if_spppsubr.c revision 84318
1/* 2 * Synchronous PPP/Cisco link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 * 5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6 * Author: Serge Vakulenko, <vak@cronyx.ru> 7 * 8 * Heavily revamped to conform to RFC 1661. 9 * Copyright (C) 1997, Joerg Wunsch. 10 * 11 * This software is distributed with NO WARRANTIES, not even the implied 12 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13 * 14 * Authors grant any other persons or organisations permission to use 15 * or modify this software as long as this message is kept with the software, 16 * all derivative works or modified versions. 17 * 18 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 19 * 20 * $FreeBSD: head/sys/net/if_spppsubr.c 84318 2001-10-01 18:14:49Z jlemon $ 21 */ 22 23#include <sys/param.h> 24 25#if defined(__FreeBSD__) && __FreeBSD__ >= 3 26#include "opt_inet.h" 27#include "opt_inet6.h" 28#include "opt_ipx.h" 29#endif 30 31#ifdef NetBSD1_3 32# if NetBSD1_3 > 6 33# include "opt_inet.h" 34# include "opt_inet6.h" 35# include "opt_iso.h" 36# endif 37#endif 38 39#include <sys/systm.h> 40#include <sys/kernel.h> 41#include <sys/module.h> 42#include <sys/sockio.h> 43#include <sys/socket.h> 44#include <sys/syslog.h> 45#if defined(__FreeBSD__) && __FreeBSD__ >= 3 46#include <sys/random.h> 47#endif 48#include <sys/malloc.h> 49#include <sys/mbuf.h> 50 51#if defined (__OpenBSD__) 52#include <sys/md5k.h> 53#else 54#include <sys/md5.h> 55#endif 56 57#include <net/if.h> 58#include <net/netisr.h> 59#include <net/if_types.h> 60#include <net/route.h> 61 62#if defined (__NetBSD__) || defined (__OpenBSD__) 63#include <machine/cpu.h> /* XXX for softnet */ 64#endif 65 66#include <machine/stdarg.h> 67 68#ifdef INET 69#include <netinet/in.h> 70#include <netinet/in_systm.h> 71#include <netinet/in_var.h> 72#include <netinet/ip.h> 73#include <netinet/tcp.h> 74# if defined (__FreeBSD__) || defined (__OpenBSD__) 75# include <netinet/if_ether.h> 76# else 77# include <net/ethertypes.h> 78# endif 79#else 80# error Huh? sppp without INET? 81#endif 82 83#ifdef IPX 84#include <netipx/ipx.h> 85#include <netipx/ipx_if.h> 86#endif 87 88#ifdef NS 89#include <netns/ns.h> 90#include <netns/ns_if.h> 91#endif 92 93#include <net/if_sppp.h> 94 95#if defined(__FreeBSD__) && __FreeBSD__ >= 3 96# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg, handle) 97# define TIMEOUT(fun, arg1, arg2, handle) handle = timeout(fun, arg1, arg2) 98# define IOCTL_CMD_T u_long 99#else 100# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg) 101# define TIMEOUT(fun, arg1, arg2, handle) timeout(fun, arg1, arg2) 102# define IOCTL_CMD_T int 103#endif 104 105#define MAXALIVECNT 3 /* max. alive packets */ 106 107/* 108 * Interface flags that can be set in an ifconfig command. 109 * 110 * Setting link0 will make the link passive, i.e. it will be marked 111 * as being administrative openable, but won't be opened to begin 112 * with. Incoming calls will be answered, or subsequent calls with 113 * -link1 will cause the administrative open of the LCP layer. 114 * 115 * Setting link1 will cause the link to auto-dial only as packets 116 * arrive to be sent. 117 * 118 * Setting IFF_DEBUG will syslog the option negotiation and state 119 * transitions at level kern.debug. Note: all logs consistently look 120 * like 121 * 122 * <if-name><unit>: <proto-name> <additional info...> 123 * 124 * with <if-name><unit> being something like "bppp0", and <proto-name> 125 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 126 */ 127 128#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 129#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 130#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 131 132#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 133#define PPP_UI 0x03 /* Unnumbered Information */ 134#define PPP_IP 0x0021 /* Internet Protocol */ 135#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 136#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 137#define PPP_IPX 0x002b /* Novell IPX Protocol */ 138#define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 139#define PPP_LCP 0xc021 /* Link Control Protocol */ 140#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 141#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 142#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 143#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 144 145#define CONF_REQ 1 /* PPP configure request */ 146#define CONF_ACK 2 /* PPP configure acknowledge */ 147#define CONF_NAK 3 /* PPP configure negative ack */ 148#define CONF_REJ 4 /* PPP configure reject */ 149#define TERM_REQ 5 /* PPP terminate request */ 150#define TERM_ACK 6 /* PPP terminate acknowledge */ 151#define CODE_REJ 7 /* PPP code reject */ 152#define PROTO_REJ 8 /* PPP protocol reject */ 153#define ECHO_REQ 9 /* PPP echo request */ 154#define ECHO_REPLY 10 /* PPP echo reply */ 155#define DISC_REQ 11 /* PPP discard request */ 156 157#define LCP_OPT_MRU 1 /* maximum receive unit */ 158#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 159#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 160#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 161#define LCP_OPT_MAGIC 5 /* magic number */ 162#define LCP_OPT_RESERVED 6 /* reserved */ 163#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 164#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 165 166#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 167#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 168#define IPCP_OPT_ADDRESS 3 /* local IP address */ 169 170#define IPV6CP_OPT_IFID 1 /* interface identifier */ 171#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 172 173#define PAP_REQ 1 /* PAP name/password request */ 174#define PAP_ACK 2 /* PAP acknowledge */ 175#define PAP_NAK 3 /* PAP fail */ 176 177#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 178#define CHAP_RESPONSE 2 /* CHAP challenge response */ 179#define CHAP_SUCCESS 3 /* CHAP response ok */ 180#define CHAP_FAILURE 4 /* CHAP response failed */ 181 182#define CHAP_MD5 5 /* hash algorithm - MD5 */ 183 184#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 185#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 186#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 187#define CISCO_ADDR_REQ 0 /* Cisco address request */ 188#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 189#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 190 191/* states are named and numbered according to RFC 1661 */ 192#define STATE_INITIAL 0 193#define STATE_STARTING 1 194#define STATE_CLOSED 2 195#define STATE_STOPPED 3 196#define STATE_CLOSING 4 197#define STATE_STOPPING 5 198#define STATE_REQ_SENT 6 199#define STATE_ACK_RCVD 7 200#define STATE_ACK_SENT 8 201#define STATE_OPENED 9 202 203struct ppp_header { 204 u_char address; 205 u_char control; 206 u_short protocol; 207}; 208#define PPP_HEADER_LEN sizeof (struct ppp_header) 209 210struct lcp_header { 211 u_char type; 212 u_char ident; 213 u_short len; 214}; 215#define LCP_HEADER_LEN sizeof (struct lcp_header) 216 217struct cisco_packet { 218 u_long type; 219 u_long par1; 220 u_long par2; 221 u_short rel; 222 u_short time0; 223 u_short time1; 224}; 225#define CISCO_PACKET_LEN 18 226 227/* 228 * We follow the spelling and capitalization of RFC 1661 here, to make 229 * it easier comparing with the standard. Please refer to this RFC in 230 * case you can't make sense out of these abbreviation; it will also 231 * explain the semantics related to the various events and actions. 232 */ 233struct cp { 234 u_short proto; /* PPP control protocol number */ 235 u_char protoidx; /* index into state table in struct sppp */ 236 u_char flags; 237#define CP_LCP 0x01 /* this is the LCP */ 238#define CP_AUTH 0x02 /* this is an authentication protocol */ 239#define CP_NCP 0x04 /* this is a NCP */ 240#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 241 const char *name; /* name of this control protocol */ 242 /* event handlers */ 243 void (*Up)(struct sppp *sp); 244 void (*Down)(struct sppp *sp); 245 void (*Open)(struct sppp *sp); 246 void (*Close)(struct sppp *sp); 247 void (*TO)(void *sp); 248 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 249 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 250 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 251 /* actions */ 252 void (*tlu)(struct sppp *sp); 253 void (*tld)(struct sppp *sp); 254 void (*tls)(struct sppp *sp); 255 void (*tlf)(struct sppp *sp); 256 void (*scr)(struct sppp *sp); 257}; 258 259static struct sppp *spppq; 260#if defined(__FreeBSD__) && __FreeBSD__ >= 3 261static struct callout_handle keepalive_ch; 262#endif 263 264#if defined(__FreeBSD__) && __FreeBSD__ >= 3 265#define SPP_FMT "%s%d: " 266#define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 267#else 268#define SPP_FMT "%s: " 269#define SPP_ARGS(ifp) (ifp)->if_xname 270#endif 271 272/* 273 * The following disgusting hack gets around the problem that IP TOS 274 * can't be set yet. We want to put "interactive" traffic on a high 275 * priority queue. To decide if traffic is interactive, we check that 276 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 277 * 278 * XXX is this really still necessary? - joerg - 279 */ 280static u_short interactive_ports[8] = { 281 0, 513, 0, 0, 282 0, 21, 0, 23, 283}; 284#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 285 286/* almost every function needs these */ 287#define STDDCL \ 288 struct ifnet *ifp = &sp->pp_if; \ 289 int debug = ifp->if_flags & IFF_DEBUG 290 291static int sppp_output(struct ifnet *ifp, struct mbuf *m, 292 struct sockaddr *dst, struct rtentry *rt); 293 294static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 295static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 296 297static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 298 struct mbuf *m); 299static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 300 u_char ident, u_short len, void *data); 301/* static void sppp_cp_timeout(void *arg); */ 302static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 303 int newstate); 304static void sppp_auth_send(const struct cp *cp, 305 struct sppp *sp, unsigned int type, unsigned int id, 306 ...); 307 308static void sppp_up_event(const struct cp *cp, struct sppp *sp); 309static void sppp_down_event(const struct cp *cp, struct sppp *sp); 310static void sppp_open_event(const struct cp *cp, struct sppp *sp); 311static void sppp_close_event(const struct cp *cp, struct sppp *sp); 312static void sppp_to_event(const struct cp *cp, struct sppp *sp); 313 314static void sppp_null(struct sppp *sp); 315 316static void sppp_lcp_init(struct sppp *sp); 317static void sppp_lcp_up(struct sppp *sp); 318static void sppp_lcp_down(struct sppp *sp); 319static void sppp_lcp_open(struct sppp *sp); 320static void sppp_lcp_close(struct sppp *sp); 321static void sppp_lcp_TO(void *sp); 322static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 323static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 324static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 325static void sppp_lcp_tlu(struct sppp *sp); 326static void sppp_lcp_tld(struct sppp *sp); 327static void sppp_lcp_tls(struct sppp *sp); 328static void sppp_lcp_tlf(struct sppp *sp); 329static void sppp_lcp_scr(struct sppp *sp); 330static void sppp_lcp_check_and_close(struct sppp *sp); 331static int sppp_ncp_check(struct sppp *sp); 332 333static void sppp_ipcp_init(struct sppp *sp); 334static void sppp_ipcp_up(struct sppp *sp); 335static void sppp_ipcp_down(struct sppp *sp); 336static void sppp_ipcp_open(struct sppp *sp); 337static void sppp_ipcp_close(struct sppp *sp); 338static void sppp_ipcp_TO(void *sp); 339static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 340static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 341static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 342static void sppp_ipcp_tlu(struct sppp *sp); 343static void sppp_ipcp_tld(struct sppp *sp); 344static void sppp_ipcp_tls(struct sppp *sp); 345static void sppp_ipcp_tlf(struct sppp *sp); 346static void sppp_ipcp_scr(struct sppp *sp); 347 348static void sppp_ipv6cp_init(struct sppp *sp); 349static void sppp_ipv6cp_up(struct sppp *sp); 350static void sppp_ipv6cp_down(struct sppp *sp); 351static void sppp_ipv6cp_open(struct sppp *sp); 352static void sppp_ipv6cp_close(struct sppp *sp); 353static void sppp_ipv6cp_TO(void *sp); 354static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 355static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 356static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 357static void sppp_ipv6cp_tlu(struct sppp *sp); 358static void sppp_ipv6cp_tld(struct sppp *sp); 359static void sppp_ipv6cp_tls(struct sppp *sp); 360static void sppp_ipv6cp_tlf(struct sppp *sp); 361static void sppp_ipv6cp_scr(struct sppp *sp); 362 363static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 364static void sppp_pap_init(struct sppp *sp); 365static void sppp_pap_open(struct sppp *sp); 366static void sppp_pap_close(struct sppp *sp); 367static void sppp_pap_TO(void *sp); 368static void sppp_pap_my_TO(void *sp); 369static void sppp_pap_tlu(struct sppp *sp); 370static void sppp_pap_tld(struct sppp *sp); 371static void sppp_pap_scr(struct sppp *sp); 372 373static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 374static void sppp_chap_init(struct sppp *sp); 375static void sppp_chap_open(struct sppp *sp); 376static void sppp_chap_close(struct sppp *sp); 377static void sppp_chap_TO(void *sp); 378static void sppp_chap_tlu(struct sppp *sp); 379static void sppp_chap_tld(struct sppp *sp); 380static void sppp_chap_scr(struct sppp *sp); 381 382static const char *sppp_auth_type_name(u_short proto, u_char type); 383static const char *sppp_cp_type_name(u_char type); 384static const char *sppp_dotted_quad(u_long addr); 385static const char *sppp_ipcp_opt_name(u_char opt); 386#ifdef INET6 387static const char *sppp_ipv6cp_opt_name(u_char opt); 388#endif 389static const char *sppp_lcp_opt_name(u_char opt); 390static const char *sppp_phase_name(enum ppp_phase phase); 391static const char *sppp_proto_name(u_short proto); 392static const char *sppp_state_name(int state); 393static int sppp_params(struct sppp *sp, u_long cmd, void *data); 394static int sppp_strnlen(u_char *p, int max); 395static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 396 u_long *srcmask); 397static void sppp_keepalive(void *dummy); 398static void sppp_phase_network(struct sppp *sp); 399static void sppp_print_bytes(const u_char *p, u_short len); 400static void sppp_print_string(const char *p, u_short len); 401static void sppp_qflush(struct ifqueue *ifq); 402static void sppp_set_ip_addr(struct sppp *sp, u_long src); 403#ifdef INET6 404static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 405 struct in6_addr *dst, struct in6_addr *srcmask); 406#ifdef IPV6CP_MYIFID_DYN 407static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 408static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 409#endif 410static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 411#endif 412 413/* our control protocol descriptors */ 414static const struct cp lcp = { 415 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 416 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 417 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 418 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 419 sppp_lcp_scr 420}; 421 422static const struct cp ipcp = { 423 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp", 424 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 425 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 426 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 427 sppp_ipcp_scr 428}; 429 430static const struct cp ipv6cp = { 431 PPP_IPV6CP, IDX_IPV6CP, 432#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 433 CP_NCP, 434#else 435 0, 436#endif 437 "ipv6cp", 438 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 439 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 440 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 441 sppp_ipv6cp_scr 442}; 443 444static const struct cp pap = { 445 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 446 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 447 sppp_pap_TO, 0, 0, 0, 448 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 449 sppp_pap_scr 450}; 451 452static const struct cp chap = { 453 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 454 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 455 sppp_chap_TO, 0, 0, 0, 456 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 457 sppp_chap_scr 458}; 459 460static const struct cp *cps[IDX_COUNT] = { 461 &lcp, /* IDX_LCP */ 462 &ipcp, /* IDX_IPCP */ 463 &ipv6cp, /* IDX_IPV6CP */ 464 &pap, /* IDX_PAP */ 465 &chap, /* IDX_CHAP */ 466}; 467 468static int 469sppp_modevent(module_t mod, int type, void *unused) 470{ 471 switch (type) { 472 case MOD_LOAD: 473 break; 474 case MOD_UNLOAD: 475 return EACCES; 476 break; 477 default: 478 break; 479 } 480 return 0; 481} 482static moduledata_t spppmod = { 483 "sppp", 484 sppp_modevent, 485 0 486}; 487MODULE_VERSION(sppp, 1); 488DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 489 490/* 491 * Exported functions, comprising our interface to the lower layer. 492 */ 493 494/* 495 * Process the received packet. 