1/* 2 * Synchronous PPP/Cisco/Frame Relay link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 */ 5/*- 6 * Copyright (C) 1994-2000 Cronyx Engineering. 7 * Author: Serge Vakulenko, <vak@cronyx.ru> 8 * 9 * Heavily revamped to conform to RFC 1661. 10 * Copyright (C) 1997, 2001 Joerg Wunsch. 11 * 12 * This software is distributed with NO WARRANTIES, not even the implied 13 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 14 * 15 * Authors grant any other persons or organisations permission to use 16 * or modify this software as long as this message is kept with the software, 17 * all derivative works or modified versions. 18 * 19 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 20 * 21 * $FreeBSD: stable/11/sys/net/if_spppsubr.c 352481 2019-09-18 07:32:15Z hselasky $ 22 */ 23 24#include <sys/param.h> 25 26#include "opt_inet.h" 27#include "opt_inet6.h" 28 29#include <sys/systm.h> 30#include <sys/kernel.h> 31#include <sys/lock.h> 32#include <sys/module.h> 33#include <sys/rmlock.h> 34#include <sys/sockio.h> 35#include <sys/socket.h> 36#include <sys/syslog.h> 37#include <sys/random.h> 38#include <sys/malloc.h> 39#include <sys/mbuf.h> 40 41#include <sys/md5.h> 42 43#include <net/if.h> 44#include <net/if_var.h> 45#include <net/netisr.h> 46#include <net/if_types.h> 47#include <net/route.h> 48#include <net/vnet.h> 49#include <netinet/in.h> 50#include <netinet/in_systm.h> 51#include <netinet/ip.h> 52#include <net/slcompress.h> 53 54#include <machine/stdarg.h> 55 56#include <netinet/in_var.h> 57 58#ifdef INET 59#include <netinet/ip.h> 60#include <netinet/tcp.h> 61#endif 62 63#ifdef INET6 64#include <netinet6/scope6_var.h> 65#endif 66 67#include <netinet/if_ether.h> 68 69#include <net/if_sppp.h> 70 71#define IOCTL_CMD_T u_long 72#define MAXALIVECNT 3 /* max. alive packets */ 73 74/* 75 * Interface flags that can be set in an ifconfig command. 76 * 77 * Setting link0 will make the link passive, i.e. it will be marked 78 * as being administrative openable, but won't be opened to begin 79 * with. Incoming calls will be answered, or subsequent calls with 80 * -link1 will cause the administrative open of the LCP layer. 81 * 82 * Setting link1 will cause the link to auto-dial only as packets 83 * arrive to be sent. 84 * 85 * Setting IFF_DEBUG will syslog the option negotiation and state 86 * transitions at level kern.debug. Note: all logs consistently look 87 * like 88 * 89 * <if-name><unit>: <proto-name> <additional info...> 90 * 91 * with <if-name><unit> being something like "bppp0", and <proto-name> 92 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 93 */ 94 95#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 96#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 97#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 98 99#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 100#define PPP_UI 0x03 /* Unnumbered Information */ 101#define PPP_IP 0x0021 /* Internet Protocol */ 102#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 103#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 104#define PPP_IPX 0x002b /* Novell IPX Protocol */ 105#define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */ 106#define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */ 107#define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 108#define PPP_LCP 0xc021 /* Link Control Protocol */ 109#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 110#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 111#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 112#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 113 114#define CONF_REQ 1 /* PPP configure request */ 115#define CONF_ACK 2 /* PPP configure acknowledge */ 116#define CONF_NAK 3 /* PPP configure negative ack */ 117#define CONF_REJ 4 /* PPP configure reject */ 118#define TERM_REQ 5 /* PPP terminate request */ 119#define TERM_ACK 6 /* PPP terminate acknowledge */ 120#define CODE_REJ 7 /* PPP code reject */ 121#define PROTO_REJ 8 /* PPP protocol reject */ 122#define ECHO_REQ 9 /* PPP echo request */ 123#define ECHO_REPLY 10 /* PPP echo reply */ 124#define DISC_REQ 11 /* PPP discard request */ 125 126#define LCP_OPT_MRU 1 /* maximum receive unit */ 127#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 128#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 129#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 130#define LCP_OPT_MAGIC 5 /* magic number */ 131#define LCP_OPT_RESERVED 6 /* reserved */ 132#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 133#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 134 135#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 136#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 137#define IPCP_OPT_ADDRESS 3 /* local IP address */ 138 139#define IPV6CP_OPT_IFID 1 /* interface identifier */ 140#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 141 142#define IPCP_COMP_VJ 0x2d /* Code for VJ compression */ 143 144#define PAP_REQ 1 /* PAP name/password request */ 145#define PAP_ACK 2 /* PAP acknowledge */ 146#define PAP_NAK 3 /* PAP fail */ 147 148#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 149#define CHAP_RESPONSE 2 /* CHAP challenge response */ 150#define CHAP_SUCCESS 3 /* CHAP response ok */ 151#define CHAP_FAILURE 4 /* CHAP response failed */ 152 153#define CHAP_MD5 5 /* hash algorithm - MD5 */ 154 155#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 156#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 157#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 158#define CISCO_ADDR_REQ 0 /* Cisco address request */ 159#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 160#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 161 162/* states are named and numbered according to RFC 1661 */ 163#define STATE_INITIAL 0 164#define STATE_STARTING 1 165#define STATE_CLOSED 2 166#define STATE_STOPPED 3 167#define STATE_CLOSING 4 168#define STATE_STOPPING 5 169#define STATE_REQ_SENT 6 170#define STATE_ACK_RCVD 7 171#define STATE_ACK_SENT 8 172#define STATE_OPENED 9 173 174static MALLOC_DEFINE(M_SPPP, "sppp", "synchronous PPP interface internals"); 175 176struct ppp_header { 177 u_char address; 178 u_char control; 179 u_short protocol; 180} __packed; 181#define PPP_HEADER_LEN sizeof (struct ppp_header) 182 183struct lcp_header { 184 u_char type; 185 u_char ident; 186 u_short len; 187} __packed; 188#define LCP_HEADER_LEN sizeof (struct lcp_header) 189 190struct cisco_packet { 191 u_long type; 192 u_long par1; 193 u_long par2; 194 u_short rel; 195 u_short time0; 196 u_short time1; 197} __packed; 198#define CISCO_PACKET_LEN sizeof (struct cisco_packet) 199 200/* 201 * We follow the spelling and capitalization of RFC 1661 here, to make 202 * it easier comparing with the standard. Please refer to this RFC in 203 * case you can't make sense out of these abbreviation; it will also 204 * explain the semantics related to the various events and actions. 205 */ 206struct cp { 207 u_short proto; /* PPP control protocol number */ 208 u_char protoidx; /* index into state table in struct sppp */ 209 u_char flags; 210#define CP_LCP 0x01 /* this is the LCP */ 211#define CP_AUTH 0x02 /* this is an authentication protocol */ 212#define CP_NCP 0x04 /* this is a NCP */ 213#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 214 const char *name; /* name of this control protocol */ 215 /* event handlers */ 216 void (*Up)(struct sppp *sp); 217 void (*Down)(struct sppp *sp); 218 void (*Open)(struct sppp *sp); 219 void (*Close)(struct sppp *sp); 220 void (*TO)(void *sp); 221 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 222 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 223 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 224 /* actions */ 225 void (*tlu)(struct sppp *sp); 226 void (*tld)(struct sppp *sp); 227 void (*tls)(struct sppp *sp); 228 void (*tlf)(struct sppp *sp); 229 void (*scr)(struct sppp *sp); 230}; 231 232#define SPP_FMT "%s: " 233#define SPP_ARGS(ifp) (ifp)->if_xname 234 235#define SPPP_LOCK(sp) mtx_lock (&(sp)->mtx) 236#define SPPP_UNLOCK(sp) mtx_unlock (&(sp)->mtx) 237#define SPPP_LOCK_ASSERT(sp) mtx_assert (&(sp)->mtx, MA_OWNED) 238#define SPPP_LOCK_OWNED(sp) mtx_owned (&(sp)->mtx) 239 240#ifdef INET 241/* 242 * The following disgusting hack gets around the problem that IP TOS 243 * can't be set yet. We want to put "interactive" traffic on a high 244 * priority queue. To decide if traffic is interactive, we check that 245 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 246 * 247 * XXX is this really still necessary? - joerg - 248 */ 249static const u_short interactive_ports[8] = { 250 0, 513, 0, 0, 251 0, 21, 0, 23, 252}; 253#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 254#endif 255 256/* almost every function needs these */ 257#define STDDCL \ 258 struct ifnet *ifp = SP2IFP(sp); \ 259 int debug = ifp->if_flags & IFF_DEBUG 260 261static int sppp_output(struct ifnet *ifp, struct mbuf *m, 262 const struct sockaddr *dst, struct route *ro); 263 264static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 265static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 266 267static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 268 struct mbuf *m); 269static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 270 u_char ident, u_short len, void *data); 271/* static void sppp_cp_timeout(void *arg); */ 272static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 273 int newstate); 274static void sppp_auth_send(const struct cp *cp, 275 struct sppp *sp, unsigned int type, unsigned int id, 276 ...); 277 278static void sppp_up_event(const struct cp *cp, struct sppp *sp); 279static void sppp_down_event(const struct cp *cp, struct sppp *sp); 280static void sppp_open_event(const struct cp *cp, struct sppp *sp); 281static void sppp_close_event(const struct cp *cp, struct sppp *sp); 282static void sppp_to_event(const struct cp *cp, struct sppp *sp); 283 284static void sppp_null(struct sppp *sp); 285 286static void sppp_pp_up(struct sppp *sp); 287static void sppp_pp_down(struct sppp *sp); 288 289static void sppp_lcp_init(struct sppp *sp); 290static void sppp_lcp_up(struct sppp *sp); 291static void sppp_lcp_down(struct sppp *sp); 292static void sppp_lcp_open(struct sppp *sp); 293static void sppp_lcp_close(struct sppp *sp); 294static void sppp_lcp_TO(void *sp); 295static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 296static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 297static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 298static void sppp_lcp_tlu(struct sppp *sp); 299static void sppp_lcp_tld(struct sppp *sp); 300static void sppp_lcp_tls(struct sppp *sp); 301static void sppp_lcp_tlf(struct sppp *sp); 302static void sppp_lcp_scr(struct sppp *sp); 303static void sppp_lcp_check_and_close(struct sppp *sp); 304static int sppp_ncp_check(struct sppp *sp); 305 306static void sppp_ipcp_init(struct sppp *sp); 307static void sppp_ipcp_up(struct sppp *sp); 308static void sppp_ipcp_down(struct sppp *sp); 309static void sppp_ipcp_open(struct sppp *sp); 310static void sppp_ipcp_close(struct sppp *sp); 311static void sppp_ipcp_TO(void *sp); 312static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 313static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 314static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 315static void sppp_ipcp_tlu(struct sppp *sp); 316static void