if_spppsubr.c revision 88577
1265236Sken/* 2265236Sken * Synchronous PPP/Cisco link level subroutines. 3265236Sken * Keepalive protocol implemented in both Cisco and PPP modes. 4265236Sken * 5265236Sken * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6265236Sken * Author: Serge Vakulenko, <vak@cronyx.ru> 7265236Sken * 8265236Sken * Heavily revamped to conform to RFC 1661. 9265236Sken * Copyright (C) 1997, 2001 Joerg Wunsch. 10265236Sken * 11265236Sken * This software is distributed with NO WARRANTIES, not even the implied 12265236Sken * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13265236Sken * 14265236Sken * Authors grant any other persons or organisations permission to use 15265236Sken * or modify this software as long as this message is kept with the software, 16265236Sken * all derivative works or modified versions. 17265236Sken * 18265236Sken * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 19265236Sken * 20265236Sken * $FreeBSD: head/sys/net/if_spppsubr.c 88577 2001-12-28 15:59:54Z joerg $ 21265236Sken */ 22265236Sken 23265236Sken#include <sys/param.h> 24265236Sken 25265236Sken#if defined(__FreeBSD__) && __FreeBSD__ >= 3 26265236Sken#include "opt_inet.h" 27265236Sken#include "opt_inet6.h" 28265236Sken#include "opt_ipx.h" 29265236Sken#endif 30283661Sslm 31265236Sken#ifdef NetBSD1_3 32265236Sken# if NetBSD1_3 > 6 33265236Sken# include "opt_inet.h" 34265236Sken# include "opt_inet6.h" 35283661Sslm# include "opt_iso.h" 36299265Sslm# endif 37265236Sken#endif 38265236Sken 39265236Sken#include <sys/systm.h> 40265236Sken#include <sys/kernel.h> 41265236Sken#include <sys/module.h> 42265236Sken#include <sys/sockio.h> 43265236Sken#include <sys/socket.h> 44265236Sken#include <sys/syslog.h> 45265236Sken#if defined(__FreeBSD__) && __FreeBSD__ >= 3 46265236Sken#include <sys/random.h> 47265236Sken#endif 48265236Sken#include <sys/malloc.h> 49265236Sken#include <sys/mbuf.h> 50265236Sken 51265236Sken#if defined (__OpenBSD__) 52265236Sken#include <sys/md5k.h> 53265236Sken#else 54265236Sken#include <sys/md5.h> 55265236Sken#endif 56265236Sken 57265236Sken#include <net/if.h> 58265236Sken#include <net/netisr.h> 59265236Sken#include <net/if_types.h> 60283661Sslm#include <net/route.h> 61265236Sken#include <netinet/in.h> 62265236Sken#include <netinet/in_systm.h> 63265236Sken#include <netinet/ip.h> 64265236Sken#include <net/slcompress.h> 65265236Sken 66265236Sken#if defined (__NetBSD__) || defined (__OpenBSD__) 67265236Sken#include <machine/cpu.h> /* XXX for softnet */ 68265236Sken#endif 69265236Sken 70265236Sken#include <machine/stdarg.h> 71265236Sken 72265236Sken#ifdef INET 73265236Sken#include <netinet/in.h> 74265236Sken#include <netinet/in_systm.h> 75265236Sken#include <netinet/in_var.h> 76265236Sken#include <netinet/ip.h> 77265236Sken#include <netinet/tcp.h> 78265236Sken# if defined (__FreeBSD__) || defined (__OpenBSD__) 79265236Sken# include <netinet/if_ether.h> 80265236Sken# else 81265236Sken# include <net/ethertypes.h> 82265236Sken# endif 83265236Sken#else 84265236Sken# error Huh? sppp without INET? 85265236Sken#endif 86265236Sken 87265236Sken#ifdef IPX 88265236Sken#include <netipx/ipx.h> 89265236Sken#include <netipx/ipx_if.h> 90265236Sken#endif 91265236Sken 92265236Sken#ifdef NS 93265236Sken#include <netns/ns.h> 94265236Sken#include <netns/ns_if.h> 95265236Sken#endif 96265236Sken 97265236Sken#include <net/if_sppp.h> 98265236Sken 99265236Sken#if defined(__FreeBSD__) && __FreeBSD__ >= 3 100265236Sken# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg, handle) 101265236Sken# define TIMEOUT(fun, arg1, arg2, handle) handle = timeout(fun, arg1, arg2) 102265236Sken# define IOCTL_CMD_T u_long 103265236Sken#else 104265236Sken# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg) 105265236Sken# define TIMEOUT(fun, arg1, arg2, handle) timeout(fun, arg1, arg2) 106265236Sken# define IOCTL_CMD_T int 107265236Sken#endif 108265236Sken 109265236Sken#define MAXALIVECNT 3 /* max. alive packets */ 110265236Sken 111265236Sken/* 112265236Sken * Interface flags that can be set in an ifconfig command. 113265236Sken * 114265236Sken * Setting link0 will make the link passive, i.e. it will be marked 115265236Sken * as being administrative openable, but won't be opened to begin 116265236Sken * with. Incoming calls will be answered, or subsequent calls with 117265236Sken * -link1 will cause the administrative open of the LCP layer. 118265236Sken * 119265236Sken * Setting link1 will cause the link to auto-dial only as packets 120265236Sken * arrive to be sent. 121265236Sken * 122265236Sken * Setting IFF_DEBUG will syslog the option negotiation and state 123265236Sken * transitions at level kern.debug. Note: all logs consistently look 124265236Sken * like 125265236Sken * 126265236Sken * <if-name><unit>: <proto-name> <additional info...> 127265236Sken * 128265236Sken * with <if-name><unit> being something like "bppp0", and <proto-name> 129265236Sken * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 130265236Sken */ 131265236Sken 132265236Sken#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 133265236Sken#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 134265236Sken#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 135265236Sken 136265236Sken#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 137265236Sken#define PPP_UI 0x03 /* Unnumbered Information */ 138265236Sken#define PPP_IP 0x0021 /* Internet Protocol */ 139265236Sken#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 140265236Sken#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 141265236Sken#define PPP_IPX 0x002b /* Novell IPX Protocol */ 142265236Sken#define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */ 143265236Sken#define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */ 144265236Sken#define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 145265236Sken#define PPP_LCP 0xc021 /* Link Control Protocol */ 146265236Sken#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 147265236Sken#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 148265236Sken#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 149265236Sken#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 150265236Sken 151265236Sken#define CONF_REQ 1 /* PPP configure request */ 152265236Sken#define CONF_ACK 2 /* PPP configure acknowledge */ 153265236Sken#define CONF_NAK 3 /* PPP configure negative ack */ 154265236Sken#define CONF_REJ 4 /* PPP configure reject */ 155265236Sken#define TERM_REQ 5 /* PPP terminate request */ 156265236Sken#define TERM_ACK 6 /* PPP terminate acknowledge */ 157265236Sken#define CODE_REJ 7 /* PPP code reject */ 158265236Sken#define PROTO_REJ 8 /* PPP protocol reject */ 159265236Sken#define ECHO_REQ 9 /* PPP echo request */ 160265236Sken#define ECHO_REPLY 10 /* PPP echo reply */ 161265236Sken#define DISC_REQ 11 /* PPP discard request */ 162265236Sken 163265236Sken#define LCP_OPT_MRU 1 /* maximum receive unit */ 164265236Sken#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 165265236Sken#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 166265236Sken#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 167265236Sken#define LCP_OPT_MAGIC 5 /* magic number */ 168265236Sken#define LCP_OPT_RESERVED 6 /* reserved */ 169265236Sken#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 170265236Sken#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 171265236Sken 172265236Sken#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 173265236Sken#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 174265236Sken#define IPCP_OPT_ADDRESS 3 /* local IP address */ 175265236Sken 176265236Sken#define IPV6CP_OPT_IFID 1 /* interface identifier */ 177265236Sken#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 178265236Sken 179265236Sken#define IPCP_COMP_VJ 0x2d /* Code for VJ compression */ 180265236Sken 181265236Sken#define PAP_REQ 1 /* PAP name/password request */ 182265236Sken#define PAP_ACK 2 /* PAP acknowledge */ 183265236Sken#define PAP_NAK 3 /* PAP fail */ 184265236Sken 185265236Sken#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 186265236Sken#define CHAP_RESPONSE 2 /* CHAP challenge response */ 187265236Sken#define CHAP_SUCCESS 3 /* CHAP response ok */ 188265236Sken#define CHAP_FAILURE 4 /* CHAP response failed */ 189265236Sken 190265236Sken#define CHAP_MD5 5 /* hash algorithm - MD5 */ 191265236Sken 192265236Sken#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 193265236Sken#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 194265236Sken#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 195265236Sken#define CISCO_ADDR_REQ 0 /* Cisco address request */ 196265236Sken#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 197265236Sken#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 198265236Sken 199265236Sken/* states are named and numbered according to RFC 1661 */ 200265236Sken#define STATE_INITIAL 0 201265236Sken#define STATE_STARTING 1 202265236Sken#define STATE_CLOSED 2 203265236Sken#define STATE_STOPPED 3 204265236Sken#define STATE_CLOSING 4 205265236Sken#define STATE_STOPPING 5 206265236Sken#define STATE_REQ_SENT 6 207265236Sken#define STATE_ACK_RCVD 7 208265236Sken#define STATE_ACK_SENT 8 209265236Sken#define STATE_OPENED 9 210265236Sken 211265236Skenstruct ppp_header { 212265236Sken u_char address; 213265236Sken u_char control; 214265236Sken u_short protocol; 215265236Sken}; 216265236Sken#define PPP_HEADER_LEN sizeof (struct ppp_header) 217265236Sken 218265236Skenstruct lcp_header { 219265236Sken u_char type; 220265236Sken u_char ident; 221265236Sken u_short len; 222265236Sken}; 223265236Sken#define LCP_HEADER_LEN sizeof (struct lcp_header) 224265236Sken 225265236Skenstruct cisco_packet { 226265236Sken u_long type; 227265236Sken u_long par1; 228265236Sken u_long par2; 229265236Sken u_short rel; 230265236Sken u_short time0; 231265236Sken u_short time1; 232265236Sken}; 233265236Sken#define CISCO_PACKET_LEN 18 234265236Sken 235265236Sken/* 236265236Sken * We follow the spelling and capitalization of RFC 1661 here, to make 237265236Sken * it easier comparing with the standard. Please refer to this RFC in 238265236Sken * case you can't make sense out of these abbreviation; it will also 239265236Sken * explain the semantics related to the various events and actions. 240265236Sken */ 241265236Skenstruct cp { 242265236Sken u_short proto; /* PPP control protocol number */ 243265236Sken u_char protoidx; /* index into state table in struct sppp */ 244265236Sken u_char flags; 245265236Sken#define CP_LCP 0x01 /* this is the LCP */ 246265236Sken#define CP_AUTH 0x02 /* this is an authentication protocol */ 247265236Sken#define CP_NCP 0x04 /* this is a NCP */ 248265236Sken#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 249265236Sken const char *name; /* name of this control protocol */ 250265236Sken /* event handlers */ 251265236Sken void (*Up)(struct sppp *sp); 252265236Sken void (*Down)(struct sppp *sp); 253265236Sken void (*Open)(struct sppp *sp); 254265236Sken void (*Close)(struct sppp *sp); 255265236Sken void (*TO)(void *sp); 256265236Sken int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 257265236Sken void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 258265236Sken void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 259265236Sken /* actions */ 260265236Sken void (*tlu)(struct sppp *sp); 261265236Sken void (*tld)(struct sppp *sp); 262265236Sken void (*tls)(struct sppp *sp); 263265236Sken void (*tlf)(struct sppp *sp); 264265236Sken void (*scr)(struct sppp *sp); 265265236Sken}; 266265236Sken 267265236Skenstatic struct sppp *spppq; 268265236Sken#if defined(__FreeBSD__) && __FreeBSD__ >= 3 269265236Skenstatic struct callout_handle keepalive_ch; 270265236Sken#endif 271265236Sken 272265236Sken#if defined(__FreeBSD__) && __FreeBSD__ >= 3 273265236Sken#define SPP_FMT "%s%d: " 274265236Sken#define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 275265236Sken#else 276265236Sken#define SPP_FMT "%s: " 277265236Sken#define SPP_ARGS(ifp) (ifp)->if_xname 278265236Sken#endif 279265236Sken 280265236Sken/* 281265236Sken * The following disgusting hack gets around the problem that IP TOS 282265236Sken * can't be set yet. We want to put "interactive" traffic on a high 283265236Sken * priority queue. To decide if traffic is interactive, we check that 284265236Sken * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 285265236Sken * 286265236Sken * XXX is this really still necessary? - joerg - 287265236Sken */ 288265236Skenstatic u_short interactive_ports[8] = { 289265236Sken 0, 513, 0, 0, 290265236Sken 0, 21, 0, 23, 291265236Sken}; 292265236Sken#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 293265236Sken 294265236Sken/* almost every function needs these */ 295265236Sken#define STDDCL \ 296265236Sken struct ifnet *ifp = &sp->pp_if; \ 297265236Sken int debug = ifp->if_flags & IFF_DEBUG 298265236Sken 299265236Skenstatic int sppp_output(struct ifnet *ifp, struct mbuf *m, 300265236Sken struct sockaddr *dst, struct rtentry *rt); 301265236Sken 302265236Skenstatic void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 303265236Skenstatic void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 304265236Sken 305265236Skenstatic void sppp_cp_input(const struct cp *cp, struct sppp *sp, 306265236Sken struct mbuf *m); 307265236Skenstatic void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 308265236Sken u_char ident, u_short len, void *data); 309265236Sken/* static void sppp_cp_timeout(void *arg); */ 310265236Skenstatic void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 311265236Sken int newstate); 312265236Skenstatic void sppp_auth_send(const struct cp *cp, 313265236Sken struct sppp *sp, unsigned int type, unsigned int id, 314265236Sken ...); 315265236Sken 316265236Skenstatic void sppp_up_event(const struct cp *cp, struct sppp *sp); 317265236Skenstatic void sppp_down_event(const struct cp *cp, struct sppp *sp); 318265236Skenstatic void sppp_open_event(const struct cp *cp, struct sppp *sp); 319265236Skenstatic void sppp_close_event(const struct cp *cp, struct sppp *sp); 320265236Skenstatic void sppp_to_event(const struct cp *cp, struct sppp *sp); 321265236Sken 322265236Skenstatic void sppp_null(struct sppp *sp); 323265236Sken 324265236Skenstatic void sppp_lcp_init(struct sppp *sp); 325265236Skenstatic void sppp_lcp_up(struct sppp *sp); 326265236Skenstatic void sppp_lcp_down(struct sppp *sp); 327265236Skenstatic void sppp_lcp_open(struct sppp *sp); 328265236Skenstatic void sppp_lcp_close(struct sppp *sp); 329265236Skenstatic void sppp_lcp_TO(void *sp); 330265236Skenstatic int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 331265236Skenstatic void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 332265236Skenstatic void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 333265236Skenstatic void sppp_lcp_tlu(struct sppp *sp); 334265236Skenstatic void sppp_lcp_tld(struct sppp *sp); 335265236Skenstatic void sppp_lcp_tls(struct sppp *sp); 336265236Skenstatic void sppp_lcp_tlf(struct sppp *sp); 337265236Skenstatic void sppp_lcp_scr(struct sppp *sp); 338265236Skenstatic void sppp_lcp_check_and_close(struct sppp *sp); 339265236Skenstatic int sppp_ncp_check(struct sppp *sp); 340265236Sken 341265236Skenstatic void sppp_ipcp_init(struct sppp *sp); 342265236Skenstatic void sppp_ipcp_up(struct sppp *sp); 343265236Skenstatic void sppp_ipcp_down(struct sppp *sp); 344265236Skenstatic void sppp_ipcp_open(struct sppp *sp); 345265236Skenstatic void sppp_ipcp_close(struct sppp *sp); 346265236Skenstatic void sppp_ipcp_TO(void *sp); 347265236Skenstatic int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 348265236Skenstatic void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 349265236Skenstatic void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 350265236Skenstatic void sppp_ipcp_tlu(struct sppp *sp); 351265236Skenstatic void sppp_ipcp_tld(struct sppp *sp); 352265236Skenstatic void sppp_ipcp_tls(struct sppp *sp); 353265236Skenstatic void sppp_ipcp_tlf(struct sppp *sp); 354265236Skenstatic void sppp_ipcp_scr(struct sppp *sp); 355265236Sken 356265236Skenstatic void sppp_ipv6cp_init(struct sppp *sp); 357265236Skenstatic void sppp_ipv6cp_up(struct sppp *sp); 358265236Skenstatic void sppp_ipv6cp_down(struct sppp *sp); 359265236Skenstatic void sppp_ipv6cp_open(struct sppp *sp); 360265236Skenstatic void sppp_ipv6cp_close(struct sppp *sp); 361265236Skenstatic void sppp_ipv6cp_TO(void *sp); 362265236Skenstatic int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 363265236Skenstatic void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 364265236Skenstatic void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 365265236Skenstatic void sppp_ipv6cp_tlu(struct sppp *sp); 366265236Skenstatic void sppp_ipv6cp_tld(struct sppp *sp); 367265236Skenstatic void sppp_ipv6cp_tls(struct sppp *sp); 368265236Skenstatic void sppp_ipv6cp_tlf(struct sppp *sp); 369265236Skenstatic void sppp_ipv6cp_scr(struct sppp *sp); 370265236Sken 371265236Skenstatic void sppp_pap_input(struct sppp *sp, struct mbuf *m); 372265236Skenstatic void sppp_pap_init(struct sppp *sp); 373265236Skenstatic void sppp_pap_open(struct sppp *sp); 374265236Skenstatic void sppp_pap_close(struct sppp *sp); 375265236Skenstatic void sppp_pap_TO(void *sp); 376265236Skenstatic void sppp_pap_my_TO(void *sp); 377265236Skenstatic void sppp_pap_tlu(struct sppp *sp); 378265236Skenstatic void sppp_pap_tld(struct sppp *sp); 379265236Skenstatic void sppp_pap_scr(struct sppp *sp); 380265236Sken 381265236Skenstatic void sppp_chap_input(struct sppp *sp, struct mbuf *m); 382265236Skenstatic void sppp_chap_init(struct sppp *sp); 383265236Skenstatic void sppp_chap_open(struct sppp *sp); 384265236Skenstatic void sppp_chap_close(struct sppp *sp); 385265236Skenstatic void sppp_chap_TO(void *sp); 386265236Skenstatic void sppp_chap_tlu(struct sppp *sp); 387265236Skenstatic void sppp_chap_tld(struct sppp *sp); 388static void sppp_chap_scr(struct sppp *sp); 389 390static const char *sppp_auth_type_name(u_short proto, u_char type); 391static const char *sppp_cp_type_name(u_char type); 392static const char *sppp_dotted_quad(u_long addr); 393static const char *sppp_ipcp_opt_name(u_char opt); 394#ifdef INET6 395static const char *sppp_ipv6cp_opt_name(u_char opt); 396#endif 397static const char *sppp_lcp_opt_name(u_char opt); 398static const char *sppp_phase_name(enum ppp_phase phase); 399static const char *sppp_proto_name(u_short proto); 400static const char *sppp_state_name(int state); 401static int sppp_params(struct sppp *sp, u_long cmd, void *data); 402static int sppp_strnlen(u_char *p, int max); 403static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 404 u_long *srcmask); 405static void sppp_keepalive(void *dummy); 406static void sppp_phase_network(struct sppp *sp); 407static void sppp_print_bytes(const u_char *p, u_short len); 408static void sppp_print_string(const char *p, u_short len); 409static void sppp_qflush(struct ifqueue *ifq); 410static void sppp_set_ip_addr(struct sppp *sp, u_long src); 411#ifdef INET6 412static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 413 struct in6_addr *dst, struct in6_addr *srcmask); 414#ifdef IPV6CP_MYIFID_DYN 415static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 416static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 417#endif 418static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 419#endif 420 421/* our control protocol descriptors */ 422static const struct cp lcp = { 423 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 424 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 425 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 426 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 427 sppp_lcp_scr 428}; 429 430static const struct cp ipcp = { 431 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp", 432 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 433 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 434 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 435 sppp_ipcp_scr 436}; 437 438static const struct cp ipv6cp = { 439 PPP_IPV6CP, IDX_IPV6CP, 440#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 441 CP_NCP, 442#else 443 0, 444#endif 445 "ipv6cp", 446 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 447 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 448 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 449 sppp_ipv6cp_scr 450}; 451 452static const struct cp pap = { 453 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 454 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 455 sppp_pap_TO, 0, 0, 0, 456 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 457 sppp_pap_scr 458}; 459 460static const struct cp chap = { 461 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 462 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 463 sppp_chap_TO, 0, 0, 0, 464 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 465 sppp_chap_scr 466}; 467 468static const struct cp *cps[IDX_COUNT] = { 469 &lcp, /* IDX_LCP */ 470 &ipcp, /* IDX_IPCP */ 471 &ipv6cp, /* IDX_IPV6CP */ 472 &pap, /* IDX_PAP */ 473 &chap, /* IDX_CHAP */ 474}; 475 476static int 477sppp_modevent(module_t mod, int type, void *unused) 478{ 479 switch (type) { 480 case MOD_LOAD: 481 break; 482 case MOD_UNLOAD: 483 return EACCES; 484 break; 485 default: 486 break; 487 } 488 return 0; 489} 490static moduledata_t spppmod = { 491 "sppp", 492 sppp_modevent, 493 0 494}; 495MODULE_VERSION(sppp, 1); 496DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 497 498/* 499 * Exported functions, comprising our interface to the lower layer. 