496 */ 497void 498sppp_input(struct ifnet *ifp, struct mbuf *m) 499{ 500 struct ppp_header *h; 501 struct ifqueue *inq = 0; 502 struct sppp *sp = (struct sppp *)ifp; 503 int debug = ifp->if_flags & IFF_DEBUG; 504 505 if (ifp->if_flags & IFF_UP) 506 /* Count received bytes, add FCS and one flag */ 507 ifp->if_ibytes += m->m_pkthdr.len + 3; 508 509 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 510 /* Too small packet, drop it. */ 511 if (debug) 512 log(LOG_DEBUG, 513 SPP_FMT "input packet is too small, %d bytes\n", 514 SPP_ARGS(ifp), m->m_pkthdr.len); 515 drop: 516 ++ifp->if_ierrors; 517 ++ifp->if_iqdrops; 518 m_freem (m); 519 return; 520 } 521 522 /* Get PPP header. */ 523 h = mtod (m, struct ppp_header*); 524 m_adj (m, PPP_HEADER_LEN); 525 526 switch (h->address) { 527 case PPP_ALLSTATIONS: 528 if (h->control != PPP_UI) 529 goto invalid; 530 if (sp->pp_mode == IFF_CISCO) { 531 if (debug) 532 log(LOG_DEBUG, 533 SPP_FMT "PPP packet in Cisco mode " 534 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 535 SPP_ARGS(ifp), 536 h->address, h->control, ntohs(h->protocol)); 537 goto drop; 538 } 539 switch (ntohs (h->protocol)) { 540 default: 541 if (debug) 542 log(LOG_DEBUG, 543 SPP_FMT "rejecting protocol " 544 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 545 SPP_ARGS(ifp), 546 h->address, h->control, ntohs(h->protocol)); 547 if (sp->state[IDX_LCP] == STATE_OPENED) 548 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 549 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 550 &h->protocol); 551 ++ifp->if_noproto; 552 goto drop; 553 case PPP_LCP: 554 sppp_cp_input(&lcp, sp, m); 555 m_freem (m); 556 return; 557 case PPP_PAP: 558 if (sp->pp_phase >= PHASE_AUTHENTICATE) 559 sppp_pap_input(sp, m); 560 m_freem (m); 561 return; 562 case PPP_CHAP: 563 if (sp->pp_phase >= PHASE_AUTHENTICATE) 564 sppp_chap_input(sp, m); 565 m_freem (m); 566 return; 567#ifdef INET 568 case PPP_IPCP: 569 if (sp->pp_phase == PHASE_NETWORK) 570 sppp_cp_input(&ipcp, sp, m); 571 m_freem (m); 572 return; 573 case PPP_IP: 574 if (sp->state[IDX_IPCP] == STATE_OPENED) { 575 schednetisr (NETISR_IP); 576 inq = &ipintrq; 577 } 578 break; 579#endif 580#ifdef INET6 581 case PPP_IPV6CP: 582 if (sp->pp_phase == PHASE_NETWORK) 583 sppp_cp_input(&ipv6cp, sp, m); 584 m_freem (m); 585 return; 586 587 case PPP_IPV6: 588 if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 589 schednetisr (NETISR_IPV6); 590 inq = &ip6intrq; 591 } 592 break; 593#endif 594#ifdef IPX 595 case PPP_IPX: 596 /* IPX IPXCP not implemented yet */ 597 if (sp->pp_phase == PHASE_NETWORK) { 598 schednetisr (NETISR_IPX); 599 inq = &ipxintrq; 600 } 601 break; 602#endif 603#ifdef NS 604 case PPP_XNS: 605 /* XNS IDPCP not implemented yet */ 606 if (sp->pp_phase == PHASE_NETWORK) { 607 schednetisr (NETISR_NS); 608 inq = &nsintrq; 609 } 610 break; 611#endif 612 } 613 break; 614 case CISCO_MULTICAST: 615 case CISCO_UNICAST: 616 /* Don't check the control field here (RFC 1547). */ 617 if (sp->pp_mode != IFF_CISCO) { 618 if (debug) 619 log(LOG_DEBUG, 620 SPP_FMT "Cisco packet in PPP mode " 621 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 622 SPP_ARGS(ifp), 623 h->address, h->control, ntohs(h->protocol)); 624 goto drop; 625 } 626 switch (ntohs (h->protocol)) { 627 default: 628 ++ifp->if_noproto; 629 goto invalid; 630 case CISCO_KEEPALIVE: 631 sppp_cisco_input ((struct sppp*) ifp, m); 632 m_freem (m); 633 return; 634#ifdef INET 635 case ETHERTYPE_IP: 636 schednetisr (NETISR_IP); 637 inq = &ipintrq; 638 break; 639#endif 640#ifdef INET6 641 case ETHERTYPE_IPV6: 642 schednetisr (NETISR_IPV6); 643 inq = &ip6intrq; 644 break; 645#endif 646#ifdef IPX 647 case ETHERTYPE_IPX: 648 schednetisr (NETISR_IPX); 649 inq = &ipxintrq; 650 break; 651#endif 652#ifdef NS 653 case ETHERTYPE_NS: 654 schednetisr (NETISR_NS); 655 inq = &nsintrq; 656 break; 657#endif 658 } 659 break; 660 default: /* Invalid PPP packet. */ 661 invalid: 662 if (debug) 663 log(LOG_DEBUG, 664 SPP_FMT "invalid input packet " 665 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 666 SPP_ARGS(ifp), 667 h->address, h->control, ntohs(h->protocol)); 668 goto drop; 669 } 670 671 if (! (ifp->if_flags & IFF_UP) || ! inq) 672 goto drop; 673 674 /* Check queue. */ 675 if (! IF_HANDOFF(inq, m, NULL)) { 676 if (debug) 677 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 678 SPP_ARGS(ifp)); 679 goto drop; 680 } 681} 682 683/* 684 * Enqueue transmit packet. 685 */ 686static int 687sppp_output(struct ifnet *ifp, struct mbuf *m, 688 struct sockaddr *dst, struct rtentry *rt) 689{ 690 struct sppp *sp = (struct sppp*) ifp; 691 struct ppp_header *h; 692 struct ifqueue *ifq = NULL; 693 int s, rv = 0; 694 int debug = ifp->if_flags & IFF_DEBUG; 695 696 s = splimp(); 697 698 if ((ifp->if_flags & IFF_UP) == 0 || 699 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 700 m_freem (m); 701 splx (s); 702 return (ENETDOWN); 703 } 704 705 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 706 /* 707 * Interface is not yet running, but auto-dial. Need 708 * to start LCP for it. 709 */ 710 ifp->if_flags |= IFF_RUNNING; 711 splx(s); 712 lcp.Open(sp); 713 s = splimp(); 714 } 715 716 ifq = &ifp->if_snd; 717#ifdef INET 718 if (dst->sa_family == AF_INET) { 719 /* XXX Check mbuf length here? */ 720 struct ip *ip = mtod (m, struct ip*); 721 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 722 723 /* 724 * When using dynamic local IP address assignment by using 725 * 0.0.0.0 as a local address, the first TCP session will 726 * not connect because the local TCP checksum is computed 727 * using 0.0.0.0 which will later become our real IP address 728 * so the TCP checksum computed at the remote end will 729 * become invalid. So we 730 * - don't let packets with src ip addr 0 thru 731 * - we flag TCP packets with src ip 0 as an error 732 */ 733 734 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 735 { 736 m_freem(m); 737 splx(s); 738 if(ip->ip_p == IPPROTO_TCP) 739 return(EADDRNOTAVAIL); 740 else 741 return(0); 742 } 743 744 /* 745 * Put low delay, telnet, rlogin and ftp control packets 746 * in front of the queue. 747 */ 748 if (_IF_QFULL(&sp->pp_fastq)) 749 ; 750 else if (ip->ip_tos & IPTOS_LOWDELAY) 751 ifq = &sp->pp_fastq; 752 else if (m->m_len < sizeof *ip + sizeof *tcp) 753 ; 754 else if (ip->ip_p != IPPROTO_TCP) 755 ; 756 else if (INTERACTIVE (ntohs (tcp->th_sport))) 757 ifq = &sp->pp_fastq; 758 else if (INTERACTIVE (ntohs (tcp->th_dport))) 759 ifq = &sp->pp_fastq; 760 } 761#endif 762 763#ifdef INET6 764 if (dst->sa_family == AF_INET6) { 765 /* XXX do something tricky here? */ 766 } 767#endif 768 769 /* 770 * Prepend general data packet PPP header. For now, IP only. 771 */ 772 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 773 if (! m) { 774 if (debug) 775 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 776 SPP_ARGS(ifp)); 777 ++ifp->if_oerrors; 778 splx (s); 779 return (ENOBUFS); 780 } 781 /* 782 * May want to check size of packet 783 * (albeit due to the implementation it's always enough) 784 */ 785 h = mtod (m, struct ppp_header*); 786 if (sp->pp_mode == IFF_CISCO) { 787 h->address = CISCO_UNICAST; /* unicast address */ 788 h->control = 0; 789 } else { 790 h->address = PPP_ALLSTATIONS; /* broadcast address */ 791 h->control = PPP_UI; /* Unnumbered Info */ 792 } 793 794 switch (dst->sa_family) { 795#ifdef INET 796 case AF_INET: /* Internet Protocol */ 797 if (sp->pp_mode == IFF_CISCO) 798 h->protocol = htons (ETHERTYPE_IP); 799 else { 800 /* 801 * Don't choke with an ENETDOWN early. It's 802 * possible that we just started dialing out, 803 * so don't drop the packet immediately. If 804 * we notice that we run out of buffer space 805 * below, we will however remember that we are 806 * not ready to carry IP packets, and return 807 * ENETDOWN, as opposed to ENOBUFS. 808 */ 809 h->protocol = htons(PPP_IP); 810 if (sp->state[IDX_IPCP] != STATE_OPENED) 811 rv = ENETDOWN; 812 } 813 break; 814#endif 815#ifdef INET6 816 case AF_INET6: /* Internet Protocol */ 817 if (sp->pp_mode == IFF_CISCO) 818 h->protocol = htons (ETHERTYPE_IPV6); 819 else { 820 /* 821 * Don't choke with an ENETDOWN early. It's 822 * possible that we just started dialing out, 823 * so don't drop the packet immediately. If 824 * we notice that we run out of buffer space 825 * below, we will however remember that we are 826 * not ready to carry IP packets, and return 827 * ENETDOWN, as opposed to ENOBUFS. 828 */ 829 h->protocol = htons(PPP_IPV6); 830 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 831 rv = ENETDOWN; 832 } 833 break; 834#endif 835#ifdef NS 836 case AF_NS: /* Xerox NS Protocol */ 837 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 838 ETHERTYPE_NS : PPP_XNS); 839 break; 840#endif 841#ifdef IPX 842 case AF_IPX: /* Novell IPX Protocol */ 843 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 844 ETHERTYPE_IPX : PPP_IPX); 845 break; 846#endif 847 default: 848 m_freem (m); 849 ++ifp->if_oerrors; 850 splx (s); 851 return (EAFNOSUPPORT); 852 } 853 854 /* 855 * Queue message on interface, and start output if interface 856 * not yet active. Also adjust output byte count. 857 * The packet length includes header, FCS and 1 flag, 858 * according to RFC 1333. 859 */ 860 if (! IF_HANDOFF_ADJ(ifq, m, ifp, 3)) { 861 ++ifp->if_oerrors; 862 return (rv? rv: ENOBUFS); 863 } 864 return (0); 865} 866 867void 868sppp_attach(struct ifnet *ifp) 869{ 870 struct sppp *sp = (struct sppp*) ifp; 871 872 /* Initialize keepalive handler. */ 873 if (! spppq) 874 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 875 876 /* Insert new entry into the keepalive list. */ 877 sp->pp_next = spppq; 878 spppq = sp; 879 880 sp->pp_if.if_mtu = PP_MTU; 881 sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 882 sp->pp_if.if_type = IFT_PPP; 883 sp->pp_if.if_output = sppp_output; 884#if 0 885 sp->pp_flags = PP_KEEPALIVE; 886#endif 887 sp->pp_if.if_snd.ifq_maxlen = 32; 888 sp->pp_fastq.ifq_maxlen = 32; 889 sp->pp_cpq.ifq_maxlen = 20; 890 sp->pp_loopcnt = 0; 891 sp->pp_alivecnt = 0; 892 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 893 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 894 sp->pp_phase = PHASE_DEAD; 895 sp->pp_up = lcp.Up; 896 sp->pp_down = lcp.Down; 897 mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", MTX_DEF); 898 mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", MTX_DEF); 899 900 sppp_lcp_init(sp); 901 sppp_ipcp_init(sp); 902 sppp_ipv6cp_init(sp); 903 sppp_pap_init(sp); 904 sppp_chap_init(sp); 905} 906 907void 908sppp_detach(struct ifnet *ifp) 909{ 910 struct sppp **q, *p, *sp = (struct sppp*) ifp; 911 int i; 912 913 /* Remove the entry from the keepalive list. */ 914 for (q = &spppq; (p = *q); q = &p->pp_next) 915 if (p == sp) { 916 *q = p->pp_next; 917 break; 918 } 919 920 /* Stop keepalive handler. */ 921 if (! spppq) 922 UNTIMEOUT(sppp_keepalive, 0, keepalive_ch); 923 924 for (i = 0; i < IDX_COUNT; i++) 925 UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]); 926 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 927 mtx_destroy(&sp->pp_cpq.ifq_mtx); 928 mtx_destroy(&sp->pp_fastq.ifq_mtx); 929} 930 931/* 932 * Flush the interface output queue. 933 */ 934void 935sppp_flush(struct ifnet *ifp) 936{ 937 struct sppp *sp = (struct sppp*) ifp; 938 939 sppp_qflush (&sp->pp_if.if_snd); 940 sppp_qflush (&sp->pp_fastq); 941 sppp_qflush (&sp->pp_cpq); 942} 943 944/* 945 * Check if the output queue is empty. 946 */ 947int 948sppp_isempty(struct ifnet *ifp) 949{ 950 struct sppp *sp = (struct sppp*) ifp; 951 int empty, s; 952 953 s = splimp(); 954 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 955 !sp->pp_if.if_snd.ifq_head; 956 splx(s); 957 return (empty); 958} 959 960/* 961 * Get next packet to send. 962 */ 963struct mbuf * 964sppp_dequeue(struct ifnet *ifp) 965{ 966 struct sppp *sp = (struct sppp*) ifp; 967 struct mbuf *m; 968 int s; 969 970 s = splimp(); 971 /* 972 * Process only the control protocol queue until we have at 973 * least one NCP open. 974 * 975 * Do always serve all three queues in Cisco mode. 976 */ 977 IF_DEQUEUE(&sp->pp_cpq, m); 978 if (m == NULL && 979 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO)) { 980 IF_DEQUEUE(&sp->pp_fastq, m); 981 if (m == NULL) 982 IF_DEQUEUE (&sp->pp_if.if_snd, m); 983 } 984 splx(s); 985 return m; 986} 987 988/* 989 * Pick the next packet, do not remove it from the queue. 990 */ 991struct mbuf * 992sppp_pick(struct ifnet *ifp) 993{ 994 struct sppp *sp = (struct sppp*)ifp; 995 struct mbuf *m; 996 int s; 997 998 s= splimp (); 999 1000 m = sp->pp_cpq.ifq_head; 1001 if (m == NULL && 1002 (sp->pp_phase == PHASE_NETWORK || sp->pp_mode == IFF_CISCO)) 1003 if ((m = sp->pp_fastq.ifq_head) == NULL) 1004 m = sp->pp_if.if_snd.ifq_head; 1005 splx (s); 1006 return (m); 1007} 1008 1009/* 1010 * Process an ioctl request. Called on low priority level. 1011 */ 1012int 1013sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1014{ 1015 struct ifreq *ifr = (struct ifreq*) data; 1016 struct sppp *sp = (struct sppp*) ifp; 1017 int s, rv, going_up, going_down, newmode; 1018 1019 s = splimp(); 1020 rv = 0; 1021 switch (cmd) { 1022 case SIOCAIFADDR: 1023 case SIOCSIFDSTADDR: 1024 break; 1025 1026 case SIOCSIFADDR: 1027 if_up(ifp); 1028 /* fall through... */ 1029 1030 case SIOCSIFFLAGS: 1031 going_up = ifp->if_flags & IFF_UP && 1032 (ifp->if_flags & IFF_RUNNING) == 0; 1033 going_down = (ifp->if_flags & IFF_UP) == 0 && 1034 ifp->if_flags & IFF_RUNNING; 1035 1036 newmode = ifp->if_flags & IFF_PASSIVE; 1037 if (!newmode) 1038 newmode = ifp->if_flags & IFF_AUTO; 1039 if (!newmode) 1040 newmode = ifp->if_flags & IFF_CISCO; 1041 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1042 ifp->if_flags |= newmode; 1043 1044 if (newmode != sp->pp_mode) { 1045 going_down = 1; 1046 if (!going_up) 1047 going_up = ifp->if_flags & IFF_RUNNING; 1048 } 1049 1050 if (going_down) { 1051 if (sp->pp_mode != IFF_CISCO) 1052 lcp.Close(sp); 1053 else if (sp->pp_tlf) 1054 (sp->pp_tlf)(sp); 1055 sppp_flush(ifp); 1056 ifp->if_flags &= ~IFF_RUNNING; 1057 sp->pp_mode = newmode; 1058 } 1059 1060 if (going_up) { 1061 if (sp->pp_mode != IFF_CISCO) 1062 lcp.Close(sp); 1063 sp->pp_mode = newmode; 1064 if (sp->pp_mode == 0) { 1065 ifp->if_flags |= IFF_RUNNING; 1066 lcp.Open(sp); 1067 } 1068 if (sp->pp_mode == IFF_CISCO) { 1069 if (sp->pp_tls) 1070 (sp->pp_tls)(sp); 1071 ifp->if_flags |= IFF_RUNNING; 1072 } 1073 } 1074 1075 break; 1076 1077#ifdef SIOCSIFMTU 1078#ifndef ifr_mtu 1079#define ifr_mtu ifr_metric 1080#endif 1081 case SIOCSIFMTU: 1082 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1083 return (EINVAL); 1084 ifp->if_mtu = ifr->ifr_mtu; 1085 break; 1086#endif 1087#ifdef SLIOCSETMTU 1088 case SLIOCSETMTU: 1089 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1090 return (EINVAL); 1091 ifp->if_mtu = *(short*)data; 1092 break; 1093#endif 1094#ifdef SIOCGIFMTU 1095 case SIOCGIFMTU: 1096 ifr->ifr_mtu = ifp->if_mtu; 1097 break; 1098#endif 1099#ifdef SLIOCGETMTU 1100 case SLIOCGETMTU: 1101 *(short*)data = ifp->if_mtu; 1102 break; 1103#endif 1104 case SIOCADDMULTI: 1105 case SIOCDELMULTI: 1106 break; 1107 1108 case SIOCGIFGENERIC: 1109 case SIOCSIFGENERIC: 1110 rv = sppp_params(sp, cmd, data); 1111 break; 1112 1113 default: 1114 rv = ENOTTY; 1115 } 1116 splx(s); 1117 return rv; 1118} 1119 1120/* 1121 * Cisco framing implementation. 1122 */ 1123 1124/* 1125 * Handle incoming Cisco keepalive protocol packets. 1126 */ 1127static void 1128sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1129{ 1130 STDDCL; 1131 struct cisco_packet *h; 1132 u_long me, mymask; 1133 1134 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1135 if (debug) 1136 log(LOG_DEBUG, 1137 SPP_FMT "cisco invalid packet length: %d bytes\n", 1138 SPP_ARGS(ifp), m->m_pkthdr.len); 1139 return; 1140 } 1141 h = mtod (m, struct cisco_packet*); 1142 if (debug) 1143 log(LOG_DEBUG, 1144 SPP_FMT "cisco input: %d bytes " 1145 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1146 SPP_ARGS(ifp), m->m_pkthdr.len, 1147 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1148 (u_int)h->time0, (u_int)h->time1); 1149 switch (ntohl (h->type)) { 1150 default: 1151 if (debug) 1152 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1153 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1154 break; 1155 case CISCO_ADDR_REPLY: 1156 /* Reply on address request, ignore */ 1157 break; 1158 case CISCO_KEEPALIVE_REQ: 1159 sp->pp_alivecnt = 0; 1160 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1161 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1162 /* Local and remote sequence numbers are equal. 1163 * Probably, the line is in loopback mode. */ 1164 if (sp->pp_loopcnt >= MAXALIVECNT) { 1165 printf (SPP_FMT "loopback\n", 1166 SPP_ARGS(ifp)); 1167 sp->pp_loopcnt = 0; 1168 if (ifp->if_flags & IFF_UP) { 1169 if_down (ifp); 1170 sppp_qflush (&sp->pp_cpq); 1171 } 1172 } 1173 ++sp->pp_loopcnt; 1174 1175 /* Generate new local sequence number */ 1176#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1177 sp->pp_seq[IDX_LCP] = random(); 1178#else 1179 sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec; 1180#endif 1181 break; 1182 } 1183 sp->pp_loopcnt = 0; 1184 if (! (ifp->if_flags & IFF_UP) && 1185 (ifp->if_flags & IFF_RUNNING)) { 1186 if_up(ifp); 1187 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1188 } 1189 break; 1190 case CISCO_ADDR_REQ: 1191 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1192 if (me != 0L) 1193 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1194 break; 1195 } 1196} 1197 1198/* 1199 * Send Cisco keepalive packet. 