sppp_ipcp_tld(struct sppp *sp); 317static void sppp_ipcp_tls(struct sppp *sp); 318static void sppp_ipcp_tlf(struct sppp *sp); 319static void sppp_ipcp_scr(struct sppp *sp); 320 321static void sppp_ipv6cp_init(struct sppp *sp); 322static void sppp_ipv6cp_up(struct sppp *sp); 323static void sppp_ipv6cp_down(struct sppp *sp); 324static void sppp_ipv6cp_open(struct sppp *sp); 325static void sppp_ipv6cp_close(struct sppp *sp); 326static void sppp_ipv6cp_TO(void *sp); 327static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 328static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 329static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 330static void sppp_ipv6cp_tlu(struct sppp *sp); 331static void sppp_ipv6cp_tld(struct sppp *sp); 332static void sppp_ipv6cp_tls(struct sppp *sp); 333static void sppp_ipv6cp_tlf(struct sppp *sp); 334static void sppp_ipv6cp_scr(struct sppp *sp); 335 336static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 337static void sppp_pap_init(struct sppp *sp); 338static void sppp_pap_open(struct sppp *sp); 339static void sppp_pap_close(struct sppp *sp); 340static void sppp_pap_TO(void *sp); 341static void sppp_pap_my_TO(void *sp); 342static void sppp_pap_tlu(struct sppp *sp); 343static void sppp_pap_tld(struct sppp *sp); 344static void sppp_pap_scr(struct sppp *sp); 345 346static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 347static void sppp_chap_init(struct sppp *sp); 348static void sppp_chap_open(struct sppp *sp); 349static void sppp_chap_close(struct sppp *sp); 350static void sppp_chap_TO(void *sp); 351static void sppp_chap_tlu(struct sppp *sp); 352static void sppp_chap_tld(struct sppp *sp); 353static void sppp_chap_scr(struct sppp *sp); 354 355static const char *sppp_auth_type_name(u_short proto, u_char type); 356static const char *sppp_cp_type_name(u_char type); 357#ifdef INET 358static const char *sppp_dotted_quad(u_long addr); 359static const char *sppp_ipcp_opt_name(u_char opt); 360#endif 361#ifdef INET6 362static const char *sppp_ipv6cp_opt_name(u_char opt); 363#endif 364static const char *sppp_lcp_opt_name(u_char opt); 365static const char *sppp_phase_name(enum ppp_phase phase); 366static const char *sppp_proto_name(u_short proto); 367static const char *sppp_state_name(int state); 368static int sppp_params(struct sppp *sp, u_long cmd, void *data); 369static int sppp_strnlen(u_char *p, int max); 370static void sppp_keepalive(void *dummy); 371static void sppp_phase_network(struct sppp *sp); 372static void sppp_print_bytes(const u_char *p, u_short len); 373static void sppp_print_string(const char *p, u_short len); 374static void sppp_qflush(struct ifqueue *ifq); 375#ifdef INET 376static void sppp_set_ip_addr(struct sppp *sp, u_long src); 377#endif 378#ifdef INET6 379static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 380 struct in6_addr *dst, struct in6_addr *srcmask); 381#ifdef IPV6CP_MYIFID_DYN 382static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 383static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 384#endif 385static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 386#endif 387 388/* if_start () wrapper */ 389static void sppp_ifstart (struct ifnet *ifp); 390 391/* our control protocol descriptors */ 392static const struct cp lcp = { 393 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 394 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 395 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 396 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 397 sppp_lcp_scr 398}; 399 400static const struct cp ipcp = { 401 PPP_IPCP, IDX_IPCP, 402#ifdef INET /* don't run IPCP if there's no IPv4 support */ 403 CP_NCP, 404#else 405 0, 406#endif 407 "ipcp", 408 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 409 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 410 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 411 sppp_ipcp_scr 412}; 413 414static const struct cp ipv6cp = { 415 PPP_IPV6CP, IDX_IPV6CP, 416#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 417 CP_NCP, 418#else 419 0, 420#endif 421 "ipv6cp", 422 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 423 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 424 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 425 sppp_ipv6cp_scr 426}; 427 428static const struct cp pap = { 429 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 430 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 431 sppp_pap_TO, 0, 0, 0, 432 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 433 sppp_pap_scr 434}; 435 436static const struct cp chap = { 437 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 438 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 439 sppp_chap_TO, 0, 0, 0, 440 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 441 sppp_chap_scr 442}; 443 444static const struct cp *cps[IDX_COUNT] = { 445 &lcp, /* IDX_LCP */ 446 &ipcp, /* IDX_IPCP */ 447 &ipv6cp, /* IDX_IPV6CP */ 448 &pap, /* IDX_PAP */ 449 &chap, /* IDX_CHAP */ 450}; 451 452static void* 453sppp_alloc(u_char type, struct ifnet *ifp) 454{ 455 struct sppp *sp; 456 457 sp = malloc(sizeof(struct sppp), M_SPPP, M_WAITOK | M_ZERO); 458 sp->pp_ifp = ifp; 459 460 return (sp); 461} 462 463static void 464sppp_free(void *com, u_char type) 465{ 466 467 free(com, M_SPPP); 468} 469 470static int 471sppp_modevent(module_t mod, int type, void *unused) 472{ 473 switch (type) { 474 case MOD_LOAD: 475 /* 476 * XXX: should probably be IFT_SPPP, but it's fairly 477 * harmless to allocate struct sppp's for non-sppp 478 * interfaces. 479 */ 480 481 if_register_com_alloc(IFT_PPP, sppp_alloc, sppp_free); 482 break; 483 case MOD_UNLOAD: 484 /* if_deregister_com_alloc(IFT_PPP); */ 485 return EACCES; 486 default: 487 return EOPNOTSUPP; 488 } 489 return 0; 490} 491static moduledata_t spppmod = { 492 "sppp", 493 sppp_modevent, 494 0 495}; 496MODULE_VERSION(sppp, 1); 497DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 498 499/* 500 * Exported functions, comprising our interface to the lower layer. 501 */ 502 503/* 504 * Process the received packet. 505 */ 506void 507sppp_input(struct ifnet *ifp, struct mbuf *m) 508{ 509 struct ppp_header *h; 510 int isr = -1; 511 struct sppp *sp = IFP2SP(ifp); 512 int debug, do_account = 0; 513#ifdef INET 514 int hlen, vjlen; 515 u_char *iphdr; 516#endif 517 518 SPPP_LOCK(sp); 519 debug = ifp->if_flags & IFF_DEBUG; 520 521 if (ifp->if_flags & IFF_UP) 522 /* Count received bytes, add FCS and one flag */ 523 if_inc_counter(ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len + 3); 524 525 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 526 /* Too small packet, drop it. */ 527 if (debug) 528 log(LOG_DEBUG, 529 SPP_FMT "input packet is too small, %d bytes\n", 530 SPP_ARGS(ifp), m->m_pkthdr.len); 531 drop: 532 m_freem (m); 533 SPPP_UNLOCK(sp); 534 drop2: 535 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 536 if_inc_counter(ifp, IFCOUNTER_IQDROPS, 1); 537 return; 538 } 539 540 if (sp->pp_mode == PP_FR) { 541 sppp_fr_input (sp, m); 542 SPPP_UNLOCK(sp); 543 return; 544 } 545 546 /* Get PPP header. */ 547 h = mtod (m, struct ppp_header*); 548 m_adj (m, PPP_HEADER_LEN); 549 550 switch (h->address) { 551 case PPP_ALLSTATIONS: 552 if (h->control != PPP_UI) 553 goto invalid; 554 if (sp->pp_mode == IFF_CISCO) { 555 if (debug) 556 log(LOG_DEBUG, 557 SPP_FMT "PPP packet in Cisco mode " 558 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 559 SPP_ARGS(ifp), 560 h->address, h->control, ntohs(h->protocol)); 561 goto drop; 562 } 563 switch (ntohs (h->protocol)) { 564 default: 565 if (debug) 566 log(LOG_DEBUG, 567 SPP_FMT "rejecting protocol " 568 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 569 SPP_ARGS(ifp), 570 h->address, h->control, ntohs(h->protocol)); 571 if (sp->state[IDX_LCP] == STATE_OPENED) 572 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 573 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 574 &h->protocol); 575 if_inc_counter(ifp, IFCOUNTER_NOPROTO, 1); 576 goto drop; 577 case PPP_LCP: 578 sppp_cp_input(&lcp, sp, m); 579 m_freem (m); 580 SPPP_UNLOCK(sp); 581 return; 582 case PPP_PAP: 583 if (sp->pp_phase >= PHASE_AUTHENTICATE) 584 sppp_pap_input(sp, m); 585 m_freem (m); 586 SPPP_UNLOCK(sp); 587 return; 588 case PPP_CHAP: 589 if (sp->pp_phase >= PHASE_AUTHENTICATE) 590 sppp_chap_input(sp, m); 591 m_freem (m); 592 SPPP_UNLOCK(sp); 593 return; 594#ifdef INET 595 case PPP_IPCP: 596 if (sp->pp_phase == PHASE_NETWORK) 597 sppp_cp_input(&ipcp, sp, m); 598 m_freem (m); 599 SPPP_UNLOCK(sp); 600 return; 601 case PPP_IP: 602 if (sp->state[IDX_IPCP] == STATE_OPENED) { 603 isr = NETISR_IP; 604 } 605 do_account++; 606 break; 607 case PPP_VJ_COMP: 608 if (sp->state[IDX_IPCP] == STATE_OPENED) { 609 if ((vjlen = 610 sl_uncompress_tcp_core(mtod(m, u_char *), 611 m->m_len, m->m_len, 612 TYPE_COMPRESSED_TCP, 613 sp->pp_comp, 614 &iphdr, &hlen)) <= 0) { 615 if (debug) 616 log(LOG_INFO, 617 SPP_FMT "VJ uncompress failed on compressed packet\n", 618 SPP_ARGS(ifp)); 619 goto drop; 620 } 621 622 /* 623 * Trim the VJ header off the packet, and prepend 624 * the uncompressed IP header (which will usually 625 * end up in two chained mbufs since there's not 626 * enough leading space in the existing mbuf). 627 */ 628 m_adj(m, vjlen); 629 M_PREPEND(m, hlen, M_NOWAIT); 630 if (m == NULL) { 631 SPPP_UNLOCK(sp); 632 goto drop2; 633 } 634 bcopy(iphdr, mtod(m, u_char *), hlen); 635 isr = NETISR_IP; 636 } 637 do_account++; 638 break; 639 case PPP_VJ_UCOMP: 640 if (sp->state[IDX_IPCP] == STATE_OPENED) { 641 if (sl_uncompress_tcp_core(mtod(m, u_char *), 642 m->m_len, m->m_len, 643 TYPE_UNCOMPRESSED_TCP, 644 sp->pp_comp, 645 &iphdr, &hlen) != 0) { 646 if (debug) 647 log(LOG_INFO, 648 SPP_FMT "VJ uncompress failed on uncompressed packet\n", 649 SPP_ARGS(ifp)); 650 goto drop; 651 } 652 isr = NETISR_IP; 653 } 654 do_account++; 655 break; 656#endif 657#ifdef INET6 658 case PPP_IPV6CP: 659 if (sp->pp_phase == PHASE_NETWORK) 660 sppp_cp_input(&ipv6cp, sp, m); 661 m_freem (m); 662 SPPP_UNLOCK(sp); 663 return; 664 665 case PPP_IPV6: 666 if (sp->state[IDX_IPV6CP] == STATE_OPENED) 667 isr = NETISR_IPV6; 668 do_account++; 669 break; 670#endif 671 } 672 break; 673 case CISCO_MULTICAST: 674 case CISCO_UNICAST: 675 /* Don't check the control field here (RFC 1547). */ 676 if (sp->pp_mode != IFF_CISCO) { 677 if (debug) 678 log(LOG_DEBUG, 679 SPP_FMT "Cisco packet in PPP mode " 680 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 681 SPP_ARGS(ifp), 682 h->address, h->control, ntohs(h->protocol)); 683 goto drop; 684 } 685 switch (ntohs (h->protocol)) { 686 default: 687 if_inc_counter(ifp, IFCOUNTER_NOPROTO, 1); 688 goto invalid; 689 case CISCO_KEEPALIVE: 690 sppp_cisco_input (sp, m); 691 m_freem (m); 692 SPPP_UNLOCK(sp); 693 return; 694#ifdef INET 695 case ETHERTYPE_IP: 696 isr = NETISR_IP; 697 do_account++; 698 break; 699#endif 700#ifdef INET6 701 case ETHERTYPE_IPV6: 702 isr = NETISR_IPV6; 703 do_account++; 704 break; 705#endif 706 } 707 break; 708 default: /* Invalid PPP packet. */ 709 invalid: 710 if (debug) 711 log(LOG_DEBUG, 712 SPP_FMT "invalid input packet " 713 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 714 SPP_ARGS(ifp), 715 h->address, h->control, ntohs(h->protocol)); 716 goto drop; 717 } 718 719 if (! (ifp->if_flags & IFF_UP) || isr == -1) 720 goto drop; 721 722 SPPP_UNLOCK(sp); 723 M_SETFIB(m, ifp->if_fib); 724 /* Check queue. */ 725 if (netisr_queue(isr, m)) { /* (0) on success. */ 726 if (debug) 727 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 728 SPP_ARGS(ifp)); 729 goto drop2; 730 } 731 732 if (do_account) 733 /* 734 * Do only account for network packets, not for control 735 * packets. This is used by some subsystems to detect 736 * idle lines. 