500 */ 501 502/* 503 * Process the received packet. 504 */ 505void 506sppp_input(struct ifnet *ifp, struct mbuf *m) 507{ 508 struct ppp_header *h; 509 struct ifqueue *inq = 0; 510 struct sppp *sp = (struct sppp *)ifp; 511 int len, do_account = 0; 512 int debug = ifp->if_flags & IFF_DEBUG; 513 514 if (ifp->if_flags & IFF_UP) 515 /* Count received bytes, add FCS and one flag */ 516 ifp->if_ibytes += m->m_pkthdr.len + 3; 517 518 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 519 /* Too small packet, drop it. */ 520 if (debug) 521 log(LOG_DEBUG, 522 SPP_FMT "input packet is too small, %d bytes\n", 523 SPP_ARGS(ifp), m->m_pkthdr.len); 524 drop: 525 ++ifp->if_ierrors; 526 ++ifp->if_iqdrops; 527 m_freem (m); 528 return; 529 } 530 531 /* Get PPP header. */ 532 h = mtod (m, struct ppp_header*); 533 m_adj (m, PPP_HEADER_LEN); 534 535 switch (h->address) { 536 case PPP_ALLSTATIONS: 537 if (h->control != PPP_UI) 538 goto invalid; 539 if (sp->pp_mode == IFF_CISCO) { 540 if (debug) 541 log(LOG_DEBUG, 542 SPP_FMT "PPP packet in Cisco mode " 543 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 544 SPP_ARGS(ifp), 545 h->address, h->control, ntohs(h->protocol)); 546 goto drop; 547 } 548 switch (ntohs (h->protocol)) { 549 default: 550 if (debug) 551 log(LOG_DEBUG, 552 SPP_FMT "rejecting protocol " 553 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 554 SPP_ARGS(ifp), 555 h->address, h->control, ntohs(h->protocol)); 556 if (sp->state[IDX_LCP] == STATE_OPENED) 557 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 558 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 559 &h->protocol); 560 ++ifp->if_noproto; 561 goto drop; 562 case PPP_LCP: 563 sppp_cp_input(&lcp, sp, m); 564 m_freem (m); 565 return; 566 case PPP_PAP: 567 if (sp->pp_phase >= PHASE_AUTHENTICATE) 568 sppp_pap_input(sp, m); 569 m_freem (m); 570 return; 571 case PPP_CHAP: 572 if (sp->pp_phase >= PHASE_AUTHENTICATE) 573 sppp_chap_input(sp, m); 574 m_freem (m); 575 return; 576#ifdef INET 577 case PPP_IPCP: 578 if (sp->pp_phase == PHASE_NETWORK) 579 sppp_cp_input(&ipcp, sp, m); 580 m_freem (m); 581 return; 582 case PPP_IP: 583 if (sp->state[IDX_IPCP] == STATE_OPENED) { 584 schednetisr (NETISR_IP); 585 inq = &ipintrq; 586 } 587 do_account++; 588 break; 589#endif 590#ifdef INET6 591 case PPP_IPV6CP: 592 if (sp->pp_phase == PHASE_NETWORK) 593 sppp_cp_input(&ipv6cp, sp, m); 594 m_freem (m); 595 return; 596 597 case PPP_IPV6: 598 if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 599 schednetisr (NETISR_IPV6); 600 inq = &ip6intrq; 601 } 602 do_account++; 603 break; 604 case PPP_VJ_COMP: 605 if (sp->state[IDX_IPCP] == STATE_OPENED) { 606 if ((len = 607 sl_uncompress_tcp((u_char **)&m->m_data, 608 m->m_len, 609 TYPE_COMPRESSED_TCP, 610 &sp->pp_comp)) <= 0) 611 goto drop; 612 m->m_len = m->m_pkthdr.len = len; 613 schednetisr (NETISR_IP); 614 inq = &ipintrq; 615 } 616 break; 617 case PPP_VJ_UCOMP: 618 if (sp->state[IDX_IPCP] == STATE_OPENED) { 619 if ((len = 620 sl_uncompress_tcp((u_char **)&m->m_data, 621 m->m_len, 622 TYPE_UNCOMPRESSED_TCP, 623 &sp->pp_comp)) <= 0) 624 goto drop; 625 m->m_len = m->m_pkthdr.len = len; 626 schednetisr (NETISR_IP); 627 inq = &ipintrq; 628 } 629 break; 630#endif 631#ifdef IPX 632 case PPP_IPX: 633 /* IPX IPXCP not implemented yet */ 634 if (sp->pp_phase == PHASE_NETWORK) { 635 schednetisr (NETISR_IPX); 636 inq = &ipxintrq; 637 } 638 do_account++; 639 break; 640#endif 641#ifdef NS 642 case PPP_XNS: 643 /* XNS IDPCP not implemented yet */ 644 if (sp->pp_phase == PHASE_NETWORK) { 645 schednetisr (NETISR_NS); 646 inq = &nsintrq; 647 } 648 do_account++; 649 break; 650#endif 651 } 652 break; 653 case CISCO_MULTICAST: 654 case CISCO_UNICAST: 655 /* Don't check the control field here (RFC 1547). */ 656 if (sp->pp_mode != IFF_CISCO) { 657 if (debug) 658 log(LOG_DEBUG, 659 SPP_FMT "Cisco packet in PPP mode " 660 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 661 SPP_ARGS(ifp), 662 h->address, h->control, ntohs(h->protocol)); 663 goto drop; 664 } 665 switch (ntohs (h->protocol)) { 666 default: 667 ++ifp->if_noproto; 668 goto invalid; 669 case CISCO_KEEPALIVE: 670 sppp_cisco_input ((struct sppp*) ifp, m); 671 m_freem (m); 672 return; 673#ifdef INET 674 case ETHERTYPE_IP: 675 schednetisr (NETISR_IP); 676 inq = &ipintrq; 677 do_account++; 678 break; 679#endif 680#ifdef INET6 681 case ETHERTYPE_IPV6: 682 schednetisr (NETISR_IPV6); 683 inq = &ip6intrq; 684 do_account++; 685 break; 686#endif 687#ifdef IPX 688 case ETHERTYPE_IPX: 689 schednetisr (NETISR_IPX); 690 inq = &ipxintrq; 691 do_account++; 692 break; 693#endif 694#ifdef NS 695 case ETHERTYPE_NS: 696 schednetisr (NETISR_NS); 697 inq = &nsintrq; 698 do_account++; 699 break; 700#endif 701 } 702 break; 703 default: /* Invalid PPP packet. */ 704 invalid: 705 if (debug) 706 log(LOG_DEBUG, 707 SPP_FMT "invalid input packet " 708 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 709 SPP_ARGS(ifp), 710 h->address, h->control, ntohs(h->protocol)); 711 goto drop; 712 } 713 714 if (! (ifp->if_flags & IFF_UP) || ! inq) 715 goto drop; 716 717 /* Check queue. */ 718 if (! IF_HANDOFF(inq, m, NULL)) { 719 if (debug) 720 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 721 SPP_ARGS(ifp)); 722 goto drop; 723 } 724 if (do_account) 725 /* 726 * Do only account for network packets, not for control 727 * packets. This is used by some subsystems to detect 728 * idle lines. 729 */ 730 sp->pp_last_recv = time_second; 731} 732 733/* 734 * Enqueue transmit packet. 735 */ 736static int 737sppp_output(struct ifnet *ifp, struct mbuf *m, 738 struct sockaddr *dst, struct rtentry *rt) 739{ 740 struct sppp *sp = (struct sppp*) ifp; 741 struct ppp_header *h; 742 struct ifqueue *ifq = NULL; 743 int s, rv = 0; 744 int ipproto = PPP_IP; 745 int debug = ifp->if_flags & IFF_DEBUG; 746 747 s = splimp(); 748 749 if ((ifp->if_flags & IFF_UP) == 0 || 750 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 751 m_freem (m); 752 splx (s); 753 return (ENETDOWN); 754 } 755 756 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 757 /* 758 * Interface is not yet running, but auto-dial. Need 759 * to start LCP for it. 760 */ 761 ifp->if_flags |= IFF_RUNNING; 762 splx(s); 763 lcp.Open(sp); 764 s = splimp(); 765 } 766 767 ifq = &ifp->if_snd; 768#ifdef INET 769 if (dst->sa_family == AF_INET) { 770 /* XXX Check mbuf length here? */ 771 struct ip *ip = mtod (m, struct ip*); 772 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 773 774 /* 775 * When using dynamic local IP address assignment by using 776 * 0.0.0.0 as a local address, the first TCP session will 777 * not connect because the local TCP checksum is computed 778 * using 0.0.0.0 which will later become our real IP address 779 * so the TCP checksum computed at the remote end will 780 * become invalid. So we 781 * - don't let packets with src ip addr 0 thru 782 * - we flag TCP packets with src ip 0 as an error 783 */ 784 785 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 786 { 787 m_freem(m); 788 splx(s); 789 if(ip->ip_p == IPPROTO_TCP) 790 return(EADDRNOTAVAIL); 791 else 792 return(0); 793 } 794 795 /* 796 * Put low delay, telnet, rlogin and ftp control packets 797 * in front of the queue. 798 */ 799 if (_IF_QFULL(&sp->pp_fastq)) 800 ; 801 else if (ip->ip_tos & IPTOS_LOWDELAY) 802 ifq = &sp->pp_fastq; 803 else if (m->m_len < sizeof *ip + sizeof *tcp) 804 ; 805 else if (ip->ip_p != IPPROTO_TCP) 806 ; 807 else if (INTERACTIVE (ntohs (tcp->th_sport))) 808 ifq = &sp->pp_fastq; 809 else if (INTERACTIVE (ntohs (tcp->th_dport))) 810 ifq = &sp->pp_fastq; 811 812 /* 813 * Do IP Header compression 814 */ 815 if (sp->pp_mode != IFF_CISCO && (sp->ipcp.flags & IPCP_VJ) && 816 ip->ip_p == IPPROTO_TCP) 817 switch (sl_compress_tcp(m, ip, &sp->pp_comp, 818 sp->ipcp.compress_cid)) { 819 case TYPE_COMPRESSED_TCP: 820 ipproto = PPP_VJ_COMP; 821 break; 822 case TYPE_UNCOMPRESSED_TCP: 823 ipproto = PPP_VJ_UCOMP; 824 break; 825 case TYPE_IP: 826 ipproto = PPP_IP; 827 break; 828 default: 829 m_freem(m); 830 splx(s); 831 return (EINVAL); 832 } 833 } 834#endif 835 836#ifdef INET6 837 if (dst->sa_family == AF_INET6) { 838 /* XXX do something tricky here? */ 839 } 840#endif 841 842 /* 843 * Prepend general data packet PPP header. For now, IP only. 844 */ 845 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 846 if (! m) { 847 if (debug) 848 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 849 SPP_ARGS(ifp)); 850 ++ifp->if_oerrors; 851 splx (s); 852 return (ENOBUFS); 853 } 854 /* 855 * May want to check size of packet 856 * (albeit due to the implementation it's always enough) 857 */ 858 h = mtod (m, struct ppp_header*); 859 if (sp->pp_mode == IFF_CISCO) { 860 h->address = CISCO_UNICAST; /* unicast address */ 861 h->control = 0; 862 } else { 863 h->address = PPP_ALLSTATIONS; /* broadcast address */ 864 h->control = PPP_UI; /* Unnumbered Info */ 865 } 866 867 switch (dst->sa_family) { 868#ifdef INET 869 case AF_INET: /* Internet Protocol */ 870 if (sp->pp_mode == IFF_CISCO) 871 h->protocol = htons (ETHERTYPE_IP); 872 else { 873 /* 874 * Don't choke with an ENETDOWN early. It's 875 * possible that we just started dialing out, 876 * so don't drop the packet immediately. If 877 * we notice that we run out of buffer space 878 * below, we will however remember that we are 879 * not ready to carry IP packets, and return 880 * ENETDOWN, as opposed to ENOBUFS. 881 */ 882 h->protocol = htons(ipproto); 883 if (sp->state[IDX_IPCP] != STATE_OPENED) 884 rv = ENETDOWN; 885 } 886 break; 887#endif 888#ifdef INET6 889 case AF_INET6: /* Internet Protocol */ 890 if (sp->pp_mode == IFF_CISCO) 891 h->protocol = htons (ETHERTYPE_IPV6); 892 else { 893 /* 894 * Don't choke with an ENETDOWN early. It's 895 * possible that we just started dialing out, 896 * so don't drop the packet immediately. If 897 * we notice that we run out of buffer space 898 * below, we will however remember that we are 899 * not ready to carry IP packets, and return 900 * ENETDOWN, as opposed to ENOBUFS. 901 */ 902 h->protocol = htons(PPP_IPV6); 903 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 904 rv = ENETDOWN; 905 } 906 break; 907#endif 908#ifdef NS 909 case AF_NS: /* Xerox NS Protocol */ 910 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 911 ETHERTYPE_NS : PPP_XNS); 912 break; 913#endif 914#ifdef IPX 915 case AF_IPX: /* Novell IPX Protocol */ 916 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 917 ETHERTYPE_IPX : PPP_IPX); 918 break; 919#endif 920 default: 921 m_freem (m); 922 ++ifp->if_oerrors; 923 splx (s); 924 return (EAFNOSUPPORT); 925 } 926 927 /* 928 * Queue message on interface, and start output if interface 929 * not yet active. 930 */ 931 if (! IF_HANDOFF_ADJ(ifq, m, ifp, 3)) { 932 ++ifp->if_oerrors; 933 return (rv? rv: ENOBUFS); 934 } 935 /* 936 * Unlike in sppp_input(), we can always bump the timestamp 937 * here since sppp_output() is only called on behalf of 938 * network-layer traffic; control-layer traffic is handled 939 * by sppp_cp_send(). 940 */ 941 sp->pp_last_sent = time_second; 942 return (0); 943} 944 945void 946sppp_attach(struct ifnet *ifp) 947{ 948 struct sppp *sp = (struct sppp*) ifp; 949 950 /* Initialize keepalive handler. */ 951 if (! spppq) 952 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 953 954 /* Insert new entry into the keepalive list. */ 955 sp->pp_next = spppq; 956 spppq = sp; 957 958 sp->pp_if.if_mtu = PP_MTU; 959 sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 960 sp->pp_if.if_type = IFT_PPP; 961 sp->pp_if.if_output = sppp_output; 962#if 0 963 sp->pp_flags = PP_KEEPALIVE; 964#endif 965 sp->pp_if.if_snd.ifq_maxlen = 32; 966 sp->pp_fastq.ifq_maxlen = 32; 967 sp->pp_cpq.ifq_maxlen = 20; 968 sp->pp_loopcnt = 0; 969 sp->pp_alivecnt = 0; 970 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 971 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 972 sp->pp_phase = PHASE_DEAD; 973 sp->pp_up = lcp.Up; 974 sp->pp_down = lcp.Down; 975 mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", MTX_DEF); 976 mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", MTX_DEF); 977 sp->enable_vj = 1; 978 sp->pp_last_recv = sp->pp_last_sent = time_second; 979 sl_compress_init(&sp->pp_comp, -1); 980 sppp_lcp_init(sp); 981 sppp_ipcp_init(sp); 982 sppp_ipv6cp_init(sp); 983 sppp_pap_init(sp); 984 sppp_chap_init(sp); 985} 986 987void 988sppp_detach(struct ifnet *ifp) 989{ 990 struct sppp **q, *p, *sp = (struct sppp*) ifp; 991 int i; 992 993 /* Remove the entry from the keepalive list. */ 994 for (q = &spppq; (p = *q); q = &p->pp_next) 995 if (p == sp) { 996 *q = p->pp_next; 997 break; 998 } 999 1000 /* Stop keepalive handler. */ 1001 if (! spppq) 1002 UNTIMEOUT(sppp_keepalive, 0, keepalive_ch); 1003 1004 for (i = 0; i < IDX_COUNT; i++) 1005 UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]); 1006 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 1007 mtx_destroy(&sp->pp_cpq.ifq_mtx); 1008 mtx_destroy(&sp->pp_fastq.ifq_mtx); 1009} 1010 1011/* 1012 * Flush the interface output queue. 1013 */ 1014void 1015sppp_flush(struct ifnet *ifp) 1016{ 1017 struct sppp *sp = (struct sppp*) ifp; 1018 1019 sppp_qflush (&sp->pp_if.if_snd); 1020 sppp_qflush (&sp->pp_fastq); 1021 sppp_qflush (&sp->pp_cpq); 1022} 1023 1024/* 1025 * Check if the output queue is empty. 1026 */ 1027int 1028sppp_isempty(struct ifnet *ifp) 1029{ 1030 struct sppp *sp = (struct sppp*) ifp; 1031 int empty, s; 1032 1033 s = splimp(); 1034 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 1035 !sp->pp_if.if_snd.ifq_head; 1036 splx(s); 1037 return (empty); 1038} 1039 1040/* 1041 * Get next packet to send. 1042 */ 1043struct mbuf * 1044sppp_dequeue(struct ifnet *ifp) 1045{ 1046 struct sppp *sp = (struct sppp*) ifp; 1047 struct mbuf *m; 1048 int s; 1049 1050 s = splimp(); 1051 /* 1052 * Process only the control protocol queue until we have at 1053 * least one NCP open. 1054 * 1055 * Do always serve all three queues in Cisco mode. 1056 */ 1057 IF_DEQUEUE(&sp->pp_cpq, m); 1058 if (m == NULL && 1059 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO)) { 1060 IF_DEQUEUE(&sp->pp_fastq, m); 1061 if (m == NULL) 1062 IF_DEQUEUE (&sp->pp_if.if_snd, m); 1063 } 1064 splx(s); 1065 return m; 1066} 1067 1068/* 1069 * Pick the next packet, do not remove it from the queue. 1070 */ 1071struct mbuf * 1072sppp_pick(struct ifnet *ifp) 1073{ 1074 struct sppp *sp = (struct sppp*)ifp; 1075 struct mbuf *m; 1076 int s; 1077 1078 s= splimp (); 1079 1080 m = sp->pp_cpq.ifq_head; 1081 if (m == NULL && 1082 (sp->pp_phase == PHASE_NETWORK || sp->pp_mode == IFF_CISCO)) 1083 if ((m = sp->pp_fastq.ifq_head) == NULL) 1084 m = sp->pp_if.if_snd.ifq_head; 1085 splx (s); 1086 return (m); 1087} 1088 1089/* 1090 * Process an ioctl request. Called on low priority level. 