if_spppsubr.c revision 88508
150724Scg/* 250724Scg * Synchronous PPP/Cisco link level subroutines. 350724Scg * Keepalive protocol implemented in both Cisco and PPP modes. 450724Scg * 550724Scg * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 650724Scg * Author: Serge Vakulenko, <vak@cronyx.ru> 750724Scg * 850724Scg * Heavily revamped to conform to RFC 1661. 950724Scg * Copyright (C) 1997, Joerg Wunsch. 1050724Scg * 1150724Scg * This software is distributed with NO WARRANTIES, not even the implied 1250724Scg * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 1350724Scg * 1450724Scg * Authors grant any other persons or organisations permission to use 1550724Scg * or modify this software as long as this message is kept with the software, 1650724Scg * all derivative works or modified versions. 1750724Scg * 1850724Scg * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 1950724Scg * 2050724Scg * $FreeBSD: head/sys/net/if_spppsubr.c 88508 2001-12-26 22:36:59Z joerg $ 2150724Scg */ 2250724Scg 2350724Scg#include <sys/param.h> 2450724Scg 2550724Scg#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2650724Scg#include "opt_inet.h" 2753465Scg#include "opt_inet6.h" 2853465Scg#include "opt_ipx.h" 2953465Scg#endif 3050724Scg 3150724Scg#ifdef NetBSD1_3 3250724Scg# if NetBSD1_3 > 6 3350724Scg# include "opt_inet.h" 3482180Scg# include "opt_inet6.h" 3582180Scg# include "opt_iso.h" 3650724Scg# endif 3750724Scg#endif 3854459Scg 3954459Scg#include <sys/systm.h> 4082490Sgreid#include <sys/kernel.h> 4182363Sgreid#include <sys/module.h> 4254459Scg#include <sys/sockio.h> 4384658Scg#include <sys/socket.h> 4454459Scg#include <sys/syslog.h> 4554459Scg#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4654459Scg#include <sys/random.h> 4750724Scg#endif 4850724Scg#include <sys/malloc.h> 4950724Scg#include <sys/mbuf.h> 5050724Scg 5150724Scg#if defined (__OpenBSD__) 5250724Scg#include <sys/md5k.h> 5350724Scg#else 5450724Scg#include <sys/md5.h> 5550724Scg#endif 5686870Siwasaki 5771503Scg#include <net/if.h> 5874763Scg#include <net/netisr.h> 5974763Scg#include <net/if_types.h> 6050724Scg#include <net/route.h> 6150724Scg 6250724Scg#if defined (__NetBSD__) || defined (__OpenBSD__) 6370325Scg#include <machine/cpu.h> /* XXX for softnet */ 6470325Scg#endif 6586870Siwasaki 6674763Scg#include <machine/stdarg.h> 6774763Scg 6870325Scg#ifdef INET 6970325Scg#include <netinet/in.h> 7070325Scg#include <netinet/in_systm.h> 7150724Scg#include <netinet/in_var.h> 7250724Scg#include <netinet/ip.h> 7350724Scg#include <netinet/tcp.h> 74105100Scognet# if defined (__FreeBSD__) || defined (__OpenBSD__) 7550724Scg# include <netinet/if_ether.h> 7650724Scg# else 7750724Scg# include <net/ethertypes.h> 7850724Scg# endif 7950724Scg#else 8050724Scg# error Huh? sppp without INET? 8184658Scg#endif 8284658Scg 8350724Scg#ifdef IPX 8474763Scg#include <netipx/ipx.h> 8574763Scg#include <netipx/ipx_if.h> 8650724Scg#endif 8784658Scg 8884658Scg#ifdef NS 8950724Scg#include <netns/ns.h> 9070325Scg#include <netns/ns_if.h> 9150724Scg#endif 9250724Scg 9350724Scg#include <net/if_sppp.h> 9450724Scg 9564881Scg#if defined(__FreeBSD__) && __FreeBSD__ >= 3 9664881Scg# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg, handle) 9764881Scg# define TIMEOUT(fun, arg1, arg2, handle) handle = timeout(fun, arg1, arg2) 9864881Scg# define IOCTL_CMD_T u_long 9964881Scg#else 10064881Scg# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg) 10164881Scg# define TIMEOUT(fun, arg1, arg2, handle) timeout(fun, arg1, arg2) 10264881Scg# define IOCTL_CMD_T int 10364881Scg#endif 10464881Scg 10550724Scg#define MAXALIVECNT 3 /* max. alive packets */ 10674763Scg 10750724Scg/* 10864881Scg * Interface flags that can be set in an ifconfig command. 10964881Scg * 11064881Scg * Setting link0 will make the link passive, i.e. it will be marked 11164881Scg * as being administrative openable, but won't be opened to begin 11264881Scg * with. Incoming calls will be answered, or subsequent calls with 11364881Scg * -link1 will cause the administrative open of the LCP layer. 11464881Scg * 11564881Scg * Setting link1 will cause the link to auto-dial only as packets 11664881Scg * arrive to be sent. 11764881Scg * 11850724Scg * Setting IFF_DEBUG will syslog the option negotiation and state 11974763Scg * transitions at level kern.debug. Note: all logs consistently look 12050724Scg * like 12150724Scg * 12250724Scg * <if-name><unit>: <proto-name> <additional info...> 12350724Scg * 12450724Scg * with <if-name><unit> being something like "bppp0", and <proto-name> 12550724Scg * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 12650724Scg */ 12750724Scg 12850724Scg#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 12950724Scg#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 13050724Scg#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 13150724Scg 13250724Scg#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 13350724Scg#define PPP_UI 0x03 /* Unnumbered Information */ 13450724Scg#define PPP_IP 0x0021 /* Internet Protocol */ 13550724Scg#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 13650724Scg#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 13750724Scg#define PPP_IPX 0x002b /* Novell IPX Protocol */ 13850724Scg#define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 13950724Scg#define PPP_LCP 0xc021 /* Link Control Protocol */ 14050724Scg#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 14150724Scg#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 14250724Scg#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 14350724Scg#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 14450724Scg 14550724Scg#define CONF_REQ 1 /* PPP configure request */ 14650724Scg#define CONF_ACK 2 /* PPP configure acknowledge */ 14750724Scg#define CONF_NAK 3 /* PPP configure negative ack */ 14850724Scg#define CONF_REJ 4 /* PPP configure reject */ 14950724Scg#define TERM_REQ 5 /* PPP terminate request */ 15050724Scg#define TERM_ACK 6 /* PPP terminate acknowledge */ 15150724Scg#define CODE_REJ 7 /* PPP code reject */ 15250724Scg#define PROTO_REJ 8 /* PPP protocol reject */ 15350724Scg#define ECHO_REQ 9 /* PPP echo request */ 15450724Scg#define ECHO_REPLY 10 /* PPP echo reply */ 15550724Scg#define DISC_REQ 11 /* PPP discard request */ 15670134Scg 15750724Scg#define LCP_OPT_MRU 1 /* maximum receive unit */ 15850724Scg#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 15970134Scg#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 16070134Scg#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 16150724Scg#define LCP_OPT_MAGIC 5 /* magic number */ 16250724Scg#define LCP_OPT_RESERVED 6 /* reserved */ 16350724Scg#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 16450724Scg#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 16550724Scg 16682363Sgreid#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 16782363Sgreid#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 16882363Sgreid#define IPCP_OPT_ADDRESS 3 /* local IP address */ 16982363Sgreid 17082490Sgreid#define IPV6CP_OPT_IFID 1 /* interface identifier */ 171105100Scognet#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 172105100Scognet 173105100Scognet#define PAP_REQ 1 /* PAP name/password request */ 174105100Scognet#define PAP_ACK 2 /* PAP acknowledge */ 175105100Scognet#define PAP_NAK 3 /* PAP fail */ 176105100Scognet 17750724Scg#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 17850724Scg#define CHAP_RESPONSE 2 /* CHAP challenge response */ 17950724Scg#define CHAP_SUCCESS 3 /* CHAP response ok */ 18050724Scg#define CHAP_FAILURE 4 /* CHAP response failed */ 18150724Scg 18250724Scg#define CHAP_MD5 5 /* hash algorithm - MD5 */ 18350724Scg 18450724Scg#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 18550724Scg#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 18650724Scg#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 18770134Scg#define CISCO_ADDR_REQ 0 /* Cisco address request */ 18850724Scg#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 18950724Scg#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 19050724Scg 19174763Scg/* states are named and numbered according to RFC 1661 */ 192105100Scognet#define STATE_INITIAL 0 193105100Scognet#define STATE_STARTING 1 194105100Scognet#define STATE_CLOSED 2 195105100Scognet#define STATE_STOPPED 3 196105100Scognet#define STATE_CLOSING 4 197105100Scognet#define STATE_STOPPING 5 198105100Scognet#define STATE_REQ_SENT 6 199105100Scognet#define STATE_ACK_RCVD 7 200105100Scognet#define STATE_ACK_SENT 8 201105100Scognet#define STATE_OPENED 9 202105100Scognet 203105100Scognetstruct ppp_header { 204105100Scognet u_char address; 205105100Scognet u_char control; 206105100Scognet u_short protocol; 207105100Scognet}; 208105100Scognet#define PPP_HEADER_LEN sizeof (struct ppp_header) 209105100Scognet 210105100Scognetstruct lcp_header { 21174763Scg u_char type; 21250724Scg u_char ident; 21350724Scg u_short len; 21450724Scg}; 21550724Scg#define LCP_HEADER_LEN sizeof (struct lcp_header) 21670134Scg 21770134Scgstruct cisco_packet { 21850724Scg u_long type; 21950724Scg u_long par1; 22050724Scg u_long par2; 22150724Scg u_short rel; 22250724Scg u_short time0; 22382363Sgreid u_short time1; 22482363Sgreid}; 22582363Sgreid#define CISCO_PACKET_LEN 18 22682363Sgreid 22782490Sgreid/* 22850724Scg * We follow the spelling and capitalization of RFC 1661 here, to make 22950724Scg * it easier comparing with the standard. Please refer to this RFC in 23050724Scg * case you can't make sense out of these abbreviation; it will also 23150724Scg * explain the semantics related to the various events and actions. 23250724Scg */ 23350724Scgstruct cp { 23450724Scg u_short proto; /* PPP control protocol number */ 23550724Scg u_char protoidx; /* index into state table in struct sppp */ 23650724Scg u_char flags; 23750724Scg#define CP_LCP 0x01 /* this is the LCP */ 23870134Scg#define CP_AUTH 0x02 /* this is an authentication protocol */ 23950724Scg#define CP_NCP 0x04 /* this is a NCP */ 24050724Scg#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 24150724Scg const char *name; /* name of this control protocol */ 24250724Scg /* event handlers */ 24350724Scg void (*Up)(struct sppp *sp); 24450724Scg void (*Down)(struct sppp *sp); 24550724Scg void (*Open)(struct sppp *sp); 24674763Scg void (*Close)(struct sppp *sp); 247105100Scognet void (*TO)(void *sp); 248105100Scognet int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 249105100Scognet void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 250105100Scognet void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 251105100Scognet /* actions */ 252105100Scognet void (*tlu)(struct sppp *sp); 253105100Scognet void (*tld)(struct sppp *sp); 254105100Scognet void (*tls)(struct sppp *sp); 255105100Scognet void (*tlf)(struct sppp *sp); 256105100Scognet void (*scr)(struct sppp *sp); 257105100Scognet}; 258105100Scognet 259105100Scognetstatic struct sppp *spppq; 260105100Scognet#if defined(__FreeBSD__) && __FreeBSD__ >= 3 261105100Scognetstatic struct callout_handle keepalive_ch; 262105100Scognet#endif 263105100Scognet 264105100Scognet#if defined(__FreeBSD__) && __FreeBSD__ >= 3 265105100Scognet#define SPP_FMT "%s%d: " 266105100Scognet#define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 26750724Scg#else 26850724Scg#define SPP_FMT "%s: " 26950724Scg#define SPP_ARGS(ifp) (ifp)->if_xname 27074763Scg#endif 27150724Scg 27270134Scg/* 27350724Scg * The following disgusting hack gets around the problem that IP TOS 27450724Scg * can't be set yet. We want to put "interactive" traffic on a high 27570134Scg * priority queue. To decide if traffic is interactive, we check that 27670134Scg * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 27770134Scg * 27870134Scg * XXX is this really still necessary? - joerg - 27970134Scg */ 28070134Scgstatic u_short interactive_ports[8] = { 28170134Scg 0, 513, 0, 0, 28270134Scg 0, 21, 0, 23, 28350724Scg}; 28450724Scg#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 28571503Scg 28650724Scg/* almost every function needs these */ 28770325Scg#define STDDCL \ 28850724Scg struct ifnet *ifp = &sp->pp_if; \ 28970325Scg int debug = ifp->if_flags & IFF_DEBUG 29070325Scg 29170325Scgstatic int sppp_output(struct ifnet *ifp, struct mbuf *m, 29270325Scg struct sockaddr *dst, struct rtentry *rt); 29370325Scg 29470325Scgstatic void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 29550724Scgstatic void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 29671503Scg 29750724Scgstatic void sppp_cp_input(const struct cp *cp, struct sppp *sp, 29850724Scg struct mbuf *m); 29970325Scgstatic void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 30050724Scg u_char ident, u_short len, void *data); 30170325Scg/* static void sppp_cp_timeout(void *arg); */ 30270325Scgstatic void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 30370325Scg int newstate); 30470325Scgstatic void sppp_auth_send(const struct cp *cp, 30570325Scg struct sppp *sp, unsigned int type, unsigned int id, 30670325Scg ...); 30750724Scg 30850724Scgstatic void sppp_up_event(const struct cp *cp, struct sppp *sp); 30950724Scgstatic void sppp_down_event(const struct cp *cp, struct sppp *sp); 31070325Scgstatic void sppp_open_event(const struct cp *cp, struct sppp *sp); 31150724Scgstatic void sppp_close_event(const struct cp *cp, struct sppp *sp); 31270325Scgstatic void sppp_to_event(const struct cp *cp, struct sppp *sp); 31370325Scg 31470325Scgstatic void sppp_null(struct sppp *sp); 31570325Scg 31674763Scgstatic void sppp_lcp_init(struct sppp *sp); 31770325Scgstatic void sppp_lcp_up(struct sppp *sp); 31870325Scgstatic void sppp_lcp_down(struct sppp *sp); 31970325Scgstatic void sppp_lcp_open(struct sppp *sp); 32070325Scgstatic void sppp_lcp_close(struct sppp *sp); 32170325Scgstatic void sppp_lcp_TO(void *sp); 32270325Scgstatic int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 32370325Scgstatic void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 32470325Scgstatic void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 32570325Scgstatic void sppp_lcp_tlu(struct sppp *sp); 32650724Scgstatic void sppp_lcp_tld(struct sppp *sp); 32774763Scgstatic void sppp_lcp_tls(struct sppp *sp); 32850724Scgstatic void sppp_lcp_tlf(struct sppp *sp); 32950724Scgstatic void sppp_lcp_scr(struct sppp *sp); 33050724Scgstatic void sppp_lcp_check_and_close(struct sppp *sp); 33150724Scgstatic int sppp_ncp_check(struct sppp *sp); 33250724Scg 33370325Scgstatic void sppp_ipcp_init(struct sppp *sp); 33450724Scgstatic void sppp_ipcp_up(struct sppp *sp); 33570325Scgstatic void sppp_ipcp_down(struct sppp *sp); 33670325Scgstatic void sppp_ipcp_open(struct sppp *sp); 33770325Scgstatic void sppp_ipcp_close(struct sppp *sp); 33870325Scgstatic void sppp_ipcp_TO(void *sp); 33950724Scgstatic int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 34070325Scgstatic void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 34150724Scgstatic void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 34250724Scgstatic void sppp_ipcp_tlu(struct sppp *sp); 34350724Scgstatic void sppp_ipcp_tld(struct sppp *sp); 34450724Scgstatic void sppp_ipcp_tls(struct sppp *sp); 34570325Scgstatic void sppp_ipcp_tlf(struct sppp *sp); 34650724Scgstatic void sppp_ipcp_scr(struct sppp *sp); 34770325Scg 34870325Scgstatic void sppp_ipv6cp_init(struct sppp *sp); 34970325Scgstatic void sppp_ipv6cp_up(struct sppp *sp); 35070325Scgstatic void sppp_ipv6cp_down(struct sppp *sp); 35170325Scgstatic void sppp_ipv6cp_open(struct sppp *sp); 35270325Scgstatic void sppp_ipv6cp_close(struct sppp *sp); 35350724Scgstatic void sppp_ipv6cp_TO(void *sp); 35450724Scgstatic int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 35550724Scgstatic void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 35670325Scgstatic void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 35750724Scgstatic void sppp_ipv6cp_tlu(struct sppp *sp); 35870325Scgstatic void sppp_ipv6cp_tld(struct sppp *sp); 35970325Scgstatic void sppp_ipv6cp_tls(struct sppp *sp); 36070325Scgstatic void sppp_ipv6cp_tlf(struct sppp *sp); 36170325Scgstatic void sppp_ipv6cp_scr(struct sppp *sp); 36270325Scg 36370325Scgstatic void sppp_pap_input(struct sppp *sp, struct mbuf *m); 36450724Scgstatic void sppp_pap_init(struct sppp *sp); 36550724Scgstatic void sppp_pap_open(struct sppp *sp); 36650724Scgstatic void sppp_pap_close(struct sppp *sp); 36770325Scgstatic void sppp_pap_TO(void *sp); 36850724Scgstatic void sppp_pap_my_TO(void *sp); 36970325Scgstatic void sppp_pap_tlu(struct sppp *sp); 37050724Scgstatic void sppp_pap_tld(struct sppp *sp); 37150724Scgstatic void sppp_pap_scr(struct sppp *sp); 37250724Scg 37350724Scgstatic void sppp_chap_input(struct sppp *sp, struct mbuf *m); 37450724Scgstatic void sppp_chap_init(struct sppp *sp); 37550724Scgstatic void sppp_chap_open(struct sppp *sp); 37650724Scgstatic void sppp_chap_close(struct sppp *sp); 37750724Scgstatic void sppp_chap_TO(void *sp); 37850724Scgstatic void sppp_chap_tlu(struct sppp *sp); 37950724Scgstatic void sppp_chap_tld(struct sppp *sp); 38050724Scgstatic void sppp_chap_scr(struct sppp *sp); 38150724Scg 38250724Scgstatic const char *sppp_auth_type_name(u_short proto, u_char type); 38350724Scgstatic const char *sppp_cp_type_name(u_char type); 38450724Scgstatic const char *sppp_dotted_quad(u_long addr); 38550724Scgstatic const char *sppp_ipcp_opt_name(u_char opt); 38671503Scg#ifdef INET6 38771503Scgstatic const char *sppp_ipv6cp_opt_name(u_char opt); 38850724Scg#endif 38950724Scgstatic const char *sppp_lcp_opt_name(u_char opt); 39082363Sgreidstatic const char *sppp_phase_name(enum ppp_phase phase); 39182490Sgreidstatic const char *sppp_proto_name(u_short proto); 39250724Scgstatic const char *sppp_state_name(int state); 39350724Scgstatic int sppp_params(struct sppp *sp, u_long cmd, void *data); 39450724Scgstatic int sppp_strnlen(u_char *p, int max); 39550724Scgstatic void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 39650724Scg u_long *srcmask); 39750724Scgstatic void sppp_keepalive(void *dummy); 39850724Scgstatic void sppp_phase_network(struct sppp *sp); 39950724Scgstatic void sppp_print_bytes(const u_char *p, u_short len); 40050724Scgstatic void sppp_print_string(const char *p, u_short len); 40150724Scgstatic void sppp_qflush(struct ifqueue *ifq); 40282183Scgstatic void sppp_set_ip_addr(struct sppp *sp, u_long src); 40350724Scg#ifdef INET6 40450724Scgstatic void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 40550724Scg struct in6_addr *dst, struct in6_addr *srcmask); 40674763Scg#ifdef IPV6CP_MYIFID_DYN 40770325Scgstatic void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 40850724Scgstatic