1200 */ 1201static void 1202sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1203{ 1204 STDDCL; 1205 struct ppp_header *h; 1206 struct cisco_packet *ch; 1207 struct mbuf *m; 1208#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1209 struct timeval tv; 1210#else 1211 u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1212#endif 1213 1214#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1215 getmicrouptime(&tv); 1216#endif 1217 1218 MGETHDR (m, M_DONTWAIT, MT_DATA); 1219 if (! m) 1220 return; 1221 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1222 m->m_pkthdr.rcvif = 0; 1223 1224 h = mtod (m, struct ppp_header*); 1225 h->address = CISCO_MULTICAST; 1226 h->control = 0; 1227 h->protocol = htons (CISCO_KEEPALIVE); 1228 1229 ch = (struct cisco_packet*) (h + 1); 1230 ch->type = htonl (type); 1231 ch->par1 = htonl (par1); 1232 ch->par2 = htonl (par2); 1233 ch->rel = -1; 1234 1235#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1236 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1237 ch->time1 = htons ((u_short) tv.tv_sec); 1238#else 1239 ch->time0 = htons ((u_short) (t >> 16)); 1240 ch->time1 = htons ((u_short) t); 1241#endif 1242 1243 if (debug) 1244 log(LOG_DEBUG, 1245 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1246 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1247 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1248 1249 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1250 ifp->if_oerrors++; 1251} 1252 1253/* 1254 * PPP protocol implementation. 1255 */ 1256 1257/* 1258 * Send PPP control protocol packet. 1259 */ 1260static void 1261sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1262 u_char ident, u_short len, void *data) 1263{ 1264 STDDCL; 1265 struct ppp_header *h; 1266 struct lcp_header *lh; 1267 struct mbuf *m; 1268 1269 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1270 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1271 MGETHDR (m, M_DONTWAIT, MT_DATA); 1272 if (! m) 1273 return; 1274 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1275 m->m_pkthdr.rcvif = 0; 1276 1277 h = mtod (m, struct ppp_header*); 1278 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1279 h->control = PPP_UI; /* Unnumbered Info */ 1280 h->protocol = htons (proto); /* Link Control Protocol */ 1281 1282 lh = (struct lcp_header*) (h + 1); 1283 lh->type = type; 1284 lh->ident = ident; 1285 lh->len = htons (LCP_HEADER_LEN + len); 1286 if (len) 1287 bcopy (data, lh+1, len); 1288 1289 if (debug) { 1290 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1291 SPP_ARGS(ifp), 1292 sppp_proto_name(proto), 1293 sppp_cp_type_name (lh->type), lh->ident, 1294 ntohs (lh->len)); 1295 sppp_print_bytes ((u_char*) (lh+1), len); 1296 log(-1, ">\n"); 1297 } 1298 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1299 ifp->if_oerrors++; 1300} 1301 1302/* 1303 * Handle incoming PPP control protocol packets. 1304 */ 1305static void 1306sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1307{ 1308 STDDCL; 1309 struct lcp_header *h; 1310 int len = m->m_pkthdr.len; 1311 int rv; 1312 u_char *p; 1313 1314 if (len < 4) { 1315 if (debug) 1316 log(LOG_DEBUG, 1317 SPP_FMT "%s invalid packet length: %d bytes\n", 1318 SPP_ARGS(ifp), cp->name, len); 1319 return; 1320 } 1321 h = mtod (m, struct lcp_header*); 1322 if (debug) { 1323 log(LOG_DEBUG, 1324 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1325 SPP_ARGS(ifp), cp->name, 1326 sppp_state_name(sp->state[cp->protoidx]), 1327 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1328 sppp_print_bytes ((u_char*) (h+1), len-4); 1329 log(-1, ">\n"); 1330 } 1331 if (len > ntohs (h->len)) 1332 len = ntohs (h->len); 1333 p = (u_char *)(h + 1); 1334 switch (h->type) { 1335 case CONF_REQ: 1336 if (len < 4) { 1337 if (debug) 1338 log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1339 SPP_ARGS(ifp), cp->name, 1340 len); 1341 ++ifp->if_ierrors; 1342 break; 1343 } 1344 /* handle states where RCR doesn't get a SCA/SCN */ 1345 switch (sp->state[cp->protoidx]) { 1346 case STATE_CLOSING: 1347 case STATE_STOPPING: 1348 return; 1349 case STATE_CLOSED: 1350 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1351 0, 0); 1352 return; 1353 } 1354 rv = (cp->RCR)(sp, h, len); 1355 switch (sp->state[cp->protoidx]) { 1356 case STATE_OPENED: 1357 (cp->tld)(sp); 1358 (cp->scr)(sp); 1359 /* fall through... */ 1360 case STATE_ACK_SENT: 1361 case STATE_REQ_SENT: 1362 /* 1363 * sppp_cp_change_state() have the side effect of 1364 * restarting the timeouts. We want to avoid that 1365 * if the state don't change, otherwise we won't 1366 * ever timeout and resend a configuration request 1367 * that got lost. 1368 */ 1369 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1370 STATE_REQ_SENT)) 1371 break; 1372 sppp_cp_change_state(cp, sp, rv? 1373 STATE_ACK_SENT: STATE_REQ_SENT); 1374 break; 1375 case STATE_STOPPED: 1376 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1377 (cp->scr)(sp); 1378 sppp_cp_change_state(cp, sp, rv? 1379 STATE_ACK_SENT: STATE_REQ_SENT); 1380 break; 1381 case STATE_ACK_RCVD: 1382 if (rv) { 1383 sppp_cp_change_state(cp, sp, STATE_OPENED); 1384 if (debug) 1385 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1386 SPP_ARGS(ifp), 1387 cp->name); 1388 (cp->tlu)(sp); 1389 } else 1390 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1391 break; 1392 default: 1393 printf(SPP_FMT "%s illegal %s in state %s\n", 1394 SPP_ARGS(ifp), cp->name, 1395 sppp_cp_type_name(h->type), 1396 sppp_state_name(sp->state[cp->protoidx])); 1397 ++ifp->if_ierrors; 1398 } 1399 break; 1400 case CONF_ACK: 1401 if (h->ident != sp->confid[cp->protoidx]) { 1402 if (debug) 1403 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1404 SPP_ARGS(ifp), cp->name, 1405 h->ident, sp->confid[cp->protoidx]); 1406 ++ifp->if_ierrors; 1407 break; 1408 } 1409 switch (sp->state[cp->protoidx]) { 1410 case STATE_CLOSED: 1411 case STATE_STOPPED: 1412 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1413 break; 1414 case STATE_CLOSING: 1415 case STATE_STOPPING: 1416 break; 1417 case STATE_REQ_SENT: 1418 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1419 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1420 break; 1421 case STATE_OPENED: 1422 (cp->tld)(sp); 1423 /* fall through */ 1424 case STATE_ACK_RCVD: 1425 (cp->scr)(sp); 1426 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1427 break; 1428 case STATE_ACK_SENT: 1429 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1430 sppp_cp_change_state(cp, sp, STATE_OPENED); 1431 if (debug) 1432 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1433 SPP_ARGS(ifp), cp->name); 1434 (cp->tlu)(sp); 1435 break; 1436 default: 1437 printf(SPP_FMT "%s illegal %s in state %s\n", 1438 SPP_ARGS(ifp), cp->name, 1439 sppp_cp_type_name(h->type), 1440 sppp_state_name(sp->state[cp->protoidx])); 1441 ++ifp->if_ierrors; 1442 } 1443 break; 1444 case CONF_NAK: 1445 case CONF_REJ: 1446 if (h->ident != sp->confid[cp->protoidx]) { 1447 if (debug) 1448 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1449 SPP_ARGS(ifp), cp->name, 1450 h->ident, sp->confid[cp->protoidx]); 1451 ++ifp->if_ierrors; 1452 break; 1453 } 1454 if (h->type == CONF_NAK) 1455 (cp->RCN_nak)(sp, h, len); 1456 else /* CONF_REJ */ 1457 (cp->RCN_rej)(sp, h, len); 1458 1459 switch (sp->state[cp->protoidx]) { 1460 case STATE_CLOSED: 1461 case STATE_STOPPED: 1462 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1463 break; 1464 case STATE_REQ_SENT: 1465 case STATE_ACK_SENT: 1466 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1467 /* 1468 * Slow things down a bit if we think we might be 1469 * in loopback. Depend on the timeout to send the 1470 * next configuration request. 1471 */ 1472 if (sp->pp_loopcnt) 1473 break; 1474 (cp->scr)(sp); 1475 break; 1476 case STATE_OPENED: 1477 (cp->tld)(sp); 1478 /* fall through */ 1479 case STATE_ACK_RCVD: 1480 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1481 (cp->scr)(sp); 1482 break; 1483 case STATE_CLOSING: 1484 case STATE_STOPPING: 1485 break; 1486 default: 1487 printf(SPP_FMT "%s illegal %s in state %s\n", 1488 SPP_ARGS(ifp), cp->name, 1489 sppp_cp_type_name(h->type), 1490 sppp_state_name(sp->state[cp->protoidx])); 1491 ++ifp->if_ierrors; 1492 } 1493 break; 1494 1495 case TERM_REQ: 1496 switch (sp->state[cp->protoidx]) { 1497 case STATE_ACK_RCVD: 1498 case STATE_ACK_SENT: 1499 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1500 /* fall through */ 1501 case STATE_CLOSED: 1502 case STATE_STOPPED: 1503 case STATE_CLOSING: 1504 case STATE_STOPPING: 1505 case STATE_REQ_SENT: 1506 sta: 1507 /* Send Terminate-Ack packet. */ 1508 if (debug) 1509 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1510 SPP_ARGS(ifp), cp->name); 1511 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1512 break; 1513 case STATE_OPENED: 1514 (cp->tld)(sp); 1515 sp->rst_counter[cp->protoidx] = 0; 1516 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1517 goto sta; 1518 break; 1519 default: 1520 printf(SPP_FMT "%s illegal %s in state %s\n", 1521 SPP_ARGS(ifp), cp->name, 1522 sppp_cp_type_name(h->type), 1523 sppp_state_name(sp->state[cp->protoidx])); 1524 ++ifp->if_ierrors; 1525 } 1526 break; 1527 case TERM_ACK: 1528 switch (sp->state[cp->protoidx]) { 1529 case STATE_CLOSED: 1530 case STATE_STOPPED: 1531 case STATE_REQ_SENT: 1532 case STATE_ACK_SENT: 1533 break; 1534 case STATE_CLOSING: 1535 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1536 (cp->tlf)(sp); 1537 break; 1538 case STATE_STOPPING: 1539 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1540 (cp->tlf)(sp); 1541 break; 1542 case STATE_ACK_RCVD: 1543 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1544 break; 1545 case STATE_OPENED: 1546 (cp->tld)(sp); 1547 (cp->scr)(sp); 1548 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1549 break; 1550 default: 1551 printf(SPP_FMT "%s illegal %s in state %s\n", 1552 SPP_ARGS(ifp), cp->name, 1553 sppp_cp_type_name(h->type), 1554 sppp_state_name(sp->state[cp->protoidx])); 1555 ++ifp->if_ierrors; 1556 } 1557 break; 1558 case CODE_REJ: 1559 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1560 log(LOG_INFO, 1561 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1562 "danger will robinson\n", 1563 SPP_ARGS(ifp), cp->name, 1564 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1565 switch (sp->state[cp->protoidx]) { 1566 case STATE_CLOSED: 1567 case STATE_STOPPED: 1568 case STATE_REQ_SENT: 1569 case STATE_ACK_SENT: 1570 case STATE_CLOSING: 1571 case STATE_STOPPING: 1572 case STATE_OPENED: 1573 break; 1574 case STATE_ACK_RCVD: 1575 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1576 break; 1577 default: 1578 printf(SPP_FMT "%s illegal %s in state %s\n", 1579 SPP_ARGS(ifp), cp->name, 1580 sppp_cp_type_name(h->type), 1581 sppp_state_name(sp->state[cp->protoidx])); 1582 ++ifp->if_ierrors; 1583 } 1584 break; 1585 case PROTO_REJ: 1586 { 1587 int catastrophic; 1588 const struct cp *upper; 1589 int i; 1590 u_int16_t proto; 1591 1592 catastrophic = 0; 1593 upper = NULL; 1594 proto = ntohs(*((u_int16_t *)p)); 1595 for (i = 0; i < IDX_COUNT; i++) { 1596 if (cps[i]->proto == proto) { 1597 upper = cps[i]; 1598 break; 1599 } 1600 } 1601 if (upper == NULL) 1602 catastrophic++; 1603 1604 log(LOG_INFO, 1605 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1606 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1607 sppp_cp_type_name(h->type), proto, 1608 upper ? upper->name : "unknown", 1609 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1610 1611 /* 1612 * if we got RXJ+ against conf-req, the peer does not implement 1613 * this particular protocol type. terminate the protocol. 1614 */ 1615 if (upper && !catastrophic) { 1616 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1617 upper->Close(sp); 1618 break; 1619 } 1620 } 1621 1622 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1623 switch (sp->state[cp->protoidx]) { 1624 case STATE_CLOSED: 1625 case STATE_STOPPED: 1626 case STATE_REQ_SENT: 1627 case STATE_ACK_SENT: 1628 case STATE_CLOSING: 1629 case STATE_STOPPING: 1630 case STATE_OPENED: 1631 break; 1632 case STATE_ACK_RCVD: 1633 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1634 break; 1635 default: 1636 printf(SPP_FMT "%s illegal %s in state %s\n", 1637 SPP_ARGS(ifp), cp->name, 1638 sppp_cp_type_name(h->type), 1639 sppp_state_name(sp->state[cp->protoidx])); 1640 ++ifp->if_ierrors; 1641 } 1642 break; 1643 } 1644 case DISC_REQ: 1645 if (cp->proto != PPP_LCP) 1646 goto illegal; 1647 /* Discard the packet. */ 1648 break; 1649 case ECHO_REQ: 1650 if (cp->proto != PPP_LCP) 1651 goto illegal; 1652 if (sp->state[cp->protoidx] != STATE_OPENED) { 1653 if (debug) 1654 log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1655 SPP_ARGS(ifp)); 1656 ++ifp->if_ierrors; 1657 break; 1658 } 1659 if (len < 8) { 1660 if (debug) 1661 log(-1, SPP_FMT "invalid lcp echo request " 1662 "packet length: %d bytes\n", 1663 SPP_ARGS(ifp), len); 1664 break; 1665 } 1666 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1667 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1668 /* Line loopback mode detected. */ 1669 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1670 sp->pp_loopcnt = MAXALIVECNT * 5; 1671 if_down (ifp); 1672 sppp_qflush (&sp->pp_cpq); 1673 1674 /* Shut down the PPP link. */ 1675 /* XXX */ 1676 lcp.Down(sp); 1677 lcp.Up(sp); 1678 break; 1679 } 1680 *(long*)(h+1) = htonl (sp->lcp.magic); 1681 if (debug) 1682 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1683 SPP_ARGS(ifp)); 1684 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1685 break; 1686 case ECHO_REPLY: 1687 if (cp->proto != PPP_LCP) 1688 goto illegal; 1689 if (h->ident != sp->lcp.echoid) { 1690 ++ifp->if_ierrors; 1691 break; 1692 } 1693 if (len < 8) { 1694 if (debug) 1695 log(-1, SPP_FMT "lcp invalid echo reply " 1696 "packet length: %d bytes\n", 1697 SPP_ARGS(ifp), len); 1698 break; 1699 } 1700 if (debug) 1701 log(-1, SPP_FMT "lcp got echo rep\n", 1702 SPP_ARGS(ifp)); 1703 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1704 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1705 sp->pp_alivecnt = 0; 1706 break; 1707 default: 1708 /* Unknown packet type -- send Code-Reject packet. */ 1709 illegal: 1710 if (debug) 1711 log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1712 SPP_ARGS(ifp), cp->name, h->type); 1713 sppp_cp_send(sp, cp->proto, CODE_REJ, 1714 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1715 ++ifp->if_ierrors; 1716 } 1717} 1718 1719 1720/* 1721 * The generic part of all Up/Down/Open/Close/TO event handlers. 1722 * Basically, the state transition handling in the automaton. 1723 */ 1724static void 1725sppp_up_event(const struct cp *cp, struct sppp *sp) 1726{ 1727 STDDCL; 1728 1729 if (debug) 1730 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1731 SPP_ARGS(ifp), cp->name, 1732 sppp_state_name(sp->state[cp->protoidx])); 1733 1734 switch (sp->state[cp->protoidx]) { 1735 case STATE_INITIAL: 1736 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1737 break; 1738 case STATE_STARTING: 1739 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1740 (cp->scr)(sp); 1741 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1742 break; 1743 default: 1744 printf(SPP_FMT "%s illegal up in state %s\n", 1745 SPP_ARGS(ifp), cp->name, 1746 sppp_state_name(sp->state[cp->protoidx])); 1747 } 1748} 1749 1750static void 1751sppp_down_event(const struct cp *cp, struct sppp *sp) 1752{ 1753 STDDCL; 1754 1755 if (debug) 1756 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1757 SPP_ARGS(ifp), cp->name, 1758 sppp_state_name(sp->state[cp->protoidx])); 1759 1760 switch (sp->state[cp->protoidx]) { 1761 case STATE_CLOSED: 1762 case STATE_CLOSING: 1763 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1764 break; 1765 case STATE_STOPPED: 1766 sppp_cp_change_state(cp, sp, STATE_STARTING); 1767 (cp->tls)(sp); 1768 break; 1769 case STATE_STOPPING: 1770 case STATE_REQ_SENT: 1771 case STATE_ACK_RCVD: 1772 case STATE_ACK_SENT: 1773 sppp_cp_change_state(cp, sp, STATE_STARTING); 1774 break; 1775 case STATE_OPENED: 1776 (cp->tld)(sp); 1777 sppp_cp_change_state(cp, sp, STATE_STARTING); 1778 break; 1779 default: 1780 printf(SPP_FMT "%s illegal down in state %s\n", 1781 SPP_ARGS(ifp), cp->name, 1782 sppp_state_name(sp->state[cp->protoidx])); 1783 } 1784} 1785 1786 1787static void 1788sppp_open_event(const struct cp *cp, struct sppp *sp) 1789{ 1790 STDDCL; 1791 1792 if (debug) 1793 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1794 SPP_ARGS(ifp), cp->name, 1795 sppp_state_name(sp->state[cp->protoidx])); 1796 1797 switch (sp->state[cp->protoidx]) { 1798 case STATE_INITIAL: 1799 sppp_cp_change_state(cp, sp, STATE_STARTING); 1800 (cp->tls)(sp); 1801 break; 1802 case STATE_STARTING: 1803 break; 1804 case STATE_CLOSED: 1805 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1806 (cp->scr)(sp); 1807 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1808 break; 1809 case STATE_STOPPED: 1810 /* 1811 * Try escaping stopped state. This seems to bite 1812 * people occasionally, in particular for IPCP, 1813 * presumably following previous IPCP negotiation 1814 * aborts. Somehow, we must have missed a Down event 1815 * which would have caused a transition into starting 1816 * state, so as a bandaid we force the Down event now. 1817 * This effectively implements (something like the) 1818 * `restart' option mentioned in the state transition 1819 * table of RFC 1661. 