1091 */ 1092int 1093sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1094{ 1095 struct ifreq *ifr = (struct ifreq*) data; 1096 struct sppp *sp = (struct sppp*) ifp; 1097 int s, rv, going_up, going_down, newmode; 1098 1099 s = splimp(); 1100 rv = 0; 1101 switch (cmd) { 1102 case SIOCAIFADDR: 1103 case SIOCSIFDSTADDR: 1104 break; 1105 1106 case SIOCSIFADDR: 1107 /* set the interface "up" when assigning an IP address */ 1108 ifp->if_flags |= IFF_UP; 1109 /* fall through... */ 1110 1111 case SIOCSIFFLAGS: 1112 going_up = ifp->if_flags & IFF_UP && 1113 (ifp->if_flags & IFF_RUNNING) == 0; 1114 going_down = (ifp->if_flags & IFF_UP) == 0 && 1115 ifp->if_flags & IFF_RUNNING; 1116 1117 newmode = ifp->if_flags & IFF_PASSIVE; 1118 if (!newmode) 1119 newmode = ifp->if_flags & IFF_AUTO; 1120 if (!newmode) 1121 newmode = ifp->if_flags & IFF_CISCO; 1122 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1123 ifp->if_flags |= newmode; 1124 1125 if (newmode != sp->pp_mode) { 1126 going_down = 1; 1127 if (!going_up) 1128 going_up = ifp->if_flags & IFF_RUNNING; 1129 } 1130 1131 if (going_down) { 1132 if (sp->pp_mode != IFF_CISCO) 1133 lcp.Close(sp); 1134 else if (sp->pp_tlf) 1135 (sp->pp_tlf)(sp); 1136 sppp_flush(ifp); 1137 ifp->if_flags &= ~IFF_RUNNING; 1138 sp->pp_mode = newmode; 1139 } 1140 1141 if (going_up) { 1142 if (sp->pp_mode != IFF_CISCO) 1143 lcp.Close(sp); 1144 sp->pp_mode = newmode; 1145 if (sp->pp_mode == 0) { 1146 ifp->if_flags |= IFF_RUNNING; 1147 lcp.Open(sp); 1148 } 1149 if (sp->pp_mode == IFF_CISCO) { 1150 if (sp->pp_tls) 1151 (sp->pp_tls)(sp); 1152 ifp->if_flags |= IFF_RUNNING; 1153 } 1154 } 1155 1156 break; 1157 1158#ifdef SIOCSIFMTU 1159#ifndef ifr_mtu 1160#define ifr_mtu ifr_metric 1161#endif 1162 case SIOCSIFMTU: 1163 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1164 return (EINVAL); 1165 ifp->if_mtu = ifr->ifr_mtu; 1166 break; 1167#endif 1168#ifdef SLIOCSETMTU 1169 case SLIOCSETMTU: 1170 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1171 return (EINVAL); 1172 ifp->if_mtu = *(short*)data; 1173 break; 1174#endif 1175#ifdef SIOCGIFMTU 1176 case SIOCGIFMTU: 1177 ifr->ifr_mtu = ifp->if_mtu; 1178 break; 1179#endif 1180#ifdef SLIOCGETMTU 1181 case SLIOCGETMTU: 1182 *(short*)data = ifp->if_mtu; 1183 break; 1184#endif 1185 case SIOCADDMULTI: 1186 case SIOCDELMULTI: 1187 break; 1188 1189 case SIOCGIFGENERIC: 1190 case SIOCSIFGENERIC: 1191 rv = sppp_params(sp, cmd, data); 1192 break; 1193 1194 default: 1195 rv = ENOTTY; 1196 } 1197 splx(s); 1198 return rv; 1199} 1200 1201/* 1202 * Cisco framing implementation. 1203 */ 1204 1205/* 1206 * Handle incoming Cisco keepalive protocol packets. 1207 */ 1208static void 1209sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1210{ 1211 STDDCL; 1212 struct cisco_packet *h; 1213 u_long me, mymask; 1214 1215 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1216 if (debug) 1217 log(LOG_DEBUG, 1218 SPP_FMT "cisco invalid packet length: %d bytes\n", 1219 SPP_ARGS(ifp), m->m_pkthdr.len); 1220 return; 1221 } 1222 h = mtod (m, struct cisco_packet*); 1223 if (debug) 1224 log(LOG_DEBUG, 1225 SPP_FMT "cisco input: %d bytes " 1226 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1227 SPP_ARGS(ifp), m->m_pkthdr.len, 1228 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1229 (u_int)h->time0, (u_int)h->time1); 1230 switch (ntohl (h->type)) { 1231 default: 1232 if (debug) 1233 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1234 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1235 break; 1236 case CISCO_ADDR_REPLY: 1237 /* Reply on address request, ignore */ 1238 break; 1239 case CISCO_KEEPALIVE_REQ: 1240 sp->pp_alivecnt = 0; 1241 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1242 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1243 /* Local and remote sequence numbers are equal. 1244 * Probably, the line is in loopback mode. */ 1245 if (sp->pp_loopcnt >= MAXALIVECNT) { 1246 printf (SPP_FMT "loopback\n", 1247 SPP_ARGS(ifp)); 1248 sp->pp_loopcnt = 0; 1249 if (ifp->if_flags & IFF_UP) { 1250 if_down (ifp); 1251 sppp_qflush (&sp->pp_cpq); 1252 } 1253 } 1254 ++sp->pp_loopcnt; 1255 1256 /* Generate new local sequence number */ 1257#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1258 sp->pp_seq[IDX_LCP] = random(); 1259#else 1260 sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec; 1261#endif 1262 break; 1263 } 1264 sp->pp_loopcnt = 0; 1265 if (! (ifp->if_flags & IFF_UP) && 1266 (ifp->if_flags & IFF_RUNNING)) { 1267 if_up(ifp); 1268 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1269 } 1270 break; 1271 case CISCO_ADDR_REQ: 1272 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1273 if (me != 0L) 1274 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1275 break; 1276 } 1277} 1278 1279/* 1280 * Send Cisco keepalive packet. 1281 */ 1282static void 1283sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1284{ 1285 STDDCL; 1286 struct ppp_header *h; 1287 struct cisco_packet *ch; 1288 struct mbuf *m; 1289#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1290 struct timeval tv; 1291#else 1292 u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1293#endif 1294 1295#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1296 getmicrouptime(&tv); 1297#endif 1298 1299 MGETHDR (m, M_DONTWAIT, MT_DATA); 1300 if (! m) 1301 return; 1302 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1303 m->m_pkthdr.rcvif = 0; 1304 1305 h = mtod (m, struct ppp_header*); 1306 h->address = CISCO_MULTICAST; 1307 h->control = 0; 1308 h->protocol = htons (CISCO_KEEPALIVE); 1309 1310 ch = (struct cisco_packet*) (h + 1); 1311 ch->type = htonl (type); 1312 ch->par1 = htonl (par1); 1313 ch->par2 = htonl (par2); 1314 ch->rel = -1; 1315 1316#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1317 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1318 ch->time1 = htons ((u_short) tv.tv_sec); 1319#else 1320 ch->time0 = htons ((u_short) (t >> 16)); 1321 ch->time1 = htons ((u_short) t); 1322#endif 1323 1324 if (debug) 1325 log(LOG_DEBUG, 1326 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1327 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1328 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1329 1330 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1331 ifp->if_oerrors++; 1332} 1333 1334/* 1335 * PPP protocol implementation. 1336 */ 1337 1338/* 1339 * Send PPP control protocol packet. 1340 */ 1341static void 1342sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1343 u_char ident, u_short len, void *data) 1344{ 1345 STDDCL; 1346 struct ppp_header *h; 1347 struct lcp_header *lh; 1348 struct mbuf *m; 1349 1350 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1351 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1352 MGETHDR (m, M_DONTWAIT, MT_DATA); 1353 if (! m) 1354 return; 1355 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1356 m->m_pkthdr.rcvif = 0; 1357 1358 h = mtod (m, struct ppp_header*); 1359 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1360 h->control = PPP_UI; /* Unnumbered Info */ 1361 h->protocol = htons (proto); /* Link Control Protocol */ 1362 1363 lh = (struct lcp_header*) (h + 1); 1364 lh->type = type; 1365 lh->ident = ident; 1366 lh->len = htons (LCP_HEADER_LEN + len); 1367 if (len) 1368 bcopy (data, lh+1, len); 1369 1370 if (debug) { 1371 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1372 SPP_ARGS(ifp), 1373 sppp_proto_name(proto), 1374 sppp_cp_type_name (lh->type), lh->ident, 1375 ntohs (lh->len)); 1376 sppp_print_bytes ((u_char*) (lh+1), len); 1377 log(-1, ">\n"); 1378 } 1379 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1380 ifp->if_oerrors++; 1381} 1382 1383/* 1384 * Handle incoming PPP control protocol packets. 1385 */ 1386static void 1387sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1388{ 1389 STDDCL; 1390 struct lcp_header *h; 1391 int len = m->m_pkthdr.len; 1392 int rv; 1393 u_char *p; 1394 1395 if (len < 4) { 1396 if (debug) 1397 log(LOG_DEBUG, 1398 SPP_FMT "%s invalid packet length: %d bytes\n", 1399 SPP_ARGS(ifp), cp->name, len); 1400 return; 1401 } 1402 h = mtod (m, struct lcp_header*); 1403 if (debug) { 1404 log(LOG_DEBUG, 1405 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1406 SPP_ARGS(ifp), cp->name, 1407 sppp_state_name(sp->state[cp->protoidx]), 1408 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1409 sppp_print_bytes ((u_char*) (h+1), len-4); 1410 log(-1, ">\n"); 1411 } 1412 if (len > ntohs (h->len)) 1413 len = ntohs (h->len); 1414 p = (u_char *)(h + 1); 1415 switch (h->type) { 1416 case CONF_REQ: 1417 if (len < 4) { 1418 if (debug) 1419 log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1420 SPP_ARGS(ifp), cp->name, 1421 len); 1422 ++ifp->if_ierrors; 1423 break; 1424 } 1425 /* handle states where RCR doesn't get a SCA/SCN */ 1426 switch (sp->state[cp->protoidx]) { 1427 case STATE_CLOSING: 1428 case STATE_STOPPING: 1429 return; 1430 case STATE_CLOSED: 1431 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1432 0, 0); 1433 return; 1434 } 1435 rv = (cp->RCR)(sp, h, len); 1436 switch (sp->state[cp->protoidx]) { 1437 case STATE_OPENED: 1438 (cp->tld)(sp); 1439 (cp->scr)(sp); 1440 /* fall through... */ 1441 case STATE_ACK_SENT: 1442 case STATE_REQ_SENT: 1443 /* 1444 * sppp_cp_change_state() have the side effect of 1445 * restarting the timeouts. We want to avoid that 1446 * if the state don't change, otherwise we won't 1447 * ever timeout and resend a configuration request 1448 * that got lost. 1449 */ 1450 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1451 STATE_REQ_SENT)) 1452 break; 1453 sppp_cp_change_state(cp, sp, rv? 1454 STATE_ACK_SENT: STATE_REQ_SENT); 1455 break; 1456 case STATE_STOPPED: 1457 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1458 (cp->scr)(sp); 1459 sppp_cp_change_state(cp, sp, rv? 1460 STATE_ACK_SENT: STATE_REQ_SENT); 1461 break; 1462 case STATE_ACK_RCVD: 1463 if (rv) { 1464 sppp_cp_change_state(cp, sp, STATE_OPENED); 1465 if (debug) 1466 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1467 SPP_ARGS(ifp), 1468 cp->name); 1469 (cp->tlu)(sp); 1470 } else 1471 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1472 break; 1473 default: 1474 printf(SPP_FMT "%s illegal %s in state %s\n", 1475 SPP_ARGS(ifp), cp->name, 1476 sppp_cp_type_name(h->type), 1477 sppp_state_name(sp->state[cp->protoidx])); 1478 ++ifp->if_ierrors; 1479 } 1480 break; 1481 case CONF_ACK: 1482 if (h->ident != sp->confid[cp->protoidx]) { 1483 if (debug) 1484 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1485 SPP_ARGS(ifp), cp->name, 1486 h->ident, sp->confid[cp->protoidx]); 1487 ++ifp->if_ierrors; 1488 break; 1489 } 1490 switch (sp->state[cp->protoidx]) { 1491 case STATE_CLOSED: 1492 case STATE_STOPPED: 1493 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1494 break; 1495 case STATE_CLOSING: 1496 case STATE_STOPPING: 1497 break; 1498 case STATE_REQ_SENT: 1499 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1500 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1501 break; 1502 case STATE_OPENED: 1503 (cp->tld)(sp); 1504 /* fall through */ 1505 case STATE_ACK_RCVD: 1506 (cp->scr)(sp); 1507 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1508 break; 1509 case STATE_ACK_SENT: 1510 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1511 sppp_cp_change_state(cp, sp, STATE_OPENED); 1512 if (debug) 1513 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1514 SPP_ARGS(ifp), cp->name); 1515 (cp->tlu)(sp); 1516 break; 1517 default: 1518 printf(SPP_FMT "%s illegal %s in state %s\n", 1519 SPP_ARGS(ifp), cp->name, 1520 sppp_cp_type_name(h->type), 1521 sppp_state_name(sp->state[cp->protoidx])); 1522 ++ifp->if_ierrors; 1523 } 1524 break; 1525 case CONF_NAK: 1526 case CONF_REJ: 1527 if (h->ident != sp->confid[cp->protoidx]) { 1528 if (debug) 1529 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1530 SPP_ARGS(ifp), cp->name, 1531 h->ident, sp->confid[cp->protoidx]); 1532 ++ifp->if_ierrors; 1533 break; 1534 } 1535 if (h->type == CONF_NAK) 1536 (cp->RCN_nak)(sp, h, len); 1537 else /* CONF_REJ */ 1538 (cp->RCN_rej)(sp, h, len); 1539 1540 switch (sp->state[cp->protoidx]) { 1541 case STATE_CLOSED: 1542 case STATE_STOPPED: 1543 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1544 break; 1545 case STATE_REQ_SENT: 1546 case STATE_ACK_SENT: 1547 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1548 /* 1549 * Slow things down a bit if we think we might be 1550 * in loopback. Depend on the timeout to send the 1551 * next configuration request. 1552 */ 1553 if (sp->pp_loopcnt) 1554 break; 1555 (cp->scr)(sp); 1556 break; 1557 case STATE_OPENED: 1558 (cp->tld)(sp); 1559 /* fall through */ 1560 case STATE_ACK_RCVD: 1561 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1562 (cp->scr)(sp); 1563 break; 1564 case STATE_CLOSING: 1565 case STATE_STOPPING: 1566 break; 1567 default: 1568 printf(SPP_FMT "%s illegal %s in state %s\n", 1569 SPP_ARGS(ifp), cp->name, 1570 sppp_cp_type_name(h->type), 1571 sppp_state_name(sp->state[cp->protoidx])); 1572 ++ifp->if_ierrors; 1573 } 1574 break; 1575 1576 case TERM_REQ: 1577 switch (sp->state[cp->protoidx]) { 1578 case STATE_ACK_RCVD: 1579 case STATE_ACK_SENT: 1580 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1581 /* fall through */ 1582 case STATE_CLOSED: 1583 case STATE_STOPPED: 1584 case STATE_CLOSING: 1585 case STATE_STOPPING: 1586 case STATE_REQ_SENT: 1587 sta: 1588 /* Send Terminate-Ack packet. */ 1589 if (debug) 1590 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1591 SPP_ARGS(ifp), cp->name); 1592 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1593 break; 1594 case STATE_OPENED: 1595 (cp->tld)(sp); 1596 sp->rst_counter[cp->protoidx] = 0; 1597 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1598 goto sta; 1599 break; 1600 default: 1601 printf(SPP_FMT "%s illegal %s in state %s\n", 1602 SPP_ARGS(ifp), cp->name, 1603 sppp_cp_type_name(h->type), 1604 sppp_state_name(sp->state[cp->protoidx])); 1605 ++ifp->if_ierrors; 1606 } 1607 break; 1608 case TERM_ACK: 1609 switch (sp->state[cp->protoidx]) { 1610 case STATE_CLOSED: 1611 case STATE_STOPPED: 1612 case STATE_REQ_SENT: 1613 case STATE_ACK_SENT: 1614 break; 1615 case STATE_CLOSING: 1616 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1617 (cp->tlf)(sp); 1618 break; 1619 case STATE_STOPPING: 1620 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1621 (cp->tlf)(sp); 1622 break; 1623 case STATE_ACK_RCVD: 1624 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1625 break; 1626 case STATE_OPENED: 1627 (cp->tld)(sp); 1628 (cp->scr)(sp); 1629 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1630 break; 1631 default: 1632 printf(SPP_FMT "%s illegal %s in state %s\n", 1633 SPP_ARGS(ifp), cp->name, 1634 sppp_cp_type_name(h->type), 1635 sppp_state_name(sp->state[cp->protoidx])); 1636 ++ifp->if_ierrors; 1637 } 1638 break; 1639 case CODE_REJ: 1640 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1641 log(LOG_INFO, 1642 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1643 "danger will robinson\n", 1644 SPP_ARGS(ifp), cp->name, 1645 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1646 switch (sp->state[cp->protoidx]) { 1647 case STATE_CLOSED: 1648 case STATE_STOPPED: 1649 case STATE_REQ_SENT: 1650 case STATE_ACK_SENT: 1651 case STATE_CLOSING: 1652 case STATE_STOPPING: 1653 case STATE_OPENED: 1654 break; 1655 case STATE_ACK_RCVD: 1656 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1657 break; 1658 default: 1659 printf(SPP_FMT "%s illegal %s in state %s\n", 1660 SPP_ARGS(ifp), cp->name, 1661 sppp_cp_type_name(h->type), 1662 sppp_state_name(sp->state[cp->protoidx])); 1663 ++ifp->if_ierrors; 1664 } 1665 break; 1666 case PROTO_REJ: 1667 { 1668 int catastrophic; 1669 const struct cp *upper; 1670 int i; 1671 u_int16_t proto; 1672 1673 catastrophic = 0; 1674 upper = NULL; 1675 proto = ntohs(*((u_int16_t *)p)); 1676 for (i = 0; i < IDX_COUNT; i++) { 1677 if (cps[i]->proto == proto) { 1678 upper = cps[i]; 1679 break; 1680 } 1681 } 1682 if (upper == NULL) 1683 catastrophic++; 1684 1685 if (catastrophic || debug) 1686 log(catastrophic? LOG_INFO: LOG_DEBUG, 1687 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1688 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1689 sppp_cp_type_name(h->type), proto, 1690 upper ? upper->name : "unknown", 1691 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1692 1693 /* 1694 * if we got RXJ+ against conf-req, the peer does not implement 1695 * this particular protocol type. terminate the protocol. 1696 */ 1697 if (upper && !catastrophic) { 1698 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1699 upper->Close(sp); 1700 break; 1701 } 1702 } 1703 1704 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1705 switch (sp->state[cp->protoidx]) { 1706 case STATE_CLOSED: 1707 case STATE_STOPPED: 1708 case STATE_REQ_SENT: 1709 case STATE_ACK_SENT: 1710 case STATE_CLOSING: 1711 case STATE_STOPPING: 1712 case STATE_OPENED: 1713 break; 1714 case STATE_ACK_RCVD: 1715 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1716 break; 1717 default: 1718 printf(SPP_FMT "%s illegal %s in state %s\n", 1719 SPP_ARGS(ifp), cp->name, 1720 sppp_cp_type_name(h->type), 1721 sppp_state_name(sp->state[cp->protoidx])); 1722 ++ifp->if_ierrors; 1723 } 1724 break; 1725 } 1726 case DISC_REQ: 1727 if (cp->proto != PPP_LCP) 1728 goto illegal; 1729 /* Discard the packet. */ 1730 break; 1731 case ECHO_REQ: 1732 if (cp->proto != PPP_LCP) 1733 goto illegal; 1734 if (sp->state[cp->protoidx] != STATE_OPENED) { 1735 if (debug) 1736 log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1737 SPP_ARGS(ifp)); 1738 ++ifp->if_ierrors; 1739 break; 1740 } 1741 if (len < 8) { 1742 if (debug) 1743 log(-1, SPP_FMT "invalid lcp echo request " 1744 "packet length: %d bytes\n", 1745 SPP_ARGS(ifp), len); 1746 break; 1747 } 1748 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1749 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1750 /* Line loopback mode detected. */ 1751 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1752 sp->pp_loopcnt = MAXALIVECNT * 5; 1753 if_down (ifp); 1754 sppp_qflush (&sp->pp_cpq); 1755 1756 /* Shut down the PPP link. */ 1757 /* XXX */ 1758 lcp.Down(sp); 1759 lcp.Up(sp); 1760 break; 1761 } 1762 *(long*)(h+1) = htonl (sp->lcp.magic); 1763 if (debug) 1764 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1765 SPP_ARGS(ifp)); 1766 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1767 break; 1768 case ECHO_REPLY: 1769 if (cp->proto != PPP_LCP) 1770 goto illegal; 1771 if (h->ident != sp->lcp.echoid) { 1772 ++ifp->if_ierrors; 1773 break; 1774 } 1775 if (len < 8) { 1776 if (debug) 1777 log(-1, SPP_FMT "lcp invalid echo reply " 1778 "packet length: %d bytes\n", 1779 SPP_ARGS(ifp), len); 1780 break; 1781 } 1782 if (debug) 1783 log(-1, SPP_FMT "lcp got echo rep\n", 1784 SPP_ARGS(ifp)); 1785 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1786 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1787 sp->pp_alivecnt = 0; 1788 break; 1789 default: 1790 /* Unknown packet type -- send Code-Reject packet. */ 1791 illegal: 1792 if (debug) 1793 log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1794 SPP_ARGS(ifp), cp->name, h->type); 1795 sppp_cp_send(sp, cp->proto, CODE_REJ, 1796 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1797 ++ifp->if_ierrors; 1798 } 1799} 1800 1801 1802/* 1803 * The generic part of all Up/Down/Open/Close/TO event handlers. 1804 * Basically, the state transition handling in the automaton. 