737 */ 738 sp->pp_last_recv = time_uptime; 739} 740 741static void 742sppp_ifstart_sched(void *dummy) 743{ 744 struct sppp *sp = dummy; 745 746 sp->if_start(SP2IFP(sp)); 747} 748 749/* if_start () wrapper function. We use it to schedule real if_start () for 750 * execution. We can't call it directly 751 */ 752static void 753sppp_ifstart(struct ifnet *ifp) 754{ 755 struct sppp *sp = IFP2SP(ifp); 756 757 if (SPPP_LOCK_OWNED(sp)) { 758 if (callout_pending(&sp->ifstart_callout)) 759 return; 760 callout_reset(&sp->ifstart_callout, 1, sppp_ifstart_sched, 761 (void *)sp); 762 } else { 763 sp->if_start(ifp); 764 } 765} 766 767/* 768 * Enqueue transmit packet. 769 */ 770static int 771sppp_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, 772 struct route *ro) 773{ 774 struct sppp *sp = IFP2SP(ifp); 775 struct ppp_header *h; 776 struct ifqueue *ifq = NULL; 777 int error, rv = 0; 778#ifdef INET 779 int ipproto = PPP_IP; 780#endif 781 int debug = ifp->if_flags & IFF_DEBUG; 782 783 SPPP_LOCK(sp); 784 785 if (!(ifp->if_flags & IFF_UP) || 786 (!(ifp->if_flags & IFF_AUTO) && 787 !(ifp->if_drv_flags & IFF_DRV_RUNNING))) { 788#ifdef INET6 789 drop: 790#endif 791 m_freem (m); 792 SPPP_UNLOCK(sp); 793 return (ENETDOWN); 794 } 795 796 if ((ifp->if_flags & IFF_AUTO) && 797 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 798#ifdef INET6 799 /* 800 * XXX 801 * 802 * Hack to prevent the initialization-time generated 803 * IPv6 multicast packet to erroneously cause a 804 * dialout event in case IPv6 has been 805 * administratively disabled on that interface. 806 */ 807 if (dst->sa_family == AF_INET6 && 808 !(sp->confflags & CONF_ENABLE_IPV6)) 809 goto drop; 810#endif 811 /* 812 * Interface is not yet running, but auto-dial. Need 813 * to start LCP for it. 814 */ 815 ifp->if_drv_flags |= IFF_DRV_RUNNING; 816 lcp.Open(sp); 817 } 818 819#ifdef INET 820 if (dst->sa_family == AF_INET) { 821 /* XXX Check mbuf length here? */ 822 struct ip *ip = mtod (m, struct ip*); 823 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 824 825 /* 826 * When using dynamic local IP address assignment by using 827 * 0.0.0.0 as a local address, the first TCP session will 828 * not connect because the local TCP checksum is computed 829 * using 0.0.0.0 which will later become our real IP address 830 * so the TCP checksum computed at the remote end will 831 * become invalid. So we 832 * - don't let packets with src ip addr 0 thru 833 * - we flag TCP packets with src ip 0 as an error 834 */ 835 836 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 837 { 838 m_freem(m); 839 SPPP_UNLOCK(sp); 840 if(ip->ip_p == IPPROTO_TCP) 841 return(EADDRNOTAVAIL); 842 else 843 return(0); 844 } 845 846 /* 847 * Put low delay, telnet, rlogin and ftp control packets 848 * in front of the queue or let ALTQ take care. 849 */ 850 if (ALTQ_IS_ENABLED(&ifp->if_snd)) 851 ; 852 else if (_IF_QFULL(&sp->pp_fastq)) 853 ; 854 else if (ip->ip_tos & IPTOS_LOWDELAY) 855 ifq = &sp->pp_fastq; 856 else if (m->m_len < sizeof *ip + sizeof *tcp) 857 ; 858 else if (ip->ip_p != IPPROTO_TCP) 859 ; 860 else if (INTERACTIVE (ntohs (tcp->th_sport))) 861 ifq = &sp->pp_fastq; 862 else if (INTERACTIVE (ntohs (tcp->th_dport))) 863 ifq = &sp->pp_fastq; 864 865 /* 866 * Do IP Header compression 867 */ 868 if (sp->pp_mode != IFF_CISCO && sp->pp_mode != PP_FR && 869 (sp->ipcp.flags & IPCP_VJ) && ip->ip_p == IPPROTO_TCP) 870 switch (sl_compress_tcp(m, ip, sp->pp_comp, 871 sp->ipcp.compress_cid)) { 872 case TYPE_COMPRESSED_TCP: 873 ipproto = PPP_VJ_COMP; 874 break; 875 case TYPE_UNCOMPRESSED_TCP: 876 ipproto = PPP_VJ_UCOMP; 877 break; 878 case TYPE_IP: 879 ipproto = PPP_IP; 880 break; 881 default: 882 m_freem(m); 883 SPPP_UNLOCK(sp); 884 return (EINVAL); 885 } 886 } 887#endif 888 889#ifdef INET6 890 if (dst->sa_family == AF_INET6) { 891 /* XXX do something tricky here? */ 892 } 893#endif 894 895 if (sp->pp_mode == PP_FR) { 896 /* Add frame relay header. */ 897 m = sppp_fr_header (sp, m, dst->sa_family); 898 if (! m) 899 goto nobufs; 900 goto out; 901 } 902 903 /* 904 * Prepend general data packet PPP header. For now, IP only. 905 */ 906 M_PREPEND (m, PPP_HEADER_LEN, M_NOWAIT); 907 if (! m) { 908nobufs: if (debug) 909 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 910 SPP_ARGS(ifp)); 911 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 912 SPPP_UNLOCK(sp); 913 return (ENOBUFS); 914 } 915 /* 916 * May want to check size of packet 917 * (albeit due to the implementation it's always enough) 918 */ 919 h = mtod (m, struct ppp_header*); 920 if (sp->pp_mode == IFF_CISCO) { 921 h->address = CISCO_UNICAST; /* unicast address */ 922 h->control = 0; 923 } else { 924 h->address = PPP_ALLSTATIONS; /* broadcast address */ 925 h->control = PPP_UI; /* Unnumbered Info */ 926 } 927 928 switch (dst->sa_family) { 929#ifdef INET 930 case AF_INET: /* Internet Protocol */ 931 if (sp->pp_mode == IFF_CISCO) 932 h->protocol = htons (ETHERTYPE_IP); 933 else { 934 /* 935 * Don't choke with an ENETDOWN early. It's 936 * possible that we just started dialing out, 937 * so don't drop the packet immediately. If 938 * we notice that we run out of buffer space 939 * below, we will however remember that we are 940 * not ready to carry IP packets, and return 941 * ENETDOWN, as opposed to ENOBUFS. 942 */ 943 h->protocol = htons(ipproto); 944 if (sp->state[IDX_IPCP] != STATE_OPENED) 945 rv = ENETDOWN; 946 } 947 break; 948#endif 949#ifdef INET6 950 case AF_INET6: /* Internet Protocol */ 951 if (sp->pp_mode == IFF_CISCO) 952 h->protocol = htons (ETHERTYPE_IPV6); 953 else { 954 /* 955 * Don't choke with an ENETDOWN early. It's 956 * possible that we just started dialing out, 957 * so don't drop the packet immediately. If 958 * we notice that we run out of buffer space 959 * below, we will however remember that we are 960 * not ready to carry IP packets, and return 961 * ENETDOWN, as opposed to ENOBUFS. 962 */ 963 h->protocol = htons(PPP_IPV6); 964 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 965 rv = ENETDOWN; 966 } 967 break; 968#endif 969 default: 970 m_freem (m); 971 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 972 SPPP_UNLOCK(sp); 973 return (EAFNOSUPPORT); 974 } 975 976 /* 977 * Queue message on interface, and start output if interface 978 * not yet active. 979 */ 980out: 981 if (ifq != NULL) 982 error = !(IF_HANDOFF_ADJ(ifq, m, ifp, 3)); 983 else 984 IFQ_HANDOFF_ADJ(ifp, m, 3, error); 985 if (error) { 986 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 987 SPPP_UNLOCK(sp); 988 return (rv? rv: ENOBUFS); 989 } 990 SPPP_UNLOCK(sp); 991 /* 992 * Unlike in sppp_input(), we can always bump the timestamp 993 * here since sppp_output() is only called on behalf of 994 * network-layer traffic; control-layer traffic is handled 995 * by sppp_cp_send(). 996 */ 997 sp->pp_last_sent = time_uptime; 998 return (0); 999} 1000 1001void 1002sppp_attach(struct ifnet *ifp) 1003{ 1004 struct sppp *sp = IFP2SP(ifp); 1005 1006 /* Initialize mtx lock */ 1007 mtx_init(&sp->mtx, "sppp", MTX_NETWORK_LOCK, MTX_DEF | MTX_RECURSE); 1008 1009 /* Initialize keepalive handler. */ 1010 callout_init(&sp->keepalive_callout, 1); 1011 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 1012 (void *)sp); 1013 1014 ifp->if_mtu = PP_MTU; 1015 ifp->if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 1016 ifp->if_output = sppp_output; 1017#if 0 1018 sp->pp_flags = PP_KEEPALIVE; 1019#endif 1020 ifp->if_snd.ifq_maxlen = 32; 1021 sp->pp_fastq.ifq_maxlen = 32; 1022 sp->pp_cpq.ifq_maxlen = 20; 1023 sp->pp_loopcnt = 0; 1024 sp->pp_alivecnt = 0; 1025 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 1026 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 1027 sp->pp_phase = PHASE_DEAD; 1028 sp->pp_up = sppp_pp_up; 1029 sp->pp_down = sppp_pp_down; 1030 if(!mtx_initialized(&sp->pp_cpq.ifq_mtx)) 1031 mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", NULL, MTX_DEF); 1032 if(!mtx_initialized(&sp->pp_fastq.ifq_mtx)) 1033 mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", NULL, MTX_DEF); 1034 sp->pp_last_recv = sp->pp_last_sent = time_uptime; 1035 sp->confflags = 0; 1036#ifdef INET 1037 sp->confflags |= CONF_ENABLE_VJ; 1038#endif 1039#ifdef INET6 1040 sp->confflags |= CONF_ENABLE_IPV6; 1041#endif 1042 callout_init(&sp->ifstart_callout, 1); 1043 sp->if_start = ifp->if_start; 1044 ifp->if_start = sppp_ifstart; 1045 sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAITOK); 1046 sl_compress_init(sp->pp_comp, -1); 1047 sppp_lcp_init(sp); 1048 sppp_ipcp_init(sp); 1049 sppp_ipv6cp_init(sp); 1050 sppp_pap_init(sp); 1051 sppp_chap_init(sp); 1052} 1053 1054void 1055sppp_detach(struct ifnet *ifp) 1056{ 1057 struct sppp *sp = IFP2SP(ifp); 1058 int i; 1059 1060 KASSERT(mtx_initialized(&sp->mtx), ("sppp mutex is not initialized")); 1061 1062 /* Stop keepalive handler. */ 1063 callout_drain(&sp->keepalive_callout); 1064 1065 for (i = 0; i < IDX_COUNT; i++) { 1066 callout_drain(&sp->ch[i]); 1067 } 1068 callout_drain(&sp->pap_my_to_ch); 1069 1070 mtx_destroy(&sp->pp_cpq.ifq_mtx); 1071 mtx_destroy(&sp->pp_fastq.ifq_mtx); 1072 mtx_destroy(&sp->mtx); 1073} 1074 1075/* 1076 * Flush the interface output queue. 1077 */ 1078static void 1079sppp_flush_unlocked(struct ifnet *ifp) 1080{ 1081 struct sppp *sp = IFP2SP(ifp); 1082 1083 sppp_qflush ((struct ifqueue *)&SP2IFP(sp)->if_snd); 1084 sppp_qflush (&sp->pp_fastq); 1085 sppp_qflush (&sp->pp_cpq); 1086} 1087 1088void 1089sppp_flush(struct ifnet *ifp) 1090{ 1091 struct sppp *sp = IFP2SP(ifp); 1092 1093 SPPP_LOCK(sp); 1094 sppp_flush_unlocked (ifp); 1095 SPPP_UNLOCK(sp); 1096} 1097 1098/* 1099 * Check if the output queue is empty. 1100 */ 1101int 1102sppp_isempty(struct ifnet *ifp) 1103{ 1104 struct sppp *sp = IFP2SP(ifp); 1105 int empty; 1106 1107 SPPP_LOCK(sp); 1108 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 1109 !SP2IFP(sp)->if_snd.ifq_head; 1110 SPPP_UNLOCK(sp); 1111 return (empty); 1112} 1113 1114/* 1115 * Get next packet to send. 1116 */ 1117struct mbuf * 1118sppp_dequeue(struct ifnet *ifp) 1119{ 1120 struct sppp *sp = IFP2SP(ifp); 1121 struct mbuf *m; 1122 1123 SPPP_LOCK(sp); 1124 /* 1125 * Process only the control protocol queue until we have at 1126 * least one NCP open. 1127 * 1128 * Do always serve all three queues in Cisco mode. 1129 */ 1130 IF_DEQUEUE(&sp->pp_cpq, m); 1131 if (m == NULL && 1132 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO || 1133 sp->pp_mode == PP_FR)) { 1134 IF_DEQUEUE(&sp->pp_fastq, m); 1135 if (m == NULL) 1136 IF_DEQUEUE (&SP2IFP(sp)->if_snd, m); 1137 } 1138 SPPP_UNLOCK(sp); 1139 return m; 1140} 1141 1142/* 1143 * Pick the next packet, do not remove it from the queue. 1144 */ 1145struct mbuf * 1146sppp_pick(struct ifnet *ifp) 1147{ 1148 struct sppp *sp = IFP2SP(ifp); 1149 struct mbuf *m; 1150 1151 SPPP_LOCK(sp); 1152 1153 m = sp->pp_cpq.ifq_head; 1154 if (m == NULL && 1155 (sp->pp_phase == PHASE_NETWORK || 1156 sp->pp_mode == IFF_CISCO || 1157 sp->pp_mode == PP_FR)) 1158 if ((m = sp->pp_fastq.ifq_head) == NULL) 1159 m = SP2IFP(sp)->if_snd.ifq_head; 1160 SPPP_UNLOCK(sp); 1161 return (m); 1162} 1163 1164/* 1165 * Process an ioctl request. Called on low priority level. 