if_spppsubr.c revision 78134
1262395Sbapt/* 2262395Sbapt * Synchronous PPP/Cisco link level subroutines. 3262395Sbapt * Keepalive protocol implemented in both Cisco and PPP modes. 4262395Sbapt * 5262395Sbapt * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6262395Sbapt * Author: Serge Vakulenko, <vak@cronyx.ru> 7262395Sbapt * 8262395Sbapt * Heavily revamped to conform to RFC 1661. 9262395Sbapt * Copyright (C) 1997, Joerg Wunsch. 10262395Sbapt * 11262395Sbapt * This software is distributed with NO WARRANTIES, not even the implied 12262395Sbapt * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13262395Sbapt * 14262395Sbapt * Authors grant any other persons or organisations permission to use 15262395Sbapt * or modify this software as long as this message is kept with the software, 16262395Sbapt * all derivative works or modified versions. 17262395Sbapt * 18262395Sbapt * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 19262395Sbapt * 20262395Sbapt * $FreeBSD: head/sys/net/if_spppsubr.c 78134 2001-06-12 08:52:54Z ume $ 21262395Sbapt */ 22262395Sbapt 23262395Sbapt#include <sys/param.h> 24262395Sbapt 25262395Sbapt#if defined(__FreeBSD__) && __FreeBSD__ >= 3 26262395Sbapt#include "opt_inet.h" 27262395Sbapt#include "opt_inet6.h" 28262395Sbapt#include "opt_ipx.h" 29262395Sbapt#endif 30262395Sbapt 31262395Sbapt#ifdef NetBSD1_3 32262395Sbapt# if NetBSD1_3 > 6 33262395Sbapt# include "opt_inet.h" 34262395Sbapt# include "opt_inet6.h" 35262395Sbapt# include "opt_iso.h" 36262395Sbapt# endif 37262395Sbapt#endif 38262395Sbapt 39262395Sbapt#include <sys/systm.h> 40262395Sbapt#include <sys/kernel.h> 41262395Sbapt#include <sys/module.h> 42262395Sbapt#include <sys/sockio.h> 43262395Sbapt#include <sys/socket.h> 44262395Sbapt#include <sys/syslog.h> 45262395Sbapt#if defined(__FreeBSD__) && __FreeBSD__ >= 3 46262395Sbapt#include <sys/random.h> 47262395Sbapt#endif 48262395Sbapt#include <sys/malloc.h> 49262395Sbapt#include <sys/mbuf.h> 50262395Sbapt 51262395Sbapt#if defined (__OpenBSD__) 52262395Sbapt#include <sys/md5k.h> 53262395Sbapt#else 54262395Sbapt#include <sys/md5.h> 55262395Sbapt#endif 56262395Sbapt 57262395Sbapt#include <net/if.h> 58262395Sbapt#include <net/netisr.h> 59262395Sbapt#include <net/if_types.h> 60262395Sbapt#include <net/route.h> 61262395Sbapt 62262395Sbapt#if defined (__NetBSD__) || defined (__OpenBSD__) 63262395Sbapt#include <machine/cpu.h> /* XXX for softnet */ 64262395Sbapt#endif 65262395Sbapt 66262395Sbapt#include <machine/stdarg.h> 67262395Sbapt 68262395Sbapt#ifdef INET 69262395Sbapt#include <netinet/in.h> 70262395Sbapt#include <netinet/in_systm.h> 71262395Sbapt#include <netinet/in_var.h> 72262395Sbapt#include <netinet/ip.h> 73262395Sbapt#include <netinet/tcp.h> 74262395Sbapt# if defined (__FreeBSD__) || defined (__OpenBSD__) 75262395Sbapt# include <netinet/if_ether.h> 76262395Sbapt# else 77262395Sbapt# include <net/ethertypes.h> 78262395Sbapt# endif 79262395Sbapt#else 80262395Sbapt# error Huh? sppp without INET? 81262395Sbapt#endif 82262395Sbapt 83262395Sbapt#ifdef IPX 84262395Sbapt#include <netipx/ipx.h> 85262395Sbapt#include <netipx/ipx_if.h> 86262395Sbapt#endif 87262395Sbapt 88262395Sbapt#ifdef NS 89262395Sbapt#include <netns/ns.h> 90262395Sbapt#include <netns/ns_if.h> 91262395Sbapt#endif 92262395Sbapt 93262395Sbapt#include <net/if_sppp.h> 94262395Sbapt 95262395Sbapt#if defined(__FreeBSD__) && __FreeBSD__ >= 3 96262395Sbapt# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg, handle) 97262395Sbapt# define TIMEOUT(fun, arg1, arg2, handle) handle = timeout(fun, arg1, arg2) 98262395Sbapt# define IOCTL_CMD_T u_long 99262395Sbapt#else 100262395Sbapt# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg) 101262395Sbapt# define TIMEOUT(fun, arg1, arg2, handle) timeout(fun, arg1, arg2) 102262395Sbapt# define IOCTL_CMD_T int 103262395Sbapt#endif 104262395Sbapt 105262395Sbapt#define MAXALIVECNT 3 /* max. alive packets */ 106262395Sbapt 107262395Sbapt/* 108262395Sbapt * Interface flags that can be set in an ifconfig command. 109262395Sbapt * 110262395Sbapt * Setting link0 will make the link passive, i.e. it will be marked 111262395Sbapt * as being administrative openable, but won't be opened to begin 112262395Sbapt * with. Incoming calls will be answered, or subsequent calls with 113262395Sbapt * -link1 will cause the administrative open of the LCP layer. 114262395Sbapt * 115262395Sbapt * Setting link1 will cause the link to auto-dial only as packets 116262395Sbapt * arrive to be sent. 117262395Sbapt * 118262395Sbapt * Setting IFF_DEBUG will syslog the option negotiation and state 119262395Sbapt * transitions at level kern.debug. Note: all logs consistently look 120262395Sbapt * like 121262395Sbapt * 122262395Sbapt * <if-name><unit>: <proto-name> <additional info...> 123262395Sbapt * 124262395Sbapt * with <if-name><unit> being something like "bppp0", and <proto-name> 125262395Sbapt * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 126262395Sbapt */ 127262395Sbapt 128262395Sbapt#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 129262395Sbapt#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 130262395Sbapt#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 131262395Sbapt 132262395Sbapt#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 133262395Sbapt#define PPP_UI 0x03 /* Unnumbered Information */ 134262395Sbapt#define PPP_IP 0x0021 /* Internet Protocol */ 135262395Sbapt#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 136262395Sbapt#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 137262395Sbapt#define PPP_IPX 0x002b /* Novell IPX Protocol */ 138262395Sbapt#define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 139262395Sbapt#define PPP_LCP 0xc021 /* Link Control Protocol */ 140262395Sbapt#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 141262395Sbapt#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 142262395Sbapt#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 143262395Sbapt#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 144262395Sbapt 145262395Sbapt#define CONF_REQ 1 /* PPP configure request */ 146262395Sbapt#define CONF_ACK 2 /* PPP configure acknowledge */ 147262395Sbapt#define CONF_NAK 3 /* PPP configure negative ack */ 148262395Sbapt#define CONF_REJ 4 /* PPP configure reject */ 149262395Sbapt#define TERM_REQ 5 /* PPP terminate request */ 150262395Sbapt#define TERM_ACK 6 /* PPP terminate acknowledge */ 151262395Sbapt#define CODE_REJ 7 /* PPP code reject */ 152262395Sbapt#define PROTO_REJ 8 /* PPP protocol reject */ 153262395Sbapt#define ECHO_REQ 9 /* PPP echo request */ 154262395Sbapt#define ECHO_REPLY 10 /* PPP echo reply */ 155262395Sbapt#define DISC_REQ 11 /* PPP discard request */ 156262395Sbapt 157262395Sbapt#define LCP_OPT_MRU 1 /* maximum receive unit */ 158262395Sbapt#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 159262395Sbapt#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 160262395Sbapt#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 161262395Sbapt#define LCP_OPT_MAGIC 5 /* magic number */ 162262395Sbapt#define LCP_OPT_RESERVED 6 /* reserved */ 163262395Sbapt#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 164262395Sbapt#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 165262395Sbapt 166262395Sbapt#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 167262395Sbapt#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 168262395Sbapt#define IPCP_OPT_ADDRESS 3 /* local IP address */ 169262395Sbapt 170262395Sbapt#define IPV6CP_OPT_IFID 1 /* interface identifier */ 171262395Sbapt#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 172262395Sbapt 173262395Sbapt#define PAP_REQ 1 /* PAP name/password request */ 174262395Sbapt#define PAP_ACK 2 /* PAP acknowledge */ 175262395Sbapt#define PAP_NAK 3 /* PAP fail */ 176262395Sbapt 177262395Sbapt#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 178262395Sbapt#define CHAP_RESPONSE 2 /* CHAP challenge response */ 179262395Sbapt#define CHAP_SUCCESS 3 /* CHAP response ok */ 180262395Sbapt#define CHAP_FAILURE 4 /* CHAP response failed */ 181262395Sbapt 182262395Sbapt#define CHAP_MD5 5 /* hash algorithm - MD5 */ 183262395Sbapt 184262395Sbapt#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 185262395Sbapt#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 186262395Sbapt#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 187262395Sbapt#define CISCO_ADDR_REQ 0 /* Cisco address request */ 188262395Sbapt#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 189262395Sbapt#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 190262395Sbapt 191262395Sbapt/* states are named and numbered according to RFC 1661 */ 192262395Sbapt#define STATE_INITIAL 0 193262395Sbapt#define STATE_STARTING 1 194262395Sbapt#define STATE_CLOSED 2 195262395Sbapt#define STATE_STOPPED 3 196262395Sbapt#define STATE_CLOSING 4 197262395Sbapt#define STATE_STOPPING 5 198262395Sbapt#define STATE_REQ_SENT 6 199262395Sbapt#define STATE_ACK_RCVD 7 200262395Sbapt#define STATE_ACK_SENT 8 201262395Sbapt#define STATE_OPENED 9 202262395Sbapt 203262395Sbaptstruct ppp_header { 204262395Sbapt u_char address; 205262395Sbapt u_char control; 206262395Sbapt u_short protocol; 207262395Sbapt}; 208262395Sbapt#define PPP_HEADER_LEN sizeof (struct ppp_header) 209262395Sbapt 210262395Sbaptstruct lcp_header { 211262395Sbapt u_char type; 212262395Sbapt u_char ident; 213262395Sbapt u_short len; 214262395Sbapt}; 215262395Sbapt#define LCP_HEADER_LEN sizeof (struct lcp_header) 216262395Sbapt 217262395Sbaptstruct cisco_packet { 218262395Sbapt u_long type; 219262395Sbapt u_long par1; 220262395Sbapt u_long par2; 221262395Sbapt u_short rel; 222262395Sbapt u_short time0; 223262395Sbapt u_short time1; 224262395Sbapt}; 225262395Sbapt#define CISCO_PACKET_LEN 18 226262395Sbapt 227262395Sbapt/* 228262395Sbapt * We follow the spelling and capitalization of RFC 1661 here, to make 229262395Sbapt * it easier comparing with the standard. Please refer to this RFC in 230262395Sbapt * case you can't make sense out of these abbreviation; it will also 231262395Sbapt * explain the semantics related to the various events and actions. 232262395Sbapt */ 233262395Sbaptstruct cp { 234262395Sbapt u_short proto; /* PPP control protocol number */ 235262395Sbapt u_char protoidx; /* index into state table in struct sppp */ 236262395Sbapt u_char flags; 237262395Sbapt#define CP_LCP 0x01 /* this is the LCP */ 238262395Sbapt#define CP_AUTH 0x02 /* this is an authentication protocol */ 239262395Sbapt#define CP_NCP 0x04 /* this is a NCP */ 240262395Sbapt#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 241262395Sbapt const char *name; /* name of this control protocol */ 242262395Sbapt /* event handlers */ 243262395Sbapt void (*Up)(struct sppp *sp); 244262395Sbapt void (*Down)(struct sppp *sp); 245262395Sbapt void (*Open)(struct sppp *sp); 246262395Sbapt void (*Close)(struct sppp *sp); 247262395Sbapt void (*TO)(void *sp); 248262395Sbapt int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 249262395Sbapt void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 250262395Sbapt void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 251262395Sbapt /* actions */ 252262395Sbapt void (*tlu)(struct sppp *sp); 253262395Sbapt void (*tld)(struct sppp *sp); 254262395Sbapt void (*tls)(struct sppp *sp); 255262395Sbapt void (*tlf)(struct sppp *sp); 256262395Sbapt void (*scr)(struct sppp *sp); 257262395Sbapt}; 258262395Sbapt 259262395Sbaptstatic struct sppp *spppq; 260262395Sbapt#if defined(__FreeBSD__) && __FreeBSD__ >= 3 261262395Sbaptstatic struct callout_handle keepalive_ch; 262262395Sbapt#endif 263262395Sbapt 264262395Sbapt#if defined(__FreeBSD__) && __FreeBSD__ >= 3 265262395Sbapt#define SPP_FMT "%s%d: " 266262395Sbapt#define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 267262395Sbapt#else 268262395Sbapt#define SPP_FMT "%s: " 269262395Sbapt#define SPP_ARGS(ifp) (ifp)->if_xname 270262395Sbapt#endif 271262395Sbapt 272262395Sbapt/* 273262395Sbapt * The following disgusting hack gets around the problem that IP TOS 274262395Sbapt * can't be set yet. We want to put "interactive" traffic on a high 275262395Sbapt * priority queue. To decide if traffic is interactive, we check that 276262395Sbapt * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 277262395Sbapt * 278262395Sbapt * XXX is this really still necessary? - joerg - 279262395Sbapt */ 280262395Sbaptstatic u_short interactive_ports[8] = { 281262395Sbapt 0, 513, 0, 0, 282262395Sbapt 0, 21, 0, 23, 283262395Sbapt}; 284262395Sbapt#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 285262395Sbapt 286262395Sbapt/* almost every function needs these */ 287262395Sbapt#define STDDCL \ 288262395Sbapt struct ifnet *ifp = &sp->pp_if; \ 289262395Sbapt int debug = ifp->if_flags & IFF_DEBUG 290262395Sbapt 291262395Sbaptstatic int sppp_output(struct ifnet *ifp, struct mbuf *m, 292262395Sbapt struct sockaddr *dst, struct rtentry *rt); 293262395Sbapt 294262395Sbaptstatic void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 295262395Sbaptstatic void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 296262395Sbapt 297262395Sbaptstatic void sppp_cp_input(const struct cp *cp, struct sppp *sp, 298262395Sbapt struct mbuf *m); 299262395Sbaptstatic void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 300262395Sbapt u_char ident, u_short len, void *data); 301262395Sbapt/* static void sppp_cp_timeout(void *arg); */ 302262395Sbaptstatic void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 303262395Sbapt int newstate); 304262395Sbaptstatic void sppp_auth_send(const struct cp *cp, 305262395Sbapt struct sppp *sp, unsigned int type, unsigned int id, 306262395Sbapt ...); 307262395Sbapt 308262395Sbaptstatic void sppp_up_event(const struct cp *cp, struct sppp *sp); 309262395Sbaptstatic void sppp_down_event(const struct cp *cp, struct sppp *sp); 310262395Sbaptstatic void sppp_open_event(const struct cp *cp, struct sppp *sp); 311262395Sbaptstatic void sppp_close_event(const struct cp *cp, struct sppp *sp); 312262395Sbaptstatic void sppp_to_event(const struct cp *cp, struct sppp *sp); 313262395Sbapt 314262395Sbaptstatic void sppp_null(struct sppp *sp); 315262395Sbapt 316262395Sbaptstatic void sppp_lcp_init(struct sppp *sp); 317262395Sbaptstatic void sppp_lcp_up(struct sppp *sp); 318262395Sbaptstatic void sppp_lcp_down(struct sppp *sp); 319262395Sbaptstatic void sppp_lcp_open(struct sppp *sp); 320262395Sbaptstatic void sppp_lcp_close(struct sppp *sp); 321262395Sbaptstatic void sppp_lcp_TO(void *sp); 322262395Sbaptstatic int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 323262395Sbaptstatic void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 324262395Sbaptstatic void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 325262395Sbaptstatic void sppp_lcp_tlu(struct sppp *sp); 326262395Sbaptstatic void sppp_lcp_tld(struct sppp *sp); 327262395Sbaptstatic void sppp_lcp_tls(struct sppp *sp); 328262395Sbaptstatic void sppp_lcp_tlf(struct sppp *sp); 329262395Sbaptstatic void sppp_lcp_scr(struct sppp *sp); 330262395Sbaptstatic void sppp_lcp_check_and_close(struct sppp *sp); 331262395Sbaptstatic int sppp_ncp_check(struct sppp *sp); 332262395Sbapt 333262395Sbaptstatic void sppp_ipcp_init(struct sppp *sp); 334262395Sbaptstatic void sppp_ipcp_up(struct sppp *sp); 335262395Sbaptstatic void sppp_ipcp_down(struct sppp *sp); 336262395Sbaptstatic void sppp_ipcp_open(struct sppp *sp); 337262395Sbaptstatic void sppp_ipcp_close(struct sppp *sp); 338262395Sbaptstatic void sppp_ipcp_TO(void *sp); 339262395Sbaptstatic int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 340262395Sbaptstatic void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 341262395Sbaptstatic void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 342262395Sbaptstatic void sppp_ipcp_tlu(struct sppp *sp); 343262395Sbaptstatic void sppp_ipcp_tld(struct sppp *sp); 344262395Sbaptstatic void sppp_ipcp_tls(struct sppp *sp); 345262395Sbaptstatic void sppp_ipcp_tlf(struct sppp *sp); 346262395Sbaptstatic void sppp_ipcp_scr(struct sppp *sp); 347262395Sbapt 348262395Sbaptstatic void sppp_ipv6cp_init(struct sppp *sp); 349262395Sbaptstatic void sppp_ipv6cp_up(struct sppp *sp); 350262395Sbaptstatic void sppp_ipv6cp_down(struct sppp *sp); 351262395Sbaptstatic void sppp_ipv6cp_open(struct sppp *sp); 352262395Sbaptstatic void sppp_ipv6cp_close(struct sppp *sp); 353262395Sbaptstatic void sppp_ipv6cp_TO(void *sp); 354262395Sbaptstatic int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 355262395Sbaptstatic void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 356262395Sbaptstatic void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 357262395Sbaptstatic void sppp_ipv6cp_tlu(struct sppp *sp); 358262395Sbaptstatic void sppp_ipv6cp_tld(struct sppp *sp); 359262395Sbaptstatic void sppp_ipv6cp_tls(struct sppp *sp); 360262395Sbaptstatic void sppp_ipv6cp_tlf(struct sppp *sp); 361262395Sbaptstatic void sppp_ipv6cp_scr(struct sppp *sp); 362262395Sbapt 363262395Sbaptstatic void sppp_pap_input(struct sppp *sp, struct mbuf *m); 364262395Sbaptstatic void sppp_pap_init(struct sppp *sp); 365262395Sbaptstatic void sppp_pap_open(struct sppp *sp); 366262395Sbaptstatic void sppp_pap_close(struct sppp *sp); 367262395Sbaptstatic void sppp_pap_TO(void *sp); 368262395Sbaptstatic void sppp_pap_my_TO(void *sp); 369262395Sbaptstatic void sppp_pap_tlu(struct sppp *sp); 370262395Sbaptstatic void sppp_pap_tld(struct sppp *sp); 371262395Sbaptstatic void sppp_pap_scr(struct sppp *sp); 372262395Sbapt 373262395Sbaptstatic void sppp_chap_input(struct sppp *sp, struct mbuf *m); 374262395Sbaptstatic void sppp_chap_init(struct sppp *sp); 375262395Sbaptstatic void sppp_chap_open(struct sppp *sp); 376262395Sbaptstatic void sppp_chap_close(struct sppp *sp); 377262395Sbaptstatic void sppp_chap_TO(void *sp); 378262395Sbaptstatic void sppp_chap_tlu(struct sppp *sp); 379262395Sbaptstatic void sppp_chap_tld(struct sppp *sp); 380262395Sbaptstatic void sppp_chap_scr(struct sppp *sp); 381262395Sbapt 382262395Sbaptstatic const char *sppp_auth_type_name(u_short proto, u_char type); 383262395Sbaptstatic const char *sppp_cp_type_name(u_char type); 384262395Sbaptstatic const char *sppp_dotted_quad(u_long addr); 385262395Sbaptstatic const char *sppp_ipcp_opt_name(u_char opt); 386262395Sbapt#ifdef INET6 387262395Sbaptstatic const char *sppp_ipv6cp_opt_name(u_char opt); 388262395Sbapt#endif 389262395Sbaptstatic const char *sppp_lcp_opt_name(u_char opt); 390262395Sbaptstatic const char *sppp_phase_name(enum ppp_phase phase); 391262395Sbaptstatic const char *sppp_proto_name(u_short proto); 392262395Sbaptstatic const char *sppp_state_name(int state); 393262395Sbaptstatic int sppp_params(struct sppp *sp, u_long cmd, void *data); 394262395Sbaptstatic int sppp_strnlen(u_char *p, int max); 395262395Sbaptstatic void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 396262395Sbapt u_long *srcmask); 397262395Sbaptstatic void sppp_keepalive(void *dummy); 398262395Sbaptstatic void sppp_phase_network(struct sppp *sp); 399262395Sbaptstatic void sppp_print_bytes(const u_char *p, u_short len); 400262395Sbaptstatic void sppp_print_string(const char *p, u_short len); 401262395Sbaptstatic void sppp_qflush(struct ifqueue *ifq); 402262395Sbaptstatic void sppp_set_ip_addr(struct sppp *sp, u_long src); 403262395Sbapt#ifdef INET6 404262395Sbaptstatic void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 405262395Sbapt struct in6_addr *dst, struct in6_addr *srcmask); 406262395Sbapt#ifdef IPV6CP_MYIFID_DYN 407262395Sbaptstatic void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 408262395Sbaptstatic void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 409262395Sbapt#endif 410262395Sbaptstatic void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 411262395Sbapt#endif 412262395Sbapt 413262395Sbapt/* our control protocol descriptors */ 414262395Sbaptstatic const struct cp lcp = { 415262395Sbapt PPP_LCP, IDX_LCP, CP_LCP, "lcp", 416262395Sbapt sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 417262395Sbapt sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 418262395Sbapt sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 419262395Sbapt sppp_lcp_scr 420262395Sbapt}; 421262395Sbapt 422262395Sbaptstatic const struct cp ipcp = { 423262395Sbapt PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp", 424262395Sbapt sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 425262395Sbapt sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 426262395Sbapt sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 427262395Sbapt sppp_ipcp_scr 428262395Sbapt}; 429262395Sbapt 430262395Sbaptstatic const struct cp ipv6cp = { 431262395Sbapt PPP_IPV6CP, IDX_IPV6CP, 432262395Sbapt#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 433262395Sbapt CP_NCP, 434262395Sbapt#else 435262395Sbapt 0, 436262395Sbapt#endif 437262395Sbapt "ipv6cp", 438262395Sbapt sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 439262395Sbapt sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 440262395Sbapt sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 441262395Sbapt sppp_ipv6cp_scr 442262395Sbapt}; 443262395Sbapt 444262395Sbaptstatic const struct cp pap = { 445262395Sbapt PPP_PAP, IDX_PAP, CP_AUTH, "pap", 446262395Sbapt sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 447262395Sbapt sppp_pap_TO, 0, 0, 0, 448262395Sbapt sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 449262395Sbapt sppp_pap_scr 450262395Sbapt}; 451262395Sbapt 452262395Sbaptstatic const struct cp chap = { 453262395Sbapt PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 454262395Sbapt sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 455262395Sbapt sppp_chap_TO, 0, 0, 0, 456262395Sbapt sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 457262395Sbapt sppp_chap_scr 458262395Sbapt}; 459262395Sbapt 460262395Sbaptstatic const struct cp *cps[IDX_COUNT] = { 461262395Sbapt &lcp, /* IDX_LCP */ 462262395Sbapt &ipcp, /* IDX_IPCP */ 463262395Sbapt &ipv6cp, /* IDX_IPV6CP */ 464262395Sbapt &pap, /* IDX_PAP */ 465262395Sbapt &chap, /* IDX_CHAP */ 466262395Sbapt}; 467262395Sbapt 468262395Sbaptstatic int 469262395Sbaptsppp_modevent(module_t mod, int type, void *unused) 470262395Sbapt{ 471262395Sbapt switch (type) { 472262395Sbapt case MOD_LOAD: 473262395Sbapt break; 474262395Sbapt case MOD_UNLOAD: 475262395Sbapt return EACCES; 476262395Sbapt break; 477262395Sbapt default: 478262395Sbapt break; 479262395Sbapt } 480262395Sbapt return 0; 481262395Sbapt} 482262395Sbaptstatic moduledata_t spppmod = { 483262395Sbapt "sppp", 484262395Sbapt sppp_modevent, 485262395Sbapt 0 486262395Sbapt}; 487262395SbaptMODULE_VERSION(sppp, 1); 488262395SbaptDECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 489262395Sbapt 490262395Sbapt/* 491262395Sbapt * Exported functions, comprising our interface to the lower layer. 