1805 */ 1806static void 1807sppp_up_event(const struct cp *cp, struct sppp *sp) 1808{ 1809 STDDCL; 1810 1811 if (debug) 1812 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1813 SPP_ARGS(ifp), cp->name, 1814 sppp_state_name(sp->state[cp->protoidx])); 1815 1816 switch (sp->state[cp->protoidx]) { 1817 case STATE_INITIAL: 1818 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1819 break; 1820 case STATE_STARTING: 1821 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1822 (cp->scr)(sp); 1823 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1824 break; 1825 default: 1826 printf(SPP_FMT "%s illegal up in state %s\n", 1827 SPP_ARGS(ifp), cp->name, 1828 sppp_state_name(sp->state[cp->protoidx])); 1829 } 1830} 1831 1832static void 1833sppp_down_event(const struct cp *cp, struct sppp *sp) 1834{ 1835 STDDCL; 1836 1837 if (debug) 1838 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1839 SPP_ARGS(ifp), cp->name, 1840 sppp_state_name(sp->state[cp->protoidx])); 1841 1842 switch (sp->state[cp->protoidx]) { 1843 case STATE_CLOSED: 1844 case STATE_CLOSING: 1845 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1846 break; 1847 case STATE_STOPPED: 1848 sppp_cp_change_state(cp, sp, STATE_STARTING); 1849 (cp->tls)(sp); 1850 break; 1851 case STATE_STOPPING: 1852 case STATE_REQ_SENT: 1853 case STATE_ACK_RCVD: 1854 case STATE_ACK_SENT: 1855 sppp_cp_change_state(cp, sp, STATE_STARTING); 1856 break; 1857 case STATE_OPENED: 1858 (cp->tld)(sp); 1859 sppp_cp_change_state(cp, sp, STATE_STARTING); 1860 break; 1861 default: 1862 printf(SPP_FMT "%s illegal down in state %s\n", 1863 SPP_ARGS(ifp), cp->name, 1864 sppp_state_name(sp->state[cp->protoidx])); 1865 } 1866} 1867 1868 1869static void 1870sppp_open_event(const struct cp *cp, struct sppp *sp) 1871{ 1872 STDDCL; 1873 1874 if (debug) 1875 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1876 SPP_ARGS(ifp), cp->name, 1877 sppp_state_name(sp->state[cp->protoidx])); 1878 1879 switch (sp->state[cp->protoidx]) { 1880 case STATE_INITIAL: 1881 sppp_cp_change_state(cp, sp, STATE_STARTING); 1882 (cp->tls)(sp); 1883 break; 1884 case STATE_STARTING: 1885 break; 1886 case STATE_CLOSED: 1887 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1888 (cp->scr)(sp); 1889 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1890 break; 1891 case STATE_STOPPED: 1892 /* 1893 * Try escaping stopped state. This seems to bite 1894 * people occasionally, in particular for IPCP, 1895 * presumably following previous IPCP negotiation 1896 * aborts. Somehow, we must have missed a Down event 1897 * which would have caused a transition into starting 1898 * state, so as a bandaid we force the Down event now. 1899 * This effectively implements (something like the) 1900 * `restart' option mentioned in the state transition 1901 * table of RFC 1661. 1902 */ 1903 sppp_cp_change_state(cp, sp, STATE_STARTING); 1904 (cp->tls)(sp); 1905 break; 1906 case STATE_STOPPING: 1907 case STATE_REQ_SENT: 1908 case STATE_ACK_RCVD: 1909 case STATE_ACK_SENT: 1910 case STATE_OPENED: 1911 break; 1912 case STATE_CLOSING: 1913 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1914 break; 1915 } 1916} 1917 1918 1919static void 1920sppp_close_event(const struct cp *cp, struct sppp *sp) 1921{ 1922 STDDCL; 1923 1924 if (debug) 1925 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1926 SPP_ARGS(ifp), cp->name, 1927 sppp_state_name(sp->state[cp->protoidx])); 1928 1929 switch (sp->state[cp->protoidx]) { 1930 case STATE_INITIAL: 1931 case STATE_CLOSED: 1932 case STATE_CLOSING: 1933 break; 1934 case STATE_STARTING: 1935 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1936 (cp->tlf)(sp); 1937 break; 1938 case STATE_STOPPED: 1939 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1940 break; 1941 case STATE_STOPPING: 1942 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1943 break; 1944 case STATE_OPENED: 1945 (cp->tld)(sp); 1946 /* fall through */ 1947 case STATE_REQ_SENT: 1948 case STATE_ACK_RCVD: 1949 case STATE_ACK_SENT: 1950 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1951 sppp_cp_send(sp, cp->proto, TERM_REQ, 1952 ++sp->pp_seq[cp->protoidx], 0, 0); 1953 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1954 break; 1955 } 1956} 1957 1958static void 1959sppp_to_event(const struct cp *cp, struct sppp *sp) 1960{ 1961 STDDCL; 1962 int s; 1963 1964 s = splimp(); 1965 if (debug) 1966 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1967 SPP_ARGS(ifp), cp->name, 1968 sppp_state_name(sp->state[cp->protoidx]), 1969 sp->rst_counter[cp->protoidx]); 1970 1971 if (--sp->rst_counter[cp->protoidx] < 0) 1972 /* TO- event */ 1973 switch (sp->state[cp->protoidx]) { 1974 case STATE_CLOSING: 1975 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1976 (cp->tlf)(sp); 1977 break; 1978 case STATE_STOPPING: 1979 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1980 (cp->tlf)(sp); 1981 break; 1982 case STATE_REQ_SENT: 1983 case STATE_ACK_RCVD: 1984 case STATE_ACK_SENT: 1985 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1986 (cp->tlf)(sp); 1987 break; 1988 } 1989 else 1990 /* TO+ event */ 1991 switch (sp->state[cp->protoidx]) { 1992 case STATE_CLOSING: 1993 case STATE_STOPPING: 1994 sppp_cp_send(sp, cp->proto, TERM_REQ, 1995 ++sp->pp_seq[cp->protoidx], 0, 0); 1996 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1997 sp->ch[cp->protoidx]); 1998 break; 1999 case STATE_REQ_SENT: 2000 case STATE_ACK_RCVD: 2001 (cp->scr)(sp); 2002 /* sppp_cp_change_state() will restart the timer */ 2003 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2004 break; 2005 case STATE_ACK_SENT: 2006 (cp->scr)(sp); 2007 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 2008 sp->ch[cp->protoidx]); 2009 break; 2010 } 2011 2012 splx(s); 2013} 2014 2015/* 2016 * Change the state of a control protocol in the state automaton. 2017 * Takes care of starting/stopping the restart timer. 2018 */ 2019void 2020sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2021{ 2022 sp->state[cp->protoidx] = newstate; 2023 2024 UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 2025 switch (newstate) { 2026 case STATE_INITIAL: 2027 case STATE_STARTING: 2028 case STATE_CLOSED: 2029 case STATE_STOPPED: 2030 case STATE_OPENED: 2031 break; 2032 case STATE_CLOSING: 2033 case STATE_STOPPING: 2034 case STATE_REQ_SENT: 2035 case STATE_ACK_RCVD: 2036 case STATE_ACK_SENT: 2037 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 2038 sp->ch[cp->protoidx]); 2039 break; 2040 } 2041} 2042 2043/* 2044 *--------------------------------------------------------------------------* 2045 * * 2046 * The LCP implementation. * 2047 * * 2048 *--------------------------------------------------------------------------* 2049 */ 2050static void 2051sppp_lcp_init(struct sppp *sp) 2052{ 2053 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2054 sp->lcp.magic = 0; 2055 sp->state[IDX_LCP] = STATE_INITIAL; 2056 sp->fail_counter[IDX_LCP] = 0; 2057 sp->pp_seq[IDX_LCP] = 0; 2058 sp->pp_rseq[IDX_LCP] = 0; 2059 sp->lcp.protos = 0; 2060 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2061 2062 /* Note that these values are relevant for all control protocols */ 2063 sp->lcp.timeout = 3 * hz; 2064 sp->lcp.max_terminate = 2; 2065 sp->lcp.max_configure = 10; 2066 sp->lcp.max_failure = 10; 2067#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2068 callout_handle_init(&sp->ch[IDX_LCP]); 2069#endif 2070} 2071 2072static void 2073sppp_lcp_up(struct sppp *sp) 2074{ 2075 STDDCL; 2076 2077 sp->pp_alivecnt = 0; 2078 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2079 sp->lcp.magic = 0; 2080 sp->lcp.protos = 0; 2081 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2082 /* 2083 * If we are authenticator, negotiate LCP_AUTH 2084 */ 2085 if (sp->hisauth.proto != 0) 2086 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2087 else 2088 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2089 sp->pp_flags &= ~PP_NEEDAUTH; 2090 /* 2091 * If this interface is passive or dial-on-demand, and we are 2092 * still in Initial state, it means we've got an incoming 2093 * call. Activate the interface. 2094 */ 2095 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2096 if (debug) 2097 log(LOG_DEBUG, 2098 SPP_FMT "Up event", SPP_ARGS(ifp)); 2099 ifp->if_flags |= IFF_RUNNING; 2100 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2101 if (debug) 2102 log(-1, "(incoming call)\n"); 2103 sp->pp_flags |= PP_CALLIN; 2104 lcp.Open(sp); 2105 } else if (debug) 2106 log(-1, "\n"); 2107 } 2108 2109 sppp_up_event(&lcp, sp); 2110} 2111 2112static void 2113sppp_lcp_down(struct sppp *sp) 2114{ 2115 STDDCL; 2116 2117 sppp_down_event(&lcp, sp); 2118 2119 /* 2120 * If this is neither a dial-on-demand nor a passive 2121 * interface, simulate an ``ifconfig down'' action, so the 2122 * administrator can force a redial by another ``ifconfig 2123 * up''. XXX For leased line operation, should we immediately 2124 * try to reopen the connection here? 2125 */ 2126 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2127 log(LOG_INFO, 2128 SPP_FMT "Down event, taking interface down.\n", 2129 SPP_ARGS(ifp)); 2130 if_down(ifp); 2131 } else { 2132 if (debug) 2133 log(LOG_DEBUG, 2134 SPP_FMT "Down event (carrier loss)\n", 2135 SPP_ARGS(ifp)); 2136 sp->pp_flags &= ~PP_CALLIN; 2137 if (sp->state[IDX_LCP] != STATE_INITIAL) 2138 lcp.Close(sp); 2139 ifp->if_flags &= ~IFF_RUNNING; 2140 } 2141} 2142 2143static void 2144sppp_lcp_open(struct sppp *sp) 2145{ 2146 sppp_open_event(&lcp, sp); 2147} 2148 2149static void 2150sppp_lcp_close(struct sppp *sp) 2151{ 2152 sppp_close_event(&lcp, sp); 2153} 2154 2155static void 2156sppp_lcp_TO(void *cookie) 2157{ 2158 sppp_to_event(&lcp, (struct sppp *)cookie); 2159} 2160 2161/* 2162 * Analyze a configure request. Return true if it was agreeable, and 2163 * caused action sca, false if it has been rejected or nak'ed, and 2164 * caused action scn. (The return value is used to make the state 2165 * transition decision in the state automaton.) 2166 */ 2167static int 2168sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2169{ 2170 STDDCL; 2171 u_char *buf, *r, *p; 2172 int origlen, rlen; 2173 u_long nmagic; 2174 u_short authproto; 2175 2176 len -= 4; 2177 origlen = len; 2178 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2179 if (! buf) 2180 return (0); 2181 2182 if (debug) 2183 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2184 SPP_ARGS(ifp)); 2185 2186 /* pass 1: check for things that need to be rejected */ 2187 p = (void*) (h+1); 2188 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2189 if (debug) 2190 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2191 switch (*p) { 2192 case LCP_OPT_MAGIC: 2193 /* Magic number. */ 2194 if (len >= 6 && p[1] == 6) 2195 continue; 2196 if (debug) 2197 log(-1, "[invalid] "); 2198 break; 2199 case LCP_OPT_ASYNC_MAP: 2200 /* Async control character map. */ 2201 if (len >= 6 && p[1] == 6) 2202 continue; 2203 if (debug) 2204 log(-1, "[invalid] "); 2205 break; 2206 case LCP_OPT_MRU: 2207 /* Maximum receive unit. */ 2208 if (len >= 4 && p[1] == 4) 2209 continue; 2210 if (debug) 2211 log(-1, "[invalid] "); 2212 break; 2213 case LCP_OPT_AUTH_PROTO: 2214 if (len < 4) { 2215 if (debug) 2216 log(-1, "[invalid] "); 2217 break; 2218 } 2219 authproto = (p[2] << 8) + p[3]; 2220 if (authproto == PPP_CHAP && p[1] != 5) { 2221 if (debug) 2222 log(-1, "[invalid chap len] "); 2223 break; 2224 } 2225 if (sp->myauth.proto == 0) { 2226 /* we are not configured to do auth */ 2227 if (debug) 2228 log(-1, "[not configured] "); 2229 break; 2230 } 2231 /* 2232 * Remote want us to authenticate, remember this, 2233 * so we stay in PHASE_AUTHENTICATE after LCP got 2234 * up. 2235 */ 2236 sp->pp_flags |= PP_NEEDAUTH; 2237 continue; 2238 default: 2239 /* Others not supported. */ 2240 if (debug) 2241 log(-1, "[rej] "); 2242 break; 2243 } 2244 /* Add the option to rejected list. */ 2245 bcopy (p, r, p[1]); 2246 r += p[1]; 2247 rlen += p[1]; 2248 } 2249 if (rlen) { 2250 if (debug) 2251 log(-1, " send conf-rej\n"); 2252 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2253 return 0; 2254 } else if (debug) 2255 log(-1, "\n"); 2256 2257 /* 2258 * pass 2: check for option values that are unacceptable and 2259 * thus require to be nak'ed. 2260 */ 2261 if (debug) 2262 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2263 SPP_ARGS(ifp)); 2264 2265 p = (void*) (h+1); 2266 len = origlen; 2267 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2268 if (debug) 2269 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2270 switch (*p) { 2271 case LCP_OPT_MAGIC: 2272 /* Magic number -- extract. */ 2273 nmagic = (u_long)p[2] << 24 | 2274 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2275 if (nmagic != sp->lcp.magic) { 2276 sp->pp_loopcnt = 0; 2277 if (debug) 2278 log(-1, "0x%lx ", nmagic); 2279 continue; 2280 } 2281 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2282 log(-1, "[glitch] "); 2283 ++sp->pp_loopcnt; 2284 /* 2285 * We negate our magic here, and NAK it. If 2286 * we see it later in an NAK packet, we 2287 * suggest a new one. 2288 */ 2289 nmagic = ~sp->lcp.magic; 2290 /* Gonna NAK it. */ 2291 p[2] = nmagic >> 24; 2292 p[3] = nmagic >> 16; 2293 p[4] = nmagic >> 8; 2294 p[5] = nmagic; 2295 break; 2296 2297 case LCP_OPT_ASYNC_MAP: 2298 /* 2299 * Async control character map -- just ignore it. 2300 * 2301 * Quote from RFC 1662, chapter 6: 2302 * To enable this functionality, synchronous PPP 2303 * implementations MUST always respond to the 2304 * Async-Control-Character-Map Configuration 2305 * Option with the LCP Configure-Ack. However, 2306 * acceptance of the Configuration Option does 2307 * not imply that the synchronous implementation 2308 * will do any ACCM mapping. Instead, all such 2309 * octet mapping will be performed by the 2310 * asynchronous-to-synchronous converter. 2311 */ 2312 continue; 2313 2314 case LCP_OPT_MRU: 2315 /* 2316 * Maximum receive unit. Always agreeable, 2317 * but ignored by now. 2318 */ 2319 sp->lcp.their_mru = p[2] * 256 + p[3]; 2320 if (debug) 2321 log(-1, "%lu ", sp->lcp.their_mru); 2322 continue; 2323 2324 case LCP_OPT_AUTH_PROTO: 2325 authproto = (p[2] << 8) + p[3]; 2326 if (sp->myauth.proto != authproto) { 2327 /* not agreed, nak */ 2328 if (debug) 2329 log(-1, "[mine %s != his %s] ", 2330 sppp_proto_name(sp->hisauth.proto), 2331 sppp_proto_name(authproto)); 2332 p[2] = sp->myauth.proto >> 8; 2333 p[3] = sp->myauth.proto; 2334 break; 2335 } 2336 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2337 if (debug) 2338 log(-1, "[chap not MD5] "); 2339 p[4] = CHAP_MD5; 2340 break; 2341 } 2342 continue; 2343 } 2344 /* Add the option to nak'ed list. */ 2345 bcopy (p, r, p[1]); 2346 r += p[1]; 2347 rlen += p[1]; 2348 } 2349 if (rlen) { 2350 /* 2351 * Local and remote magics equal -- loopback? 2352 */ 2353 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2354 if (sp->pp_loopcnt == MAXALIVECNT*5) 2355 printf (SPP_FMT "loopback\n", 2356 SPP_ARGS(ifp)); 2357 if (ifp->if_flags & IFF_UP) { 2358 if_down(ifp); 2359 sppp_qflush(&sp->pp_cpq); 2360 /* XXX ? */ 2361 lcp.Down(sp); 2362 lcp.Up(sp); 2363 } 2364 } else if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2365 if (debug) 2366 log(-1, " max_failure (%d) exceeded, " 2367 "send conf-rej\n", 2368 sp->lcp.max_failure); 2369 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2370 } else { 2371 if (debug) 2372 log(-1, " send conf-nak\n"); 2373 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2374 } 2375 } else { 2376 if (debug) 2377 log(-1, " send conf-ack\n"); 2378 sp->fail_counter[IDX_LCP] = 0; 2379 sp->pp_loopcnt = 0; 2380 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2381 h->ident, origlen, h+1); 2382 } 2383 2384 free (buf, M_TEMP); 2385 return (rlen == 0); 2386} 2387 2388/* 2389 * Analyze the LCP Configure-Reject option list, and adjust our 2390 * negotiation. 2391 */ 2392static void 2393sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2394{ 2395 STDDCL; 2396 u_char *buf, *p; 2397 2398 len -= 4; 2399 buf = malloc (len, M_TEMP, M_NOWAIT); 2400 if (!buf) 2401 return; 2402 2403 if (debug) 2404 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2405 SPP_ARGS(ifp)); 2406 2407 p = (void*) (h+1); 2408 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2409 if (debug) 2410 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2411 switch (*p) { 2412 case LCP_OPT_MAGIC: 2413 /* Magic number -- can't use it, use 0 */ 2414 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2415 sp->lcp.magic = 0; 2416 break; 2417 case LCP_OPT_MRU: 2418 /* 2419 * Should not be rejected anyway, since we only 2420 * negotiate a MRU if explicitly requested by 2421 * peer. 2422 */ 2423 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2424 break; 2425 case LCP_OPT_AUTH_PROTO: 2426 /* 2427 * Peer doesn't want to authenticate himself, 2428 * deny unless this is a dialout call, and 2429 * AUTHFLAG_NOCALLOUT is set. 2430 */ 2431 if ((sp->pp_flags & PP_CALLIN) == 0 && 2432 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2433 if (debug) 2434 log(-1, "[don't insist on auth " 2435 "for callout]"); 2436 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2437 break; 2438 } 2439 if (debug) 2440 log(-1, "[access denied]\n"); 2441 lcp.Close(sp); 2442 break; 2443 } 2444 } 2445 if (debug) 2446 log(-1, "\n"); 2447 free (buf, M_TEMP); 2448 return; 2449} 2450 2451/* 2452 * Analyze the LCP Configure-NAK option list, and adjust our 2453 * negotiation. 2454 */ 2455static void 2456sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2457{ 2458 STDDCL; 2459 u_char *buf, *p; 2460 u_long magic; 2461 2462 len -= 4; 2463 buf = malloc (len, M_TEMP, M_NOWAIT); 2464 if (!buf) 2465 return; 2466 2467 if (debug) 2468 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2469 SPP_ARGS(ifp)); 2470 2471 p = (void*) (h+1); 2472 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2473 if (debug) 2474 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2475 switch (*p) { 2476 case LCP_OPT_MAGIC: 2477 /* Magic number -- renegotiate */ 2478 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2479 len >= 6 && p[1] == 6) { 2480 magic = (u_long)p[2] << 24 | 2481 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2482 /* 2483 * If the remote magic is our negated one, 2484 * this looks like a loopback problem. 2485 * Suggest a new magic to make sure. 2486 */ 2487 if (magic == ~sp->lcp.magic) { 2488 if (debug) 2489 log(-1, "magic glitch "); 2490#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2491 sp->lcp.magic = random(); 2492#else 2493 sp->lcp.magic = time.tv_sec + time.tv_usec; 2494#endif 2495 } else { 2496 sp->lcp.magic = magic; 2497 if (debug) 2498 log(-1, "%lu ", magic); 2499 } 2500 } 2501 break; 2502 case LCP_OPT_MRU: 2503 /* 2504 * Peer wants to advise us to negotiate an MRU. 2505 * Agree on it if it's reasonable, or use 2506 * default otherwise. 