here. This 3332 * is the case if this is a dummy tlu event after a re-challenge. 3333 */ 3334 if (sp->pp_phase != PHASE_NETWORK) 3335 sppp_phase_network(sp); 3336} 3337 3338static void 3339sppp_chap_tld(struct sppp *sp) 3340{ 3341 STDDCL; 3342 3343 if (debug) 3344 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 3345 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 3346 sp->lcp.protos &= ~(1 << IDX_CHAP); 3347 3348 lcp.Close(sp); 3349} 3350 3351static void 3352sppp_chap_scr(struct sppp *sp) 3353{ 3354 u_long *ch, seed; 3355 u_char clen; 3356 3357 /* Compute random challenge. */ 3358 ch = (u_long *)sp->myauth.challenge; 3359#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3360 read_random(&seed, sizeof seed); 3361#else 3362 { 3363 struct timeval tv; 3364 microtime(&tv); 3365 seed = tv.tv_sec ^ tv.tv_usec; 3366 } 3367#endif 3368 ch[0] = seed ^ random(); 3369 ch[1] = seed ^ random(); 3370 ch[2] = seed ^ random(); 3371 ch[3] = seed ^ random(); 3372 clen = AUTHKEYLEN; 3373 3374 sp->confid[IDX_CHAP] = ++sp->pp_seq; 3375 3376 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 3377 sizeof clen, (const char *)&clen, 3378 (size_t)AUTHKEYLEN, sp->myauth.challenge, 3379 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3380 sp->myauth.name, 3381 0); 3382} 3383 3384/* 3385 *--------------------------------------------------------------------------* 3386 * * 3387 * The PAP implementation. * 3388 * * 3389 *--------------------------------------------------------------------------* 3390 */ 3391/* 3392 * For PAP, we need to keep a little state also if we are the peer, not the 3393 * authenticator. This is since we don't get a request to authenticate, but 3394 * have to repeatedly authenticate ourself until we got a response (or the 3395 * retry counter is expired). 3396 */ 3397 3398/* 3399 * Handle incoming PAP packets. */ 3400static void 3401sppp_pap_input(struct sppp *sp, struct mbuf *m) 3402{ 3403 STDDCL; 3404 struct lcp_header *h; 3405 int len, x; 3406 u_char *name, *passwd, mlen; 3407 int name_len, passwd_len; 3408 3409 len = m->m_pkthdr.len; 3410 if (len < 5) { 3411 if (debug) 3412 log(LOG_DEBUG, 3413 SPP_FMT "pap invalid packet length: %d bytes\n", 3414 SPP_ARGS(ifp), len); 3415 return; 3416 } 3417 h = mtod (m, struct lcp_header*); 3418 if (len > ntohs (h->len)) 3419 len = ntohs (h->len); 3420 switch (h->type) { 3421 /* PAP request is my authproto */ 3422 case PAP_REQ: 3423 name = 1 + (u_char*)(h+1); 3424 name_len = name[-1]; 3425 passwd = name + name_len + 1; 3426 if (name_len > len - 6 || 3427 (passwd_len = passwd[-1]) > len - 6 - name_len) { 3428 if (debug) { 3429 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3430 "<%s id=0x%x len=%d", 3431 SPP_ARGS(ifp), 3432 sppp_auth_type_name(PPP_PAP, h->type), 3433 h->ident, ntohs(h->len)); 3434 sppp_print_bytes((u_char*)(h+1), len-4); 3435 log(-1, ">\n"); 3436 } 3437 break; 3438 } 3439 if (debug) { 3440 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 3441 "<%s id=0x%x len=%d name=", 3442 SPP_ARGS(ifp), 3443 sppp_state_name(sp->state[IDX_PAP]), 3444 sppp_auth_type_name(PPP_PAP, h->type), 3445 h->ident, ntohs(h->len)); 3446 sppp_print_string((char*)name, name_len); 3447 log(-1, " passwd="); 3448 sppp_print_string((char*)passwd, passwd_len); 3449 log(-1, ">\n"); 3450 } 3451 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 3452 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 3453 bcmp(name, sp->hisauth.name, name_len) != 0 || 3454 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 3455 /* action scn, tld */ 3456 mlen = sizeof(FAILMSG) - 1; 3457 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 3458 