492262395Sbapt */ 493262395Sbapt 494262395Sbapt/* 495262395Sbapt * Process the received packet. 496262395Sbapt */ 497262395Sbaptvoid 498262395Sbaptsppp_input(struct ifnet *ifp, struct mbuf *m) 499262395Sbapt{ 500262395Sbapt struct ppp_header *h; 501262395Sbapt struct ifqueue *inq = 0; 502262395Sbapt struct sppp *sp = (struct sppp *)ifp; 503262395Sbapt int debug = ifp->if_flags & IFF_DEBUG; 504262395Sbapt 505262395Sbapt if (ifp->if_flags & IFF_UP) 506262395Sbapt /* Count received bytes, add FCS and one flag */ 507262395Sbapt ifp->if_ibytes += m->m_pkthdr.len + 3; 508262395Sbapt 509262395Sbapt if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 510262395Sbapt /* Too small packet, drop it. */ 511262395Sbapt if (debug) 512262395Sbapt log(LOG_DEBUG, 513262395Sbapt SPP_FMT "input packet is too small, %d bytes\n", 514262395Sbapt SPP_ARGS(ifp), m->m_pkthdr.len); 515262395Sbapt drop: 516262395Sbapt ++ifp->if_ierrors; 517262395Sbapt ++ifp->if_iqdrops; 518262395Sbapt m_freem (m); 519262395Sbapt return; 520262395Sbapt } 521262395Sbapt 522262395Sbapt /* Get PPP header. */ 523262395Sbapt h = mtod (m, struct ppp_header*); 524262395Sbapt m_adj (m, PPP_HEADER_LEN); 525262395Sbapt 526262395Sbapt switch (h->address) { 527262395Sbapt case PPP_ALLSTATIONS: 528262395Sbapt if (h->control != PPP_UI) 529262395Sbapt goto invalid; 530262395Sbapt if (sp->pp_mode == IFF_CISCO) { 531262395Sbapt if (debug) 532262395Sbapt log(LOG_DEBUG, 533262395Sbapt SPP_FMT "PPP packet in Cisco mode " 534262395Sbapt "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 535262395Sbapt SPP_ARGS(ifp), 536262395Sbapt h->address, h->control, ntohs(h->protocol)); 537262395Sbapt goto drop; 538262395Sbapt } 539262395Sbapt switch (ntohs (h->protocol)) { 540262395Sbapt default: 541262395Sbapt if (debug) 542262395Sbapt log(LOG_DEBUG, 543262395Sbapt SPP_FMT "rejecting protocol " 544262395Sbapt "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 545262395Sbapt SPP_ARGS(ifp), 546262395Sbapt h->address, h->control, ntohs(h->protocol)); 547263648Sbapt if (sp->state[IDX_LCP] == STATE_OPENED) 548263648Sbapt sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 549263648Sbapt ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 550263648Sbapt &h->protocol); 551262395Sbapt ++ifp->if_noproto; 552262395Sbapt goto drop; 553262395Sbapt case PPP_LCP: 554262395Sbapt sppp_cp_input(&lcp, sp, m); 555262395Sbapt m_freem (m); 556262395Sbapt return; 557262395Sbapt case PPP_PAP: 558262395Sbapt if (sp->pp_phase >= PHASE_AUTHENTICATE) 559262395Sbapt sppp_pap_input(sp, m); 560262395Sbapt m_freem (m); 561263648Sbapt return; 562263648Sbapt case PPP_CHAP: 563262395Sbapt if (sp->pp_phase >= PHASE_AUTHENTICATE) 564262395Sbapt sppp_chap_input(sp, m); 565262395Sbapt m_freem (m); 566262395Sbapt return; 567263648Sbapt#ifdef INET 568262395Sbapt case PPP_IPCP: 569262395Sbapt if (sp->pp_phase == PHASE_NETWORK) 570262395Sbapt sppp_cp_input(&ipcp, sp, m); 571262395Sbapt m_freem (m); 572262395Sbapt return; 573262395Sbapt case PPP_IP: 574262395Sbapt if (sp->state[IDX_IPCP] == STATE_OPENED) { 575262395Sbapt schednetisr (NETISR_IP); 576262395Sbapt inq = &ipintrq; 577262395Sbapt } 578262395Sbapt break; 579262395Sbapt#endif 580262395Sbapt#ifdef INET6 581262395Sbapt case PPP_IPV6CP: 582262395Sbapt if (sp->pp_phase == PHASE_NETWORK) 583262395Sbapt sppp_cp_input(&ipv6cp, sp, m); 584262395Sbapt m_freem (m); 585262395Sbapt return; 586262395Sbapt 587262395Sbapt case PPP_IPV6: 588262395Sbapt if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 589262395Sbapt schednetisr (NETISR_IPV6); 590262395Sbapt inq = &ip6intrq; 591262395Sbapt } 592262395Sbapt break; 593262395Sbapt#endif 594262395Sbapt#ifdef IPX 595262395Sbapt case PPP_IPX: 596262395Sbapt /* IPX IPXCP not implemented yet */ 597262395Sbapt if (sp->pp_phase == PHASE_NETWORK) { 598262395Sbapt schednetisr (NETISR_IPX); 599262395Sbapt inq = &ipxintrq; 600262395Sbapt } 601262395Sbapt break; 602262395Sbapt#endif 603262395Sbapt#ifdef NS 604262395Sbapt case PPP_XNS: 605262395Sbapt /* XNS IDPCP not implemented yet */ 606262395Sbapt if (sp->pp_phase == PHASE_NETWORK) { 607262395Sbapt schednetisr (NETISR_NS); 608262395Sbapt inq = &nsintrq; 609262395Sbapt } 610262395Sbapt break; 611262395Sbapt#endif 612262395Sbapt } 613262395Sbapt break; 614262395Sbapt case CISCO_MULTICAST: 615262395Sbapt case CISCO_UNICAST: 616262395Sbapt /* Don't check the control field here (RFC 1547). */ 617262395Sbapt if (sp->pp_mode != IFF_CISCO) { 618262395Sbapt if (debug) 619262395Sbapt log(LOG_DEBUG, 620262395Sbapt SPP_FMT "Cisco packet in PPP mode " 621262395Sbapt "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 622262395Sbapt SPP_ARGS(ifp), 623262395Sbapt h->address, h->control, ntohs(h->protocol)); 624262395Sbapt goto drop; 625262395Sbapt } 626262395Sbapt switch (ntohs (h->protocol)) { 627262395Sbapt default: 628262395Sbapt ++ifp->if_noproto; 629262395Sbapt goto invalid; 630262395Sbapt case CISCO_KEEPALIVE: 631262395Sbapt sppp_cisco_input ((struct sppp*) ifp, m); 632262395Sbapt m_freem (m); 633262395Sbapt return; 634262395Sbapt#ifdef INET 635262395Sbapt case ETHERTYPE_IP: 636262395Sbapt schednetisr (NETISR_IP); 637262395Sbapt inq = &ipintrq; 638262395Sbapt break; 639262395Sbapt#endif 640262395Sbapt#ifdef INET6 641262395Sbapt case ETHERTYPE_IPV6: 642262395Sbapt schednetisr (NETISR_IPV6); 643262395Sbapt inq = &ip6intrq; 644262395Sbapt break; 645262395Sbapt#endif 646262395Sbapt#ifdef IPX 647262395Sbapt case ETHERTYPE_IPX: 648262395Sbapt schednetisr (NETISR_IPX); 649262395Sbapt inq = &ipxintrq; 650262395Sbapt break; 651262395Sbapt#endif 652262395Sbapt#ifdef NS 653262395Sbapt case ETHERTYPE_NS: 654262395Sbapt schednetisr (NETISR_NS); 655262395Sbapt inq = &nsintrq; 656262395Sbapt break; 657262395Sbapt#endif 658262395Sbapt } 659262395Sbapt break; 660262395Sbapt default: /* Invalid PPP packet. */ 661262395Sbapt invalid: 662262395Sbapt if (debug) 663262395Sbapt log(LOG_DEBUG, 664262395Sbapt SPP_FMT "invalid input packet " 665263648Sbapt "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 666263648Sbapt SPP_ARGS(ifp), 667262395Sbapt h->address, h->control, ntohs(h->protocol)); 668262395Sbapt goto drop; 669262395Sbapt } 670262395Sbapt 671262395Sbapt if (! (ifp->if_flags & IFF_UP) || ! inq) 672262395Sbapt goto drop; 673262395Sbapt 674262395Sbapt /* Check queue. */ 675262395Sbapt if (! IF_HANDOFF(inq, m, NULL)) { 676262395Sbapt if (debug) 677262395Sbapt log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 678262395Sbapt SPP_ARGS(ifp)); 679262395Sbapt goto drop; 680262395Sbapt } 681262395Sbapt} 682262395Sbapt 683262395Sbapt/* 684262395Sbapt * Enqueue transmit packet. 685262395Sbapt */ 686262395Sbaptstatic int 687263648Sbaptsppp_output(struct ifnet *ifp, struct mbuf *m, 688262395Sbapt struct sockaddr *dst, struct rtentry *rt) 689262395Sbapt{ 690262395Sbapt struct sppp *sp = (struct sppp*) ifp; 691262395Sbapt struct ppp_header *h; 692262395Sbapt struct ifqueue *ifq = NULL; 693262395Sbapt int s, rv = 0; 694262395Sbapt int debug = ifp->if_flags & IFF_DEBUG; 695262395Sbapt 696262395Sbapt s = splimp(); 697262395Sbapt 698262395Sbapt if ((ifp->if_flags & IFF_UP) == 0 || 699262395Sbapt (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 700262395Sbapt m_freem (m); 701262395Sbapt splx (s); 702262395Sbapt return (ENETDOWN); 703262395Sbapt } 704262395Sbapt 705262395Sbapt if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 706262395Sbapt /* 707262395Sbapt * Interface is not yet running, but auto-dial. Need 708262395Sbapt * to start LCP for it. 709262395Sbapt */ 710262395Sbapt ifp->if_flags |= IFF_RUNNING; 711262395Sbapt splx(s); 712262395Sbapt lcp.Open(sp); 713262395Sbapt s = splimp(); 714262395Sbapt } 715262395Sbapt 716262395Sbapt ifq = &ifp->if_snd; 717263648Sbapt#ifdef INET 718262395Sbapt if (dst->sa_family == AF_INET) { 719262395Sbapt /* XXX Check mbuf length here? */ 720262395Sbapt struct ip *ip = mtod (m, struct ip*); 721262395Sbapt struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 722262395Sbapt 723262395Sbapt /* 724262395Sbapt * When using dynamic local IP address assignment by using 725262395Sbapt * 0.0.0.0 as a local address, the first TCP session will 726263648Sbapt * not connect because the local TCP checksum is computed 727262395Sbapt * using 0.0.0.0 which will later become our real IP address 728262395Sbapt * so the TCP checksum computed at the remote end will 729262395Sbapt * become invalid. So we 730262395Sbapt * - don't let packets with src ip addr 0 thru 731262395Sbapt * - we flag TCP packets with src ip 0 as an error 732262395Sbapt */ 733262395Sbapt 734262395Sbapt if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 735262395Sbapt { 736262395Sbapt m_freem(m); 737262395Sbapt splx(s); 738262395Sbapt if(ip->ip_p == IPPROTO_TCP) 739262395Sbapt return(EADDRNOTAVAIL); 740262395Sbapt else 741262395Sbapt return(0); 742262395Sbapt } 743262395Sbapt 744262395Sbapt /* 745262395Sbapt * Put low delay, telnet, rlogin and ftp control packets 746263648Sbapt * in front of the queue. 747263648Sbapt */ 748262395Sbapt if (_IF_QFULL(&sp->pp_fastq)) 749262395Sbapt ; 750262395Sbapt else if (ip->ip_tos & IPTOS_LOWDELAY) 751262395Sbapt ifq = &sp->pp_fastq; 752262395Sbapt else if (m->m_len < sizeof *ip + sizeof *tcp) 753263648Sbapt ; 754262395Sbapt else if (ip->ip_p != IPPROTO_TCP) 755262395Sbapt ; 756262395Sbapt else if (INTERACTIVE (ntohs (tcp->th_sport))) 757262395Sbapt ifq = &sp->pp_fastq; 758262395Sbapt else if (INTERACTIVE (ntohs (tcp->th_dport))) 759262395Sbapt ifq = &sp->pp_fastq; 760262395Sbapt } 761262395Sbapt#endif 762262395Sbapt 763262395Sbapt#ifdef INET6 764262395Sbapt if (dst->sa_family == AF_INET6) { 765263648Sbapt /* XXX do something tricky here? */ 766263648Sbapt } 767262395Sbapt#endif 768262395Sbapt 769262395Sbapt /* 770262395Sbapt * Prepend general data packet PPP header. For now, IP only. 771263648Sbapt */ 772262395Sbapt M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 773262395Sbapt if (! m) { 774262395Sbapt if (debug) 775262395Sbapt log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 776262395Sbapt SPP_ARGS(ifp)); 777262395Sbapt ++ifp->if_oerrors; 778262395Sbapt splx (s); 779262395Sbapt return (ENOBUFS); 780262395Sbapt } 781262395Sbapt /* 782262395Sbapt * May want to check size of packet 783262395Sbapt * (albeit due to the implementation it's always enough) 784263648Sbapt */ 785263648Sbapt h = mtod (m, struct ppp_header*); 786262395Sbapt if (sp->pp_mode == IFF_CISCO) { 787262395Sbapt h->address = CISCO_UNICAST; /* unicast address */ 788262395Sbapt h->control = 0; 789262395Sbapt } else { 790262395Sbapt h->address = PPP_ALLSTATIONS; /* broadcast address */ 791262395Sbapt h->control = PPP_UI; /* Unnumbered Info */ 792262395Sbapt } 793262395Sbapt 794262395Sbapt switch (dst->sa_family) { 795262395Sbapt#ifdef INET 796262395Sbapt case AF_INET: /* Internet Protocol */ 797262395Sbapt if (sp->pp_mode == IFF_CISCO) 798262395Sbapt h->protocol = htons (ETHERTYPE_IP); 799262395Sbapt else { 800262395Sbapt /* 801262395Sbapt * Don't choke with an ENETDOWN early. It's 802262395Sbapt * possible that we just started dialing out, 803262395Sbapt * so don't drop the packet immediately. If 804262395Sbapt * we notice that we run out of buffer space 805262395Sbapt * below, we will however remember that we are 806262395Sbapt * not ready to carry IP packets, and return 807262395Sbapt * ENETDOWN, as opposed to ENOBUFS. 808262395Sbapt */ 809262395Sbapt h->protocol = htons(PPP_IP); 810262395Sbapt if (sp->state[IDX_IPCP] != STATE_OPENED) 811262395Sbapt rv = ENETDOWN; 812262395Sbapt } 813262395Sbapt break; 814263648Sbapt#endif 815263648Sbapt#ifdef INET6 816262395Sbapt case AF_INET6: /* Internet Protocol */ 817262395Sbapt if (sp->pp_mode == IFF_CISCO) 818262395Sbapt h->protocol = htons (ETHERTYPE_IPV6); 819262395Sbapt else { 820262395Sbapt /* 821262395Sbapt * Don't choke with an ENETDOWN early. It's 822262395Sbapt * possible that we just started dialing out, 823262395Sbapt * so don't drop the packet immediately. If 824262395Sbapt * we notice that we run out of buffer space 825262395Sbapt * below, we will however remember that we are 826262395Sbapt * not ready to carry IP packets, and return 827262395Sbapt * ENETDOWN, as opposed to ENOBUFS. 828262395Sbapt */ 829262395Sbapt h->protocol = htons(PPP_IPV6); 830262395Sbapt if (sp->state[IDX_IPV6CP] != STATE_OPENED) 831262395Sbapt rv = ENETDOWN; 832262395Sbapt } 833262395Sbapt break; 834262395Sbapt#endif 835262395Sbapt#ifdef NS 836262395Sbapt case AF_NS: /* Xerox NS Protocol */ 837262395Sbapt h->protocol = htons (sp->pp_mode == IFF_CISCO ? 838262395Sbapt ETHERTYPE_NS : PPP_XNS); 839262395Sbapt break; 840262395Sbapt#endif 841262395Sbapt#ifdef IPX 842262395Sbapt case AF_IPX: /* Novell IPX Protocol */ 843262395Sbapt h->protocol = htons (sp->pp_mode == IFF_CISCO ? 844262395Sbapt ETHERTYPE_IPX : PPP_IPX); 845262395Sbapt break; 846262395Sbapt#endif 847262395Sbaptnosupport: 848262395Sbapt default: 849262395Sbapt m_freem (m); 850262395Sbapt ++ifp->if_oerrors; 851262395Sbapt splx (s); 852262395Sbapt return (EAFNOSUPPORT); 853262395Sbapt } 854262395Sbapt 855262395Sbapt /* 856262395Sbapt * Queue message on interface, and start output if interface 857262395Sbapt * not yet active. Also adjust output byte count. 858262395Sbapt * The packet length includes header, FCS and 1 flag, 859262395Sbapt * according to RFC 1333. 860262395Sbapt */ 861262395Sbapt if (! IF_HANDOFF_ADJ(ifq, m, ifp, 3)) { 862262395Sbapt ++ifp->if_oerrors; 863262395Sbapt return (rv? rv: ENOBUFS); 864262395Sbapt } 865262395Sbapt return (0); 866262395Sbapt} 867262395Sbapt 868262395Sbaptvoid 869262395Sbaptsppp_attach(struct ifnet *ifp) 870262395Sbapt{ 871262395Sbapt struct sppp *sp = (struct sppp*) ifp; 872262395Sbapt 873262395Sbapt /* Initialize keepalive handler. */ 874262395Sbapt if (! spppq) 875262395Sbapt TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 876262395Sbapt 877262395Sbapt /* Insert new entry into the keepalive list. */ 878262395Sbapt sp->pp_next = spppq; 879262395Sbapt spppq = sp; 880262395Sbapt 881262395Sbapt sp->pp_if.if_mtu = PP_MTU; 882262395Sbapt sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 883262395Sbapt sp->pp_if.if_type = IFT_PPP; 884262395Sbapt sp->pp_if.if_output = sppp_output; 885262395Sbapt#if 0 886262395Sbapt sp->pp_flags = PP_KEEPALIVE; 887262395Sbapt#endif 888262395Sbapt sp->pp_if.if_snd.ifq_maxlen = 32; 889262395Sbapt sp->pp_fastq.ifq_maxlen = 32; 890262395Sbapt sp->pp_cpq.ifq_maxlen = 20; 891262395Sbapt sp->pp_loopcnt = 0; 892262395Sbapt sp->pp_alivecnt = 0; 893262395Sbapt bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 894262395Sbapt bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 895262395Sbapt sp->pp_phase = PHASE_DEAD; 896262395Sbapt sp->pp_up = lcp.Up; 897262395Sbapt sp->pp_down = lcp.Down; 898262395Sbapt mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", MTX_DEF); 899262395Sbapt mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", MTX_DEF); 900262395Sbapt 901262395Sbapt sppp_lcp_init(sp); 902262395Sbapt sppp_ipcp_init(sp); 903262395Sbapt sppp_ipv6cp_init(sp); 904262395Sbapt sppp_pap_init(sp); 905262395Sbapt sppp_chap_init(sp); 906262395Sbapt} 907262395Sbapt 908262395Sbaptvoid 909262395Sbaptsppp_detach(struct ifnet *ifp) 910262395Sbapt{ 911262395Sbapt struct sppp **q, *p, *sp = (struct sppp*) ifp; 912262395Sbapt int i; 913262395Sbapt 914262395Sbapt /* Remove the entry from the keepalive list. */ 915262395Sbapt for (q = &spppq; (p = *q); q = &p->pp_next) 916262395Sbapt if (p == sp) { 917262395Sbapt *q = p->pp_next; 918262395Sbapt break; 919262395Sbapt } 920262395Sbapt 921262395Sbapt /* Stop keepalive handler. */ 922262395Sbapt if (! spppq) 923262395Sbapt UNTIMEOUT(sppp_keepalive, 0, keepalive_ch); 924262395Sbapt 925262395Sbapt for (i = 0; i < IDX_COUNT; i++) 926262395Sbapt UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]); 927262395Sbapt UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 928262395Sbapt mtx_destroy(&sp->pp_cpq.ifq_mtx); 929262395Sbapt mtx_destroy(&sp->pp_fastq.ifq_mtx); 930262395Sbapt} 931262395Sbapt 932262395Sbapt/* 933262395Sbapt * Flush the interface output queue. 934262395Sbapt */ 935262395Sbaptvoid 936262395Sbaptsppp_flush(struct ifnet *ifp) 937262395Sbapt{ 938262395Sbapt struct sppp *sp = (struct sppp*) ifp; 939262395Sbapt 940262395Sbapt sppp_qflush (&sp->pp_if.if_snd); 941262395Sbapt sppp_qflush (&sp->pp_fastq); 942262395Sbapt sppp_qflush (&sp->pp_cpq); 943262395Sbapt} 944262395Sbapt 945262395Sbapt/* 946262395Sbapt * Check if the output queue is empty. 947262395Sbapt */ 948262395Sbaptint 949262395Sbaptsppp_isempty(struct ifnet *ifp) 950262395Sbapt{ 951262395Sbapt struct sppp *sp = (struct sppp*) ifp; 952262395Sbapt int empty, s; 953262395Sbapt 954262395Sbapt s = splimp(); 955262395Sbapt empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 956262395Sbapt !sp->pp_if.if_snd.ifq_head; 957262395Sbapt splx(s); 958262395Sbapt return (empty); 959262395Sbapt} 960262395Sbapt 961262395Sbapt/* 962262395Sbapt * Get next packet to send. 963262395Sbapt */ 964262395Sbaptstruct mbuf * 965262395Sbaptsppp_dequeue(struct ifnet *ifp) 966262395Sbapt{ 967262395Sbapt struct sppp *sp = (struct sppp*) ifp; 968262395Sbapt struct mbuf *m; 969262395Sbapt int s; 970262395Sbapt 971262395Sbapt s = splimp(); 972262395Sbapt /* 973262395Sbapt * Process only the control protocol queue until we have at 974262395Sbapt * least one NCP open. 975262395Sbapt * 976262395Sbapt * Do always serve all three queues in Cisco mode. 977262395Sbapt */ 978262395Sbapt IF_DEQUEUE(&sp->pp_cpq, m); 979262395Sbapt if (m == NULL && 980262395Sbapt (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO)) { 981262395Sbapt IF_DEQUEUE(&sp->pp_fastq, m); 982262395Sbapt if (m == NULL) 983262395Sbapt IF_DEQUEUE (&sp->pp_if.if_snd, m); 984262395Sbapt } 985262395Sbapt splx(s); 986262395Sbapt return m; 987262395Sbapt} 988262395Sbapt 989262395Sbapt/* 990262395Sbapt * Pick the next packet, do not remove it from the queue. 