1820 */ 1821 sppp_cp_change_state(cp, sp, STATE_STARTING); 1822 (cp->tls)(sp); 1823 break; 1824 case STATE_STOPPING: 1825 case STATE_REQ_SENT: 1826 case STATE_ACK_RCVD: 1827 case STATE_ACK_SENT: 1828 case STATE_OPENED: 1829 break; 1830 case STATE_CLOSING: 1831 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1832 break; 1833 } 1834} 1835 1836 1837static void 1838sppp_close_event(const struct cp *cp, struct sppp *sp) 1839{ 1840 STDDCL; 1841 1842 if (debug) 1843 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1844 SPP_ARGS(ifp), cp->name, 1845 sppp_state_name(sp->state[cp->protoidx])); 1846 1847 switch (sp->state[cp->protoidx]) { 1848 case STATE_INITIAL: 1849 case STATE_CLOSED: 1850 case STATE_CLOSING: 1851 break; 1852 case STATE_STARTING: 1853 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1854 (cp->tlf)(sp); 1855 break; 1856 case STATE_STOPPED: 1857 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1858 break; 1859 case STATE_STOPPING: 1860 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1861 break; 1862 case STATE_OPENED: 1863 (cp->tld)(sp); 1864 /* fall through */ 1865 case STATE_REQ_SENT: 1866 case STATE_ACK_RCVD: 1867 case STATE_ACK_SENT: 1868 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1869 sppp_cp_send(sp, cp->proto, TERM_REQ, 1870 ++sp->pp_seq[cp->protoidx], 0, 0); 1871 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1872 break; 1873 } 1874} 1875 1876static void 1877sppp_to_event(const struct cp *cp, struct sppp *sp) 1878{ 1879 STDDCL; 1880 int s; 1881 1882 s = splimp(); 1883 if (debug) 1884 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1885 SPP_ARGS(ifp), cp->name, 1886 sppp_state_name(sp->state[cp->protoidx]), 1887 sp->rst_counter[cp->protoidx]); 1888 1889 if (--sp->rst_counter[cp->protoidx] < 0) 1890 /* TO- event */ 1891 switch (sp->state[cp->protoidx]) { 1892 case STATE_CLOSING: 1893 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1894 (cp->tlf)(sp); 1895 break; 1896 case STATE_STOPPING: 1897 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1898 (cp->tlf)(sp); 1899 break; 1900 case STATE_REQ_SENT: 1901 case STATE_ACK_RCVD: 1902 case STATE_ACK_SENT: 1903 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1904 (cp->tlf)(sp); 1905 break; 1906 } 1907 else 1908 /* TO+ event */ 1909 switch (sp->state[cp->protoidx]) { 1910 case STATE_CLOSING: 1911 case STATE_STOPPING: 1912 sppp_cp_send(sp, cp->proto, TERM_REQ, 1913 ++sp->pp_seq[cp->protoidx], 0, 0); 1914 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1915 sp->ch[cp->protoidx]); 1916 break; 1917 case STATE_REQ_SENT: 1918 case STATE_ACK_RCVD: 1919 (cp->scr)(sp); 1920 /* sppp_cp_change_state() will restart the timer */ 1921 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1922 break; 1923 case STATE_ACK_SENT: 1924 (cp->scr)(sp); 1925 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1926 sp->ch[cp->protoidx]); 1927 break; 1928 } 1929 1930 splx(s); 1931} 1932 1933/* 1934 * Change the state of a control protocol in the state automaton. 1935 * Takes care of starting/stopping the restart timer. 1936 */ 1937void 1938sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1939{ 1940 sp->state[cp->protoidx] = newstate; 1941 1942 UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 1943 switch (newstate) { 1944 case STATE_INITIAL: 1945 case STATE_STARTING: 1946 case STATE_CLOSED: 1947 case STATE_STOPPED: 1948 case STATE_OPENED: 1949 break; 1950 case STATE_CLOSING: 1951 case STATE_STOPPING: 1952 case STATE_REQ_SENT: 1953 case STATE_ACK_RCVD: 1954 case STATE_ACK_SENT: 1955 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1956 sp->ch[cp->protoidx]); 1957 break; 1958 } 1959} 1960 1961/* 1962 *--------------------------------------------------------------------------* 1963 * * 1964 * The LCP implementation. * 1965 * * 1966 *--------------------------------------------------------------------------* 1967 */ 1968static void 1969sppp_lcp_init(struct sppp *sp) 1970{ 1971 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1972 sp->lcp.magic = 0; 1973 sp->state[IDX_LCP] = STATE_INITIAL; 1974 sp->fail_counter[IDX_LCP] = 0; 1975 sp->pp_seq[IDX_LCP] = 0; 1976 sp->pp_rseq[IDX_LCP] = 0; 1977 sp->lcp.protos = 0; 1978 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 1979 1980 /* Note that these values are relevant for all control protocols */ 1981 sp->lcp.timeout = 3 * hz; 1982 sp->lcp.max_terminate = 2; 1983 sp->lcp.max_configure = 10; 1984 sp->lcp.max_failure = 10; 1985#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1986 callout_handle_init(&sp->ch[IDX_LCP]); 1987#endif 1988} 1989 1990static void 1991sppp_lcp_up(struct sppp *sp) 1992{ 1993 STDDCL; 1994 1995 sp->pp_alivecnt = 0; 1996 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1997 sp->lcp.magic = 0; 1998 sp->lcp.protos = 0; 1999 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2000 /* 2001 * If we are authenticator, negotiate LCP_AUTH 2002 */ 2003 if (sp->hisauth.proto != 0) 2004 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2005 else 2006 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2007 sp->pp_flags &= ~PP_NEEDAUTH; 2008 /* 2009 * If this interface is passive or dial-on-demand, and we are 2010 * still in Initial state, it means we've got an incoming 2011 * call. Activate the interface. 2012 */ 2013 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2014 if (debug) 2015 log(LOG_DEBUG, 2016 SPP_FMT "Up event", SPP_ARGS(ifp)); 2017 ifp->if_flags |= IFF_RUNNING; 2018 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2019 if (debug) 2020 log(-1, "(incoming call)\n"); 2021 sp->pp_flags |= PP_CALLIN; 2022 lcp.Open(sp); 2023 } else if (debug) 2024 log(-1, "\n"); 2025 } 2026 2027 sppp_up_event(&lcp, sp); 2028} 2029 2030static void 2031sppp_lcp_down(struct sppp *sp) 2032{ 2033 STDDCL; 2034 2035 sppp_down_event(&lcp, sp); 2036 2037 /* 2038 * If this is neither a dial-on-demand nor a passive 2039 * interface, simulate an ``ifconfig down'' action, so the 2040 * administrator can force a redial by another ``ifconfig 2041 * up''. XXX For leased line operation, should we immediately 2042 * try to reopen the connection here? 2043 */ 2044 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2045 log(LOG_INFO, 2046 SPP_FMT "Down event, taking interface down.\n", 2047 SPP_ARGS(ifp)); 2048 if_down(ifp); 2049 } else { 2050 if (debug) 2051 log(LOG_DEBUG, 2052 SPP_FMT "Down event (carrier loss)\n", 2053 SPP_ARGS(ifp)); 2054 sp->pp_flags &= ~PP_CALLIN; 2055 if (sp->state[IDX_LCP] != STATE_INITIAL) 2056 lcp.Close(sp); 2057 ifp->if_flags &= ~IFF_RUNNING; 2058 } 2059} 2060 2061static void 2062sppp_lcp_open(struct sppp *sp) 2063{ 2064 sppp_open_event(&lcp, sp); 2065} 2066 2067static void 2068sppp_lcp_close(struct sppp *sp) 2069{ 2070 sppp_close_event(&lcp, sp); 2071} 2072 2073static void 2074sppp_lcp_TO(void *cookie) 2075{ 2076 sppp_to_event(&lcp, (struct sppp *)cookie); 2077} 2078 2079/* 2080 * Analyze a configure request. Return true if it was agreeable, and 2081 * caused action sca, false if it has been rejected or nak'ed, and 2082 * caused action scn. (The return value is used to make the state 2083 * transition decision in the state automaton.) 2084 */ 2085static int 2086sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2087{ 2088 STDDCL; 2089 u_char *buf, *r, *p; 2090 int origlen, rlen; 2091 u_long nmagic; 2092 u_short authproto; 2093 2094 len -= 4; 2095 origlen = len; 2096 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2097 if (! buf) 2098 return (0); 2099 2100 if (debug) 2101 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2102 SPP_ARGS(ifp)); 2103 2104 /* pass 1: check for things that need to be rejected */ 2105 p = (void*) (h+1); 2106 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2107 if (debug) 2108 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2109 switch (*p) { 2110 case LCP_OPT_MAGIC: 2111 /* Magic number. */ 2112 if (len >= 6 && p[1] == 6) 2113 continue; 2114 if (debug) 2115 log(-1, "[invalid] "); 2116 break; 2117 case LCP_OPT_ASYNC_MAP: 2118 /* Async control character map. */ 2119 if (len >= 6 && p[1] == 6) 2120 continue; 2121 if (debug) 2122 log(-1, "[invalid] "); 2123 break; 2124 case LCP_OPT_MRU: 2125 /* Maximum receive unit. */ 2126 if (len >= 4 && p[1] == 4) 2127 continue; 2128 if (debug) 2129 log(-1, "[invalid] "); 2130 break; 2131 case LCP_OPT_AUTH_PROTO: 2132 if (len < 4) { 2133 if (debug) 2134 log(-1, "[invalid] "); 2135 break; 2136 } 2137 authproto = (p[2] << 8) + p[3]; 2138 if (authproto == PPP_CHAP && p[1] != 5) { 2139 if (debug) 2140 log(-1, "[invalid chap len] "); 2141 break; 2142 } 2143 if (sp->myauth.proto == 0) { 2144 /* we are not configured to do auth */ 2145 if (debug) 2146 log(-1, "[not configured] "); 2147 break; 2148 } 2149 /* 2150 * Remote want us to authenticate, remember this, 2151 * so we stay in PHASE_AUTHENTICATE after LCP got 2152 * up. 2153 */ 2154 sp->pp_flags |= PP_NEEDAUTH; 2155 continue; 2156 default: 2157 /* Others not supported. */ 2158 if (debug) 2159 log(-1, "[rej] "); 2160 break; 2161 } 2162 /* Add the option to rejected list. */ 2163 bcopy (p, r, p[1]); 2164 r += p[1]; 2165 rlen += p[1]; 2166 } 2167 if (rlen) { 2168 if (debug) 2169 log(-1, " send conf-rej\n"); 2170 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2171 return 0; 2172 } else if (debug) 2173 log(-1, "\n"); 2174 2175 /* 2176 * pass 2: check for option values that are unacceptable and 2177 * thus require to be nak'ed. 2178 */ 2179 if (debug) 2180 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2181 SPP_ARGS(ifp)); 2182 2183 p = (void*) (h+1); 2184 len = origlen; 2185 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2186 if (debug) 2187 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2188 switch (*p) { 2189 case LCP_OPT_MAGIC: 2190 /* Magic number -- extract. */ 2191 nmagic = (u_long)p[2] << 24 | 2192 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2193 if (nmagic != sp->lcp.magic) { 2194 sp->pp_loopcnt = 0; 2195 if (debug) 2196 log(-1, "0x%lx ", nmagic); 2197 continue; 2198 } 2199 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2200 log(-1, "[glitch] "); 2201 ++sp->pp_loopcnt; 2202 /* 2203 * We negate our magic here, and NAK it. If 2204 * we see it later in an NAK packet, we 2205 * suggest a new one. 2206 */ 2207 nmagic = ~sp->lcp.magic; 2208 /* Gonna NAK it. */ 2209 p[2] = nmagic >> 24; 2210 p[3] = nmagic >> 16; 2211 p[4] = nmagic >> 8; 2212 p[5] = nmagic; 2213 break; 2214 2215 case LCP_OPT_ASYNC_MAP: 2216 /* Async control character map -- check to be zero. */ 2217 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 2218 if (debug) 2219 log(-1, "[empty] "); 2220 continue; 2221 } 2222 if (debug) 2223 log(-1, "[non-empty] "); 2224 /* suggest a zero one */ 2225 p[2] = p[3] = p[4] = p[5] = 0; 2226 break; 2227 2228 case LCP_OPT_MRU: 2229 /* 2230 * Maximum receive unit. Always agreeable, 2231 * but ignored by now. 2232 */ 2233 sp->lcp.their_mru = p[2] * 256 + p[3]; 2234 if (debug) 2235 log(-1, "%lu ", sp->lcp.their_mru); 2236 continue; 2237 2238 case LCP_OPT_AUTH_PROTO: 2239 authproto = (p[2] << 8) + p[3]; 2240 if (sp->myauth.proto != authproto) { 2241 /* not agreed, nak */ 2242 if (debug) 2243 log(-1, "[mine %s != his %s] ", 2244 sppp_proto_name(sp->hisauth.proto), 2245 sppp_proto_name(authproto)); 2246 p[2] = sp->myauth.proto >> 8; 2247 p[3] = sp->myauth.proto; 2248 break; 2249 } 2250 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2251 if (debug) 2252 log(-1, "[chap not MD5] "); 2253 p[4] = CHAP_MD5; 2254 break; 2255 } 2256 continue; 2257 } 2258 /* Add the option to nak'ed list. */ 2259 bcopy (p, r, p[1]); 2260 r += p[1]; 2261 rlen += p[1]; 2262 } 2263 if (rlen) { 2264 /* 2265 * Local and remote magics equal -- loopback? 2266 */ 2267 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2268 if (sp->pp_loopcnt == MAXALIVECNT*5) 2269 printf (SPP_FMT "loopback\n", 2270 SPP_ARGS(ifp)); 2271 if (ifp->if_flags & IFF_UP) { 2272 if_down(ifp); 2273 sppp_qflush(&sp->pp_cpq); 2274 /* XXX ? */ 2275 lcp.Down(sp); 2276 lcp.Up(sp); 2277 } 2278 } else if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2279 if (debug) 2280 log(-1, " max_failure (%d) exceeded, " 2281 "send conf-rej\n", 2282 sp->lcp.max_failure); 2283 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2284 } else { 2285 if (debug) 2286 log(-1, " send conf-nak\n"); 2287 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2288 } 2289 } else { 2290 if (debug) 2291 log(-1, " send conf-ack\n"); 2292 sp->fail_counter[IDX_LCP] = 0; 2293 sp->pp_loopcnt = 0; 2294 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2295 h->ident, origlen, h+1); 2296 } 2297 2298 free (buf, M_TEMP); 2299 return (rlen == 0); 2300} 2301 2302/* 2303 * Analyze the LCP Configure-Reject option list, and adjust our 2304 * negotiation. 2305 */ 2306static void 2307sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2308{ 2309 STDDCL; 2310 u_char *buf, *p; 2311 2312 len -= 4; 2313 buf = malloc (len, M_TEMP, M_NOWAIT); 2314 if (!buf) 2315 return; 2316 2317 if (debug) 2318 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2319 SPP_ARGS(ifp)); 2320 2321 p = (void*) (h+1); 2322 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2323 if (debug) 2324 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2325 switch (*p) { 2326 case LCP_OPT_MAGIC: 2327 /* Magic number -- can't use it, use 0 */ 2328 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2329 sp->lcp.magic = 0; 2330 break; 2331 case LCP_OPT_MRU: 2332 /* 2333 * Should not be rejected anyway, since we only 2334 * negotiate a MRU if explicitly requested by 2335 * peer. 2336 */ 2337 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2338 break; 2339 case LCP_OPT_AUTH_PROTO: 2340 /* 2341 * Peer doesn't want to authenticate himself, 2342 * deny unless this is a dialout call, and 2343 * AUTHFLAG_NOCALLOUT is set. 2344 */ 2345 if ((sp->pp_flags & PP_CALLIN) == 0 && 2346 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2347 if (debug) 2348 log(-1, "[don't insist on auth " 2349 "for callout]"); 2350 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2351 break; 2352 } 2353 if (debug) 2354 log(-1, "[access denied]\n"); 2355 lcp.Close(sp); 2356 break; 2357 } 2358 } 2359 if (debug) 2360 log(-1, "\n"); 2361 free (buf, M_TEMP); 2362 return; 2363} 2364 2365/* 2366 * Analyze the LCP Configure-NAK option list, and adjust our 2367 * negotiation. 2368 */ 2369static void 2370sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2371{ 2372 STDDCL; 2373 u_char *buf, *p; 2374 u_long magic; 2375 2376 len -= 4; 2377 buf = malloc (len, M_TEMP, M_NOWAIT); 2378 if (!buf) 2379 return; 2380 2381 if (debug) 2382 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2383 SPP_ARGS(ifp)); 2384 2385 p = (void*) (h+1); 2386 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2387 if (debug) 2388 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2389 switch (*p) { 2390 case LCP_OPT_MAGIC: 2391 /* Magic number -- renegotiate */ 2392 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2393 len >= 6 && p[1] == 6) { 2394 magic = (u_long)p[2] << 24 | 2395 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2396 /* 2397 * If the remote magic is our negated one, 2398 * this looks like a loopback problem. 2399 * Suggest a new magic to make sure. 2400 */ 2401 if (magic == ~sp->lcp.magic) { 2402 if (debug) 2403 log(-1, "magic glitch "); 2404#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2405 sp->lcp.magic = random(); 2406#else 2407 sp->lcp.magic = time.tv_sec + time.tv_usec; 2408#endif 2409 } else { 2410 sp->lcp.magic = magic; 2411 if (debug) 2412 log(-1, "%lu ", magic); 2413 } 2414 } 2415 break; 2416 case LCP_OPT_MRU: 2417 /* 2418 * Peer wants to advise us to negotiate an MRU. 2419 * Agree on it if it's reasonable, or use 2420 * default otherwise. 2421 */ 2422 if (len >= 4 && p[1] == 4) { 2423 u_int mru = p[2] * 256 + p[3]; 2424 if (debug) 2425 log(-1, "%d ", mru); 2426 if (mru < PP_MTU || mru > PP_MAX_MRU) 2427 mru = PP_MTU; 2428 sp->lcp.mru = mru; 2429 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2430 } 2431 break; 2432 case LCP_OPT_AUTH_PROTO: 2433 /* 2434 * Peer doesn't like our authentication method, 2435 * deny. 2436 */ 2437 if (debug) 2438 log(-1, "[access denied]\n"); 2439 lcp.Close(sp); 2440 break; 2441 } 2442 } 2443 if (debug) 2444 log(-1, "\n"); 2445 free (buf, M_TEMP); 2446 return; 2447} 2448 2449static void 2450sppp_lcp_tlu(struct sppp *sp) 2451{ 2452 STDDCL; 2453 int i; 2454 u_long mask; 2455 2456 /* XXX ? */ 2457 if (! (ifp->if_flags & IFF_UP) && 2458 (ifp->if_flags & IFF_RUNNING)) { 2459 /* Coming out of loopback mode. */ 2460 if_up(ifp); 2461 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2462 } 2463 2464 for (i = 0; i < IDX_COUNT; i++) 2465 if ((cps[i])->flags & CP_QUAL) 2466 (cps[i])->Open(sp); 2467 2468 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2469 (sp->pp_flags & PP_NEEDAUTH) != 0) 2470 sp->pp_phase = PHASE_AUTHENTICATE; 2471 else 2472 sp->pp_phase = PHASE_NETWORK; 2473 2474 if (debug) 2475 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2476 sppp_phase_name(sp->pp_phase)); 2477 2478 /* 2479 * Open all authentication protocols. This is even required 2480 * if we already proceeded to network phase, since it might be 2481 * that remote wants us to authenticate, so we might have to 2482 * send a PAP request. Undesired authentication protocols 2483 * don't do anything when they get an Open event. 