sizeof mlen, (const char *)&mlen, 3459 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3460 0); 3461 pap.tld(sp); 3462 break; 3463 } 3464 /* action sca, perhaps tlu */ 3465 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 3466 sp->state[IDX_PAP] == STATE_OPENED) { 3467 mlen = sizeof(SUCCMSG) - 1; 3468 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 3469 sizeof mlen, (const char *)&mlen, 3470 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3471 0); 3472 } 3473 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 3474 sppp_cp_change_state(&pap, sp, STATE_OPENED); 3475 pap.tlu(sp); 3476 } 3477 break; 3478 3479 /* ack and nak are his authproto */ 3480 case PAP_ACK: 3481 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3482 if (debug) { 3483 log(LOG_DEBUG, SPP_FMT "pap success", 3484 SPP_ARGS(ifp)); 3485 name_len = *((char *)h); 3486 if (len > 5 && name_len) { 3487 log(-1, ": "); 3488 sppp_print_string((char*)(h+1), name_len); 3489 } 3490 log(-1, "\n"); 3491 } 3492 x = splimp(); 3493 sp->pp_flags &= ~PP_NEEDAUTH; 3494 if (sp->myauth.proto == PPP_PAP && 3495 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3496 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 3497 /* 3498 * We are authenticator for PAP but didn't 3499 * complete yet. Leave it to tlu to proceed 3500 * to network phase. 3501 */ 3502 splx(x); 3503 break; 3504 } 3505 splx(x); 3506 sppp_phase_network(sp); 3507 break; 3508 3509 case PAP_NAK: 3510 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3511 if (debug) { 3512 log(LOG_INFO, SPP_FMT "pap failure", 3513 SPP_ARGS(ifp)); 3514 name_len = *((char *)h); 3515 if (len > 5 && name_len) { 3516 log(-1, ": "); 3517 sppp_print_string((char*)(h+1), name_len); 3518 } 3519 log(-1, "\n"); 3520 } else 3521 log(LOG_INFO, SPP_FMT "pap failure\n", 3522 SPP_ARGS(ifp)); 3523 /* await LCP shutdown by authenticator */ 3524 break; 3525 3526 default: 3527 /* Unknown PAP packet type -- ignore. */ 3528 if (debug) { 3529 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3530 "<0x%x id=0x%x len=%d", 3531 SPP_ARGS(ifp), 3532 h->type, h->ident, ntohs(h->len)); 3533 sppp_print_bytes((u_char*)(h+1), len-4); 3534 log(-1, ">\n"); 3535 } 3536 break; 3537 3538 } 3539} 3540 3541static void 3542sppp_pap_init(struct sppp *sp) 3543{ 3544 /* PAP doesn't have STATE_INITIAL at all. */ 3545 sp->state[IDX_PAP] = STATE_CLOSED; 3546 sp->fail_counter[IDX_PAP] = 0; 3547#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3548 callout_handle_init(&sp->ch[IDX_PAP]); 3549 callout_handle_init(&sp->pap_my_to_ch); 3550#endif 3551} 3552 3553static void 3554sppp_pap_open(struct sppp *sp) 3555{ 3556 if (sp->hisauth.proto == PPP_PAP && 3557 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3558 /* we are authenticator for PAP, start our timer */ 3559 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3560 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3561 } 3562 if (sp->myauth.proto == PPP_PAP) { 3563 /* we are peer, send a request, and start a timer */ 3564 pap.scr(sp); 3565 TIMEOUT(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout, 3566 sp->pap_my_to_ch); 3567 } 3568} 3569 3570static void 3571sppp_pap_close(struct sppp *sp) 3572{ 3573 if (sp->state[IDX_PAP] != STATE_CLOSED) 3574 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3575} 3576 3577/* 3578 * That's the timeout routine if we are authenticator. Since the 3579 * authenticator is basically passive in PAP, we can't do much here. 3580 */ 3581static void 3582sppp_pap_TO(void *cookie) 3583{ 3584 struct sppp *sp = (struct sppp *)cookie; 3585 STDDCL; 3586 int s; 3587 3588 s = splimp(); 3589 if (debug) 3590 