991262395Sbapt */ 992262395Sbaptstruct mbuf * 993262395Sbaptsppp_pick(struct ifnet *ifp) 994262395Sbapt{ 995262395Sbapt struct sppp *sp = (struct sppp*)ifp; 996262395Sbapt struct mbuf *m; 997262395Sbapt int s; 998262395Sbapt 999262395Sbapt s= splimp (); 1000262395Sbapt 1001262395Sbapt m = sp->pp_cpq.ifq_head; 1002262395Sbapt if (m == NULL && 1003262395Sbapt (sp->pp_phase == PHASE_NETWORK || sp->pp_mode == IFF_CISCO)) 1004262395Sbapt if ((m = sp->pp_fastq.ifq_head) == NULL) 1005262395Sbapt m = sp->pp_if.if_snd.ifq_head; 1006262395Sbapt splx (s); 1007262395Sbapt return (m); 1008262395Sbapt} 1009262395Sbapt 1010262395Sbapt/* 1011262395Sbapt * Process an ioctl request. Called on low priority level. 1012262395Sbapt */ 1013262395Sbaptint 1014262395Sbaptsppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1015262395Sbapt{ 1016262395Sbapt struct ifreq *ifr = (struct ifreq*) data; 1017262395Sbapt struct sppp *sp = (struct sppp*) ifp; 1018262395Sbapt int s, rv, going_up, going_down, newmode; 1019262395Sbapt 1020262395Sbapt s = splimp(); 1021262395Sbapt rv = 0; 1022262395Sbapt switch (cmd) { 1023262395Sbapt case SIOCAIFADDR: 1024262395Sbapt case SIOCSIFDSTADDR: 1025262395Sbapt break; 1026262395Sbapt 1027262395Sbapt case SIOCSIFADDR: 1028262395Sbapt if_up(ifp); 1029262395Sbapt /* fall through... */ 1030262395Sbapt 1031262395Sbapt case SIOCSIFFLAGS: 1032262395Sbapt going_up = ifp->if_flags & IFF_UP && 1033262395Sbapt (ifp->if_flags & IFF_RUNNING) == 0; 1034262395Sbapt going_down = (ifp->if_flags & IFF_UP) == 0 && 1035262395Sbapt ifp->if_flags & IFF_RUNNING; 1036262395Sbapt 1037262395Sbapt newmode = ifp->if_flags & IFF_PASSIVE; 1038262395Sbapt if (!newmode) 1039262395Sbapt newmode = ifp->if_flags & IFF_AUTO; 1040262395Sbapt if (!newmode) 1041262395Sbapt newmode = ifp->if_flags & IFF_CISCO; 1042262395Sbapt ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1043262395Sbapt ifp->if_flags |= newmode; 1044262395Sbapt 1045262395Sbapt if (newmode != sp->pp_mode) { 1046262395Sbapt going_down = 1; 1047262395Sbapt if (!going_up) 1048262395Sbapt going_up = ifp->if_flags & IFF_RUNNING; 1049262395Sbapt } 1050262395Sbapt 1051262395Sbapt if (going_down) { 1052262395Sbapt if (sp->pp_mode != IFF_CISCO) 1053262395Sbapt lcp.Close(sp); 1054262395Sbapt else if (sp->pp_tlf) 1055262395Sbapt (sp->pp_tlf)(sp); 1056262395Sbapt sppp_flush(ifp); 1057262395Sbapt ifp->if_flags &= ~IFF_RUNNING; 1058262395Sbapt sp->pp_mode = newmode; 1059262395Sbapt } 1060262395Sbapt 1061262395Sbapt if (going_up) { 1062262395Sbapt if (sp->pp_mode != IFF_CISCO) 1063262395Sbapt lcp.Close(sp); 1064262395Sbapt sp->pp_mode = newmode; 1065262395Sbapt if (sp->pp_mode == 0) { 1066262395Sbapt ifp->if_flags |= IFF_RUNNING; 1067262395Sbapt lcp.Open(sp); 1068262395Sbapt } 1069262395Sbapt if (sp->pp_mode == IFF_CISCO) { 1070262395Sbapt if (sp->pp_tls) 1071262395Sbapt (sp->pp_tls)(sp); 1072262395Sbapt ifp->if_flags |= IFF_RUNNING; 1073262395Sbapt } 1074262395Sbapt } 1075262395Sbapt 1076262395Sbapt break; 1077262395Sbapt 1078262395Sbapt#ifdef SIOCSIFMTU 1079262395Sbapt#ifndef ifr_mtu 1080262395Sbapt#define ifr_mtu ifr_metric 1081262395Sbapt#endif 1082262395Sbapt case SIOCSIFMTU: 1083262395Sbapt if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1084262395Sbapt return (EINVAL); 1085262395Sbapt ifp->if_mtu = ifr->ifr_mtu; 1086262395Sbapt break; 1087262395Sbapt#endif 1088262395Sbapt#ifdef SLIOCSETMTU 1089262395Sbapt case SLIOCSETMTU: 1090262395Sbapt if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1091262395Sbapt return (EINVAL); 1092262395Sbapt ifp->if_mtu = *(short*)data; 1093262395Sbapt break; 1094262395Sbapt#endif 1095262395Sbapt#ifdef SIOCGIFMTU 1096262395Sbapt case SIOCGIFMTU: 1097262395Sbapt ifr->ifr_mtu = ifp->if_mtu; 1098262395Sbapt break; 1099262395Sbapt#endif 1100262395Sbapt#ifdef SLIOCGETMTU 1101262395Sbapt case SLIOCGETMTU: 1102262395Sbapt *(short*)data = ifp->if_mtu; 1103262395Sbapt break; 1104262395Sbapt#endif 1105262395Sbapt case SIOCADDMULTI: 1106262395Sbapt case SIOCDELMULTI: 1107262395Sbapt break; 1108262395Sbapt 1109262395Sbapt case SIOCGIFGENERIC: 1110262395Sbapt case SIOCSIFGENERIC: 1111262395Sbapt rv = sppp_params(sp, cmd, data); 1112262395Sbapt break; 1113262395Sbapt 1114262395Sbapt default: 1115262395Sbapt rv = ENOTTY; 1116262395Sbapt } 1117262395Sbapt splx(s); 1118262395Sbapt return rv; 1119262395Sbapt} 1120262395Sbapt 1121262395Sbapt/* 1122262395Sbapt * Cisco framing implementation. 1123262395Sbapt */ 1124262395Sbapt 1125262395Sbapt/* 1126262395Sbapt * Handle incoming Cisco keepalive protocol packets. 1127262395Sbapt */ 1128262395Sbaptstatic void 1129262395Sbaptsppp_cisco_input(struct sppp *sp, struct mbuf *m) 1130262395Sbapt{ 1131262395Sbapt STDDCL; 1132262395Sbapt struct cisco_packet *h; 1133262395Sbapt u_long me, mymask; 1134262395Sbapt 1135262395Sbapt if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1136262395Sbapt if (debug) 1137262395Sbapt log(LOG_DEBUG, 1138262395Sbapt SPP_FMT "cisco invalid packet length: %d bytes\n", 1139262395Sbapt SPP_ARGS(ifp), m->m_pkthdr.len); 1140262395Sbapt return; 1141262395Sbapt } 1142262395Sbapt h = mtod (m, struct cisco_packet*); 1143262395Sbapt if (debug) 1144262395Sbapt log(LOG_DEBUG, 1145262395Sbapt SPP_FMT "cisco input: %d bytes " 1146262395Sbapt "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1147262395Sbapt SPP_ARGS(ifp), m->m_pkthdr.len, 1148262395Sbapt (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1149262395Sbapt (u_int)h->time0, (u_int)h->time1); 1150262395Sbapt switch (ntohl (h->type)) { 1151262395Sbapt default: 1152262395Sbapt if (debug) 1153262395Sbapt log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1154262395Sbapt SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1155262395Sbapt break; 1156262395Sbapt case CISCO_ADDR_REPLY: 1157262395Sbapt /* Reply on address request, ignore */ 1158262395Sbapt break; 1159262395Sbapt case CISCO_KEEPALIVE_REQ: 1160262395Sbapt sp->pp_alivecnt = 0; 1161262395Sbapt sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1162262395Sbapt if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1163262395Sbapt /* Local and remote sequence numbers are equal. 1164262395Sbapt * Probably, the line is in loopback mode. */ 1165262395Sbapt if (sp->pp_loopcnt >= MAXALIVECNT) { 1166262395Sbapt printf (SPP_FMT "loopback\n", 1167262395Sbapt SPP_ARGS(ifp)); 1168262395Sbapt sp->pp_loopcnt = 0; 1169262395Sbapt if (ifp->if_flags & IFF_UP) { 1170262395Sbapt if_down (ifp); 1171262395Sbapt sppp_qflush (&sp->pp_cpq); 1172262395Sbapt } 1173262395Sbapt } 1174262395Sbapt ++sp->pp_loopcnt; 1175262395Sbapt 1176262395Sbapt /* Generate new local sequence number */ 1177262395Sbapt#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1178262395Sbapt sp->pp_seq[IDX_LCP] = random(); 1179262395Sbapt#else 1180262395Sbapt sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec; 1181262395Sbapt#endif 1182262395Sbapt break; 1183262395Sbapt } 1184262395Sbapt sp->pp_loopcnt = 0; 1185262395Sbapt if (! (ifp->if_flags & IFF_UP) && 1186262395Sbapt (ifp->if_flags & IFF_RUNNING)) { 1187262395Sbapt if_up(ifp); 1188262395Sbapt printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1189262395Sbapt } 1190262395Sbapt break; 1191262395Sbapt case CISCO_ADDR_REQ: 1192262395Sbapt sppp_get_ip_addrs(sp, &me, 0, &mymask); 1193262395Sbapt if (me != 0L) 1194262395Sbapt sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1195262395Sbapt break; 1196262395Sbapt } 1197262395Sbapt} 1198262395Sbapt 1199262395Sbapt/* 1200262395Sbapt * Send Cisco keepalive packet. 1201262395Sbapt */ 1202262395Sbaptstatic void 1203262395Sbaptsppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1204262395Sbapt{ 1205262395Sbapt STDDCL; 1206262395Sbapt struct ppp_header *h; 1207262395Sbapt struct cisco_packet *ch; 1208262395Sbapt struct mbuf *m; 1209262395Sbapt#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1210262395Sbapt struct timeval tv; 1211262395Sbapt#else 1212262395Sbapt u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1213262395Sbapt#endif 1214262395Sbapt 1215262395Sbapt#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1216262395Sbapt getmicrouptime(&tv); 1217262395Sbapt#endif 1218262395Sbapt 1219262395Sbapt MGETHDR (m, M_DONTWAIT, MT_DATA); 1220262395Sbapt if (! m) 1221262395Sbapt return; 1222262395Sbapt m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1223262395Sbapt m->m_pkthdr.rcvif = 0; 1224262395Sbapt 1225262395Sbapt h = mtod (m, struct ppp_header*); 1226262395Sbapt h->address = CISCO_MULTICAST; 1227262395Sbapt h->control = 0; 1228262395Sbapt h->protocol = htons (CISCO_KEEPALIVE); 1229262395Sbapt 1230262395Sbapt ch = (struct cisco_packet*) (h + 1); 1231262395Sbapt ch->type = htonl (type); 1232262395Sbapt ch->par1 = htonl (par1); 1233262395Sbapt ch->par2 = htonl (par2); 1234262395Sbapt ch->rel = -1; 1235262395Sbapt 1236262395Sbapt#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1237262395Sbapt ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1238262395Sbapt ch->time1 = htons ((u_short) tv.tv_sec); 1239262395Sbapt#else 1240262395Sbapt ch->time0 = htons ((u_short) (t >> 16)); 1241262395Sbapt ch->time1 = htons ((u_short) t); 1242262395Sbapt#endif 1243262395Sbapt 1244262395Sbapt if (debug) 1245262975Sbapt log(LOG_DEBUG, 1246262975Sbapt SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1247262975Sbapt SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1248262975Sbapt (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1249262975Sbapt 1250262975Sbapt if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1251262975Sbapt ifp->if_oerrors++; 1252262975Sbapt} 1253262975Sbapt 1254262975Sbapt/* 1255262975Sbapt * PPP protocol implementation. 1256262975Sbapt */ 1257262975Sbapt 1258262975Sbapt/* 1259262975Sbapt * Send PPP control protocol packet. 1260262975Sbapt */ 1261262975Sbaptstatic void 1262262975Sbaptsppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1263262975Sbapt u_char ident, u_short len, void *data) 1264262975Sbapt{ 1265262975Sbapt STDDCL; 1266262975Sbapt struct ppp_header *h; 1267262395Sbapt struct lcp_header *lh; 1268262395Sbapt struct mbuf *m; 1269262395Sbapt 1270262395Sbapt if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1271262395Sbapt len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1272262395Sbapt MGETHDR (m, M_DONTWAIT, MT_DATA); 1273262395Sbapt if (! m) 1274262395Sbapt return; 1275262395Sbapt m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1276262395Sbapt m->m_pkthdr.rcvif = 0; 1277262975Sbapt 1278262395Sbapt h = mtod (m, struct ppp_header*); 1279262395Sbapt h->address = PPP_ALLSTATIONS; /* broadcast address */ 1280262395Sbapt h->control = PPP_UI; /* Unnumbered Info */ 1281262395Sbapt h->protocol = htons (proto); /* Link Control Protocol */ 1282262395Sbapt 1283262395Sbapt lh = (struct lcp_header*) (h + 1); 1284262975Sbapt lh->type = type; 1285262975Sbapt lh->ident = ident; 1286262975Sbapt lh->len = htons (LCP_HEADER_LEN + len); 1287262975Sbapt if (len) 1288262975Sbapt bcopy (data, lh+1, len); 1289262975Sbapt 1290262975Sbapt if (debug) { 1291262975Sbapt log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1292262975Sbapt SPP_ARGS(ifp), 1293262975Sbapt sppp_proto_name(proto), 1294262975Sbapt sppp_cp_type_name (lh->type), lh->ident, 1295262975Sbapt ntohs (lh->len)); 1296262395Sbapt sppp_print_bytes ((u_char*) (lh+1), len); 1297262395Sbapt log(-1, ">\n"); 1298262395Sbapt } 1299262395Sbapt if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1300262975Sbapt ifp->if_oerrors++; 1301262395Sbapt} 1302262395Sbapt 1303262395Sbapt/* 1304262395Sbapt * Handle incoming PPP control protocol packets. 1305262395Sbapt */ 1306262395Sbaptstatic void 1307262395Sbaptsppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1308262395Sbapt{ 1309262395Sbapt STDDCL; 1310262395Sbapt struct lcp_header *h; 1311262395Sbapt int len = m->m_pkthdr.len; 1312262395Sbapt int rv; 1313262395Sbapt u_char *p; 1314262395Sbapt 1315262395Sbapt if (len < 4) { 1316262395Sbapt if (debug) 1317262975Sbapt log(LOG_DEBUG, 1318262395Sbapt SPP_FMT "%s invalid packet length: %d bytes\n", 1319262395Sbapt SPP_ARGS(ifp), cp->name, len); 1320263648Sbapt return; 1321263648Sbapt } 1322263648Sbapt h = mtod (m, struct lcp_header*); 1323262395Sbapt if (debug) { 1324262395Sbapt log(LOG_DEBUG, 1325262395Sbapt SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1326262395Sbapt SPP_ARGS(ifp), cp->name, 1327262395Sbapt sppp_state_name(sp->state[cp->protoidx]), 1328262975Sbapt sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1329262395Sbapt sppp_print_bytes ((u_char*) (h+1), len-4); 1330262395Sbapt log(-1, ">\n"); 1331263648Sbapt } 1332263648Sbapt if (len > ntohs (h->len)) 1333263648Sbapt len = ntohs (h->len); 1334262395Sbapt p = (u_char *)(h + 1); 1335262395Sbapt switch (h->type) { 1336262395Sbapt case CONF_REQ: 1337262395Sbapt if (len < 4) { 1338262975Sbapt if (debug) 1339262975Sbapt log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1340262975Sbapt SPP_ARGS(ifp), cp->name, 1341262975Sbapt len); 1342262975Sbapt ++ifp->if_ierrors; 1343262975Sbapt break; 1344262975Sbapt } 1345262975Sbapt /* handle states where RCR doesn't get a SCA/SCN */ 1346262975Sbapt switch (sp->state[cp->protoidx]) { 1347262975Sbapt case STATE_CLOSING: 1348262395Sbapt case STATE_STOPPING: 1349262975Sbapt return; 1350262395Sbapt case STATE_CLOSED: 1351262395Sbapt sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1352262395Sbapt 0, 0); 1353262395Sbapt return; 1354262395Sbapt } 1355262395Sbapt rv = (cp->RCR)(sp, h, len); 1356262395Sbapt switch (sp->state[cp->protoidx]) { 1357262395Sbapt case STATE_OPENED: 1358262395Sbapt (cp->tld)(sp); 1359262395Sbapt (cp->scr)(sp); 1360262395Sbapt /* fall through... */ 1361262395Sbapt case STATE_ACK_SENT: 1362262395Sbapt case STATE_REQ_SENT: 1363262395Sbapt /* 1364262395Sbapt * sppp_cp_change_state() have the side effect of 1365262395Sbapt * restarting the timeouts. We want to avoid that 1366262395Sbapt * if the state don't change, otherwise we won't 1367262395Sbapt * ever timeout and resend a configuration request 1368262395Sbapt * that got lost. 1369262395Sbapt */ 1370262395Sbapt if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1371262395Sbapt STATE_REQ_SENT)) 1372262395Sbapt break; 1373262395Sbapt sppp_cp_change_state(cp, sp, rv? 1374262395Sbapt STATE_ACK_SENT: STATE_REQ_SENT); 1375262395Sbapt break; 1376262395Sbapt case STATE_STOPPED: 1377262395Sbapt sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1378262395Sbapt (cp->scr)(sp); 1379262395Sbapt sppp_cp_change_state(cp, sp, rv? 1380262395Sbapt STATE_ACK_SENT: STATE_REQ_SENT); 1381262395Sbapt break; 1382262395Sbapt case STATE_ACK_RCVD: 1383262975Sbapt if (rv) { 1384262975Sbapt sppp_cp_change_state(cp, sp, STATE_OPENED); 1385262975Sbapt if (debug) 1386262395Sbapt log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1387262395Sbapt SPP_ARGS(ifp), 1388262395Sbapt cp->name); 1389262395Sbapt (cp->tlu)(sp); 1390262395Sbapt } else 1391262395Sbapt sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1392262395Sbapt break; 1393262395Sbapt default: 1394262395Sbapt printf(SPP_FMT "%s illegal %s in state %s\n", 1395262395Sbapt SPP_ARGS(ifp), cp->name, 1396262395Sbapt sppp_cp_type_name(h->type), 1397262395Sbapt sppp_state_name(sp->state[cp->protoidx])); 1398262395Sbapt ++ifp->if_ierrors; 1399262395Sbapt } 1400262395Sbapt break; 1401262395Sbapt case CONF_ACK: 1402262395Sbapt if (h->ident != sp->confid[cp->protoidx]) { 1403262395Sbapt if (debug) 1404262395Sbapt log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1405262395Sbapt SPP_ARGS(ifp), cp->name, 1406262395Sbapt h->ident, sp->confid[cp->protoidx]); 1407262395Sbapt ++ifp->if_ierrors; 1408262395Sbapt break; 1409262395Sbapt } 1410262395Sbapt switch (sp->state[cp->protoidx]) { 1411262395Sbapt case STATE_CLOSED: 1412262395Sbapt case STATE_STOPPED: 1413262395Sbapt sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1414262395Sbapt break; 1415262395Sbapt case STATE_CLOSING: 1416262395Sbapt case STATE_STOPPING: 1417262395Sbapt break; 1418262395Sbapt case STATE_REQ_SENT: 1419262395Sbapt sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1420262395Sbapt sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1421262395Sbapt break; 1422262395Sbapt case STATE_OPENED: 1423262395Sbapt (cp->tld)(sp); 1424262395Sbapt /* fall through */ 1425262395Sbapt case STATE_ACK_RCVD: 1426262395Sbapt (cp->scr)(sp); 1427262395Sbapt sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1428262395Sbapt break; 1429262395Sbapt case STATE_ACK_SENT: 1430262395Sbapt sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1431262395Sbapt sppp_cp_change_state(cp, sp, STATE_OPENED); 1432262395Sbapt if (debug) 1433262395Sbapt log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1434262395Sbapt SPP_ARGS(ifp), cp->name); 1435262395Sbapt (cp->tlu)(sp); 1436262395Sbapt break; 1437262395Sbapt default: 1438262395Sbapt printf(SPP_FMT "%s illegal %s in state %s\n", 1439262395Sbapt SPP_ARGS(ifp), cp->name, 1440262395Sbapt sppp_cp_type_name(h->type), 1441262395Sbapt sppp_state_name(sp->state[cp->protoidx])); 1442262395Sbapt ++ifp->if_ierrors; 1443262395Sbapt } 1444262395Sbapt break; 1445262395Sbapt case CONF_NAK: 1446262395Sbapt case CONF_REJ: 1447262395Sbapt if (h->ident != sp->confid[cp->protoidx]) { 1448262395Sbapt if (debug) 1449262395Sbapt log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1450262395Sbapt SPP_ARGS(ifp), cp->name, 1451262395Sbapt h->ident, sp->confid[cp->protoidx]); 1452262395Sbapt ++ifp->if_ierrors; 1453262395Sbapt break; 1454262395Sbapt } 1455262395Sbapt if (h->type == CONF_NAK) 1456262395Sbapt (cp->RCN_nak)(sp, h, len); 1457262395Sbapt else /* CONF_REJ */ 1458262395Sbapt (cp->RCN_rej)(sp, h, len); 1459262395Sbapt 1460262395Sbapt switch (sp->state[cp->protoidx]) { 1461262395Sbapt case STATE_CLOSED: 1462262395Sbapt case STATE_STOPPED: 1463262395Sbapt sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1464262395Sbapt break; 1465262395Sbapt case STATE_REQ_SENT: 1466262395Sbapt case STATE_ACK_SENT: 1467262395Sbapt sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1468262395Sbapt /* 1469262395Sbapt * Slow things down a bit if we think we might be 1470262395Sbapt * in loopback. Depend on the timeout to send the 1471262395Sbapt * next configuration request. 