2507 */ 2508 if (len >= 4 && p[1] == 4) { 2509 u_int mru = p[2] * 256 + p[3]; 2510 if (debug) 2511 log(-1, "%d ", mru); 2512 if (mru < PP_MTU || mru > PP_MAX_MRU) 2513 mru = PP_MTU; 2514 sp->lcp.mru = mru; 2515 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2516 } 2517 break; 2518 case LCP_OPT_AUTH_PROTO: 2519 /* 2520 * Peer doesn't like our authentication method, 2521 * deny. 2522 */ 2523 if (debug) 2524 log(-1, "[access denied]\n"); 2525 lcp.Close(sp); 2526 break; 2527 } 2528 } 2529 if (debug) 2530 log(-1, "\n"); 2531 free (buf, M_TEMP); 2532 return; 2533} 2534 2535static void 2536sppp_lcp_tlu(struct sppp *sp) 2537{ 2538 STDDCL; 2539 int i; 2540 u_long mask; 2541 2542 /* XXX ? */ 2543 if (! (ifp->if_flags & IFF_UP) && 2544 (ifp->if_flags & IFF_RUNNING)) { 2545 /* Coming out of loopback mode. */ 2546 if_up(ifp); 2547 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2548 } 2549 2550 for (i = 0; i < IDX_COUNT; i++) 2551 if ((cps[i])->flags & CP_QUAL) 2552 (cps[i])->Open(sp); 2553 2554 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2555 (sp->pp_flags & PP_NEEDAUTH) != 0) 2556 sp->pp_phase = PHASE_AUTHENTICATE; 2557 else 2558 sp->pp_phase = PHASE_NETWORK; 2559 2560 if (debug) 2561 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2562 sppp_phase_name(sp->pp_phase)); 2563 2564 /* 2565 * Open all authentication protocols. This is even required 2566 * if we already proceeded to network phase, since it might be 2567 * that remote wants us to authenticate, so we might have to 2568 * send a PAP request. Undesired authentication protocols 2569 * don't do anything when they get an Open event. 2570 */ 2571 for (i = 0; i < IDX_COUNT; i++) 2572 if ((cps[i])->flags & CP_AUTH) 2573 (cps[i])->Open(sp); 2574 2575 if (sp->pp_phase == PHASE_NETWORK) { 2576 /* Notify all NCPs. */ 2577 for (i = 0; i < IDX_COUNT; i++) 2578 if ((cps[i])->flags & CP_NCP) 2579 (cps[i])->Open(sp); 2580 } 2581 2582 /* Send Up events to all started protos. */ 2583 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2584 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2585 (cps[i])->Up(sp); 2586 2587 /* notify low-level driver of state change */ 2588 if (sp->pp_chg) 2589 sp->pp_chg(sp, (int)sp->pp_phase); 2590 2591 if (sp->pp_phase == PHASE_NETWORK) 2592 /* if no NCP is starting, close down */ 2593 sppp_lcp_check_and_close(sp); 2594} 2595 2596static void 2597sppp_lcp_tld(struct sppp *sp) 2598{ 2599 STDDCL; 2600 int i; 2601 u_long mask; 2602 2603 sp->pp_phase = PHASE_TERMINATE; 2604 2605 if (debug) 2606 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2607 sppp_phase_name(sp->pp_phase)); 2608 2609 /* 2610 * Take upper layers down. We send the Down event first and 2611 * the Close second to prevent the upper layers from sending 2612 * ``a flurry of terminate-request packets'', as the RFC 2613 * describes it. 2614 */ 2615 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2616 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2617 (cps[i])->Down(sp); 2618 (cps[i])->Close(sp); 2619 } 2620} 2621 2622static void 2623sppp_lcp_tls(struct sppp *sp) 2624{ 2625 STDDCL; 2626 2627 sp->pp_phase = PHASE_ESTABLISH; 2628 2629 if (debug) 2630 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2631 sppp_phase_name(sp->pp_phase)); 2632 2633 /* Notify lower layer if desired. */ 2634 if (sp->pp_tls) 2635 (sp->pp_tls)(sp); 2636 else 2637 (sp->pp_up)(sp); 2638} 2639 2640static void 2641sppp_lcp_tlf(struct sppp *sp) 2642{ 2643 STDDCL; 2644 2645 sp->pp_phase = PHASE_DEAD; 2646 if (debug) 2647 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2648 sppp_phase_name(sp->pp_phase)); 2649 2650 /* Notify lower layer if desired. */ 2651 if (sp->pp_tlf) 2652 (sp->pp_tlf)(sp); 2653 else 2654 (sp->pp_down)(sp); 2655} 2656 2657static void 2658sppp_lcp_scr(struct sppp *sp) 2659{ 2660 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2661 int i = 0; 2662 u_short authproto; 2663 2664 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2665 if (! sp->lcp.magic) 2666#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2667 sp->lcp.magic = random(); 2668#else 2669 sp->lcp.magic = time.tv_sec + time.tv_usec; 2670#endif 2671 opt[i++] = LCP_OPT_MAGIC; 2672 opt[i++] = 6; 2673 opt[i++] = sp->lcp.magic >> 24; 2674 opt[i++] = sp->lcp.magic >> 16; 2675 opt[i++] = sp->lcp.magic >> 8; 2676 opt[i++] = sp->lcp.magic; 2677 } 2678 2679 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2680 opt[i++] = LCP_OPT_MRU; 2681 opt[i++] = 4; 2682 opt[i++] = sp->lcp.mru >> 8; 2683 opt[i++] = sp->lcp.mru; 2684 } 2685 2686 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2687 authproto = sp->hisauth.proto; 2688 opt[i++] = LCP_OPT_AUTH_PROTO; 2689 opt[i++] = authproto == PPP_CHAP? 5: 4; 2690 opt[i++] = authproto >> 8; 2691 opt[i++] = authproto; 2692 if (authproto == PPP_CHAP) 2693 opt[i++] = CHAP_MD5; 2694 } 2695 2696 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2697 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2698} 2699 2700/* 2701 * Check the open NCPs, return true if at least one NCP is open. 2702 */ 2703static int 2704sppp_ncp_check(struct sppp *sp) 2705{ 2706 int i, mask; 2707 2708 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2709 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2710 return 1; 2711 return 0; 2712} 2713 2714/* 2715 * Re-check the open NCPs and see if we should terminate the link. 2716 * Called by the NCPs during their tlf action handling. 2717 */ 2718static void 2719sppp_lcp_check_and_close(struct sppp *sp) 2720{ 2721 2722 if (sp->pp_phase < PHASE_NETWORK) 2723 /* don't bother, we are already going down */ 2724 return; 2725 2726 if (sppp_ncp_check(sp)) 2727 return; 2728 2729 lcp.Close(sp); 2730} 2731 2732/* 2733 *--------------------------------------------------------------------------* 2734 * * 2735 * The IPCP implementation. * 2736 * * 2737 *--------------------------------------------------------------------------* 2738 */ 2739 2740static void 2741sppp_ipcp_init(struct sppp *sp) 2742{ 2743 sp->ipcp.opts = 0; 2744 sp->ipcp.flags = 0; 2745 sp->state[IDX_IPCP] = STATE_INITIAL; 2746 sp->fail_counter[IDX_IPCP] = 0; 2747 sp->pp_seq[IDX_IPCP] = 0; 2748 sp->pp_rseq[IDX_IPCP] = 0; 2749#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2750 callout_handle_init(&sp->ch[IDX_IPCP]); 2751#endif 2752} 2753 2754static void 2755sppp_ipcp_up(struct sppp *sp) 2756{ 2757 sppp_up_event(&ipcp, sp); 2758} 2759 2760static void 2761sppp_ipcp_down(struct sppp *sp) 2762{ 2763 sppp_down_event(&ipcp, sp); 2764} 2765 2766static void 2767sppp_ipcp_open(struct sppp *sp) 2768{ 2769 STDDCL; 2770 u_long myaddr, hisaddr; 2771 2772 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN | 2773 IPCP_MYADDR_DYN | IPCP_VJ); 2774 2775 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2776 /* 2777 * If we don't have his address, this probably means our 2778 * interface doesn't want to talk IP at all. (This could 2779 * be the case if somebody wants to speak only IPX, for 2780 * example.) Don't open IPCP in this case. 2781 */ 2782 if (hisaddr == 0L) { 2783 /* XXX this message should go away */ 2784 if (debug) 2785 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2786 SPP_ARGS(ifp)); 2787 return; 2788 } 2789 if (myaddr == 0L) { 2790 /* 2791 * I don't have an assigned address, so i need to 2792 * negotiate my address. 2793 */ 2794 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2795 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2796 } else 2797 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2798 if (sp->enable_vj) { 2799 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION); 2800 sp->ipcp.max_state = MAX_STATES - 1; 2801 sp->ipcp.compress_cid = 1; 2802 } 2803 sppp_open_event(&ipcp, sp); 2804} 2805 2806static void 2807sppp_ipcp_close(struct sppp *sp) 2808{ 2809 sppp_close_event(&ipcp, sp); 2810 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2811 /* 2812 * My address was dynamic, clear it again. 2813 */ 2814 sppp_set_ip_addr(sp, 0L); 2815} 2816 2817static void 2818sppp_ipcp_TO(void *cookie) 2819{ 2820 sppp_to_event(&ipcp, (struct sppp *)cookie); 2821} 2822 2823/* 2824 * Analyze a configure request. Return true if it was agreeable, and 2825 * caused action sca, false if it has been rejected or nak'ed, and 2826 * caused action scn. (The return value is used to make the state 2827 * transition decision in the state automaton.) 2828 */ 2829static int 2830sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2831{ 2832 u_char *buf, *r, *p; 2833 struct ifnet *ifp = &sp->pp_if; 2834 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2835 u_long hisaddr, desiredaddr; 2836 int gotmyaddr = 0; 2837 int desiredcomp; 2838 2839 len -= 4; 2840 origlen = len; 2841 /* 2842 * Make sure to allocate a buf that can at least hold a 2843 * conf-nak with an `address' option. We might need it below. 2844 */ 2845 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2846 if (! buf) 2847 return (0); 2848 2849 /* pass 1: see if we can recognize them */ 2850 if (debug) 2851 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2852 SPP_ARGS(ifp)); 2853 p = (void*) (h+1); 2854 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2855 if (debug) 2856 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2857 switch (*p) { 2858 case IPCP_OPT_COMPRESSION: 2859 if (!sp->enable_vj) { 2860 /* VJ compression administratively disabled */ 2861 if (debug) 2862 log(-1, "[locally disabled] "); 2863 break; 2864 } 2865 /* 2866 * In theory, we should only conf-rej an 2867 * option that is shorter than RFC 1618 2868 * requires (i.e. < 4), and should conf-nak 2869 * anything else that is not VJ. However, 2870 * since our algorithm always uses the 2871 * original option to NAK it with new values, 2872 * things would become more complicated. In 2873 * pratice, the only commonly implemented IP 2874 * compression option is VJ anyway, so the 2875 * difference is negligible. 2876 */ 2877 if (len >= 6 && p[1] == 6) { 2878 /* 2879 * correctly formed compression option 2880 * that could be VJ compression 2881 */ 2882 continue; 2883 } 2884 if (debug) 2885 log(-1, 2886 "optlen %d [invalid/unsupported] ", 2887 p[1]); 2888 break; 2889 case IPCP_OPT_ADDRESS: 2890 if (len >= 6 && p[1] == 6) { 2891 /* correctly formed address option */ 2892 continue; 2893 } 2894 if (debug) 2895 log(-1, "[invalid] "); 2896 break; 2897 default: 2898 /* Others not supported. */ 2899 if (debug) 2900 log(-1, "[rej] "); 2901 break; 2902 } 2903 /* Add the option to rejected list. */ 2904 bcopy (p, r, p[1]); 2905 r += p[1]; 2906 rlen += p[1]; 2907 } 2908 if (rlen) { 2909 if (debug) 2910 log(-1, " send conf-rej\n"); 2911 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2912 return 0; 2913 } else if (debug) 2914 log(-1, "\n"); 2915 2916 /* pass 2: parse option values */ 2917 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2918 if (debug) 2919 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2920 SPP_ARGS(ifp)); 2921 p = (void*) (h+1); 2922 len = origlen; 2923 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2924 if (debug) 2925 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2926 switch (*p) { 2927 case IPCP_OPT_COMPRESSION: 2928 desiredcomp = p[2] << 8 | p[3]; 2929 /* We only support VJ */ 2930 if (desiredcomp == IPCP_COMP_VJ) { 2931 if (debug) 2932 log(-1, "VJ [ack] "); 2933 sp->ipcp.flags |= IPCP_VJ; 2934 sl_compress_init(&sp->pp_comp, p[4]); 2935 sp->ipcp.max_state = p[4]; 2936 sp->ipcp.compress_cid = p[5]; 2937 continue; 2938 } 2939 if (debug) 2940 log(-1, 2941 "compproto %#04x [not supported] ", 2942 desiredcomp); 2943 p[2] = IPCP_COMP_VJ >> 8; 2944 p[3] = IPCP_COMP_VJ; 2945 p[4] = sp->ipcp.max_state; 2946 p[5] = sp->ipcp.compress_cid; 2947 break; 2948 case IPCP_OPT_ADDRESS: 2949 /* This is the address he wants in his end */ 2950 desiredaddr = p[2] << 24 | p[3] << 16 | 2951 p[4] << 8 | p[5]; 2952 if (desiredaddr == hisaddr || 2953 (hisaddr == 1 && desiredaddr != 0)) { 2954 /* 2955 * Peer's address is same as our value, 2956 * or we have set it to 0.0.0.1 to 2957 * indicate that we do not really care, 2958 * this is agreeable. Gonna conf-ack 2959 * it. 2960 */ 2961 if (debug) 2962 log(-1, "%s [ack] ", 2963 sppp_dotted_quad(hisaddr)); 2964 /* record that we've seen it already */ 2965 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2966 continue; 2967 } 2968 /* 2969 * The address wasn't agreeable. This is either 2970 * he sent us 0.0.0.0, asking to assign him an 2971 * address, or he send us another address not 2972 * matching our value. Either case, we gonna 2973 * conf-nak it with our value. 2974 * XXX: we should "rej" if hisaddr == 0 2975 */ 2976 if (debug) { 2977 if (desiredaddr == 0) 2978 log(-1, "[addr requested] "); 2979 else 2980 log(-1, "%s [not agreed] ", 2981 sppp_dotted_quad(desiredaddr)); 2982 2983 } 2984 p[2] = hisaddr >> 24; 2985 p[3] = hisaddr >> 16; 2986 p[4] = hisaddr >> 8; 2987 p[5] = hisaddr; 2988 break; 2989 } 2990 /* Add the option to nak'ed list. */ 2991 bcopy (p, r, p[1]); 2992 r += p[1]; 2993 rlen += p[1]; 2994 } 2995 2996 /* 2997 * If we are about to conf-ack the request, but haven't seen 2998 * his address so far, gonna conf-nak it instead, with the 2999 * `address' option present and our idea of his address being 3000 * filled in there, to request negotiation of both addresses. 3001 * 3002 * XXX This can result in an endless req - nak loop if peer 3003 * doesn't want to send us his address. Q: What should we do 3004 * about it? XXX A: implement the max-failure counter. 3005 */ 3006 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 3007 buf[0] = IPCP_OPT_ADDRESS; 3008 buf[1] = 6; 3009 buf[2] = hisaddr >> 24; 3010 buf[3] = hisaddr >> 16; 3011 buf[4] = hisaddr >> 8; 3012 buf[5] = hisaddr; 3013 rlen = 6; 3014 if (debug) 3015 log(-1, "still need hisaddr "); 3016 } 3017 3018 if (rlen) { 3019 if (debug) 3020 log(-1, " send conf-nak\n"); 3021 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3022 } else { 3023 if (debug) 3024 log(-1, " send conf-ack\n"); 3025 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 3026 h->ident, origlen, h+1); 3027 } 3028 3029 free (buf, M_TEMP); 3030 return (rlen == 0); 3031} 3032 3033/* 3034 * Analyze the IPCP Configure-Reject option list, and adjust our 3035 * negotiation. 3036 */ 3037static void 3038sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3039{ 3040 u_char *buf, *p; 3041 struct ifnet *ifp = &sp->pp_if; 3042 int debug = ifp->if_flags & IFF_DEBUG; 3043 3044 len -= 4; 3045 buf = malloc (len, M_TEMP, M_NOWAIT); 3046 if (!buf) 3047 return; 3048 3049 if (debug) 3050 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 3051 SPP_ARGS(ifp)); 3052 3053 p = (void*) (h+1); 3054 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3055 if (debug) 3056 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3057 switch (*p) { 3058 case IPCP_OPT_COMPRESSION: 3059 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION); 3060 break; 3061 case IPCP_OPT_ADDRESS: 3062 /* 3063 * Peer doesn't grok address option. This is 3064 * bad. XXX Should we better give up here? 3065 * XXX We could try old "addresses" option... 3066 */ 3067 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3068 break; 3069 } 3070 } 3071 if (debug) 3072 log(-1, "\n"); 3073 free (buf, M_TEMP); 3074 return; 3075} 3076 3077/* 3078 * Analyze the IPCP Configure-NAK option list, and adjust our 3079 * negotiation. 3080 */ 3081static void 3082sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3083{ 3084 u_char *buf, *p; 3085 struct ifnet *ifp = &sp->pp_if; 3086 int debug = ifp->if_flags & IFF_DEBUG; 3087 int desiredcomp; 3088 u_long wantaddr; 3089 3090 len -= 4; 3091 buf = malloc (len, M_TEMP, M_NOWAIT); 3092 if (!buf) 3093 return; 3094 3095 if (debug) 3096 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 3097 SPP_ARGS(ifp)); 3098 3099 p = (void*) (h+1); 3100 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3101 if (debug) 3102 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3103 switch (*p) { 3104 case IPCP_OPT_COMPRESSION: 3105 if (len >= 6 && p[1] == 6) { 3106 desiredcomp = p[2] << 8 | p[3]; 3107 if (debug) 3108 log(-1, "[wantcomp %#04x] ", 3109 desiredcomp); 3110 if (desiredcomp == IPCP_COMP_VJ) { 3111 sl_compress_init(&sp->pp_comp, p[4]); 3112 sp->ipcp.max_state = p[4]; 3113 sp->ipcp.compress_cid = p[5]; 3114 if (debug) 3115 log(-1, "[agree] "); 3116 } else 3117 sp->ipcp.opts &= 3118 ~(1 << IPCP_OPT_COMPRESSION); 3119 } 3120 break; 3121 case IPCP_OPT_ADDRESS: 3122 /* 3123 * Peer doesn't like our local IP address. See 3124 * if we can do something for him. We'll drop 3125 * him our address then. 3126 */ 3127 if (len >= 6 && p[1] == 6) { 3128 wantaddr = p[2] << 24 | p[3] << 16 | 3129 p[4] << 8 | p[5]; 3130 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3131 if (debug) 3132 log(-1, "[wantaddr %s] ", 3133 sppp_dotted_quad(wantaddr)); 3134 /* 3135 * When doing dynamic address assignment, 3136 * we accept his offer. Otherwise, we 3137 * ignore it and thus continue to negotiate 3138 * our already existing value. 3139 * XXX: Bogus, if he said no once, he'll 3140 * just say no again, might as well die. 3141 */ 3142 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3143 sppp_set_ip_addr(sp, wantaddr); 3144 if (debug) 3145 log(-1, "[agree] "); 3146 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3147 } 3148 } 3149 break; 3150 } 3151 } 3152 if (debug) 3153 log(-1, "\n"); 3154 free (buf, M_TEMP); 3155 return; 3156} 3157 3158static void 3159sppp_ipcp_tlu(struct sppp *sp) 3160{ 3161 /* we are up - notify isdn daemon */ 3162 if (sp->pp_con) 3163 sp->pp_con(sp); 3164} 3165 3166static void 3167sppp_ipcp_tld(struct sppp *sp) 3168{ 3169} 3170 3171static void 3172sppp_ipcp_tls(struct sppp *sp) 3173{ 3174 /* indicate to LCP that it must stay alive */ 3175 sp->lcp.protos |= (1 << IDX_IPCP); 3176} 3177 3178static void 3179sppp_ipcp_tlf(struct sppp *sp) 3180{ 3181 /* we no longer need LCP */ 3182 sp->lcp.protos &= ~(1 << IDX_IPCP); 3183 sppp_lcp_check_and_close(sp); 3184} 3185 3186static void 3187sppp_ipcp_scr(struct sppp *sp) 3188{ 3189 char opt[6 /* compression */ + 6 /* address */]; 3190 u_long ouraddr; 3191 int i = 0; 3192 3193 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3194 opt[i++] = IPCP_OPT_COMPRESSION; 3195 opt[i++] = 6; 3196 opt[i++] = IPCP_COMP_VJ >> 8; 3197 opt[i++] = IPCP_COMP_VJ; 3198 opt[i++] = sp->ipcp.max_state; 3199 opt[i++] = sp->ipcp.compress_cid; 3200 } 3201 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3202 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3203 opt[i++] = IPCP_OPT_ADDRESS; 3204 opt[i++] = 6; 3205 opt[i++] = ouraddr >> 24; 3206 opt[i++] = ouraddr >> 16; 3207 opt[i++] = ouraddr >> 8; 3208 opt[i++] = ouraddr; 3209 } 3210 3211 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3212 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3213} 3214 3215/* 3216 *--------------------------------------------------------------------------* 3217 * * 3218 * The IPv6CP implementation. * 3219 * * 3220 *--------------------------------------------------------------------------* 3221 */ 3222 3223#ifdef INET6 3224static void 3225sppp_ipv6cp_init(struct sppp *sp) 3226{ 3227 sp->ipv6cp.opts = 0; 3228 sp->ipv6cp.flags = 0; 3229 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3230 sp->fail_counter[IDX_IPV6CP] = 0; 3231 sp->pp_seq[IDX_IPV6CP] = 0; 3232 sp->pp_rseq[IDX_IPV6CP] = 0; 3233#if defined(__NetBSD__) 3234 callout_init(&sp->ch[IDX_IPV6CP]); 3235#endif 3236#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3237 callout_handle_init(&sp->ch[IDX_IPV6CP]); 3238#endif 3239} 3240 3241static void 3242sppp_ipv6cp_up(struct sppp *sp) 3243{ 3244 sppp_up_event(&ipv6cp, sp); 3245} 3246 3247static void 3248sppp_ipv6cp_down(struct sppp *sp) 3249{ 3250 sppp_down_event(&ipv6cp, sp); 3251} 3252 3253static void 3254sppp_ipv6cp_open(struct sppp *sp) 3255{ 3256 STDDCL; 3257 struct in6_addr myaddr, hisaddr; 3258 3259#ifdef IPV6CP_MYIFID_DYN 3260 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3261#else 3262 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3263#endif 3264 3265 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3266 /* 3267 * If we don't have our address, this probably means our 3268 * interface doesn't want to talk IPv6 at all. (This could 3269 * be the case if somebody wants to speak only IPX, for 3270 * example.) Don't open IPv6CP in this case. 3271 */ 3272 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3273 /* XXX this message should go away */ 3274 if (debug) 3275 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3276 SPP_ARGS(ifp)); 3277 return; 3278 } 3279 3280 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3281 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3282 sppp_open_event(&ipv6cp, sp); 3283} 3284 3285static void 3286sppp_ipv6cp_close(struct sppp *sp) 3287{ 3288 sppp_close_event(&ipv6cp, sp); 3289} 3290 3291static void 3292sppp_ipv6cp_TO(void *cookie) 3293{ 3294 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3295} 3296 3297/* 3298 * Analyze a configure request. Return true if it was agreeable, and 3299 * caused action sca, false if it has been rejected or nak'ed, and 3300 * caused action scn. (The return value is used to make the state 3301 * transition decision in the state automaton.) 