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 3591 SPP_ARGS(ifp), 3592 sppp_state_name(sp->state[IDX_PAP]), 3593 sp->rst_counter[IDX_PAP]); 3594 3595 if (--sp->rst_counter[IDX_PAP] < 0) 3596 /* TO- event */ 3597 switch (sp->state[IDX_PAP]) { 3598 case STATE_REQ_SENT: 3599 pap.tld(sp); 3600 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3601 break; 3602 } 3603 else 3604 /* TO+ event, not very much we could do */ 3605 switch (sp->state[IDX_PAP]) { 3606 case STATE_REQ_SENT: 3607 /* sppp_cp_change_state() will restart the timer */ 3608 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3609 break; 3610 } 3611 3612 splx(s); 3613} 3614 3615/* 3616 * That's the timeout handler if we are peer. Since the peer is active, 3617 * we need to retransmit our PAP request since it is apparently lost. 3618 * XXX We should impose a max counter. 3619 */ 3620static void 3621sppp_pap_my_TO(void *cookie) 3622{ 3623 struct sppp *sp = (struct sppp *)cookie; 3624 STDDCL; 3625 3626 if (debug) 3627 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 3628 SPP_ARGS(ifp)); 3629 3630 pap.scr(sp); 3631} 3632 3633static void 3634sppp_pap_tlu(struct sppp *sp) 3635{ 3636 STDDCL; 3637 int x; 3638 3639 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3640 3641 if (debug) 3642 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 3643 SPP_ARGS(ifp), pap.name); 3644 3645 x = splimp(); 3646 /* indicate to LCP that we need to be closed down */ 3647 sp->lcp.protos |= (1 << IDX_PAP); 3648 3649 if (sp->pp_flags & PP_NEEDAUTH) { 3650 /* 3651 * Remote is authenticator, but his auth proto didn't 3652 * complete yet. Defer the transition to network 3653 * phase. 3654 */ 3655 splx(x); 3656 return; 3657 } 3658 splx(x); 3659 sppp_phase_network(sp); 3660} 3661 3662static void 3663sppp_pap_tld(struct sppp *sp) 3664{ 3665 STDDCL; 3666 3667 if (debug) 3668 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 3669 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 3670 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3671 sp->lcp.protos &= ~(1 << IDX_PAP); 3672 3673 lcp.Close(sp); 3674} 3675 3676static void 3677sppp_pap_scr(struct sppp *sp) 3678{ 3679 u_char idlen, pwdlen; 3680 3681 sp->confid[IDX_PAP] = ++sp->pp_seq; 3682 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 3683 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 3684 3685 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 3686 sizeof idlen, (const char *)&idlen, 3687 (size_t)idlen, sp->myauth.name, 3688 sizeof pwdlen, (const char *)&pwdlen, 3689 (size_t)pwdlen, sp->myauth.secret, 3690 0); 3691} 3692 3693/* 3694 * Random miscellaneous functions. 3695 */ 3696 3697/* 3698 * Send a PAP or CHAP proto packet. 3699 * 3700 * Varadic function, each of the elements for the ellipsis is of type 3701 * ``size_t mlen, const u_char *msg''. Processing will stop iff 3702 * mlen == 0. 3703 * NOTE: never declare variadic functions with types subject to type 3704 * promotion (i.e. u_char). This is asking for big trouble depending 3705 * on the architecture you are on... 3706 */ 3707 3708static void 3709sppp_auth_send(const struct cp *cp, struct sppp *sp, 3710 unsigned int type, unsigned int id, 3711 ...) 