1472262395Sbapt */ 1473262395Sbapt if (sp->pp_loopcnt) 1474262395Sbapt break; 1475262395Sbapt (cp->scr)(sp); 1476262395Sbapt break; 1477262395Sbapt case STATE_OPENED: 1478262395Sbapt (cp->tld)(sp); 1479262395Sbapt /* fall through */ 1480262395Sbapt case STATE_ACK_RCVD: 1481262395Sbapt sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1482262395Sbapt (cp->scr)(sp); 1483262395Sbapt break; 1484262395Sbapt case STATE_CLOSING: 1485262395Sbapt case STATE_STOPPING: 1486262395Sbapt break; 1487262395Sbapt default: 1488262395Sbapt printf(SPP_FMT "%s illegal %s in state %s\n", 1489262395Sbapt SPP_ARGS(ifp), cp->name, 1490262395Sbapt sppp_cp_type_name(h->type), 1491262395Sbapt sppp_state_name(sp->state[cp->protoidx])); 1492262395Sbapt ++ifp->if_ierrors; 1493262395Sbapt } 1494262395Sbapt break; 1495262395Sbapt 1496262395Sbapt case TERM_REQ: 1497262395Sbapt switch (sp->state[cp->protoidx]) { 1498262395Sbapt case STATE_ACK_RCVD: 1499262395Sbapt case STATE_ACK_SENT: 1500262395Sbapt sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1501262395Sbapt /* fall through */ 1502262395Sbapt case STATE_CLOSED: 1503262395Sbapt case STATE_STOPPED: 1504262395Sbapt case STATE_CLOSING: 1505262395Sbapt case STATE_STOPPING: 1506262395Sbapt case STATE_REQ_SENT: 1507262395Sbapt sta: 1508262395Sbapt /* Send Terminate-Ack packet. */ 1509262395Sbapt if (debug) 1510262395Sbapt log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1511262395Sbapt SPP_ARGS(ifp), cp->name); 1512262395Sbapt sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1513262395Sbapt break; 1514262395Sbapt case STATE_OPENED: 1515262395Sbapt (cp->tld)(sp); 1516262395Sbapt sp->rst_counter[cp->protoidx] = 0; 1517262395Sbapt sppp_cp_change_state(cp, sp, STATE_STOPPING); 1518262395Sbapt goto sta; 1519262395Sbapt break; 1520262395Sbapt default: 1521262395Sbapt printf(SPP_FMT "%s illegal %s in state %s\n", 1522262395Sbapt SPP_ARGS(ifp), cp->name, 1523262395Sbapt sppp_cp_type_name(h->type), 1524262395Sbapt sppp_state_name(sp->state[cp->protoidx])); 1525262395Sbapt ++ifp->if_ierrors; 1526262395Sbapt } 1527262395Sbapt break; 1528262395Sbapt case TERM_ACK: 1529262395Sbapt switch (sp->state[cp->protoidx]) { 1530262395Sbapt case STATE_CLOSED: 1531262395Sbapt case STATE_STOPPED: 1532262395Sbapt case STATE_REQ_SENT: 1533262395Sbapt case STATE_ACK_SENT: 1534262395Sbapt break; 1535262395Sbapt case STATE_CLOSING: 1536262395Sbapt sppp_cp_change_state(cp, sp, STATE_CLOSED); 1537262395Sbapt (cp->tlf)(sp); 1538262395Sbapt break; 1539262395Sbapt case STATE_STOPPING: 1540262395Sbapt sppp_cp_change_state(cp, sp, STATE_STOPPED); 1541262395Sbapt (cp->tlf)(sp); 1542262395Sbapt break; 1543262395Sbapt case STATE_ACK_RCVD: 1544262395Sbapt sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1545262395Sbapt break; 1546262395Sbapt case STATE_OPENED: 1547262395Sbapt (cp->tld)(sp); 1548262395Sbapt (cp->scr)(sp); 1549262395Sbapt sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1550262395Sbapt break; 1551262395Sbapt default: 1552262395Sbapt printf(SPP_FMT "%s illegal %s in state %s\n", 1553262395Sbapt SPP_ARGS(ifp), cp->name, 1554262395Sbapt sppp_cp_type_name(h->type), 1555262395Sbapt sppp_state_name(sp->state[cp->protoidx])); 1556262395Sbapt ++ifp->if_ierrors; 1557262395Sbapt } 1558262395Sbapt break; 1559262395Sbapt case CODE_REJ: 1560262395Sbapt case PROTO_REJ: 1561262395Sbapt /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1562262395Sbapt log(LOG_INFO, 1563262395Sbapt SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1564262395Sbapt "danger will robinson\n", 1565262395Sbapt SPP_ARGS(ifp), cp->name, 1566262395Sbapt sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1567262395Sbapt switch (sp->state[cp->protoidx]) { 1568262395Sbapt case STATE_CLOSED: 1569262395Sbapt case STATE_STOPPED: 1570262395Sbapt case STATE_REQ_SENT: 1571262395Sbapt case STATE_ACK_SENT: 1572262395Sbapt case STATE_CLOSING: 1573262395Sbapt case STATE_STOPPING: 1574262395Sbapt case STATE_OPENED: 1575262395Sbapt break; 1576262395Sbapt case STATE_ACK_RCVD: 1577262395Sbapt sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1578262395Sbapt break; 1579262395Sbapt default: 1580262395Sbapt printf(SPP_FMT "%s illegal %s in state %s\n", 1581262395Sbapt SPP_ARGS(ifp), cp->name, 1582262395Sbapt sppp_cp_type_name(h->type), 1583262395Sbapt sppp_state_name(sp->state[cp->protoidx])); 1584262395Sbapt ++ifp->if_ierrors; 1585262395Sbapt } 1586262395Sbapt break; 1587262395Sbapt case DISC_REQ: 1588262395Sbapt if (cp->proto != PPP_LCP) 1589262395Sbapt goto illegal; 1590262395Sbapt /* Discard the packet. */ 1591262395Sbapt break; 1592262395Sbapt case ECHO_REQ: 1593262395Sbapt if (cp->proto != PPP_LCP) 1594262395Sbapt goto illegal; 1595262395Sbapt if (sp->state[cp->protoidx] != STATE_OPENED) { 1596262395Sbapt if (debug) 1597262395Sbapt log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1598262395Sbapt SPP_ARGS(ifp)); 1599262395Sbapt ++ifp->if_ierrors; 1600262395Sbapt break; 1601262395Sbapt } 1602262395Sbapt if (len < 8) { 1603262395Sbapt if (debug) 1604262395Sbapt log(-1, SPP_FMT "invalid lcp echo request " 1605262395Sbapt "packet length: %d bytes\n", 1606262395Sbapt SPP_ARGS(ifp), len); 1607262395Sbapt break; 1608262395Sbapt } 1609262395Sbapt if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1610262395Sbapt ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1611262395Sbapt /* Line loopback mode detected. */ 1612262395Sbapt printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1613262395Sbapt sp->pp_loopcnt = MAXALIVECNT * 5; 1614262395Sbapt if_down (ifp); 1615262395Sbapt sppp_qflush (&sp->pp_cpq); 1616262395Sbapt 1617262395Sbapt /* Shut down the PPP link. */ 1618262395Sbapt /* XXX */ 1619262395Sbapt lcp.Down(sp); 1620262395Sbapt lcp.Up(sp); 1621262395Sbapt break; 1622262395Sbapt } 1623262395Sbapt *(long*)(h+1) = htonl (sp->lcp.magic); 1624262395Sbapt if (debug) 1625262395Sbapt log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1626263648Sbapt SPP_ARGS(ifp)); 1627263648Sbapt sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1628263648Sbapt break; 1629262395Sbapt case ECHO_REPLY: 1630262395Sbapt if (cp->proto != PPP_LCP) 1631262395Sbapt goto illegal; 1632262395Sbapt if (h->ident != sp->lcp.echoid) { 1633262395Sbapt ++ifp->if_ierrors; 1634262395Sbapt break; 1635262395Sbapt } 1636262395Sbapt if (len < 8) { 1637262395Sbapt if (debug) 1638262395Sbapt log(-1, SPP_FMT "lcp invalid echo reply " 1639262395Sbapt "packet length: %d bytes\n", 1640262395Sbapt SPP_ARGS(ifp), len); 1641262395Sbapt break; 1642262395Sbapt } 1643262395Sbapt if (debug) 1644262395Sbapt log(-1, SPP_FMT "lcp got echo rep\n", 1645262395Sbapt SPP_ARGS(ifp)); 1646262395Sbapt if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1647262395Sbapt ntohl (*(long*)(h+1)) != sp->lcp.magic) 1648262395Sbapt sp->pp_alivecnt = 0; 1649262395Sbapt break; 1650262395Sbapt default: 1651262395Sbapt /* Unknown packet type -- send Code-Reject packet. */ 1652262395Sbapt illegal: 1653262395Sbapt if (debug) 1654262395Sbapt log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1655262395Sbapt SPP_ARGS(ifp), cp->name, h->type); 1656262395Sbapt sppp_cp_send(sp, cp->proto, CODE_REJ, 1657262395Sbapt ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1658262395Sbapt ++ifp->if_ierrors; 1659262395Sbapt } 1660262395Sbapt} 1661262395Sbapt 1662262395Sbapt 1663262395Sbapt/* 1664262395Sbapt * The generic part of all Up/Down/Open/Close/TO event handlers. 1665262395Sbapt * Basically, the state transition handling in the automaton. 1666262395Sbapt */ 1667262395Sbaptstatic void 1668262395Sbaptsppp_up_event(const struct cp *cp, struct sppp *sp) 1669262395Sbapt{ 1670262395Sbapt STDDCL; 1671262395Sbapt 1672262395Sbapt if (debug) 1673262395Sbapt log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1674262395Sbapt SPP_ARGS(ifp), cp->name, 1675262395Sbapt sppp_state_name(sp->state[cp->protoidx])); 1676262395Sbapt 1677262395Sbapt switch (sp->state[cp->protoidx]) { 1678262395Sbapt case STATE_INITIAL: 1679262395Sbapt sppp_cp_change_state(cp, sp, STATE_CLOSED); 1680262395Sbapt break; 1681262395Sbapt case STATE_STARTING: 1682262395Sbapt sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1683262395Sbapt (cp->scr)(sp); 1684262395Sbapt sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1685262395Sbapt break; 1686262395Sbapt default: 1687262395Sbapt printf(SPP_FMT "%s illegal up in state %s\n", 1688262395Sbapt SPP_ARGS(ifp), cp->name, 1689262395Sbapt sppp_state_name(sp->state[cp->protoidx])); 1690262395Sbapt } 1691262395Sbapt} 1692262395Sbapt 1693262395Sbaptstatic void 1694263648Sbaptsppp_down_event(const struct cp *cp, struct sppp *sp) 1695263648Sbapt{ 1696263648Sbapt STDDCL; 1697263648Sbapt 1698263648Sbapt if (debug) 1699262395Sbapt log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1700262395Sbapt SPP_ARGS(ifp), cp->name, 1701262395Sbapt sppp_state_name(sp->state[cp->protoidx])); 1702262395Sbapt 1703262395Sbapt switch (sp->state[cp->protoidx]) { 1704262395Sbapt case STATE_CLOSED: 1705262395Sbapt case STATE_CLOSING: 1706262395Sbapt sppp_cp_change_state(cp, sp, STATE_INITIAL); 1707262395Sbapt break; 1708262395Sbapt case STATE_STOPPED: 1709262395Sbapt sppp_cp_change_state(cp, sp, STATE_STARTING); 1710262395Sbapt (cp->tls)(sp); 1711262395Sbapt break; 1712262395Sbapt case STATE_STOPPING: 1713262395Sbapt case STATE_REQ_SENT: 1714262395Sbapt case STATE_ACK_RCVD: 1715262395Sbapt case STATE_ACK_SENT: 1716262395Sbapt sppp_cp_change_state(cp, sp, STATE_STARTING); 1717262395Sbapt break; 1718262395Sbapt case STATE_OPENED: 1719262395Sbapt (cp->tld)(sp); 1720262395Sbapt sppp_cp_change_state(cp, sp, STATE_STARTING); 1721262395Sbapt break; 1722262395Sbapt default: 1723262395Sbapt printf(SPP_FMT "%s illegal down in state %s\n", 1724262395Sbapt SPP_ARGS(ifp), cp->name, 1725262395Sbapt sppp_state_name(sp->state[cp->protoidx])); 1726262395Sbapt } 1727262395Sbapt} 1728262395Sbapt 1729262395Sbapt 1730262395Sbaptstatic void 1731262395Sbaptsppp_open_event(const struct cp *cp, struct sppp *sp) 1732262395Sbapt{ 1733262395Sbapt STDDCL; 1734262395Sbapt 1735262395Sbapt if (debug) 1736262395Sbapt log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1737262395Sbapt SPP_ARGS(ifp), cp->name, 1738262395Sbapt sppp_state_name(sp->state[cp->protoidx])); 1739262395Sbapt 1740262395Sbapt switch (sp->state[cp->protoidx]) { 1741262395Sbapt case STATE_INITIAL: 1742262395Sbapt sppp_cp_change_state(cp, sp, STATE_STARTING); 1743262395Sbapt (cp->tls)(sp); 1744262395Sbapt break; 1745262395Sbapt case STATE_STARTING: 1746262395Sbapt break; 1747262395Sbapt case STATE_CLOSED: 1748262395Sbapt sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1749262395Sbapt (cp->scr)(sp); 1750262395Sbapt sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1751262395Sbapt break; 1752262395Sbapt case STATE_STOPPED: 1753262395Sbapt /* 1754262395Sbapt * Try escaping stopped state. This seems to bite 1755262395Sbapt * people occasionally, in particular for IPCP, 1756262395Sbapt * presumably following previous IPCP negotiation 1757262395Sbapt * aborts. Somehow, we must have missed a Down event 1758262395Sbapt * which would have caused a transition into starting 1759262395Sbapt * state, so as a bandaid we force the Down event now. 1760262395Sbapt * This effectively implements (something like the) 1761262395Sbapt * `restart' option mentioned in the state transition 1762262395Sbapt * table of RFC 1661. 1763262395Sbapt */ 1764262395Sbapt sppp_cp_change_state(cp, sp, STATE_STARTING); 1765262395Sbapt (cp->tls)(sp); 1766262395Sbapt break; 1767262395Sbapt case STATE_STOPPING: 1768262395Sbapt case STATE_REQ_SENT: 1769262395Sbapt case STATE_ACK_RCVD: 1770262395Sbapt case STATE_ACK_SENT: 1771262395Sbapt case STATE_OPENED: 1772262395Sbapt break; 1773262395Sbapt case STATE_CLOSING: 1774262395Sbapt sppp_cp_change_state(cp, sp, STATE_STOPPING); 1775262395Sbapt break; 1776262395Sbapt } 1777262395Sbapt} 1778262395Sbapt 1779262395Sbapt 1780262395Sbaptstatic void 1781262395Sbaptsppp_close_event(const struct cp *cp, struct sppp *sp) 1782262395Sbapt{ 1783262395Sbapt STDDCL; 1784262395Sbapt 1785262395Sbapt if (debug) 1786262395Sbapt log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1787262395Sbapt SPP_ARGS(ifp), cp->name, 1788262395Sbapt sppp_state_name(sp->state[cp->protoidx])); 1789262395Sbapt 1790262395Sbapt switch (sp->state[cp->protoidx]) { 1791262395Sbapt case STATE_INITIAL: 1792262395Sbapt case STATE_CLOSED: 1793262395Sbapt case STATE_CLOSING: 1794262395Sbapt break; 1795262395Sbapt case STATE_STARTING: 1796262395Sbapt sppp_cp_change_state(cp, sp, STATE_INITIAL); 1797262395Sbapt (cp->tlf)(sp); 1798262395Sbapt break; 1799262395Sbapt case STATE_STOPPED: 1800262395Sbapt sppp_cp_change_state(cp, sp, STATE_CLOSED); 1801262395Sbapt break; 1802262395Sbapt case STATE_STOPPING: 1803262395Sbapt sppp_cp_change_state(cp, sp, STATE_CLOSING); 1804262395Sbapt break; 1805262395Sbapt case STATE_OPENED: 1806262395Sbapt (cp->tld)(sp); 1807262395Sbapt /* fall through */ 1808262395Sbapt case STATE_REQ_SENT: 1809262395Sbapt case STATE_ACK_RCVD: 1810262395Sbapt case STATE_ACK_SENT: 1811262395Sbapt sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1812263648Sbapt sppp_cp_send(sp, cp->proto, TERM_REQ, 1813263648Sbapt ++sp->pp_seq[cp->protoidx], 0, 0); 1814263648Sbapt sppp_cp_change_state(cp, sp, STATE_CLOSING); 1815262395Sbapt break; 1816262395Sbapt } 1817262395Sbapt} 1818262395Sbapt 1819262395Sbaptstatic void 1820262395Sbaptsppp_to_event(const struct cp *cp, struct sppp *sp) 1821262395Sbapt{ 1822262395Sbapt STDDCL; 1823262395Sbapt int s; 1824262395Sbapt 1825262395Sbapt s = splimp(); 1826262395Sbapt if (debug) 1827262395Sbapt log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1828262395Sbapt SPP_ARGS(ifp), cp->name, 1829262395Sbapt sppp_state_name(sp->state[cp->protoidx]), 1830262395Sbapt sp->rst_counter[cp->protoidx]); 1831262395Sbapt 1832262395Sbapt if (--sp->rst_counter[cp->protoidx] < 0) 1833262395Sbapt /* TO- event */ 1834262395Sbapt switch (sp->state[cp->protoidx]) { 1835262395Sbapt case STATE_CLOSING: 1836263648Sbapt sppp_cp_change_state(cp, sp, STATE_CLOSED); 1837263648Sbapt (cp->tlf)(sp); 1838263648Sbapt break; 1839262395Sbapt case STATE_STOPPING: 1840263648Sbapt sppp_cp_change_state(cp, sp, STATE_STOPPED); 1841263648Sbapt (cp->tlf)(sp); 1842263648Sbapt break; 1843262395Sbapt case STATE_REQ_SENT: 1844262395Sbapt case STATE_ACK_RCVD: 1845262395Sbapt case STATE_ACK_SENT: 1846262395Sbapt sppp_cp_change_state(cp, sp, STATE_STOPPED); 1847262395Sbapt (cp->tlf)(sp); 1848262395Sbapt break; 1849262395Sbapt } 1850262395Sbapt else 1851262395Sbapt /* TO+ event */ 1852262395Sbapt switch (sp->state[cp->protoidx]) { 1853262395Sbapt case STATE_CLOSING: 1854262395Sbapt case STATE_STOPPING: 1855262395Sbapt sppp_cp_send(sp, cp->proto, TERM_REQ, 1856262395Sbapt ++sp->pp_seq[cp->protoidx], 0, 0); 1857262395Sbapt TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1858262395Sbapt sp->ch[cp->protoidx]); 1859262395Sbapt break; 1860262395Sbapt case STATE_REQ_SENT: 1861262395Sbapt case STATE_ACK_RCVD: 1862262395Sbapt (cp->scr)(sp); 1863262395Sbapt /* sppp_cp_change_state() will restart the timer */ 1864262395Sbapt sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1865262395Sbapt break; 1866262395Sbapt case STATE_ACK_SENT: 1867262395Sbapt (cp->scr)(sp); 1868262395Sbapt TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1869262395Sbapt sp->ch[cp->protoidx]); 1870262395Sbapt break; 1871262395Sbapt } 1872262395Sbapt 1873262395Sbapt splx(s); 1874262395Sbapt} 1875262395Sbapt 1876262395Sbapt/* 1877262395Sbapt * Change the state of a control protocol in the state automaton. 1878262395Sbapt * Takes care of starting/stopping the restart timer. 1879262395Sbapt */ 1880262395Sbaptvoid 1881262395Sbaptsppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1882262395Sbapt{ 1883262395Sbapt sp->state[cp->protoidx] = newstate; 1884262395Sbapt 1885263648Sbapt UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 1886263648Sbapt switch (newstate) { 1887263648Sbapt case STATE_INITIAL: 1888262395Sbapt case STATE_STARTING: 1889262395Sbapt case STATE_CLOSED: 1890262395Sbapt case STATE_STOPPED: 1891262395Sbapt case STATE_OPENED: 1892262395Sbapt break; 1893262395Sbapt case STATE_CLOSING: 1894262395Sbapt case STATE_STOPPING: 1895262395Sbapt case STATE_REQ_SENT: 1896262395Sbapt case STATE_ACK_RCVD: 1897262395Sbapt case STATE_ACK_SENT: 1898262395Sbapt TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1899262395Sbapt sp->ch[cp->protoidx]); 1900262395Sbapt break; 1901262395Sbapt } 1902262395Sbapt} 1903262395Sbapt 1904262395Sbapt/* 1905262395Sbapt *--------------------------------------------------------------------------* 1906262395Sbapt * * 1907262395Sbapt * The LCP implementation. * 1908262395Sbapt * * 1909262395Sbapt *--------------------------------------------------------------------------* 1910263648Sbapt */ 1911263648Sbaptstatic void 1912263648Sbaptsppp_lcp_init(struct sppp *sp) 1913263648Sbapt{ 1914262395Sbapt sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1915262395Sbapt sp->lcp.magic = 0; 1916263648Sbapt sp->state[IDX_LCP] = STATE_INITIAL; 1917263648Sbapt sp->fail_counter[IDX_LCP] = 0; 1918263648Sbapt sp->pp_seq[IDX_LCP] = 0; 1919263648Sbapt sp->pp_rseq[IDX_LCP] = 0; 1920262395Sbapt sp->lcp.protos = 0; 1921262395Sbapt sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 1922262395Sbapt 1923262395Sbapt /* Note that these values are relevant for all control protocols */ 1924262395Sbapt sp->lcp.timeout = 3 * hz; 1925262395Sbapt sp->lcp.max_terminate = 2; 1926262395Sbapt sp->lcp.max_configure = 10; 1927262395Sbapt sp->lcp.max_failure = 10; 1928262395Sbapt#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1929262395Sbapt callout_handle_init(&sp->ch[IDX_LCP]); 1930262395Sbapt#endif 1931262395Sbapt} 1932262395Sbapt 1933262395Sbaptstatic void 1934262395Sbaptsppp_lcp_up(struct sppp *sp) 1935262395Sbapt{ 1936262395Sbapt STDDCL; 1937262395Sbapt 1938262395Sbapt sp->pp_alivecnt = 0; 1939262395Sbapt sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1940263648Sbapt sp->lcp.magic = 0; 1941263648Sbapt sp->lcp.protos = 0; 1942263648Sbapt sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 1943263648Sbapt /* 1944263648Sbapt * If we are authenticator, negotiate LCP_AUTH 1945263648Sbapt */ 1946263648Sbapt if (sp->hisauth.proto != 0) 1947263648Sbapt sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 1948263648Sbapt else 1949263648Sbapt sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1950263648Sbapt sp->pp_flags &= ~PP_NEEDAUTH; 1951263648Sbapt /* 1952263648Sbapt * If this interface is passive or dial-on-demand, and we are 1953263648Sbapt * still in Initial state, it means we've got an incoming 1954263648Sbapt * call. Activate the interface. 1955 */ 1956 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 1957 if (debug) 1958 log(LOG_DEBUG, 1959 SPP_FMT "Up event", SPP_ARGS(ifp)); 1960 ifp->if_flags |= IFF_RUNNING; 1961 if (sp->state[IDX_LCP] == STATE_INITIAL) { 1962 if (debug) 1963 log(-1, "(incoming call)\n"); 1964 sp->pp_flags |= PP_CALLIN; 1965 lcp.Open(sp); 1966 } else if (debug) 1967 log(-1, "\n"); 1968 } 1969 1970 sppp_up_event(&lcp, sp); 1971} 1972 1973static void 1974sppp_lcp_down(struct sppp *sp) 1975{ 1976 STDDCL; 1977 1978 sppp_down_event(&lcp, sp); 1979 1980 /* 1981 * If this is neither a dial-on-demand nor a passive 1982 * interface, simulate an ``ifconfig down'' action, so the 1983 * administrator can force a redial by another ``ifconfig 1984 * up''. XXX For leased line operation, should we immediately 1985 * try to reopen the connection here? 1986 */ 1987 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 1988 log(LOG_INFO, 1989 SPP_FMT "Down event, taking interface down.\n", 1990 SPP_ARGS(ifp)); 1991 if_down(ifp); 1992 } else { 1993 if (debug) 1994 log(LOG_DEBUG, 1995 SPP_FMT "Down event (carrier loss)\n", 1996 SPP_ARGS(ifp)); 1997 sp->pp_flags &= ~PP_CALLIN; 1998 if (sp->state[IDX_LCP] != STATE_INITIAL) 1999 lcp.Close(sp); 2000 ifp->if_flags &= ~IFF_RUNNING; 2001 } 2002} 2003 2004static void 2005sppp_lcp_open(struct sppp *sp) 2006{ 2007 sppp_open_event(&lcp, sp); 2008} 2009 2010static void 2011sppp_lcp_close(struct sppp *sp) 2012{ 2013 sppp_close_event(&lcp, sp); 2014} 2015 2016static void 2017sppp_lcp_TO(void *cookie) 2018{ 2019 sppp_to_event(&lcp, (struct sppp *)cookie); 2020} 2021 2022/* 2023 * Analyze a configure request. Return true if it was agreeable, and 2024 * caused action sca, false if it has been rejected or nak'ed, and 2025 * caused action scn. (The return value is used to make the state 2026 * transition decision in the state automaton.) 