void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 40950724Scg#endif 41074763Scgstatic void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 41150724Scg#endif 41250724Scg 41350724Scg/* our control protocol descriptors */ 41470325Scgstatic const struct cp lcp = { 41550724Scg PPP_LCP, IDX_LCP, CP_LCP, "lcp", 41670325Scg sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 41750724Scg sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 41870325Scg sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 41974763Scg sppp_lcp_scr 42070325Scg}; 42170325Scg 42270325Scgstatic const struct cp ipcp = { 42374763Scg PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp", 42470325Scg sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 42570325Scg sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 42650724Scg sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 42750724Scg sppp_ipcp_scr 42850724Scg}; 42950724Scg 43050724Scgstatic const struct cp ipv6cp = { 43150724Scg PPP_IPV6CP, IDX_IPV6CP, 43250724Scg#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 43350724Scg CP_NCP, 43450724Scg#else 43550724Scg 0, 43682363Sgreid#endif 43782490Sgreid "ipv6cp", 43850724Scg sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 43950724Scg sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 44050724Scg sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 44150724Scg sppp_ipv6cp_scr 44250724Scg}; 44350724Scg 44450724Scgstatic const struct cp pap = { 44550724Scg PPP_PAP, IDX_PAP, CP_AUTH, "pap", 44650724Scg sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 44750724Scg sppp_pap_TO, 0, 0, 0, 44870325Scg sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 44950724Scg sppp_pap_scr 45050724Scg}; 45150724Scg 45250724Scgstatic const struct cp chap = { 45350724Scg PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 45450724Scg sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 45571503Scg sppp_chap_TO, 0, 0, 0, 45671503Scg sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 45771503Scg sppp_chap_scr 45871503Scg}; 45971503Scg 46071503Scgstatic const struct cp *cps[IDX_COUNT] = { 46171503Scg &lcp, /* IDX_LCP */ 46271503Scg &ipcp, /* IDX_IPCP */ 46371503Scg &ipv6cp, /* IDX_IPV6CP */ 46471503Scg &pap, /* IDX_PAP */ 46571503Scg &chap, /* IDX_CHAP */ 46671503Scg}; 46771503Scg 46870134Scgstatic int 46950724Scgsppp_modevent(module_t mod, int type, void *unused) 47050724Scg{ 47170134Scg switch (type) { 47274763Scg case MOD_LOAD: 47350724Scg break; 47450724Scg case MOD_UNLOAD: 47550724Scg return EACCES; 47670325Scg break; 47770325Scg default: 47870325Scg break; 47970325Scg } 48050724Scg return 0; 48150724Scg} 48250724Scgstatic moduledata_t spppmod = { 48384658Scg "sppp", 48470325Scg sppp_modevent, 48570325Scg 0 48670325Scg}; 48750724ScgMODULE_VERSION(sppp, 1); 48850724ScgDECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 48950724Scg 49070325Scg/* 49150724Scg * Exported functions, comprising our interface to the lower layer. 49250724Scg */ 49370325Scg 49470325Scg/* 49570325Scg * Process the received packet. 49670325Scg */ 49770325Scgvoid 49870325Scgsppp_input(struct ifnet *ifp, struct mbuf *m) 49970325Scg{ 50070325Scg struct ppp_header *h; 50170325Scg struct ifqueue *inq = 0; 50270325Scg struct sppp *sp = (struct sppp *)ifp; 50370325Scg int debug = ifp->if_flags & IFF_DEBUG; 50470325Scg 50570325Scg if (ifp->if_flags & IFF_UP) 50670325Scg /* Count received bytes, add FCS and one flag */ 50770325Scg ifp->if_ibytes += m->m_pkthdr.len + 3; 50870325Scg 50970325Scg if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 51070325Scg /* Too small packet, drop it. */ 51170325Scg if (debug) 51270325Scg log(LOG_DEBUG, 51370325Scg SPP_FMT "input packet is too small, %d bytes\n", 51470325Scg SPP_ARGS(ifp), m->m_pkthdr.len); 51570325Scg drop: 51670325Scg ++ifp->if_ierrors; 51770325Scg ++ifp->if_iqdrops; 51870325Scg m_freem (m); 51970325Scg return; 52070325Scg } 52170325Scg 52270325Scg /* Get PPP header. */ 52370325Scg h = mtod (m, struct ppp_header*); 52470325Scg m_adj (m, PPP_HEADER_LEN); 52570325Scg 52671503Scg switch (h->address) { 52771503Scg case PPP_ALLSTATIONS: 52871503Scg if (h->control != PPP_UI) 52971503Scg goto invalid; 53070291Scg if (sp->pp_mode == IFF_CISCO) { 53150724Scg if (debug) 53270325Scg log(LOG_DEBUG, 53371503Scg SPP_FMT "PPP packet in Cisco mode " 53450724Scg "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 53550724Scg SPP_ARGS(ifp), 53650724Scg h->address, h->control, ntohs(h->protocol)); 53771503Scg goto drop; 53870325Scg } 53970325Scg switch (ntohs (h->protocol)) { 54070325Scg default: 54186870Siwasaki if (debug) 54286870Siwasaki log(LOG_DEBUG, 54370325Scg SPP_FMT "rejecting protocol " 54486870Siwasaki "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 54586870Siwasaki SPP_ARGS(ifp), 54670325Scg h->address, h->control, ntohs(h->protocol)); 54750724Scg if (sp->state[IDX_LCP] == STATE_OPENED) 54850724Scg sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 54950724Scg ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 55050724Scg &h->protocol); 55170325Scg ++ifp->if_noproto; 55250724Scg goto drop; 55350724Scg case PPP_LCP: 55470325Scg sppp_cp_input(&lcp, sp, m); 55570325Scg m_freem (m); 55670325Scg return; 55770325Scg case PPP_PAP: 55870325Scg if (sp->pp_phase >= PHASE_AUTHENTICATE) 55974763Scg sppp_pap_input(sp, m); 56070325Scg m_freem (m); 56170325Scg return; 56270325Scg case PPP_CHAP: 56370325Scg if (sp->pp_phase >= PHASE_AUTHENTICATE) 56470325Scg sppp_chap_input(sp, m); 56570325Scg m_freem (m); 56670325Scg return; 56770325Scg#ifdef INET 56870325Scg case PPP_IPCP: 56970325Scg if (sp->pp_phase == PHASE_NETWORK) 57070325Scg sppp_cp_input(&ipcp, sp, m); 57170325Scg m_freem (m); 57270325Scg return; 57370325Scg case PPP_IP: 57470325Scg if (sp->state[IDX_IPCP] == STATE_OPENED) { 57570325Scg schednetisr (NETISR_IP); 57670325Scg inq = &ipintrq; 57770325Scg } 57870325Scg break; 57970325Scg#endif 58070325Scg#ifdef INET6 58174763Scg case PPP_IPV6CP: 58270325Scg if (sp->pp_phase == PHASE_NETWORK) 58370325Scg sppp_cp_input(&ipv6cp, sp, m); 58470325Scg m_freem (m); 58570325Scg return; 58670325Scg 58770325Scg case PPP_IPV6: 58870325Scg if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 58970325Scg schednetisr (NETISR_IPV6); 59070325Scg inq = &ip6intrq; 59184658Scg } 59270325Scg break; 59370325Scg#endif 59470325Scg#ifdef IPX 59570325Scg case PPP_IPX: 59670325Scg /* IPX IPXCP not implemented yet */ 59770325Scg if (sp->pp_phase == PHASE_NETWORK) { 59870325Scg schednetisr (NETISR_IPX); 59970325Scg inq = &ipxintrq; 60070325Scg } 60150724Scg break; 60270325Scg#endif 60350724Scg#ifdef NS 60470325Scg case PPP_XNS: 60570325Scg /* XNS IDPCP not implemented yet */ 60671503Scg if (sp->pp_phase == PHASE_NETWORK) { 60770325Scg schednetisr (NETISR_NS); 60870325Scg inq = &nsintrq; 60970325Scg } 61070325Scg break; 61170325Scg#endif 61250724Scg } 61370325Scg break; 61450724Scg case CISCO_MULTICAST: 61550724Scg case CISCO_UNICAST: 61650724Scg /* Don't check the control field here (RFC 1547). */ 61770325Scg if (sp->pp_mode != IFF_CISCO) { 61850724Scg if (debug) 61970325Scg log(LOG_DEBUG, 62050724Scg SPP_FMT "Cisco packet in PPP mode " 62150724Scg "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 62270325Scg SPP_ARGS(ifp), 62370325Scg h->address, h->control, ntohs(h->protocol)); 62470325Scg goto drop; 62570325Scg } 62670325Scg switch (ntohs (h->protocol)) { 62770325Scg default: 62850724Scg ++ifp->if_noproto; 62950724Scg goto invalid; 63050724Scg case CISCO_KEEPALIVE: 63170325Scg sppp_cisco_input ((struct sppp*) ifp, m); 63250724Scg m_freem (m); 63370325Scg return; 63470325Scg#ifdef INET 63570325Scg case ETHERTYPE_IP: 63670325Scg schednetisr (NETISR_IP); 63770325Scg inq = &ipintrq; 63850724Scg break; 63950724Scg#endif 64050724Scg#ifdef INET6 64170325Scg case ETHERTYPE_IPV6: 64250724Scg schednetisr (NETISR_IPV6); 64370325Scg inq = &ip6intrq; 64450724Scg break; 64570325Scg#endif 64659323Scg#ifdef IPX 64760958Scg case ETHERTYPE_IPX: 64860958Scg schednetisr (NETISR_IPX); 64960958Scg inq = &ipxintrq; 65070325Scg break; 65170325Scg#endif 65270325Scg#ifdef NS 65370325Scg case ETHERTYPE_NS: 65470325Scg schednetisr (NETISR_NS); 65570325Scg inq = &nsintrq; 65670325Scg break; 65770325Scg#endif 65870325Scg } 65970325Scg break; 66070325Scg default: /* Invalid PPP packet. */ 66170325Scg invalid: 66286870Siwasaki if (debug) 66386870Siwasaki log(LOG_DEBUG, 66470325Scg SPP_FMT "invalid input packet " 66586870Siwasaki "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 66686870Siwasaki SPP_ARGS(ifp), 66770325Scg h->address, h->control, ntohs(h->protocol)); 66870325Scg goto drop; 66950724Scg } 67050724Scg 67150724Scg if (! (ifp->if_flags & IFF_UP) || ! inq) 67250724Scg goto drop; 67370325Scg 67450724Scg /* Check queue. */ 67570325Scg if (! IF_HANDOFF(inq, m, NULL)) { 67650724Scg if (debug) 67760958Scg log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 67870325Scg SPP_ARGS(ifp)); 67970325Scg goto drop; 68050724Scg } 68150724Scg} 68274763Scg 68370325Scg/* 68450724Scg * Enqueue transmit packet. 68570325Scg */ 68650724Scgstatic int 68750724Scgsppp_output(struct ifnet *ifp, struct mbuf *m, 68870325Scg struct sockaddr *dst, struct rtentry *rt) 68970325Scg{ 69070325Scg struct sppp *sp = (struct sppp*) ifp; 69170325Scg struct ppp_header *h; 69270325Scg struct ifqueue *ifq = NULL; 69370325Scg int s, rv = 0; 69470325Scg int debug = ifp->if_flags & IFF_DEBUG; 69570325Scg 69670134Scg s = splimp(); 69770134Scg 69870325Scg if ((ifp->if_flags & IFF_UP) == 0 || 69970134Scg (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 70070134Scg m_freem (m); 70150724Scg splx (s); 70250724Scg return (ENETDOWN); 70350724Scg } 70450724Scg 70550724Scg if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 70650724Scg /* 70770325Scg * Interface is not yet running, but auto-dial. Need 70871503Scg * to start LCP for it. 70971503Scg */ 71050724Scg ifp->if_flags |= IFF_RUNNING; 71170325Scg splx(s); 71250724Scg lcp.Open(sp); 71371503Scg s = splimp(); 71471503Scg } 71571503Scg 71671503Scg ifq = &ifp->if_snd; 71771503Scg#ifdef INET 71871503Scg if (dst->sa_family == AF_INET) { 71971503Scg /* XXX Check mbuf length here? */ 72071503Scg struct ip *ip = mtod (m, struct ip*); 72171503Scg struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 72271503Scg 72371503Scg /* 72471503Scg * When using dynamic local IP address assignment by using 72571503Scg * 0.0.0.0 as a local address, the first TCP session will 72671503Scg * not connect because the local TCP checksum is computed 72771503Scg * using 0.0.0.0 which will later become our real IP address 72874763Scg * so the TCP checksum computed at the remote end will 72971503Scg * become invalid. So we 73071503Scg * - don't let packets with src ip addr 0 thru 73171503Scg * - we flag TCP packets with src ip 0 as an error 73271503Scg */ 73371503Scg 73471503Scg if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 73571503Scg { 73671503Scg m_freem(m); 73771503Scg splx(s); 73850724Scg if(ip->ip_p == IPPROTO_TCP) 73950724Scg return(EADDRNOTAVAIL); 74050724Scg else 74150724Scg return(0); 74250724Scg } 74350724Scg 74450724Scg /* 74550724Scg * Put low delay, telnet, rlogin and ftp control packets 74650724Scg * in front of the queue. 74750724Scg */ 74850724Scg if (_IF_QFULL(&sp->pp_fastq)) 74950724Scg ; 75050724Scg else if (ip->ip_tos & IPTOS_LOWDELAY) 75150724Scg ifq = &sp->pp_fastq; 75250724Scg else if (m->m_len < sizeof *ip + sizeof *tcp) 75350724Scg ; 75450724Scg else if (ip->ip_p != IPPROTO_TCP) 75550724Scg ; 75682363Sgreid else if (INTERACTIVE (ntohs (tcp->th_sport))) 75782363Sgreid ifq = &sp->pp_fastq; 75882363Sgreid else if (INTERACTIVE (ntohs (tcp->th_dport))) 75982363Sgreid ifq = &sp->pp_fastq; 76082363Sgreid } 76182363Sgreid#endif 76250724Scg 76382363Sgreid#ifdef INET6 76482363Sgreid if (dst->sa_family == AF_INET6) { 76582363Sgreid /* XXX do something tricky here? */ 76682363Sgreid } 76782363Sgreid#endif 76850724Scg 76950724Scg /* 77050724Scg * Prepend general data packet PPP header. For now, IP only. 77150724Scg */ 77250724Scg M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 77350724Scg if (! m) { 77450724Scg if (debug) 77550724Scg log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 77682363Sgreid SPP_ARGS(ifp)); 77782363Sgreid ++ifp->if_oerrors; 77882363Sgreid splx (s); 77982363Sgreid return (ENOBUFS); 78082490Sgreid } 78182490Sgreid /* 78282490Sgreid * May want to check size of packet 78382363Sgreid * (albeit due to the implementation it's always enough) 78482363Sgreid */ 78582363Sgreid h = mtod (m, struct ppp_header*); 78682363Sgreid if (sp->pp_mode == IFF_CISCO) { 78782363Sgreid h->address = CISCO_UNICAST; /* unicast address */ 78882363Sgreid h->control = 0; 78950724Scg } else { 79050724Scg h->address = PPP_ALLSTATIONS; /* broadcast address */ 79150724Scg h->control = PPP_UI; /* Unnumbered Info */ 79250724Scg } 79350724Scg 79450724Scg switch (dst->sa_family) { 79550724Scg#ifdef INET 79650724Scg case AF_INET: /* Internet Protocol */ 79750724Scg if (sp->pp_mode == IFF_CISCO) 79850724Scg h->protocol = htons (ETHERTYPE_IP); 79966012Scg else { 80050724Scg /* 80150724Scg * Don't choke with an ENETDOWN early. It's 80250724Scg * possible that we just started dialing out, 80378564Sgreid * so don't drop the packet immediately. If 80450724Scg * we notice that we run out of buffer space 80550724Scg * below, we will however remember that we are 80650724Scg * not ready to carry IP packets, and return 80750724Scg * ENETDOWN, as opposed to ENOBUFS. 80850724Scg */ 809105100Scognet h->protocol = htons(PPP_IP); 81093816Sjhb if (sp->state[IDX_IPCP] != STATE_OPENED) 81150724Scg rv = ENETDOWN; 81250724Scg } 81350724Scg break; 81450724Scg#endif 81550724Scg#ifdef INET6 81650724Scg case AF_INET6: /* Internet Protocol */ 81770325Scg if (sp->pp_mode == IFF_CISCO) 81870325Scg h->protocol = htons (ETHERTYPE_IPV6); 81970325Scg else { 82070325Scg /* 82170325Scg * Don't choke with an ENETDOWN early. It's 82270325Scg * possible that we just started dialing out, 82370325Scg * so don't drop the packet immediately. If 82450724Scg * we notice that we run out of buffer space 82550724Scg * below, we will however remember that we are 82650724Scg * not ready to carry IP packets, and return 82750724Scg * ENETDOWN, as opposed to ENOBUFS. 82884658Scg */ 82984658Scg h->protocol = htons(PPP_IPV6); 83050724Scg if (sp->state[IDX_IPV6CP] != STATE_OPENED) 83150724Scg rv = ENETDOWN; 83250724Scg } 83350724Scg break; 83486870Siwasaki#endif 83550724Scg#ifdef NS 83670134Scg case AF_NS: /* Xerox NS Protocol */ 83750724Scg h->protocol = htons (sp->pp_mode == IFF_CISCO ? 83870134Scg ETHERTYPE_NS : PPP_XNS); 83950724Scg break; 84050724Scg#endif 84150724Scg#ifdef IPX 84250724Scg case AF_IPX: /* Novell IPX Protocol */ 84374763Scg h->protocol = htons (sp->pp_mode == IFF_CISCO ? 84450724Scg ETHERTYPE_IPX : PPP_IPX); 84550724Scg break; 84650724Scg#endif 84750724Scg default: 84850724Scg m_freem (m); 84950724Scg ++ifp->if_oerrors; 85050724Scg splx (s); 85150724Scg return (EAFNOSUPPORT); 85284658Scg } 85350724Scg 85450724Scg /* 85550724Scg * Queue message on interface, and start output if interface 85650724Scg * not yet active. Also adjust output byte count. 85750724Scg * The packet length includes header, FCS and 1 flag, 85870325Scg * according to RFC 1333. 85950724Scg */ 86050724Scg if (! IF_HANDOFF_ADJ(ifq, m, ifp, 3)) { 86150724Scg ++ifp->if_oerrors; 86270325Scg return (rv? rv: ENOBUFS); 86350724Scg } 86470325Scg return (0); 86550724Scg} 86650724Scg 86750724Scgvoid 86850724Scgsppp_attach(struct ifnet *ifp) 86950724Scg{ 87065644Scg struct sppp *sp = (struct sppp*) ifp; 87150724Scg 87250724Scg /* Initialize keepalive handler. */ 87350724Scg if (! spppq) 87465644Scg TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 87574763Scg 87650724Scg /* Insert new entry into the keepalive list. */ 87750724Scg sp->pp_next = spppq; 87850724Scg spppq = sp; 87950724Scg 88065644Scg sp->pp_if.if_mtu = PP_MTU; 88165644Scg sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 88265644Scg sp->pp_if.if_type = IFT_PPP; 88365644Scg sp->pp_if.if_output = sppp_output; 88465644Scg#if 0 88565644Scg sp->pp_flags = PP_KEEPALIVE; 88665644Scg#endif 88765644Scg sp->pp_if.if_snd.ifq_maxlen = 32; 88865644Scg sp->pp_fastq.ifq_maxlen = 32; 88965644Scg sp->pp_cpq.ifq_maxlen = 20; 89065644Scg sp->pp_loopcnt = 0; 89165644Scg sp->pp_alivecnt = 0; 89265644Scg bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 89365644Scg bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 89465644Scg sp->pp_phase = PHASE_DEAD; 89574763Scg sp->pp_up = lcp.Up; 89665644Scg sp->pp_down = lcp.Down; 89765644Scg mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", MTX_DEF); 89865644Scg mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", MTX_DEF); 89965644Scg 90065644Scg sppp_lcp_init(sp); 90186870Siwasaki sppp_ipcp_init(sp); 90286870Siwasaki sppp_ipv6cp_init(sp); 90386870Siwasaki sppp_pap_init(sp); 90486870Siwasaki sppp_chap_init(sp); 90586870Siwasaki} 90686870Siwasaki 90786870Siwasakivoid 90886870Siwasakisppp_detach(struct ifnet *ifp) 90986870Siwasaki{ 91086870Siwasaki struct sppp **q, *p, *sp = (struct sppp*) ifp; 91186870Siwasaki int i; 91286870Siwasaki 91386870Siwasaki /* Remove the entry from the keepalive list. */ 91486870Siwasaki for (q = &spppq; (p = *q); q = &p->pp_next) 91586870Siwasaki if (p == sp) { 91686870Siwasaki *q = p->pp_next; 91786870Siwasaki break; 91886870Siwasaki } 91986870Siwasaki 92086870Siwasaki /* Stop keepalive handler. */ 92186870Siwasaki if (! spppq) 92286870Siwasaki UNTIMEOUT(sppp_keepalive, 0, keepalive_ch); 92386870Siwasaki 92486870Siwasaki for (i = 0; i < IDX_COUNT; i++) 92586870Siwasaki UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]); 92686870Siwasaki UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 92786870Siwasaki mtx_destroy(&sp->pp_cpq.ifq_mtx); 92886870Siwasaki mtx_destroy(&sp->pp_fastq.ifq_mtx); 92986870Siwasaki} 93086870Siwasaki 93186870Siwasaki/* 93286870Siwasaki * Flush the interface output queue. 93386870Siwasaki */ 93486870Siwasakivoid 93586870Siwasakisppp_flush(struct ifnet *ifp) 93686870Siwasaki{ 93786870Siwasaki struct sppp *sp = (struct sppp*) ifp; 93886870Siwasaki 93986870Siwasaki sppp_qflush (&sp->pp_if.if_snd); 94086870Siwasaki sppp_qflush (&sp->pp_fastq); 94186870Siwasaki sppp_qflush (&sp->pp_cpq); 94286870Siwasaki} 94386870Siwasaki 94486870Siwasaki/* 94586870Siwasaki * Check if the output queue is empty. 