1166 */ 1167int 1168sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1169{ 1170 struct ifreq *ifr = (struct ifreq*) data; 1171 struct sppp *sp = IFP2SP(ifp); 1172 int rv, going_up, going_down, newmode; 1173 1174 SPPP_LOCK(sp); 1175 rv = 0; 1176 switch (cmd) { 1177 case SIOCAIFADDR: 1178 break; 1179 1180 case SIOCSIFADDR: 1181 /* set the interface "up" when assigning an IP address */ 1182 ifp->if_flags |= IFF_UP; 1183 /* FALLTHROUGH */ 1184 1185 case SIOCSIFFLAGS: 1186 going_up = ifp->if_flags & IFF_UP && 1187 (ifp->if_drv_flags & IFF_DRV_RUNNING) == 0; 1188 going_down = (ifp->if_flags & IFF_UP) == 0 && 1189 ifp->if_drv_flags & IFF_DRV_RUNNING; 1190 1191 newmode = ifp->if_flags & IFF_PASSIVE; 1192 if (!newmode) 1193 newmode = ifp->if_flags & IFF_AUTO; 1194 if (!newmode) 1195 newmode = ifp->if_flags & IFF_CISCO; 1196 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1197 ifp->if_flags |= newmode; 1198 1199 if (!newmode) 1200 newmode = sp->pp_flags & PP_FR; 1201 1202 if (newmode != sp->pp_mode) { 1203 going_down = 1; 1204 if (!going_up) 1205 going_up = ifp->if_drv_flags & IFF_DRV_RUNNING; 1206 } 1207 1208 if (going_down) { 1209 if (sp->pp_mode != IFF_CISCO && 1210 sp->pp_mode != PP_FR) 1211 lcp.Close(sp); 1212 else if (sp->pp_tlf) 1213 (sp->pp_tlf)(sp); 1214 sppp_flush_unlocked(ifp); 1215 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1216 sp->pp_mode = newmode; 1217 } 1218 1219 if (going_up) { 1220 if (sp->pp_mode != IFF_CISCO && 1221 sp->pp_mode != PP_FR) 1222 lcp.Close(sp); 1223 sp->pp_mode = newmode; 1224 if (sp->pp_mode == 0) { 1225 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1226 lcp.Open(sp); 1227 } 1228 if ((sp->pp_mode == IFF_CISCO) || 1229 (sp->pp_mode == PP_FR)) { 1230 if (sp->pp_tls) 1231 (sp->pp_tls)(sp); 1232 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1233 } 1234 } 1235 1236 break; 1237 1238#ifdef SIOCSIFMTU 1239#ifndef ifr_mtu 1240#define ifr_mtu ifr_metric 1241#endif 1242 case SIOCSIFMTU: 1243 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1244 return (EINVAL); 1245 ifp->if_mtu = ifr->ifr_mtu; 1246 break; 1247#endif 1248#ifdef SLIOCSETMTU 1249 case SLIOCSETMTU: 1250 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1251 return (EINVAL); 1252 ifp->if_mtu = *(short*)data; 1253 break; 1254#endif 1255#ifdef SIOCGIFMTU 1256 case SIOCGIFMTU: 1257 ifr->ifr_mtu = ifp->if_mtu; 1258 break; 1259#endif 1260#ifdef SLIOCGETMTU 1261 case SLIOCGETMTU: 1262 *(short*)data = ifp->if_mtu; 1263 break; 1264#endif 1265 case SIOCADDMULTI: 1266 case SIOCDELMULTI: 1267 break; 1268 1269 case SIOCGIFGENERIC: 1270 case SIOCSIFGENERIC: 1271 rv = sppp_params(sp, cmd, data); 1272 break; 1273 1274 default: 1275 rv = ENOTTY; 1276 } 1277 SPPP_UNLOCK(sp); 1278 return rv; 1279} 1280 1281/* 1282 * Cisco framing implementation. 1283 */ 1284 1285/* 1286 * Handle incoming Cisco keepalive protocol packets. 1287 */ 1288static void 1289sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1290{ 1291 STDDCL; 1292 struct cisco_packet *h; 1293 u_long me, mymask; 1294 1295 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1296 if (debug) 1297 log(LOG_DEBUG, 1298 SPP_FMT "cisco invalid packet length: %d bytes\n", 1299 SPP_ARGS(ifp), m->m_pkthdr.len); 1300 return; 1301 } 1302 h = mtod (m, struct cisco_packet*); 1303 if (debug) 1304 log(LOG_DEBUG, 1305 SPP_FMT "cisco input: %d bytes " 1306 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1307 SPP_ARGS(ifp), m->m_pkthdr.len, 1308 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1309 (u_int)h->time0, (u_int)h->time1); 1310 switch (ntohl (h->type)) { 1311 default: 1312 if (debug) 1313 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1314 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1315 break; 1316 case CISCO_ADDR_REPLY: 1317 /* Reply on address request, ignore */ 1318 break; 1319 case CISCO_KEEPALIVE_REQ: 1320 sp->pp_alivecnt = 0; 1321 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1322 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1323 /* Local and remote sequence numbers are equal. 1324 * Probably, the line is in loopback mode. */ 1325 if (sp->pp_loopcnt >= MAXALIVECNT) { 1326 printf (SPP_FMT "loopback\n", 1327 SPP_ARGS(ifp)); 1328 sp->pp_loopcnt = 0; 1329 if (ifp->if_flags & IFF_UP) { 1330 if_down (ifp); 1331 sppp_qflush (&sp->pp_cpq); 1332 } 1333 } 1334 ++sp->pp_loopcnt; 1335 1336 /* Generate new local sequence number */ 1337 sp->pp_seq[IDX_LCP] = random(); 1338 break; 1339 } 1340 sp->pp_loopcnt = 0; 1341 if (! (ifp->if_flags & IFF_UP) && 1342 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 1343 if_up(ifp); 1344 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1345 } 1346 break; 1347 case CISCO_ADDR_REQ: 1348 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1349 if (me != 0L) 1350 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1351 break; 1352 } 1353} 1354 1355/* 1356 * Send Cisco keepalive packet. 1357 */ 1358static void 1359sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1360{ 1361 STDDCL; 1362 struct ppp_header *h; 1363 struct cisco_packet *ch; 1364 struct mbuf *m; 1365 struct timeval tv; 1366 1367 getmicrouptime(&tv); 1368 1369 MGETHDR (m, M_NOWAIT, MT_DATA); 1370 if (! m) 1371 return; 1372 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1373 m->m_pkthdr.rcvif = 0; 1374 1375 h = mtod (m, struct ppp_header*); 1376 h->address = CISCO_MULTICAST; 1377 h->control = 0; 1378 h->protocol = htons (CISCO_KEEPALIVE); 1379 1380 ch = (struct cisco_packet*) (h + 1); 1381 ch->type = htonl (type); 1382 ch->par1 = htonl (par1); 1383 ch->par2 = htonl (par2); 1384 ch->rel = -1; 1385 1386 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1387 ch->time1 = htons ((u_short) tv.tv_sec); 1388 1389 if (debug) 1390 log(LOG_DEBUG, 1391 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1392 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1393 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1394 1395 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1396 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 1397} 1398 1399/* 1400 * PPP protocol implementation. 1401 */ 1402 1403/* 1404 * Send PPP control protocol packet. 1405 */ 1406static void 1407sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1408 u_char ident, u_short len, void *data) 1409{ 1410 STDDCL; 1411 struct ppp_header *h; 1412 struct lcp_header *lh; 1413 struct mbuf *m; 1414 1415 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1416 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1417 MGETHDR (m, M_NOWAIT, MT_DATA); 1418 if (! m) 1419 return; 1420 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1421 m->m_pkthdr.rcvif = 0; 1422 1423 h = mtod (m, struct ppp_header*); 1424 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1425 h->control = PPP_UI; /* Unnumbered Info */ 1426 h->protocol = htons (proto); /* Link Control Protocol */ 1427 1428 lh = (struct lcp_header*) (h + 1); 1429 lh->type = type; 1430 lh->ident = ident; 1431 lh->len = htons (LCP_HEADER_LEN + len); 1432 if (len) 1433 bcopy (data, lh+1, len); 1434 1435 if (debug) { 1436 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1437 SPP_ARGS(ifp), 1438 sppp_proto_name(proto), 1439 sppp_cp_type_name (lh->type), lh->ident, 1440 ntohs (lh->len)); 1441 sppp_print_bytes ((u_char*) (lh+1), len); 1442 log(-1, ">\n"); 1443 } 1444 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1445 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 1446} 1447 1448/* 1449 * Handle incoming PPP control protocol packets. 1450 */ 1451static void 1452sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1453{ 1454 STDDCL; 1455 struct lcp_header *h; 1456 int len = m->m_pkthdr.len; 1457 int rv; 1458 u_char *p; 1459 1460 if (len < 4) { 1461 if (debug) 1462 log(LOG_DEBUG, 1463 SPP_FMT "%s invalid packet length: %d bytes\n", 1464 SPP_ARGS(ifp), cp->name, len); 1465 return; 1466 } 1467 h = mtod (m, struct lcp_header*); 1468 if (debug) { 1469 log(LOG_DEBUG, 1470 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1471 SPP_ARGS(ifp), cp->name, 1472 sppp_state_name(sp->state[cp->protoidx]), 1473 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1474 sppp_print_bytes ((u_char*) (h+1), len-4); 1475 log(-1, ">\n"); 1476 } 1477 if (len > ntohs (h->len)) 1478 len = ntohs (h->len); 1479 p = (u_char *)(h + 1); 1480 switch (h->type) { 1481 case CONF_REQ: 1482 if (len < 4) { 1483 if (debug) 1484 log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1485 SPP_ARGS(ifp), cp->name, 1486 len); 1487 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1488 break; 1489 } 1490 /* handle states where RCR doesn't get a SCA/SCN */ 1491 switch (sp->state[cp->protoidx]) { 1492 case STATE_CLOSING: 1493 case STATE_STOPPING: 1494 return; 1495 case STATE_CLOSED: 1496 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1497 0, 0); 1498 return; 1499 } 1500 rv = (cp->RCR)(sp, h, len); 1501 switch (sp->state[cp->protoidx]) { 1502 case STATE_OPENED: 1503 (cp->tld)(sp); 1504 (cp->scr)(sp); 1505 /* FALLTHROUGH */ 1506 case STATE_ACK_SENT: 1507 case STATE_REQ_SENT: 1508 /* 1509 * sppp_cp_change_state() have the side effect of 1510 * restarting the timeouts. We want to avoid that 1511 * if the state don't change, otherwise we won't 1512 * ever timeout and resend a configuration request 1513 * that got lost. 1514 */ 1515 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1516 STATE_REQ_SENT)) 1517 break; 1518 sppp_cp_change_state(cp, sp, rv? 1519 STATE_ACK_SENT: STATE_REQ_SENT); 1520 break; 1521 case STATE_STOPPED: 1522 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1523 (cp->scr)(sp); 1524 sppp_cp_change_state(cp, sp, rv? 1525 STATE_ACK_SENT: STATE_REQ_SENT); 1526 break; 1527 case STATE_ACK_RCVD: 1528 if (rv) { 1529 sppp_cp_change_state(cp, sp, STATE_OPENED); 1530 if (debug) 1531 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1532 SPP_ARGS(ifp), 1533 cp->name); 1534 (cp->tlu)(sp); 1535 } else 1536 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1537 break; 1538 default: 1539 printf(SPP_FMT "%s illegal %s in state %s\n", 1540 SPP_ARGS(ifp), cp->name, 1541 sppp_cp_type_name(h->type), 1542 sppp_state_name(sp->state[cp->protoidx])); 1543 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1544 } 1545 break; 1546 case CONF_ACK: 1547 if (h->ident != sp->confid[cp->protoidx]) { 1548 if (debug) 1549 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1550 SPP_ARGS(ifp), cp->name, 1551 h->ident, sp->confid[cp->protoidx]); 1552 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1553 break; 1554 } 1555 switch (sp->state[cp->protoidx]) { 1556 case STATE_CLOSED: 1557 case STATE_STOPPED: 1558 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1559 break; 1560 case STATE_CLOSING: 1561 case STATE_STOPPING: 1562 break; 1563 case STATE_REQ_SENT: 1564 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1565 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1566 break; 1567 case STATE_OPENED: 1568 (cp->tld)(sp); 1569 /* FALLTHROUGH */ 1570 case STATE_ACK_RCVD: 1571 (cp->scr)(sp); 1572 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1573 break; 1574 case STATE_ACK_SENT: 1575 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1576 sppp_cp_change_state(cp, sp, STATE_OPENED); 1577 if (debug) 1578 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1579 SPP_ARGS(ifp), cp->name); 1580 (cp->tlu)(sp); 1581 break; 1582 default: 1583 printf(SPP_FMT "%s illegal %s in state %s\n", 1584 SPP_ARGS(ifp), cp->name, 1585 sppp_cp_type_name(h->type), 1586 sppp_state_name(sp->state[cp->protoidx])); 1587 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1588 } 1589 break; 1590 case CONF_NAK: 1591 case CONF_REJ: 1592 if (h->ident != sp->confid[cp->protoidx]) { 1593 if (debug) 1594 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1595 SPP_ARGS(ifp), cp->name, 1596 h->ident, sp->confid[cp->protoidx]); 1597 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1598 break; 1599 } 1600 if (h->type == CONF_NAK) 1601 (cp->RCN_nak)(sp, h, len); 1602 else /* CONF_REJ */ 1603 (cp->RCN_rej)(sp, h, len); 1604 1605 switch (sp->state[cp->protoidx]) { 1606 case STATE_CLOSED: 1607 case STATE_STOPPED: 1608 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1609 break; 1610 case STATE_REQ_SENT: 1611 case STATE_ACK_SENT: 1612 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1613 /* 1614 * Slow things down a bit if we think we might be 1615 * in loopback. Depend on the timeout to send the 1616 * next configuration request. 