2027 */ 2028static int 2029sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2030{ 2031 STDDCL; 2032 u_char *buf, *r, *p; 2033 int origlen, rlen; 2034 u_long nmagic; 2035 u_short authproto; 2036 2037 len -= 4; 2038 origlen = len; 2039 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2040 if (! buf) 2041 return (0); 2042 2043 if (debug) 2044 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2045 SPP_ARGS(ifp)); 2046 2047 /* pass 1: check for things that need to be rejected */ 2048 p = (void*) (h+1); 2049 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2050 if (debug) 2051 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2052 switch (*p) { 2053 case LCP_OPT_MAGIC: 2054 /* Magic number. */ 2055 if (len >= 6 && p[1] == 6) 2056 continue; 2057 if (debug) 2058 log(-1, "[invalid] "); 2059 break; 2060 case LCP_OPT_ASYNC_MAP: 2061 /* Async control character map. */ 2062 if (len >= 6 && p[1] == 6) 2063 continue; 2064 if (debug) 2065 log(-1, "[invalid] "); 2066 break; 2067 case LCP_OPT_MRU: 2068 /* Maximum receive unit. */ 2069 if (len >= 4 && p[1] == 4) 2070 continue; 2071 if (debug) 2072 log(-1, "[invalid] "); 2073 break; 2074 case LCP_OPT_AUTH_PROTO: 2075 if (len < 4) { 2076 if (debug) 2077 log(-1, "[invalid] "); 2078 break; 2079 } 2080 authproto = (p[2] << 8) + p[3]; 2081 if (authproto == PPP_CHAP && p[1] != 5) { 2082 if (debug) 2083 log(-1, "[invalid chap len] "); 2084 break; 2085 } 2086 if (sp->myauth.proto == 0) { 2087 /* we are not configured to do auth */ 2088 if (debug) 2089 log(-1, "[not configured] "); 2090 break; 2091 } 2092 /* 2093 * Remote want us to authenticate, remember this, 2094 * so we stay in PHASE_AUTHENTICATE after LCP got 2095 * up. 2096 */ 2097 sp->pp_flags |= PP_NEEDAUTH; 2098 continue; 2099 default: 2100 /* Others not supported. */ 2101 if (debug) 2102 log(-1, "[rej] "); 2103 break; 2104 } 2105 /* Add the option to rejected list. */ 2106 bcopy (p, r, p[1]); 2107 r += p[1]; 2108 rlen += p[1]; 2109 } 2110 if (rlen) { 2111 if (debug) 2112 log(-1, " send conf-rej\n"); 2113 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2114 return 0; 2115 } else if (debug) 2116 log(-1, "\n"); 2117 2118 /* 2119 * pass 2: check for option values that are unacceptable and 2120 * thus require to be nak'ed. 2121 */ 2122 if (debug) 2123 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2124 SPP_ARGS(ifp)); 2125 2126 p = (void*) (h+1); 2127 len = origlen; 2128 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2129 if (debug) 2130 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2131 switch (*p) { 2132 case LCP_OPT_MAGIC: 2133 /* Magic number -- extract. */ 2134 nmagic = (u_long)p[2] << 24 | 2135 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2136 if (nmagic != sp->lcp.magic) { 2137 sp->pp_loopcnt = 0; 2138 if (debug) 2139 log(-1, "0x%lx ", nmagic); 2140 continue; 2141 } 2142 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2143 log(-1, "[glitch] "); 2144 ++sp->pp_loopcnt; 2145 /* 2146 * We negate our magic here, and NAK it. If 2147 * we see it later in an NAK packet, we 2148 * suggest a new one. 2149 */ 2150 nmagic = ~sp->lcp.magic; 2151 /* Gonna NAK it. */ 2152 p[2] = nmagic >> 24; 2153 p[3] = nmagic >> 16; 2154 p[4] = nmagic >> 8; 2155 p[5] = nmagic; 2156 break; 2157 2158 case LCP_OPT_ASYNC_MAP: 2159 /* Async control character map -- check to be zero. */ 2160 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 2161 if (debug) 2162 log(-1, "[empty] "); 2163 continue; 2164 } 2165 if (debug) 2166 log(-1, "[non-empty] "); 2167 /* suggest a zero one */ 2168 p[2] = p[3] = p[4] = p[5] = 0; 2169 break; 2170 2171 case LCP_OPT_MRU: 2172 /* 2173 * Maximum receive unit. Always agreeable, 2174 * but ignored by now. 2175 */ 2176 sp->lcp.their_mru = p[2] * 256 + p[3]; 2177 if (debug) 2178 log(-1, "%lu ", sp->lcp.their_mru); 2179 continue; 2180 2181 case LCP_OPT_AUTH_PROTO: 2182 authproto = (p[2] << 8) + p[3]; 2183 if (sp->myauth.proto != authproto) { 2184 /* not agreed, nak */ 2185 if (debug) 2186 log(-1, "[mine %s != his %s] ", 2187 sppp_proto_name(sp->hisauth.proto), 2188 sppp_proto_name(authproto)); 2189 p[2] = sp->myauth.proto >> 8; 2190 p[3] = sp->myauth.proto; 2191 break; 2192 } 2193 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2194 if (debug) 2195 log(-1, "[chap not MD5] "); 2196 p[4] = CHAP_MD5; 2197 break; 2198 } 2199 continue; 2200 } 2201 /* Add the option to nak'ed list. */ 2202 bcopy (p, r, p[1]); 2203 r += p[1]; 2204 rlen += p[1]; 2205 } 2206 if (rlen) { 2207 /* 2208 * Local and remote magics equal -- loopback? 2209 */ 2210 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2211 if (sp->pp_loopcnt == MAXALIVECNT*5) 2212 printf (SPP_FMT "loopback\n", 2213 SPP_ARGS(ifp)); 2214 if (ifp->if_flags & IFF_UP) { 2215 if_down(ifp); 2216 sppp_qflush(&sp->pp_cpq); 2217 /* XXX ? */ 2218 lcp.Down(sp); 2219 lcp.Up(sp); 2220 } 2221 } else if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2222 if (debug) 2223 log(-1, " max_failure (%d) exceeded, " 2224 "send conf-rej\n", 2225 sp->lcp.max_failure); 2226 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2227 } else { 2228 if (debug) 2229 log(-1, " send conf-nak\n"); 2230 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2231 } 2232 } else { 2233 if (debug) 2234 log(-1, " send conf-ack\n"); 2235 sp->fail_counter[IDX_LCP] = 0; 2236 sp->pp_loopcnt = 0; 2237 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2238 h->ident, origlen, h+1); 2239 } 2240 2241 free (buf, M_TEMP); 2242 return (rlen == 0); 2243} 2244 2245/* 2246 * Analyze the LCP Configure-Reject option list, and adjust our 2247 * negotiation. 2248 */ 2249static void 2250sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2251{ 2252 STDDCL; 2253 u_char *buf, *p; 2254 2255 len -= 4; 2256 buf = malloc (len, M_TEMP, M_NOWAIT); 2257 if (!buf) 2258 return; 2259 2260 if (debug) 2261 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2262 SPP_ARGS(ifp)); 2263 2264 p = (void*) (h+1); 2265 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2266 if (debug) 2267 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2268 switch (*p) { 2269 case LCP_OPT_MAGIC: 2270 /* Magic number -- can't use it, use 0 */ 2271 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2272 sp->lcp.magic = 0; 2273 break; 2274 case LCP_OPT_MRU: 2275 /* 2276 * Should not be rejected anyway, since we only 2277 * negotiate a MRU if explicitly requested by 2278 * peer. 2279 */ 2280 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2281 break; 2282 case LCP_OPT_AUTH_PROTO: 2283 /* 2284 * Peer doesn't want to authenticate himself, 2285 * deny unless this is a dialout call, and 2286 * AUTHFLAG_NOCALLOUT is set. 2287 */ 2288 if ((sp->pp_flags & PP_CALLIN) == 0 && 2289 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2290 if (debug) 2291 log(-1, "[don't insist on auth " 2292 "for callout]"); 2293 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2294 break; 2295 } 2296 if (debug) 2297 log(-1, "[access denied]\n"); 2298 lcp.Close(sp); 2299 break; 2300 } 2301 } 2302 if (debug) 2303 log(-1, "\n"); 2304 free (buf, M_TEMP); 2305 return; 2306} 2307 2308/* 2309 * Analyze the LCP Configure-NAK option list, and adjust our 2310 * negotiation. 2311 */ 2312static void 2313sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2314{ 2315 STDDCL; 2316 u_char *buf, *p; 2317 u_long magic; 2318 2319 len -= 4; 2320 buf = malloc (len, M_TEMP, M_NOWAIT); 2321 if (!buf) 2322 return; 2323 2324 if (debug) 2325 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2326 SPP_ARGS(ifp)); 2327 2328 p = (void*) (h+1); 2329 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2330 if (debug) 2331 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2332 switch (*p) { 2333 case LCP_OPT_MAGIC: 2334 /* Magic number -- renegotiate */ 2335 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2336 len >= 6 && p[1] == 6) { 2337 magic = (u_long)p[2] << 24 | 2338 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2339 /* 2340 * If the remote magic is our negated one, 2341 * this looks like a loopback problem. 2342 * Suggest a new magic to make sure. 2343 */ 2344 if (magic == ~sp->lcp.magic) { 2345 if (debug) 2346 log(-1, "magic glitch "); 2347#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2348 sp->lcp.magic = random(); 2349#else 2350 sp->lcp.magic = time.tv_sec + time.tv_usec; 2351#endif 2352 } else { 2353 sp->lcp.magic = magic; 2354 if (debug) 2355 log(-1, "%lu ", magic); 2356 } 2357 } 2358 break; 2359 case LCP_OPT_MRU: 2360 /* 2361 * Peer wants to advise us to negotiate an MRU. 2362 * Agree on it if it's reasonable, or use 2363 * default otherwise. 2364 */ 2365 if (len >= 4 && p[1] == 4) { 2366 u_int mru = p[2] * 256 + p[3]; 2367 if (debug) 2368 log(-1, "%d ", mru); 2369 if (mru < PP_MTU || mru > PP_MAX_MRU) 2370 mru = PP_MTU; 2371 sp->lcp.mru = mru; 2372 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2373 } 2374 break; 2375 case LCP_OPT_AUTH_PROTO: 2376 /* 2377 * Peer doesn't like our authentication method, 2378 * deny. 2379 */ 2380 if (debug) 2381 log(-1, "[access denied]\n"); 2382 lcp.Close(sp); 2383 break; 2384 } 2385 } 2386 if (debug) 2387 log(-1, "\n"); 2388 free (buf, M_TEMP); 2389 return; 2390} 2391 2392static void 2393sppp_lcp_tlu(struct sppp *sp) 2394{ 2395 STDDCL; 2396 int i; 2397 u_long mask; 2398 2399 /* XXX ? */ 2400 if (! (ifp->if_flags & IFF_UP) && 2401 (ifp->if_flags & IFF_RUNNING)) { 2402 /* Coming out of loopback mode. */ 2403 if_up(ifp); 2404 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2405 } 2406 2407 for (i = 0; i < IDX_COUNT; i++) 2408 if ((cps[i])->flags & CP_QUAL) 2409 (cps[i])->Open(sp); 2410 2411 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2412 (sp->pp_flags & PP_NEEDAUTH) != 0) 2413 sp->pp_phase = PHASE_AUTHENTICATE; 2414 else 2415 sp->pp_phase = PHASE_NETWORK; 2416 2417 if (debug) 2418 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2419 sppp_phase_name(sp->pp_phase)); 2420 2421 /* 2422 * Open all authentication protocols. This is even required 2423 * if we already proceeded to network phase, since it might be 2424 * that remote wants us to authenticate, so we might have to 2425 * send a PAP request. Undesired authentication protocols 2426 * don't do anything when they get an Open event. 2427 */ 2428 for (i = 0; i < IDX_COUNT; i++) 2429 if ((cps[i])->flags & CP_AUTH) 2430 (cps[i])->Open(sp); 2431 2432 if (sp->pp_phase == PHASE_NETWORK) { 2433 /* Notify all NCPs. */ 2434 for (i = 0; i < IDX_COUNT; i++) 2435 if ((cps[i])->flags & CP_NCP) 2436 (cps[i])->Open(sp); 2437 } 2438 2439 /* Send Up events to all started protos. */ 2440 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2441 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2442 (cps[i])->Up(sp); 2443 2444 /* notify low-level driver of state change */ 2445 if (sp->pp_chg) 2446 sp->pp_chg(sp, (int)sp->pp_phase); 2447 2448 if (sp->pp_phase == PHASE_NETWORK) 2449 /* if no NCP is starting, close down */ 2450 sppp_lcp_check_and_close(sp); 2451} 2452 2453static void 2454sppp_lcp_tld(struct sppp *sp) 2455{ 2456 STDDCL; 2457 int i; 2458 u_long mask; 2459 2460 sp->pp_phase = PHASE_TERMINATE; 2461 2462 if (debug) 2463 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2464 sppp_phase_name(sp->pp_phase)); 2465 2466 /* 2467 * Take upper layers down. We send the Down event first and 2468 * the Close second to prevent the upper layers from sending 2469 * ``a flurry of terminate-request packets'', as the RFC 2470 * describes it. 2471 */ 2472 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2473 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2474 (cps[i])->Down(sp); 2475 (cps[i])->Close(sp); 2476 } 2477} 2478 2479static void 2480sppp_lcp_tls(struct sppp *sp) 2481{ 2482 STDDCL; 2483 2484 sp->pp_phase = PHASE_ESTABLISH; 2485 2486 if (debug) 2487 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2488 sppp_phase_name(sp->pp_phase)); 2489 2490 /* Notify lower layer if desired. */ 2491 if (sp->pp_tls) 2492 (sp->pp_tls)(sp); 2493 else 2494 (sp->pp_up)(sp); 2495} 2496 2497static void 2498sppp_lcp_tlf(struct sppp *sp) 2499{ 2500 STDDCL; 2501 2502 sp->pp_phase = PHASE_DEAD; 2503 if (debug) 2504 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2505 sppp_phase_name(sp->pp_phase)); 2506 2507 /* Notify lower layer if desired. */ 2508 if (sp->pp_tlf) 2509 (sp->pp_tlf)(sp); 2510 else 2511 (sp->pp_down)(sp); 2512} 2513 2514static void 2515sppp_lcp_scr(struct sppp *sp) 2516{ 2517 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2518 int i = 0; 2519 u_short authproto; 2520 2521 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2522 if (! sp->lcp.magic) 2523#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2524 sp->lcp.magic = random(); 2525#else 2526 sp->lcp.magic = time.tv_sec + time.tv_usec; 2527#endif 2528 opt[i++] = LCP_OPT_MAGIC; 2529 opt[i++] = 6; 2530 opt[i++] = sp->lcp.magic >> 24; 2531 opt[i++] = sp->lcp.magic >> 16; 2532 opt[i++] = sp->lcp.magic >> 8; 2533 opt[i++] = sp->lcp.magic; 2534 } 2535 2536 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2537 opt[i++] = LCP_OPT_MRU; 2538 opt[i++] = 4; 2539 opt[i++] = sp->lcp.mru >> 8; 2540 opt[i++] = sp->lcp.mru; 2541 } 2542 2543 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2544 authproto = sp->hisauth.proto; 2545 opt[i++] = LCP_OPT_AUTH_PROTO; 2546 opt[i++] = authproto == PPP_CHAP? 5: 4; 2547 opt[i++] = authproto >> 8; 2548 opt[i++] = authproto; 2549 if (authproto == PPP_CHAP) 2550 opt[i++] = CHAP_MD5; 2551 } 2552 2553 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2554 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2555} 2556 2557/* 2558 * Check the open NCPs, return true if at least one NCP is open. 2559 */ 2560static int 2561sppp_ncp_check(struct sppp *sp) 2562{ 2563 int i, mask; 2564 2565 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2566 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2567 return 1; 2568 return 0; 2569} 2570 2571/* 2572 * Re-check the open NCPs and see if we should terminate the link. 2573 * Called by the NCPs during their tlf action handling. 2574 */ 2575static void 2576sppp_lcp_check_and_close(struct sppp *sp) 2577{ 2578 2579 if (sp->pp_phase < PHASE_NETWORK) 2580 /* don't bother, we are already going down */ 2581 return; 2582 2583 if (sppp_ncp_check(sp)) 2584 return; 2585 2586 lcp.Close(sp); 2587} 2588 2589/* 2590 *--------------------------------------------------------------------------* 2591 * * 2592 * The IPCP implementation. * 2593 * * 2594 *--------------------------------------------------------------------------* 2595 */ 2596 2597static void 2598sppp_ipcp_init(struct sppp *sp) 2599{ 2600 sp->ipcp.opts = 0; 2601 sp->ipcp.flags = 0; 2602 sp->state[IDX_IPCP] = STATE_INITIAL; 2603 sp->fail_counter[IDX_IPCP] = 0; 2604 sp->pp_seq[IDX_IPCP] = 0; 2605 sp->pp_rseq[IDX_IPCP] = 0; 2606#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2607 callout_handle_init(&sp->ch[IDX_IPCP]); 2608#endif 2609} 2610 2611static void 2612sppp_ipcp_up(struct sppp *sp) 2613{ 2614 sppp_up_event(&ipcp, sp); 2615} 2616 2617static void 2618sppp_ipcp_down(struct sppp *sp) 2619{ 2620 sppp_down_event(&ipcp, sp); 2621} 2622 2623static void 2624sppp_ipcp_open(struct sppp *sp) 2625{ 2626 STDDCL; 2627 u_long myaddr, hisaddr; 2628 2629 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN); 2630 2631 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2632 /* 2633 * If we don't have his address, this probably means our 2634 * interface doesn't want to talk IP at all. (This could 2635 * be the case if somebody wants to speak only IPX, for 2636 * example.) Don't open IPCP in this case. 2637 */ 2638 if (hisaddr == 0L) { 2639 /* XXX this message should go away */ 2640 if (debug) 2641 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2642 SPP_ARGS(ifp)); 2643 return; 2644 } 2645 2646 if (myaddr == 0L) { 2647 /* 2648 * I don't have an assigned address, so i need to 2649 * negotiate my address. 2650 */ 2651 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2652 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2653 } else 2654 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2655 sppp_open_event(&ipcp, sp); 2656} 2657 2658static void 2659sppp_ipcp_close(struct sppp *sp) 2660{ 2661 sppp_close_event(&ipcp, sp); 2662 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2663 /* 2664 * My address was dynamic, clear it again. 2665 */ 2666 sppp_set_ip_addr(sp, 0L); 2667} 2668 2669static void 2670sppp_ipcp_TO(void *cookie) 2671{ 2672 sppp_to_event(&ipcp, (struct sppp *)cookie); 2673} 2674 2675/* 2676 * Analyze a configure request. Return true if it was agreeable, and 2677 * caused action sca, false if it has been rejected or nak'ed, and 2678 * caused action scn. (The return value is used to make the state 2679 * transition decision in the state automaton.) 2680 */ 2681static int 2682sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2683{ 2684 u_char *buf, *r, *p; 2685 struct ifnet *ifp = &sp->pp_if; 2686 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2687 u_long hisaddr, desiredaddr; 2688 int gotmyaddr = 0; 2689 2690 len -= 4; 2691 origlen = len; 2692 /* 2693 * Make sure to allocate a buf that can at least hold a 2694 * conf-nak with an `address' option. We might need it below. 2695 */ 2696 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2697 if (! buf) 2698 return (0); 2699 2700 /* pass 1: see if we can recognize them */ 2701 if (debug) 2702 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2703 SPP_ARGS(ifp)); 2704 p = (void*) (h+1); 2705 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2706 if (debug) 2707 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2708 switch (*p) { 2709 case IPCP_OPT_ADDRESS: 2710 if (len >= 6 && p[1] == 6) { 2711 /* correctly formed address option */ 2712 continue; 2713 } 2714 if (debug) 2715 log(-1, "[invalid] "); 2716 break; 2717 default: 2718 /* Others not supported. */ 2719 if (debug) 2720 log(-1, "[rej] "); 2721 break; 2722 } 2723 /* Add the option to rejected list. */ 2724 bcopy (p, r, p[1]); 2725 r += p[1]; 2726 rlen += p[1]; 2727 } 2728 if (rlen) { 2729 if (debug) 2730 log(-1, " send conf-rej\n"); 2731 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2732 return 0; 2733 } else if (debug) 2734 log(-1, "\n"); 2735 2736 /* pass 2: parse option values */ 2737 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2738 if (debug) 2739 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2740 SPP_ARGS(ifp)); 2741 p = (void*) (h+1); 2742 len = origlen; 2743 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2744 if (debug) 2745 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2746 switch (*p) { 2747 case IPCP_OPT_ADDRESS: 2748 /* This is the address he wants in his end */ 2749 desiredaddr = p[2] << 24 | p[3] << 16 | 2750 p[4] << 8 | p[5]; 2751 if (desiredaddr == hisaddr || 2752 (hisaddr == 1 && desiredaddr != 0)) { 2753 /* 2754 * Peer's address is same as our value, 2755 * or we have set it to 0.0.0.1 to 2756 * indicate that we do not really care, 2757 * this is agreeable. Gonna conf-ack 2758 * it. 2759 */ 2760 if (debug) 2761 log(-1, "%s [ack] ", 2762 sppp_dotted_quad(hisaddr)); 2763 /* record that we've seen it already */ 2764 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2765 continue; 2766 } 2767 /* 2768 * The address wasn't agreeable. This is either 2769 * he sent us 0.0.0.0, asking to assign him an 2770 * address, or he send us another address not 2771 * matching our value. Either case, we gonna 2772 * conf-nak it with our value. 2773 * XXX: we should "rej" if hisaddr == 0 2774 */ 2775 if (debug) { 2776 if (desiredaddr == 0) 2777 log(-1, "[addr requested] "); 2778 else 2779 log(-1, "%s [not agreed] ", 2780 sppp_dotted_quad(desiredaddr)); 2781 2782 } 2783 p[2] = hisaddr >> 24; 2784 p[3] = hisaddr >> 16; 2785 p[4] = hisaddr >> 8; 2786 p[5] = hisaddr; 2787 break; 2788 } 2789 /* Add the option to nak'ed list. */ 2790 bcopy (p, r, p[1]); 2791 r += p[1]; 2792 rlen += p[1]; 2793 } 2794 2795 /* 2796 * If we are about to conf-ack the request, but haven't seen 2797 * his address so far, gonna conf-nak it instead, with the 2798 * `address' option present and our idea of his address being 2799 * filled in there, to request negotiation of both addresses. 2800 * 2801 * XXX This can result in an endless req - nak loop if peer 2802 * doesn't want to send us his address. Q: What should we do 2803 * about it? XXX A: implement the max-failure counter. 