2484 */ 2485 for (i = 0; i < IDX_COUNT; i++) 2486 if ((cps[i])->flags & CP_AUTH) 2487 (cps[i])->Open(sp); 2488 2489 if (sp->pp_phase == PHASE_NETWORK) { 2490 /* Notify all NCPs. */ 2491 for (i = 0; i < IDX_COUNT; i++) 2492 if ((cps[i])->flags & CP_NCP) 2493 (cps[i])->Open(sp); 2494 } 2495 2496 /* Send Up events to all started protos. */ 2497 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2498 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2499 (cps[i])->Up(sp); 2500 2501 /* notify low-level driver of state change */ 2502 if (sp->pp_chg) 2503 sp->pp_chg(sp, (int)sp->pp_phase); 2504 2505 if (sp->pp_phase == PHASE_NETWORK) 2506 /* if no NCP is starting, close down */ 2507 sppp_lcp_check_and_close(sp); 2508} 2509 2510static void 2511sppp_lcp_tld(struct sppp *sp) 2512{ 2513 STDDCL; 2514 int i; 2515 u_long mask; 2516 2517 sp->pp_phase = PHASE_TERMINATE; 2518 2519 if (debug) 2520 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2521 sppp_phase_name(sp->pp_phase)); 2522 2523 /* 2524 * Take upper layers down. We send the Down event first and 2525 * the Close second to prevent the upper layers from sending 2526 * ``a flurry of terminate-request packets'', as the RFC 2527 * describes it. 2528 */ 2529 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2530 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2531 (cps[i])->Down(sp); 2532 (cps[i])->Close(sp); 2533 } 2534} 2535 2536static void 2537sppp_lcp_tls(struct sppp *sp) 2538{ 2539 STDDCL; 2540 2541 sp->pp_phase = PHASE_ESTABLISH; 2542 2543 if (debug) 2544 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2545 sppp_phase_name(sp->pp_phase)); 2546 2547 /* Notify lower layer if desired. */ 2548 if (sp->pp_tls) 2549 (sp->pp_tls)(sp); 2550 else 2551 (sp->pp_up)(sp); 2552} 2553 2554static void 2555sppp_lcp_tlf(struct sppp *sp) 2556{ 2557 STDDCL; 2558 2559 sp->pp_phase = PHASE_DEAD; 2560 if (debug) 2561 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2562 sppp_phase_name(sp->pp_phase)); 2563 2564 /* Notify lower layer if desired. */ 2565 if (sp->pp_tlf) 2566 (sp->pp_tlf)(sp); 2567 else 2568 (sp->pp_down)(sp); 2569} 2570 2571static void 2572sppp_lcp_scr(struct sppp *sp) 2573{ 2574 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2575 int i = 0; 2576 u_short authproto; 2577 2578 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2579 if (! sp->lcp.magic) 2580#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2581 sp->lcp.magic = random(); 2582#else 2583 sp->lcp.magic = time.tv_sec + time.tv_usec; 2584#endif 2585 opt[i++] = LCP_OPT_MAGIC; 2586 opt[i++] = 6; 2587 opt[i++] = sp->lcp.magic >> 24; 2588 opt[i++] = sp->lcp.magic >> 16; 2589 opt[i++] = sp->lcp.magic >> 8; 2590 opt[i++] = sp->lcp.magic; 2591 } 2592 2593 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2594 opt[i++] = LCP_OPT_MRU; 2595 opt[i++] = 4; 2596 opt[i++] = sp->lcp.mru >> 8; 2597 opt[i++] = sp->lcp.mru; 2598 } 2599 2600 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2601 authproto = sp->hisauth.proto; 2602 opt[i++] = LCP_OPT_AUTH_PROTO; 2603 opt[i++] = authproto == PPP_CHAP? 5: 4; 2604 opt[i++] = authproto >> 8; 2605 opt[i++] = authproto; 2606 if (authproto == PPP_CHAP) 2607 opt[i++] = CHAP_MD5; 2608 } 2609 2610 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2611 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2612} 2613 2614/* 2615 * Check the open NCPs, return true if at least one NCP is open. 2616 */ 2617static int 2618sppp_ncp_check(struct sppp *sp) 2619{ 2620 int i, mask; 2621 2622 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2623 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2624 return 1; 2625 return 0; 2626} 2627 2628/* 2629 * Re-check the open NCPs and see if we should terminate the link. 2630 * Called by the NCPs during their tlf action handling. 2631 */ 2632static void 2633sppp_lcp_check_and_close(struct sppp *sp) 2634{ 2635 2636 if (sp->pp_phase < PHASE_NETWORK) 2637 /* don't bother, we are already going down */ 2638 return; 2639 2640 if (sppp_ncp_check(sp)) 2641 return; 2642 2643 lcp.Close(sp); 2644} 2645 2646/* 2647 *--------------------------------------------------------------------------* 2648 * * 2649 * The IPCP implementation. * 2650 * * 2651 *--------------------------------------------------------------------------* 2652 */ 2653 2654static void 2655sppp_ipcp_init(struct sppp *sp) 2656{ 2657 sp->ipcp.opts = 0; 2658 sp->ipcp.flags = 0; 2659 sp->state[IDX_IPCP] = STATE_INITIAL; 2660 sp->fail_counter[IDX_IPCP] = 0; 2661 sp->pp_seq[IDX_IPCP] = 0; 2662 sp->pp_rseq[IDX_IPCP] = 0; 2663#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2664 callout_handle_init(&sp->ch[IDX_IPCP]); 2665#endif 2666} 2667 2668static void 2669sppp_ipcp_up(struct sppp *sp) 2670{ 2671 sppp_up_event(&ipcp, sp); 2672} 2673 2674static void 2675sppp_ipcp_down(struct sppp *sp) 2676{ 2677 sppp_down_event(&ipcp, sp); 2678} 2679 2680static void 2681sppp_ipcp_open(struct sppp *sp) 2682{ 2683 STDDCL; 2684 u_long myaddr, hisaddr; 2685 2686 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN); 2687 2688 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2689 /* 2690 * If we don't have his address, this probably means our 2691 * interface doesn't want to talk IP at all. (This could 2692 * be the case if somebody wants to speak only IPX, for 2693 * example.) Don't open IPCP in this case. 2694 */ 2695 if (hisaddr == 0L) { 2696 /* XXX this message should go away */ 2697 if (debug) 2698 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2699 SPP_ARGS(ifp)); 2700 return; 2701 } 2702 2703 if (myaddr == 0L) { 2704 /* 2705 * I don't have an assigned address, so i need to 2706 * negotiate my address. 2707 */ 2708 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2709 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2710 } else 2711 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2712 sppp_open_event(&ipcp, sp); 2713} 2714 2715static void 2716sppp_ipcp_close(struct sppp *sp) 2717{ 2718 sppp_close_event(&ipcp, sp); 2719 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2720 /* 2721 * My address was dynamic, clear it again. 2722 */ 2723 sppp_set_ip_addr(sp, 0L); 2724} 2725 2726static void 2727sppp_ipcp_TO(void *cookie) 2728{ 2729 sppp_to_event(&ipcp, (struct sppp *)cookie); 2730} 2731 2732/* 2733 * Analyze a configure request. Return true if it was agreeable, and 2734 * caused action sca, false if it has been rejected or nak'ed, and 2735 * caused action scn. (The return value is used to make the state 2736 * transition decision in the state automaton.) 2737 */ 2738static int 2739sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2740{ 2741 u_char *buf, *r, *p; 2742 struct ifnet *ifp = &sp->pp_if; 2743 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2744 u_long hisaddr, desiredaddr; 2745 int gotmyaddr = 0; 2746 2747 len -= 4; 2748 origlen = len; 2749 /* 2750 * Make sure to allocate a buf that can at least hold a 2751 * conf-nak with an `address' option. We might need it below. 2752 */ 2753 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2754 if (! buf) 2755 return (0); 2756 2757 /* pass 1: see if we can recognize them */ 2758 if (debug) 2759 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2760 SPP_ARGS(ifp)); 2761 p = (void*) (h+1); 2762 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2763 if (debug) 2764 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2765 switch (*p) { 2766 case IPCP_OPT_ADDRESS: 2767 if (len >= 6 && p[1] == 6) { 2768 /* correctly formed address option */ 2769 continue; 2770 } 2771 if (debug) 2772 log(-1, "[invalid] "); 2773 break; 2774 default: 2775 /* Others not supported. */ 2776 if (debug) 2777 log(-1, "[rej] "); 2778 break; 2779 } 2780 /* Add the option to rejected list. */ 2781 bcopy (p, r, p[1]); 2782 r += p[1]; 2783 rlen += p[1]; 2784 } 2785 if (rlen) { 2786 if (debug) 2787 log(-1, " send conf-rej\n"); 2788 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2789 return 0; 2790 } else if (debug) 2791 log(-1, "\n"); 2792 2793 /* pass 2: parse option values */ 2794 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2795 if (debug) 2796 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2797 SPP_ARGS(ifp)); 2798 p = (void*) (h+1); 2799 len = origlen; 2800 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2801 if (debug) 2802 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2803 switch (*p) { 2804 case IPCP_OPT_ADDRESS: 2805 /* This is the address he wants in his end */ 2806 desiredaddr = p[2] << 24 | p[3] << 16 | 2807 p[4] << 8 | p[5]; 2808 if (desiredaddr == hisaddr || 2809 (hisaddr == 1 && desiredaddr != 0)) { 2810 /* 2811 * Peer's address is same as our value, 2812 * or we have set it to 0.0.0.1 to 2813 * indicate that we do not really care, 2814 * this is agreeable. Gonna conf-ack 2815 * it. 2816 */ 2817 if (debug) 2818 log(-1, "%s [ack] ", 2819 sppp_dotted_quad(hisaddr)); 2820 /* record that we've seen it already */ 2821 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2822 continue; 2823 } 2824 /* 2825 * The address wasn't agreeable. This is either 2826 * he sent us 0.0.0.0, asking to assign him an 2827 * address, or he send us another address not 2828 * matching our value. Either case, we gonna 2829 * conf-nak it with our value. 2830 * XXX: we should "rej" if hisaddr == 0 2831 */ 2832 if (debug) { 2833 if (desiredaddr == 0) 2834 log(-1, "[addr requested] "); 2835 else 2836 log(-1, "%s [not agreed] ", 2837 sppp_dotted_quad(desiredaddr)); 2838 2839 } 2840 p[2] = hisaddr >> 24; 2841 p[3] = hisaddr >> 16; 2842 p[4] = hisaddr >> 8; 2843 p[5] = hisaddr; 2844 break; 2845 } 2846 /* Add the option to nak'ed list. */ 2847 bcopy (p, r, p[1]); 2848 r += p[1]; 2849 rlen += p[1]; 2850 } 2851 2852 /* 2853 * If we are about to conf-ack the request, but haven't seen 2854 * his address so far, gonna conf-nak it instead, with the 2855 * `address' option present and our idea of his address being 2856 * filled in there, to request negotiation of both addresses. 2857 * 2858 * XXX This can result in an endless req - nak loop if peer 2859 * doesn't want to send us his address. Q: What should we do 2860 * about it? XXX A: implement the max-failure counter. 2861 */ 2862 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 2863 buf[0] = IPCP_OPT_ADDRESS; 2864 buf[1] = 6; 2865 buf[2] = hisaddr >> 24; 2866 buf[3] = hisaddr >> 16; 2867 buf[4] = hisaddr >> 8; 2868 buf[5] = hisaddr; 2869 rlen = 6; 2870 if (debug) 2871 log(-1, "still need hisaddr "); 2872 } 2873 2874 if (rlen) { 2875 if (debug) 2876 log(-1, " send conf-nak\n"); 2877 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2878 } else { 2879 if (debug) 2880 log(-1, " send conf-ack\n"); 2881 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2882 h->ident, origlen, h+1); 2883 } 2884 2885 free (buf, M_TEMP); 2886 return (rlen == 0); 2887} 2888 2889/* 2890 * Analyze the IPCP Configure-Reject option list, and adjust our 2891 * negotiation. 2892 */ 2893static void 2894sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2895{ 2896 u_char *buf, *p; 2897 struct ifnet *ifp = &sp->pp_if; 2898 int debug = ifp->if_flags & IFF_DEBUG; 2899 2900 len -= 4; 2901 buf = malloc (len, M_TEMP, M_NOWAIT); 2902 if (!buf) 2903 return; 2904 2905 if (debug) 2906 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 2907 SPP_ARGS(ifp)); 2908 2909 p = (void*) (h+1); 2910 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2911 if (debug) 2912 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2913 switch (*p) { 2914 case IPCP_OPT_ADDRESS: 2915 /* 2916 * Peer doesn't grok address option. This is 2917 * bad. XXX Should we better give up here? 2918 * XXX We could try old "addresses" option... 2919 */ 2920 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 2921 break; 2922 } 2923 } 2924 if (debug) 2925 log(-1, "\n"); 2926 free (buf, M_TEMP); 2927 return; 2928} 2929 2930/* 2931 * Analyze the IPCP Configure-NAK option list, and adjust our 2932 * negotiation. 2933 */ 2934static void 2935sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2936{ 2937 u_char *buf, *p; 2938 struct ifnet *ifp = &sp->pp_if; 2939 int debug = ifp->if_flags & IFF_DEBUG; 2940 u_long wantaddr; 2941 2942 len -= 4; 2943 buf = malloc (len, M_TEMP, M_NOWAIT); 2944 if (!buf) 2945 return; 2946 2947 if (debug) 2948 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 2949 SPP_ARGS(ifp)); 2950 2951 p = (void*) (h+1); 2952 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2953 if (debug) 2954 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2955 switch (*p) { 2956 case IPCP_OPT_ADDRESS: 2957 /* 2958 * Peer doesn't like our local IP address. See 2959 * if we can do something for him. We'll drop 2960 * him our address then. 2961 */ 2962 if (len >= 6 && p[1] == 6) { 2963 wantaddr = p[2] << 24 | p[3] << 16 | 2964 p[4] << 8 | p[5]; 2965 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2966 if (debug) 2967 log(-1, "[wantaddr %s] ", 2968 sppp_dotted_quad(wantaddr)); 2969 /* 2970 * When doing dynamic address assignment, 2971 * we accept his offer. Otherwise, we 2972 * ignore it and thus continue to negotiate 2973 * our already existing value. 2974 * XXX: Bogus, if he said no once, he'll 2975 * just say no again, might as well die. 2976 */ 2977 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 2978 sppp_set_ip_addr(sp, wantaddr); 2979 if (debug) 2980 log(-1, "[agree] "); 2981 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2982 } 2983 } 2984 break; 2985 } 2986 } 2987 if (debug) 2988 log(-1, "\n"); 2989 free (buf, M_TEMP); 2990 return; 2991} 2992 2993static void 2994sppp_ipcp_tlu(struct sppp *sp) 2995{ 2996 /* we are up - notify isdn daemon */ 2997 if (sp->pp_con) 2998 sp->pp_con(sp); 2999} 3000 3001static void 3002sppp_ipcp_tld(struct sppp *sp) 3003{ 3004} 3005 3006static void 3007sppp_ipcp_tls(struct sppp *sp) 3008{ 3009 /* indicate to LCP that it must stay alive */ 3010 sp->lcp.protos |= (1 << IDX_IPCP); 3011} 3012 3013static void 3014sppp_ipcp_tlf(struct sppp *sp) 3015{ 3016 /* we no longer need LCP */ 3017 sp->lcp.protos &= ~(1 << IDX_IPCP); 3018 sppp_lcp_check_and_close(sp); 3019} 3020 3021static void 3022sppp_ipcp_scr(struct sppp *sp) 3023{ 3024 char opt[6 /* compression */ + 6 /* address */]; 3025 u_long ouraddr; 3026 int i = 0; 3027 3028 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3029 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3030 opt[i++] = IPCP_OPT_ADDRESS; 3031 opt[i++] = 6; 3032 opt[i++] = ouraddr >> 24; 3033 opt[i++] = ouraddr >> 16; 3034 opt[i++] = ouraddr >> 8; 3035 opt[i++] = ouraddr; 3036 } 3037 3038 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3039 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3040} 3041 3042/* 3043 *--------------------------------------------------------------------------* 3044 * * 3045 * The IPv6CP implementation. * 3046 * * 3047 *--------------------------------------------------------------------------* 3048 */ 3049 3050#ifdef INET6 3051static void 3052sppp_ipv6cp_init(struct sppp *sp) 3053{ 3054 sp->ipv6cp.opts = 0; 3055 sp->ipv6cp.flags = 0; 3056 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3057 sp->fail_counter[IDX_IPV6CP] = 0; 3058 sp->pp_seq[IDX_IPV6CP] = 0; 3059 sp->pp_rseq[IDX_IPV6CP] = 0; 3060#if defined(__NetBSD__) 3061 callout_init(&sp->ch[IDX_IPV6CP]); 3062#endif 3063#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3064 callout_handle_init(&sp->ch[IDX_IPV6CP]); 3065#endif 3066} 3067 3068static void 3069sppp_ipv6cp_up(struct sppp *sp) 3070{ 3071 sppp_up_event(&ipv6cp, sp); 3072} 3073 3074static void 3075sppp_ipv6cp_down(struct sppp *sp) 3076{ 3077 sppp_down_event(&ipv6cp, sp); 3078} 3079 3080static void 3081sppp_ipv6cp_open(struct sppp *sp) 3082{ 3083 STDDCL; 3084 struct in6_addr myaddr, hisaddr; 3085 3086#ifdef IPV6CP_MYIFID_DYN 3087 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3088#else 3089 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3090#endif 3091 3092 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3093 /* 3094 * If we don't have our address, this probably means our 3095 * interface doesn't want to talk IPv6 at all. (This could 3096 * be the case if somebody wants to speak only IPX, for 3097 * example.) Don't open IPv6CP in this case. 3098 */ 3099 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3100 /* XXX this message should go away */ 3101 if (debug) 3102 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3103 SPP_ARGS(ifp)); 3104 return; 3105 } 3106 3107 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3108 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3109 sppp_open_event(&ipv6cp, sp); 3110} 3111 3112static void 3113sppp_ipv6cp_close(struct sppp *sp) 3114{ 3115 sppp_close_event(&ipv6cp, sp); 3116} 3117 3118static void 3119sppp_ipv6cp_TO(void *cookie) 3120{ 3121 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3122} 3123 3124/* 3125 * Analyze a configure request. Return true if it was agreeable, and 3126 * caused action sca, false if it has been rejected or nak'ed, and 3127 * caused action scn. (The return value is used to make the state 3128 * transition decision in the state automaton.) 3129 */ 3130static int 3131sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3132{ 3133 u_char *buf, *r, *p; 3134 struct ifnet *ifp = &sp->pp_if; 3135 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3136 struct in6_addr myaddr, desiredaddr, suggestaddr; 3137 int ifidcount; 3138 int type; 3139 int collision, nohisaddr; 3140 3141 len -= 4; 3142 origlen = len; 3143 /* 3144 * Make sure to allocate a buf that can at least hold a 3145 * conf-nak with an `address' option. We might need it below. 