3302 */ 3303static int 3304sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3305{ 3306 u_char *buf, *r, *p; 3307 struct ifnet *ifp = &sp->pp_if; 3308 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3309 struct in6_addr myaddr, desiredaddr, suggestaddr; 3310 int ifidcount; 3311 int type; 3312 int collision, nohisaddr; 3313 3314 len -= 4; 3315 origlen = len; 3316 /* 3317 * Make sure to allocate a buf that can at least hold a 3318 * conf-nak with an `address' option. We might need it below. 3319 */ 3320 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3321 if (! buf) 3322 return (0); 3323 3324 /* pass 1: see if we can recognize them */ 3325 if (debug) 3326 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3327 SPP_ARGS(ifp)); 3328 p = (void*) (h+1); 3329 ifidcount = 0; 3330 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3331 if (debug) 3332 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3333 switch (*p) { 3334 case IPV6CP_OPT_IFID: 3335 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3336 /* correctly formed address option */ 3337 ifidcount++; 3338 continue; 3339 } 3340 if (debug) 3341 log(-1, " [invalid]"); 3342 break; 3343#ifdef notyet 3344 case IPV6CP_OPT_COMPRESSION: 3345 if (len >= 4 && p[1] >= 4) { 3346 /* correctly formed compress option */ 3347 continue; 3348 } 3349 if (debug) 3350 log(-1, " [invalid]"); 3351 break; 3352#endif 3353 default: 3354 /* Others not supported. */ 3355 if (debug) 3356 log(-1, " [rej]"); 3357 break; 3358 } 3359 /* Add the option to rejected list. */ 3360 bcopy (p, r, p[1]); 3361 r += p[1]; 3362 rlen += p[1]; 3363 } 3364 if (rlen) { 3365 if (debug) 3366 log(-1, " send conf-rej\n"); 3367 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3368 goto end; 3369 } else if (debug) 3370 log(-1, "\n"); 3371 3372 /* pass 2: parse option values */ 3373 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3374 if (debug) 3375 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3376 SPP_ARGS(ifp)); 3377 p = (void*) (h+1); 3378 len = origlen; 3379 type = CONF_ACK; 3380 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3381 if (debug) 3382 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3383 switch (*p) { 3384#ifdef notyet 3385 case IPV6CP_OPT_COMPRESSION: 3386 continue; 3387#endif 3388 case IPV6CP_OPT_IFID: 3389 bzero(&desiredaddr, sizeof(desiredaddr)); 3390 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3391 collision = (bcmp(&desiredaddr.s6_addr[8], 3392 &myaddr.s6_addr[8], 8) == 0); 3393 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3394 3395 desiredaddr.s6_addr16[0] = htons(0xfe80); 3396 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3397 3398 if (!collision && !nohisaddr) { 3399 /* no collision, hisaddr known - Conf-Ack */ 3400 type = CONF_ACK; 3401 3402 if (debug) { 3403 log(-1, " %s [%s]", 3404 ip6_sprintf(&desiredaddr), 3405 sppp_cp_type_name(type)); 3406 } 3407 continue; 3408 } 3409 3410 bzero(&suggestaddr, sizeof(&suggestaddr)); 3411 if (collision && nohisaddr) { 3412 /* collision, hisaddr unknown - Conf-Rej */ 3413 type = CONF_REJ; 3414 bzero(&p[2], 8); 3415 } else { 3416 /* 3417 * - no collision, hisaddr unknown, or 3418 * - collision, hisaddr known 3419 * Conf-Nak, suggest hisaddr 3420 */ 3421 type = CONF_NAK; 3422 sppp_suggest_ip6_addr(sp, &suggestaddr); 3423 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3424 } 3425 if (debug) 3426 log(-1, " %s [%s]", ip6_sprintf(&desiredaddr), 3427 sppp_cp_type_name(type)); 3428 break; 3429 } 3430 /* Add the option to nak'ed list. */ 3431 bcopy (p, r, p[1]); 3432 r += p[1]; 3433 rlen += p[1]; 3434 } 3435 3436 if (rlen == 0 && type == CONF_ACK) { 3437 if (debug) 3438 log(-1, " send %s\n", sppp_cp_type_name(type)); 3439 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3440 } else { 3441#ifdef DIAGNOSTIC 3442 if (type == CONF_ACK) 3443 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3444#endif 3445 3446 if (debug) { 3447 log(-1, " send %s suggest %s\n", 3448 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3449 } 3450 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3451 } 3452 3453 end: 3454 free (buf, M_TEMP); 3455 return (rlen == 0); 3456} 3457 3458/* 3459 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3460 * negotiation. 3461 */ 3462static void 3463sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3464{ 3465 u_char *buf, *p; 3466 struct ifnet *ifp = &sp->pp_if; 3467 int debug = ifp->if_flags & IFF_DEBUG; 3468 3469 len -= 4; 3470 buf = malloc (len, M_TEMP, M_NOWAIT); 3471 if (!buf) 3472 return; 3473 3474 if (debug) 3475 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3476 SPP_ARGS(ifp)); 3477 3478 p = (void*) (h+1); 3479 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3480 if (debug) 3481 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3482 switch (*p) { 3483 case IPV6CP_OPT_IFID: 3484 /* 3485 * Peer doesn't grok address option. This is 3486 * bad. XXX Should we better give up here? 3487 */ 3488 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3489 break; 3490#ifdef notyet 3491 case IPV6CP_OPT_COMPRESS: 3492 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3493 break; 3494#endif 3495 } 3496 } 3497 if (debug) 3498 log(-1, "\n"); 3499 free (buf, M_TEMP); 3500 return; 3501} 3502 3503/* 3504 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3505 * negotiation. 3506 */ 3507static void 3508sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3509{ 3510 u_char *buf, *p; 3511 struct ifnet *ifp = &sp->pp_if; 3512 int debug = ifp->if_flags & IFF_DEBUG; 3513 struct in6_addr suggestaddr; 3514 3515 len -= 4; 3516 buf = malloc (len, M_TEMP, M_NOWAIT); 3517 if (!buf) 3518 return; 3519 3520 if (debug) 3521 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3522 SPP_ARGS(ifp)); 3523 3524 p = (void*) (h+1); 3525 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3526 if (debug) 3527 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3528 switch (*p) { 3529 case IPV6CP_OPT_IFID: 3530 /* 3531 * Peer doesn't like our local ifid. See 3532 * if we can do something for him. We'll drop 3533 * him our address then. 3534 */ 3535 if (len < 10 || p[1] != 10) 3536 break; 3537 bzero(&suggestaddr, sizeof(suggestaddr)); 3538 suggestaddr.s6_addr16[0] = htons(0xfe80); 3539 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3540 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3541 3542 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3543 if (debug) 3544 log(-1, " [suggestaddr %s]", 3545 ip6_sprintf(&suggestaddr)); 3546#ifdef IPV6CP_MYIFID_DYN 3547 /* 3548 * When doing dynamic address assignment, 3549 * we accept his offer. 3550 */ 3551 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3552 struct in6_addr lastsuggest; 3553 /* 3554 * If <suggested myaddr from peer> equals to 3555 * <hisaddr we have suggested last time>, 3556 * we have a collision. generate new random 3557 * ifid. 3558 */ 3559 sppp_suggest_ip6_addr(&lastsuggest); 3560 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3561 lastsuggest)) { 3562 if (debug) 3563 log(-1, " [random]"); 3564 sppp_gen_ip6_addr(sp, &suggestaddr); 3565 } 3566 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3567 if (debug) 3568 log(-1, " [agree]"); 3569 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3570 } 3571#else 3572 /* 3573 * Since we do not do dynamic address assignment, 3574 * we ignore it and thus continue to negotiate 3575 * our already existing value. This can possibly 3576 * go into infinite request-reject loop. 3577 * 3578 * This is not likely because we normally use 3579 * ifid based on MAC-address. 3580 * If you have no ethernet card on the node, too bad. 3581 * XXX should we use fail_counter? 3582 */ 3583#endif 3584 break; 3585#ifdef notyet 3586 case IPV6CP_OPT_COMPRESS: 3587 /* 3588 * Peer wants different compression parameters. 3589 */ 3590 break; 3591#endif 3592 } 3593 } 3594 if (debug) 3595 log(-1, "\n"); 3596 free (buf, M_TEMP); 3597 return; 3598} 3599static void 3600sppp_ipv6cp_tlu(struct sppp *sp) 3601{ 3602 /* we are up - notify isdn daemon */ 3603 if (sp->pp_con) 3604 sp->pp_con(sp); 3605} 3606 3607static void 3608sppp_ipv6cp_tld(struct sppp *sp) 3609{ 3610} 3611 3612static void 3613sppp_ipv6cp_tls(struct sppp *sp) 3614{ 3615 /* indicate to LCP that it must stay alive */ 3616 sp->lcp.protos |= (1 << IDX_IPV6CP); 3617} 3618 3619static void 3620sppp_ipv6cp_tlf(struct sppp *sp) 3621{ 3622 3623#if 0 /* need #if 0 to close IPv6CP properly */ 3624 /* we no longer need LCP */ 3625 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3626 sppp_lcp_check_and_close(sp); 3627#endif 3628} 3629 3630static void 3631sppp_ipv6cp_scr(struct sppp *sp) 3632{ 3633 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3634 struct in6_addr ouraddr; 3635 int i = 0; 3636 3637 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3638 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3639 opt[i++] = IPV6CP_OPT_IFID; 3640 opt[i++] = 10; 3641 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3642 i += 8; 3643 } 3644 3645#ifdef notyet 3646 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3647 opt[i++] = IPV6CP_OPT_COMPRESSION; 3648 opt[i++] = 4; 3649 opt[i++] = 0; /* TBD */ 3650 opt[i++] = 0; /* TBD */ 3651 /* variable length data may follow */ 3652 } 3653#endif 3654 3655 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3656 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3657} 3658#else /*INET6*/ 3659static void sppp_ipv6cp_init(struct sppp *sp) 3660{ 3661} 3662 3663static void sppp_ipv6cp_up(struct sppp *sp) 3664{ 3665} 3666 3667static void sppp_ipv6cp_down(struct sppp *sp) 3668{ 3669} 3670 3671 3672static void sppp_ipv6cp_open(struct sppp *sp) 3673{ 3674} 3675 3676static void sppp_ipv6cp_close(struct sppp *sp) 3677{ 3678} 3679 3680static void sppp_ipv6cp_TO(void *sp) 3681{ 3682} 3683 3684static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3685{ 3686 return 0; 3687} 3688 3689static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3690{ 3691} 3692 3693static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3694{ 3695} 3696 3697static void sppp_ipv6cp_tlu(struct sppp *sp) 3698{ 3699} 3700 3701static void sppp_ipv6cp_tld(struct sppp *sp) 3702{ 3703} 3704 3705static void sppp_ipv6cp_tls(struct sppp *sp) 3706{ 3707} 3708 3709static void sppp_ipv6cp_tlf(struct sppp *sp) 3710{ 3711} 3712 3713static void sppp_ipv6cp_scr(struct sppp *sp) 3714{ 3715} 3716#endif /*INET6*/ 3717 3718/* 3719 *--------------------------------------------------------------------------* 3720 * * 3721 * The CHAP implementation. * 3722 * * 3723 *--------------------------------------------------------------------------* 3724 */ 3725 3726/* 3727 * The authentication protocols don't employ a full-fledged state machine as 3728 * the control protocols do, since they do have Open and Close events, but 3729 * not Up and Down, nor are they explicitly terminated. Also, use of the 3730 * authentication protocols may be different in both directions (this makes 3731 * sense, think of a machine that never accepts incoming calls but only 3732 * calls out, it doesn't require the called party to authenticate itself). 3733 * 3734 * Our state machine for the local authentication protocol (we are requesting 3735 * the peer to authenticate) looks like: 3736 * 3737 * RCA- 3738 * +--------------------------------------------+ 3739 * V scn,tld| 3740 * +--------+ Close +---------+ RCA+ 3741 * | |<----------------------------------| |------+ 3742 * +--->| Closed | TO* | Opened | sca | 3743 * | | |-----+ +-------| |<-----+ 3744 * | +--------+ irc | | +---------+ 3745 * | ^ | | ^ 3746 * | | | | | 3747 * | | | | | 3748 * | TO-| | | | 3749 * | |tld TO+ V | | 3750 * | | +------->+ | | 3751 * | | | | | | 3752 * | +--------+ V | | 3753 * | | |<----+<--------------------+ | 3754 * | | Req- | scr | 3755 * | | Sent | | 3756 * | | | | 3757 * | +--------+ | 3758 * | RCA- | | RCA+ | 3759 * +------+ +------------------------------------------+ 3760 * scn,tld sca,irc,ict,tlu 3761 * 3762 * 3763 * with: 3764 * 3765 * Open: LCP reached authentication phase 3766 * Close: LCP reached terminate phase 3767 * 3768 * RCA+: received reply (pap-req, chap-response), acceptable 3769 * RCN: received reply (pap-req, chap-response), not acceptable 3770 * TO+: timeout with restart counter >= 0 3771 * TO-: timeout with restart counter < 0 3772 * TO*: reschedule timeout for CHAP 3773 * 3774 * scr: send request packet (none for PAP, chap-challenge) 3775 * sca: send ack packet (pap-ack, chap-success) 3776 * scn: send nak packet (pap-nak, chap-failure) 3777 * ict: initialize re-challenge timer (CHAP only) 3778 * 3779 * tlu: this-layer-up, LCP reaches network phase 3780 * tld: this-layer-down, LCP enters terminate phase 3781 * 3782 * Note that in CHAP mode, after sending a new challenge, while the state 3783 * automaton falls back into Req-Sent state, it doesn't signal a tld 3784 * event to LCP, so LCP remains in network phase. Only after not getting 3785 * any response (or after getting an unacceptable response), CHAP closes, 3786 * causing LCP to enter terminate phase. 3787 * 3788 * With PAP, there is no initial request that can be sent. The peer is 3789 * expected to send one based on the successful negotiation of PAP as 3790 * the authentication protocol during the LCP option negotiation. 3791 * 3792 * Incoming authentication protocol requests (remote requests 3793 * authentication, we are peer) don't employ a state machine at all, 3794 * they are simply answered. Some peers [Ascend P50 firmware rev 3795 * 4.50] react allergically when sending IPCP requests while they are 3796 * still in authentication phase (thereby violating the standard that 3797 * demands that these NCP packets are to be discarded), so we keep 3798 * track of the peer demanding us to authenticate, and only proceed to 3799 * phase network once we've seen a positive acknowledge for the 3800 * authentication. 3801 */ 3802 3803/* 3804 * Handle incoming CHAP packets. 3805 */ 3806void 3807sppp_chap_input(struct sppp *sp, struct mbuf *m) 3808{ 3809 STDDCL; 3810 struct lcp_header *h; 3811 int len, x; 3812 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3813 int value_len, name_len; 3814 MD5_CTX ctx; 3815 3816 len = m->m_pkthdr.len; 3817 if (len < 4) { 3818 if (debug) 3819 log(LOG_DEBUG, 3820 SPP_FMT "chap invalid packet length: %d bytes\n", 3821 SPP_ARGS(ifp), len); 3822 return; 3823 } 3824 h = mtod (m, struct lcp_header*); 3825 if (len > ntohs (h->len)) 3826 len = ntohs (h->len); 3827 3828 switch (h->type) { 3829 /* challenge, failure and success are his authproto */ 3830 case CHAP_CHALLENGE: 3831 value = 1 + (u_char*)(h+1); 3832 value_len = value[-1]; 3833 name = value + value_len; 3834 name_len = len - value_len - 5; 3835 if (name_len < 0) { 3836 if (debug) { 3837 log(LOG_DEBUG, 3838 SPP_FMT "chap corrupted challenge " 3839 "<%s id=0x%x len=%d", 3840 SPP_ARGS(ifp), 3841 sppp_auth_type_name(PPP_CHAP, h->type), 3842 h->ident, ntohs(h->len)); 3843 sppp_print_bytes((u_char*) (h+1), len-4); 3844 log(-1, ">\n"); 3845 } 3846 break; 3847 } 3848 3849 if (debug) { 3850 log(LOG_DEBUG, 3851 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3852 SPP_ARGS(ifp), 3853 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3854 ntohs(h->len)); 3855 sppp_print_string((char*) name, name_len); 3856 log(-1, " value-size=%d value=", value_len); 3857 sppp_print_bytes(value, value_len); 3858 log(-1, ">\n"); 3859 } 3860 3861 /* Compute reply value. */ 3862 MD5Init(&ctx); 3863 MD5Update(&ctx, &h->ident, 1); 3864 MD5Update(&ctx, sp->myauth.secret, 3865 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3866 MD5Update(&ctx, value, value_len); 3867 MD5Final(digest, &ctx); 3868 dsize = sizeof digest; 3869 3870 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3871 sizeof dsize, (const char *)&dsize, 3872 sizeof digest, digest, 3873 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3874 sp->myauth.name, 3875 0); 3876 break; 3877 3878 case CHAP_SUCCESS: 3879 if (debug) { 3880 log(LOG_DEBUG, SPP_FMT "chap success", 3881 SPP_ARGS(ifp)); 3882 if (len > 4) { 3883 log(-1, ": "); 3884 sppp_print_string((char*)(h + 1), len - 4); 3885 } 3886 log(-1, "\n"); 3887 } 3888 x = splimp(); 3889 sp->pp_flags &= ~PP_NEEDAUTH; 3890 if (sp->myauth.proto == PPP_CHAP && 3891 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3892 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3893 /* 3894 * We are authenticator for CHAP but didn't 3895 * complete yet. Leave it to tlu to proceed 3896 * to network phase. 