2804 */ 2805 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 2806 buf[0] = IPCP_OPT_ADDRESS; 2807 buf[1] = 6; 2808 buf[2] = hisaddr >> 24; 2809 buf[3] = hisaddr >> 16; 2810 buf[4] = hisaddr >> 8; 2811 buf[5] = hisaddr; 2812 rlen = 6; 2813 if (debug) 2814 log(-1, "still need hisaddr "); 2815 } 2816 2817 if (rlen) { 2818 if (debug) 2819 log(-1, " send conf-nak\n"); 2820 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2821 } else { 2822 if (debug) 2823 log(-1, " send conf-ack\n"); 2824 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2825 h->ident, origlen, h+1); 2826 } 2827 2828 free (buf, M_TEMP); 2829 return (rlen == 0); 2830} 2831 2832/* 2833 * Analyze the IPCP Configure-Reject option list, and adjust our 2834 * negotiation. 2835 */ 2836static void 2837sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2838{ 2839 u_char *buf, *p; 2840 struct ifnet *ifp = &sp->pp_if; 2841 int debug = ifp->if_flags & IFF_DEBUG; 2842 2843 len -= 4; 2844 buf = malloc (len, M_TEMP, M_NOWAIT); 2845 if (!buf) 2846 return; 2847 2848 if (debug) 2849 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 2850 SPP_ARGS(ifp)); 2851 2852 p = (void*) (h+1); 2853 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2854 if (debug) 2855 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2856 switch (*p) { 2857 case IPCP_OPT_ADDRESS: 2858 /* 2859 * Peer doesn't grok address option. This is 2860 * bad. XXX Should we better give up here? 2861 * XXX We could try old "addresses" option... 2862 */ 2863 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 2864 break; 2865 } 2866 } 2867 if (debug) 2868 log(-1, "\n"); 2869 free (buf, M_TEMP); 2870 return; 2871} 2872 2873/* 2874 * Analyze the IPCP Configure-NAK option list, and adjust our 2875 * negotiation. 2876 */ 2877static void 2878sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2879{ 2880 u_char *buf, *p; 2881 struct ifnet *ifp = &sp->pp_if; 2882 int debug = ifp->if_flags & IFF_DEBUG; 2883 u_long wantaddr; 2884 2885 len -= 4; 2886 buf = malloc (len, M_TEMP, M_NOWAIT); 2887 if (!buf) 2888 return; 2889 2890 if (debug) 2891 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 2892 SPP_ARGS(ifp)); 2893 2894 p = (void*) (h+1); 2895 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2896 if (debug) 2897 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2898 switch (*p) { 2899 case IPCP_OPT_ADDRESS: 2900 /* 2901 * Peer doesn't like our local IP address. See 2902 * if we can do something for him. We'll drop 2903 * him our address then. 2904 */ 2905 if (len >= 6 && p[1] == 6) { 2906 wantaddr = p[2] << 24 | p[3] << 16 | 2907 p[4] << 8 | p[5]; 2908 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2909 if (debug) 2910 log(-1, "[wantaddr %s] ", 2911 sppp_dotted_quad(wantaddr)); 2912 /* 2913 * When doing dynamic address assignment, 2914 * we accept his offer. Otherwise, we 2915 * ignore it and thus continue to negotiate 2916 * our already existing value. 2917 * XXX: Bogus, if he said no once, he'll 2918 * just say no again, might as well die. 2919 */ 2920 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 2921 sppp_set_ip_addr(sp, wantaddr); 2922 if (debug) 2923 log(-1, "[agree] "); 2924 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2925 } 2926 } 2927 break; 2928 } 2929 } 2930 if (debug) 2931 log(-1, "\n"); 2932 free (buf, M_TEMP); 2933 return; 2934} 2935 2936static void 2937sppp_ipcp_tlu(struct sppp *sp) 2938{ 2939 /* we are up - notify isdn daemon */ 2940 if (sp->pp_con) 2941 sp->pp_con(sp); 2942} 2943 2944static void 2945sppp_ipcp_tld(struct sppp *sp) 2946{ 2947} 2948 2949static void 2950sppp_ipcp_tls(struct sppp *sp) 2951{ 2952 /* indicate to LCP that it must stay alive */ 2953 sp->lcp.protos |= (1 << IDX_IPCP); 2954} 2955 2956static void 2957sppp_ipcp_tlf(struct sppp *sp) 2958{ 2959 /* we no longer need LCP */ 2960 sp->lcp.protos &= ~(1 << IDX_IPCP); 2961 sppp_lcp_check_and_close(sp); 2962} 2963 2964static void 2965sppp_ipcp_scr(struct sppp *sp) 2966{ 2967 char opt[6 /* compression */ + 6 /* address */]; 2968 u_long ouraddr; 2969 int i = 0; 2970 2971 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 2972 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 2973 opt[i++] = IPCP_OPT_ADDRESS; 2974 opt[i++] = 6; 2975 opt[i++] = ouraddr >> 24; 2976 opt[i++] = ouraddr >> 16; 2977 opt[i++] = ouraddr >> 8; 2978 opt[i++] = ouraddr; 2979 } 2980 2981 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 2982 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 2983} 2984 2985/* 2986 *--------------------------------------------------------------------------* 2987 * * 2988 * The IPv6CP implementation. * 2989 * * 2990 *--------------------------------------------------------------------------* 2991 */ 2992 2993#ifdef INET6 2994static void 2995sppp_ipv6cp_init(struct sppp *sp) 2996{ 2997 sp->ipv6cp.opts = 0; 2998 sp->ipv6cp.flags = 0; 2999 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3000 sp->fail_counter[IDX_IPV6CP] = 0; 3001 sp->pp_seq[IDX_IPV6CP] = 0; 3002 sp->pp_rseq[IDX_IPV6CP] = 0; 3003#if defined(__NetBSD__) 3004 callout_init(&sp->ch[IDX_IPV6CP]); 3005#endif 3006#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3007 callout_handle_init(&sp->ch[IDX_IPV6CP]); 3008#endif 3009} 3010 3011static void 3012sppp_ipv6cp_up(struct sppp *sp) 3013{ 3014 sppp_up_event(&ipv6cp, sp); 3015} 3016 3017static void 3018sppp_ipv6cp_down(struct sppp *sp) 3019{ 3020 sppp_down_event(&ipv6cp, sp); 3021} 3022 3023static void 3024sppp_ipv6cp_open(struct sppp *sp) 3025{ 3026 STDDCL; 3027 struct in6_addr myaddr, hisaddr; 3028 3029#ifdef IPV6CP_MYIFID_DYN 3030 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3031#else 3032 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3033#endif 3034 3035 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3036 /* 3037 * If we don't have our address, this probably means our 3038 * interface doesn't want to talk IPv6 at all. (This could 3039 * be the case if somebody wants to speak only IPX, for 3040 * example.) Don't open IPv6CP in this case. 3041 */ 3042 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3043 /* XXX this message should go away */ 3044 if (debug) 3045 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3046 SPP_ARGS(ifp)); 3047 return; 3048 } 3049 3050 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3051 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3052 sppp_open_event(&ipv6cp, sp); 3053} 3054 3055static void 3056sppp_ipv6cp_close(struct sppp *sp) 3057{ 3058 sppp_close_event(&ipv6cp, sp); 3059} 3060 3061static void 3062sppp_ipv6cp_TO(void *cookie) 3063{ 3064 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3065} 3066 3067/* 3068 * Analyze a configure request. Return true if it was agreeable, and 3069 * caused action sca, false if it has been rejected or nak'ed, and 3070 * caused action scn. (The return value is used to make the state 3071 * transition decision in the state automaton.) 3072 */ 3073static int 3074sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3075{ 3076 u_char *buf, *r, *p; 3077 struct ifnet *ifp = &sp->pp_if; 3078 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3079 struct in6_addr myaddr, desiredaddr, suggestaddr; 3080 int ifidcount; 3081 int type; 3082 int collision, nohisaddr; 3083 3084 len -= 4; 3085 origlen = len; 3086 /* 3087 * Make sure to allocate a buf that can at least hold a 3088 * conf-nak with an `address' option. We might need it below. 3089 */ 3090 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3091 if (! buf) 3092 return (0); 3093 3094 /* pass 1: see if we can recognize them */ 3095 if (debug) 3096 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3097 SPP_ARGS(ifp)); 3098 p = (void*) (h+1); 3099 ifidcount = 0; 3100 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3101 if (debug) 3102 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3103 switch (*p) { 3104 case IPV6CP_OPT_IFID: 3105 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3106 /* correctly formed address option */ 3107 ifidcount++; 3108 continue; 3109 } 3110 if (debug) 3111 addlog(" [invalid]"); 3112 break; 3113#ifdef notyet 3114 case IPV6CP_OPT_COMPRESSION: 3115 if (len >= 4 && p[1] >= 4) { 3116 /* correctly formed compress option */ 3117 continue; 3118 } 3119 if (debug) 3120 addlog(" [invalid]"); 3121 break; 3122#endif 3123 default: 3124 /* Others not supported. */ 3125 if (debug) 3126 addlog(" [rej]"); 3127 break; 3128 } 3129 /* Add the option to rejected list. */ 3130 bcopy (p, r, p[1]); 3131 r += p[1]; 3132 rlen += p[1]; 3133 } 3134 if (rlen) { 3135 if (debug) 3136 addlog(" send conf-rej\n"); 3137 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3138 goto end; 3139 } else if (debug) 3140 addlog("\n"); 3141 3142 /* pass 2: parse option values */ 3143 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3144 if (debug) 3145 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3146 SPP_ARGS(ifp)); 3147 p = (void*) (h+1); 3148 len = origlen; 3149 type = CONF_ACK; 3150 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3151 if (debug) 3152 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3153 switch (*p) { 3154#ifdef notyet 3155 case IPV6CP_OPT_COMPRESSION: 3156 continue; 3157#endif 3158 case IPV6CP_OPT_IFID: 3159 bzero(&desiredaddr, sizeof(desiredaddr)); 3160 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3161 collision = (bcmp(&desiredaddr.s6_addr[8], 3162 &myaddr.s6_addr[8], 8) == 0); 3163 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3164 3165 desiredaddr.s6_addr16[0] = htons(0xfe80); 3166 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3167 3168 if (!collision && !nohisaddr) { 3169 /* no collision, hisaddr known - Conf-Ack */ 3170 type = CONF_ACK; 3171 3172 if (debug) { 3173 addlog(" %s [%s]", 3174 ip6_sprintf(&desiredaddr), 3175 sppp_cp_type_name(type)); 3176 } 3177 continue; 3178 } 3179 3180 bzero(&suggestaddr, sizeof(&suggestaddr)); 3181 if (collision && nohisaddr) { 3182 /* collision, hisaddr unknown - Conf-Rej */ 3183 type = CONF_REJ; 3184 bzero(&p[2], 8); 3185 } else { 3186 /* 3187 * - no collision, hisaddr unknown, or 3188 * - collision, hisaddr known 3189 * Conf-Nak, suggest hisaddr 3190 */ 3191 type = CONF_NAK; 3192 sppp_suggest_ip6_addr(sp, &suggestaddr); 3193 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3194 } 3195 if (debug) 3196 addlog(" %s [%s]", ip6_sprintf(&desiredaddr), 3197 sppp_cp_type_name(type)); 3198 break; 3199 } 3200 /* Add the option to nak'ed list. */ 3201 bcopy (p, r, p[1]); 3202 r += p[1]; 3203 rlen += p[1]; 3204 } 3205 3206 if (rlen == 0 && type == CONF_ACK) { 3207 if (debug) 3208 addlog(" send %s\n", sppp_cp_type_name(type)); 3209 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3210 } else { 3211#ifdef DIAGNOSTIC 3212 if (type == CONF_ACK) 3213 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3214#endif 3215 3216 if (debug) { 3217 addlog(" send %s suggest %s\n", 3218 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3219 } 3220 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3221 } 3222 3223 end: 3224 free (buf, M_TEMP); 3225 return (rlen == 0); 3226} 3227 3228/* 3229 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3230 * negotiation. 3231 */ 3232static void 3233sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3234{ 3235 u_char *buf, *p; 3236 struct ifnet *ifp = &sp->pp_if; 3237 int debug = ifp->if_flags & IFF_DEBUG; 3238 3239 len -= 4; 3240 buf = malloc (len, M_TEMP, M_NOWAIT); 3241 if (!buf) 3242 return; 3243 3244 if (debug) 3245 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3246 SPP_ARGS(ifp)); 3247 3248 p = (void*) (h+1); 3249 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3250 if (debug) 3251 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3252 switch (*p) { 3253 case IPV6CP_OPT_IFID: 3254 /* 3255 * Peer doesn't grok address option. This is 3256 * bad. XXX Should we better give up here? 3257 */ 3258 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3259 break; 3260#ifdef notyet 3261 case IPV6CP_OPT_COMPRESS: 3262 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3263 break; 3264#endif 3265 } 3266 } 3267 if (debug) 3268 addlog("\n"); 3269 free (buf, M_TEMP); 3270 return; 3271} 3272 3273/* 3274 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3275 * negotiation. 3276 */ 3277static void 3278sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3279{ 3280 u_char *buf, *p; 3281 struct ifnet *ifp = &sp->pp_if; 3282 int debug = ifp->if_flags & IFF_DEBUG; 3283 struct in6_addr suggestaddr; 3284 3285 len -= 4; 3286 buf = malloc (len, M_TEMP, M_NOWAIT); 3287 if (!buf) 3288 return; 3289 3290 if (debug) 3291 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3292 SPP_ARGS(ifp)); 3293 3294 p = (void*) (h+1); 3295 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3296 if (debug) 3297 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3298 switch (*p) { 3299 case IPV6CP_OPT_IFID: 3300 /* 3301 * Peer doesn't like our local ifid. See 3302 * if we can do something for him. We'll drop 3303 * him our address then. 3304 */ 3305 if (len < 10 || p[1] != 10) 3306 break; 3307 bzero(&suggestaddr, sizeof(suggestaddr)); 3308 suggestaddr.s6_addr16[0] = htons(0xfe80); 3309 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3310 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3311 3312 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3313 if (debug) 3314 addlog(" [suggestaddr %s]", 3315 ip6_sprintf(&suggestaddr)); 3316#ifdef IPV6CP_MYIFID_DYN 3317 /* 3318 * When doing dynamic address assignment, 3319 * we accept his offer. 3320 */ 3321 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3322 struct in6_addr lastsuggest; 3323 /* 3324 * If <suggested myaddr from peer> equals to 3325 * <hisaddr we have suggested last time>, 3326 * we have a collision. generate new random 3327 * ifid. 3328 */ 3329 sppp_suggest_ip6_addr(&lastsuggest); 3330 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3331 lastsuggest)) { 3332 if (debug) 3333 addlog(" [random]"); 3334 sppp_gen_ip6_addr(sp, &suggestaddr); 3335 } 3336 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3337 if (debug) 3338 addlog(" [agree]"); 3339 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3340 } 3341#else 3342 /* 3343 * Since we do not do dynamic address assignment, 3344 * we ignore it and thus continue to negotiate 3345 * our already existing value. This can possibly 3346 * go into infinite request-reject loop. 3347 * 3348 * This is not likely because we normally use 3349 * ifid based on MAC-address. 3350 * If you have no ethernet card on the node, too bad. 3351 * XXX should we use fail_counter? 3352 */ 3353#endif 3354 break; 3355#ifdef notyet 3356 case IPV6CP_OPT_COMPRESS: 3357 /* 3358 * Peer wants different compression parameters. 3359 */ 3360 break; 3361#endif 3362 } 3363 } 3364 if (debug) 3365 addlog("\n"); 3366 free (buf, M_TEMP); 3367 return; 3368} 3369static void 3370sppp_ipv6cp_tlu(struct sppp *sp) 3371{ 3372 /* we are up - notify isdn daemon */ 3373 if (sp->pp_con) 3374 sp->pp_con(sp); 3375} 3376 3377static void 3378sppp_ipv6cp_tld(struct sppp *sp) 3379{ 3380} 3381 3382static void 3383sppp_ipv6cp_tls(struct sppp *sp) 3384{ 3385 /* indicate to LCP that it must stay alive */ 3386 sp->lcp.protos |= (1 << IDX_IPV6CP); 3387} 3388 3389static void 3390sppp_ipv6cp_tlf(struct sppp *sp) 3391{ 3392 3393#if 0 /* need #if 0 to close IPv6CP properly */ 3394 /* we no longer need LCP */ 3395 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3396 sppp_lcp_check_and_close(sp); 3397#endif 3398} 3399 3400static void 3401sppp_ipv6cp_scr(struct sppp *sp) 3402{ 3403 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3404 struct in6_addr ouraddr; 3405 int i = 0; 3406 3407 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3408 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3409 opt[i++] = IPV6CP_OPT_IFID; 3410 opt[i++] = 10; 3411 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3412 i += 8; 3413 } 3414 3415#ifdef notyet 3416 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3417 opt[i++] = IPV6CP_OPT_COMPRESSION; 3418 opt[i++] = 4; 3419 opt[i++] = 0; /* TBD */ 3420 opt[i++] = 0; /* TBD */ 3421 /* variable length data may follow */ 3422 } 3423#endif 3424 3425 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3426 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3427} 3428#else /*INET6*/ 3429static void sppp_ipv6cp_init(struct sppp *sp) 3430{ 3431} 3432 3433static void sppp_ipv6cp_up(struct sppp *sp) 3434{ 3435} 3436 3437static void sppp_ipv6cp_down(struct sppp *sp) 3438{ 3439} 3440 3441 3442static void sppp_ipv6cp_open(struct sppp *sp) 3443{ 3444} 3445 3446static void sppp_ipv6cp_close(struct sppp *sp) 3447{ 3448} 3449 3450static void sppp_ipv6cp_TO(void *sp) 3451{ 3452} 3453 3454static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3455{ 3456 return 0; 3457} 3458 3459static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3460{ 3461} 3462 3463static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3464{ 3465} 3466 3467static void sppp_ipv6cp_tlu(struct sppp *sp) 3468{ 3469} 3470 3471static void sppp_ipv6cp_tld(struct sppp *sp) 3472{ 3473} 3474 3475static void sppp_ipv6cp_tls(struct sppp *sp) 3476{ 3477} 3478 3479static void sppp_ipv6cp_tlf(struct sppp *sp) 3480{ 3481} 3482 3483static void sppp_ipv6cp_scr(struct sppp *sp) 3484{ 3485} 3486#endif /*INET6*/ 3487 3488/* 3489 *--------------------------------------------------------------------------* 3490 * * 3491 * The CHAP implementation. * 3492 * * 3493 *--------------------------------------------------------------------------* 3494 */ 3495 3496/* 3497 * The authentication protocols don't employ a full-fledged state machine as 3498 * the control protocols do, since they do have Open and Close events, but 3499 * not Up and Down, nor are they explicitly terminated. Also, use of the 3500 * authentication protocols may be different in both directions (this makes 3501 * sense, think of a machine that never accepts incoming calls but only 3502 * calls out, it doesn't require the called party to authenticate itself). 3503 * 3504 * Our state machine for the local authentication protocol (we are requesting 3505 * the peer to authenticate) looks like: 3506 * 3507 * RCA- 3508 * +--------------------------------------------+ 3509 * V scn,tld| 3510 * +--------+ Close +---------+ RCA+ 3511 * | |<----------------------------------| |------+ 3512 * +--->| Closed | TO* | Opened | sca | 3513 * | | |-----+ +-------| |<-----+ 3514 * | +--------+ irc | | +---------+ 3515 * | ^ | | ^ 3516 * | | | | | 3517 * | | | | | 3518 * | TO-| | | | 3519 * | |tld TO+ V | | 3520 * | | +------->+ | | 3521 * | | | | | | 3522 * | +--------+ V | | 3523 * | | |<----+<--------------------+ | 3524 * | | Req- | scr | 3525 * | | Sent | | 3526 * | | | | 3527 * | +--------+ | 3528 * | RCA- | | RCA+ | 3529 * +------+ +------------------------------------------+ 3530 * scn,tld sca,irc,ict,tlu 3531 * 3532 * 3533 * with: 3534 * 3535 * Open: LCP reached authentication phase 3536 * Close: LCP reached terminate phase 3537 * 3538 * RCA+: received reply (pap-req, chap-response), acceptable 3539 * RCN: received reply (pap-req, chap-response), not acceptable 3540 * TO+: timeout with restart counter >= 0 3541 * TO-: timeout with restart counter < 0 3542 * TO*: reschedule timeout for CHAP 3543 * 3544 * scr: send request packet (none for PAP, chap-challenge) 3545 * sca: send ack packet (pap-ack, chap-success) 3546 * scn: send nak packet (pap-nak, chap-failure) 3547 * ict: initialize re-challenge timer (CHAP only) 3548 * 3549 * tlu: this-layer-up, LCP reaches network phase 3550 * tld: this-layer-down, LCP enters terminate phase 3551 * 3552 * Note that in CHAP mode, after sending a new challenge, while the state 3553 * automaton falls back into Req-Sent state, it doesn't signal a tld 3554 * event to LCP, so LCP remains in network phase. Only after not getting 3555 * any response (or after getting an unacceptable response), CHAP closes, 3556 * causing LCP to enter terminate phase. 3557 * 3558 * With PAP, there is no initial request that can be sent. The peer is 3559 * expected to send one based on the successful negotiation of PAP as 3560 * the authentication protocol during the LCP option negotiation. 