3146 */ 3147 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3148 if (! buf) 3149 return (0); 3150 3151 /* pass 1: see if we can recognize them */ 3152 if (debug) 3153 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3154 SPP_ARGS(ifp)); 3155 p = (void*) (h+1); 3156 ifidcount = 0; 3157 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3158 if (debug) 3159 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3160 switch (*p) { 3161 case IPV6CP_OPT_IFID: 3162 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3163 /* correctly formed address option */ 3164 ifidcount++; 3165 continue; 3166 } 3167 if (debug) 3168 log(-1, " [invalid]"); 3169 break; 3170#ifdef notyet 3171 case IPV6CP_OPT_COMPRESSION: 3172 if (len >= 4 && p[1] >= 4) { 3173 /* correctly formed compress option */ 3174 continue; 3175 } 3176 if (debug) 3177 log(-1, " [invalid]"); 3178 break; 3179#endif 3180 default: 3181 /* Others not supported. */ 3182 if (debug) 3183 log(-1, " [rej]"); 3184 break; 3185 } 3186 /* Add the option to rejected list. */ 3187 bcopy (p, r, p[1]); 3188 r += p[1]; 3189 rlen += p[1]; 3190 } 3191 if (rlen) { 3192 if (debug) 3193 log(-1, " send conf-rej\n"); 3194 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3195 goto end; 3196 } else if (debug) 3197 log(-1, "\n"); 3198 3199 /* pass 2: parse option values */ 3200 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3201 if (debug) 3202 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3203 SPP_ARGS(ifp)); 3204 p = (void*) (h+1); 3205 len = origlen; 3206 type = CONF_ACK; 3207 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3208 if (debug) 3209 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3210 switch (*p) { 3211#ifdef notyet 3212 case IPV6CP_OPT_COMPRESSION: 3213 continue; 3214#endif 3215 case IPV6CP_OPT_IFID: 3216 bzero(&desiredaddr, sizeof(desiredaddr)); 3217 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3218 collision = (bcmp(&desiredaddr.s6_addr[8], 3219 &myaddr.s6_addr[8], 8) == 0); 3220 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3221 3222 desiredaddr.s6_addr16[0] = htons(0xfe80); 3223 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3224 3225 if (!collision && !nohisaddr) { 3226 /* no collision, hisaddr known - Conf-Ack */ 3227 type = CONF_ACK; 3228 3229 if (debug) { 3230 log(-1, " %s [%s]", 3231 ip6_sprintf(&desiredaddr), 3232 sppp_cp_type_name(type)); 3233 } 3234 continue; 3235 } 3236 3237 bzero(&suggestaddr, sizeof(&suggestaddr)); 3238 if (collision && nohisaddr) { 3239 /* collision, hisaddr unknown - Conf-Rej */ 3240 type = CONF_REJ; 3241 bzero(&p[2], 8); 3242 } else { 3243 /* 3244 * - no collision, hisaddr unknown, or 3245 * - collision, hisaddr known 3246 * Conf-Nak, suggest hisaddr 3247 */ 3248 type = CONF_NAK; 3249 sppp_suggest_ip6_addr(sp, &suggestaddr); 3250 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3251 } 3252 if (debug) 3253 log(-1, " %s [%s]", ip6_sprintf(&desiredaddr), 3254 sppp_cp_type_name(type)); 3255 break; 3256 } 3257 /* Add the option to nak'ed list. */ 3258 bcopy (p, r, p[1]); 3259 r += p[1]; 3260 rlen += p[1]; 3261 } 3262 3263 if (rlen == 0 && type == CONF_ACK) { 3264 if (debug) 3265 log(-1, " send %s\n", sppp_cp_type_name(type)); 3266 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3267 } else { 3268#ifdef DIAGNOSTIC 3269 if (type == CONF_ACK) 3270 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3271#endif 3272 3273 if (debug) { 3274 log(-1, " send %s suggest %s\n", 3275 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3276 } 3277 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3278 } 3279 3280 end: 3281 free (buf, M_TEMP); 3282 return (rlen == 0); 3283} 3284 3285/* 3286 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3287 * negotiation. 3288 */ 3289static void 3290sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3291{ 3292 u_char *buf, *p; 3293 struct ifnet *ifp = &sp->pp_if; 3294 int debug = ifp->if_flags & IFF_DEBUG; 3295 3296 len -= 4; 3297 buf = malloc (len, M_TEMP, M_NOWAIT); 3298 if (!buf) 3299 return; 3300 3301 if (debug) 3302 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3303 SPP_ARGS(ifp)); 3304 3305 p = (void*) (h+1); 3306 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3307 if (debug) 3308 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3309 switch (*p) { 3310 case IPV6CP_OPT_IFID: 3311 /* 3312 * Peer doesn't grok address option. This is 3313 * bad. XXX Should we better give up here? 3314 */ 3315 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3316 break; 3317#ifdef notyet 3318 case IPV6CP_OPT_COMPRESS: 3319 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3320 break; 3321#endif 3322 } 3323 } 3324 if (debug) 3325 log(-1, "\n"); 3326 free (buf, M_TEMP); 3327 return; 3328} 3329 3330/* 3331 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3332 * negotiation. 3333 */ 3334static void 3335sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3336{ 3337 u_char *buf, *p; 3338 struct ifnet *ifp = &sp->pp_if; 3339 int debug = ifp->if_flags & IFF_DEBUG; 3340 struct in6_addr suggestaddr; 3341 3342 len -= 4; 3343 buf = malloc (len, M_TEMP, M_NOWAIT); 3344 if (!buf) 3345 return; 3346 3347 if (debug) 3348 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3349 SPP_ARGS(ifp)); 3350 3351 p = (void*) (h+1); 3352 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3353 if (debug) 3354 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3355 switch (*p) { 3356 case IPV6CP_OPT_IFID: 3357 /* 3358 * Peer doesn't like our local ifid. See 3359 * if we can do something for him. We'll drop 3360 * him our address then. 3361 */ 3362 if (len < 10 || p[1] != 10) 3363 break; 3364 bzero(&suggestaddr, sizeof(suggestaddr)); 3365 suggestaddr.s6_addr16[0] = htons(0xfe80); 3366 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3367 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3368 3369 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3370 if (debug) 3371 log(-1, " [suggestaddr %s]", 3372 ip6_sprintf(&suggestaddr)); 3373#ifdef IPV6CP_MYIFID_DYN 3374 /* 3375 * When doing dynamic address assignment, 3376 * we accept his offer. 3377 */ 3378 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3379 struct in6_addr lastsuggest; 3380 /* 3381 * If <suggested myaddr from peer> equals to 3382 * <hisaddr we have suggested last time>, 3383 * we have a collision. generate new random 3384 * ifid. 3385 */ 3386 sppp_suggest_ip6_addr(&lastsuggest); 3387 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3388 lastsuggest)) { 3389 if (debug) 3390 log(-1, " [random]"); 3391 sppp_gen_ip6_addr(sp, &suggestaddr); 3392 } 3393 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3394 if (debug) 3395 log(-1, " [agree]"); 3396 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3397 } 3398#else 3399 /* 3400 * Since we do not do dynamic address assignment, 3401 * we ignore it and thus continue to negotiate 3402 * our already existing value. This can possibly 3403 * go into infinite request-reject loop. 3404 * 3405 * This is not likely because we normally use 3406 * ifid based on MAC-address. 3407 * If you have no ethernet card on the node, too bad. 3408 * XXX should we use fail_counter? 3409 */ 3410#endif 3411 break; 3412#ifdef notyet 3413 case IPV6CP_OPT_COMPRESS: 3414 /* 3415 * Peer wants different compression parameters. 3416 */ 3417 break; 3418#endif 3419 } 3420 } 3421 if (debug) 3422 log(-1, "\n"); 3423 free (buf, M_TEMP); 3424 return; 3425} 3426static void 3427sppp_ipv6cp_tlu(struct sppp *sp) 3428{ 3429 /* we are up - notify isdn daemon */ 3430 if (sp->pp_con) 3431 sp->pp_con(sp); 3432} 3433 3434static void 3435sppp_ipv6cp_tld(struct sppp *sp) 3436{ 3437} 3438 3439static void 3440sppp_ipv6cp_tls(struct sppp *sp) 3441{ 3442 /* indicate to LCP that it must stay alive */ 3443 sp->lcp.protos |= (1 << IDX_IPV6CP); 3444} 3445 3446static void 3447sppp_ipv6cp_tlf(struct sppp *sp) 3448{ 3449 3450#if 0 /* need #if 0 to close IPv6CP properly */ 3451 /* we no longer need LCP */ 3452 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3453 sppp_lcp_check_and_close(sp); 3454#endif 3455} 3456 3457static void 3458sppp_ipv6cp_scr(struct sppp *sp) 3459{ 3460 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3461 struct in6_addr ouraddr; 3462 int i = 0; 3463 3464 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3465 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3466 opt[i++] = IPV6CP_OPT_IFID; 3467 opt[i++] = 10; 3468 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3469 i += 8; 3470 } 3471 3472#ifdef notyet 3473 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3474 opt[i++] = IPV6CP_OPT_COMPRESSION; 3475 opt[i++] = 4; 3476 opt[i++] = 0; /* TBD */ 3477 opt[i++] = 0; /* TBD */ 3478 /* variable length data may follow */ 3479 } 3480#endif 3481 3482 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3483 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3484} 3485#else /*INET6*/ 3486static void sppp_ipv6cp_init(struct sppp *sp) 3487{ 3488} 3489 3490static void sppp_ipv6cp_up(struct sppp *sp) 3491{ 3492} 3493 3494static void sppp_ipv6cp_down(struct sppp *sp) 3495{ 3496} 3497 3498 3499static void sppp_ipv6cp_open(struct sppp *sp) 3500{ 3501} 3502 3503static void sppp_ipv6cp_close(struct sppp *sp) 3504{ 3505} 3506 3507static void sppp_ipv6cp_TO(void *sp) 3508{ 3509} 3510 3511static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3512{ 3513 return 0; 3514} 3515 3516static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3517{ 3518} 3519 3520static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3521{ 3522} 3523 3524static void sppp_ipv6cp_tlu(struct sppp *sp) 3525{ 3526} 3527 3528static void sppp_ipv6cp_tld(struct sppp *sp) 3529{ 3530} 3531 3532static void sppp_ipv6cp_tls(struct sppp *sp) 3533{ 3534} 3535 3536static void sppp_ipv6cp_tlf(struct sppp *sp) 3537{ 3538} 3539 3540static void sppp_ipv6cp_scr(struct sppp *sp) 3541{ 3542} 3543#endif /*INET6*/ 3544 3545/* 3546 *--------------------------------------------------------------------------* 3547 * * 3548 * The CHAP implementation. * 3549 * * 3550 *--------------------------------------------------------------------------* 3551 */ 3552 3553/* 3554 * The authentication protocols don't employ a full-fledged state machine as 3555 * the control protocols do, since they do have Open and Close events, but 3556 * not Up and Down, nor are they explicitly terminated. Also, use of the 3557 * authentication protocols may be different in both directions (this makes 3558 * sense, think of a machine that never accepts incoming calls but only 3559 * calls out, it doesn't require the called party to authenticate itself). 3560 * 3561 * Our state machine for the local authentication protocol (we are requesting 3562 * the peer to authenticate) looks like: 3563 * 3564 * RCA- 3565 * +--------------------------------------------+ 3566 * V scn,tld| 3567 * +--------+ Close +---------+ RCA+ 3568 * | |<----------------------------------| |------+ 3569 * +--->| Closed | TO* | Opened | sca | 3570 * | | |-----+ +-------| |<-----+ 3571 * | +--------+ irc | | +---------+ 3572 * | ^ | | ^ 3573 * | | | | | 3574 * | | | | | 3575 * | TO-| | | | 3576 * | |tld TO+ V | | 3577 * | | +------->+ | | 3578 * | | | | | | 3579 * | +--------+ V | | 3580 * | | |<----+<--------------------+ | 3581 * | | Req- | scr | 3582 * | | Sent | | 3583 * | | | | 3584 * | +--------+ | 3585 * | RCA- | | RCA+ | 3586 * +------+ +------------------------------------------+ 3587 * scn,tld sca,irc,ict,tlu 3588 * 3589 * 3590 * with: 3591 * 3592 * Open: LCP reached authentication phase 3593 * Close: LCP reached terminate phase 3594 * 3595 * RCA+: received reply (pap-req, chap-response), acceptable 3596 * RCN: received reply (pap-req, chap-response), not acceptable 3597 * TO+: timeout with restart counter >= 0 3598 * TO-: timeout with restart counter < 0 3599 * TO*: reschedule timeout for CHAP 3600 * 3601 * scr: send request packet (none for PAP, chap-challenge) 3602 * sca: send ack packet (pap-ack, chap-success) 3603 * scn: send nak packet (pap-nak, chap-failure) 3604 * ict: initialize re-challenge timer (CHAP only) 3605 * 3606 * tlu: this-layer-up, LCP reaches network phase 3607 * tld: this-layer-down, LCP enters terminate phase 3608 * 3609 * Note that in CHAP mode, after sending a new challenge, while the state 3610 * automaton falls back into Req-Sent state, it doesn't signal a tld 3611 * event to LCP, so LCP remains in network phase. Only after not getting 3612 * any response (or after getting an unacceptable response), CHAP closes, 3613 * causing LCP to enter terminate phase. 3614 * 3615 * With PAP, there is no initial request that can be sent. The peer is 3616 * expected to send one based on the successful negotiation of PAP as 3617 * the authentication protocol during the LCP option negotiation. 3618 * 3619 * Incoming authentication protocol requests (remote requests 3620 * authentication, we are peer) don't employ a state machine at all, 3621 * they are simply answered. Some peers [Ascend P50 firmware rev 3622 * 4.50] react allergically when sending IPCP requests while they are 3623 * still in authentication phase (thereby violating the standard that 3624 * demands that these NCP packets are to be discarded), so we keep 3625 * track of the peer demanding us to authenticate, and only proceed to 3626 * phase network once we've seen a positive acknowledge for the 3627 * authentication. 3628 */ 3629 3630/* 3631 * Handle incoming CHAP packets. 3632 */ 3633void 3634sppp_chap_input(struct sppp *sp, struct mbuf *m) 3635{ 3636 STDDCL; 3637 struct lcp_header *h; 3638 int len, x; 3639 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3640 int value_len, name_len; 3641 MD5_CTX ctx; 3642 3643 len = m->m_pkthdr.len; 3644 if (len < 4) { 3645 if (debug) 3646 log(LOG_DEBUG, 3647 SPP_FMT "chap invalid packet length: %d bytes\n", 3648 SPP_ARGS(ifp), len); 3649 return; 3650 } 3651 h = mtod (m, struct lcp_header*); 3652 if (len > ntohs (h->len)) 3653 len = ntohs (h->len); 3654 3655 switch (h->type) { 3656 /* challenge, failure and success are his authproto */ 3657 case CHAP_CHALLENGE: 3658 value = 1 + (u_char*)(h+1); 3659 value_len = value[-1]; 3660 name = value + value_len; 3661 name_len = len - value_len - 5; 3662 if (name_len < 0) { 3663 if (debug) { 3664 log(LOG_DEBUG, 3665 SPP_FMT "chap corrupted challenge " 3666 "<%s id=0x%x len=%d", 3667 SPP_ARGS(ifp), 3668 sppp_auth_type_name(PPP_CHAP, h->type), 3669 h->ident, ntohs(h->len)); 3670 sppp_print_bytes((u_char*) (h+1), len-4); 3671 log(-1, ">\n"); 3672 } 3673 break; 3674 } 3675 3676 if (debug) { 3677 log(LOG_DEBUG, 3678 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3679 SPP_ARGS(ifp), 3680 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3681 ntohs(h->len)); 3682 sppp_print_string((char*) name, name_len); 3683 log(-1, " value-size=%d value=", value_len); 3684 sppp_print_bytes(value, value_len); 3685 log(-1, ">\n"); 3686 } 3687 3688 /* Compute reply value. */ 3689 MD5Init(&ctx); 3690 MD5Update(&ctx, &h->ident, 1); 3691 MD5Update(&ctx, sp->myauth.secret, 3692 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3693 MD5Update(&ctx, value, value_len); 3694 MD5Final(digest, &ctx); 3695 dsize = sizeof digest; 3696 3697 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3698 sizeof dsize, (const char *)&dsize, 3699 sizeof digest, digest, 3700 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3701 sp->myauth.name, 3702 0); 3703 break; 3704 3705 case CHAP_SUCCESS: 3706 if (debug) { 3707 log(LOG_DEBUG, SPP_FMT "chap success", 3708 SPP_ARGS(ifp)); 3709 if (len > 4) { 3710 log(-1, ": "); 3711 sppp_print_string((char*)(h + 1), len - 4); 3712 } 3713 log(-1, "\n"); 3714 } 3715 x = splimp(); 3716 sp->pp_flags &= ~PP_NEEDAUTH; 3717 if (sp->myauth.proto == PPP_CHAP && 3718 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3719 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3720 /* 3721 * We are authenticator for CHAP but didn't 3722 * complete yet. Leave it to tlu to proceed 3723 * to network phase. 3724 */ 3725 splx(x); 3726 break; 3727 } 3728 splx(x); 3729 sppp_phase_network(sp); 3730 break; 3731 3732 case CHAP_FAILURE: 3733 if (debug) { 3734 log(LOG_INFO, SPP_FMT "chap failure", 3735 SPP_ARGS(ifp)); 3736 if (len > 4) { 3737 log(-1, ": "); 3738 sppp_print_string((char*)(h + 1), len - 4); 3739 } 3740 log(-1, "\n"); 3741 } else 3742 log(LOG_INFO, SPP_FMT "chap failure\n", 3743 SPP_ARGS(ifp)); 3744 /* await LCP shutdown by authenticator */ 3745 break; 3746 3747 /* response is my authproto */ 3748 case CHAP_RESPONSE: 3749 value = 1 + (u_char*)(h+1); 3750 value_len = value[-1]; 3751 name = value + value_len; 3752 name_len = len - value_len - 5; 3753 if (name_len < 0) { 3754 if (debug) { 3755 log(LOG_DEBUG, 3756 SPP_FMT "chap corrupted response " 3757 "<%s id=0x%x len=%d", 3758 SPP_ARGS(ifp), 3759 sppp_auth_type_name(PPP_CHAP, h->type), 3760 h->ident, ntohs(h->len)); 3761 sppp_print_bytes((u_char*)(h+1), len-4); 3762 log(-1, ">\n"); 3763 } 3764 break; 3765 } 3766 if (h->ident != sp->confid[IDX_CHAP]) { 3767 if (debug) 3768 log(LOG_DEBUG, 3769 SPP_FMT "chap dropping response for old ID " 3770 "(got %d, expected %d)\n", 3771 SPP_ARGS(ifp), 3772 h->ident, sp->confid[IDX_CHAP]); 3773 break; 3774 } 3775 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 3776 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3777 log(LOG_INFO, SPP_FMT "chap response, his name ", 3778 SPP_ARGS(ifp)); 3779 sppp_print_string(name, name_len); 3780 log(-1, " != expected "); 3781 sppp_print_string(sp->hisauth.name, 3782 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 3783 log(-1, "\n"); 3784 } 3785 if (debug) { 3786 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3787 "<%s id=0x%x len=%d name=", 3788 SPP_ARGS(ifp), 3789 sppp_state_name(sp->state[IDX_CHAP]), 3790 sppp_auth_type_name(PPP_CHAP, h->type), 3791 h->ident, ntohs (h->len)); 3792 sppp_print_string((char*)name, name_len); 3793 log(-1, " value-size=%d value=", value_len); 3794 sppp_print_bytes(value, value_len); 3795 log(-1, ">\n"); 3796 } 3797 if (value_len != AUTHKEYLEN) { 3798 if (debug) 3799 log(LOG_DEBUG, 3800 SPP_FMT "chap bad hash value length: " 3801 "%d bytes, should be %d\n", 3802 SPP_ARGS(ifp), value_len, 3803 AUTHKEYLEN); 3804 break; 3805 } 3806 3807 MD5Init(&ctx); 3808 MD5Update(&ctx, &h->ident, 1); 3809 MD5Update(&ctx, sp->hisauth.secret, 3810 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 3811 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 3812 MD5Final(digest, &ctx); 3813 3814#define FAILMSG "Failed..." 