1617 */ 1618 if (sp->pp_loopcnt) 1619 break; 1620 (cp->scr)(sp); 1621 break; 1622 case STATE_OPENED: 1623 (cp->tld)(sp); 1624 /* FALLTHROUGH */ 1625 case STATE_ACK_RCVD: 1626 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1627 (cp->scr)(sp); 1628 break; 1629 case STATE_CLOSING: 1630 case STATE_STOPPING: 1631 break; 1632 default: 1633 printf(SPP_FMT "%s illegal %s in state %s\n", 1634 SPP_ARGS(ifp), cp->name, 1635 sppp_cp_type_name(h->type), 1636 sppp_state_name(sp->state[cp->protoidx])); 1637 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1638 } 1639 break; 1640 1641 case TERM_REQ: 1642 switch (sp->state[cp->protoidx]) { 1643 case STATE_ACK_RCVD: 1644 case STATE_ACK_SENT: 1645 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1646 /* FALLTHROUGH */ 1647 case STATE_CLOSED: 1648 case STATE_STOPPED: 1649 case STATE_CLOSING: 1650 case STATE_STOPPING: 1651 case STATE_REQ_SENT: 1652 sta: 1653 /* Send Terminate-Ack packet. */ 1654 if (debug) 1655 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1656 SPP_ARGS(ifp), cp->name); 1657 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1658 break; 1659 case STATE_OPENED: 1660 (cp->tld)(sp); 1661 sp->rst_counter[cp->protoidx] = 0; 1662 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1663 goto sta; 1664 break; 1665 default: 1666 printf(SPP_FMT "%s illegal %s in state %s\n", 1667 SPP_ARGS(ifp), cp->name, 1668 sppp_cp_type_name(h->type), 1669 sppp_state_name(sp->state[cp->protoidx])); 1670 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1671 } 1672 break; 1673 case TERM_ACK: 1674 switch (sp->state[cp->protoidx]) { 1675 case STATE_CLOSED: 1676 case STATE_STOPPED: 1677 case STATE_REQ_SENT: 1678 case STATE_ACK_SENT: 1679 break; 1680 case STATE_CLOSING: 1681 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1682 (cp->tlf)(sp); 1683 break; 1684 case STATE_STOPPING: 1685 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1686 (cp->tlf)(sp); 1687 break; 1688 case STATE_ACK_RCVD: 1689 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1690 break; 1691 case STATE_OPENED: 1692 (cp->tld)(sp); 1693 (cp->scr)(sp); 1694 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1695 break; 1696 default: 1697 printf(SPP_FMT "%s illegal %s in state %s\n", 1698 SPP_ARGS(ifp), cp->name, 1699 sppp_cp_type_name(h->type), 1700 sppp_state_name(sp->state[cp->protoidx])); 1701 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1702 } 1703 break; 1704 case CODE_REJ: 1705 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1706 log(LOG_INFO, 1707 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1708 "danger will robinson\n", 1709 SPP_ARGS(ifp), cp->name, 1710 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1711 switch (sp->state[cp->protoidx]) { 1712 case STATE_CLOSED: 1713 case STATE_STOPPED: 1714 case STATE_REQ_SENT: 1715 case STATE_ACK_SENT: 1716 case STATE_CLOSING: 1717 case STATE_STOPPING: 1718 case STATE_OPENED: 1719 break; 1720 case STATE_ACK_RCVD: 1721 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1722 break; 1723 default: 1724 printf(SPP_FMT "%s illegal %s in state %s\n", 1725 SPP_ARGS(ifp), cp->name, 1726 sppp_cp_type_name(h->type), 1727 sppp_state_name(sp->state[cp->protoidx])); 1728 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1729 } 1730 break; 1731 case PROTO_REJ: 1732 { 1733 int catastrophic; 1734 const struct cp *upper; 1735 int i; 1736 u_int16_t proto; 1737 1738 catastrophic = 0; 1739 upper = NULL; 1740 proto = ntohs(*((u_int16_t *)p)); 1741 for (i = 0; i < IDX_COUNT; i++) { 1742 if (cps[i]->proto == proto) { 1743 upper = cps[i]; 1744 break; 1745 } 1746 } 1747 if (upper == NULL) 1748 catastrophic++; 1749 1750 if (catastrophic || debug) 1751 log(catastrophic? LOG_INFO: LOG_DEBUG, 1752 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1753 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1754 sppp_cp_type_name(h->type), proto, 1755 upper ? upper->name : "unknown", 1756 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1757 1758 /* 1759 * if we got RXJ+ against conf-req, the peer does not implement 1760 * this particular protocol type. terminate the protocol. 1761 */ 1762 if (upper && !catastrophic) { 1763 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1764 upper->Close(sp); 1765 break; 1766 } 1767 } 1768 1769 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1770 switch (sp->state[cp->protoidx]) { 1771 case STATE_CLOSED: 1772 case STATE_STOPPED: 1773 case STATE_REQ_SENT: 1774 case STATE_ACK_SENT: 1775 case STATE_CLOSING: 1776 case STATE_STOPPING: 1777 case STATE_OPENED: 1778 break; 1779 case STATE_ACK_RCVD: 1780 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1781 break; 1782 default: 1783 printf(SPP_FMT "%s illegal %s in state %s\n", 1784 SPP_ARGS(ifp), cp->name, 1785 sppp_cp_type_name(h->type), 1786 sppp_state_name(sp->state[cp->protoidx])); 1787 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1788 } 1789 break; 1790 } 1791 case DISC_REQ: 1792 if (cp->proto != PPP_LCP) 1793 goto illegal; 1794 /* Discard the packet. */ 1795 break; 1796 case ECHO_REQ: 1797 if (cp->proto != PPP_LCP) 1798 goto illegal; 1799 if (sp->state[cp->protoidx] != STATE_OPENED) { 1800 if (debug) 1801 log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1802 SPP_ARGS(ifp)); 1803 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1804 break; 1805 } 1806 if (len < 8) { 1807 if (debug) 1808 log(-1, SPP_FMT "invalid lcp echo request " 1809 "packet length: %d bytes\n", 1810 SPP_ARGS(ifp), len); 1811 break; 1812 } 1813 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1814 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1815 /* Line loopback mode detected. */ 1816 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1817 sp->pp_loopcnt = MAXALIVECNT * 5; 1818 if_down (ifp); 1819 sppp_qflush (&sp->pp_cpq); 1820 1821 /* Shut down the PPP link. */ 1822 /* XXX */ 1823 lcp.Down(sp); 1824 lcp.Up(sp); 1825 break; 1826 } 1827 *(long*)(h+1) = htonl (sp->lcp.magic); 1828 if (debug) 1829 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1830 SPP_ARGS(ifp)); 1831 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1832 break; 1833 case ECHO_REPLY: 1834 if (cp->proto != PPP_LCP) 1835 goto illegal; 1836 if (h->ident != sp->lcp.echoid) { 1837 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1838 break; 1839 } 1840 if (len < 8) { 1841 if (debug) 1842 log(-1, SPP_FMT "lcp invalid echo reply " 1843 "packet length: %d bytes\n", 1844 SPP_ARGS(ifp), len); 1845 break; 1846 } 1847 if (debug) 1848 log(-1, SPP_FMT "lcp got echo rep\n", 1849 SPP_ARGS(ifp)); 1850 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1851 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1852 sp->pp_alivecnt = 0; 1853 break; 1854 default: 1855 /* Unknown packet type -- send Code-Reject packet. */ 1856 illegal: 1857 if (debug) 1858 log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1859 SPP_ARGS(ifp), cp->name, h->type); 1860 sppp_cp_send(sp, cp->proto, CODE_REJ, 1861 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1862 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1863 } 1864} 1865 1866 1867/* 1868 * The generic part of all Up/Down/Open/Close/TO event handlers. 1869 * Basically, the state transition handling in the automaton. 1870 */ 1871static void 1872sppp_up_event(const struct cp *cp, struct sppp *sp) 1873{ 1874 STDDCL; 1875 1876 if (debug) 1877 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1878 SPP_ARGS(ifp), cp->name, 1879 sppp_state_name(sp->state[cp->protoidx])); 1880 1881 switch (sp->state[cp->protoidx]) { 1882 case STATE_INITIAL: 1883 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1884 break; 1885 case STATE_STARTING: 1886 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1887 (cp->scr)(sp); 1888 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1889 break; 1890 default: 1891 printf(SPP_FMT "%s illegal up in state %s\n", 1892 SPP_ARGS(ifp), cp->name, 1893 sppp_state_name(sp->state[cp->protoidx])); 1894 } 1895} 1896 1897static void 1898sppp_down_event(const struct cp *cp, struct sppp *sp) 1899{ 1900 STDDCL; 1901 1902 if (debug) 1903 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1904 SPP_ARGS(ifp), cp->name, 1905 sppp_state_name(sp->state[cp->protoidx])); 1906 1907 switch (sp->state[cp->protoidx]) { 1908 case STATE_CLOSED: 1909 case STATE_CLOSING: 1910 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1911 break; 1912 case STATE_STOPPED: 1913 sppp_cp_change_state(cp, sp, STATE_STARTING); 1914 (cp->tls)(sp); 1915 break; 1916 case STATE_STOPPING: 1917 case STATE_REQ_SENT: 1918 case STATE_ACK_RCVD: 1919 case STATE_ACK_SENT: 1920 sppp_cp_change_state(cp, sp, STATE_STARTING); 1921 break; 1922 case STATE_OPENED: 1923 (cp->tld)(sp); 1924 sppp_cp_change_state(cp, sp, STATE_STARTING); 1925 break; 1926 default: 1927 printf(SPP_FMT "%s illegal down in state %s\n", 1928 SPP_ARGS(ifp), cp->name, 1929 sppp_state_name(sp->state[cp->protoidx])); 1930 } 1931} 1932 1933 1934static void 1935sppp_open_event(const struct cp *cp, struct sppp *sp) 1936{ 1937 STDDCL; 1938 1939 if (debug) 1940 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1941 SPP_ARGS(ifp), cp->name, 1942 sppp_state_name(sp->state[cp->protoidx])); 1943 1944 switch (sp->state[cp->protoidx]) { 1945 case STATE_INITIAL: 1946 sppp_cp_change_state(cp, sp, STATE_STARTING); 1947 (cp->tls)(sp); 1948 break; 1949 case STATE_STARTING: 1950 break; 1951 case STATE_CLOSED: 1952 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1953 (cp->scr)(sp); 1954 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1955 break; 1956 case STATE_STOPPED: 1957 /* 1958 * Try escaping stopped state. This seems to bite 1959 * people occasionally, in particular for IPCP, 1960 * presumably following previous IPCP negotiation 1961 * aborts. Somehow, we must have missed a Down event 1962 * which would have caused a transition into starting 1963 * state, so as a bandaid we force the Down event now. 1964 * This effectively implements (something like the) 1965 * `restart' option mentioned in the state transition 1966 * table of RFC 1661. 