3712{ 3713 STDDCL; 3714 struct ppp_header *h; 3715 struct lcp_header *lh; 3716 struct mbuf *m; 3717 u_char *p; 3718 int len; 3719 unsigned int mlen; 3720 const char *msg; 3721 va_list ap; 3722 3723 MGETHDR (m, M_DONTWAIT, MT_DATA); 3724 if (! m) 3725 return; 3726 m->m_pkthdr.rcvif = 0; 3727 3728 h = mtod (m, struct ppp_header*); 3729 h->address = PPP_ALLSTATIONS; /* broadcast address */ 3730 h->control = PPP_UI; /* Unnumbered Info */ 3731 h->protocol = htons(cp->proto); 3732 3733 lh = (struct lcp_header*)(h + 1); 3734 lh->type = type; 3735 lh->ident = id; 3736 p = (u_char*) (lh+1); 3737 3738 va_start(ap, id); 3739 len = 0; 3740 3741 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 3742 msg = va_arg(ap, const char *); 3743 len += mlen; 3744 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 3745 va_end(ap); 3746 m_freem(m); 3747 return; 3748 } 3749 3750 bcopy(msg, p, mlen); 3751 p += mlen; 3752 } 3753 va_end(ap); 3754 3755 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 3756 lh->len = htons (LCP_HEADER_LEN + len); 3757 3758 if (debug) { 3759 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 3760 SPP_ARGS(ifp), cp->name, 3761 sppp_auth_type_name(cp->proto, lh->type), 3762 lh->ident, ntohs(lh->len)); 3763 sppp_print_bytes((u_char*) (lh+1), len); 3764 log(-1, ">\n"); 3765 } 3766 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 3767 ifp->if_oerrors++; 3768} 3769 3770/* 3771 * Flush interface queue. 3772 */ 3773static void 3774sppp_qflush(struct ifqueue *ifq) 3775{ 3776 struct mbuf *m, *n; 3777 3778 n = ifq->ifq_head; 3779 while ((m = n)) { 3780 n = m->m_act; 3781 m_freem (m); 3782 } 3783 ifq->ifq_head = 0; 3784 ifq->ifq_tail = 0; 3785 ifq->ifq_len = 0; 3786} 3787 3788/* 3789 * Send keepalive packets, every 10 seconds. 3790 */ 3791static void 3792sppp_keepalive(void *dummy) 3793{ 3794 struct sppp *sp; 3795 int s; 3796 3797 s = splimp(); 3798 for (sp=spppq; sp; sp=sp->pp_next) { 3799 struct ifnet *ifp = &sp->pp_if; 3800 3801 /* Keepalive mode disabled or channel down? */ 3802 if (! (sp->pp_flags & PP_KEEPALIVE) || 3803 ! (ifp->if_flags & IFF_RUNNING)) 3804 continue; 3805 3806 /* No keepalive in PPP mode if LCP not opened yet. */ 3807 if (sp->pp_mode != IFF_CISCO && 3808 sp->pp_phase < PHASE_AUTHENTICATE) 3809 continue; 3810 3811 if (sp->pp_alivecnt == MAXALIVECNT) { 3812 /* No keepalive packets got. Stop the interface. */ 3813 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 3814 if_down (ifp); 3815 sppp_qflush (&sp->pp_cpq); 3816 if (sp->pp_mode != IFF_CISCO) { 3817 /* XXX */ 3818 /* Shut down the PPP link. */ 3819 lcp.Down(sp); 3820 /* Initiate negotiation. XXX */ 3821 lcp.Up(sp); 3822 } 3823 } 3824 if (sp->pp_alivecnt <= MAXALIVECNT) 3825 ++sp->pp_alivecnt; 3826 if (sp->pp_mode == IFF_CISCO) 3827 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, ++sp->pp_seq, 3828 sp->pp_rseq); 3829 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 3830 long nmagic = htonl (sp->lcp.magic); 3831 sp->lcp.echoid = ++sp->pp_seq; 3832 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 3833 sp->lcp.echoid, 4, &nmagic); 3834 } 3835 } 3836 splx(s); 3837 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 3838} 3839 3840/* 3841 * Get both IP addresses. 3842 */ 3843static void 3844sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 3845{ 3846 struct ifnet *ifp = &sp->pp_if; 3847 struct ifaddr *ifa; 3848 struct sockaddr_in *si, *sm; 3849 u_long ssrc, ddst; 3850 3851 sm = NULL; 3852 ssrc = ddst = 0L; 3853 /* 3854 * Pick the first AF_INET address from the list, 3855 * aliases don't make any sense on a p2p link anyway. 