3815#define SUCCMSG "Welcome!" 3816 3817 if (value_len != sizeof digest || 3818 bcmp(digest, value, value_len) != 0) { 3819 /* action scn, tld */ 3820 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3821 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3822 0); 3823 chap.tld(sp); 3824 break; 3825 } 3826 /* action sca, perhaps tlu */ 3827 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3828 sp->state[IDX_CHAP] == STATE_OPENED) 3829 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3830 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3831 0); 3832 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3833 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3834 chap.tlu(sp); 3835 } 3836 break; 3837 3838 default: 3839 /* Unknown CHAP packet type -- ignore. */ 3840 if (debug) { 3841 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 3842 "<0x%x id=0x%xh len=%d", 3843 SPP_ARGS(ifp), 3844 sppp_state_name(sp->state[IDX_CHAP]), 3845 h->type, h->ident, ntohs(h->len)); 3846 sppp_print_bytes((u_char*)(h+1), len-4); 3847 log(-1, ">\n"); 3848 } 3849 break; 3850 3851 } 3852} 3853 3854static void 3855sppp_chap_init(struct sppp *sp) 3856{ 3857 /* Chap doesn't have STATE_INITIAL at all. */ 3858 sp->state[IDX_CHAP] = STATE_CLOSED; 3859 sp->fail_counter[IDX_CHAP] = 0; 3860 sp->pp_seq[IDX_CHAP] = 0; 3861 sp->pp_rseq[IDX_CHAP] = 0; 3862#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3863 callout_handle_init(&sp->ch[IDX_CHAP]); 3864#endif 3865} 3866 3867static void 3868sppp_chap_open(struct sppp *sp) 3869{ 3870 if (sp->myauth.proto == PPP_CHAP && 3871 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3872 /* we are authenticator for CHAP, start it */ 3873 chap.scr(sp); 3874 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3875 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3876 } 3877 /* nothing to be done if we are peer, await a challenge */ 3878} 3879 3880static void 3881sppp_chap_close(struct sppp *sp) 3882{ 3883 if (sp->state[IDX_CHAP] != STATE_CLOSED) 3884 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3885} 3886 3887static void 3888sppp_chap_TO(void *cookie) 3889{ 3890 struct sppp *sp = (struct sppp *)cookie; 3891 STDDCL; 3892 int s; 3893 3894 s = splimp(); 3895 if (debug) 3896 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 3897 SPP_ARGS(ifp), 3898 sppp_state_name(sp->state[IDX_CHAP]), 3899 sp->rst_counter[IDX_CHAP]); 3900 3901 if (--sp->rst_counter[IDX_CHAP] < 0) 3902 /* TO- event */ 3903 switch (sp->state[IDX_CHAP]) { 3904 case STATE_REQ_SENT: 3905 chap.tld(sp); 3906 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3907 break; 3908 } 3909 else 3910 /* TO+ (or TO*) event */ 3911 switch (sp->state[IDX_CHAP]) { 3912 case STATE_OPENED: 3913 /* TO* event */ 3914 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3915 /* fall through */ 3916 case STATE_REQ_SENT: 3917 chap.scr(sp); 3918 /* sppp_cp_change_state() will restart the timer */ 3919 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3920 break; 3921 } 3922 3923 splx(s); 3924} 3925 3926static void 3927sppp_chap_tlu(struct sppp *sp) 3928{ 3929 STDDCL; 3930 int i, x; 3931 3932 i = 0; 3933 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3934 3935 /* 3936 * Some broken CHAP implementations (Conware CoNet, firmware 3937 * 4.0.?) don't want to re-authenticate their CHAP once the 3938 * initial challenge-response exchange has taken place. 3939 * Provide for an option to avoid rechallenges. 3940 */ 3941 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 3942 /* 3943 * Compute the re-challenge timeout. This will yield 3944 * a number between 300 and 810 seconds. 3945 */ 3946 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 3947 TIMEOUT(chap.TO, (void *)sp, i * hz, sp->ch[IDX_CHAP]); 3948 } 3949 3950 if (debug) { 3951 log(LOG_DEBUG, 3952 SPP_FMT "chap %s, ", 3953 SPP_ARGS(ifp), 3954 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 3955 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 3956 log(-1, "next re-challenge in %d seconds\n", i); 3957 else 3958 log(-1, "re-challenging supressed\n"); 3959 } 3960 3961 x = splimp(); 3962 /* indicate to LCP that we need to be closed down */ 3963 sp->lcp.protos |= (1 << IDX_CHAP); 3964 3965 if (sp->pp_flags & PP_NEEDAUTH) { 3966 /* 3967 * Remote is authenticator, but his auth proto didn't 3968 * complete yet. Defer the transition to network 3969 * phase. 3970 */ 3971 splx(x); 3972 return; 3973 } 3974 splx(x); 3975 3976 /* 3977 * If we are already in phase network, we are done here. This 3978 * is the case if this is a dummy tlu event after a re-challenge. 3979 */ 3980 if (sp->pp_phase != PHASE_NETWORK) 3981 sppp_phase_network(sp); 3982} 3983 3984static void 3985sppp_chap_tld(struct sppp *sp) 3986{ 3987 STDDCL; 3988 3989 if (debug) 3990 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 3991 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 3992 sp->lcp.protos &= ~(1 << IDX_CHAP); 3993 3994 lcp.Close(sp); 3995} 3996 3997static void 3998sppp_chap_scr(struct sppp *sp) 3999{ 4000 u_long *ch, seed; 4001 u_char clen; 4002 4003 /* Compute random challenge. */ 4004 ch = (u_long *)sp->myauth.challenge; 4005#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4006 read_random(&seed, sizeof seed); 4007#else 4008 { 4009 struct timeval tv; 4010 microtime(&tv); 4011 seed = tv.tv_sec ^ tv.tv_usec; 4012 } 4013#endif 4014 ch[0] = seed ^ random(); 4015 ch[1] = seed ^ random(); 4016 ch[2] = seed ^ random(); 4017 ch[3] = seed ^ random(); 4018 clen = AUTHKEYLEN; 4019 4020 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4021 4022 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4023 sizeof clen, (const char *)&clen, 4024 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4025 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4026 sp->myauth.name, 4027 0); 4028} 4029 4030/* 4031 *--------------------------------------------------------------------------* 4032 * * 4033 * The PAP implementation. * 4034 * * 4035 *--------------------------------------------------------------------------* 4036 */ 4037/* 4038 * For PAP, we need to keep a little state also if we are the peer, not the 4039 * authenticator. This is since we don't get a request to authenticate, but 4040 * have to repeatedly authenticate ourself until we got a response (or the 4041 * retry counter is expired). 4042 */ 4043 4044/* 4045 * Handle incoming PAP packets. */ 4046static void 4047sppp_pap_input(struct sppp *sp, struct mbuf *m) 4048{ 4049 STDDCL; 4050 struct lcp_header *h; 4051 int len, x; 4052 u_char *name, *passwd, mlen; 4053 int name_len, passwd_len; 4054 4055 len = m->m_pkthdr.len; 4056 if (len < 5) { 4057 if (debug) 4058 log(LOG_DEBUG, 4059 SPP_FMT "pap invalid packet length: %d bytes\n", 4060 SPP_ARGS(ifp), len); 4061 return; 4062 } 4063 h = mtod (m, struct lcp_header*); 4064 if (len > ntohs (h->len)) 4065 len = ntohs (h->len); 4066 switch (h->type) { 4067 /* PAP request is my authproto */ 4068 case PAP_REQ: 4069 name = 1 + (u_char*)(h+1); 4070 name_len = name[-1]; 4071 passwd = name + name_len + 1; 4072 if (name_len > len - 6 || 4073 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4074 if (debug) { 4075 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4076 "<%s id=0x%x len=%d", 4077 SPP_ARGS(ifp), 4078 sppp_auth_type_name(PPP_PAP, h->type), 4079 h->ident, ntohs(h->len)); 4080 sppp_print_bytes((u_char*)(h+1), len-4); 4081 log(-1, ">\n"); 4082 } 4083 break; 4084 } 4085 if (debug) { 4086 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4087 "<%s id=0x%x len=%d name=", 4088 SPP_ARGS(ifp), 4089 sppp_state_name(sp->state[IDX_PAP]), 4090 sppp_auth_type_name(PPP_PAP, h->type), 4091 h->ident, ntohs(h->len)); 4092 sppp_print_string((char*)name, name_len); 4093 log(-1, " passwd="); 4094 sppp_print_string((char*)passwd, passwd_len); 4095 log(-1, ">\n"); 4096 } 4097 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4098 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4099 bcmp(name, sp->hisauth.name, name_len) != 0 || 4100 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4101 /* action scn, tld */ 4102 mlen = sizeof(FAILMSG) - 1; 4103 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4104 sizeof mlen, (const char *)&mlen, 4105 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4106 0); 4107 pap.tld(sp); 4108 break; 4109 } 4110 /* action sca, perhaps tlu */ 4111 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4112 sp->state[IDX_PAP] == STATE_OPENED) { 4113 mlen = sizeof(SUCCMSG) - 1; 4114 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4115 sizeof mlen, (const char *)&mlen, 4116 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4117 0); 4118 } 4119 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4120 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4121 pap.tlu(sp); 4122 } 4123 break; 4124 4125 /* ack and nak are his authproto */ 4126 case PAP_ACK: 4127 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4128 if (debug) { 4129 log(LOG_DEBUG, SPP_FMT "pap success", 4130 SPP_ARGS(ifp)); 4131 name_len = *((char *)h); 4132 if (len > 5 && name_len) { 4133 log(-1, ": "); 4134 sppp_print_string((char*)(h+1), name_len); 4135 } 4136 log(-1, "\n"); 4137 } 4138 x = splimp(); 4139 sp->pp_flags &= ~PP_NEEDAUTH; 4140 if (sp->myauth.proto == PPP_PAP && 4141 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4142 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4143 /* 4144 * We are authenticator for PAP but didn't 4145 * complete yet. Leave it to tlu to proceed 4146 * to network phase. 4147 */ 4148 splx(x); 4149 break; 4150 } 4151 splx(x); 4152 sppp_phase_network(sp); 4153 break; 4154 4155 case PAP_NAK: 4156 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4157 if (debug) { 4158 log(LOG_INFO, SPP_FMT "pap failure", 4159 SPP_ARGS(ifp)); 4160 name_len = *((char *)h); 4161 if (len > 5 && name_len) { 4162 log(-1, ": "); 4163 sppp_print_string((char*)(h+1), name_len); 4164 } 4165 log(-1, "\n"); 4166 } else 4167 log(LOG_INFO, SPP_FMT "pap failure\n", 4168 SPP_ARGS(ifp)); 4169 /* await LCP shutdown by authenticator */ 4170 break; 4171 4172 default: 4173 /* Unknown PAP packet type -- ignore. */ 4174 if (debug) { 4175 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4176 "<0x%x id=0x%x len=%d", 4177 SPP_ARGS(ifp), 4178 h->type, h->ident, ntohs(h->len)); 4179 sppp_print_bytes((u_char*)(h+1), len-4); 4180 log(-1, ">\n"); 4181 } 4182 break; 4183 4184 } 4185} 4186 4187static void 4188sppp_pap_init(struct sppp *sp) 4189{ 4190 /* PAP doesn't have STATE_INITIAL at all. */ 4191 sp->state[IDX_PAP] = STATE_CLOSED; 4192 sp->fail_counter[IDX_PAP] = 0; 4193 sp->pp_seq[IDX_PAP] = 0; 4194 sp->pp_rseq[IDX_PAP] = 0; 4195#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4196 callout_handle_init(&sp->ch[IDX_PAP]); 4197 callout_handle_init(&sp->pap_my_to_ch); 4198#endif 4199} 4200 4201static void 4202sppp_pap_open(struct sppp *sp) 4203{ 4204 if (sp->hisauth.proto == PPP_PAP && 4205 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4206 /* we are authenticator for PAP, start our timer */ 4207 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4208 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4209 } 4210 if (sp->myauth.proto == PPP_PAP) { 4211 /* we are peer, send a request, and start a timer */ 4212 pap.scr(sp); 4213 TIMEOUT(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout, 4214 sp->pap_my_to_ch); 4215 } 4216} 4217 4218static void 4219sppp_pap_close(struct sppp *sp) 4220{ 4221 if (sp->state[IDX_PAP] != STATE_CLOSED) 4222 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4223} 4224 4225/* 4226 * That's the timeout routine if we are authenticator. Since the 4227 * authenticator is basically passive in PAP, we can't do much here. 4228 */ 4229static void 4230sppp_pap_TO(void *cookie) 4231{ 4232 struct sppp *sp = (struct sppp *)cookie; 4233 STDDCL; 4234 int s; 4235 4236 s = splimp(); 4237 if (debug) 4238 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4239 SPP_ARGS(ifp), 4240 sppp_state_name(sp->state[IDX_PAP]), 4241 sp->rst_counter[IDX_PAP]); 4242 4243 if (--sp->rst_counter[IDX_PAP] < 0) 4244 /* TO- event */ 4245 switch (sp->state[IDX_PAP]) { 4246 case STATE_REQ_SENT: 4247 pap.tld(sp); 4248 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4249 break; 4250 } 4251 else 4252 /* TO+ event, not very much we could do */ 4253 switch (sp->state[IDX_PAP]) { 4254 case STATE_REQ_SENT: 4255 /* sppp_cp_change_state() will restart the timer */ 4256 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4257 break; 4258 } 4259 4260 splx(s); 4261} 4262 4263/* 4264 * That's the timeout handler if we are peer. Since the peer is active, 4265 * we need to retransmit our PAP request since it is apparently lost. 4266 * XXX We should impose a max counter. 4267 */ 4268static void 4269sppp_pap_my_TO(void *cookie) 4270{ 4271 struct sppp *sp = (struct sppp *)cookie; 4272 STDDCL; 4273 4274 if (debug) 4275 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4276 SPP_ARGS(ifp)); 4277 4278 pap.scr(sp); 4279} 4280 4281static void 4282sppp_pap_tlu(struct sppp *sp) 4283{ 4284 STDDCL; 4285 int x; 4286 4287 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4288 4289 if (debug) 4290 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4291 SPP_ARGS(ifp), pap.name); 4292 4293 x = splimp(); 4294 /* indicate to LCP that we need to be closed down */ 4295 sp->lcp.protos |= (1 << IDX_PAP); 4296 4297 if (sp->pp_flags & PP_NEEDAUTH) { 4298 /* 4299 * Remote is authenticator, but his auth proto didn't 4300 * complete yet. Defer the transition to network 4301 * phase. 4302 */ 4303 splx(x); 4304 return; 4305 } 4306 splx(x); 4307 sppp_phase_network(sp); 4308} 4309 4310static void 4311sppp_pap_tld(struct sppp *sp) 4312{ 4313 STDDCL; 4314 4315 if (debug) 4316 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4317 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 4318 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4319 sp->lcp.protos &= ~(1 << IDX_PAP); 4320 4321 lcp.Close(sp); 4322} 4323 4324static void 4325sppp_pap_scr(struct sppp *sp) 4326{ 4327 u_char idlen, pwdlen; 4328 4329 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4330 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4331 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4332 4333 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4334 sizeof idlen, (const char *)&idlen, 4335 (size_t)idlen, sp->myauth.name, 4336 sizeof pwdlen, (const char *)&pwdlen, 4337 (size_t)pwdlen, sp->myauth.secret, 4338 0); 4339} 4340 4341/* 4342 * Random miscellaneous functions. 4343 */ 4344 4345/* 4346 * Send a PAP or CHAP proto packet. 4347 * 4348 * Varadic function, each of the elements for the ellipsis is of type 4349 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4350 * mlen == 0. 4351 * NOTE: never declare variadic functions with types subject to type 4352 * promotion (i.e. u_char). This is asking for big trouble depending 4353 * on the architecture you are on... 4354 */ 4355 4356static void 4357sppp_auth_send(const struct cp *cp, struct sppp *sp, 4358 unsigned int type, unsigned int id, 4359 ...) 4360{ 4361 STDDCL; 4362 struct ppp_header *h; 4363 struct lcp_header *lh; 4364 struct mbuf *m; 4365 u_char *p; 4366 int len; 4367 unsigned int mlen; 4368 const char *msg; 4369 va_list ap; 4370 4371 MGETHDR (m, M_DONTWAIT, MT_DATA); 4372 if (! m) 4373 return; 4374 m->m_pkthdr.rcvif = 0; 4375 4376 h = mtod (m, struct ppp_header*); 4377 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4378 h->control = PPP_UI; /* Unnumbered Info */ 4379 h->protocol = htons(cp->proto); 4380 4381 lh = (struct lcp_header*)(h + 1); 4382 lh->type = type; 4383 lh->ident = id; 4384 p = (u_char*) (lh+1); 4385 4386 va_start(ap, id); 4387 len = 0; 4388 4389 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4390 msg = va_arg(ap, const char *); 4391 len += mlen; 4392 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4393 va_end(ap); 4394 m_freem(m); 4395 return; 4396 } 4397 4398 bcopy(msg, p, mlen); 4399 p += mlen; 4400 } 4401 va_end(ap); 4402 4403 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4404 lh->len = htons (LCP_HEADER_LEN + len); 4405 4406 if (debug) { 4407 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4408 SPP_ARGS(ifp), cp->name, 4409 sppp_auth_type_name(cp->proto, lh->type), 4410 lh->ident, ntohs(lh->len)); 4411 sppp_print_bytes((u_char*) (lh+1), len); 4412 log(-1, ">\n"); 4413 } 4414 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 4415 ifp->if_oerrors++; 4416} 4417 4418/* 4419 * Flush interface queue. 4420 */ 4421static void 4422sppp_qflush(struct ifqueue *ifq) 4423{ 4424 struct mbuf *m, *n; 4425 4426 n = ifq->ifq_head; 4427 while ((m = n)) { 4428 n = m->m_act; 4429 m_freem (m); 4430 } 4431 ifq->ifq_head = 0; 4432 ifq->ifq_tail = 0; 4433 ifq->ifq_len = 0; 4434} 4435 4436/* 4437 * Send keepalive packets, every 10 seconds. 