3897 */ 3898 splx(x); 3899 break; 3900 } 3901 splx(x); 3902 sppp_phase_network(sp); 3903 break; 3904 3905 case CHAP_FAILURE: 3906 if (debug) { 3907 log(LOG_INFO, SPP_FMT "chap failure", 3908 SPP_ARGS(ifp)); 3909 if (len > 4) { 3910 log(-1, ": "); 3911 sppp_print_string((char*)(h + 1), len - 4); 3912 } 3913 log(-1, "\n"); 3914 } else 3915 log(LOG_INFO, SPP_FMT "chap failure\n", 3916 SPP_ARGS(ifp)); 3917 /* await LCP shutdown by authenticator */ 3918 break; 3919 3920 /* response is my authproto */ 3921 case CHAP_RESPONSE: 3922 value = 1 + (u_char*)(h+1); 3923 value_len = value[-1]; 3924 name = value + value_len; 3925 name_len = len - value_len - 5; 3926 if (name_len < 0) { 3927 if (debug) { 3928 log(LOG_DEBUG, 3929 SPP_FMT "chap corrupted response " 3930 "<%s id=0x%x len=%d", 3931 SPP_ARGS(ifp), 3932 sppp_auth_type_name(PPP_CHAP, h->type), 3933 h->ident, ntohs(h->len)); 3934 sppp_print_bytes((u_char*)(h+1), len-4); 3935 log(-1, ">\n"); 3936 } 3937 break; 3938 } 3939 if (h->ident != sp->confid[IDX_CHAP]) { 3940 if (debug) 3941 log(LOG_DEBUG, 3942 SPP_FMT "chap dropping response for old ID " 3943 "(got %d, expected %d)\n", 3944 SPP_ARGS(ifp), 3945 h->ident, sp->confid[IDX_CHAP]); 3946 break; 3947 } 3948 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 3949 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3950 log(LOG_INFO, SPP_FMT "chap response, his name ", 3951 SPP_ARGS(ifp)); 3952 sppp_print_string(name, name_len); 3953 log(-1, " != expected "); 3954 sppp_print_string(sp->hisauth.name, 3955 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 3956 log(-1, "\n"); 3957 } 3958 if (debug) { 3959 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3960 "<%s id=0x%x len=%d name=", 3961 SPP_ARGS(ifp), 3962 sppp_state_name(sp->state[IDX_CHAP]), 3963 sppp_auth_type_name(PPP_CHAP, h->type), 3964 h->ident, ntohs (h->len)); 3965 sppp_print_string((char*)name, name_len); 3966 log(-1, " value-size=%d value=", value_len); 3967 sppp_print_bytes(value, value_len); 3968 log(-1, ">\n"); 3969 } 3970 if (value_len != AUTHKEYLEN) { 3971 if (debug) 3972 log(LOG_DEBUG, 3973 SPP_FMT "chap bad hash value length: " 3974 "%d bytes, should be %d\n", 3975 SPP_ARGS(ifp), value_len, 3976 AUTHKEYLEN); 3977 break; 3978 } 3979 3980 MD5Init(&ctx); 3981 MD5Update(&ctx, &h->ident, 1); 3982 MD5Update(&ctx, sp->hisauth.secret, 3983 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 3984 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 3985 MD5Final(digest, &ctx); 3986 3987#define FAILMSG "Failed..." 3988#define SUCCMSG "Welcome!" 3989 3990 if (value_len != sizeof digest || 3991 bcmp(digest, value, value_len) != 0) { 3992 /* action scn, tld */ 3993 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3994 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3995 0); 3996 chap.tld(sp); 3997 break; 3998 } 3999 /* action sca, perhaps tlu */ 4000 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4001 sp->state[IDX_CHAP] == STATE_OPENED) 4002 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4003 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4004 0); 4005 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4006 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4007 chap.tlu(sp); 4008 } 4009 break; 4010 4011 default: 4012 /* Unknown CHAP packet type -- ignore. */ 4013 if (debug) { 4014 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4015 "<0x%x id=0x%xh len=%d", 4016 SPP_ARGS(ifp), 4017 sppp_state_name(sp->state[IDX_CHAP]), 4018 h->type, h->ident, ntohs(h->len)); 4019 sppp_print_bytes((u_char*)(h+1), len-4); 4020 log(-1, ">\n"); 4021 } 4022 break; 4023 4024 } 4025} 4026 4027static void 4028sppp_chap_init(struct sppp *sp) 4029{ 4030 /* Chap doesn't have STATE_INITIAL at all. */ 4031 sp->state[IDX_CHAP] = STATE_CLOSED; 4032 sp->fail_counter[IDX_CHAP] = 0; 4033 sp->pp_seq[IDX_CHAP] = 0; 4034 sp->pp_rseq[IDX_CHAP] = 0; 4035#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4036 callout_handle_init(&sp->ch[IDX_CHAP]); 4037#endif 4038} 4039 4040static void 4041sppp_chap_open(struct sppp *sp) 4042{ 4043 if (sp->myauth.proto == PPP_CHAP && 4044 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4045 /* we are authenticator for CHAP, start it */ 4046 chap.scr(sp); 4047 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4048 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4049 } 4050 /* nothing to be done if we are peer, await a challenge */ 4051} 4052 4053static void 4054sppp_chap_close(struct sppp *sp) 4055{ 4056 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4057 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4058} 4059 4060static void 4061sppp_chap_TO(void *cookie) 4062{ 4063 struct sppp *sp = (struct sppp *)cookie; 4064 STDDCL; 4065 int s; 4066 4067 s = splimp(); 4068 if (debug) 4069 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4070 SPP_ARGS(ifp), 4071 sppp_state_name(sp->state[IDX_CHAP]), 4072 sp->rst_counter[IDX_CHAP]); 4073 4074 if (--sp->rst_counter[IDX_CHAP] < 0) 4075 /* TO- event */ 4076 switch (sp->state[IDX_CHAP]) { 4077 case STATE_REQ_SENT: 4078 chap.tld(sp); 4079 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4080 break; 4081 } 4082 else 4083 /* TO+ (or TO*) event */ 4084 switch (sp->state[IDX_CHAP]) { 4085 case STATE_OPENED: 4086 /* TO* event */ 4087 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4088 /* fall through */ 4089 case STATE_REQ_SENT: 4090 chap.scr(sp); 4091 /* sppp_cp_change_state() will restart the timer */ 4092 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4093 break; 4094 } 4095 4096 splx(s); 4097} 4098 4099static void 4100sppp_chap_tlu(struct sppp *sp) 4101{ 4102 STDDCL; 4103 int i, x; 4104 4105 i = 0; 4106 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4107 4108 /* 4109 * Some broken CHAP implementations (Conware CoNet, firmware 4110 * 4.0.?) don't want to re-authenticate their CHAP once the 4111 * initial challenge-response exchange has taken place. 4112 * Provide for an option to avoid rechallenges. 4113 */ 4114 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4115 /* 4116 * Compute the re-challenge timeout. This will yield 4117 * a number between 300 and 810 seconds. 4118 */ 4119 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4120 TIMEOUT(chap.TO, (void *)sp, i * hz, sp->ch[IDX_CHAP]); 4121 } 4122 4123 if (debug) { 4124 log(LOG_DEBUG, 4125 SPP_FMT "chap %s, ", 4126 SPP_ARGS(ifp), 4127 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4128 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4129 log(-1, "next re-challenge in %d seconds\n", i); 4130 else 4131 log(-1, "re-challenging supressed\n"); 4132 } 4133 4134 x = splimp(); 4135 /* indicate to LCP that we need to be closed down */ 4136 sp->lcp.protos |= (1 << IDX_CHAP); 4137 4138 if (sp->pp_flags & PP_NEEDAUTH) { 4139 /* 4140 * Remote is authenticator, but his auth proto didn't 4141 * complete yet. Defer the transition to network 4142 * phase. 4143 */ 4144 splx(x); 4145 return; 4146 } 4147 splx(x); 4148 4149 /* 4150 * If we are already in phase network, we are done here. This 4151 * is the case if this is a dummy tlu event after a re-challenge. 4152 */ 4153 if (sp->pp_phase != PHASE_NETWORK) 4154 sppp_phase_network(sp); 4155} 4156 4157static void 4158sppp_chap_tld(struct sppp *sp) 4159{ 4160 STDDCL; 4161 4162 if (debug) 4163 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4164 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 4165 sp->lcp.protos &= ~(1 << IDX_CHAP); 4166 4167 lcp.Close(sp); 4168} 4169 4170static void 4171sppp_chap_scr(struct sppp *sp) 4172{ 4173 u_long *ch, seed; 4174 u_char clen; 4175 4176 /* Compute random challenge. */ 4177 ch = (u_long *)sp->myauth.challenge; 4178#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4179 read_random(&seed, sizeof seed); 4180#else 4181 { 4182 struct timeval tv; 4183 microtime(&tv); 4184 seed = tv.tv_sec ^ tv.tv_usec; 4185 } 4186#endif 4187 ch[0] = seed ^ random(); 4188 ch[1] = seed ^ random(); 4189 ch[2] = seed ^ random(); 4190 ch[3] = seed ^ random(); 4191 clen = AUTHKEYLEN; 4192 4193 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4194 4195 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4196 sizeof clen, (const char *)&clen, 4197 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4198 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4199 sp->myauth.name, 4200 0); 4201} 4202 4203/* 4204 *--------------------------------------------------------------------------* 4205 * * 4206 * The PAP implementation. * 4207 * * 4208 *--------------------------------------------------------------------------* 4209 */ 4210/* 4211 * For PAP, we need to keep a little state also if we are the peer, not the 4212 * authenticator. This is since we don't get a request to authenticate, but 4213 * have to repeatedly authenticate ourself until we got a response (or the 4214 * retry counter is expired). 4215 */ 4216 4217/* 4218 * Handle incoming PAP packets. */ 4219static void 4220sppp_pap_input(struct sppp *sp, struct mbuf *m) 4221{ 4222 STDDCL; 4223 struct lcp_header *h; 4224 int len, x; 4225 u_char *name, *passwd, mlen; 4226 int name_len, passwd_len; 4227 4228 len = m->m_pkthdr.len; 4229 if (len < 5) { 4230 if (debug) 4231 log(LOG_DEBUG, 4232 SPP_FMT "pap invalid packet length: %d bytes\n", 4233 SPP_ARGS(ifp), len); 4234 return; 4235 } 4236 h = mtod (m, struct lcp_header*); 4237 if (len > ntohs (h->len)) 4238 len = ntohs (h->len); 4239 switch (h->type) { 4240 /* PAP request is my authproto */ 4241 case PAP_REQ: 4242 name = 1 + (u_char*)(h+1); 4243 name_len = name[-1]; 4244 passwd = name + name_len + 1; 4245 if (name_len > len - 6 || 4246 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4247 if (debug) { 4248 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4249 "<%s id=0x%x len=%d", 4250 SPP_ARGS(ifp), 4251 sppp_auth_type_name(PPP_PAP, h->type), 4252 h->ident, ntohs(h->len)); 4253 sppp_print_bytes((u_char*)(h+1), len-4); 4254 log(-1, ">\n"); 4255 } 4256 break; 4257 } 4258 if (debug) { 4259 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4260 "<%s id=0x%x len=%d name=", 4261 SPP_ARGS(ifp), 4262 sppp_state_name(sp->state[IDX_PAP]), 4263 sppp_auth_type_name(PPP_PAP, h->type), 4264 h->ident, ntohs(h->len)); 4265 sppp_print_string((char*)name, name_len); 4266 log(-1, " passwd="); 4267 sppp_print_string((char*)passwd, passwd_len); 4268 log(-1, ">\n"); 4269 } 4270 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4271 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4272 bcmp(name, sp->hisauth.name, name_len) != 0 || 4273 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4274 /* action scn, tld */ 4275 mlen = sizeof(FAILMSG) - 1; 4276 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4277 sizeof mlen, (const char *)&mlen, 4278 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4279 0); 4280 pap.tld(sp); 4281 break; 4282 } 4283 /* action sca, perhaps tlu */ 4284 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4285 sp->state[IDX_PAP] == STATE_OPENED) { 4286 mlen = sizeof(SUCCMSG) - 1; 4287 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4288 sizeof mlen, (const char *)&mlen, 4289 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4290 0); 4291 } 4292 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4293 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4294 pap.tlu(sp); 4295 } 4296 break; 4297 4298 /* ack and nak are his authproto */ 4299 case PAP_ACK: 4300 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4301 if (debug) { 4302 log(LOG_DEBUG, SPP_FMT "pap success", 4303 SPP_ARGS(ifp)); 4304 name_len = *((char *)h); 4305 if (len > 5 && name_len) { 4306 log(-1, ": "); 4307 sppp_print_string((char*)(h+1), name_len); 4308 } 4309 log(-1, "\n"); 4310 } 4311 x = splimp(); 4312 sp->pp_flags &= ~PP_NEEDAUTH; 4313 if (sp->myauth.proto == PPP_PAP && 4314 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4315 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4316 /* 4317 * We are authenticator for PAP but didn't 4318 * complete yet. Leave it to tlu to proceed 4319 * to network phase. 4320 */ 4321 splx(x); 4322 break; 4323 } 4324 splx(x); 4325 sppp_phase_network(sp); 4326 break; 4327 4328 case PAP_NAK: 4329 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4330 if (debug) { 4331 log(LOG_INFO, SPP_FMT "pap failure", 4332 SPP_ARGS(ifp)); 4333 name_len = *((char *)h); 4334 if (len > 5 && name_len) { 4335 log(-1, ": "); 4336 sppp_print_string((char*)(h+1), name_len); 4337 } 4338 log(-1, "\n"); 4339 } else 4340 log(LOG_INFO, SPP_FMT "pap failure\n", 4341 SPP_ARGS(ifp)); 4342 /* await LCP shutdown by authenticator */ 4343 break; 4344 4345 default: 4346 /* Unknown PAP packet type -- ignore. */ 4347 if (debug) { 4348 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4349 "<0x%x id=0x%x len=%d", 4350 SPP_ARGS(ifp), 4351 h->type, h->ident, ntohs(h->len)); 4352 sppp_print_bytes((u_char*)(h+1), len-4); 4353 log(-1, ">\n"); 4354 } 4355 break; 4356 4357 } 4358} 4359 4360static void 4361sppp_pap_init(struct sppp *sp) 4362{ 4363 /* PAP doesn't have STATE_INITIAL at all. */ 4364 sp->state[IDX_PAP] = STATE_CLOSED; 4365 sp->fail_counter[IDX_PAP] = 0; 4366 sp->pp_seq[IDX_PAP] = 0; 4367 sp->pp_rseq[IDX_PAP] = 0; 4368#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4369 callout_handle_init(&sp->ch[IDX_PAP]); 4370 callout_handle_init(&sp->pap_my_to_ch); 4371#endif 4372} 4373 4374static void 4375sppp_pap_open(struct sppp *sp) 4376{ 4377 if (sp->hisauth.proto == PPP_PAP && 4378 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4379 /* we are authenticator for PAP, start our timer */ 4380 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4381 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4382 } 4383 if (sp->myauth.proto == PPP_PAP) { 4384 /* we are peer, send a request, and start a timer */ 4385 pap.scr(sp); 4386 TIMEOUT(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout, 4387 sp->pap_my_to_ch); 4388 } 4389} 4390 4391static void 4392sppp_pap_close(struct sppp *sp) 4393{ 4394 if (sp->state[IDX_PAP] != STATE_CLOSED) 4395 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4396} 4397 4398/* 4399 * That's the timeout routine if we are authenticator. Since the 4400 * authenticator is basically passive in PAP, we can't do much here. 4401 */ 4402static void 4403sppp_pap_TO(void *cookie) 4404{ 4405 struct sppp *sp = (struct sppp *)cookie; 4406 STDDCL; 4407 int s; 4408 4409 s = splimp(); 4410 if (debug) 4411 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4412 SPP_ARGS(ifp), 4413 sppp_state_name(sp->state[IDX_PAP]), 4414 sp->rst_counter[IDX_PAP]); 4415 4416 if (--sp->rst_counter[IDX_PAP] < 0) 4417 /* TO- event */ 4418 switch (sp->state[IDX_PAP]) { 4419 case STATE_REQ_SENT: 4420 pap.tld(sp); 4421 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4422 break; 4423 } 4424 else 4425 /* TO+ event, not very much we could do */ 4426 switch (sp->state[IDX_PAP]) { 4427 case STATE_REQ_SENT: 4428 /* sppp_cp_change_state() will restart the timer */ 4429 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4430 break; 4431 } 4432 4433 splx(s); 4434} 4435 4436/* 4437 * That's the timeout handler if we are peer. Since the peer is active, 4438 * we need to retransmit our PAP request since it is apparently lost. 4439 * XXX We should impose a max counter. 4440 */ 4441static void 4442sppp_pap_my_TO(void *cookie) 4443{ 4444 struct sppp *sp = (struct sppp *)cookie; 4445 STDDCL; 4446 4447 if (debug) 4448 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4449 SPP_ARGS(ifp)); 4450 4451 pap.scr(sp); 4452} 4453 4454static void 4455sppp_pap_tlu(struct sppp *sp) 4456{ 4457 STDDCL; 4458 int x; 4459 4460 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4461 4462 if (debug) 4463 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4464 SPP_ARGS(ifp), pap.name); 4465 4466 x = splimp(); 4467 /* indicate to LCP that we need to be closed down */ 4468 sp->lcp.protos |= (1 << IDX_PAP); 4469 4470 if (sp->pp_flags & PP_NEEDAUTH) { 4471 /* 4472 * Remote is authenticator, but his auth proto didn't 4473 * complete yet. Defer the transition to network 4474 * phase. 4475 */ 4476 splx(x); 4477 return; 4478 } 4479 splx(x); 4480 sppp_phase_network(sp); 4481} 4482 4483static void 4484sppp_pap_tld(struct sppp *sp) 4485{ 4486 STDDCL; 4487 4488 if (debug) 4489 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4490 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 4491 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4492 sp->lcp.protos &= ~(1 << IDX_PAP); 4493 4494 lcp.Close(sp); 4495} 4496 4497static void 4498sppp_pap_scr(struct sppp *sp) 4499{ 4500 u_char idlen, pwdlen; 4501 4502 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4503 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4504 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4505 4506 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4507 sizeof idlen, (const char *)&idlen, 4508 (size_t)idlen, sp->myauth.name, 4509 sizeof pwdlen, (const char *)&pwdlen, 4510 (size_t)pwdlen, sp->myauth.secret, 4511 0); 4512} 4513 4514/* 4515 * Random miscellaneous functions. 4516 */ 4517 4518/* 4519 * Send a PAP or CHAP proto packet. 4520 * 4521 * Varadic function, each of the elements for the ellipsis is of type 4522 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4523 * mlen == 0. 4524 * NOTE: never declare variadic functions with types subject to type 4525 * promotion (i.e. u_char). This is asking for big trouble depending 4526 * on the architecture you are on... 4527 */ 4528 4529static void 4530sppp_auth_send(const struct cp *cp, struct sppp *sp, 4531 unsigned int type, unsigned int id, 4532 ...) 4533{ 4534 STDDCL; 4535 struct ppp_header *h; 4536 struct lcp_header *lh; 4537 struct mbuf *m; 4538 u_char *p; 4539 int len; 4540 unsigned int mlen; 4541 const char *msg; 4542 va_list ap; 4543 4544 MGETHDR (m, M_DONTWAIT, MT_DATA); 4545 if (! m) 4546 return; 4547 m->m_pkthdr.rcvif = 0; 4548 4549 h = mtod (m, struct ppp_header*); 4550 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4551 h->control = PPP_UI; /* Unnumbered Info */ 4552 h->protocol = htons(cp->proto); 4553 4554 lh = (struct lcp_header*)(h + 1); 4555 lh->type = type; 4556 lh->ident = id; 4557 p = (u_char*) (lh+1); 4558 4559 va_start(ap, id); 4560 len = 0; 4561 4562 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4563 msg = va_arg(ap, const char *); 4564 len += mlen; 4565 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4566 va_end(ap); 4567 m_freem(m); 4568 return; 4569 } 4570 4571 bcopy(msg, p, mlen); 4572 p += mlen; 4573 } 4574 va_end(ap); 4575 4576 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4577 lh->len = htons (LCP_HEADER_LEN + len); 4578 4579 if (debug) { 4580 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4581 SPP_ARGS(ifp), cp->name, 4582 sppp_auth_type_name(cp->proto, lh->type), 4583 lh->ident, ntohs(lh->len)); 4584 sppp_print_bytes((u_char*) (lh+1), len); 4585 log(-1, ">\n"); 4586 } 4587 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 4588 ifp->if_oerrors++; 4589} 4590 4591/* 4592 * Flush interface queue. 