3856 */ 3857 si = 0; 3858#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3859 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 3860#elif defined(__NetBSD__) || defined (__OpenBSD__) 3861 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 3862 ifa; 3863 ifa = TAILQ_NEXT(ifa, ifa_list)) 3864#else 3865 for (ifa = ifp->if_addrlist; 3866 ifa; 3867 ifa = ifa->ifa_next) 3868#endif 3869 if (ifa->ifa_addr->sa_family == AF_INET) { 3870 si = (struct sockaddr_in *)ifa->ifa_addr; 3871 sm = (struct sockaddr_in *)ifa->ifa_netmask; 3872 if (si) 3873 break; 3874 } 3875 if (ifa) { 3876 if (si && si->sin_addr.s_addr) { 3877 ssrc = si->sin_addr.s_addr; 3878 if (srcmask) 3879 *srcmask = ntohl(sm->sin_addr.s_addr); 3880 } 3881 3882 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 3883 if (si && si->sin_addr.s_addr) 3884 ddst = si->sin_addr.s_addr; 3885 } 3886 3887 if (dst) *dst = ntohl(ddst); 3888 if (src) *src = ntohl(ssrc); 3889} 3890 3891/* 3892 * Set my IP address. Must be called at splimp. 3893 */ 3894static void 3895sppp_set_ip_addr(struct sppp *sp, u_long src) 3896{ 3897 STDDCL; 3898 struct ifaddr *ifa; 3899 struct sockaddr_in *si; 3900 3901 /* 3902 * Pick the first AF_INET address from the list, 3903 * aliases don't make any sense on a p2p link anyway. 3904 */ 3905 si = 0; 3906#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3907 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 3908#elif defined(__NetBSD__) || defined (__OpenBSD__) 3909 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 3910 ifa; 3911 ifa = TAILQ_NEXT(ifa, ifa_list)) 3912#else 3913 for (ifa = ifp->if_addrlist; 3914 ifa; 3915 ifa = ifa->ifa_next) 3916#endif 3917 { 3918 if (ifa->ifa_addr->sa_family == AF_INET) 3919 { 3920 si = (struct sockaddr_in *)ifa->ifa_addr; 3921 if (si) 3922 break; 3923 } 3924 } 3925 3926 if (ifa && si) 3927 { 3928 int error; 3929#if __NetBSD_Version__ >= 103080000 3930 struct sockaddr_in new_sin = *si; 3931 3932 new_sin.sin_addr.s_addr = htonl(src); 3933 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 3934 if(debug && error) 3935 { 3936 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 3937 " failed, error=%d\n", SPP_ARGS(ifp), error); 3938 } 3939#else 3940 /* delete old route */ 3941 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 3942 if(debug && error) 3943 { 3944 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 3945 SPP_ARGS(ifp), error); 3946 } 3947 3948 /* set new address */ 3949 si->sin_addr.s_addr = htonl(src); 3950 3951 /* add new route */ 3952 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 3953 if (debug && error) 3954 { 3955 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 3956 SPP_ARGS(ifp), error); 3957 } 3958#endif 3959 } 3960} 3961 3962static int 3963sppp_params(struct sppp *sp, u_long cmd, void *data) 3964{ 3965 u_long subcmd; 3966 struct ifreq *ifr = (struct ifreq *)data; 3967 struct spppreq spr; 3968 3969 /* 3970 * ifr->ifr_data is supposed to point to a struct spppreq. 3971 * Check the cmd word first before attempting to fetch all the 3972 * data. 3973 */ 3974 if ((subcmd = fuword(ifr->ifr_data)) == -1) 3975 return EFAULT; 3976 3977 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0) 3978 return EFAULT; 3979 3980 switch (subcmd) { 3981 case SPPPIOGDEFS: 3982 if (cmd != SIOCGIFGENERIC) 3983 return EINVAL; 3984 /* 3985 * We copy over the entire current state, but clean 3986 * out some of the stuff we don't wanna pass up. 3987 * Remember, SIOCGIFGENERIC is unprotected, and can be 3988 * called by any user. No need to ever get PAP or 3989 * CHAP secrets back to userland anyway. 3990 */ 3991 bcopy(sp, &spr.defs, sizeof(struct sppp)); 3992 bzero(spr.defs.myauth.secret, AUTHKEYLEN); 3993 bzero(spr.defs.myauth.challenge, AUTHKEYLEN); 3994 bzero(spr.defs.hisauth.secret, AUTHKEYLEN); 3995 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN); 3996 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr); 3997 3998 case SPPPIOSDEFS: 3999 if (cmd != SIOCSIFGENERIC) 4000 return EINVAL; 4001 /* 4002 * We have a very specific idea of which fields we allow 4003 * being passed back from userland, so to not clobber our 4004 * current state. For one, we only allow setting 4005 * anything if LCP is in dead phase. Once the LCP 4006 * negotiations started, the authentication settings must 4007 * not be changed again. (The administrator can force an 4008 * ifconfig down in order to get LCP back into dead 4009 * phase.) 