4438 */ 4439static void 4440sppp_keepalive(void *dummy) 4441{ 4442 struct sppp *sp; 4443 int s; 4444 4445 s = splimp(); 4446 for (sp=spppq; sp; sp=sp->pp_next) { 4447 struct ifnet *ifp = &sp->pp_if; 4448 4449 /* Keepalive mode disabled or channel down? */ 4450 if (! (sp->pp_flags & PP_KEEPALIVE) || 4451 ! (ifp->if_flags & IFF_RUNNING)) 4452 continue; 4453 4454 /* No keepalive in PPP mode if LCP not opened yet. */ 4455 if (sp->pp_mode != IFF_CISCO && 4456 sp->pp_phase < PHASE_AUTHENTICATE) 4457 continue; 4458 4459 if (sp->pp_alivecnt == MAXALIVECNT) { 4460 /* No keepalive packets got. Stop the interface. */ 4461 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4462 if_down (ifp); 4463 sppp_qflush (&sp->pp_cpq); 4464 if (sp->pp_mode != IFF_CISCO) { 4465 /* XXX */ 4466 /* Shut down the PPP link. */ 4467 lcp.Down(sp); 4468 /* Initiate negotiation. XXX */ 4469 lcp.Up(sp); 4470 } 4471 } 4472 if (sp->pp_alivecnt <= MAXALIVECNT) 4473 ++sp->pp_alivecnt; 4474 if (sp->pp_mode == IFF_CISCO) 4475 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4476 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4477 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4478 long nmagic = htonl (sp->lcp.magic); 4479 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4480 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4481 sp->lcp.echoid, 4, &nmagic); 4482 } 4483 } 4484 splx(s); 4485 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 4486} 4487 4488/* 4489 * Get both IP addresses. 4490 */ 4491static void 4492sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4493{ 4494 struct ifnet *ifp = &sp->pp_if; 4495 struct ifaddr *ifa; 4496 struct sockaddr_in *si, *sm; 4497 u_long ssrc, ddst; 4498 4499 sm = NULL; 4500 ssrc = ddst = 0L; 4501 /* 4502 * Pick the first AF_INET address from the list, 4503 * aliases don't make any sense on a p2p link anyway. 4504 */ 4505 si = 0; 4506#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4507 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4508#elif defined(__NetBSD__) || defined (__OpenBSD__) 4509 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4510 ifa; 4511 ifa = TAILQ_NEXT(ifa, ifa_list)) 4512#else 4513 for (ifa = ifp->if_addrlist; 4514 ifa; 4515 ifa = ifa->ifa_next) 4516#endif 4517 if (ifa->ifa_addr->sa_family == AF_INET) { 4518 si = (struct sockaddr_in *)ifa->ifa_addr; 4519 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4520 if (si) 4521 break; 4522 } 4523 if (ifa) { 4524 if (si && si->sin_addr.s_addr) { 4525 ssrc = si->sin_addr.s_addr; 4526 if (srcmask) 4527 *srcmask = ntohl(sm->sin_addr.s_addr); 4528 } 4529 4530 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4531 if (si && si->sin_addr.s_addr) 4532 ddst = si->sin_addr.s_addr; 4533 } 4534 4535 if (dst) *dst = ntohl(ddst); 4536 if (src) *src = ntohl(ssrc); 4537} 4538 4539/* 4540 * Set my IP address. Must be called at splimp. 4541 */ 4542static void 4543sppp_set_ip_addr(struct sppp *sp, u_long src) 4544{ 4545 STDDCL; 4546 struct ifaddr *ifa; 4547 struct sockaddr_in *si; 4548 struct in_ifaddr *ia; 4549 4550 /* 4551 * Pick the first AF_INET address from the list, 4552 * aliases don't make any sense on a p2p link anyway. 4553 */ 4554 si = 0; 4555#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4556 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4557#elif defined(__NetBSD__) || defined (__OpenBSD__) 4558 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4559 ifa; 4560 ifa = TAILQ_NEXT(ifa, ifa_list)) 4561#else 4562 for (ifa = ifp->if_addrlist; 4563 ifa; 4564 ifa = ifa->ifa_next) 4565#endif 4566 { 4567 if (ifa->ifa_addr->sa_family == AF_INET) 4568 { 4569 si = (struct sockaddr_in *)ifa->ifa_addr; 4570 if (si) 4571 break; 4572 } 4573 } 4574 4575 if (ifa && si) 4576 { 4577 int error; 4578#if __NetBSD_Version__ >= 103080000 4579 struct sockaddr_in new_sin = *si; 4580 4581 new_sin.sin_addr.s_addr = htonl(src); 4582 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4583 if(debug && error) 4584 { 4585 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4586 " failed, error=%d\n", SPP_ARGS(ifp), error); 4587 } 4588#else 4589 /* delete old route */ 4590 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4591 if(debug && error) 4592 { 4593 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4594 SPP_ARGS(ifp), error); 4595 } 4596 4597 /* set new address */ 4598 si->sin_addr.s_addr = htonl(src); 4599 ia = ifatoia(ifa); 4600 LIST_REMOVE(ia, ia_hash); 4601 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4602 4603 /* add new route */ 4604 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4605 if (debug && error) 4606 { 4607 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4608 SPP_ARGS(ifp), error); 4609 } 4610#endif 4611 } 4612} 4613 4614#ifdef INET6 4615/* 4616 * Get both IPv6 addresses. 4617 */ 4618static void 4619sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4620 struct in6_addr *srcmask) 4621{ 4622 struct ifnet *ifp = &sp->pp_if; 4623 struct ifaddr *ifa; 4624 struct sockaddr_in6 *si, *sm; 4625 struct in6_addr ssrc, ddst; 4626 4627 sm = NULL; 4628 bzero(&ssrc, sizeof(ssrc)); 4629 bzero(&ddst, sizeof(ddst)); 4630 /* 4631 * Pick the first link-local AF_INET6 address from the list, 4632 * aliases don't make any sense on a p2p link anyway. 4633 */ 4634#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4635 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 4636 ifa; 4637 ifa = ifa->ifa_link.tqe_next) 4638#elif defined(__NetBSD__) || defined (__OpenBSD__) 4639 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 4640 ifa; 4641 ifa = ifa->ifa_list.tqe_next) 4642#else 4643 for (ifa = ifp->if_addrlist, si = 0; 4644 ifa; 4645 ifa = ifa->ifa_next) 4646#endif 4647 if (ifa->ifa_addr->sa_family == AF_INET6) { 4648 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4649 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4650 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4651 break; 4652 } 4653 if (ifa) { 4654 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4655 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4656 if (srcmask) { 4657 bcopy(&sm->sin6_addr, srcmask, 4658 sizeof(*srcmask)); 4659 } 4660 } 4661 4662 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4663 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4664 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4665 } 4666 4667 if (dst) 4668 bcopy(&ddst, dst, sizeof(*dst)); 4669 if (src) 4670 bcopy(&ssrc, src, sizeof(*src)); 4671} 4672 4673#ifdef IPV6CP_MYIFID_DYN 4674/* 4675 * Generate random ifid. 4676 */ 4677static void 4678sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4679{ 4680 /* TBD */ 4681} 4682 4683/* 4684 * Set my IPv6 address. Must be called at splimp. 4685 */ 4686static void 4687sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4688{ 4689 STDDCL; 4690 struct ifaddr *ifa; 4691 struct sockaddr_in6 *sin6; 4692 4693 /* 4694 * Pick the first link-local AF_INET6 address from the list, 4695 * aliases don't make any sense on a p2p link anyway. 4696 */ 4697 4698 sin6 = NULL; 4699#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4700 for (ifa = ifp->if_addrhead.tqh_first; 4701 ifa; 4702 ifa = ifa->ifa_link.tqe_next) 4703#elif defined(__NetBSD__) || defined (__OpenBSD__) 4704 for (ifa = ifp->if_addrlist.tqh_first; 4705 ifa; 4706 ifa = ifa->ifa_list.tqe_next) 4707#else 4708 for (ifa = ifp->if_addrlist; ifa; ifa = ifa->ifa_next) 4709#endif 4710 { 4711 if (ifa->ifa_addr->sa_family == AF_INET6) 4712 { 4713 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 4714 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 4715 break; 4716 } 4717 } 4718 4719 if (ifa && sin6) 4720 { 4721 int error; 4722 struct sockaddr_in6 new_sin6 = *sin6; 4723 4724 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 4725 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 4726 if (debug && error) 4727 { 4728 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 4729 " failed, error=%d\n", SPP_ARGS(ifp), error); 4730 } 4731 } 4732} 4733#endif 4734 4735/* 4736 * Suggest a candidate address to be used by peer. 4737 */ 4738static void 4739sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4740{ 4741 struct in6_addr myaddr; 4742 struct timeval tv; 4743 4744 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4745 4746 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4747 microtime(&tv); 4748 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 4749 myaddr.s6_addr[14] ^= 0xff; 4750 myaddr.s6_addr[15] ^= 0xff; 4751 } else { 4752 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 4753 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 4754 } 4755 if (suggest) 4756 bcopy(&myaddr, suggest, sizeof(myaddr)); 4757} 4758#endif /*INET6*/ 4759 4760static int 4761sppp_params(struct sppp *sp, u_long cmd, void *data) 4762{ 4763 u_long subcmd; 4764 struct ifreq *ifr = (struct ifreq *)data; 4765 struct spppreq spr; 4766 4767 /* 4768 * ifr->ifr_data is supposed to point to a struct spppreq. 4769 * Check the cmd word first before attempting to fetch all the 4770 * data. 4771 */ 4772 if ((subcmd = fuword(ifr->ifr_data)) == -1) 4773 return EFAULT; 4774 4775 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0) 4776 return EFAULT; 4777 4778 switch (subcmd) { 4779 case SPPPIOGDEFS: 4780 if (cmd != SIOCGIFGENERIC) 4781 return EINVAL; 4782 /* 4783 * We copy over the entire current state, but clean 4784 * out some of the stuff we don't wanna pass up. 4785 * Remember, SIOCGIFGENERIC is unprotected, and can be 4786 * called by any user. No need to ever get PAP or 4787 * CHAP secrets back to userland anyway. 4788 */ 4789 bcopy(sp, &spr.defs, sizeof(struct sppp)); 4790 bzero(spr.defs.myauth.secret, AUTHKEYLEN); 4791 bzero(spr.defs.myauth.challenge, AUTHKEYLEN); 4792 bzero(spr.defs.hisauth.secret, AUTHKEYLEN); 4793 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN); 4794 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr); 4795 4796 case SPPPIOSDEFS: 4797 if (cmd != SIOCSIFGENERIC) 4798 return EINVAL; 4799 /* 4800 * We have a very specific idea of which fields we allow 4801 * being passed back from userland, so to not clobber our 4802 * current state. For one, we only allow setting 4803 * anything if LCP is in dead phase. Once the LCP 4804 * negotiations started, the authentication settings must 4805 * not be changed again. (The administrator can force an 4806 * ifconfig down in order to get LCP back into dead 4807 * phase.) 4808 * 4809 * Also, we only allow for authentication parameters to be 4810 * specified. 4811 * 4812 * XXX Should allow to set or clear pp_flags. 4813 * 4814 * Finally, if the respective authentication protocol to 4815 * be used is set differently than 0, but the secret is 4816 * passed as all zeros, we don't trash the existing secret. 4817 * This allows an administrator to change the system name 4818 * only without clobbering the secret (which he didn't get 4819 * back in a previous SPPPIOGDEFS call). However, the 4820 * secrets are cleared if the authentication protocol is 4821 * reset to 0. 4822 */ 4823 if (sp->pp_phase != PHASE_DEAD) 4824 return EBUSY; 4825 4826 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP && 4827 spr.defs.myauth.proto != PPP_CHAP) || 4828 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP && 4829 spr.defs.hisauth.proto != PPP_CHAP)) 4830 return EINVAL; 4831 4832 if (spr.defs.myauth.proto == 0) 4833 /* resetting myauth */ 4834 bzero(&sp->myauth, sizeof sp->myauth); 4835 else { 4836 /* setting/changing myauth */ 4837 sp->myauth.proto = spr.defs.myauth.proto; 4838 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 4839 if (spr.defs.myauth.secret[0] != '\0') 4840 bcopy(spr.defs.myauth.secret, sp->myauth.secret, 4841 AUTHKEYLEN); 4842 } 4843 if (spr.defs.hisauth.proto == 0) 4844 /* resetting hisauth */ 4845 bzero(&sp->hisauth, sizeof sp->hisauth); 4846 else { 4847 /* setting/changing hisauth */ 4848 sp->hisauth.proto = spr.defs.hisauth.proto; 4849 sp->hisauth.flags = spr.defs.hisauth.flags; 4850 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 4851 if (spr.defs.hisauth.secret[0] != '\0') 4852 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret, 4853 AUTHKEYLEN); 4854 } 4855 break; 4856 4857 default: 4858 return EINVAL; 4859 } 4860 4861 return 0; 4862} 4863 4864static void 4865sppp_phase_network(struct sppp *sp) 4866{ 4867 STDDCL; 4868 int i; 4869 u_long mask; 4870 4871 sp->pp_phase = PHASE_NETWORK; 4872 4873 if (debug) 4874 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 4875 sppp_phase_name(sp->pp_phase)); 4876 4877 /* Notify NCPs now. */ 4878 for (i = 0; i < IDX_COUNT; i++) 4879 if ((cps[i])->flags & CP_NCP) 4880 (cps[i])->Open(sp); 4881 4882 /* Send Up events to all NCPs. */ 4883 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 4884 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 4885 (cps[i])->Up(sp); 4886 4887 /* if no NCP is starting, all this was in vain, close down */ 4888 sppp_lcp_check_and_close(sp); 4889} 4890 4891 4892static const char * 4893sppp_cp_type_name(u_char type) 4894{ 4895 static char buf[12]; 4896 switch (type) { 4897 case CONF_REQ: return "conf-req"; 4898 case CONF_ACK: return "conf-ack"; 4899 case CONF_NAK: return "conf-nak"; 4900 case CONF_REJ: return "conf-rej"; 4901 case TERM_REQ: return "term-req"; 4902 case TERM_ACK: return "term-ack"; 4903 case CODE_REJ: return "code-rej"; 4904 case PROTO_REJ: return "proto-rej"; 4905 case ECHO_REQ: return "echo-req"; 4906 case ECHO_REPLY: return "echo-reply"; 4907 case DISC_REQ: return "discard-req"; 4908 } 4909 snprintf (buf, sizeof(buf), "cp/0x%x", type); 4910 return buf; 4911} 4912 4913static const char * 4914sppp_auth_type_name(u_short proto, u_char type) 4915{ 4916 static char buf[12]; 4917 switch (proto) { 4918 case PPP_CHAP: 4919 switch (type) { 4920 case CHAP_CHALLENGE: return "challenge"; 4921 case CHAP_RESPONSE: return "response"; 4922 case CHAP_SUCCESS: return "success"; 4923 case CHAP_FAILURE: return "failure"; 4924 } 4925 case PPP_PAP: 4926 switch (type) { 4927 case PAP_REQ: return "req"; 4928 case PAP_ACK: return "ack"; 4929 case PAP_NAK: return "nak"; 4930 } 4931 } 4932 snprintf (buf, sizeof(buf), "auth/0x%x", type); 4933 return buf; 4934} 4935 4936static const char * 4937sppp_lcp_opt_name(u_char opt) 4938{ 4939 static char buf[12]; 4940 switch (opt) { 4941 case LCP_OPT_MRU: return "mru"; 4942 case LCP_OPT_ASYNC_MAP: return "async-map"; 4943 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 4944 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 4945 case LCP_OPT_MAGIC: return "magic"; 4946 case LCP_OPT_PROTO_COMP: return "proto-comp"; 4947 case LCP_OPT_ADDR_COMP: return "addr-comp"; 4948 } 4949 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 4950 return buf; 4951} 4952 4953static const char * 4954sppp_ipcp_opt_name(u_char opt) 4955{ 4956 static char buf[12]; 4957 switch (opt) { 4958 case IPCP_OPT_ADDRESSES: return "addresses"; 4959 case IPCP_OPT_COMPRESSION: return "compression"; 4960 case IPCP_OPT_ADDRESS: return "address"; 4961 } 4962 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 4963 return buf; 4964} 4965 4966#ifdef INET6 4967static const char * 4968sppp_ipv6cp_opt_name(u_char opt) 4969{ 4970 static char buf[12]; 4971 switch (opt) { 4972 case IPV6CP_OPT_IFID: return "ifid"; 4973 case IPV6CP_OPT_COMPRESSION: return "compression"; 4974 } 4975 sprintf (buf, "0x%x", opt); 4976 return buf; 4977} 4978#endif 4979 4980static const char * 4981sppp_state_name(int state) 4982{ 4983 switch (state) { 4984 case STATE_INITIAL: return "initial"; 4985 case STATE_STARTING: return "starting"; 4986 case STATE_CLOSED: return "closed"; 4987 case STATE_STOPPED: return "stopped"; 4988 case STATE_CLOSING: return "closing"; 4989 case STATE_STOPPING: return "stopping"; 4990 case STATE_REQ_SENT: return "req-sent"; 4991 case STATE_ACK_RCVD: return "ack-rcvd"; 4992 case STATE_ACK_SENT: return "ack-sent"; 4993 case STATE_OPENED: return "opened"; 4994 } 4995 return "illegal"; 4996} 4997 4998static const char * 4999sppp_phase_name(enum ppp_phase phase) 5000{ 5001 switch (phase) { 5002 case PHASE_DEAD: return "dead"; 5003 case PHASE_ESTABLISH: return "establish"; 5004 case PHASE_TERMINATE: return "terminate"; 5005 case PHASE_AUTHENTICATE: return "authenticate"; 5006 case PHASE_NETWORK: return "network"; 5007 } 5008 return "illegal"; 5009} 5010 5011static const char * 5012sppp_proto_name(u_short proto) 5013{ 5014 static char buf[12]; 5015 switch (proto) { 5016 case PPP_LCP: return "lcp"; 5017 case PPP_IPCP: return "ipcp"; 5018 case PPP_PAP: return "pap"; 5019 case PPP_CHAP: return "chap"; 5020 case PPP_IPV6CP: return "ipv6cp"; 5021 } 5022 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5023 return buf; 5024} 5025 5026static void 5027sppp_print_bytes(const u_char *p, u_short len) 5028{ 5029 if (len) 5030 log(-1, " %*D", len, p, "-"); 5031} 5032 5033static void 5034sppp_print_string(const char *p, u_short len) 5035{ 5036 u_char c; 5037 5038 while (len-- > 0) { 5039 c = *p++; 5040 /* 5041 * Print only ASCII chars directly. RFC 1994 recommends 5042 * using only them, but we don't rely on it. */ 5043 if (c < ' ' || c > '~') 5044 log(-1, "\\x%x", c); 5045 else 5046 log(-1, "%c", c); 5047 } 5048} 5049 5050static const char * 5051sppp_dotted_quad(u_long addr) 5052{ 5053 static char s[16]; 5054 sprintf(s, "%d.%d.%d.%d", 5055 (int)((addr >> 24) & 0xff), 5056 (int)((addr >> 16) & 0xff), 5057 (int)((addr >> 8) & 0xff), 5058 (int)(addr & 0xff)); 5059 return s; 5060} 5061 5062static int 5063sppp_strnlen(u_char *p, int max) 5064{ 5065 int len; 5066 5067 for (len = 0; len < max && *p; ++p) 5068 ++len; 5069 return len; 5070} 5071 5072/* a dummy, used to drop uninteresting events */ 5073static void 5074sppp_null(struct sppp *unused) 5075{ 5076 /* do just nothing */ 5077} 5078