94686870Siwasaki */ 94786870Siwasakiint 94886870Siwasakisppp_isempty(struct ifnet *ifp) 94986870Siwasaki{ 95086870Siwasaki struct sppp *sp = (struct sppp*) ifp; 95186870Siwasaki int empty, s; 95286870Siwasaki 95386870Siwasaki s = splimp(); 95486870Siwasaki empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 95550724Scg !sp->pp_if.if_snd.ifq_head; 95650724Scg splx(s); 95750724Scg return (empty); 95850724Scg} 95965644Scg 96086870Siwasaki/* 96186870Siwasaki * Get next packet to send. 96250724Scg */ 96350724Scgstruct mbuf * 96450724Scgsppp_dequeue(struct ifnet *ifp) 96550724Scg{ 96650724Scg struct sppp *sp = (struct sppp*) ifp; 96750724Scg struct mbuf *m; 96882180Scg int s; 96950724Scg 97050724Scg s = splimp(); 97162483Scg /* 97262483Scg * Process only the control protocol queue until we have at 97362483Scg * least one NCP open. 974 * 975 * Do always serve all three queues in Cisco mode. 976 */ 977 IF_DEQUEUE(&sp->pp_cpq, m); 978 if (m == NULL && 979 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO)) { 980 IF_DEQUEUE(&sp->pp_fastq, m); 981 if (m == NULL) 982 IF_DEQUEUE (&sp->pp_if.if_snd, m); 983 } 984 splx(s); 985 return m; 986} 987 988/* 989 * Pick the next packet, do not remove it from the queue. 990 */ 991struct mbuf * 992sppp_pick(struct ifnet *ifp) 993{ 994 struct sppp *sp = (struct sppp*)ifp; 995 struct mbuf *m; 996 int s; 997 998 s= splimp (); 999 1000 m = sp->pp_cpq.ifq_head; 1001 if (m == NULL && 1002 (sp->pp_phase == PHASE_NETWORK || sp->pp_mode == IFF_CISCO)) 1003 if ((m = sp->pp_fastq.ifq_head) == NULL) 1004 m = sp->pp_if.if_snd.ifq_head; 1005 splx (s); 1006 return (m); 1007} 1008 1009/* 1010 * Process an ioctl request. Called on low priority level. 1011 */ 1012int 1013sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1014{ 1015 struct ifreq *ifr = (struct ifreq*) data; 1016 struct sppp *sp = (struct sppp*) ifp; 1017 int s, rv, going_up, going_down, newmode; 1018 1019 s = splimp(); 1020 rv = 0; 1021 switch (cmd) { 1022 case SIOCAIFADDR: 1023 case SIOCSIFDSTADDR: 1024 break; 1025 1026 case SIOCSIFADDR: 1027 /* set the interface "up" when assigning an IP address */ 1028 ifp->if_flags |= IFF_UP; 1029 /* fall through... */ 1030 1031 case SIOCSIFFLAGS: 1032 going_up = ifp->if_flags & IFF_UP && 1033 (ifp->if_flags & IFF_RUNNING) == 0; 1034 going_down = (ifp->if_flags & IFF_UP) == 0 && 1035 ifp->if_flags & IFF_RUNNING; 1036 1037 newmode = ifp->if_flags & IFF_PASSIVE; 1038 if (!newmode) 1039 newmode = ifp->if_flags & IFF_AUTO; 1040 if (!newmode) 1041 newmode = ifp->if_flags & IFF_CISCO; 1042 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1043 ifp->if_flags |= newmode; 1044 1045 if (newmode != sp->pp_mode) { 1046 going_down = 1; 1047 if (!going_up) 1048 going_up = ifp->if_flags & IFF_RUNNING; 1049 } 1050 1051 if (going_down) { 1052 if (sp->pp_mode != IFF_CISCO) 1053 lcp.Close(sp); 1054 else if (sp->pp_tlf) 1055 (sp->pp_tlf)(sp); 1056 sppp_flush(ifp); 1057 ifp->if_flags &= ~IFF_RUNNING; 1058 sp->pp_mode = newmode; 1059 } 1060 1061 if (going_up) { 1062 if (sp->pp_mode != IFF_CISCO) 1063 lcp.Close(sp); 1064 sp->pp_mode = newmode; 1065 if (sp->pp_mode == 0) { 1066 ifp->if_flags |= IFF_RUNNING; 1067 lcp.Open(sp); 1068 } 1069 if (sp->pp_mode == IFF_CISCO) { 1070 if (sp->pp_tls) 1071 (sp->pp_tls)(sp); 1072 ifp->if_flags |= IFF_RUNNING; 1073 } 1074 } 1075 1076 break; 1077 1078#ifdef SIOCSIFMTU 1079#ifndef ifr_mtu 1080#define ifr_mtu ifr_metric 1081#endif 1082 case SIOCSIFMTU: 1083 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1084 return (EINVAL); 1085 ifp->if_mtu = ifr->ifr_mtu; 1086 break; 1087#endif 1088#ifdef SLIOCSETMTU 1089 case SLIOCSETMTU: 1090 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1091 return (EINVAL); 1092 ifp->if_mtu = *(short*)data; 1093 break; 1094#endif 1095#ifdef SIOCGIFMTU 1096 case SIOCGIFMTU: 1097 ifr->ifr_mtu = ifp->if_mtu; 1098 break; 1099#endif 1100#ifdef SLIOCGETMTU 1101 case SLIOCGETMTU: 1102 *(short*)data = ifp->if_mtu; 1103 break; 1104#endif 1105 case SIOCADDMULTI: 1106 case SIOCDELMULTI: 1107 break; 1108 1109 case SIOCGIFGENERIC: 1110 case SIOCSIFGENERIC: 1111 rv = sppp_params(sp, cmd, data); 1112 break; 1113 1114 default: 1115 rv = ENOTTY; 1116 } 1117 splx(s); 1118 return rv; 1119} 1120 1121/* 1122 * Cisco framing implementation. 1123 */ 1124 1125/* 1126 * Handle incoming Cisco keepalive protocol packets. 1127 */ 1128static void 1129sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1130{ 1131 STDDCL; 1132 struct cisco_packet *h; 1133 u_long me, mymask; 1134 1135 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1136 if (debug) 1137 log(LOG_DEBUG, 1138 SPP_FMT "cisco invalid packet length: %d bytes\n", 1139 SPP_ARGS(ifp), m->m_pkthdr.len); 1140 return; 1141 } 1142 h = mtod (m, struct cisco_packet*); 1143 if (debug) 1144 log(LOG_DEBUG, 1145 SPP_FMT "cisco input: %d bytes " 1146 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1147 SPP_ARGS(ifp), m->m_pkthdr.len, 1148 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1149 (u_int)h->time0, (u_int)h->time1); 1150 switch (ntohl (h->type)) { 1151 default: 1152 if (debug) 1153 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1154 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1155 break; 1156 case CISCO_ADDR_REPLY: 1157 /* Reply on address request, ignore */ 1158 break; 1159 case CISCO_KEEPALIVE_REQ: 1160 sp->pp_alivecnt = 0; 1161 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1162 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1163 /* Local and remote sequence numbers are equal. 1164 * Probably, the line is in loopback mode. */ 1165 if (sp->pp_loopcnt >= MAXALIVECNT) { 1166 printf (SPP_FMT "loopback\n", 1167 SPP_ARGS(ifp)); 1168 sp->pp_loopcnt = 0; 1169 if (ifp->if_flags & IFF_UP) { 1170 if_down (ifp); 1171 sppp_qflush (&sp->pp_cpq); 1172 } 1173 } 1174 ++sp->pp_loopcnt; 1175 1176 /* Generate new local sequence number */ 1177#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1178 sp->pp_seq[IDX_LCP] = random(); 1179#else 1180 sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec; 1181#endif 1182 break; 1183 } 1184 sp->pp_loopcnt = 0; 1185 if (! (ifp->if_flags & IFF_UP) && 1186 (ifp->if_flags & IFF_RUNNING)) { 1187 if_up(ifp); 1188 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1189 } 1190 break; 1191 case CISCO_ADDR_REQ: 1192 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1193 if (me != 0L) 1194 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1195 break; 1196 } 1197} 1198 1199/* 1200 * Send Cisco keepalive packet. 1201 */ 1202static void 1203sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1204{ 1205 STDDCL; 1206 struct ppp_header *h; 1207 struct cisco_packet *ch; 1208 struct mbuf *m; 1209#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1210 struct timeval tv; 1211#else 1212 u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1213#endif 1214 1215#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1216 getmicrouptime(&tv); 1217#endif 1218 1219 MGETHDR (m, M_DONTWAIT, MT_DATA); 1220 if (! m) 1221 return; 1222 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1223 m->m_pkthdr.rcvif = 0; 1224 1225 h = mtod (m, struct ppp_header*); 1226 h->address = CISCO_MULTICAST; 1227 h->control = 0; 1228 h->protocol = htons (CISCO_KEEPALIVE); 1229 1230 ch = (struct cisco_packet*) (h + 1); 1231 ch->type = htonl (type); 1232 ch->par1 = htonl (par1); 1233 ch->par2 = htonl (par2); 1234 ch->rel = -1; 1235 1236#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1237 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1238 ch->time1 = htons ((u_short) tv.tv_sec); 1239#else 1240 ch->time0 = htons ((u_short) (t >> 16)); 1241 ch->time1 = htons ((u_short) t); 1242#endif 1243 1244 if (debug) 1245 log(LOG_DEBUG, 1246 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1247 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1248 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1249 1250 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1251 ifp->if_oerrors++; 1252} 1253 1254/* 1255 * PPP protocol implementation. 1256 */ 1257 1258/* 1259 * Send PPP control protocol packet. 1260 */ 1261static void 1262sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1263 u_char ident, u_short len, void *data) 1264{ 1265 STDDCL; 1266 struct ppp_header *h; 1267 struct lcp_header *lh; 1268 struct mbuf *m; 1269 1270 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1271 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1272 MGETHDR (m, M_DONTWAIT, MT_DATA); 1273 if (! m) 1274 return; 1275 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1276 m->m_pkthdr.rcvif = 0; 1277 1278 h = mtod (m, struct ppp_header*); 1279 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1280 h->control = PPP_UI; /* Unnumbered Info */ 1281 h->protocol = htons (proto); /* Link Control Protocol */ 1282 1283 lh = (struct lcp_header*) (h + 1); 1284 lh->type = type; 1285 lh->ident = ident; 1286 lh->len = htons (LCP_HEADER_LEN + len); 1287 if (len) 1288 bcopy (data, lh+1, len); 1289 1290 if (debug) { 1291 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1292 SPP_ARGS(ifp), 1293 sppp_proto_name(proto), 1294 sppp_cp_type_name (lh->type), lh->ident, 1295 ntohs (lh->len)); 1296 sppp_print_bytes ((u_char*) (lh+1), len); 1297 log(-1, ">\n"); 1298 } 1299 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1300 ifp->if_oerrors++; 1301} 1302 1303/* 1304 * Handle incoming PPP control protocol packets. 1305 */ 1306static void 1307sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1308{ 1309 STDDCL; 1310 struct lcp_header *h; 1311 int len = m->m_pkthdr.len; 1312 int rv; 1313 u_char *p; 1314 1315 if (len < 4) { 1316 if (debug) 1317 log(LOG_DEBUG, 1318 SPP_FMT "%s invalid packet length: %d bytes\n", 1319 SPP_ARGS(ifp), cp->name, len); 1320 return; 1321 } 1322 h = mtod (m, struct lcp_header*); 1323 if (debug) { 1324 log(LOG_DEBUG, 1325 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1326 SPP_ARGS(ifp), cp->name, 1327 sppp_state_name(sp->state[cp->protoidx]), 1328 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1329 sppp_print_bytes ((u_char*) (h+1), len-4); 1330 log(-1, ">\n"); 1331 } 1332 if (len > ntohs (h->len)) 1333 len = ntohs (h->len); 1334 p = (u_char *)(h + 1); 1335 switch (h->type) { 1336 case CONF_REQ: 1337 if (len < 4) { 1338 if (debug) 1339 log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1340 SPP_ARGS(ifp), cp->name, 1341 len); 1342 ++ifp->if_ierrors; 1343 break; 1344 } 1345 /* handle states where RCR doesn't get a SCA/SCN */ 1346 switch (sp->state[cp->protoidx]) { 1347 case STATE_CLOSING: 1348 case STATE_STOPPING: 1349 return; 1350 case STATE_CLOSED: 1351 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1352 0, 0); 1353 return; 1354 } 1355 rv = (cp->RCR)(sp, h, len); 1356 switch (sp->state[cp->protoidx]) { 1357 case STATE_OPENED: 1358 (cp->tld)(sp); 1359 (cp->scr)(sp); 1360 /* fall through... */ 1361 case STATE_ACK_SENT: 1362 case STATE_REQ_SENT: 1363 /* 1364 * sppp_cp_change_state() have the side effect of 1365 * restarting the timeouts. We want to avoid that 1366 * if the state don't change, otherwise we won't 1367 * ever timeout and resend a configuration request 1368 * that got lost. 1369 */ 1370 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1371 STATE_REQ_SENT)) 1372 break; 1373 sppp_cp_change_state(cp, sp, rv? 1374 STATE_ACK_SENT: STATE_REQ_SENT); 1375 break; 1376 case STATE_STOPPED: 1377 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1378 (cp->scr)(sp); 1379 sppp_cp_change_state(cp, sp, rv? 1380 STATE_ACK_SENT: STATE_REQ_SENT); 1381 break; 1382 case STATE_ACK_RCVD: 1383 if (rv) { 1384 sppp_cp_change_state(cp, sp, STATE_OPENED); 1385 if (debug) 1386 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1387 SPP_ARGS(ifp), 1388 cp->name); 1389 (cp->tlu)(sp); 1390 } else 1391 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1392 break; 1393 default: 1394 printf(SPP_FMT "%s illegal %s in state %s\n", 1395 SPP_ARGS(ifp), cp->name, 1396 sppp_cp_type_name(h->type), 1397 sppp_state_name(sp->state[cp->protoidx])); 1398 ++ifp->if_ierrors; 1399 } 1400 break; 1401 case CONF_ACK: 1402 if (h->ident != sp->confid[cp->protoidx]) { 1403 if (debug) 1404 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1405 SPP_ARGS(ifp), cp->name, 1406 h->ident, sp->confid[cp->protoidx]); 1407 ++ifp->if_ierrors; 1408 break; 1409 } 1410 switch (sp->state[cp->protoidx]) { 1411 case STATE_CLOSED: 1412 case STATE_STOPPED: 1413 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1414 break; 1415 case STATE_CLOSING: 1416 case STATE_STOPPING: 1417 break; 1418 case STATE_REQ_SENT: 1419 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1420 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1421 break; 1422 case STATE_OPENED: 1423 (cp->tld)(sp); 1424 /* fall through */ 1425 case STATE_ACK_RCVD: 1426 (cp->scr)(sp); 1427 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1428 break; 1429 case STATE_ACK_SENT: 1430 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1431 sppp_cp_change_state(cp, sp, STATE_OPENED); 1432 if (debug) 1433 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1434 SPP_ARGS(ifp), cp->name); 1435 (cp->tlu)(sp); 1436 break; 1437 default: 1438 printf(SPP_FMT "%s illegal %s in state %s\n", 1439 SPP_ARGS(ifp), cp->name, 1440 sppp_cp_type_name(h->type), 1441 sppp_state_name(sp->state[cp->protoidx])); 1442 ++ifp->if_ierrors; 1443 } 1444 break; 1445 case CONF_NAK: 1446 case CONF_REJ: 1447 if (h->ident != sp->confid[cp->protoidx]) { 1448 if (debug) 1449 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1450 SPP_ARGS(ifp), cp->name, 1451 h->ident, sp->confid[cp->protoidx]); 1452 ++ifp->if_ierrors; 1453 break; 1454 } 1455 if (h->type == CONF_NAK) 1456 (cp->RCN_nak)(sp, h, len); 1457 else /* CONF_REJ */ 1458 (cp->RCN_rej)(sp, h, len); 1459 1460 switch (sp->state[cp->protoidx]) { 1461 case STATE_CLOSED: 1462 case STATE_STOPPED: 1463 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1464 break; 1465 case STATE_REQ_SENT: 1466 case STATE_ACK_SENT: 1467 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1468 /* 1469 * Slow things down a bit if we think we might be 1470 * in loopback. Depend on the timeout to send the 1471 * next configuration request. 1472 */ 1473 if (sp->pp_loopcnt) 1474 break; 1475 (cp->scr)(sp); 1476 break; 1477 case STATE_OPENED: 1478 (cp->tld)(sp); 1479 /* fall through */ 1480 case STATE_ACK_RCVD: 1481 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1482 (cp->scr)(sp); 1483 break; 1484 case STATE_CLOSING: 1485 case STATE_STOPPING: 1486 break; 1487 default: 1488 printf(SPP_FMT "%s illegal %s in state %s\n", 1489 SPP_ARGS(ifp), cp->name, 1490 sppp_cp_type_name(h->type), 1491 sppp_state_name(sp->state[cp->protoidx])); 1492 ++ifp->if_ierrors; 1493 } 1494 break; 1495 1496 case TERM_REQ: 1497 switch (sp->state[cp->protoidx]) { 1498 case STATE_ACK_RCVD: 1499 case STATE_ACK_SENT: 1500 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1501 /* fall through */ 1502 case STATE_CLOSED: 1503 case STATE_STOPPED: 1504 case STATE_CLOSING: 1505 case STATE_STOPPING: 1506 case STATE_REQ_SENT: 1507 sta: 1508 /* Send Terminate-Ack packet. */ 1509 if (debug) 1510 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1511 SPP_ARGS(ifp), cp->name); 1512 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1513 break; 1514 case STATE_OPENED: 1515 (cp->tld)(sp); 1516 sp->rst_counter[cp->protoidx] = 0; 1517 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1518 goto sta; 1519 break; 1520 default: 1521 printf(SPP_FMT "%s illegal %s in state %s\n", 1522 SPP_ARGS(ifp), cp->name, 1523 sppp_cp_type_name(h->type), 1524 sppp_state_name(sp->state[cp->protoidx])); 1525 ++ifp->if_ierrors; 1526 } 1527 break; 1528 case TERM_ACK: 1529 switch (sp->state[cp->protoidx]) { 1530 case STATE_CLOSED: 1531 case STATE_STOPPED: 1532 case STATE_REQ_SENT: 1533 case STATE_ACK_SENT: 1534 break; 1535 case STATE_CLOSING: 1536 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1537 (cp->tlf)(sp); 1538 break; 1539 case STATE_STOPPING: 1540 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1541 (cp->tlf)(sp); 1542 break; 1543 case STATE_ACK_RCVD: 1544 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1545 break; 1546 case STATE_OPENED: 1547 (cp->tld)(sp); 1548 (cp->scr)(sp); 1549 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1550 break; 1551 default: 1552 printf(SPP_FMT "%s illegal %s in state %s\n", 1553 SPP_ARGS(ifp), cp->name, 1554 sppp_cp_type_name(h->type), 1555 sppp_state_name(sp->state[cp->protoidx])); 1556 ++ifp->if_ierrors; 1557 } 1558 break; 1559 case CODE_REJ: 1560 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1561 log(LOG_INFO, 1562 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1563 "danger will robinson\n", 1564 SPP_ARGS(ifp), cp->name, 1565 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1566 switch (sp->state[cp->protoidx]) { 1567 case STATE_CLOSED: 1568 case STATE_STOPPED: 1569 case STATE_REQ_SENT: 1570 case STATE_ACK_SENT: 1571 case STATE_CLOSING: 1572 case STATE_STOPPING: 1573 case STATE_OPENED: 1574 break; 1575 case STATE_ACK_RCVD: 1576 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1577 break; 1578 default: 1579 printf(SPP_FMT "%s illegal %s in state %s\n", 1580 SPP_ARGS(ifp), cp->name, 1581 sppp_cp_type_name(h->type), 1582 sppp_state_name(sp->state[cp->protoidx])); 1583 ++ifp->if_ierrors; 1584 } 1585 break; 1586 case PROTO_REJ: 1587 { 1588 int catastrophic; 1589 const struct cp *upper; 1590 int i; 1591 u_int16_t proto; 1592 1593 catastrophic = 0; 1594 upper = NULL; 1595 proto = ntohs(*((u_int16_t *)p)); 1596 for (i = 0; i < IDX_COUNT; i++) { 1597 if (cps[i]->proto == proto) { 1598 upper = cps[i]; 1599 break; 1600 } 1601 } 1602 if (upper == NULL) 1603 catastrophic++; 1604 1605 if (catastrophic || debug) 1606 log(catastrophic? LOG_INFO: LOG_DEBUG, 1607 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1608 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1609 sppp_cp_type_name(h->type), proto, 1610 upper ? upper->name : "unknown", 1611 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1612 1613 /* 1614 * if we got RXJ+ against conf-req, the peer does not implement 1615 * this particular protocol type. terminate the protocol. 