1967 */ 1968 sppp_cp_change_state(cp, sp, STATE_STARTING); 1969 (cp->tls)(sp); 1970 break; 1971 case STATE_STOPPING: 1972 case STATE_REQ_SENT: 1973 case STATE_ACK_RCVD: 1974 case STATE_ACK_SENT: 1975 case STATE_OPENED: 1976 break; 1977 case STATE_CLOSING: 1978 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1979 break; 1980 } 1981} 1982 1983 1984static void 1985sppp_close_event(const struct cp *cp, struct sppp *sp) 1986{ 1987 STDDCL; 1988 1989 if (debug) 1990 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1991 SPP_ARGS(ifp), cp->name, 1992 sppp_state_name(sp->state[cp->protoidx])); 1993 1994 switch (sp->state[cp->protoidx]) { 1995 case STATE_INITIAL: 1996 case STATE_CLOSED: 1997 case STATE_CLOSING: 1998 break; 1999 case STATE_STARTING: 2000 sppp_cp_change_state(cp, sp, STATE_INITIAL); 2001 (cp->tlf)(sp); 2002 break; 2003 case STATE_STOPPED: 2004 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2005 break; 2006 case STATE_STOPPING: 2007 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2008 break; 2009 case STATE_OPENED: 2010 (cp->tld)(sp); 2011 /* FALLTHROUGH */ 2012 case STATE_REQ_SENT: 2013 case STATE_ACK_RCVD: 2014 case STATE_ACK_SENT: 2015 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 2016 sppp_cp_send(sp, cp->proto, TERM_REQ, 2017 ++sp->pp_seq[cp->protoidx], 0, 0); 2018 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2019 break; 2020 } 2021} 2022 2023static void 2024sppp_to_event(const struct cp *cp, struct sppp *sp) 2025{ 2026 STDDCL; 2027 2028 SPPP_LOCK(sp); 2029 if (debug) 2030 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 2031 SPP_ARGS(ifp), cp->name, 2032 sppp_state_name(sp->state[cp->protoidx]), 2033 sp->rst_counter[cp->protoidx]); 2034 2035 if (--sp->rst_counter[cp->protoidx] < 0) 2036 /* TO- event */ 2037 switch (sp->state[cp->protoidx]) { 2038 case STATE_CLOSING: 2039 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2040 (cp->tlf)(sp); 2041 break; 2042 case STATE_STOPPING: 2043 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2044 (cp->tlf)(sp); 2045 break; 2046 case STATE_REQ_SENT: 2047 case STATE_ACK_RCVD: 2048 case STATE_ACK_SENT: 2049 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2050 (cp->tlf)(sp); 2051 break; 2052 } 2053 else 2054 /* TO+ event */ 2055 switch (sp->state[cp->protoidx]) { 2056 case STATE_CLOSING: 2057 case STATE_STOPPING: 2058 sppp_cp_send(sp, cp->proto, TERM_REQ, 2059 ++sp->pp_seq[cp->protoidx], 0, 0); 2060 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2061 cp->TO, (void *)sp); 2062 break; 2063 case STATE_REQ_SENT: 2064 case STATE_ACK_RCVD: 2065 (cp->scr)(sp); 2066 /* sppp_cp_change_state() will restart the timer */ 2067 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2068 break; 2069 case STATE_ACK_SENT: 2070 (cp->scr)(sp); 2071 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2072 cp->TO, (void *)sp); 2073 break; 2074 } 2075 2076 SPPP_UNLOCK(sp); 2077} 2078 2079/* 2080 * Change the state of a control protocol in the state automaton. 2081 * Takes care of starting/stopping the restart timer. 2082 */ 2083static void 2084sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2085{ 2086 sp->state[cp->protoidx] = newstate; 2087 2088 callout_stop (&sp->ch[cp->protoidx]); 2089 2090 switch (newstate) { 2091 case STATE_INITIAL: 2092 case STATE_STARTING: 2093 case STATE_CLOSED: 2094 case STATE_STOPPED: 2095 case STATE_OPENED: 2096 break; 2097 case STATE_CLOSING: 2098 case STATE_STOPPING: 2099 case STATE_REQ_SENT: 2100 case STATE_ACK_RCVD: 2101 case STATE_ACK_SENT: 2102 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2103 cp->TO, (void *)sp); 2104 break; 2105 } 2106} 2107 2108/* 2109 *--------------------------------------------------------------------------* 2110 * * 2111 * The LCP implementation. * 2112 * * 2113 *--------------------------------------------------------------------------* 2114 */ 2115static void 2116sppp_pp_up(struct sppp *sp) 2117{ 2118 SPPP_LOCK(sp); 2119 lcp.Up(sp); 2120 SPPP_UNLOCK(sp); 2121} 2122 2123static void 2124sppp_pp_down(struct sppp *sp) 2125{ 2126 SPPP_LOCK(sp); 2127 lcp.Down(sp); 2128 SPPP_UNLOCK(sp); 2129} 2130 2131static void 2132sppp_lcp_init(struct sppp *sp) 2133{ 2134 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2135 sp->lcp.magic = 0; 2136 sp->state[IDX_LCP] = STATE_INITIAL; 2137 sp->fail_counter[IDX_LCP] = 0; 2138 sp->pp_seq[IDX_LCP] = 0; 2139 sp->pp_rseq[IDX_LCP] = 0; 2140 sp->lcp.protos = 0; 2141 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2142 2143 /* Note that these values are relevant for all control protocols */ 2144 sp->lcp.timeout = 3 * hz; 2145 sp->lcp.max_terminate = 2; 2146 sp->lcp.max_configure = 10; 2147 sp->lcp.max_failure = 10; 2148 callout_init(&sp->ch[IDX_LCP], 1); 2149} 2150 2151static void 2152sppp_lcp_up(struct sppp *sp) 2153{ 2154 STDDCL; 2155 2156 sp->pp_alivecnt = 0; 2157 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2158 sp->lcp.magic = 0; 2159 sp->lcp.protos = 0; 2160 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2161 /* 2162 * If we are authenticator, negotiate LCP_AUTH 2163 */ 2164 if (sp->hisauth.proto != 0) 2165 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2166 else 2167 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2168 sp->pp_flags &= ~PP_NEEDAUTH; 2169 /* 2170 * If this interface is passive or dial-on-demand, and we are 2171 * still in Initial state, it means we've got an incoming 2172 * call. Activate the interface. 2173 */ 2174 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2175 if (debug) 2176 log(LOG_DEBUG, 2177 SPP_FMT "Up event", SPP_ARGS(ifp)); 2178 ifp->if_drv_flags |= IFF_DRV_RUNNING; 2179 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2180 if (debug) 2181 log(-1, "(incoming call)\n"); 2182 sp->pp_flags |= PP_CALLIN; 2183 lcp.Open(sp); 2184 } else if (debug) 2185 log(-1, "\n"); 2186 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2187 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2188 ifp->if_drv_flags |= IFF_DRV_RUNNING; 2189 lcp.Open(sp); 2190 } 2191 2192 sppp_up_event(&lcp, sp); 2193} 2194 2195static void 2196sppp_lcp_down(struct sppp *sp) 2197{ 2198 STDDCL; 2199 2200 sppp_down_event(&lcp, sp); 2201 2202 /* 2203 * If this is neither a dial-on-demand nor a passive 2204 * interface, simulate an ``ifconfig down'' action, so the 2205 * administrator can force a redial by another ``ifconfig 2206 * up''. XXX For leased line operation, should we immediately 2207 * try to reopen the connection here? 2208 */ 2209 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2210 log(LOG_INFO, 2211 SPP_FMT "Down event, taking interface down.\n", 2212 SPP_ARGS(ifp)); 2213 if_down(ifp); 2214 } else { 2215 if (debug) 2216 log(LOG_DEBUG, 2217 SPP_FMT "Down event (carrier loss)\n", 2218 SPP_ARGS(ifp)); 2219 sp->pp_flags &= ~PP_CALLIN; 2220 if (sp->state[IDX_LCP] != STATE_INITIAL) 2221 lcp.Close(sp); 2222 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 2223 } 2224} 2225 2226static void 2227sppp_lcp_open(struct sppp *sp) 2228{ 2229 sppp_open_event(&lcp, sp); 2230} 2231 2232static void 2233sppp_lcp_close(struct sppp *sp) 2234{ 2235 sppp_close_event(&lcp, sp); 2236} 2237 2238static void 2239sppp_lcp_TO(void *cookie) 2240{ 2241 sppp_to_event(&lcp, (struct sppp *)cookie); 2242} 2243 2244/* 2245 * Analyze a configure request. Return true if it was agreeable, and 2246 * caused action sca, false if it has been rejected or nak'ed, and 2247 * caused action scn. (The return value is used to make the state 2248 * transition decision in the state automaton.) 2249 */ 2250static int 2251sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2252{ 2253 STDDCL; 2254 u_char *buf, *r, *p; 2255 int origlen, rlen; 2256 u_long nmagic; 2257 u_short authproto; 2258 2259 len -= 4; 2260 origlen = len; 2261 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2262 if (! buf) 2263 return (0); 2264 2265 if (debug) 2266 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2267 SPP_ARGS(ifp)); 2268 2269 /* pass 1: check for things that need to be rejected */ 2270 p = (void*) (h+1); 2271 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2272 len-=p[1], p+=p[1]) { 2273 if (debug) 2274 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2275 switch (*p) { 2276 case LCP_OPT_MAGIC: 2277 /* Magic number. */ 2278 if (len >= 6 && p[1] == 6) 2279 continue; 2280 if (debug) 2281 log(-1, "[invalid] "); 2282 break; 2283 case LCP_OPT_ASYNC_MAP: 2284 /* Async control character map. */ 2285 if (len >= 6 && p[1] == 6) 2286 continue; 2287 if (debug) 2288 log(-1, "[invalid] "); 2289 break; 2290 case LCP_OPT_MRU: 2291 /* Maximum receive unit. */ 2292 if (len >= 4 && p[1] == 4) 2293 continue; 2294 if (debug) 2295 log(-1, "[invalid] "); 2296 break; 2297 case LCP_OPT_AUTH_PROTO: 2298 if (len < 4) { 2299 if (debug) 2300 log(-1, "[invalid] "); 2301 break; 2302 } 2303 authproto = (p[2] << 8) + p[3]; 2304 if (authproto == PPP_CHAP && p[1] != 5) { 2305 if (debug) 2306 log(-1, "[invalid chap len] "); 2307 break; 2308 } 2309 if (sp->myauth.proto == 0) { 2310 /* we are not configured to do auth */ 2311 if (debug) 2312 log(-1, "[not configured] "); 2313 break; 2314 } 2315 /* 2316 * Remote want us to authenticate, remember this, 2317 * so we stay in PHASE_AUTHENTICATE after LCP got 2318 * up. 2319 */ 2320 sp->pp_flags |= PP_NEEDAUTH; 2321 continue; 2322 default: 2323 /* Others not supported. */ 2324 if (debug) 2325 log(-1, "[rej] "); 2326 break; 2327 } 2328 /* Add the option to rejected list. */ 2329 bcopy (p, r, p[1]); 2330 r += p[1]; 2331 rlen += p[1]; 2332 } 2333 if (rlen) { 2334 if (debug) 2335 log(-1, " send conf-rej\n"); 2336 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2337 return 0; 2338 } else if (debug) 2339 log(-1, "\n"); 2340 2341 /* 2342 * pass 2: check for option values that are unacceptable and 2343 * thus require to be nak'ed. 2344 */ 2345 if (debug) 2346 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2347 SPP_ARGS(ifp)); 2348 2349 p = (void*) (h+1); 2350 len = origlen; 2351 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2352 len-=p[1], p+=p[1]) { 2353 if (debug) 2354 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2355 switch (*p) { 2356 case LCP_OPT_MAGIC: 2357 /* Magic number -- extract. */ 2358 nmagic = (u_long)p[2] << 24 | 2359 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2360 if (nmagic != sp->lcp.magic) { 2361 sp->pp_loopcnt = 0; 2362 if (debug) 2363 log(-1, "0x%lx ", nmagic); 2364 continue; 2365 } 2366 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2367 log(-1, "[glitch] "); 2368 ++sp->pp_loopcnt; 2369 /* 2370 * We negate our magic here, and NAK it. If 2371 * we see it later in an NAK packet, we 2372 * suggest a new one. 2373 */ 2374 nmagic = ~sp->lcp.magic; 2375 /* Gonna NAK it. */ 2376 p[2] = nmagic >> 24; 2377 p[3] = nmagic >> 16; 2378 p[4] = nmagic >> 8; 2379 p[5] = nmagic; 2380 break; 2381 2382 case LCP_OPT_ASYNC_MAP: 2383 /* 2384 * Async control character map -- just ignore it. 2385 * 2386 * Quote from RFC 1662, chapter 6: 2387 * To enable this functionality, synchronous PPP 2388 * implementations MUST always respond to the 2389 * Async-Control-Character-Map Configuration 2390 * Option with the LCP Configure-Ack. However, 2391 * acceptance of the Configuration Option does 2392 * not imply that the synchronous implementation 2393 * will do any ACCM mapping. Instead, all such 2394 * octet mapping will be performed by the 2395 * asynchronous-to-synchronous converter. 