4593 */ 4594static void 4595sppp_qflush(struct ifqueue *ifq) 4596{ 4597 struct mbuf *m, *n; 4598 4599 n = ifq->ifq_head; 4600 while ((m = n)) { 4601 n = m->m_act; 4602 m_freem (m); 4603 } 4604 ifq->ifq_head = 0; 4605 ifq->ifq_tail = 0; 4606 ifq->ifq_len = 0; 4607} 4608 4609/* 4610 * Send keepalive packets, every 10 seconds. 4611 */ 4612static void 4613sppp_keepalive(void *dummy) 4614{ 4615 struct sppp *sp; 4616 int s; 4617 4618 s = splimp(); 4619 for (sp=spppq; sp; sp=sp->pp_next) { 4620 struct ifnet *ifp = &sp->pp_if; 4621 4622 /* Keepalive mode disabled or channel down? */ 4623 if (! (sp->pp_flags & PP_KEEPALIVE) || 4624 ! (ifp->if_flags & IFF_RUNNING)) 4625 continue; 4626 4627 /* No keepalive in PPP mode if LCP not opened yet. */ 4628 if (sp->pp_mode != IFF_CISCO && 4629 sp->pp_phase < PHASE_AUTHENTICATE) 4630 continue; 4631 4632 if (sp->pp_alivecnt == MAXALIVECNT) { 4633 /* No keepalive packets got. Stop the interface. */ 4634 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4635 if_down (ifp); 4636 sppp_qflush (&sp->pp_cpq); 4637 if (sp->pp_mode != IFF_CISCO) { 4638 /* XXX */ 4639 /* Shut down the PPP link. */ 4640 lcp.Down(sp); 4641 /* Initiate negotiation. XXX */ 4642 lcp.Up(sp); 4643 } 4644 } 4645 if (sp->pp_alivecnt <= MAXALIVECNT) 4646 ++sp->pp_alivecnt; 4647 if (sp->pp_mode == IFF_CISCO) 4648 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4649 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4650 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4651 long nmagic = htonl (sp->lcp.magic); 4652 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4653 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4654 sp->lcp.echoid, 4, &nmagic); 4655 } 4656 } 4657 splx(s); 4658 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 4659} 4660 4661/* 4662 * Get both IP addresses. 4663 */ 4664static void 4665sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4666{ 4667 struct ifnet *ifp = &sp->pp_if; 4668 struct ifaddr *ifa; 4669 struct sockaddr_in *si, *sm; 4670 u_long ssrc, ddst; 4671 4672 sm = NULL; 4673 ssrc = ddst = 0L; 4674 /* 4675 * Pick the first AF_INET address from the list, 4676 * aliases don't make any sense on a p2p link anyway. 4677 */ 4678 si = 0; 4679#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4680 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4681#elif defined(__NetBSD__) || defined (__OpenBSD__) 4682 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4683 ifa; 4684 ifa = TAILQ_NEXT(ifa, ifa_list)) 4685#else 4686 for (ifa = ifp->if_addrlist; 4687 ifa; 4688 ifa = ifa->ifa_next) 4689#endif 4690 if (ifa->ifa_addr->sa_family == AF_INET) { 4691 si = (struct sockaddr_in *)ifa->ifa_addr; 4692 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4693 if (si) 4694 break; 4695 } 4696 if (ifa) { 4697 if (si && si->sin_addr.s_addr) { 4698 ssrc = si->sin_addr.s_addr; 4699 if (srcmask) 4700 *srcmask = ntohl(sm->sin_addr.s_addr); 4701 } 4702 4703 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4704 if (si && si->sin_addr.s_addr) 4705 ddst = si->sin_addr.s_addr; 4706 } 4707 4708 if (dst) *dst = ntohl(ddst); 4709 if (src) *src = ntohl(ssrc); 4710} 4711 4712/* 4713 * Set my IP address. Must be called at splimp. 4714 */ 4715static void 4716sppp_set_ip_addr(struct sppp *sp, u_long src) 4717{ 4718 STDDCL; 4719 struct ifaddr *ifa; 4720 struct sockaddr_in *si; 4721 struct in_ifaddr *ia; 4722 4723 /* 4724 * Pick the first AF_INET address from the list, 4725 * aliases don't make any sense on a p2p link anyway. 4726 */ 4727 si = 0; 4728#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4729 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4730#elif defined(__NetBSD__) || defined (__OpenBSD__) 4731 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4732 ifa; 4733 ifa = TAILQ_NEXT(ifa, ifa_list)) 4734#else 4735 for (ifa = ifp->if_addrlist; 4736 ifa; 4737 ifa = ifa->ifa_next) 4738#endif 4739 { 4740 if (ifa->ifa_addr->sa_family == AF_INET) 4741 { 4742 si = (struct sockaddr_in *)ifa->ifa_addr; 4743 if (si) 4744 break; 4745 } 4746 } 4747 4748 if (ifa && si) 4749 { 4750 int error; 4751#if __NetBSD_Version__ >= 103080000 4752 struct sockaddr_in new_sin = *si; 4753 4754 new_sin.sin_addr.s_addr = htonl(src); 4755 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4756 if(debug && error) 4757 { 4758 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4759 " failed, error=%d\n", SPP_ARGS(ifp), error); 4760 } 4761#else 4762 /* delete old route */ 4763 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4764 if(debug && error) 4765 { 4766 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4767 SPP_ARGS(ifp), error); 4768 } 4769 4770 /* set new address */ 4771 si->sin_addr.s_addr = htonl(src); 4772 ia = ifatoia(ifa); 4773 LIST_REMOVE(ia, ia_hash); 4774 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4775 4776 /* add new route */ 4777 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4778 if (debug && error) 4779 { 4780 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4781 SPP_ARGS(ifp), error); 4782 } 4783#endif 4784 } 4785} 4786 4787#ifdef INET6 4788/* 4789 * Get both IPv6 addresses. 4790 */ 4791static void 4792sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4793 struct in6_addr *srcmask) 4794{ 4795 struct ifnet *ifp = &sp->pp_if; 4796 struct ifaddr *ifa; 4797 struct sockaddr_in6 *si, *sm; 4798 struct in6_addr ssrc, ddst; 4799 4800 sm = NULL; 4801 bzero(&ssrc, sizeof(ssrc)); 4802 bzero(&ddst, sizeof(ddst)); 4803 /* 4804 * Pick the first link-local AF_INET6 address from the list, 4805 * aliases don't make any sense on a p2p link anyway. 4806 */ 4807#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4808 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 4809 ifa; 4810 ifa = ifa->ifa_link.tqe_next) 4811#elif defined(__NetBSD__) || defined (__OpenBSD__) 4812 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 4813 ifa; 4814 ifa = ifa->ifa_list.tqe_next) 4815#else 4816 for (ifa = ifp->if_addrlist, si = 0; 4817 ifa; 4818 ifa = ifa->ifa_next) 4819#endif 4820 if (ifa->ifa_addr->sa_family == AF_INET6) { 4821 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4822 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4823 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4824 break; 4825 } 4826 if (ifa) { 4827 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4828 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4829 if (srcmask) { 4830 bcopy(&sm->sin6_addr, srcmask, 4831 sizeof(*srcmask)); 4832 } 4833 } 4834 4835 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4836 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4837 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4838 } 4839 4840 if (dst) 4841 bcopy(&ddst, dst, sizeof(*dst)); 4842 if (src) 4843 bcopy(&ssrc, src, sizeof(*src)); 4844} 4845 4846#ifdef IPV6CP_MYIFID_DYN 4847/* 4848 * Generate random ifid. 4849 */ 4850static void 4851sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4852{ 4853 /* TBD */ 4854} 4855 4856/* 4857 * Set my IPv6 address. Must be called at splimp. 4858 */ 4859static void 4860sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4861{ 4862 STDDCL; 4863 struct ifaddr *ifa; 4864 struct sockaddr_in6 *sin6; 4865 4866 /* 4867 * Pick the first link-local AF_INET6 address from the list, 4868 * aliases don't make any sense on a p2p link anyway. 4869 */ 4870 4871 sin6 = NULL; 4872#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4873 for (ifa = ifp->if_addrhead.tqh_first; 4874 ifa; 4875 ifa = ifa->ifa_link.tqe_next) 4876#elif defined(__NetBSD__) || defined (__OpenBSD__) 4877 for (ifa = ifp->if_addrlist.tqh_first; 4878 ifa; 4879 ifa = ifa->ifa_list.tqe_next) 4880#else 4881 for (ifa = ifp->if_addrlist; ifa; ifa = ifa->ifa_next) 4882#endif 4883 { 4884 if (ifa->ifa_addr->sa_family == AF_INET6) 4885 { 4886 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 4887 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 4888 break; 4889 } 4890 } 4891 4892 if (ifa && sin6) 4893 { 4894 int error; 4895 struct sockaddr_in6 new_sin6 = *sin6; 4896 4897 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 4898 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 4899 if (debug && error) 4900 { 4901 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 4902 " failed, error=%d\n", SPP_ARGS(ifp), error); 4903 } 4904 } 4905} 4906#endif 4907 4908/* 4909 * Suggest a candidate address to be used by peer. 4910 */ 4911static void 4912sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4913{ 4914 struct in6_addr myaddr; 4915 struct timeval tv; 4916 4917 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4918 4919 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4920 microtime(&tv); 4921 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 4922 myaddr.s6_addr[14] ^= 0xff; 4923 myaddr.s6_addr[15] ^= 0xff; 4924 } else { 4925 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 4926 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 4927 } 4928 if (suggest) 4929 bcopy(&myaddr, suggest, sizeof(myaddr)); 4930} 4931#endif /*INET6*/ 4932 4933static int 4934sppp_params(struct sppp *sp, u_long cmd, void *data) 4935{ 4936 u_long subcmd; 4937 struct ifreq *ifr = (struct ifreq *)data; 4938 struct spppreq spr; 4939 4940 /* 4941 * ifr->ifr_data is supposed to point to a struct spppreq. 4942 * Check the cmd word first before attempting to fetch all the 4943 * data. 4944 */ 4945 if ((subcmd = fuword(ifr->ifr_data)) == -1) 4946 return EFAULT; 4947 4948 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0) 4949 return EFAULT; 4950 4951 switch (subcmd) { 4952 case SPPPIOGDEFS: 4953 if (cmd != SIOCGIFGENERIC) 4954 return EINVAL; 4955 /* 4956 * We copy over the entire current state, but clean 4957 * out some of the stuff we don't wanna pass up. 4958 * Remember, SIOCGIFGENERIC is unprotected, and can be 4959 * called by any user. No need to ever get PAP or 4960 * CHAP secrets back to userland anyway. 4961 */ 4962 spr.defs.pp_phase = sp->pp_phase; 4963 spr.defs.enable_vj = sp->enable_vj; 4964 spr.defs.lcp = sp->lcp; 4965 spr.defs.ipcp = sp->ipcp; 4966 spr.defs.ipv6cp = sp->ipv6cp; 4967 spr.defs.myauth = sp->myauth; 4968 spr.defs.hisauth = sp->hisauth; 4969 bzero(spr.defs.myauth.secret, AUTHKEYLEN); 4970 bzero(spr.defs.myauth.challenge, AUTHKEYLEN); 4971 bzero(spr.defs.hisauth.secret, AUTHKEYLEN); 4972 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN); 4973 /* 4974 * Fixup the LCP timeout value to milliseconds so 4975 * spppcontrol doesn't need to bother about the value 4976 * of "hz". We do the reverse calculation below when 4977 * setting it. 4978 */ 4979 spr.defs.lcp.timeout = sp->lcp.timeout * 1000 / hz; 4980 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr); 4981 4982 case SPPPIOSDEFS: 4983 if (cmd != SIOCSIFGENERIC) 4984 return EINVAL; 4985 /* 4986 * We have a very specific idea of which fields we 4987 * allow being passed back from userland, so to not 4988 * clobber our current state. For one, we only allow 4989 * setting anything if LCP is in dead or establish 4990 * phase. Once the authentication negotiations 4991 * started, the authentication settings must not be 4992 * changed again. (The administrator can force an 4993 * ifconfig down in order to get LCP back into dead 4994 * phase.) 4995 * 4996 * Also, we only allow for authentication parameters to be 4997 * specified. 4998 * 4999 * XXX Should allow to set or clear pp_flags. 5000 * 5001 * Finally, if the respective authentication protocol to 5002 * be used is set differently than 0, but the secret is 5003 * passed as all zeros, we don't trash the existing secret. 5004 * This allows an administrator to change the system name 5005 * only without clobbering the secret (which he didn't get 5006 * back in a previous SPPPIOGDEFS call). However, the 5007 * secrets are cleared if the authentication protocol is 5008 * reset to 0. */ 5009 if (sp->pp_phase != PHASE_DEAD && 5010 sp->pp_phase != PHASE_ESTABLISH) 5011 return EBUSY; 5012 5013 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP && 5014 spr.defs.myauth.proto != PPP_CHAP) || 5015 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP && 5016 spr.defs.hisauth.proto != PPP_CHAP)) 5017 return EINVAL; 5018 5019 if (spr.defs.myauth.proto == 0) 5020 /* resetting myauth */ 5021 bzero(&sp->myauth, sizeof sp->myauth); 5022 else { 5023 /* setting/changing myauth */ 5024 sp->myauth.proto = spr.defs.myauth.proto; 5025 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 5026 if (spr.defs.myauth.secret[0] != '\0') 5027 bcopy(spr.defs.myauth.secret, sp->myauth.secret, 5028 AUTHKEYLEN); 5029 } 5030 if (spr.defs.hisauth.proto == 0) 5031 /* resetting hisauth */ 5032 bzero(&sp->hisauth, sizeof sp->hisauth); 5033 else { 5034 /* setting/changing hisauth */ 5035 sp->hisauth.proto = spr.defs.hisauth.proto; 5036 sp->hisauth.flags = spr.defs.hisauth.flags; 5037 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5038 if (spr.defs.hisauth.secret[0] != '\0') 5039 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret, 5040 AUTHKEYLEN); 5041 } 5042 /* set LCP restart timer timeout */ 5043 if (spr.defs.lcp.timeout != 0) 5044 sp->lcp.timeout = spr.defs.lcp.timeout * hz / 1000; 5045 /* set VJ enable flag */ 5046 sp->enable_vj = spr.defs.enable_vj; 5047 break; 5048 5049 default: 5050 return EINVAL; 5051 } 5052 5053 return 0; 5054} 5055 5056static void 5057sppp_phase_network(struct sppp *sp) 5058{ 5059 STDDCL; 5060 int i; 5061 u_long mask; 5062 5063 sp->pp_phase = PHASE_NETWORK; 5064 5065 if (debug) 5066 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5067 sppp_phase_name(sp->pp_phase)); 5068 5069 /* Notify NCPs now. */ 5070 for (i = 0; i < IDX_COUNT; i++) 5071 if ((cps[i])->flags & CP_NCP) 5072 (cps[i])->Open(sp); 5073 5074 /* Send Up events to all NCPs. */ 5075 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5076 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 5077 (cps[i])->Up(sp); 5078 5079 /* if no NCP is starting, all this was in vain, close down */ 5080 sppp_lcp_check_and_close(sp); 5081} 5082 5083 5084static const char * 5085sppp_cp_type_name(u_char type) 5086{ 5087 static char buf[12]; 5088 switch (type) { 5089 case CONF_REQ: return "conf-req"; 5090 case CONF_ACK: return "conf-ack"; 5091 case CONF_NAK: return "conf-nak"; 5092 case CONF_REJ: return "conf-rej"; 5093 case TERM_REQ: return "term-req"; 5094 case TERM_ACK: return "term-ack"; 5095 case CODE_REJ: return "code-rej"; 5096 case PROTO_REJ: return "proto-rej"; 5097 case ECHO_REQ: return "echo-req"; 5098 case ECHO_REPLY: return "echo-reply"; 5099 case DISC_REQ: return "discard-req"; 5100 } 5101 snprintf (buf, sizeof(buf), "cp/0x%x", type); 5102 return buf; 5103} 5104 5105static const char * 5106sppp_auth_type_name(u_short proto, u_char type) 5107{ 5108 static char buf[12]; 5109 switch (proto) { 5110 case PPP_CHAP: 5111 switch (type) { 5112 case CHAP_CHALLENGE: return "challenge"; 5113 case CHAP_RESPONSE: return "response"; 5114 case CHAP_SUCCESS: return "success"; 5115 case CHAP_FAILURE: return "failure"; 5116 } 5117 case PPP_PAP: 5118 switch (type) { 5119 case PAP_REQ: return "req"; 5120 case PAP_ACK: return "ack"; 5121 case PAP_NAK: return "nak"; 5122 } 5123 } 5124 snprintf (buf, sizeof(buf), "auth/0x%x", type); 5125 return buf; 5126} 5127 5128static const char * 5129sppp_lcp_opt_name(u_char opt) 5130{ 5131 static char buf[12]; 5132 switch (opt) { 5133 case LCP_OPT_MRU: return "mru"; 5134 case LCP_OPT_ASYNC_MAP: return "async-map"; 5135 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5136 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5137 case LCP_OPT_MAGIC: return "magic"; 5138 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5139 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5140 } 5141 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 5142 return buf; 5143} 5144 5145static const char * 5146sppp_ipcp_opt_name(u_char opt) 5147{ 5148 static char buf[12]; 5149 switch (opt) { 5150 case IPCP_OPT_ADDRESSES: return "addresses"; 5151 case IPCP_OPT_COMPRESSION: return "compression"; 5152 case IPCP_OPT_ADDRESS: return "address"; 5153 } 5154 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 5155 return buf; 5156} 5157 5158#ifdef INET6 5159static const char * 5160sppp_ipv6cp_opt_name(u_char opt) 5161{ 5162 static char buf[12]; 5163 switch (opt) { 5164 case IPV6CP_OPT_IFID: return "ifid"; 5165 case IPV6CP_OPT_COMPRESSION: return "compression"; 5166 } 5167 sprintf (buf, "0x%x", opt); 5168 return buf; 5169} 5170#endif 5171 5172static const char * 5173sppp_state_name(int state) 5174{ 5175 switch (state) { 5176 case STATE_INITIAL: return "initial"; 5177 case STATE_STARTING: return "starting"; 5178 case STATE_CLOSED: return "closed"; 5179 case STATE_STOPPED: return "stopped"; 5180 case STATE_CLOSING: return "closing"; 5181 case STATE_STOPPING: return "stopping"; 5182 case STATE_REQ_SENT: return "req-sent"; 5183 case STATE_ACK_RCVD: return "ack-rcvd"; 5184 case STATE_ACK_SENT: return "ack-sent"; 5185 case STATE_OPENED: return "opened"; 5186 } 5187 return "illegal"; 5188} 5189 5190static const char * 5191sppp_phase_name(enum ppp_phase phase) 5192{ 5193 switch (phase) { 5194 case PHASE_DEAD: return "dead"; 5195 case PHASE_ESTABLISH: return "establish"; 5196 case PHASE_TERMINATE: return "terminate"; 5197 case PHASE_AUTHENTICATE: return "authenticate"; 5198 case PHASE_NETWORK: return "network"; 5199 } 5200 return "illegal"; 5201} 5202 5203static const char * 5204sppp_proto_name(u_short proto) 5205{ 5206 static char buf[12]; 5207 switch (proto) { 5208 case PPP_LCP: return "lcp"; 5209 case PPP_IPCP: return "ipcp"; 5210 case PPP_PAP: return "pap"; 5211 case PPP_CHAP: return "chap"; 5212 case PPP_IPV6CP: return "ipv6cp"; 5213 } 5214 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5215 return buf; 5216} 5217 5218static void 5219sppp_print_bytes(const u_char *p, u_short len) 5220{ 5221 if (len) 5222 log(-1, " %*D", len, p, "-"); 5223} 5224 5225static void 5226sppp_print_string(const char *p, u_short len) 5227{ 5228 u_char c; 5229 5230 while (len-- > 0) { 5231 c = *p++; 5232 /* 5233 * Print only ASCII chars directly. RFC 1994 recommends 5234 * using only them, but we don't rely on it. */ 5235 if (c < ' ' || c > '~') 5236 log(-1, "\\x%x", c); 5237 else 5238 log(-1, "%c", c); 5239 } 5240} 5241 5242static const char * 5243sppp_dotted_quad(u_long addr) 5244{ 5245 static char s[16]; 5246 sprintf(s, "%d.%d.%d.%d", 5247 (int)((addr >> 24) & 0xff), 5248 (int)((addr >> 16) & 0xff), 5249 (int)((addr >> 8) & 0xff), 5250 (int)(addr & 0xff)); 5251 return s; 5252} 5253 5254static int 5255sppp_strnlen(u_char *p, int max) 5256{ 5257 int len; 5258 5259 for (len = 0; len < max && *p; ++p) 5260 ++len; 5261 return len; 5262} 5263 5264/* a dummy, used to drop uninteresting events */ 5265static void 5266sppp_null(struct sppp *unused) 5267{ 5268 /* do just nothing */ 5269} 5270