1616 */ 1617 if (upper && !catastrophic) { 1618 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1619 upper->Close(sp); 1620 break; 1621 } 1622 } 1623 1624 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1625 switch (sp->state[cp->protoidx]) { 1626 case STATE_CLOSED: 1627 case STATE_STOPPED: 1628 case STATE_REQ_SENT: 1629 case STATE_ACK_SENT: 1630 case STATE_CLOSING: 1631 case STATE_STOPPING: 1632 case STATE_OPENED: 1633 break; 1634 case STATE_ACK_RCVD: 1635 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1636 break; 1637 default: 1638 printf(SPP_FMT "%s illegal %s in state %s\n", 1639 SPP_ARGS(ifp), cp->name, 1640 sppp_cp_type_name(h->type), 1641 sppp_state_name(sp->state[cp->protoidx])); 1642 ++ifp->if_ierrors; 1643 } 1644 break; 1645 } 1646 case DISC_REQ: 1647 if (cp->proto != PPP_LCP) 1648 goto illegal; 1649 /* Discard the packet. */ 1650 break; 1651 case ECHO_REQ: 1652 if (cp->proto != PPP_LCP) 1653 goto illegal; 1654 if (sp->state[cp->protoidx] != STATE_OPENED) { 1655 if (debug) 1656 log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1657 SPP_ARGS(ifp)); 1658 ++ifp->if_ierrors; 1659 break; 1660 } 1661 if (len < 8) { 1662 if (debug) 1663 log(-1, SPP_FMT "invalid lcp echo request " 1664 "packet length: %d bytes\n", 1665 SPP_ARGS(ifp), len); 1666 break; 1667 } 1668 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1669 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1670 /* Line loopback mode detected. */ 1671 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1672 sp->pp_loopcnt = MAXALIVECNT * 5; 1673 if_down (ifp); 1674 sppp_qflush (&sp->pp_cpq); 1675 1676 /* Shut down the PPP link. */ 1677 /* XXX */ 1678 lcp.Down(sp); 1679 lcp.Up(sp); 1680 break; 1681 } 1682 *(long*)(h+1) = htonl (sp->lcp.magic); 1683 if (debug) 1684 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1685 SPP_ARGS(ifp)); 1686 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1687 break; 1688 case ECHO_REPLY: 1689 if (cp->proto != PPP_LCP) 1690 goto illegal; 1691 if (h->ident != sp->lcp.echoid) { 1692 ++ifp->if_ierrors; 1693 break; 1694 } 1695 if (len < 8) { 1696 if (debug) 1697 log(-1, SPP_FMT "lcp invalid echo reply " 1698 "packet length: %d bytes\n", 1699 SPP_ARGS(ifp), len); 1700 break; 1701 } 1702 if (debug) 1703 log(-1, SPP_FMT "lcp got echo rep\n", 1704 SPP_ARGS(ifp)); 1705 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1706 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1707 sp->pp_alivecnt = 0; 1708 break; 1709 default: 1710 /* Unknown packet type -- send Code-Reject packet. */ 1711 illegal: 1712 if (debug) 1713 log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1714 SPP_ARGS(ifp), cp->name, h->type); 1715 sppp_cp_send(sp, cp->proto, CODE_REJ, 1716 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1717 ++ifp->if_ierrors; 1718 } 1719} 1720 1721 1722/* 1723 * The generic part of all Up/Down/Open/Close/TO event handlers. 1724 * Basically, the state transition handling in the automaton. 1725 */ 1726static void 1727sppp_up_event(const struct cp *cp, struct sppp *sp) 1728{ 1729 STDDCL; 1730 1731 if (debug) 1732 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1733 SPP_ARGS(ifp), cp->name, 1734 sppp_state_name(sp->state[cp->protoidx])); 1735 1736 switch (sp->state[cp->protoidx]) { 1737 case STATE_INITIAL: 1738 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1739 break; 1740 case STATE_STARTING: 1741 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1742 (cp->scr)(sp); 1743 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1744 break; 1745 default: 1746 printf(SPP_FMT "%s illegal up in state %s\n", 1747 SPP_ARGS(ifp), cp->name, 1748 sppp_state_name(sp->state[cp->protoidx])); 1749 } 1750} 1751 1752static void 1753sppp_down_event(const struct cp *cp, struct sppp *sp) 1754{ 1755 STDDCL; 1756 1757 if (debug) 1758 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1759 SPP_ARGS(ifp), cp->name, 1760 sppp_state_name(sp->state[cp->protoidx])); 1761 1762 switch (sp->state[cp->protoidx]) { 1763 case STATE_CLOSED: 1764 case STATE_CLOSING: 1765 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1766 break; 1767 case STATE_STOPPED: 1768 sppp_cp_change_state(cp, sp, STATE_STARTING); 1769 (cp->tls)(sp); 1770 break; 1771 case STATE_STOPPING: 1772 case STATE_REQ_SENT: 1773 case STATE_ACK_RCVD: 1774 case STATE_ACK_SENT: 1775 sppp_cp_change_state(cp, sp, STATE_STARTING); 1776 break; 1777 case STATE_OPENED: 1778 (cp->tld)(sp); 1779 sppp_cp_change_state(cp, sp, STATE_STARTING); 1780 break; 1781 default: 1782 printf(SPP_FMT "%s illegal down in state %s\n", 1783 SPP_ARGS(ifp), cp->name, 1784 sppp_state_name(sp->state[cp->protoidx])); 1785 } 1786} 1787 1788 1789static void 1790sppp_open_event(const struct cp *cp, struct sppp *sp) 1791{ 1792 STDDCL; 1793 1794 if (debug) 1795 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1796 SPP_ARGS(ifp), cp->name, 1797 sppp_state_name(sp->state[cp->protoidx])); 1798 1799 switch (sp->state[cp->protoidx]) { 1800 case STATE_INITIAL: 1801 sppp_cp_change_state(cp, sp, STATE_STARTING); 1802 (cp->tls)(sp); 1803 break; 1804 case STATE_STARTING: 1805 break; 1806 case STATE_CLOSED: 1807 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1808 (cp->scr)(sp); 1809 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1810 break; 1811 case STATE_STOPPED: 1812 /* 1813 * Try escaping stopped state. This seems to bite 1814 * people occasionally, in particular for IPCP, 1815 * presumably following previous IPCP negotiation 1816 * aborts. Somehow, we must have missed a Down event 1817 * which would have caused a transition into starting 1818 * state, so as a bandaid we force the Down event now. 1819 * This effectively implements (something like the) 1820 * `restart' option mentioned in the state transition 1821 * table of RFC 1661. 1822 */ 1823 sppp_cp_change_state(cp, sp, STATE_STARTING); 1824 (cp->tls)(sp); 1825 break; 1826 case STATE_STOPPING: 1827 case STATE_REQ_SENT: 1828 case STATE_ACK_RCVD: 1829 case STATE_ACK_SENT: 1830 case STATE_OPENED: 1831 break; 1832 case STATE_CLOSING: 1833 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1834 break; 1835 } 1836} 1837 1838 1839static void 1840sppp_close_event(const struct cp *cp, struct sppp *sp) 1841{ 1842 STDDCL; 1843 1844 if (debug) 1845 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1846 SPP_ARGS(ifp), cp->name, 1847 sppp_state_name(sp->state[cp->protoidx])); 1848 1849 switch (sp->state[cp->protoidx]) { 1850 case STATE_INITIAL: 1851 case STATE_CLOSED: 1852 case STATE_CLOSING: 1853 break; 1854 case STATE_STARTING: 1855 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1856 (cp->tlf)(sp); 1857 break; 1858 case STATE_STOPPED: 1859 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1860 break; 1861 case STATE_STOPPING: 1862 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1863 break; 1864 case STATE_OPENED: 1865 (cp->tld)(sp); 1866 /* fall through */ 1867 case STATE_REQ_SENT: 1868 case STATE_ACK_RCVD: 1869 case STATE_ACK_SENT: 1870 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1871 sppp_cp_send(sp, cp->proto, TERM_REQ, 1872 ++sp->pp_seq[cp->protoidx], 0, 0); 1873 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1874 break; 1875 } 1876} 1877 1878static void 1879sppp_to_event(const struct cp *cp, struct sppp *sp) 1880{ 1881 STDDCL; 1882 int s; 1883 1884 s = splimp(); 1885 if (debug) 1886 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1887 SPP_ARGS(ifp), cp->name, 1888 sppp_state_name(sp->state[cp->protoidx]), 1889 sp->rst_counter[cp->protoidx]); 1890 1891 if (--sp->rst_counter[cp->protoidx] < 0) 1892 /* TO- event */ 1893 switch (sp->state[cp->protoidx]) { 1894 case STATE_CLOSING: 1895 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1896 (cp->tlf)(sp); 1897 break; 1898 case STATE_STOPPING: 1899 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1900 (cp->tlf)(sp); 1901 break; 1902 case STATE_REQ_SENT: 1903 case STATE_ACK_RCVD: 1904 case STATE_ACK_SENT: 1905 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1906 (cp->tlf)(sp); 1907 break; 1908 } 1909 else 1910 /* TO+ event */ 1911 switch (sp->state[cp->protoidx]) { 1912 case STATE_CLOSING: 1913 case STATE_STOPPING: 1914 sppp_cp_send(sp, cp->proto, TERM_REQ, 1915 ++sp->pp_seq[cp->protoidx], 0, 0); 1916 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1917 sp->ch[cp->protoidx]); 1918 break; 1919 case STATE_REQ_SENT: 1920 case STATE_ACK_RCVD: 1921 (cp->scr)(sp); 1922 /* sppp_cp_change_state() will restart the timer */ 1923 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1924 break; 1925 case STATE_ACK_SENT: 1926 (cp->scr)(sp); 1927 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1928 sp->ch[cp->protoidx]); 1929 break; 1930 } 1931 1932 splx(s); 1933} 1934 1935/* 1936 * Change the state of a control protocol in the state automaton. 1937 * Takes care of starting/stopping the restart timer. 1938 */ 1939void 1940sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1941{ 1942 sp->state[cp->protoidx] = newstate; 1943 1944 UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 1945 switch (newstate) { 1946 case STATE_INITIAL: 1947 case STATE_STARTING: 1948 case STATE_CLOSED: 1949 case STATE_STOPPED: 1950 case STATE_OPENED: 1951 break; 1952 case STATE_CLOSING: 1953 case STATE_STOPPING: 1954 case STATE_REQ_SENT: 1955 case STATE_ACK_RCVD: 1956 case STATE_ACK_SENT: 1957 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1958 sp->ch[cp->protoidx]); 1959 break; 1960 } 1961} 1962 1963/* 1964 *--------------------------------------------------------------------------* 1965 * * 1966 * The LCP implementation. * 1967 * * 1968 *--------------------------------------------------------------------------* 1969 */ 1970static void 1971sppp_lcp_init(struct sppp *sp) 1972{ 1973 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1974 sp->lcp.magic = 0; 1975 sp->state[IDX_LCP] = STATE_INITIAL; 1976 sp->fail_counter[IDX_LCP] = 0; 1977 sp->pp_seq[IDX_LCP] = 0; 1978 sp->pp_rseq[IDX_LCP] = 0; 1979 sp->lcp.protos = 0; 1980 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 1981 1982 /* Note that these values are relevant for all control protocols */ 1983 sp->lcp.timeout = 3 * hz; 1984 sp->lcp.max_terminate = 2; 1985 sp->lcp.max_configure = 10; 1986 sp->lcp.max_failure = 10; 1987#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1988 callout_handle_init(&sp->ch[IDX_LCP]); 1989#endif 1990} 1991 1992static void 1993sppp_lcp_up(struct sppp *sp) 1994{ 1995 STDDCL; 1996 1997 sp->pp_alivecnt = 0; 1998 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1999 sp->lcp.magic = 0; 2000 sp->lcp.protos = 0; 2001 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2002 /* 2003 * If we are authenticator, negotiate LCP_AUTH 2004 */ 2005 if (sp->hisauth.proto != 0) 2006 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2007 else 2008 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2009 sp->pp_flags &= ~PP_NEEDAUTH; 2010 /* 2011 * If this interface is passive or dial-on-demand, and we are 2012 * still in Initial state, it means we've got an incoming 2013 * call. Activate the interface. 2014 */ 2015 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2016 if (debug) 2017 log(LOG_DEBUG, 2018 SPP_FMT "Up event", SPP_ARGS(ifp)); 2019 ifp->if_flags |= IFF_RUNNING; 2020 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2021 if (debug) 2022 log(-1, "(incoming call)\n"); 2023 sp->pp_flags |= PP_CALLIN; 2024 lcp.Open(sp); 2025 } else if (debug) 2026 log(-1, "\n"); 2027 } 2028 2029 sppp_up_event(&lcp, sp); 2030} 2031 2032static void 2033sppp_lcp_down(struct sppp *sp) 2034{ 2035 STDDCL; 2036 2037 sppp_down_event(&lcp, sp); 2038 2039 /* 2040 * If this is neither a dial-on-demand nor a passive 2041 * interface, simulate an ``ifconfig down'' action, so the 2042 * administrator can force a redial by another ``ifconfig 2043 * up''. XXX For leased line operation, should we immediately 2044 * try to reopen the connection here? 2045 */ 2046 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2047 log(LOG_INFO, 2048 SPP_FMT "Down event, taking interface down.\n", 2049 SPP_ARGS(ifp)); 2050 if_down(ifp); 2051 } else { 2052 if (debug) 2053 log(LOG_DEBUG, 2054 SPP_FMT "Down event (carrier loss)\n", 2055 SPP_ARGS(ifp)); 2056 sp->pp_flags &= ~PP_CALLIN; 2057 if (sp->state[IDX_LCP] != STATE_INITIAL) 2058 lcp.Close(sp); 2059 ifp->if_flags &= ~IFF_RUNNING; 2060 } 2061} 2062 2063static void 2064sppp_lcp_open(struct sppp *sp) 2065{ 2066 sppp_open_event(&lcp, sp); 2067} 2068 2069static void 2070sppp_lcp_close(struct sppp *sp) 2071{ 2072 sppp_close_event(&lcp, sp); 2073} 2074 2075static void 2076sppp_lcp_TO(void *cookie) 2077{ 2078 sppp_to_event(&lcp, (struct sppp *)cookie); 2079} 2080 2081/* 2082 * Analyze a configure request. Return true if it was agreeable, and 2083 * caused action sca, false if it has been rejected or nak'ed, and 2084 * caused action scn. (The return value is used to make the state 2085 * transition decision in the state automaton.) 2086 */ 2087static int 2088sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2089{ 2090 STDDCL; 2091 u_char *buf, *r, *p; 2092 int origlen, rlen; 2093 u_long nmagic; 2094 u_short authproto; 2095 2096 len -= 4; 2097 origlen = len; 2098 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2099 if (! buf) 2100 return (0); 2101 2102 if (debug) 2103 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2104 SPP_ARGS(ifp)); 2105 2106 /* pass 1: check for things that need to be rejected */ 2107 p = (void*) (h+1); 2108 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2109 if (debug) 2110 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2111 switch (*p) { 2112 case LCP_OPT_MAGIC: 2113 /* Magic number. */ 2114 if (len >= 6 && p[1] == 6) 2115 continue; 2116 if (debug) 2117 log(-1, "[invalid] "); 2118 break; 2119 case LCP_OPT_ASYNC_MAP: 2120 /* Async control character map. */ 2121 if (len >= 6 && p[1] == 6) 2122 continue; 2123 if (debug) 2124 log(-1, "[invalid] "); 2125 break; 2126 case LCP_OPT_MRU: 2127 /* Maximum receive unit. */ 2128 if (len >= 4 && p[1] == 4) 2129 continue; 2130 if (debug) 2131 log(-1, "[invalid] "); 2132 break; 2133 case LCP_OPT_AUTH_PROTO: 2134 if (len < 4) { 2135 if (debug) 2136 log(-1, "[invalid] "); 2137 break; 2138 } 2139 authproto = (p[2] << 8) + p[3]; 2140 if (authproto == PPP_CHAP && p[1] != 5) { 2141 if (debug) 2142 log(-1, "[invalid chap len] "); 2143 break; 2144 } 2145 if (sp->myauth.proto == 0) { 2146 /* we are not configured to do auth */ 2147 if (debug) 2148 log(-1, "[not configured] "); 2149 break; 2150 } 2151 /* 2152 * Remote want us to authenticate, remember this, 2153 * so we stay in PHASE_AUTHENTICATE after LCP got 2154 * up. 2155 */ 2156 sp->pp_flags |= PP_NEEDAUTH; 2157 continue; 2158 default: 2159 /* Others not supported. */ 2160 if (debug) 2161 log(-1, "[rej] "); 2162 break; 2163 } 2164 /* Add the option to rejected list. */ 2165 bcopy (p, r, p[1]); 2166 r += p[1]; 2167 rlen += p[1]; 2168 } 2169 if (rlen) { 2170 if (debug) 2171 log(-1, " send conf-rej\n"); 2172 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2173 return 0; 2174 } else if (debug) 2175 log(-1, "\n"); 2176 2177 /* 2178 * pass 2: check for option values that are unacceptable and 2179 * thus require to be nak'ed. 2180 */ 2181 if (debug) 2182 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2183 SPP_ARGS(ifp)); 2184 2185 p = (void*) (h+1); 2186 len = origlen; 2187 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2188 if (debug) 2189 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2190 switch (*p) { 2191 case LCP_OPT_MAGIC: 2192 /* Magic number -- extract. */ 2193 nmagic = (u_long)p[2] << 24 | 2194 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2195 if (nmagic != sp->lcp.magic) { 2196 sp->pp_loopcnt = 0; 2197 if (debug) 2198 log(-1, "0x%lx ", nmagic); 2199 continue; 2200 } 2201 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2202 log(-1, "[glitch] "); 2203 ++sp->pp_loopcnt; 2204 /* 2205 * We negate our magic here, and NAK it. If 2206 * we see it later in an NAK packet, we 2207 * suggest a new one. 2208 */ 2209 nmagic = ~sp->lcp.magic; 2210 /* Gonna NAK it. */ 2211 p[2] = nmagic >> 24; 2212 p[3] = nmagic >> 16; 2213 p[4] = nmagic >> 8; 2214 p[5] = nmagic; 2215 break; 2216 2217 case LCP_OPT_ASYNC_MAP: 2218 /* 2219 * Async control character map -- just ignore it. 2220 * 2221 * Quote from RFC 1662, chapter 6: 2222 * To enable this functionality, synchronous PPP 2223 * implementations MUST always respond to the 2224 * Async-Control-Character-Map Configuration 2225 * Option with the LCP Configure-Ack. However, 2226 * acceptance of the Configuration Option does 2227 * not imply that the synchronous implementation 2228 * will do any ACCM mapping. Instead, all such 2229 * octet mapping will be performed by the 2230 * asynchronous-to-synchronous converter. 2231 */ 2232 continue; 2233 2234 case LCP_OPT_MRU: 2235 /* 2236 * Maximum receive unit. Always agreeable, 2237 * but ignored by now. 2238 */ 2239 sp->lcp.their_mru = p[2] * 256 + p[3]; 2240 if (debug) 2241 log(-1, "%lu ", sp->lcp.their_mru); 2242 continue; 2243 2244 case LCP_OPT_AUTH_PROTO: 2245 authproto = (p[2] << 8) + p[3]; 2246 if (sp->myauth.proto != authproto) { 2247 /* not agreed, nak */ 2248 if (debug) 2249 log(-1, "[mine %s != his %s] ", 2250 sppp_proto_name(sp->hisauth.proto), 2251 sppp_proto_name(authproto)); 2252 p[2] = sp->myauth.proto >> 8; 2253 p[3] = sp->myauth.proto; 2254 break; 2255 } 2256 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2257 if (debug) 2258 log(-1, "[chap not MD5] "); 2259 p[4] = CHAP_MD5; 2260 break; 2261 } 2262 continue; 2263 } 2264 /* Add the option to nak'ed list. */ 2265 bcopy (p, r, p[1]); 2266 r += p[1]; 2267 rlen += p[1]; 2268 } 2269 if (rlen) { 2270 /* 2271 * Local and remote magics equal -- loopback? 2272 */ 2273 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2274 if (sp->pp_loopcnt == MAXALIVECNT*5) 2275 printf (SPP_FMT "loopback\n", 2276 SPP_ARGS(ifp)); 2277 if (ifp->if_flags & IFF_UP) { 2278 if_down(ifp); 2279 sppp_qflush(&sp->pp_cpq); 2280 /* XXX ? */ 2281 lcp.Down(sp); 2282 lcp.Up(sp); 2283 } 2284 } else if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2285 if (debug) 2286 log(-1, " max_failure (%d) exceeded, " 2287 "send conf-rej\n", 2288 sp->lcp.max_failure); 2289 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2290 } else { 2291 if (debug) 2292 log(-1, " send conf-nak\n"); 2293 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2294 } 2295 } else { 2296 if (debug) 2297 log(-1, " send conf-ack\n"); 2298 sp->fail_counter[IDX_LCP] = 0; 2299 sp->pp_loopcnt = 0; 2300 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2301 h->ident, origlen, h+1); 2302 } 2303 2304 free (buf, M_TEMP); 2305 return (rlen == 0); 2306} 2307 2308/* 2309 * Analyze the LCP Configure-Reject option list, and adjust our 2310 * negotiation. 