2396 */ 2397 continue; 2398 2399 case LCP_OPT_MRU: 2400 /* 2401 * Maximum receive unit. Always agreeable, 2402 * but ignored by now. 2403 */ 2404 sp->lcp.their_mru = p[2] * 256 + p[3]; 2405 if (debug) 2406 log(-1, "%lu ", sp->lcp.their_mru); 2407 continue; 2408 2409 case LCP_OPT_AUTH_PROTO: 2410 authproto = (p[2] << 8) + p[3]; 2411 if (sp->myauth.proto != authproto) { 2412 /* not agreed, nak */ 2413 if (debug) 2414 log(-1, "[mine %s != his %s] ", 2415 sppp_proto_name(sp->hisauth.proto), 2416 sppp_proto_name(authproto)); 2417 p[2] = sp->myauth.proto >> 8; 2418 p[3] = sp->myauth.proto; 2419 break; 2420 } 2421 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2422 if (debug) 2423 log(-1, "[chap not MD5] "); 2424 p[4] = CHAP_MD5; 2425 break; 2426 } 2427 continue; 2428 } 2429 /* Add the option to nak'ed list. */ 2430 bcopy (p, r, p[1]); 2431 r += p[1]; 2432 rlen += p[1]; 2433 } 2434 if (rlen) { 2435 /* 2436 * Local and remote magics equal -- loopback? 2437 */ 2438 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2439 if (sp->pp_loopcnt == MAXALIVECNT*5) 2440 printf (SPP_FMT "loopback\n", 2441 SPP_ARGS(ifp)); 2442 if (ifp->if_flags & IFF_UP) { 2443 if_down(ifp); 2444 sppp_qflush(&sp->pp_cpq); 2445 /* XXX ? */ 2446 lcp.Down(sp); 2447 lcp.Up(sp); 2448 } 2449 } else if (!sp->pp_loopcnt && 2450 ++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2451 if (debug) 2452 log(-1, " max_failure (%d) exceeded, " 2453 "send conf-rej\n", 2454 sp->lcp.max_failure); 2455 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2456 } else { 2457 if (debug) 2458 log(-1, " send conf-nak\n"); 2459 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2460 } 2461 } else { 2462 if (debug) 2463 log(-1, " send conf-ack\n"); 2464 sp->fail_counter[IDX_LCP] = 0; 2465 sp->pp_loopcnt = 0; 2466 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2467 h->ident, origlen, h+1); 2468 } 2469 2470 free (buf, M_TEMP); 2471 return (rlen == 0); 2472} 2473 2474/* 2475 * Analyze the LCP Configure-Reject option list, and adjust our 2476 * negotiation. 2477 */ 2478static void 2479sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2480{ 2481 STDDCL; 2482 u_char *buf, *p; 2483 2484 len -= 4; 2485 buf = malloc (len, M_TEMP, M_NOWAIT); 2486 if (!buf) 2487 return; 2488 2489 if (debug) 2490 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2491 SPP_ARGS(ifp)); 2492 2493 p = (void*) (h+1); 2494 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 2495 len -= p[1], p += p[1]) { 2496 if (debug) 2497 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2498 switch (*p) { 2499 case LCP_OPT_MAGIC: 2500 /* Magic number -- can't use it, use 0 */ 2501 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2502 sp->lcp.magic = 0; 2503 break; 2504 case LCP_OPT_MRU: 2505 /* 2506 * Should not be rejected anyway, since we only 2507 * negotiate a MRU if explicitly requested by 2508 * peer. 2509 */ 2510 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2511 break; 2512 case LCP_OPT_AUTH_PROTO: 2513 /* 2514 * Peer doesn't want to authenticate himself, 2515 * deny unless this is a dialout call, and 2516 * AUTHFLAG_NOCALLOUT is set. 2517 */ 2518 if ((sp->pp_flags & PP_CALLIN) == 0 && 2519 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2520 if (debug) 2521 log(-1, "[don't insist on auth " 2522 "for callout]"); 2523 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2524 break; 2525 } 2526 if (debug) 2527 log(-1, "[access denied]\n"); 2528 lcp.Close(sp); 2529 break; 2530 } 2531 } 2532 if (debug) 2533 log(-1, "\n"); 2534 free (buf, M_TEMP); 2535 return; 2536} 2537 2538/* 2539 * Analyze the LCP Configure-NAK option list, and adjust our 2540 * negotiation. 2541 */ 2542static void 2543sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2544{ 2545 STDDCL; 2546 u_char *buf, *p; 2547 u_long magic; 2548 2549 len -= 4; 2550 buf = malloc (len, M_TEMP, M_NOWAIT); 2551 if (!buf) 2552 return; 2553 2554 if (debug) 2555 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2556 SPP_ARGS(ifp)); 2557 2558 p = (void*) (h+1); 2559 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 2560 len -= p[1], p += p[1]) { 2561 if (debug) 2562 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2563 switch (*p) { 2564 case LCP_OPT_MAGIC: 2565 /* Magic number -- renegotiate */ 2566 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2567 len >= 6 && p[1] == 6) { 2568 magic = (u_long)p[2] << 24 | 2569 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2570 /* 2571 * If the remote magic is our negated one, 2572 * this looks like a loopback problem. 2573 * Suggest a new magic to make sure. 2574 */ 2575 if (magic == ~sp->lcp.magic) { 2576 if (debug) 2577 log(-1, "magic glitch "); 2578 sp->lcp.magic = random(); 2579 } else { 2580 sp->lcp.magic = magic; 2581 if (debug) 2582 log(-1, "%lu ", magic); 2583 } 2584 } 2585 break; 2586 case LCP_OPT_MRU: 2587 /* 2588 * Peer wants to advise us to negotiate an MRU. 2589 * Agree on it if it's reasonable, or use 2590 * default otherwise. 2591 */ 2592 if (len >= 4 && p[1] == 4) { 2593 u_int mru = p[2] * 256 + p[3]; 2594 if (debug) 2595 log(-1, "%d ", mru); 2596 if (mru < PP_MTU || mru > PP_MAX_MRU) 2597 mru = PP_MTU; 2598 sp->lcp.mru = mru; 2599 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2600 } 2601 break; 2602 case LCP_OPT_AUTH_PROTO: 2603 /* 2604 * Peer doesn't like our authentication method, 2605 * deny. 2606 */ 2607 if (debug) 2608 log(-1, "[access denied]\n"); 2609 lcp.Close(sp); 2610 break; 2611 } 2612 } 2613 if (debug) 2614 log(-1, "\n"); 2615 free (buf, M_TEMP); 2616 return; 2617} 2618 2619static void 2620sppp_lcp_tlu(struct sppp *sp) 2621{ 2622 STDDCL; 2623 int i; 2624 u_long mask; 2625 2626 /* XXX ? */ 2627 if (! (ifp->if_flags & IFF_UP) && 2628 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 2629 /* Coming out of loopback mode. */ 2630 if_up(ifp); 2631 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2632 } 2633 2634 for (i = 0; i < IDX_COUNT; i++) 2635 if ((cps[i])->flags & CP_QUAL) 2636 (cps[i])->Open(sp); 2637 2638 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2639 (sp->pp_flags & PP_NEEDAUTH) != 0) 2640 sp->pp_phase = PHASE_AUTHENTICATE; 2641 else 2642 sp->pp_phase = PHASE_NETWORK; 2643 2644 if (debug) 2645 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2646 sppp_phase_name(sp->pp_phase)); 2647 2648 /* 2649 * Open all authentication protocols. This is even required 2650 * if we already proceeded to network phase, since it might be 2651 * that remote wants us to authenticate, so we might have to 2652 * send a PAP request. Undesired authentication protocols 2653 * don't do anything when they get an Open event. 2654 */ 2655 for (i = 0; i < IDX_COUNT; i++) 2656 if ((cps[i])->flags & CP_AUTH) 2657 (cps[i])->Open(sp); 2658 2659 if (sp->pp_phase == PHASE_NETWORK) { 2660 /* Notify all NCPs. */ 2661 for (i = 0; i < IDX_COUNT; i++) 2662 if (((cps[i])->flags & CP_NCP) && 2663 /* 2664 * XXX 2665 * Hack to administratively disable IPv6 if 2666 * not desired. Perhaps we should have another 2667 * flag for this, but right now, we can make 2668 * all struct cp's read/only. 2669 */ 2670 (cps[i] != &ipv6cp || 2671 (sp->confflags & CONF_ENABLE_IPV6))) 2672 (cps[i])->Open(sp); 2673 } 2674 2675 /* Send Up events to all started protos. */ 2676 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2677 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2678 (cps[i])->Up(sp); 2679 2680 /* notify low-level driver of state change */ 2681 if (sp->pp_chg) 2682 sp->pp_chg(sp, (int)sp->pp_phase); 2683 2684 if (sp->pp_phase == PHASE_NETWORK) 2685 /* if no NCP is starting, close down */ 2686 sppp_lcp_check_and_close(sp); 2687} 2688 2689static void 2690sppp_lcp_tld(struct sppp *sp) 2691{ 2692 STDDCL; 2693 int i; 2694 u_long mask; 2695 2696 sp->pp_phase = PHASE_TERMINATE; 2697 2698 if (debug) 2699 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2700 sppp_phase_name(sp->pp_phase)); 2701 2702 /* 2703 * Take upper layers down. We send the Down event first and 2704 * the Close second to prevent the upper layers from sending 2705 * ``a flurry of terminate-request packets'', as the RFC 2706 * describes it. 2707 */ 2708 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2709 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2710 (cps[i])->Down(sp); 2711 (cps[i])->Close(sp); 2712 } 2713} 2714 2715static void 2716sppp_lcp_tls(struct sppp *sp) 2717{ 2718 STDDCL; 2719 2720 sp->pp_phase = PHASE_ESTABLISH; 2721 2722 if (debug) 2723 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2724 sppp_phase_name(sp->pp_phase)); 2725 2726 /* Notify lower layer if desired. */ 2727 if (sp->pp_tls) 2728 (sp->pp_tls)(sp); 2729 else 2730 (sp->pp_up)(sp); 2731} 2732 2733static void 2734sppp_lcp_tlf(struct sppp *sp) 2735{ 2736 STDDCL; 2737 2738 sp->pp_phase = PHASE_DEAD; 2739 if (debug) 2740 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2741 sppp_phase_name(sp->pp_phase)); 2742 2743 /* Notify lower layer if desired. */ 2744 if (sp->pp_tlf) 2745 (sp->pp_tlf)(sp); 2746 else 2747 (sp->pp_down)(sp); 2748} 2749 2750static void 2751sppp_lcp_scr(struct sppp *sp) 2752{ 2753 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2754 int i = 0; 2755 u_short authproto; 2756 2757 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2758 if (! sp->lcp.magic) 2759 sp->lcp.magic = random(); 2760 opt[i++] = LCP_OPT_MAGIC; 2761 opt[i++] = 6; 2762 opt[i++] = sp->lcp.magic >> 24; 2763 opt[i++] = sp->lcp.magic >> 16; 2764 opt[i++] = sp->lcp.magic >> 8; 2765 opt[i++] = sp->lcp.magic; 2766 } 2767 2768 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2769 opt[i++] = LCP_OPT_MRU; 2770 opt[i++] = 4; 2771 opt[i++] = sp->lcp.mru >> 8; 2772 opt[i++] = sp->lcp.mru; 2773 } 2774 2775 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2776 authproto = sp->hisauth.proto; 2777 opt[i++] = LCP_OPT_AUTH_PROTO; 2778 opt[i++] = authproto == PPP_CHAP? 5: 4; 2779 opt[i++] = authproto >> 8; 2780 opt[i++] = authproto; 2781 if (authproto == PPP_CHAP) 2782 opt[i++] = CHAP_MD5; 2783 } 2784 2785 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2786 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2787} 2788 2789/* 2790 * Check the open NCPs, return true if at least one NCP is open. 2791 */ 2792static int 2793sppp_ncp_check(struct sppp *sp) 2794{ 2795 int i, mask; 2796 2797 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2798 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2799 return 1; 2800 return 0; 2801} 2802 2803/* 2804 * Re-check the open NCPs and see if we should terminate the link. 2805 * Called by the NCPs during their tlf action handling. 2806 */ 2807static void 2808sppp_lcp_check_and_close(struct sppp *sp) 2809{ 2810 2811 if (sp->pp_phase < PHASE_NETWORK) 2812 /* don't bother, we are already going down */ 2813 return; 2814 2815 if (sppp_ncp_check(sp)) 2816 return; 2817 2818 lcp.Close(sp); 2819} 2820 2821/* 2822 *--------------------------------------------------------------------------* 2823 * * 2824 * The IPCP implementation. * 2825 * * 2826 *--------------------------------------------------------------------------* 2827 */ 2828 2829#ifdef INET 2830static void 2831sppp_ipcp_init(struct sppp *sp) 2832{ 2833 sp->ipcp.opts = 0; 2834 sp->ipcp.flags = 0; 2835 sp->state[IDX_IPCP] = STATE_INITIAL; 2836 sp->fail_counter[IDX_IPCP] = 0; 2837 sp->pp_seq[IDX_IPCP] = 0; 2838 sp->pp_rseq[IDX_IPCP] = 0; 2839 callout_init(&sp->ch[IDX_IPCP], 1); 2840} 2841 2842static void 2843sppp_ipcp_up(struct sppp *sp) 2844{ 2845 sppp_up_event(&ipcp, sp); 2846} 2847 2848static void 2849sppp_ipcp_down(struct sppp *sp) 2850{ 2851 sppp_down_event(&ipcp, sp); 2852} 2853 2854static void 2855sppp_ipcp_open(struct sppp *sp) 2856{ 2857 STDDCL; 2858 u_long myaddr, hisaddr; 2859 2860 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN | 2861 IPCP_MYADDR_DYN | IPCP_VJ); 2862 sp->ipcp.opts = 0; 2863 2864 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2865 /* 2866 * If we don't have his address, this probably means our 2867 * interface doesn't want to talk IP at all. (This could 2868 * be the case if somebody wants to speak only IPX, for 2869 * example.) Don't open IPCP in this case. 2870 */ 2871 if (hisaddr == 0L) { 2872 /* XXX this message should go away */ 2873 if (debug) 2874 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2875 SPP_ARGS(ifp)); 2876 return; 2877 } 2878 if (myaddr == 0L) { 2879 /* 2880 * I don't have an assigned address, so i need to 2881 * negotiate my address. 