3561 * 3562 * Incoming authentication protocol requests (remote requests 3563 * authentication, we are peer) don't employ a state machine at all, 3564 * they are simply answered. Some peers [Ascend P50 firmware rev 3565 * 4.50] react allergically when sending IPCP requests while they are 3566 * still in authentication phase (thereby violating the standard that 3567 * demands that these NCP packets are to be discarded), so we keep 3568 * track of the peer demanding us to authenticate, and only proceed to 3569 * phase network once we've seen a positive acknowledge for the 3570 * authentication. 3571 */ 3572 3573/* 3574 * Handle incoming CHAP packets. 3575 */ 3576void 3577sppp_chap_input(struct sppp *sp, struct mbuf *m) 3578{ 3579 STDDCL; 3580 struct lcp_header *h; 3581 int len, x; 3582 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3583 int value_len, name_len; 3584 MD5_CTX ctx; 3585 3586 len = m->m_pkthdr.len; 3587 if (len < 4) { 3588 if (debug) 3589 log(LOG_DEBUG, 3590 SPP_FMT "chap invalid packet length: %d bytes\n", 3591 SPP_ARGS(ifp), len); 3592 return; 3593 } 3594 h = mtod (m, struct lcp_header*); 3595 if (len > ntohs (h->len)) 3596 len = ntohs (h->len); 3597 3598 switch (h->type) { 3599 /* challenge, failure and success are his authproto */ 3600 case CHAP_CHALLENGE: 3601 value = 1 + (u_char*)(h+1); 3602 value_len = value[-1]; 3603 name = value + value_len; 3604 name_len = len - value_len - 5; 3605 if (name_len < 0) { 3606 if (debug) { 3607 log(LOG_DEBUG, 3608 SPP_FMT "chap corrupted challenge " 3609 "<%s id=0x%x len=%d", 3610 SPP_ARGS(ifp), 3611 sppp_auth_type_name(PPP_CHAP, h->type), 3612 h->ident, ntohs(h->len)); 3613 sppp_print_bytes((u_char*) (h+1), len-4); 3614 log(-1, ">\n"); 3615 } 3616 break; 3617 } 3618 3619 if (debug) { 3620 log(LOG_DEBUG, 3621 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3622 SPP_ARGS(ifp), 3623 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3624 ntohs(h->len)); 3625 sppp_print_string((char*) name, name_len); 3626 log(-1, " value-size=%d value=", value_len); 3627 sppp_print_bytes(value, value_len); 3628 log(-1, ">\n"); 3629 } 3630 3631 /* Compute reply value. */ 3632 MD5Init(&ctx); 3633 MD5Update(&ctx, &h->ident, 1); 3634 MD5Update(&ctx, sp->myauth.secret, 3635 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3636 MD5Update(&ctx, value, value_len); 3637 MD5Final(digest, &ctx); 3638 dsize = sizeof digest; 3639 3640 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3641 sizeof dsize, (const char *)&dsize, 3642 sizeof digest, digest, 3643 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3644 sp->myauth.name, 3645 0); 3646 break; 3647 3648 case CHAP_SUCCESS: 3649 if (debug) { 3650 log(LOG_DEBUG, SPP_FMT "chap success", 3651 SPP_ARGS(ifp)); 3652 if (len > 4) { 3653 log(-1, ": "); 3654 sppp_print_string((char*)(h + 1), len - 4); 3655 } 3656 log(-1, "\n"); 3657 } 3658 x = splimp(); 3659 sp->pp_flags &= ~PP_NEEDAUTH; 3660 if (sp->myauth.proto == PPP_CHAP && 3661 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3662 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3663 /* 3664 * We are authenticator for CHAP but didn't 3665 * complete yet. Leave it to tlu to proceed 3666 * to network phase. 3667 */ 3668 splx(x); 3669 break; 3670 } 3671 splx(x); 3672 sppp_phase_network(sp); 3673 break; 3674 3675 case CHAP_FAILURE: 3676 if (debug) { 3677 log(LOG_INFO, SPP_FMT "chap failure", 3678 SPP_ARGS(ifp)); 3679 if (len > 4) { 3680 log(-1, ": "); 3681 sppp_print_string((char*)(h + 1), len - 4); 3682 } 3683 log(-1, "\n"); 3684 } else 3685 log(LOG_INFO, SPP_FMT "chap failure\n", 3686 SPP_ARGS(ifp)); 3687 /* await LCP shutdown by authenticator */ 3688 break; 3689 3690 /* response is my authproto */ 3691 case CHAP_RESPONSE: 3692 value = 1 + (u_char*)(h+1); 3693 value_len = value[-1]; 3694 name = value + value_len; 3695 name_len = len - value_len - 5; 3696 if (name_len < 0) { 3697 if (debug) { 3698 log(LOG_DEBUG, 3699 SPP_FMT "chap corrupted response " 3700 "<%s id=0x%x len=%d", 3701 SPP_ARGS(ifp), 3702 sppp_auth_type_name(PPP_CHAP, h->type), 3703 h->ident, ntohs(h->len)); 3704 sppp_print_bytes((u_char*)(h+1), len-4); 3705 log(-1, ">\n"); 3706 } 3707 break; 3708 } 3709 if (h->ident != sp->confid[IDX_CHAP]) { 3710 if (debug) 3711 log(LOG_DEBUG, 3712 SPP_FMT "chap dropping response for old ID " 3713 "(got %d, expected %d)\n", 3714 SPP_ARGS(ifp), 3715 h->ident, sp->confid[IDX_CHAP]); 3716 break; 3717 } 3718 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 3719 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3720 log(LOG_INFO, SPP_FMT "chap response, his name ", 3721 SPP_ARGS(ifp)); 3722 sppp_print_string(name, name_len); 3723 log(-1, " != expected "); 3724 sppp_print_string(sp->hisauth.name, 3725 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 3726 log(-1, "\n"); 3727 } 3728 if (debug) { 3729 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3730 "<%s id=0x%x len=%d name=", 3731 SPP_ARGS(ifp), 3732 sppp_state_name(sp->state[IDX_CHAP]), 3733 sppp_auth_type_name(PPP_CHAP, h->type), 3734 h->ident, ntohs (h->len)); 3735 sppp_print_string((char*)name, name_len); 3736 log(-1, " value-size=%d value=", value_len); 3737 sppp_print_bytes(value, value_len); 3738 log(-1, ">\n"); 3739 } 3740 if (value_len != AUTHKEYLEN) { 3741 if (debug) 3742 log(LOG_DEBUG, 3743 SPP_FMT "chap bad hash value length: " 3744 "%d bytes, should be %d\n", 3745 SPP_ARGS(ifp), value_len, 3746 AUTHKEYLEN); 3747 break; 3748 } 3749 3750 MD5Init(&ctx); 3751 MD5Update(&ctx, &h->ident, 1); 3752 MD5Update(&ctx, sp->hisauth.secret, 3753 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 3754 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 3755 MD5Final(digest, &ctx); 3756 3757#define FAILMSG "Failed..." 3758#define SUCCMSG "Welcome!" 3759 3760 if (value_len != sizeof digest || 3761 bcmp(digest, value, value_len) != 0) { 3762 /* action scn, tld */ 3763 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3764 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3765 0); 3766 chap.tld(sp); 3767 break; 3768 } 3769 /* action sca, perhaps tlu */ 3770 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3771 sp->state[IDX_CHAP] == STATE_OPENED) 3772 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3773 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3774 0); 3775 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3776 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3777 chap.tlu(sp); 3778 } 3779 break; 3780 3781 default: 3782 /* Unknown CHAP packet type -- ignore. */ 3783 if (debug) { 3784 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 3785 "<0x%x id=0x%xh len=%d", 3786 SPP_ARGS(ifp), 3787 sppp_state_name(sp->state[IDX_CHAP]), 3788 h->type, h->ident, ntohs(h->len)); 3789 sppp_print_bytes((u_char*)(h+1), len-4); 3790 log(-1, ">\n"); 3791 } 3792 break; 3793 3794 } 3795} 3796 3797static void 3798sppp_chap_init(struct sppp *sp) 3799{ 3800 /* Chap doesn't have STATE_INITIAL at all. */ 3801 sp->state[IDX_CHAP] = STATE_CLOSED; 3802 sp->fail_counter[IDX_CHAP] = 0; 3803 sp->pp_seq[IDX_CHAP] = 0; 3804 sp->pp_rseq[IDX_CHAP] = 0; 3805#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3806 callout_handle_init(&sp->ch[IDX_CHAP]); 3807#endif 3808} 3809 3810static void 3811sppp_chap_open(struct sppp *sp) 3812{ 3813 if (sp->myauth.proto == PPP_CHAP && 3814 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3815 /* we are authenticator for CHAP, start it */ 3816 chap.scr(sp); 3817 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3818 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3819 } 3820 /* nothing to be done if we are peer, await a challenge */ 3821} 3822 3823static void 3824sppp_chap_close(struct sppp *sp) 3825{ 3826 if (sp->state[IDX_CHAP] != STATE_CLOSED) 3827 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3828} 3829 3830static void 3831sppp_chap_TO(void *cookie) 3832{ 3833 struct sppp *sp = (struct sppp *)cookie; 3834 STDDCL; 3835 int s; 3836 3837 s = splimp(); 3838 if (debug) 3839 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 3840 SPP_ARGS(ifp), 3841 sppp_state_name(sp->state[IDX_CHAP]), 3842 sp->rst_counter[IDX_CHAP]); 3843 3844 if (--sp->rst_counter[IDX_CHAP] < 0) 3845 /* TO- event */ 3846 switch (sp->state[IDX_CHAP]) { 3847 case STATE_REQ_SENT: 3848 chap.tld(sp); 3849 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3850 break; 3851 } 3852 else 3853 /* TO+ (or TO*) event */ 3854 switch (sp->state[IDX_CHAP]) { 3855 case STATE_OPENED: 3856 /* TO* event */ 3857 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3858 /* fall through */ 3859 case STATE_REQ_SENT: 3860 chap.scr(sp); 3861 /* sppp_cp_change_state() will restart the timer */ 3862 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3863 break; 3864 } 3865 3866 splx(s); 3867} 3868 3869static void 3870sppp_chap_tlu(struct sppp *sp) 3871{ 3872 STDDCL; 3873 int i, x; 3874 3875 i = 0; 3876 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3877 3878 /* 3879 * Some broken CHAP implementations (Conware CoNet, firmware 3880 * 4.0.?) don't want to re-authenticate their CHAP once the 3881 * initial challenge-response exchange has taken place. 3882 * Provide for an option to avoid rechallenges. 3883 */ 3884 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 3885 /* 3886 * Compute the re-challenge timeout. This will yield 3887 * a number between 300 and 810 seconds. 3888 */ 3889 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 3890 TIMEOUT(chap.TO, (void *)sp, i * hz, sp->ch[IDX_CHAP]); 3891 } 3892 3893 if (debug) { 3894 log(LOG_DEBUG, 3895 SPP_FMT "chap %s, ", 3896 SPP_ARGS(ifp), 3897 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 3898 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 3899 log(-1, "next re-challenge in %d seconds\n", i); 3900 else 3901 log(-1, "re-challenging supressed\n"); 3902 } 3903 3904 x = splimp(); 3905 /* indicate to LCP that we need to be closed down */ 3906 sp->lcp.protos |= (1 << IDX_CHAP); 3907 3908 if (sp->pp_flags & PP_NEEDAUTH) { 3909 /* 3910 * Remote is authenticator, but his auth proto didn't 3911 * complete yet. Defer the transition to network 3912 * phase. 3913 */ 3914 splx(x); 3915 return; 3916 } 3917 splx(x); 3918 3919 /* 3920 * If we are already in phase network, we are done here. This 3921 * is the case if this is a dummy tlu event after a re-challenge. 3922 */ 3923 if (sp->pp_phase != PHASE_NETWORK) 3924 sppp_phase_network(sp); 3925} 3926 3927static void 3928sppp_chap_tld(struct sppp *sp) 3929{ 3930 STDDCL; 3931 3932 if (debug) 3933 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 3934 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 3935 sp->lcp.protos &= ~(1 << IDX_CHAP); 3936 3937 lcp.Close(sp); 3938} 3939 3940static void 3941sppp_chap_scr(struct sppp *sp) 3942{ 3943 u_long *ch, seed; 3944 u_char clen; 3945 3946 /* Compute random challenge. */ 3947 ch = (u_long *)sp->myauth.challenge; 3948#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3949 read_random(&seed, sizeof seed); 3950#else 3951 { 3952 struct timeval tv; 3953 microtime(&tv); 3954 seed = tv.tv_sec ^ tv.tv_usec; 3955 } 3956#endif 3957 ch[0] = seed ^ random(); 3958 ch[1] = seed ^ random(); 3959 ch[2] = seed ^ random(); 3960 ch[3] = seed ^ random(); 3961 clen = AUTHKEYLEN; 3962 3963 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 3964 3965 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 3966 sizeof clen, (const char *)&clen, 3967 (size_t)AUTHKEYLEN, sp->myauth.challenge, 3968 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3969 sp->myauth.name, 3970 0); 3971} 3972 3973/* 3974 *--------------------------------------------------------------------------* 3975 * * 3976 * The PAP implementation. * 3977 * * 3978 *--------------------------------------------------------------------------* 3979 */ 3980/* 3981 * For PAP, we need to keep a little state also if we are the peer, not the 3982 * authenticator. This is since we don't get a request to authenticate, but 3983 * have to repeatedly authenticate ourself until we got a response (or the 3984 * retry counter is expired). 3985 */ 3986 3987/* 3988 * Handle incoming PAP packets. */ 3989static void 3990sppp_pap_input(struct sppp *sp, struct mbuf *m) 3991{ 3992 STDDCL; 3993 struct lcp_header *h; 3994 int len, x; 3995 u_char *name, *passwd, mlen; 3996 int name_len, passwd_len; 3997 3998 len = m->m_pkthdr.len; 3999 if (len < 5) { 4000 if (debug) 4001 log(LOG_DEBUG, 4002 SPP_FMT "pap invalid packet length: %d bytes\n", 4003 SPP_ARGS(ifp), len); 4004 return; 4005 } 4006 h = mtod (m, struct lcp_header*); 4007 if (len > ntohs (h->len)) 4008 len = ntohs (h->len); 4009 switch (h->type) { 4010 /* PAP request is my authproto */ 4011 case PAP_REQ: 4012 name = 1 + (u_char*)(h+1); 4013 name_len = name[-1]; 4014 passwd = name + name_len + 1; 4015 if (name_len > len - 6 || 4016 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4017 if (debug) { 4018 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4019 "<%s id=0x%x len=%d", 4020 SPP_ARGS(ifp), 4021 sppp_auth_type_name(PPP_PAP, h->type), 4022 h->ident, ntohs(h->len)); 4023 sppp_print_bytes((u_char*)(h+1), len-4); 4024 log(-1, ">\n"); 4025 } 4026 break; 4027 } 4028 if (debug) { 4029 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4030 "<%s id=0x%x len=%d name=", 4031 SPP_ARGS(ifp), 4032 sppp_state_name(sp->state[IDX_PAP]), 4033 sppp_auth_type_name(PPP_PAP, h->type), 4034 h->ident, ntohs(h->len)); 4035 sppp_print_string((char*)name, name_len); 4036 log(-1, " passwd="); 4037 sppp_print_string((char*)passwd, passwd_len); 4038 log(-1, ">\n"); 4039 } 4040 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4041 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4042 bcmp(name, sp->hisauth.name, name_len) != 0 || 4043 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4044 /* action scn, tld */ 4045 mlen = sizeof(FAILMSG) - 1; 4046 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4047 sizeof mlen, (const char *)&mlen, 4048 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4049 0); 4050 pap.tld(sp); 4051 break; 4052 } 4053 /* action sca, perhaps tlu */ 4054 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4055 sp->state[IDX_PAP] == STATE_OPENED) { 4056 mlen = sizeof(SUCCMSG) - 1; 4057 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4058 sizeof mlen, (const char *)&mlen, 4059 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4060 0); 4061 } 4062 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4063 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4064 pap.tlu(sp); 4065 } 4066 break; 4067 4068 /* ack and nak are his authproto */ 4069 case PAP_ACK: 4070 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4071 if (debug) { 4072 log(LOG_DEBUG, SPP_FMT "pap success", 4073 SPP_ARGS(ifp)); 4074 name_len = *((char *)h); 4075 if (len > 5 && name_len) { 4076 log(-1, ": "); 4077 sppp_print_string((char*)(h+1), name_len); 4078 } 4079 log(-1, "\n"); 4080 } 4081 x = splimp(); 4082 sp->pp_flags &= ~PP_NEEDAUTH; 4083 if (sp->myauth.proto == PPP_PAP && 4084 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4085 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4086 /* 4087 * We are authenticator for PAP but didn't 4088 * complete yet. Leave it to tlu to proceed 4089 * to network phase. 4090 */ 4091 splx(x); 4092 break; 4093 } 4094 splx(x); 4095 sppp_phase_network(sp); 4096 break; 4097 4098 case PAP_NAK: 4099 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4100 if (debug) { 4101 log(LOG_INFO, SPP_FMT "pap failure", 4102 SPP_ARGS(ifp)); 4103 name_len = *((char *)h); 4104 if (len > 5 && name_len) { 4105 log(-1, ": "); 4106 sppp_print_string((char*)(h+1), name_len); 4107 } 4108 log(-1, "\n"); 4109 } else 4110 log(LOG_INFO, SPP_FMT "pap failure\n", 4111 SPP_ARGS(ifp)); 4112 /* await LCP shutdown by authenticator */ 4113 break; 4114 4115 default: 4116 /* Unknown PAP packet type -- ignore. */ 4117 if (debug) { 4118 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4119 "<0x%x id=0x%x len=%d", 4120 SPP_ARGS(ifp), 4121 h->type, h->ident, ntohs(h->len)); 4122 sppp_print_bytes((u_char*)(h+1), len-4); 4123 log(-1, ">\n"); 4124 } 4125 break; 4126 4127 } 4128} 4129 4130static void 4131sppp_pap_init(struct sppp *sp) 4132{ 4133 /* PAP doesn't have STATE_INITIAL at all. */ 4134 sp->state[IDX_PAP] = STATE_CLOSED; 4135 sp->fail_counter[IDX_PAP] = 0; 4136 sp->pp_seq[IDX_PAP] = 0; 4137 sp->pp_rseq[IDX_PAP] = 0; 4138#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4139 callout_handle_init(&sp->ch[IDX_PAP]); 4140 callout_handle_init(&sp->pap_my_to_ch); 4141#endif 4142} 4143 4144static void 4145sppp_pap_open(struct sppp *sp) 4146{ 4147 if (sp->hisauth.proto == PPP_PAP && 4148 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4149 /* we are authenticator for PAP, start our timer */ 4150 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4151 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4152 } 4153 if (sp->myauth.proto == PPP_PAP) { 4154 /* we are peer, send a request, and start a timer */ 4155 pap.scr(sp); 4156 TIMEOUT(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout, 4157 sp->pap_my_to_ch); 4158 } 4159} 4160 4161static void 4162sppp_pap_close(struct sppp *sp) 4163{ 4164 if (sp->state[IDX_PAP] != STATE_CLOSED) 4165 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4166} 4167 4168/* 4169 * That's the timeout routine if we are authenticator. Since the 4170 * authenticator is basically passive in PAP, we can't do much here. 4171 */ 4172static void 4173sppp_pap_TO(void *cookie) 4174{ 4175 struct sppp *sp = (struct sppp *)cookie; 4176 STDDCL; 4177 int s; 4178 4179 s = splimp(); 4180 if (debug) 4181 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4182 SPP_ARGS(ifp), 4183 sppp_state_name(sp->state[IDX_PAP]), 4184 sp->rst_counter[IDX_PAP]); 4185 4186 if (--sp->rst_counter[IDX_PAP] < 0) 4187 /* TO- event */ 4188 switch (sp->state[IDX_PAP]) { 4189 case STATE_REQ_SENT: 4190 pap.tld(sp); 4191 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4192 break; 4193 } 4194 else 4195 /* TO+ event, not very much we could do */ 4196 switch (sp->state[IDX_PAP]) { 4197 case STATE_REQ_SENT: 4198 /* sppp_cp_change_state() will restart the timer */ 4199 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4200 break; 4201 } 4202 4203 splx(s); 4204} 4205 4206/* 4207 * That's the timeout handler if we are peer. Since the peer is active, 4208 * we need to retransmit our PAP request since it is apparently lost. 4209 * XXX We should impose a max counter. 4210 */ 4211static void 4212sppp_pap_my_TO(void *cookie) 4213{ 4214 struct sppp *sp = (struct sppp *)cookie; 4215 STDDCL; 4216 4217 if (debug) 4218 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4219 SPP_ARGS(ifp)); 4220 4221 pap.scr(sp); 4222} 4223 4224static void 4225sppp_pap_tlu(struct sppp *sp) 4226{ 4227 STDDCL; 4228 int x; 4229 4230 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4231 4232 if (debug) 4233 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4234 SPP_ARGS(ifp), pap.name); 4235 4236 x = splimp(); 4237 /* indicate to LCP that we need to be closed down */ 4238 sp->lcp.protos |= (1 << IDX_PAP); 4239 4240 if (sp->pp_flags & PP_NEEDAUTH) { 4241 /* 4242 * Remote is authenticator, but his auth proto didn't 4243 * complete yet. Defer the transition to network 4244 * phase. 4245 */ 4246 splx(x); 4247 return; 4248 } 4249 splx(x); 4250 sppp_phase_network(sp); 4251} 4252 4253static void 4254sppp_pap_tld(struct sppp *sp) 4255{ 4256 STDDCL; 4257 4258 if (debug) 4259 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4260 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 4261 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4262 sp->lcp.protos &= ~(1 << IDX_PAP); 4263 4264 lcp.Close(sp); 4265} 4266 4267static void 4268sppp_pap_scr(struct sppp *sp) 4269{ 4270 u_char idlen, pwdlen; 4271 4272 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4273 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4274 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4275 4276 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4277 sizeof idlen, (const char *)&idlen, 4278 (size_t)idlen, sp->myauth.name, 4279 sizeof pwdlen, (const char *)&pwdlen, 4280 (size_t)pwdlen, sp->myauth.secret, 4281 0); 4282} 4283 4284/* 4285 * Random miscellaneous functions. 