2311 */ 2312static void 2313sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2314{ 2315 STDDCL; 2316 u_char *buf, *p; 2317 2318 len -= 4; 2319 buf = malloc (len, M_TEMP, M_NOWAIT); 2320 if (!buf) 2321 return; 2322 2323 if (debug) 2324 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2325 SPP_ARGS(ifp)); 2326 2327 p = (void*) (h+1); 2328 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2329 if (debug) 2330 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2331 switch (*p) { 2332 case LCP_OPT_MAGIC: 2333 /* Magic number -- can't use it, use 0 */ 2334 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2335 sp->lcp.magic = 0; 2336 break; 2337 case LCP_OPT_MRU: 2338 /* 2339 * Should not be rejected anyway, since we only 2340 * negotiate a MRU if explicitly requested by 2341 * peer. 2342 */ 2343 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2344 break; 2345 case LCP_OPT_AUTH_PROTO: 2346 /* 2347 * Peer doesn't want to authenticate himself, 2348 * deny unless this is a dialout call, and 2349 * AUTHFLAG_NOCALLOUT is set. 2350 */ 2351 if ((sp->pp_flags & PP_CALLIN) == 0 && 2352 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2353 if (debug) 2354 log(-1, "[don't insist on auth " 2355 "for callout]"); 2356 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2357 break; 2358 } 2359 if (debug) 2360 log(-1, "[access denied]\n"); 2361 lcp.Close(sp); 2362 break; 2363 } 2364 } 2365 if (debug) 2366 log(-1, "\n"); 2367 free (buf, M_TEMP); 2368 return; 2369} 2370 2371/* 2372 * Analyze the LCP Configure-NAK option list, and adjust our 2373 * negotiation. 2374 */ 2375static void 2376sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2377{ 2378 STDDCL; 2379 u_char *buf, *p; 2380 u_long magic; 2381 2382 len -= 4; 2383 buf = malloc (len, M_TEMP, M_NOWAIT); 2384 if (!buf) 2385 return; 2386 2387 if (debug) 2388 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2389 SPP_ARGS(ifp)); 2390 2391 p = (void*) (h+1); 2392 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2393 if (debug) 2394 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2395 switch (*p) { 2396 case LCP_OPT_MAGIC: 2397 /* Magic number -- renegotiate */ 2398 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2399 len >= 6 && p[1] == 6) { 2400 magic = (u_long)p[2] << 24 | 2401 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2402 /* 2403 * If the remote magic is our negated one, 2404 * this looks like a loopback problem. 2405 * Suggest a new magic to make sure. 2406 */ 2407 if (magic == ~sp->lcp.magic) { 2408 if (debug) 2409 log(-1, "magic glitch "); 2410#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2411 sp->lcp.magic = random(); 2412#else 2413 sp->lcp.magic = time.tv_sec + time.tv_usec; 2414#endif 2415 } else { 2416 sp->lcp.magic = magic; 2417 if (debug) 2418 log(-1, "%lu ", magic); 2419 } 2420 } 2421 break; 2422 case LCP_OPT_MRU: 2423 /* 2424 * Peer wants to advise us to negotiate an MRU. 2425 * Agree on it if it's reasonable, or use 2426 * default otherwise. 2427 */ 2428 if (len >= 4 && p[1] == 4) { 2429 u_int mru = p[2] * 256 + p[3]; 2430 if (debug) 2431 log(-1, "%d ", mru); 2432 if (mru < PP_MTU || mru > PP_MAX_MRU) 2433 mru = PP_MTU; 2434 sp->lcp.mru = mru; 2435 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2436 } 2437 break; 2438 case LCP_OPT_AUTH_PROTO: 2439 /* 2440 * Peer doesn't like our authentication method, 2441 * deny. 2442 */ 2443 if (debug) 2444 log(-1, "[access denied]\n"); 2445 lcp.Close(sp); 2446 break; 2447 } 2448 } 2449 if (debug) 2450 log(-1, "\n"); 2451 free (buf, M_TEMP); 2452 return; 2453} 2454 2455static void 2456sppp_lcp_tlu(struct sppp *sp) 2457{ 2458 STDDCL; 2459 int i; 2460 u_long mask; 2461 2462 /* XXX ? */ 2463 if (! (ifp->if_flags & IFF_UP) && 2464 (ifp->if_flags & IFF_RUNNING)) { 2465 /* Coming out of loopback mode. */ 2466 if_up(ifp); 2467 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2468 } 2469 2470 for (i = 0; i < IDX_COUNT; i++) 2471 if ((cps[i])->flags & CP_QUAL) 2472 (cps[i])->Open(sp); 2473 2474 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2475 (sp->pp_flags & PP_NEEDAUTH) != 0) 2476 sp->pp_phase = PHASE_AUTHENTICATE; 2477 else 2478 sp->pp_phase = PHASE_NETWORK; 2479 2480 if (debug) 2481 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2482 sppp_phase_name(sp->pp_phase)); 2483 2484 /* 2485 * Open all authentication protocols. This is even required 2486 * if we already proceeded to network phase, since it might be 2487 * that remote wants us to authenticate, so we might have to 2488 * send a PAP request. Undesired authentication protocols 2489 * don't do anything when they get an Open event. 2490 */ 2491 for (i = 0; i < IDX_COUNT; i++) 2492 if ((cps[i])->flags & CP_AUTH) 2493 (cps[i])->Open(sp); 2494 2495 if (sp->pp_phase == PHASE_NETWORK) { 2496 /* Notify all NCPs. */ 2497 for (i = 0; i < IDX_COUNT; i++) 2498 if ((cps[i])->flags & CP_NCP) 2499 (cps[i])->Open(sp); 2500 } 2501 2502 /* Send Up events to all started protos. */ 2503 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2504 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2505 (cps[i])->Up(sp); 2506 2507 /* notify low-level driver of state change */ 2508 if (sp->pp_chg) 2509 sp->pp_chg(sp, (int)sp->pp_phase); 2510 2511 if (sp->pp_phase == PHASE_NETWORK) 2512 /* if no NCP is starting, close down */ 2513 sppp_lcp_check_and_close(sp); 2514} 2515 2516static void 2517sppp_lcp_tld(struct sppp *sp) 2518{ 2519 STDDCL; 2520 int i; 2521 u_long mask; 2522 2523 sp->pp_phase = PHASE_TERMINATE; 2524 2525 if (debug) 2526 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2527 sppp_phase_name(sp->pp_phase)); 2528 2529 /* 2530 * Take upper layers down. We send the Down event first and 2531 * the Close second to prevent the upper layers from sending 2532 * ``a flurry of terminate-request packets'', as the RFC 2533 * describes it. 2534 */ 2535 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2536 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2537 (cps[i])->Down(sp); 2538 (cps[i])->Close(sp); 2539 } 2540} 2541 2542static void 2543sppp_lcp_tls(struct sppp *sp) 2544{ 2545 STDDCL; 2546 2547 sp->pp_phase = PHASE_ESTABLISH; 2548 2549 if (debug) 2550 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2551 sppp_phase_name(sp->pp_phase)); 2552 2553 /* Notify lower layer if desired. */ 2554 if (sp->pp_tls) 2555 (sp->pp_tls)(sp); 2556 else 2557 (sp->pp_up)(sp); 2558} 2559 2560static void 2561sppp_lcp_tlf(struct sppp *sp) 2562{ 2563 STDDCL; 2564 2565 sp->pp_phase = PHASE_DEAD; 2566 if (debug) 2567 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2568 sppp_phase_name(sp->pp_phase)); 2569 2570 /* Notify lower layer if desired. */ 2571 if (sp->pp_tlf) 2572 (sp->pp_tlf)(sp); 2573 else 2574 (sp->pp_down)(sp); 2575} 2576 2577static void 2578sppp_lcp_scr(struct sppp *sp) 2579{ 2580 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2581 int i = 0; 2582 u_short authproto; 2583 2584 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2585 if (! sp->lcp.magic) 2586#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2587 sp->lcp.magic = random(); 2588#else 2589 sp->lcp.magic = time.tv_sec + time.tv_usec; 2590#endif 2591 opt[i++] = LCP_OPT_MAGIC; 2592 opt[i++] = 6; 2593 opt[i++] = sp->lcp.magic >> 24; 2594 opt[i++] = sp->lcp.magic >> 16; 2595 opt[i++] = sp->lcp.magic >> 8; 2596 opt[i++] = sp->lcp.magic; 2597 } 2598 2599 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2600 opt[i++] = LCP_OPT_MRU; 2601 opt[i++] = 4; 2602 opt[i++] = sp->lcp.mru >> 8; 2603 opt[i++] = sp->lcp.mru; 2604 } 2605 2606 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2607 authproto = sp->hisauth.proto; 2608 opt[i++] = LCP_OPT_AUTH_PROTO; 2609 opt[i++] = authproto == PPP_CHAP? 5: 4; 2610 opt[i++] = authproto >> 8; 2611 opt[i++] = authproto; 2612 if (authproto == PPP_CHAP) 2613 opt[i++] = CHAP_MD5; 2614 } 2615 2616 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2617 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2618} 2619 2620/* 2621 * Check the open NCPs, return true if at least one NCP is open. 2622 */ 2623static int 2624sppp_ncp_check(struct sppp *sp) 2625{ 2626 int i, mask; 2627 2628 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2629 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2630 return 1; 2631 return 0; 2632} 2633 2634/* 2635 * Re-check the open NCPs and see if we should terminate the link. 2636 * Called by the NCPs during their tlf action handling. 2637 */ 2638static void 2639sppp_lcp_check_and_close(struct sppp *sp) 2640{ 2641 2642 if (sp->pp_phase < PHASE_NETWORK) 2643 /* don't bother, we are already going down */ 2644 return; 2645 2646 if (sppp_ncp_check(sp)) 2647 return; 2648 2649 lcp.Close(sp); 2650} 2651 2652/* 2653 *--------------------------------------------------------------------------* 2654 * * 2655 * The IPCP implementation. * 2656 * * 2657 *--------------------------------------------------------------------------* 2658 */ 2659 2660static void 2661sppp_ipcp_init(struct sppp *sp) 2662{ 2663 sp->ipcp.opts = 0; 2664 sp->ipcp.flags = 0; 2665 sp->state[IDX_IPCP] = STATE_INITIAL; 2666 sp->fail_counter[IDX_IPCP] = 0; 2667 sp->pp_seq[IDX_IPCP] = 0; 2668 sp->pp_rseq[IDX_IPCP] = 0; 2669#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2670 callout_handle_init(&sp->ch[IDX_IPCP]); 2671#endif 2672} 2673 2674static void 2675sppp_ipcp_up(struct sppp *sp) 2676{ 2677 sppp_up_event(&ipcp, sp); 2678} 2679 2680static void 2681sppp_ipcp_down(struct sppp *sp) 2682{ 2683 sppp_down_event(&ipcp, sp); 2684} 2685 2686static void 2687sppp_ipcp_open(struct sppp *sp) 2688{ 2689 STDDCL; 2690 u_long myaddr, hisaddr; 2691 2692 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN); 2693 2694 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2695 /* 2696 * If we don't have his address, this probably means our 2697 * interface doesn't want to talk IP at all. (This could 2698 * be the case if somebody wants to speak only IPX, for 2699 * example.) Don't open IPCP in this case. 2700 */ 2701 if (hisaddr == 0L) { 2702 /* XXX this message should go away */ 2703 if (debug) 2704 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2705 SPP_ARGS(ifp)); 2706 return; 2707 } 2708 2709 if (myaddr == 0L) { 2710 /* 2711 * I don't have an assigned address, so i need to 2712 * negotiate my address. 2713 */ 2714 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2715 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2716 } else 2717 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2718 sppp_open_event(&ipcp, sp); 2719} 2720 2721static void 2722sppp_ipcp_close(struct sppp *sp) 2723{ 2724 sppp_close_event(&ipcp, sp); 2725 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2726 /* 2727 * My address was dynamic, clear it again. 2728 */ 2729 sppp_set_ip_addr(sp, 0L); 2730} 2731 2732static void 2733sppp_ipcp_TO(void *cookie) 2734{ 2735 sppp_to_event(&ipcp, (struct sppp *)cookie); 2736} 2737 2738/* 2739 * Analyze a configure request. Return true if it was agreeable, and 2740 * caused action sca, false if it has been rejected or nak'ed, and 2741 * caused action scn. (The return value is used to make the state 2742 * transition decision in the state automaton.) 2743 */ 2744static int 2745sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2746{ 2747 u_char *buf, *r, *p; 2748 struct ifnet *ifp = &sp->pp_if; 2749 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2750 u_long hisaddr, desiredaddr; 2751 int gotmyaddr = 0; 2752 2753 len -= 4; 2754 origlen = len; 2755 /* 2756 * Make sure to allocate a buf that can at least hold a 2757 * conf-nak with an `address' option. We might need it below. 2758 */ 2759 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2760 if (! buf) 2761 return (0); 2762 2763 /* pass 1: see if we can recognize them */ 2764 if (debug) 2765 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2766 SPP_ARGS(ifp)); 2767 p = (void*) (h+1); 2768 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2769 if (debug) 2770 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2771 switch (*p) { 2772 case IPCP_OPT_ADDRESS: 2773 if (len >= 6 && p[1] == 6) { 2774 /* correctly formed address option */ 2775 continue; 2776 } 2777 if (debug) 2778 log(-1, "[invalid] "); 2779 break; 2780 default: 2781 /* Others not supported. */ 2782 if (debug) 2783 log(-1, "[rej] "); 2784 break; 2785 } 2786 /* Add the option to rejected list. */ 2787 bcopy (p, r, p[1]); 2788 r += p[1]; 2789 rlen += p[1]; 2790 } 2791 if (rlen) { 2792 if (debug) 2793 log(-1, " send conf-rej\n"); 2794 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2795 return 0; 2796 } else if (debug) 2797 log(-1, "\n"); 2798 2799 /* pass 2: parse option values */ 2800 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2801 if (debug) 2802 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2803 SPP_ARGS(ifp)); 2804 p = (void*) (h+1); 2805 len = origlen; 2806 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2807 if (debug) 2808 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2809 switch (*p) { 2810 case IPCP_OPT_ADDRESS: 2811 /* This is the address he wants in his end */ 2812 desiredaddr = p[2] << 24 | p[3] << 16 | 2813 p[4] << 8 | p[5]; 2814 if (desiredaddr == hisaddr || 2815 (hisaddr == 1 && desiredaddr != 0)) { 2816 /* 2817 * Peer's address is same as our value, 2818 * or we have set it to 0.0.0.1 to 2819 * indicate that we do not really care, 2820 * this is agreeable. Gonna conf-ack 2821 * it. 2822 */ 2823 if (debug) 2824 log(-1, "%s [ack] ", 2825 sppp_dotted_quad(hisaddr)); 2826 /* record that we've seen it already */ 2827 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2828 continue; 2829 } 2830 /* 2831 * The address wasn't agreeable. This is either 2832 * he sent us 0.0.0.0, asking to assign him an 2833 * address, or he send us another address not 2834 * matching our value. Either case, we gonna 2835 * conf-nak it with our value. 2836 * XXX: we should "rej" if hisaddr == 0 2837 */ 2838 if (debug) { 2839 if (desiredaddr == 0) 2840 log(-1, "[addr requested] "); 2841 else 2842 log(-1, "%s [not agreed] ", 2843 sppp_dotted_quad(desiredaddr)); 2844 2845 } 2846 p[2] = hisaddr >> 24; 2847 p[3] = hisaddr >> 16; 2848 p[4] = hisaddr >> 8; 2849 p[5] = hisaddr; 2850 break; 2851 } 2852 /* Add the option to nak'ed list. */ 2853 bcopy (p, r, p[1]); 2854 r += p[1]; 2855 rlen += p[1]; 2856 } 2857 2858 /* 2859 * If we are about to conf-ack the request, but haven't seen 2860 * his address so far, gonna conf-nak it instead, with the 2861 * `address' option present and our idea of his address being 2862 * filled in there, to request negotiation of both addresses. 2863 * 2864 * XXX This can result in an endless req - nak loop if peer 2865 * doesn't want to send us his address. Q: What should we do 2866 * about it? XXX A: implement the max-failure counter. 2867 */ 2868 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 2869 buf[0] = IPCP_OPT_ADDRESS; 2870 buf[1] = 6; 2871 buf[2] = hisaddr >> 24; 2872 buf[3] = hisaddr >> 16; 2873 buf[4] = hisaddr >> 8; 2874 buf[5] = hisaddr; 2875 rlen = 6; 2876 if (debug) 2877 log(-1, "still need hisaddr "); 2878 } 2879 2880 if (rlen) { 2881 if (debug) 2882 log(-1, " send conf-nak\n"); 2883 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2884 } else { 2885 if (debug) 2886 log(-1, " send conf-ack\n"); 2887 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2888 h->ident, origlen, h+1); 2889 } 2890 2891 free (buf, M_TEMP); 2892 return (rlen == 0); 2893} 2894 2895/* 2896 * Analyze the IPCP Configure-Reject option list, and adjust our 2897 * negotiation. 2898 */ 2899static void 2900sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2901{ 2902 u_char *buf, *p; 2903 struct ifnet *ifp = &sp->pp_if; 2904 int debug = ifp->if_flags & IFF_DEBUG; 2905 2906 len -= 4; 2907 buf = malloc (len, M_TEMP, M_NOWAIT); 2908 if (!buf) 2909 return; 2910 2911 if (debug) 2912 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 2913 SPP_ARGS(ifp)); 2914 2915 p = (void*) (h+1); 2916 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2917 if (debug) 2918 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2919 switch (*p) { 2920 case IPCP_OPT_ADDRESS: 2921 /* 2922 * Peer doesn't grok address option. This is 2923 * bad. XXX Should we better give up here? 2924 * XXX We could try old "addresses" option... 2925 */ 2926 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 2927 break; 2928 } 2929 } 2930 if (debug) 2931 log(-1, "\n"); 2932 free (buf, M_TEMP); 2933 return; 2934} 2935 2936/* 2937 * Analyze the IPCP Configure-NAK option list, and adjust our 2938 * negotiation. 2939 */ 2940static void 2941sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2942{ 2943 u_char *buf, *p; 2944 struct ifnet *ifp = &sp->pp_if; 2945 int debug = ifp->if_flags & IFF_DEBUG; 2946 u_long wantaddr; 2947 2948 len -= 4; 2949 buf = malloc (len, M_TEMP, M_NOWAIT); 2950 if (!buf) 2951 return; 2952 2953 if (debug) 2954 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 2955 SPP_ARGS(ifp)); 2956 2957 p = (void*) (h+1); 2958 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2959 if (debug) 2960 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2961 switch (*p) { 2962 case IPCP_OPT_ADDRESS: 2963 /* 2964 * Peer doesn't like our local IP address. See 2965 * if we can do something for him. We'll drop 2966 * him our address then. 2967 */ 2968 if (len >= 6 && p[1] == 6) { 2969 wantaddr = p[2] << 24 | p[3] << 16 | 2970 p[4] << 8 | p[5]; 2971 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2972 if (debug) 2973 log(-1, "[wantaddr %s] ", 2974 sppp_dotted_quad(wantaddr)); 2975 /* 2976 * When doing dynamic address assignment, 2977 * we accept his offer. Otherwise, we 2978 * ignore it and thus continue to negotiate 2979 * our already existing value. 