4010 * 4011 * Also, we only allow for authentication parameters to be 4012 * specified. 4013 * 4014 * XXX Should allow to set or clear pp_flags. 4015 * 4016 * Finally, if the respective authentication protocol to 4017 * be used is set differently than 0, but the secret is 4018 * passed as all zeros, we don't trash the existing secret. 4019 * This allows an administrator to change the system name 4020 * only without clobbering the secret (which he didn't get 4021 * back in a previous SPPPIOGDEFS call). However, the 4022 * secrets are cleared if the authentication protocol is 4023 * reset to 0. 4024 */ 4025 if (sp->pp_phase != PHASE_DEAD) 4026 return EBUSY; 4027 4028 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP && 4029 spr.defs.myauth.proto != PPP_CHAP) || 4030 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP && 4031 spr.defs.hisauth.proto != PPP_CHAP)) 4032 return EINVAL; 4033 4034 if (spr.defs.myauth.proto == 0) 4035 /* resetting myauth */ 4036 bzero(&sp->myauth, sizeof sp->myauth); 4037 else { 4038 /* setting/changing myauth */ 4039 sp->myauth.proto = spr.defs.myauth.proto; 4040 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 4041 if (spr.defs.myauth.secret[0] != '\0') 4042 bcopy(spr.defs.myauth.secret, sp->myauth.secret, 4043 AUTHKEYLEN); 4044 } 4045 if (spr.defs.hisauth.proto == 0) 4046 /* resetting hisauth */ 4047 bzero(&sp->hisauth, sizeof sp->hisauth); 4048 else { 4049 /* setting/changing hisauth */ 4050 sp->hisauth.proto = spr.defs.hisauth.proto; 4051 sp->hisauth.flags = spr.defs.hisauth.flags; 4052 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 4053 if (spr.defs.hisauth.secret[0] != '\0') 4054 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret, 4055 AUTHKEYLEN); 4056 } 4057 break; 4058 4059 default: 4060 return EINVAL; 4061 } 4062 4063 return 0; 4064} 4065 4066static void 4067sppp_phase_network(struct sppp *sp) 4068{ 4069 STDDCL; 4070 int i; 4071 u_long mask; 4072 4073 sp->pp_phase = PHASE_NETWORK; 4074 4075 if (debug) 4076 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 4077 sppp_phase_name(sp->pp_phase)); 4078 4079 /* Notify NCPs now. */ 4080 for (i = 0; i < IDX_COUNT; i++) 4081 if ((cps[i])->flags & CP_NCP) 4082 (cps[i])->Open(sp); 4083 4084 /* Send Up events to all NCPs. */ 4085 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 4086 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 4087 (cps[i])->Up(sp); 4088 4089 /* if no NCP is starting, all this was in vain, close down */ 4090 sppp_lcp_check_and_close(sp); 4091} 4092 4093 4094static const char * 4095sppp_cp_type_name(u_char type) 4096{ 4097 static char buf[12]; 4098 switch (type) { 4099 case CONF_REQ: return "conf-req"; 4100 case CONF_ACK: return "conf-ack"; 4101 case CONF_NAK: return "conf-nak"; 4102 case CONF_REJ: return "conf-rej"; 4103 case TERM_REQ: return "term-req"; 4104 case TERM_ACK: return "term-ack"; 4105 case CODE_REJ: return "code-rej"; 4106 case PROTO_REJ: return "proto-rej"; 4107 case ECHO_REQ: return "echo-req"; 4108 case ECHO_REPLY: return "echo-reply"; 4109 case DISC_REQ: return "discard-req"; 4110 } 4111 snprintf (buf, sizeof(buf), "cp/0x%x", type); 4112 return buf; 4113} 4114 4115static const char * 4116sppp_auth_type_name(u_short proto, u_char type) 4117{ 4118 static char buf[12]; 4119 switch (proto) { 4120 case PPP_CHAP: 4121 switch (type) { 4122 