4286 */ 4287 4288/* 4289 * Send a PAP or CHAP proto packet. 4290 * 4291 * Varadic function, each of the elements for the ellipsis is of type 4292 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4293 * mlen == 0. 4294 * NOTE: never declare variadic functions with types subject to type 4295 * promotion (i.e. u_char). This is asking for big trouble depending 4296 * on the architecture you are on... 4297 */ 4298 4299static void 4300sppp_auth_send(const struct cp *cp, struct sppp *sp, 4301 unsigned int type, unsigned int id, 4302 ...) 4303{ 4304 STDDCL; 4305 struct ppp_header *h; 4306 struct lcp_header *lh; 4307 struct mbuf *m; 4308 u_char *p; 4309 int len; 4310 unsigned int mlen; 4311 const char *msg; 4312 va_list ap; 4313 4314 MGETHDR (m, M_DONTWAIT, MT_DATA); 4315 if (! m) 4316 return; 4317 m->m_pkthdr.rcvif = 0; 4318 4319 h = mtod (m, struct ppp_header*); 4320 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4321 h->control = PPP_UI; /* Unnumbered Info */ 4322 h->protocol = htons(cp->proto); 4323 4324 lh = (struct lcp_header*)(h + 1); 4325 lh->type = type; 4326 lh->ident = id; 4327 p = (u_char*) (lh+1); 4328 4329 va_start(ap, id); 4330 len = 0; 4331 4332 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4333 msg = va_arg(ap, const char *); 4334 len += mlen; 4335 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4336 va_end(ap); 4337 m_freem(m); 4338 return; 4339 } 4340 4341 bcopy(msg, p, mlen); 4342 p += mlen; 4343 } 4344 va_end(ap); 4345 4346 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4347 lh->len = htons (LCP_HEADER_LEN + len); 4348 4349 if (debug) { 4350 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4351 SPP_ARGS(ifp), cp->name, 4352 sppp_auth_type_name(cp->proto, lh->type), 4353 lh->ident, ntohs(lh->len)); 4354 sppp_print_bytes((u_char*) (lh+1), len); 4355 log(-1, ">\n"); 4356 } 4357 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 4358 ifp->if_oerrors++; 4359} 4360 4361/* 4362 * Flush interface queue. 4363 */ 4364static void 4365sppp_qflush(struct ifqueue *ifq) 4366{ 4367 struct mbuf *m, *n; 4368 4369 n = ifq->ifq_head; 4370 while ((m = n)) { 4371 n = m->m_act; 4372 m_freem (m); 4373 } 4374 ifq->ifq_head = 0; 4375 ifq->ifq_tail = 0; 4376 ifq->ifq_len = 0; 4377} 4378 4379/* 4380 * Send keepalive packets, every 10 seconds. 4381 */ 4382static void 4383sppp_keepalive(void *dummy) 4384{ 4385 struct sppp *sp; 4386 int s; 4387 4388 s = splimp(); 4389 for (sp=spppq; sp; sp=sp->pp_next) { 4390 struct ifnet *ifp = &sp->pp_if; 4391 4392 /* Keepalive mode disabled or channel down? */ 4393 if (! (sp->pp_flags & PP_KEEPALIVE) || 4394 ! (ifp->if_flags & IFF_RUNNING)) 4395 continue; 4396 4397 /* No keepalive in PPP mode if LCP not opened yet. */ 4398 if (sp->pp_mode != IFF_CISCO && 4399 sp->pp_phase < PHASE_AUTHENTICATE) 4400 continue; 4401 4402 if (sp->pp_alivecnt == MAXALIVECNT) { 4403 /* No keepalive packets got. Stop the interface. */ 4404 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4405 if_down (ifp); 4406 sppp_qflush (&sp->pp_cpq); 4407 if (sp->pp_mode != IFF_CISCO) { 4408 /* XXX */ 4409 /* Shut down the PPP link. */ 4410 lcp.Down(sp); 4411 /* Initiate negotiation. XXX */ 4412 lcp.Up(sp); 4413 } 4414 } 4415 if (sp->pp_alivecnt <= MAXALIVECNT) 4416 ++sp->pp_alivecnt; 4417 if (sp->pp_mode == IFF_CISCO) 4418 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4419 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4420 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4421 long nmagic = htonl (sp->lcp.magic); 4422 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4423 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4424 sp->lcp.echoid, 4, &nmagic); 4425 } 4426 } 4427 splx(s); 4428 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 4429} 4430 4431/* 4432 * Get both IP addresses. 4433 */ 4434static void 4435sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4436{ 4437 struct ifnet *ifp = &sp->pp_if; 4438 struct ifaddr *ifa; 4439 struct sockaddr_in *si, *sm; 4440 u_long ssrc, ddst; 4441 4442 sm = NULL; 4443 ssrc = ddst = 0L; 4444 /* 4445 * Pick the first AF_INET address from the list, 4446 * aliases don't make any sense on a p2p link anyway. 4447 */ 4448 si = 0; 4449#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4450 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4451#elif defined(__NetBSD__) || defined (__OpenBSD__) 4452 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4453 ifa; 4454 ifa = TAILQ_NEXT(ifa, ifa_list)) 4455#else 4456 for (ifa = ifp->if_addrlist; 4457 ifa; 4458 ifa = ifa->ifa_next) 4459#endif 4460 if (ifa->ifa_addr->sa_family == AF_INET) { 4461 si = (struct sockaddr_in *)ifa->ifa_addr; 4462 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4463 if (si) 4464 break; 4465 } 4466 if (ifa) { 4467 if (si && si->sin_addr.s_addr) { 4468 ssrc = si->sin_addr.s_addr; 4469 if (srcmask) 4470 *srcmask = ntohl(sm->sin_addr.s_addr); 4471 } 4472 4473 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4474 if (si && si->sin_addr.s_addr) 4475 ddst = si->sin_addr.s_addr; 4476 } 4477 4478 if (dst) *dst = ntohl(ddst); 4479 if (src) *src = ntohl(ssrc); 4480} 4481 4482/* 4483 * Set my IP address. Must be called at splimp. 4484 */ 4485static void 4486sppp_set_ip_addr(struct sppp *sp, u_long src) 4487{ 4488 STDDCL; 4489 struct ifaddr *ifa; 4490 struct sockaddr_in *si; 4491 4492 /* 4493 * Pick the first AF_INET address from the list, 4494 * aliases don't make any sense on a p2p link anyway. 4495 */ 4496 si = 0; 4497#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4498 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4499#elif defined(__NetBSD__) || defined (__OpenBSD__) 4500 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4501 ifa; 4502 ifa = TAILQ_NEXT(ifa, ifa_list)) 4503#else 4504 for (ifa = ifp->if_addrlist; 4505 ifa; 4506 ifa = ifa->ifa_next) 4507#endif 4508 { 4509 if (ifa->ifa_addr->sa_family == AF_INET) 4510 { 4511 si = (struct sockaddr_in *)ifa->ifa_addr; 4512 if (si) 4513 break; 4514 } 4515 } 4516 4517 if (ifa && si) 4518 { 4519 int error; 4520#if __NetBSD_Version__ >= 103080000 4521 struct sockaddr_in new_sin = *si; 4522 4523 new_sin.sin_addr.s_addr = htonl(src); 4524 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4525 if(debug && error) 4526 { 4527 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4528 " failed, error=%d\n", SPP_ARGS(ifp), error); 4529 } 4530#else 4531 /* delete old route */ 4532 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4533 if(debug && error) 4534 { 4535 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4536 SPP_ARGS(ifp), error); 4537 } 4538 4539 /* set new address */ 4540 si->sin_addr.s_addr = htonl(src); 4541 4542 /* add new route */ 4543 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4544 if (debug && error) 4545 { 4546 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4547 SPP_ARGS(ifp), error); 4548 } 4549#endif 4550 } 4551} 4552 4553#ifdef INET6 4554/* 4555 * Get both IPv6 addresses. 4556 */ 4557static void 4558sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4559 struct in6_addr *srcmask) 4560{ 4561 struct ifnet *ifp = &sp->pp_if; 4562 struct ifaddr *ifa; 4563 struct sockaddr_in6 *si, *sm; 4564 struct in6_addr ssrc, ddst; 4565 4566 sm = NULL; 4567 bzero(&ssrc, sizeof(ssrc)); 4568 bzero(&ddst, sizeof(ddst)); 4569 /* 4570 * Pick the first link-local AF_INET6 address from the list, 4571 * aliases don't make any sense on a p2p link anyway. 4572 */ 4573#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4574 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 4575 ifa; 4576 ifa = ifa->ifa_link.tqe_next) 4577#elif defined(__NetBSD__) || defined (__OpenBSD__) 4578 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 4579 ifa; 4580 ifa = ifa->ifa_list.tqe_next) 4581#else 4582 for (ifa = ifp->if_addrlist, si = 0; 4583 ifa; 4584 ifa = ifa->ifa_next) 4585#endif 4586 if (ifa->ifa_addr->sa_family == AF_INET6) { 4587 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4588 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4589 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4590 break; 4591 } 4592 if (ifa) { 4593 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4594 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4595 if (srcmask) { 4596 bcopy(&sm->sin6_addr, srcmask, 4597 sizeof(*srcmask)); 4598 } 4599 } 4600 4601 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4602 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4603 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4604 } 4605 4606 if (dst) 4607 bcopy(&ddst, dst, sizeof(*dst)); 4608 if (src) 4609 bcopy(&ssrc, src, sizeof(*src)); 4610} 4611 4612#ifdef IPV6CP_MYIFID_DYN 4613/* 4614 * Generate random ifid. 4615 */ 4616static void 4617sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4618{ 4619 /* TBD */ 4620} 4621 4622/* 4623 * Set my IPv6 address. Must be called at splimp. 4624 */ 4625static void 4626sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4627{ 4628 STDDCL; 4629 struct ifaddr *ifa; 4630 struct sockaddr_in6 *sin6; 4631 4632 /* 4633 * Pick the first link-local AF_INET6 address from the list, 4634 * aliases don't make any sense on a p2p link anyway. 4635 */ 4636 4637 sin6 = NULL; 4638#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4639 for (ifa = ifp->if_addrhead.tqh_first; 4640 ifa; 4641 ifa = ifa->ifa_link.tqe_next) 4642#elif defined(__NetBSD__) || defined (__OpenBSD__) 4643 for (ifa = ifp->if_addrlist.tqh_first; 4644 ifa; 4645 ifa = ifa->ifa_list.tqe_next) 4646#else 4647 for (ifa = ifp->if_addrlist; ifa; ifa = ifa->ifa_next) 4648#endif 4649 { 4650 if (ifa->ifa_addr->sa_family == AF_INET6) 4651 { 4652 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 4653 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 4654 break; 4655 } 4656 } 4657 4658 if (ifa && sin6) 4659 { 4660 int error; 4661 struct sockaddr_in6 new_sin6 = *sin6; 4662 4663 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 4664 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 4665 if (debug && error) 4666 { 4667 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 4668 " failed, error=%d\n", SPP_ARGS(ifp), error); 4669 } 4670 } 4671} 4672#endif 4673 4674/* 4675 * Suggest a candidate address to be used by peer. 4676 */ 4677static void 4678sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4679{ 4680 struct in6_addr myaddr; 4681 struct timeval tv; 4682 4683 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4684 4685 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4686 microtime(&tv); 4687 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 4688 myaddr.s6_addr[14] ^= 0xff; 4689 myaddr.s6_addr[15] ^= 0xff; 4690 } else { 4691 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 4692 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 4693 } 4694 if (suggest) 4695 bcopy(&myaddr, suggest, sizeof(myaddr)); 4696} 4697#endif /*INET6*/ 4698 4699static int 4700sppp_params(struct sppp *sp, u_long cmd, void *data) 4701{ 4702 u_long subcmd; 4703 struct ifreq *ifr = (struct ifreq *)data; 4704 struct spppreq spr; 4705 4706 /* 4707 * ifr->ifr_data is supposed to point to a struct spppreq. 4708 * Check the cmd word first before attempting to fetch all the 4709 * data. 4710 */ 4711 if ((subcmd = fuword(ifr->ifr_data)) == -1) 4712 return EFAULT; 4713 4714 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0) 4715 return EFAULT; 4716 4717 switch (subcmd) { 4718 case SPPPIOGDEFS: 4719 if (cmd != SIOCGIFGENERIC) 4720 return EINVAL; 4721 /* 4722 * We copy over the entire current state, but clean 4723 * out some of the stuff we don't wanna pass up. 4724 * Remember, SIOCGIFGENERIC is unprotected, and can be 4725 * called by any user. No need to ever get PAP or 4726 * CHAP secrets back to userland anyway. 4727 */ 4728 bcopy(sp, &spr.defs, sizeof(struct sppp)); 4729 bzero(spr.defs.myauth.secret, AUTHKEYLEN); 4730 bzero(spr.defs.myauth.challenge, AUTHKEYLEN); 4731 bzero(spr.defs.hisauth.secret, AUTHKEYLEN); 4732 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN); 4733 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr); 4734 4735 case SPPPIOSDEFS: 4736 if (cmd != SIOCSIFGENERIC) 4737 return EINVAL; 4738 /* 4739 * We have a very specific idea of which fields we allow 4740 * being passed back from userland, so to not clobber our 4741 * current state. For one, we only allow setting 4742 * anything if LCP is in dead phase. Once the LCP 4743 * negotiations started, the authentication settings must 4744 * not be changed again. (The administrator can force an 4745 * ifconfig down in order to get LCP back into dead 4746 * phase.) 4747 * 4748 * Also, we only allow for authentication parameters to be 4749 * specified. 4750 * 4751 * XXX Should allow to set or clear pp_flags. 4752 * 4753 * Finally, if the respective authentication protocol to 4754 * be used is set differently than 0, but the secret is 4755 * passed as all zeros, we don't trash the existing secret. 4756 * This allows an administrator to change the system name 4757 * only without clobbering the secret (which he didn't get 4758 * back in a previous SPPPIOGDEFS call). However, the 4759 * secrets are cleared if the authentication protocol is 4760 * reset to 0. 4761 */ 4762 if (sp->pp_phase != PHASE_DEAD) 4763 return EBUSY; 4764 4765 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP && 4766 spr.defs.myauth.proto != PPP_CHAP) || 4767 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP && 4768 spr.defs.hisauth.proto != PPP_CHAP)) 4769 return EINVAL; 4770 4771 if (spr.defs.myauth.proto == 0) 4772 /* resetting myauth */ 4773 bzero(&sp->myauth, sizeof sp->myauth); 4774 else { 4775 /* setting/changing myauth */ 4776 sp->myauth.proto = spr.defs.myauth.proto; 4777 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 4778 if (spr.defs.myauth.secret[0] != '\0') 4779 bcopy(spr.defs.myauth.secret, sp->myauth.secret, 4780 AUTHKEYLEN); 4781 } 4782 if (spr.defs.hisauth.proto == 0) 4783 /* resetting hisauth */ 4784 bzero(&sp->hisauth, sizeof sp->hisauth); 4785 else { 4786 /* setting/changing hisauth */ 4787 sp->hisauth.proto = spr.defs.hisauth.proto; 4788 sp->hisauth.flags = spr.defs.hisauth.flags; 4789 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 4790 if (spr.defs.hisauth.secret[0] != '\0') 4791 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret, 4792 AUTHKEYLEN); 4793 } 4794 break; 4795 4796 default: 4797 return EINVAL; 4798 } 4799 4800 return 0; 4801} 4802 4803static void 4804sppp_phase_network(struct sppp *sp) 4805{ 4806 STDDCL; 4807 int i; 4808 u_long mask; 4809 4810 sp->pp_phase = PHASE_NETWORK; 4811 4812 if (debug) 4813 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 4814 sppp_phase_name(sp->pp_phase)); 4815 4816 /* Notify NCPs now. */ 4817 for (i = 0; i < IDX_COUNT; i++) 4818 if ((cps[i])->flags & CP_NCP) 4819 (cps[i])->Open(sp); 4820 4821 /* Send Up events to all NCPs. */ 4822 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 4823 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 4824 (cps[i])->Up(sp); 4825 4826 /* if no NCP is starting, all this was in vain, close down */ 4827 sppp_lcp_check_and_close(sp); 4828} 4829 4830 4831static const char * 4832sppp_cp_type_name(u_char type) 4833{ 4834 static char buf[12]; 4835 switch (type) { 4836 case CONF_REQ: return "conf-req"; 4837 case CONF_ACK: return "conf-ack"; 4838 case CONF_NAK: return "conf-nak"; 4839 case CONF_REJ: return "conf-rej"; 4840 case TERM_REQ: return "term-req"; 4841 case TERM_ACK: return "term-ack"; 4842 case CODE_REJ: return "code-rej"; 4843 case PROTO_REJ: return "proto-rej"; 4844 case ECHO_REQ: return "echo-req"; 4845 case ECHO_REPLY: return "echo-reply"; 4846 case DISC_REQ: return "discard-req"; 4847 } 4848 snprintf (buf, sizeof(buf), "cp/0x%x", type); 4849 return buf; 4850} 4851 4852static const char * 4853sppp_auth_type_name(u_short proto, u_char type) 4854{ 4855 static char buf[12]; 4856 switch (proto) { 4857 case PPP_CHAP: 4858 switch (type) { 4859 case CHAP_CHALLENGE: return "challenge"; 4860 case CHAP_RESPONSE: return "response"; 4861 case CHAP_SUCCESS: return "success"; 4862 case CHAP_FAILURE: return "failure"; 4863 } 4864 case PPP_PAP: 4865 switch (type) { 4866 case PAP_REQ: return "req"; 4867 case PAP_ACK: return "ack"; 4868 case PAP_NAK: return "nak"; 4869 } 4870 } 4871 snprintf (buf, sizeof(buf), "auth/0x%x", type); 4872 return buf; 4873} 4874 4875static const char * 4876sppp_lcp_opt_name(u_char opt) 4877{ 4878 static char buf[12]; 4879 switch (opt) { 4880 case LCP_OPT_MRU: return "mru"; 4881 case LCP_OPT_ASYNC_MAP: return "async-map"; 4882 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 4883 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 4884 case LCP_OPT_MAGIC: return "magic"; 4885 case LCP_OPT_PROTO_COMP: return "proto-comp"; 4886 case LCP_OPT_ADDR_COMP: return "addr-comp"; 4887 } 4888 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 4889 return buf; 4890} 4891 4892static const char * 4893sppp_ipcp_opt_name(u_char opt) 4894{ 4895 static char buf[12]; 4896 switch (opt) { 4897 case IPCP_OPT_ADDRESSES: return "addresses"; 4898 case IPCP_OPT_COMPRESSION: return "compression"; 4899 case IPCP_OPT_ADDRESS: return "address"; 4900 } 4901 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 4902 return buf; 4903} 4904 4905#ifdef INET6 4906static const char * 4907sppp_ipv6cp_opt_name(u_char opt) 4908{ 4909 static char buf[12]; 4910 switch (opt) { 4911 case IPV6CP_OPT_IFID: return "ifid"; 4912 case IPV6CP_OPT_COMPRESSION: return "compression"; 4913 } 4914 sprintf (buf, "0x%x", opt); 4915 return buf; 4916} 4917#endif 4918 4919static const char * 4920sppp_state_name(int state) 4921{ 4922 switch (state) { 4923 case STATE_INITIAL: return "initial"; 4924 case STATE_STARTING: return "starting"; 4925 case STATE_CLOSED: return "closed"; 4926 case STATE_STOPPED: return "stopped"; 4927 case STATE_CLOSING: return "closing"; 4928 case STATE_STOPPING: return "stopping"; 4929 case STATE_REQ_SENT: return "req-sent"; 4930 case STATE_ACK_RCVD: return "ack-rcvd"; 4931 case STATE_ACK_SENT: return "ack-sent"; 4932 case STATE_OPENED: return "opened"; 4933 } 4934 return "illegal"; 4935} 4936 4937static const char * 4938sppp_phase_name(enum ppp_phase phase) 4939{ 4940 switch (phase) { 4941 case PHASE_DEAD: return "dead"; 4942 case PHASE_ESTABLISH: return "establish"; 4943 case PHASE_TERMINATE: return "terminate"; 4944 case PHASE_AUTHENTICATE: return "authenticate"; 4945 case PHASE_NETWORK: return "network"; 4946 } 4947 return "illegal"; 4948} 4949 4950static const char * 4951sppp_proto_name(u_short proto) 4952{ 4953 static char buf[12]; 4954 switch (proto) { 4955 case PPP_LCP: return "lcp"; 4956 case PPP_IPCP: return "ipcp"; 4957 case PPP_PAP: return "pap"; 4958 case PPP_CHAP: return "chap"; 4959 case PPP_IPV6CP: return "ipv6cp"; 4960 } 4961 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 4962 return buf; 4963} 4964 4965static void 4966sppp_print_bytes(const u_char *p, u_short len) 4967{ 4968 if (len) 4969 log(-1, " %*D", len, p, "-"); 4970} 4971 4972static void 4973sppp_print_string(const char *p, u_short len) 4974{ 4975 u_char c; 4976 4977 while (len-- > 0) { 4978 c = *p++; 4979 /* 4980 * Print only ASCII chars directly. RFC 1994 recommends 4981 * using only them, but we don't rely on it. */ 4982 if (c < ' ' || c > '~') 4983 log(-1, "\\x%x", c); 4984 else 4985 log(-1, "%c", c); 4986 } 4987} 4988 4989static const char * 4990sppp_dotted_quad(u_long addr) 4991{ 4992 static char s[16]; 4993 sprintf(s, "%d.%d.%d.%d", 4994 (int)((addr >> 24) & 0xff), 4995 (int)((addr >> 16) & 0xff), 4996 (int)((addr >> 8) & 0xff), 4997 (int)(addr & 0xff)); 4998 return s; 4999} 5000 5001static int 5002sppp_strnlen(u_char *p, int max) 5003{ 5004 int len; 5005 5006 for (len = 0; len < max && *p; ++p) 5007 ++len; 5008 return len; 5009} 5010 5011/* a dummy, used to drop uninteresting events */ 5012static void 5013sppp_null(struct sppp *unused) 5014{ 5015 /* do just nothing */ 5016} 5017