2980 * XXX: Bogus, if he said no once, he'll 2981 * just say no again, might as well die. 2982 */ 2983 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 2984 sppp_set_ip_addr(sp, wantaddr); 2985 if (debug) 2986 log(-1, "[agree] "); 2987 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2988 } 2989 } 2990 break; 2991 } 2992 } 2993 if (debug) 2994 log(-1, "\n"); 2995 free (buf, M_TEMP); 2996 return; 2997} 2998 2999static void 3000sppp_ipcp_tlu(struct sppp *sp) 3001{ 3002 /* we are up - notify isdn daemon */ 3003 if (sp->pp_con) 3004 sp->pp_con(sp); 3005} 3006 3007static void 3008sppp_ipcp_tld(struct sppp *sp) 3009{ 3010} 3011 3012static void 3013sppp_ipcp_tls(struct sppp *sp) 3014{ 3015 /* indicate to LCP that it must stay alive */ 3016 sp->lcp.protos |= (1 << IDX_IPCP); 3017} 3018 3019static void 3020sppp_ipcp_tlf(struct sppp *sp) 3021{ 3022 /* we no longer need LCP */ 3023 sp->lcp.protos &= ~(1 << IDX_IPCP); 3024 sppp_lcp_check_and_close(sp); 3025} 3026 3027static void 3028sppp_ipcp_scr(struct sppp *sp) 3029{ 3030 char opt[6 /* compression */ + 6 /* address */]; 3031 u_long ouraddr; 3032 int i = 0; 3033 3034 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3035 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3036 opt[i++] = IPCP_OPT_ADDRESS; 3037 opt[i++] = 6; 3038 opt[i++] = ouraddr >> 24; 3039 opt[i++] = ouraddr >> 16; 3040 opt[i++] = ouraddr >> 8; 3041 opt[i++] = ouraddr; 3042 } 3043 3044 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3045 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3046} 3047 3048/* 3049 *--------------------------------------------------------------------------* 3050 * * 3051 * The IPv6CP implementation. * 3052 * * 3053 *--------------------------------------------------------------------------* 3054 */ 3055 3056#ifdef INET6 3057static void 3058sppp_ipv6cp_init(struct sppp *sp) 3059{ 3060 sp->ipv6cp.opts = 0; 3061 sp->ipv6cp.flags = 0; 3062 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3063 sp->fail_counter[IDX_IPV6CP] = 0; 3064 sp->pp_seq[IDX_IPV6CP] = 0; 3065 sp->pp_rseq[IDX_IPV6CP] = 0; 3066#if defined(__NetBSD__) 3067 callout_init(&sp->ch[IDX_IPV6CP]); 3068#endif 3069#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3070 callout_handle_init(&sp->ch[IDX_IPV6CP]); 3071#endif 3072} 3073 3074static void 3075sppp_ipv6cp_up(struct sppp *sp) 3076{ 3077 sppp_up_event(&ipv6cp, sp); 3078} 3079 3080static void 3081sppp_ipv6cp_down(struct sppp *sp) 3082{ 3083 sppp_down_event(&ipv6cp, sp); 3084} 3085 3086static void 3087sppp_ipv6cp_open(struct sppp *sp) 3088{ 3089 STDDCL; 3090 struct in6_addr myaddr, hisaddr; 3091 3092#ifdef IPV6CP_MYIFID_DYN 3093 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3094#else 3095 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3096#endif 3097 3098 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3099 /* 3100 * If we don't have our address, this probably means our 3101 * interface doesn't want to talk IPv6 at all. (This could 3102 * be the case if somebody wants to speak only IPX, for 3103 * example.) Don't open IPv6CP in this case. 3104 */ 3105 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3106 /* XXX this message should go away */ 3107 if (debug) 3108 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3109 SPP_ARGS(ifp)); 3110 return; 3111 } 3112 3113 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3114 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3115 sppp_open_event(&ipv6cp, sp); 3116} 3117 3118static void 3119sppp_ipv6cp_close(struct sppp *sp) 3120{ 3121 sppp_close_event(&ipv6cp, sp); 3122} 3123 3124static void 3125sppp_ipv6cp_TO(void *cookie) 3126{ 3127 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3128} 3129 3130/* 3131 * Analyze a configure request. Return true if it was agreeable, and 3132 * caused action sca, false if it has been rejected or nak'ed, and 3133 * caused action scn. (The return value is used to make the state 3134 * transition decision in the state automaton.) 3135 */ 3136static int 3137sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3138{ 3139 u_char *buf, *r, *p; 3140 struct ifnet *ifp = &sp->pp_if; 3141 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3142 struct in6_addr myaddr, desiredaddr, suggestaddr; 3143 int ifidcount; 3144 int type; 3145 int collision, nohisaddr; 3146 3147 len -= 4; 3148 origlen = len; 3149 /* 3150 * Make sure to allocate a buf that can at least hold a 3151 * conf-nak with an `address' option. We might need it below. 3152 */ 3153 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3154 if (! buf) 3155 return (0); 3156 3157 /* pass 1: see if we can recognize them */ 3158 if (debug) 3159 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3160 SPP_ARGS(ifp)); 3161 p = (void*) (h+1); 3162 ifidcount = 0; 3163 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3164 if (debug) 3165 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3166 switch (*p) { 3167 case IPV6CP_OPT_IFID: 3168 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3169 /* correctly formed address option */ 3170 ifidcount++; 3171 continue; 3172 } 3173 if (debug) 3174 log(-1, " [invalid]"); 3175 break; 3176#ifdef notyet 3177 case IPV6CP_OPT_COMPRESSION: 3178 if (len >= 4 && p[1] >= 4) { 3179 /* correctly formed compress option */ 3180 continue; 3181 } 3182 if (debug) 3183 log(-1, " [invalid]"); 3184 break; 3185#endif 3186 default: 3187 /* Others not supported. */ 3188 if (debug) 3189 log(-1, " [rej]"); 3190 break; 3191 } 3192 /* Add the option to rejected list. */ 3193 bcopy (p, r, p[1]); 3194 r += p[1]; 3195 rlen += p[1]; 3196 } 3197 if (rlen) { 3198 if (debug) 3199 log(-1, " send conf-rej\n"); 3200 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3201 goto end; 3202 } else if (debug) 3203 log(-1, "\n"); 3204 3205 /* pass 2: parse option values */ 3206 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3207 if (debug) 3208 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3209 SPP_ARGS(ifp)); 3210 p = (void*) (h+1); 3211 len = origlen; 3212 type = CONF_ACK; 3213 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3214 if (debug) 3215 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3216 switch (*p) { 3217#ifdef notyet 3218 case IPV6CP_OPT_COMPRESSION: 3219 continue; 3220#endif 3221 case IPV6CP_OPT_IFID: 3222 bzero(&desiredaddr, sizeof(desiredaddr)); 3223 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3224 collision = (bcmp(&desiredaddr.s6_addr[8], 3225 &myaddr.s6_addr[8], 8) == 0); 3226 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3227 3228 desiredaddr.s6_addr16[0] = htons(0xfe80); 3229 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3230 3231 if (!collision && !nohisaddr) { 3232 /* no collision, hisaddr known - Conf-Ack */ 3233 type = CONF_ACK; 3234 3235 if (debug) { 3236 log(-1, " %s [%s]", 3237 ip6_sprintf(&desiredaddr), 3238 sppp_cp_type_name(type)); 3239 } 3240 continue; 3241 } 3242 3243 bzero(&suggestaddr, sizeof(&suggestaddr)); 3244 if (collision && nohisaddr) { 3245 /* collision, hisaddr unknown - Conf-Rej */ 3246 type = CONF_REJ; 3247 bzero(&p[2], 8); 3248 } else { 3249 /* 3250 * - no collision, hisaddr unknown, or 3251 * - collision, hisaddr known 3252 * Conf-Nak, suggest hisaddr 3253 */ 3254 type = CONF_NAK; 3255 sppp_suggest_ip6_addr(sp, &suggestaddr); 3256 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3257 } 3258 if (debug) 3259 log(-1, " %s [%s]", ip6_sprintf(&desiredaddr), 3260 sppp_cp_type_name(type)); 3261 break; 3262 } 3263 /* Add the option to nak'ed list. */ 3264 bcopy (p, r, p[1]); 3265 r += p[1]; 3266 rlen += p[1]; 3267 } 3268 3269 if (rlen == 0 && type == CONF_ACK) { 3270 if (debug) 3271 log(-1, " send %s\n", sppp_cp_type_name(type)); 3272 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3273 } else { 3274#ifdef DIAGNOSTIC 3275 if (type == CONF_ACK) 3276 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3277#endif 3278 3279 if (debug) { 3280 log(-1, " send %s suggest %s\n", 3281 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3282 } 3283 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3284 } 3285 3286 end: 3287 free (buf, M_TEMP); 3288 return (rlen == 0); 3289} 3290 3291/* 3292 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3293 * negotiation. 3294 */ 3295static void 3296sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3297{ 3298 u_char *buf, *p; 3299 struct ifnet *ifp = &sp->pp_if; 3300 int debug = ifp->if_flags & IFF_DEBUG; 3301 3302 len -= 4; 3303 buf = malloc (len, M_TEMP, M_NOWAIT); 3304 if (!buf) 3305 return; 3306 3307 if (debug) 3308 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3309 SPP_ARGS(ifp)); 3310 3311 p = (void*) (h+1); 3312 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3313 if (debug) 3314 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3315 switch (*p) { 3316 case IPV6CP_OPT_IFID: 3317 /* 3318 * Peer doesn't grok address option. This is 3319 * bad. XXX Should we better give up here? 3320 */ 3321 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3322 break; 3323#ifdef notyet 3324 case IPV6CP_OPT_COMPRESS: 3325 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3326 break; 3327#endif 3328 } 3329 } 3330 if (debug) 3331 log(-1, "\n"); 3332 free (buf, M_TEMP); 3333 return; 3334} 3335 3336/* 3337 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3338 * negotiation. 3339 */ 3340static void 3341sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3342{ 3343 u_char *buf, *p; 3344 struct ifnet *ifp = &sp->pp_if; 3345 int debug = ifp->if_flags & IFF_DEBUG; 3346 struct in6_addr suggestaddr; 3347 3348 len -= 4; 3349 buf = malloc (len, M_TEMP, M_NOWAIT); 3350 if (!buf) 3351 return; 3352 3353 if (debug) 3354 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3355 SPP_ARGS(ifp)); 3356 3357 p = (void*) (h+1); 3358 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3359 if (debug) 3360 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3361 switch (*p) { 3362 case IPV6CP_OPT_IFID: 3363 /* 3364 * Peer doesn't like our local ifid. See 3365 * if we can do something for him. We'll drop 3366 * him our address then. 3367 */ 3368 if (len < 10 || p[1] != 10) 3369 break; 3370 bzero(&suggestaddr, sizeof(suggestaddr)); 3371 suggestaddr.s6_addr16[0] = htons(0xfe80); 3372 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3373 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3374 3375 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3376 if (debug) 3377 log(-1, " [suggestaddr %s]", 3378 ip6_sprintf(&suggestaddr)); 3379#ifdef IPV6CP_MYIFID_DYN 3380 /* 3381 * When doing dynamic address assignment, 3382 * we accept his offer. 3383 */ 3384 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3385 struct in6_addr lastsuggest; 3386 /* 3387 * If <suggested myaddr from peer> equals to 3388 * <hisaddr we have suggested last time>, 3389 * we have a collision. generate new random 3390 * ifid. 3391 */ 3392 sppp_suggest_ip6_addr(&lastsuggest); 3393 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3394 lastsuggest)) { 3395 if (debug) 3396 log(-1, " [random]"); 3397 sppp_gen_ip6_addr(sp, &suggestaddr); 3398 } 3399 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3400 if (debug) 3401 log(-1, " [agree]"); 3402 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3403 } 3404#else 3405 /* 3406 * Since we do not do dynamic address assignment, 3407 * we ignore it and thus continue to negotiate 3408 * our already existing value. This can possibly 3409 * go into infinite request-reject loop. 3410 * 3411 * This is not likely because we normally use 3412 * ifid based on MAC-address. 3413 * If you have no ethernet card on the node, too bad. 3414 * XXX should we use fail_counter? 3415 */ 3416#endif 3417 break; 3418#ifdef notyet 3419 case IPV6CP_OPT_COMPRESS: 3420 /* 3421 * Peer wants different compression parameters. 3422 */ 3423 break; 3424#endif 3425 } 3426 } 3427 if (debug) 3428 log(-1, "\n"); 3429 free (buf, M_TEMP); 3430 return; 3431} 3432static void 3433sppp_ipv6cp_tlu(struct sppp *sp) 3434{ 3435 /* we are up - notify isdn daemon */ 3436 if (sp->pp_con) 3437 sp->pp_con(sp); 3438} 3439 3440static void 3441sppp_ipv6cp_tld(struct sppp *sp) 3442{ 3443} 3444 3445static void 3446sppp_ipv6cp_tls(struct sppp *sp) 3447{ 3448 /* indicate to LCP that it must stay alive */ 3449 sp->lcp.protos |= (1 << IDX_IPV6CP); 3450} 3451 3452static void 3453sppp_ipv6cp_tlf(struct sppp *sp) 3454{ 3455 3456#if 0 /* need #if 0 to close IPv6CP properly */ 3457 /* we no longer need LCP */ 3458 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3459 sppp_lcp_check_and_close(sp); 3460#endif 3461} 3462 3463static void 3464sppp_ipv6cp_scr(struct sppp *sp) 3465{ 3466 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3467 struct in6_addr ouraddr; 3468 int i = 0; 3469 3470 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3471 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3472 opt[i++] = IPV6CP_OPT_IFID; 3473 opt[i++] = 10; 3474 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3475 i += 8; 3476 } 3477 3478#ifdef notyet 3479 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3480 opt[i++] = IPV6CP_OPT_COMPRESSION; 3481 opt[i++] = 4; 3482 opt[i++] = 0; /* TBD */ 3483 opt[i++] = 0; /* TBD */ 3484 /* variable length data may follow */ 3485 } 3486#endif 3487 3488 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3489 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3490} 3491#else /*INET6*/ 3492static void sppp_ipv6cp_init(struct sppp *sp) 3493{ 3494} 3495 3496static void sppp_ipv6cp_up(struct sppp *sp) 3497{ 3498} 3499 3500static void sppp_ipv6cp_down(struct sppp *sp) 3501{ 3502} 3503 3504 3505static void sppp_ipv6cp_open(struct sppp *sp) 3506{ 3507} 3508 3509static void sppp_ipv6cp_close(struct sppp *sp) 3510{ 3511} 3512 3513static void sppp_ipv6cp_TO(void *sp) 3514{ 3515} 3516 3517static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3518{ 3519 return 0; 3520} 3521 3522static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3523{ 3524} 3525 3526static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3527{ 3528} 3529 3530static void sppp_ipv6cp_tlu(struct sppp *sp) 3531{ 3532} 3533 3534static void sppp_ipv6cp_tld(struct sppp *sp) 3535{ 3536} 3537 3538static void sppp_ipv6cp_tls(struct sppp *sp) 3539{ 3540} 3541 3542static void sppp_ipv6cp_tlf(struct sppp *sp) 3543{ 3544} 3545 3546static void sppp_ipv6cp_scr(struct sppp *sp) 3547{ 3548} 3549#endif /*INET6*/ 3550 3551/* 3552 *--------------------------------------------------------------------------* 3553 * * 3554 * The CHAP implementation. * 3555 * * 3556 *--------------------------------------------------------------------------* 3557 */ 3558 3559/* 3560 * The authentication protocols don't employ a full-fledged state machine as 3561 * the control protocols do, since they do have Open and Close events, but 3562 * not Up and Down, nor are they explicitly terminated. Also, use of the 3563 * authentication protocols may be different in both directions (this makes 3564 * sense, think of a machine that never accepts incoming calls but only 3565 * calls out, it doesn't require the called party to authenticate itself). 3566 * 3567 * Our state machine for the local authentication protocol (we are requesting 3568 * the peer to authenticate) looks like: 3569 * 3570 * RCA- 3571 * +--------------------------------------------+ 3572 * V scn,tld| 3573 * +--------+ Close +---------+ RCA+ 3574 * | |<----------------------------------| |------+ 3575 * +--->| Closed | TO* | Opened | sca | 3576 * | | |-----+ +-------| |<-----+ 3577 * | +--------+ irc | | +---------+ 3578 * | ^ | | ^ 3579 * | | | | | 3580 * | | | | | 3581 * | TO-| | | | 3582 * | |tld TO+ V | | 3583 * | | +------->+ | | 3584 * | | | | | | 3585 * | +--------+ V | | 3586 * | | |<----+<--------------------+ | 3587 * | | Req- | scr | 3588 * | | Sent | | 3589 * | | | | 3590 * | +--------+ | 3591 * | RCA- | | RCA+ | 3592 * +------+ +------------------------------------------+ 3593 * scn,tld sca,irc,ict,tlu 3594 * 3595 * 3596 * with: 3597 * 3598 * Open: LCP reached authentication phase 3599 * Close: LCP reached terminate phase 3600 * 3601 * RCA+: received reply (pap-req, chap-response), acceptable 3602 * RCN: received reply (pap-req, chap-response), not acceptable 3603 * TO+: timeout with restart counter >= 0 3604 * TO-: timeout with restart counter < 0 3605 * TO*: reschedule timeout for CHAP 3606 * 3607 * scr: send request packet (none for PAP, chap-challenge) 3608 * sca: send ack packet (pap-ack, chap-success) 3609 * scn: send nak packet (pap-nak, chap-failure) 3610 * ict: initialize re-challenge timer (CHAP only) 3611 * 3612 * tlu: this-layer-up, LCP reaches network phase 3613 * tld: this-layer-down, LCP enters terminate phase 3614 * 3615 * Note that in CHAP mode, after sending a new challenge, while the state 3616 * automaton falls back into Req-Sent state, it doesn't signal a tld 3617 * event to LCP, so LCP remains in network phase. Only after not getting 3618 * any response (or after getting an unacceptable response), CHAP closes, 3619 * causing LCP to enter terminate phase. 3620 * 3621 * With PAP, there is no initial request that can be sent. The peer is 3622 * expected to send one based on the successful negotiation of PAP as 3623 * the authentication protocol during the LCP option negotiation. 3624 * 3625 * Incoming authentication protocol requests (remote requests 3626 * authentication, we are peer) don't employ a state machine at all, 3627 * they are simply answered. Some peers [Ascend P50 firmware rev 3628 * 4.50] react allergically when sending IPCP requests while they are 3629 * still in authentication phase (thereby violating the standard that 3630 * demands that these NCP packets are to be discarded), so we keep 3631 * track of the peer demanding us to authenticate, and only proceed to 3632 * phase network once we've seen a positive acknowledge for the 3633 * authentication. 3634 */ 3635 3636/* 3637 * Handle incoming CHAP packets. 3638 */ 3639void 3640sppp_chap_input(struct sppp *sp, struct mbuf *m) 3641{ 3642 STDDCL; 3643 struct lcp_header *h; 3644 int len, x; 3645 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3646 int value_len, name_len; 3647 MD5_CTX ctx; 3648 3649 len = m->m_pkthdr.len; 3650 if (len < 4) { 3651 if (debug) 3652 log(LOG_DEBUG, 3653 SPP_FMT "chap invalid packet length: %d bytes\n", 3654 SPP_ARGS(ifp), len); 3655 return; 3656 } 3657 h = mtod (m, struct lcp_header*); 3658 if (len > ntohs (h->len)) 3659 len = ntohs (h->len); 3660 3661 switch (h->type) { 3662 /* challenge, failure and success are his authproto */ 3663 case CHAP_CHALLENGE: 3664 value = 1 + (u_char*)(h+1); 3665 value_len = value[-1]; 3666 name = value + value_len; 3667 name_len = len - value_len - 5; 3668 if (name_len < 0) { 3669 if (debug) { 3670 log(LOG_DEBUG, 3671 SPP_FMT "chap corrupted challenge " 3672 "<%s id=0x%x len=%d", 3673 SPP_ARGS(ifp), 3674 sppp_auth_type_name(PPP_CHAP, h->type), 3675 h->ident, ntohs(h->len)); 3676 sppp_print_bytes((u_char*) (h+1), len-4); 3677 log(-1, ">\n"); 3678 } 3679 break; 3680 } 3681 3682 if (debug) { 3683 log(LOG_DEBUG, 3684 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3685 SPP_ARGS(ifp), 3686 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3687 ntohs(h->len)); 3688 sppp_print_string((char*) name, name_len); 3689 log(-1, " value-size=%d value=", value_len); 3690 sppp_print_bytes(value, value_len); 3691 log(-1, ">\n"); 3692 } 3693 3694 /* Compute reply value. */ 3695 MD5Init(&ctx); 3696 MD5Update(&ctx, &h->ident, 1); 3697 MD5Update(&ctx, sp->myauth.secret, 3698 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3699 MD5Update(&ctx, value, value_len); 3700 MD5Final(digest, &ctx); 3701 dsize = sizeof digest; 3702 3703 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3704 sizeof dsize, (const char *)&dsize, 3705 sizeof digest, digest, 3706 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3707 sp->myauth.name, 3708 0); 3709 break; 3710 3711 case CHAP_SUCCESS: 3712 if (debug) { 3713 log(LOG_DEBUG, SPP_FMT "chap success", 3714 SPP_ARGS(ifp)); 3715 if (len > 4) { 3716 log(-1, ": "); 3717 sppp_print_string((char*)(h + 1), len - 4); 3718 } 3719 log(-1, "\n"); 3720 } 3721 x = splimp(); 3722 sp->pp_flags &= ~PP_NEEDAUTH; 3723 if (sp->myauth.proto == PPP_CHAP && 3724 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3725 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3726 /* 3727 * We are authenticator for CHAP but didn't 3728 * complete yet. Leave it to tlu to proceed 3729 * to network phase. 