case CHAP_CHALLENGE: return "challenge"; 4123 case CHAP_RESPONSE: return "response"; 4124 case CHAP_SUCCESS: return "success"; 4125 case CHAP_FAILURE: return "failure"; 4126 } 4127 case PPP_PAP: 4128 switch (type) { 4129 case PAP_REQ: return "req"; 4130 case PAP_ACK: return "ack"; 4131 case PAP_NAK: return "nak"; 4132 } 4133 } 4134 snprintf (buf, sizeof(buf), "auth/0x%x", type); 4135 return buf; 4136} 4137 4138static const char * 4139sppp_lcp_opt_name(u_char opt) 4140{ 4141 static char buf[12]; 4142 switch (opt) { 4143 case LCP_OPT_MRU: return "mru"; 4144 case LCP_OPT_ASYNC_MAP: return "async-map"; 4145 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 4146 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 4147 case LCP_OPT_MAGIC: return "magic"; 4148 case LCP_OPT_PROTO_COMP: return "proto-comp"; 4149 case LCP_OPT_ADDR_COMP: return "addr-comp"; 4150 } 4151 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 4152 return buf; 4153} 4154 4155static const char * 4156sppp_ipcp_opt_name(u_char opt) 4157{ 4158 static char buf[12]; 4159 switch (opt) { 4160 case IPCP_OPT_ADDRESSES: return "addresses"; 4161 case IPCP_OPT_COMPRESSION: return "compression"; 4162 case IPCP_OPT_ADDRESS: return "address"; 4163 } 4164 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 4165 return buf; 4166} 4167 4168static const char * 4169sppp_state_name(int state) 4170{ 4171 switch (state) { 4172 case STATE_INITIAL: return "initial"; 4173 case STATE_STARTING: return "starting"; 4174 case STATE_CLOSED: return "closed"; 4175 case STATE_STOPPED: return "stopped"; 4176 case STATE_CLOSING: return "closing"; 4177 case STATE_STOPPING: return "stopping"; 4178 case STATE_REQ_SENT: return "req-sent"; 4179 case STATE_ACK_RCVD: return "ack-rcvd"; 4180 case STATE_ACK_SENT: return "ack-sent"; 4181 case STATE_OPENED: return "opened"; 4182 } 4183 return "illegal"; 4184} 4185 4186static const char * 4187sppp_phase_name(enum ppp_phase phase) 4188{ 4189 switch (phase) { 4190 case PHASE_DEAD: return "dead"; 4191 case PHASE_ESTABLISH: return "establish"; 4192 case PHASE_TERMINATE: return "terminate"; 4193 case PHASE_AUTHENTICATE: return "authenticate"; 4194 case PHASE_NETWORK: return "network"; 4195 } 4196 return "illegal"; 4197} 4198 4199static const char * 4200sppp_proto_name(u_short proto) 4201{ 4202 static char buf[12]; 4203 switch (proto) { 4204 case PPP_LCP: return "lcp"; 4205 case PPP_IPCP: return "ipcp"; 4206 case PPP_PAP: return "pap"; 4207 case PPP_CHAP: return "chap"; 4208 } 4209 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 4210 return buf; 4211} 4212 4213static void 4214sppp_print_bytes(const u_char *p, u_short len) 4215{ 4216 if (len) 4217 log(-1, " %*D", len, p, "-"); 4218} 4219 4220static void 4221sppp_print_string(const char *p, u_short len) 4222{ 4223 u_char c; 4224 4225 while (len-- > 0) { 4226 c = *p++; 4227 /* 4228 * Print only ASCII chars directly. RFC 1994 recommends 4229 * using only them, but we don't rely on it. */ 4230 if (c < ' ' || c > '~') 4231 log(-1, "\\x%x", c); 4232 else 4233 log(-1, "%c", c); 4234 } 4235} 4236 4237static const char * 4238sppp_dotted_quad(u_long addr) 4239{ 4240 static char s[16]; 4241 sprintf(s, "%d.%d.%d.%d", 4242 (int)((addr >> 24) & 0xff), 4243 (int)((addr >> 16) & 0xff), 4244 (int)((addr >> 8) & 0xff), 4245 (int)(addr & 0xff)); 4246 return s; 4247} 4248 4249static int 4250sppp_strnlen(u_char *p, int max) 4251{ 4252 int len; 4253 4254 for (len = 0; len < max && *p; ++p) 4255 ++len; 4256 return len; 4257} 4258 4259/* a dummy, used to drop uninteresting events */ 4260static void 4261sppp_null(struct sppp *unused) 4262{ 4263 /* do just nothing */ 4264} 4265