3730 */ 3731 splx(x); 3732 break; 3733 } 3734 splx(x); 3735 sppp_phase_network(sp); 3736 break; 3737 3738 case CHAP_FAILURE: 3739 if (debug) { 3740 log(LOG_INFO, SPP_FMT "chap failure", 3741 SPP_ARGS(ifp)); 3742 if (len > 4) { 3743 log(-1, ": "); 3744 sppp_print_string((char*)(h + 1), len - 4); 3745 } 3746 log(-1, "\n"); 3747 } else 3748 log(LOG_INFO, SPP_FMT "chap failure\n", 3749 SPP_ARGS(ifp)); 3750 /* await LCP shutdown by authenticator */ 3751 break; 3752 3753 /* response is my authproto */ 3754 case CHAP_RESPONSE: 3755 value = 1 + (u_char*)(h+1); 3756 value_len = value[-1]; 3757 name = value + value_len; 3758 name_len = len - value_len - 5; 3759 if (name_len < 0) { 3760 if (debug) { 3761 log(LOG_DEBUG, 3762 SPP_FMT "chap corrupted response " 3763 "<%s id=0x%x len=%d", 3764 SPP_ARGS(ifp), 3765 sppp_auth_type_name(PPP_CHAP, h->type), 3766 h->ident, ntohs(h->len)); 3767 sppp_print_bytes((u_char*)(h+1), len-4); 3768 log(-1, ">\n"); 3769 } 3770 break; 3771 } 3772 if (h->ident != sp->confid[IDX_CHAP]) { 3773 if (debug) 3774 log(LOG_DEBUG, 3775 SPP_FMT "chap dropping response for old ID " 3776 "(got %d, expected %d)\n", 3777 SPP_ARGS(ifp), 3778 h->ident, sp->confid[IDX_CHAP]); 3779 break; 3780 } 3781 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 3782 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3783 log(LOG_INFO, SPP_FMT "chap response, his name ", 3784 SPP_ARGS(ifp)); 3785 sppp_print_string(name, name_len); 3786 log(-1, " != expected "); 3787 sppp_print_string(sp->hisauth.name, 3788 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 3789 log(-1, "\n"); 3790 } 3791 if (debug) { 3792 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3793 "<%s id=0x%x len=%d name=", 3794 SPP_ARGS(ifp), 3795 sppp_state_name(sp->state[IDX_CHAP]), 3796 sppp_auth_type_name(PPP_CHAP, h->type), 3797 h->ident, ntohs (h->len)); 3798 sppp_print_string((char*)name, name_len); 3799 log(-1, " value-size=%d value=", value_len); 3800 sppp_print_bytes(value, value_len); 3801 log(-1, ">\n"); 3802 } 3803 if (value_len != AUTHKEYLEN) { 3804 if (debug) 3805 log(LOG_DEBUG, 3806 SPP_FMT "chap bad hash value length: " 3807 "%d bytes, should be %d\n", 3808 SPP_ARGS(ifp), value_len, 3809 AUTHKEYLEN); 3810 break; 3811 } 3812 3813 MD5Init(&ctx); 3814 MD5Update(&ctx, &h->ident, 1); 3815 MD5Update(&ctx, sp->hisauth.secret, 3816 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 3817 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 3818 MD5Final(digest, &ctx); 3819 3820#define FAILMSG "Failed..." 3821#define SUCCMSG "Welcome!" 3822 3823 if (value_len != sizeof digest || 3824 bcmp(digest, value, value_len) != 0) { 3825 /* action scn, tld */ 3826 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3827 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3828 0); 3829 chap.tld(sp); 3830 break; 3831 } 3832 /* action sca, perhaps tlu */ 3833 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3834 sp->state[IDX_CHAP] == STATE_OPENED) 3835 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3836 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3837 0); 3838 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3839 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3840 chap.tlu(sp); 3841 } 3842 break; 3843 3844 default: 3845 /* Unknown CHAP packet type -- ignore. */ 3846 if (debug) { 3847 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 3848 "<0x%x id=0x%xh len=%d", 3849 SPP_ARGS(ifp), 3850 sppp_state_name(sp->state[IDX_CHAP]), 3851 h->type, h->ident, ntohs(h->len)); 3852 sppp_print_bytes((u_char*)(h+1), len-4); 3853 log(-1, ">\n"); 3854 } 3855 break; 3856 3857 } 3858} 3859 3860static void 3861sppp_chap_init(struct sppp *sp) 3862{ 3863 /* Chap doesn't have STATE_INITIAL at all. */ 3864 sp->state[IDX_CHAP] = STATE_CLOSED; 3865 sp->fail_counter[IDX_CHAP] = 0; 3866 sp->pp_seq[IDX_CHAP] = 0; 3867 sp->pp_rseq[IDX_CHAP] = 0; 3868#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3869 callout_handle_init(&sp->ch[IDX_CHAP]); 3870#endif 3871} 3872 3873static void 3874sppp_chap_open(struct sppp *sp) 3875{ 3876 if (sp->myauth.proto == PPP_CHAP && 3877 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3878 /* we are authenticator for CHAP, start it */ 3879 chap.scr(sp); 3880 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3881 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3882 } 3883 /* nothing to be done if we are peer, await a challenge */ 3884} 3885 3886static void 3887sppp_chap_close(struct sppp *sp) 3888{ 3889 if (sp->state[IDX_CHAP] != STATE_CLOSED) 3890 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3891} 3892 3893static void 3894sppp_chap_TO(void *cookie) 3895{ 3896 struct sppp *sp = (struct sppp *)cookie; 3897 STDDCL; 3898 int s; 3899 3900 s = splimp(); 3901 if (debug) 3902 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 3903 SPP_ARGS(ifp), 3904 sppp_state_name(sp->state[IDX_CHAP]), 3905 sp->rst_counter[IDX_CHAP]); 3906 3907 if (--sp->rst_counter[IDX_CHAP] < 0) 3908 /* TO- event */ 3909 switch (sp->state[IDX_CHAP]) { 3910 case STATE_REQ_SENT: 3911 chap.tld(sp); 3912 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3913 break; 3914 } 3915 else 3916 /* TO+ (or TO*) event */ 3917 switch (sp->state[IDX_CHAP]) { 3918 case STATE_OPENED: 3919 /* TO* event */ 3920 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3921 /* fall through */ 3922 case STATE_REQ_SENT: 3923 chap.scr(sp); 3924 /* sppp_cp_change_state() will restart the timer */ 3925 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3926 break; 3927 } 3928 3929 splx(s); 3930} 3931 3932static void 3933sppp_chap_tlu(struct sppp *sp) 3934{ 3935 STDDCL; 3936 int i, x; 3937 3938 i = 0; 3939 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3940 3941 /* 3942 * Some broken CHAP implementations (Conware CoNet, firmware 3943 * 4.0.?) don't want to re-authenticate their CHAP once the 3944 * initial challenge-response exchange has taken place. 3945 * Provide for an option to avoid rechallenges. 3946 */ 3947 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 3948 /* 3949 * Compute the re-challenge timeout. This will yield 3950 * a number between 300 and 810 seconds. 3951 */ 3952 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 3953 TIMEOUT(chap.TO, (void *)sp, i * hz, sp->ch[IDX_CHAP]); 3954 } 3955 3956 if (debug) { 3957 log(LOG_DEBUG, 3958 SPP_FMT "chap %s, ", 3959 SPP_ARGS(ifp), 3960 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 3961 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 3962 log(-1, "next re-challenge in %d seconds\n", i); 3963 else 3964 log(-1, "re-challenging supressed\n"); 3965 } 3966 3967 x = splimp(); 3968 /* indicate to LCP that we need to be closed down */ 3969 sp->lcp.protos |= (1 << IDX_CHAP); 3970 3971 if (sp->pp_flags & PP_NEEDAUTH) { 3972 /* 3973 * Remote is authenticator, but his auth proto didn't 3974 * complete yet. Defer the transition to network 3975 * phase. 3976 */ 3977 splx(x); 3978 return; 3979 } 3980 splx(x); 3981 3982 /* 3983 * If we are already in phase network, we are done here. This 3984 * is the case if this is a dummy tlu event after a re-challenge. 3985 */ 3986 if (sp->pp_phase != PHASE_NETWORK) 3987 sppp_phase_network(sp); 3988} 3989 3990static void 3991sppp_chap_tld(struct sppp *sp) 3992{ 3993 STDDCL; 3994 3995 if (debug) 3996 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 3997 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 3998 sp->lcp.protos &= ~(1 << IDX_CHAP); 3999 4000 lcp.Close(sp); 4001} 4002 4003static void 4004sppp_chap_scr(struct sppp *sp) 4005{ 4006 u_long *ch, seed; 4007 u_char clen; 4008 4009 /* Compute random challenge. */ 4010 ch = (u_long *)sp->myauth.challenge; 4011#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4012 read_random(&seed, sizeof seed); 4013#else 4014 { 4015 struct timeval tv; 4016 microtime(&tv); 4017 seed = tv.tv_sec ^ tv.tv_usec; 4018 } 4019#endif 4020 ch[0] = seed ^ random(); 4021 ch[1] = seed ^ random(); 4022 ch[2] = seed ^ random(); 4023 ch[3] = seed ^ random(); 4024 clen = AUTHKEYLEN; 4025 4026 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4027 4028 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4029 sizeof clen, (const char *)&clen, 4030 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4031 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4032 sp->myauth.name, 4033 0); 4034} 4035 4036/* 4037 *--------------------------------------------------------------------------* 4038 * * 4039 * The PAP implementation. * 4040 * * 4041 *--------------------------------------------------------------------------* 4042 */ 4043/* 4044 * For PAP, we need to keep a little state also if we are the peer, not the 4045 * authenticator. This is since we don't get a request to authenticate, but 4046 * have to repeatedly authenticate ourself until we got a response (or the 4047 * retry counter is expired). 4048 */ 4049 4050/* 4051 * Handle incoming PAP packets. */ 4052static void 4053sppp_pap_input(struct sppp *sp, struct mbuf *m) 4054{ 4055 STDDCL; 4056 struct lcp_header *h; 4057 int len, x; 4058 u_char *name, *passwd, mlen; 4059 int name_len, passwd_len; 4060 4061 len = m->m_pkthdr.len; 4062 if (len < 5) { 4063 if (debug) 4064 log(LOG_DEBUG, 4065 SPP_FMT "pap invalid packet length: %d bytes\n", 4066 SPP_ARGS(ifp), len); 4067 return; 4068 } 4069 h = mtod (m, struct lcp_header*); 4070 if (len > ntohs (h->len)) 4071 len = ntohs (h->len); 4072 switch (h->type) { 4073 /* PAP request is my authproto */ 4074 case PAP_REQ: 4075 name = 1 + (u_char*)(h+1); 4076 name_len = name[-1]; 4077 passwd = name + name_len + 1; 4078 if (name_len > len - 6 || 4079 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4080 if (debug) { 4081 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4082 "<%s id=0x%x len=%d", 4083 SPP_ARGS(ifp), 4084 sppp_auth_type_name(PPP_PAP, h->type), 4085 h->ident, ntohs(h->len)); 4086 sppp_print_bytes((u_char*)(h+1), len-4); 4087 log(-1, ">\n"); 4088 } 4089 break; 4090 } 4091 if (debug) { 4092 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4093 "<%s id=0x%x len=%d name=", 4094 SPP_ARGS(ifp), 4095 sppp_state_name(sp->state[IDX_PAP]), 4096 sppp_auth_type_name(PPP_PAP, h->type), 4097 h->ident, ntohs(h->len)); 4098 sppp_print_string((char*)name, name_len); 4099 log(-1, " passwd="); 4100 sppp_print_string((char*)passwd, passwd_len); 4101 log(-1, ">\n"); 4102 } 4103 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4104 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4105 bcmp(name, sp->hisauth.name, name_len) != 0 || 4106 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4107 /* action scn, tld */ 4108 mlen = sizeof(FAILMSG) - 1; 4109 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4110 sizeof mlen, (const char *)&mlen, 4111 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4112 0); 4113 pap.tld(sp); 4114 break; 4115 } 4116 /* action sca, perhaps tlu */ 4117 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4118 sp->state[IDX_PAP] == STATE_OPENED) { 4119 mlen = sizeof(SUCCMSG) - 1; 4120 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4121 sizeof mlen, (const char *)&mlen, 4122 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4123 0); 4124 } 4125 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4126 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4127 pap.tlu(sp); 4128 } 4129 break; 4130 4131 /* ack and nak are his authproto */ 4132 case PAP_ACK: 4133 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4134 if (debug) { 4135 log(LOG_DEBUG, SPP_FMT "pap success", 4136 SPP_ARGS(ifp)); 4137 name_len = *((char *)h); 4138 if (len > 5 && name_len) { 4139 log(-1, ": "); 4140 sppp_print_string((char*)(h+1), name_len); 4141 } 4142 log(-1, "\n"); 4143 } 4144 x = splimp(); 4145 sp->pp_flags &= ~PP_NEEDAUTH; 4146 if (sp->myauth.proto == PPP_PAP && 4147 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4148 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4149 /* 4150 * We are authenticator for PAP but didn't 4151 * complete yet. Leave it to tlu to proceed 4152 * to network phase. 4153 */ 4154 splx(x); 4155 break; 4156 } 4157 splx(x); 4158 sppp_phase_network(sp); 4159 break; 4160 4161 case PAP_NAK: 4162 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4163 if (debug) { 4164 log(LOG_INFO, SPP_FMT "pap failure", 4165 SPP_ARGS(ifp)); 4166 name_len = *((char *)h); 4167 if (len > 5 && name_len) { 4168 log(-1, ": "); 4169 sppp_print_string((char*)(h+1), name_len); 4170 } 4171 log(-1, "\n"); 4172 } else 4173 log(LOG_INFO, SPP_FMT "pap failure\n", 4174 SPP_ARGS(ifp)); 4175 /* await LCP shutdown by authenticator */ 4176 break; 4177 4178 default: 4179 /* Unknown PAP packet type -- ignore. */ 4180 if (debug) { 4181 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4182 "<0x%x id=0x%x len=%d", 4183 SPP_ARGS(ifp), 4184 h->type, h->ident, ntohs(h->len)); 4185 sppp_print_bytes((u_char*)(h+1), len-4); 4186 log(-1, ">\n"); 4187 } 4188 break; 4189 4190 } 4191} 4192 4193static void 4194sppp_pap_init(struct sppp *sp) 4195{ 4196 /* PAP doesn't have STATE_INITIAL at all. */ 4197 sp->state[IDX_PAP] = STATE_CLOSED; 4198 sp->fail_counter[IDX_PAP] = 0; 4199 sp->pp_seq[IDX_PAP] = 0; 4200 sp->pp_rseq[IDX_PAP] = 0; 4201#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4202 callout_handle_init(&sp->ch[IDX_PAP]); 4203 callout_handle_init(&sp->pap_my_to_ch); 4204#endif 4205} 4206 4207static void 4208sppp_pap_open(struct sppp *sp) 4209{ 4210 if (sp->hisauth.proto == PPP_PAP && 4211 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4212 /* we are authenticator for PAP, start our timer */ 4213 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4214 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4215 } 4216 if (sp->myauth.proto == PPP_PAP) { 4217 /* we are peer, send a request, and start a timer */ 4218 pap.scr(sp); 4219 TIMEOUT(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout, 4220 sp->pap_my_to_ch); 4221 } 4222} 4223 4224static void 4225sppp_pap_close(struct sppp *sp) 4226{ 4227 if (sp->state[IDX_PAP] != STATE_CLOSED) 4228 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4229} 4230 4231/* 4232 * That's the timeout routine if we are authenticator. Since the 4233 * authenticator is basically passive in PAP, we can't do much here. 4234 */ 4235static void 4236sppp_pap_TO(void *cookie) 4237{ 4238 struct sppp *sp = (struct sppp *)cookie; 4239 STDDCL; 4240 int s; 4241 4242 s = splimp(); 4243 if (debug) 4244 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4245 SPP_ARGS(ifp), 4246 sppp_state_name(sp->state[IDX_PAP]), 4247 sp->rst_counter[IDX_PAP]); 4248 4249 if (--sp->rst_counter[IDX_PAP] < 0) 4250 /* TO- event */ 4251 switch (sp->state[IDX_PAP]) { 4252 case STATE_REQ_SENT: 4253 pap.tld(sp); 4254 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4255 break; 4256 } 4257 else 4258 /* TO+ event, not very much we could do */ 4259 switch (sp->state[IDX_PAP]) { 4260 case STATE_REQ_SENT: 4261 /* sppp_cp_change_state() will restart the timer */ 4262 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4263 break; 4264 } 4265 4266 splx(s); 4267} 4268 4269/* 4270 * That's the timeout handler if we are peer. Since the peer is active, 4271 * we need to retransmit our PAP request since it is apparently lost. 4272 * XXX We should impose a max counter. 4273 */ 4274static void 4275sppp_pap_my_TO(void *cookie) 4276{ 4277 struct sppp *sp = (struct sppp *)cookie; 4278 STDDCL; 4279 4280 if (debug) 4281 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4282 SPP_ARGS(ifp)); 4283 4284 pap.scr(sp); 4285} 4286 4287static void 4288sppp_pap_tlu(struct sppp *sp) 4289{ 4290 STDDCL; 4291 int x; 4292 4293 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4294 4295 if (debug) 4296 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4297 SPP_ARGS(ifp), pap.name); 4298 4299 x = splimp(); 4300 /* indicate to LCP that we need to be closed down */ 4301 sp->lcp.protos |= (1 << IDX_PAP); 4302 4303 if (sp->pp_flags & PP_NEEDAUTH) { 4304 /* 4305 * Remote is authenticator, but his auth proto didn't 4306 * complete yet. Defer the transition to network 4307 * phase. 4308 */ 4309 splx(x); 4310 return; 4311 } 4312 splx(x); 4313 sppp_phase_network(sp); 4314} 4315 4316static void 4317sppp_pap_tld(struct sppp *sp) 4318{ 4319 STDDCL; 4320 4321 if (debug) 4322 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4323 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 4324 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4325 sp->lcp.protos &= ~(1 << IDX_PAP); 4326 4327 lcp.Close(sp); 4328} 4329 4330static void 4331sppp_pap_scr(struct sppp *sp) 4332{ 4333 u_char idlen, pwdlen; 4334 4335 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4336 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4337 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4338 4339 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4340 sizeof idlen, (const char *)&idlen, 4341 (size_t)idlen, sp->myauth.name, 4342 sizeof pwdlen, (const char *)&pwdlen, 4343 (size_t)pwdlen, sp->myauth.secret, 4344 0); 4345} 4346 4347/* 4348 * Random miscellaneous functions. 4349 */ 4350 4351/* 4352 * Send a PAP or CHAP proto packet. 4353 * 4354 * Varadic function, each of the elements for the ellipsis is of type 4355 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4356 * mlen == 0. 4357 * NOTE: never declare variadic functions with types subject to type 4358 * promotion (i.e. u_char). This is asking for big trouble depending 4359 * on the architecture you are on... 4360 */ 4361 4362static void 4363sppp_auth_send(const struct cp *cp, struct sppp *sp, 4364 unsigned int type, unsigned int id, 4365 ...) 4366{ 4367 STDDCL; 4368 struct ppp_header *h; 4369 struct lcp_header *lh; 4370 struct mbuf *m; 4371 u_char *p; 4372 int len; 4373 unsigned int mlen; 4374 const char *msg; 4375 va_list ap; 4376 4377 MGETHDR (m, M_DONTWAIT, MT_DATA); 4378 if (! m) 4379 return; 4380 m->m_pkthdr.rcvif = 0; 4381 4382 h = mtod (m, struct ppp_header*); 4383 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4384 h->control = PPP_UI; /* Unnumbered Info */ 4385 h->protocol = htons(cp->proto); 4386 4387 lh = (struct lcp_header*)(h + 1); 4388 lh->type = type; 4389 lh->ident = id; 4390 p = (u_char*) (lh+1); 4391 4392 va_start(ap, id); 4393 len = 0; 4394 4395 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4396 msg = va_arg(ap, const char *); 4397 len += mlen; 4398 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4399 va_end(ap); 4400 m_freem(m); 4401 return; 4402 } 4403 4404 bcopy(msg, p, mlen); 4405 p += mlen; 4406 } 4407 va_end(ap); 4408 4409 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4410 lh->len = htons (LCP_HEADER_LEN + len); 4411 4412 if (debug) { 4413 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4414 SPP_ARGS(ifp), cp->name, 4415 sppp_auth_type_name(cp->proto, lh->type), 4416 lh->ident, ntohs(lh->len)); 4417 sppp_print_bytes((u_char*) (lh+1), len); 4418 log(-1, ">\n"); 4419 } 4420 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 4421 ifp->if_oerrors++; 4422} 4423 4424/* 4425 * Flush interface queue. 4426 */ 4427static void 4428sppp_qflush(struct ifqueue *ifq) 4429{ 4430 struct mbuf *m, *n; 4431 4432 n = ifq->ifq_head; 4433 while ((m = n)) { 4434 n = m->m_act; 4435 m_freem (m); 4436 } 4437 ifq->ifq_head = 0; 4438 ifq->ifq_tail = 0; 4439 ifq->ifq_len = 0; 4440} 4441 4442/* 4443 * Send keepalive packets, every 10 seconds. 4444 */ 4445static void 4446sppp_keepalive(void *dummy) 4447{ 4448 struct sppp *sp; 4449 int s; 4450 4451 s = splimp(); 4452 for (sp=spppq; sp; sp=sp->pp_next) { 4453 struct ifnet *ifp = &sp->pp_if; 4454 4455 /* Keepalive mode disabled or channel down? */ 4456 if (! (sp->pp_flags & PP_KEEPALIVE) || 4457 ! (ifp->if_flags & IFF_RUNNING)) 4458 continue; 4459 4460 /* No keepalive in PPP mode if LCP not opened yet. */ 4461 if (sp->pp_mode != IFF_CISCO && 4462 sp->pp_phase < PHASE_AUTHENTICATE) 4463 continue; 4464 4465 if (sp->pp_alivecnt == MAXALIVECNT) { 4466 /* No keepalive packets got. Stop the interface. */ 4467 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4468 if_down (ifp); 4469 sppp_qflush (&sp->pp_cpq); 4470 if (sp->pp_mode != IFF_CISCO) { 4471 /* XXX */ 4472 /* Shut down the PPP link. */ 4473 lcp.Down(sp); 4474 /* Initiate negotiation. XXX */ 4475 lcp.Up(sp); 4476 } 4477 } 4478 if (sp->pp_alivecnt <= MAXALIVECNT) 4479 ++sp->pp_alivecnt; 4480 if (sp->pp_mode == IFF_CISCO) 4481 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4482 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4483 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4484 long nmagic = htonl (sp->lcp.magic); 4485 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4486 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4487 sp->lcp.echoid, 4, &nmagic); 4488 } 4489 } 4490 splx(s); 4491 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 4492} 4493 4494/* 4495 * Get both IP addresses. 4496 */ 4497static void 4498sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4499{ 4500 struct ifnet *ifp = &sp->pp_if; 4501 struct ifaddr *ifa; 4502 struct sockaddr_in *si, *sm; 4503 u_long ssrc, ddst; 4504 4505 sm = NULL; 4506 ssrc = ddst = 0L; 4507 /* 4508 * Pick the first AF_INET address from the list, 4509 * aliases don't make any sense on a p2p link anyway. 4510 */ 4511 si = 0; 4512#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4513 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4514#elif defined(__NetBSD__) || defined (__OpenBSD__) 4515 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4516 ifa; 4517 ifa = TAILQ_NEXT(ifa, ifa_list)) 4518#else 4519 for (ifa = ifp->if_addrlist; 4520 ifa; 4521 ifa = ifa->ifa_next) 4522#endif 4523 if (ifa->ifa_addr->sa_family == AF_INET) { 4524 si = (struct sockaddr_in *)ifa->ifa_addr; 4525 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4526 if (si) 4527 break; 4528 } 4529 if (ifa) { 4530 if (si && si->sin_addr.s_addr) { 4531 ssrc = si->sin_addr.s_addr; 4532 if (srcmask) 4533 *srcmask = ntohl(sm->sin_addr.s_addr); 4534 } 4535 4536 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4537 if (si && si->sin_addr.s_addr) 4538 ddst = si->sin_addr.s_addr; 4539 } 4540 4541 if (dst) *dst = ntohl(ddst); 4542 if (src) *src = ntohl(ssrc); 4543} 4544 4545/* 4546 * Set my IP address. Must be called at splimp. 4547 */ 4548static void 4549sppp_set_ip_addr(struct sppp *sp, u_long src) 4550{ 4551 STDDCL; 4552 struct ifaddr *ifa; 4553 struct sockaddr_in *si; 4554 struct in_ifaddr *ia; 4555 4556 /* 4557 * Pick the first AF_INET address from the list, 4558 * aliases don't make any sense on a p2p link anyway. 4559 */ 4560 si = 0; 4561#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4562 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4563#elif defined(__NetBSD__) || defined (__OpenBSD__) 4564 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4565 ifa; 4566 ifa = TAILQ_NEXT(ifa, ifa_list)) 4567#else 4568 for (ifa = ifp->if_addrlist; 4569 ifa; 4570 ifa = ifa->ifa_next) 4571#endif 4572 { 4573 if (ifa->ifa_addr->sa_family == AF_INET) 4574 { 4575 si = (struct sockaddr_in *)ifa->ifa_addr; 4576 if (si) 4577 break; 4578 } 4579 } 4580 4581 if (ifa && si) 4582 { 4583 int error; 4584#if __NetBSD_Version__ >= 103080000 4585 struct sockaddr_in new_sin = *si; 4586 4587 new_sin.sin_addr.s_addr = htonl(src); 4588 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4589 if(debug && error) 4590 { 4591 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4592 " failed, error=%d\n", SPP_ARGS(ifp), error); 4593 } 4594#else 4595 /* delete old route */ 4596 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4597 if(debug && error) 4598 { 4599 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4600 SPP_ARGS(ifp), error); 4601 } 4602 4603 /* set new address */ 4604 si->sin_addr.s_addr = htonl(src); 4605 ia = ifatoia(ifa); 4606 LIST_REMOVE(ia, ia_hash); 4607 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4608 4609 /* add new route */ 4610 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4611 if (debug && error) 4612 { 4613 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4614 SPP_ARGS(ifp), error); 4615 } 4616#endif 4617 } 4618} 4619 4620#ifdef INET6 4621/* 4622 * Get both IPv6 addresses. 4623 */ 4624static void 4625sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4626 struct in6_addr *srcmask) 4627{ 4628 struct ifnet *ifp = &sp->pp_if; 4629 struct ifaddr *ifa; 4630 struct sockaddr_in6 *si, *sm; 4631 struct in6_addr ssrc, ddst; 4632 4633 sm = NULL; 4634 bzero(&ssrc, sizeof(ssrc)); 4635 bzero(&ddst, sizeof(ddst)); 4636 /* 4637 * Pick the first link-local AF_INET6 address from the list, 4638 * aliases don't make any sense on a p2p link anyway. 4639 */ 4640#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4641 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 4642 ifa; 4643 ifa = ifa->ifa_link.tqe_next) 4644#elif defined(__NetBSD__) || defined (__OpenBSD__) 4645 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 4646 ifa; 4647 ifa = ifa->ifa_list.tqe_next) 4648#else 4649 for (ifa = ifp->if_addrlist, si = 0; 4650 ifa; 4651 ifa = ifa->ifa_next) 4652#endif 4653 if (ifa->ifa_addr->sa_family == AF_INET6) { 4654 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4655 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4656 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4657 break; 4658 } 4659 if (ifa) { 4660 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4661 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4662 if (srcmask) { 4663 bcopy(&sm->sin6_addr, srcmask, 4664 sizeof(*srcmask)); 4665 } 4666 } 4667 4668 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4669 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4670 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4671 } 4672 4673 if (dst) 4674 bcopy(&ddst, dst, sizeof(*dst)); 4675 if (src) 4676 bcopy(&ssrc, src, sizeof(*src)); 4677} 4678 4679#ifdef IPV6CP_MYIFID_DYN 4680/* 4681 * Generate random ifid. 4682 */ 4683static void 4684sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4685{ 4686 /* TBD */ 4687} 4688 4689/* 4690 * Set my IPv6 address. Must be called at splimp. 4691 */ 4692static void 4693sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4694{ 4695 STDDCL; 4696 struct ifaddr *ifa; 4697 struct sockaddr_in6 *sin6; 4698 4699 /* 4700 * Pick the first link-local AF_INET6 address from the list, 4701 * aliases don't make any sense on a p2p link anyway. 4702 */ 4703 4704 sin6 = NULL; 4705#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4706 for (ifa = ifp->if_addrhead.tqh_first; 4707 ifa; 4708 ifa = ifa->ifa_link.tqe_next) 4709#elif defined(__NetBSD__) || defined (__OpenBSD__) 4710 for (ifa = ifp->if_addrlist.tqh_first; 4711 ifa; 4712 ifa = ifa->ifa_list.tqe_next) 4713#else 4714 for (ifa = ifp->if_addrlist; ifa; ifa = ifa->ifa_next) 4715#endif 4716 { 4717 if (ifa->ifa_addr->sa_family == AF_INET6) 4718 { 4719 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 4720 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 4721 break; 4722 } 4723 } 4724 4725 if (ifa && sin6) 4726 { 4727 int error; 4728 struct sockaddr_in6 new_sin6 = *sin6; 4729 4730 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 4731 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 4732 if (debug && error) 4733 { 4734 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 4735 " failed, error=%d\n", SPP_ARGS(ifp), error); 4736 } 4737 } 4738} 4739#endif 4740 4741/* 4742 * Suggest a candidate address to be used by peer. 4743 */ 4744static void 4745sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4746{ 4747 struct in6_addr myaddr; 4748 struct timeval tv; 4749 4750 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4751 4752 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4753 microtime(&tv); 4754 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 4755 myaddr.s6_addr[14] ^= 0xff; 4756 myaddr.s6_addr[15] ^= 0xff; 4757 } else { 4758 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 4759 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 4760 } 4761 if (suggest) 4762 bcopy(&myaddr, suggest, sizeof(myaddr)); 4763} 4764#endif /*INET6*/ 4765 4766static int 4767sppp_params(struct sppp *sp, u_long cmd, void *data) 4768{ 4769 u_long subcmd; 4770 struct ifreq *ifr = (struct ifreq *)data; 4771 struct spppreq spr; 4772 4773 /* 4774 * ifr->ifr_data is supposed to point to a struct spppreq. 4775 * Check the cmd word first before attempting to fetch all the 4776 * data. 4777 */ 4778 if ((subcmd = fuword(ifr->ifr_data)) == -1) 4779 return EFAULT; 4780 4781 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0) 4782 return EFAULT; 4783 4784 switch (subcmd) { 4785 case SPPPIOGDEFS: 4786 if (cmd != SIOCGIFGENERIC) 4787 return EINVAL; 4788 /* 4789 * We copy over the entire current state, but clean 4790 * out some of the stuff we don't wanna pass up. 4791 * Remember, SIOCGIFGENERIC is unprotected, and can be 4792 * called by any user. No need to ever get PAP or 4793 * CHAP secrets back to userland anyway. 4794 */ 4795 bcopy(sp, &spr.defs, sizeof(struct sppp)); 4796 bzero(spr.defs.myauth.secret, AUTHKEYLEN); 4797 bzero(spr.defs.myauth.challenge, AUTHKEYLEN); 4798 bzero(spr.defs.hisauth.secret, AUTHKEYLEN); 4799 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN); 4800 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr); 4801 4802 case SPPPIOSDEFS: 4803 if (cmd != SIOCSIFGENERIC) 4804 return EINVAL; 4805 /* 4806 * We have a very specific idea of which fields we allow 4807 * being passed back from userland, so to not clobber our 4808 * current state. For one, we only allow setting 4809 * anything if LCP is in dead phase. Once the LCP 4810 * negotiations started, the authentication settings must 4811 * not be changed again. (The administrator can force an 4812 * ifconfig down in order to get LCP back into dead 4813 * phase.) 4814 * 4815 * Also, we only allow for authentication parameters to be 4816 * specified. 4817 * 4818 * XXX Should allow to set or clear pp_flags. 4819 * 4820 * Finally, if the respective authentication protocol to 4821 * be used is set differently than 0, but the secret is 4822 * passed as all zeros, we don't trash the existing secret. 4823 * This allows an administrator to change the system name 4824 * only without clobbering the secret (which he didn't get 4825 * back in a previous SPPPIOGDEFS call). However, the 4826 * secrets are cleared if the authentication protocol is 4827 * reset to 0. 4828 */ 4829 if (sp->pp_phase != PHASE_DEAD) 4830 return EBUSY; 4831 4832 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP && 4833 spr.defs.myauth.proto != PPP_CHAP) || 4834 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP && 4835 spr.defs.hisauth.proto != PPP_CHAP)) 4836 return EINVAL; 4837 4838 if (spr.defs.myauth.proto == 0) 4839 /* resetting myauth */ 4840 bzero(&sp->myauth, sizeof sp->myauth); 4841 else { 4842 /* setting/changing myauth */ 4843 sp->myauth.proto = spr.defs.myauth.proto; 4844 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 4845 if (spr.defs.myauth.secret[0] != '\0') 4846 bcopy(spr.defs.myauth.secret, sp->myauth.secret, 4847 AUTHKEYLEN); 4848 } 4849 if (spr.defs.hisauth.proto == 0) 4850 /* resetting hisauth */ 4851 bzero(&sp->hisauth, sizeof sp->hisauth); 4852 else { 4853 /* setting/changing hisauth */ 4854 sp->hisauth.proto = spr.defs.hisauth.proto; 4855 sp->hisauth.flags = spr.defs.hisauth.flags; 4856 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 4857 if (spr.defs.hisauth.secret[0] != '\0') 4858 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret, 4859 AUTHKEYLEN); 4860 } 4861 break; 4862 4863 default: 4864 return EINVAL; 4865 } 4866 4867 return 0; 4868} 4869 4870static void 4871sppp_phase_network(struct sppp *sp) 4872{ 4873 STDDCL; 4874 int i; 4875 u_long mask; 4876 4877 sp->pp_phase = PHASE_NETWORK; 4878 4879 if (debug) 4880 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 4881 sppp_phase_name(sp->pp_phase)); 4882 4883 /* Notify NCPs now. */ 4884 for (i = 0; i < IDX_COUNT; i++) 4885 if ((cps[i])->flags & CP_NCP) 4886 (cps[i])->Open(sp); 4887 4888 /* Send Up events to all NCPs. */ 4889 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 4890 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 4891 (cps[i])->Up(sp); 4892 4893 /* if no NCP is starting, all this was in vain, close down */ 4894 sppp_lcp_check_and_close(sp); 4895} 4896 4897 4898static const char * 4899sppp_cp_type_name(u_char type) 4900{ 4901 static char buf[12]; 4902 switch (type) { 4903 case CONF_REQ: return "conf-req"; 4904 case CONF_ACK: return "conf-ack"; 4905 case CONF_NAK: return "conf-nak"; 4906 case CONF_REJ: return "conf-rej"; 4907 case TERM_REQ: return "term-req"; 4908 case TERM_ACK: return "term-ack"; 4909 case CODE_REJ: return "code-rej"; 4910 case PROTO_REJ: return "proto-rej"; 4911 case ECHO_REQ: return "echo-req"; 4912 case ECHO_REPLY: return "echo-reply"; 4913 case DISC_REQ: return "discard-req"; 4914 } 4915 snprintf (buf, sizeof(buf), "cp/0x%x", type); 4916 return buf; 4917} 4918 4919static const char * 4920sppp_auth_type_name(u_short proto, u_char type) 4921{ 4922 static char buf[12]; 4923 switch (proto) { 4924 case PPP_CHAP: 4925 switch (type) { 4926 case CHAP_CHALLENGE: return "challenge"; 4927 case CHAP_RESPONSE: return "response"; 4928 case CHAP_SUCCESS: return "success"; 4929 case CHAP_FAILURE: return "failure"; 4930 } 4931 case PPP_PAP: 4932 switch (type) { 4933 case PAP_REQ: return "req"; 4934 case PAP_ACK: return "ack"; 4935 case PAP_NAK: return "nak"; 4936 } 4937 } 4938 snprintf (buf, sizeof(buf), "auth/0x%x", type); 4939 return buf; 4940} 4941 4942static const char * 4943sppp_lcp_opt_name(u_char opt) 4944{ 4945 static char buf[12]; 4946 switch (opt) { 4947 case LCP_OPT_MRU: return "mru"; 4948 case LCP_OPT_ASYNC_MAP: return "async-map"; 4949 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 4950 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 4951 case LCP_OPT_MAGIC: return "magic"; 4952 case LCP_OPT_PROTO_COMP: return "proto-comp"; 4953 case LCP_OPT_ADDR_COMP: return "addr-comp"; 4954 } 4955 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 4956 return buf; 4957} 4958 4959static const char * 4960sppp_ipcp_opt_name(u_char opt) 4961{ 4962 static char buf[12]; 4963 switch (opt) { 4964 case IPCP_OPT_ADDRESSES: return "addresses"; 4965 case IPCP_OPT_COMPRESSION: return "compression"; 4966 case IPCP_OPT_ADDRESS: return "address"; 4967 } 4968 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 4969 return buf; 4970} 4971 4972#ifdef INET6 4973static const char * 4974sppp_ipv6cp_opt_name(u_char opt) 4975{ 4976 static char buf[12]; 4977 switch (opt) { 4978 case IPV6CP_OPT_IFID: return "ifid"; 4979 case IPV6CP_OPT_COMPRESSION: return "compression"; 4980 } 4981 sprintf (buf, "0x%x", opt); 4982 return buf; 4983} 4984#endif 4985 4986static const char * 4987sppp_state_name(int state) 4988{ 4989 switch (state) { 4990 case STATE_INITIAL: return "initial"; 4991 case STATE_STARTING: return "starting"; 4992 case STATE_CLOSED: return "closed"; 4993 case STATE_STOPPED: return "stopped"; 4994 case STATE_CLOSING: return "closing"; 4995 case STATE_STOPPING: return "stopping"; 4996 case STATE_REQ_SENT: return "req-sent"; 4997 case STATE_ACK_RCVD: return "ack-rcvd"; 4998 case STATE_ACK_SENT: return "ack-sent"; 4999 case STATE_OPENED: return "opened"; 5000 } 5001 return "illegal"; 5002} 5003 5004static const char * 5005sppp_phase_name(enum ppp_phase phase) 5006{ 5007 switch (phase) { 5008 case PHASE_DEAD: return "dead"; 5009 case PHASE_ESTABLISH: return "establish"; 5010 case PHASE_TERMINATE: return "terminate"; 5011 case PHASE_AUTHENTICATE: return "authenticate"; 5012 case PHASE_NETWORK: return "network"; 5013 } 5014 return "illegal"; 5015} 5016 5017static const char * 5018sppp_proto_name(u_short proto) 5019{ 5020 static char buf[12]; 5021 switch (proto) { 5022 case PPP_LCP: return "lcp"; 5023 case PPP_IPCP: return "ipcp"; 5024 case PPP_PAP: return "pap"; 5025 case PPP_CHAP: return "chap"; 5026 case PPP_IPV6CP: return "ipv6cp"; 5027 } 5028 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5029 return buf; 5030} 5031 5032static void 5033sppp_print_bytes(const u_char *p, u_short len) 5034{ 5035 if (len) 5036 log(-1, " %*D", len, p, "-"); 5037} 5038 5039static void 5040sppp_print_string(const char *p, u_short len) 5041{ 5042 u_char c; 5043 5044 while (len-- > 0) { 5045 c = *p++; 5046 /* 5047 * Print only ASCII chars directly. RFC 1994 recommends 5048 * using only them, but we don't rely on it. */ 5049 if (c < ' ' || c > '~') 5050 log(-1, "\\x%x", c); 5051 else 5052 log(-1, "%c", c); 5053 } 5054} 5055 5056static const char * 5057sppp_dotted_quad(u_long addr) 5058{ 5059 static char s[16]; 5060 sprintf(s, "%d.%d.%d.%d", 5061 (int)((addr >> 24) & 0xff), 5062 (int)((addr >> 16) & 0xff), 5063 (int)((addr >> 8) & 0xff), 5064 (int)(addr & 0xff)); 5065 return s; 5066} 5067 5068static int 5069sppp_strnlen(u_char *p, int max) 5070{ 5071 int len; 5072 5073 for (len = 0; len < max && *p; ++p) 5074 ++len; 5075 return len; 5076} 5077 5078/* a dummy, used to drop uninteresting events */ 5079static void 5080sppp_null(struct sppp *unused) 5081{ 5082 /* do just nothing */ 5083} 5084