2882 */ 2883 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2884 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2885 } else 2886 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2887 if (sp->confflags & CONF_ENABLE_VJ) { 2888 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION); 2889 sp->ipcp.max_state = MAX_STATES - 1; 2890 sp->ipcp.compress_cid = 1; 2891 } 2892 sppp_open_event(&ipcp, sp); 2893} 2894 2895static void 2896sppp_ipcp_close(struct sppp *sp) 2897{ 2898 sppp_close_event(&ipcp, sp); 2899 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2900 /* 2901 * My address was dynamic, clear it again. 2902 */ 2903 sppp_set_ip_addr(sp, 0L); 2904} 2905 2906static void 2907sppp_ipcp_TO(void *cookie) 2908{ 2909 sppp_to_event(&ipcp, (struct sppp *)cookie); 2910} 2911 2912/* 2913 * Analyze a configure request. Return true if it was agreeable, and 2914 * caused action sca, false if it has been rejected or nak'ed, and 2915 * caused action scn. (The return value is used to make the state 2916 * transition decision in the state automaton.) 2917 */ 2918static int 2919sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2920{ 2921 u_char *buf, *r, *p; 2922 struct ifnet *ifp = SP2IFP(sp); 2923 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2924 u_long hisaddr, desiredaddr; 2925 int gotmyaddr = 0; 2926 int desiredcomp; 2927 2928 len -= 4; 2929 origlen = len; 2930 /* 2931 * Make sure to allocate a buf that can at least hold a 2932 * conf-nak with an `address' option. We might need it below. 2933 */ 2934 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2935 if (! buf) 2936 return (0); 2937 2938 /* pass 1: see if we can recognize them */ 2939 if (debug) 2940 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2941 SPP_ARGS(ifp)); 2942 p = (void*) (h+1); 2943 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2944 len-=p[1], p+=p[1]) { 2945 if (debug) 2946 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2947 switch (*p) { 2948 case IPCP_OPT_COMPRESSION: 2949 if (!(sp->confflags & CONF_ENABLE_VJ)) { 2950 /* VJ compression administratively disabled */ 2951 if (debug) 2952 log(-1, "[locally disabled] "); 2953 break; 2954 } 2955 /* 2956 * In theory, we should only conf-rej an 2957 * option that is shorter than RFC 1618 2958 * requires (i.e. < 4), and should conf-nak 2959 * anything else that is not VJ. However, 2960 * since our algorithm always uses the 2961 * original option to NAK it with new values, 2962 * things would become more complicated. In 2963 * practice, the only commonly implemented IP 2964 * compression option is VJ anyway, so the 2965 * difference is negligible. 2966 */ 2967 if (len >= 6 && p[1] == 6) { 2968 /* 2969 * correctly formed compression option 2970 * that could be VJ compression 2971 */ 2972 continue; 2973 } 2974 if (debug) 2975 log(-1, 2976 "optlen %d [invalid/unsupported] ", 2977 p[1]); 2978 break; 2979 case IPCP_OPT_ADDRESS: 2980 if (len >= 6 && p[1] == 6) { 2981 /* correctly formed address option */ 2982 continue; 2983 } 2984 if (debug) 2985 log(-1, "[invalid] "); 2986 break; 2987 default: 2988 /* Others not supported. */ 2989 if (debug) 2990 log(-1, "[rej] "); 2991 break; 2992 } 2993 /* Add the option to rejected list. */ 2994 bcopy (p, r, p[1]); 2995 r += p[1]; 2996 rlen += p[1]; 2997 } 2998 if (rlen) { 2999 if (debug) 3000 log(-1, " send conf-rej\n"); 3001 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 3002 return 0; 3003 } else if (debug) 3004 log(-1, "\n"); 3005 3006 /* pass 2: parse option values */ 3007 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 3008 if (debug) 3009 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 3010 SPP_ARGS(ifp)); 3011 p = (void*) (h+1); 3012 len = origlen; 3013 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3014 len-=p[1], p+=p[1]) { 3015 if (debug) 3016 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3017 switch (*p) { 3018 case IPCP_OPT_COMPRESSION: 3019 desiredcomp = p[2] << 8 | p[3]; 3020 /* We only support VJ */ 3021 if (desiredcomp == IPCP_COMP_VJ) { 3022 if (debug) 3023 log(-1, "VJ [ack] "); 3024 sp->ipcp.flags |= IPCP_VJ; 3025 sl_compress_init(sp->pp_comp, p[4]); 3026 sp->ipcp.max_state = p[4]; 3027 sp->ipcp.compress_cid = p[5]; 3028 continue; 3029 } 3030 if (debug) 3031 log(-1, 3032 "compproto %#04x [not supported] ", 3033 desiredcomp); 3034 p[2] = IPCP_COMP_VJ >> 8; 3035 p[3] = IPCP_COMP_VJ; 3036 p[4] = sp->ipcp.max_state; 3037 p[5] = sp->ipcp.compress_cid; 3038 break; 3039 case IPCP_OPT_ADDRESS: 3040 /* This is the address he wants in his end */ 3041 desiredaddr = p[2] << 24 | p[3] << 16 | 3042 p[4] << 8 | p[5]; 3043 if (desiredaddr == hisaddr || 3044 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) { 3045 /* 3046 * Peer's address is same as our value, 3047 * or we have set it to 0.0.0.* to 3048 * indicate that we do not really care, 3049 * this is agreeable. Gonna conf-ack 3050 * it. 3051 */ 3052 if (debug) 3053 log(-1, "%s [ack] ", 3054 sppp_dotted_quad(hisaddr)); 3055 /* record that we've seen it already */ 3056 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3057 continue; 3058 } 3059 /* 3060 * The address wasn't agreeable. This is either 3061 * he sent us 0.0.0.0, asking to assign him an 3062 * address, or he send us another address not 3063 * matching our value. Either case, we gonna 3064 * conf-nak it with our value. 3065 * XXX: we should "rej" if hisaddr == 0 3066 */ 3067 if (debug) { 3068 if (desiredaddr == 0) 3069 log(-1, "[addr requested] "); 3070 else 3071 log(-1, "%s [not agreed] ", 3072 sppp_dotted_quad(desiredaddr)); 3073 3074 } 3075 p[2] = hisaddr >> 24; 3076 p[3] = hisaddr >> 16; 3077 p[4] = hisaddr >> 8; 3078 p[5] = hisaddr; 3079 break; 3080 } 3081 /* Add the option to nak'ed list. */ 3082 bcopy (p, r, p[1]); 3083 r += p[1]; 3084 rlen += p[1]; 3085 } 3086 3087 /* 3088 * If we are about to conf-ack the request, but haven't seen 3089 * his address so far, gonna conf-nak it instead, with the 3090 * `address' option present and our idea of his address being 3091 * filled in there, to request negotiation of both addresses. 3092 * 3093 * XXX This can result in an endless req - nak loop if peer 3094 * doesn't want to send us his address. Q: What should we do 3095 * about it? XXX A: implement the max-failure counter. 3096 */ 3097 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 3098 buf[0] = IPCP_OPT_ADDRESS; 3099 buf[1] = 6; 3100 buf[2] = hisaddr >> 24; 3101 buf[3] = hisaddr >> 16; 3102 buf[4] = hisaddr >> 8; 3103 buf[5] = hisaddr; 3104 rlen = 6; 3105 if (debug) 3106 log(-1, "still need hisaddr "); 3107 } 3108 3109 if (rlen) { 3110 if (debug) 3111 log(-1, " send conf-nak\n"); 3112 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3113 } else { 3114 if (debug) 3115 log(-1, " send conf-ack\n"); 3116 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 3117 h->ident, origlen, h+1); 3118 } 3119 3120 free (buf, M_TEMP); 3121 return (rlen == 0); 3122} 3123 3124/* 3125 * Analyze the IPCP Configure-Reject option list, and adjust our 3126 * negotiation. 3127 */ 3128static void 3129sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3130{ 3131 u_char *buf, *p; 3132 struct ifnet *ifp = SP2IFP(sp); 3133 int debug = ifp->if_flags & IFF_DEBUG; 3134 3135 len -= 4; 3136 buf = malloc (len, M_TEMP, M_NOWAIT); 3137 if (!buf) 3138 return; 3139 3140 if (debug) 3141 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 3142 SPP_ARGS(ifp)); 3143 3144 p = (void*) (h+1); 3145 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3146 len -= p[1], p += p[1]) { 3147 if (debug) 3148 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3149 switch (*p) { 3150 case IPCP_OPT_COMPRESSION: 3151 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION); 3152 break; 3153 case IPCP_OPT_ADDRESS: 3154 /* 3155 * Peer doesn't grok address option. This is 3156 * bad. XXX Should we better give up here? 3157 * XXX We could try old "addresses" option... 3158 */ 3159 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3160 break; 3161 } 3162 } 3163 if (debug) 3164 log(-1, "\n"); 3165 free (buf, M_TEMP); 3166 return; 3167} 3168 3169/* 3170 * Analyze the IPCP Configure-NAK option list, and adjust our 3171 * negotiation. 3172 */ 3173static void 3174sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3175{ 3176 u_char *buf, *p; 3177 struct ifnet *ifp = SP2IFP(sp); 3178 int debug = ifp->if_flags & IFF_DEBUG; 3179 int desiredcomp; 3180 u_long wantaddr; 3181 3182 len -= 4; 3183 buf = malloc (len, M_TEMP, M_NOWAIT); 3184 if (!buf) 3185 return; 3186 3187 if (debug) 3188 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 3189 SPP_ARGS(ifp)); 3190 3191 p = (void*) (h+1); 3192 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3193 len -= p[1], p += p[1]) { 3194 if (debug) 3195 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3196 switch (*p) { 3197 case IPCP_OPT_COMPRESSION: 3198 if (len >= 6 && p[1] == 6) { 3199 desiredcomp = p[2] << 8 | p[3]; 3200 if (debug) 3201 log(-1, "[wantcomp %#04x] ", 3202 desiredcomp); 3203 if (desiredcomp == IPCP_COMP_VJ) { 3204 sl_compress_init(sp->pp_comp, p[4]); 3205 sp->ipcp.max_state = p[4]; 3206 sp->ipcp.compress_cid = p[5]; 3207 if (debug) 3208 log(-1, "[agree] "); 3209 } else 3210 sp->ipcp.opts &= 3211 ~(1 << IPCP_OPT_COMPRESSION); 3212 } 3213 break; 3214 case IPCP_OPT_ADDRESS: 3215 /* 3216 * Peer doesn't like our local IP address. See 3217 * if we can do something for him. We'll drop 3218 * him our address then. 3219 */ 3220 if (len >= 6 && p[1] == 6) { 3221 wantaddr = p[2] << 24 | p[3] << 16 | 3222 p[4] << 8 | p[5]; 3223 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3224 if (debug) 3225 log(-1, "[wantaddr %s] ", 3226 sppp_dotted_quad(wantaddr)); 3227 /* 3228 * When doing dynamic address assignment, 3229 * we accept his offer. Otherwise, we 3230 * ignore it and thus continue to negotiate 3231 * our already existing value. 3232 * XXX: Bogus, if he said no once, he'll 3233 * just say no again, might as well die. 3234 */ 3235 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3236 sppp_set_ip_addr(sp, wantaddr); 3237 if (debug) 3238 log(-1, "[agree] "); 3239 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3240 } 3241 } 3242 break; 3243 } 3244 } 3245 if (debug) 3246 log(-1, "\n"); 3247 free (buf, M_TEMP); 3248 return; 3249} 3250 3251static void 3252sppp_ipcp_tlu(struct sppp *sp) 3253{ 3254 /* we are up - notify isdn daemon */ 3255 if (sp->pp_con) 3256 sp->pp_con(sp); 3257} 3258 3259static void 3260sppp_ipcp_tld(struct sppp *sp) 3261{ 3262} 3263 3264static void 3265sppp_ipcp_tls(struct sppp *sp) 3266{ 3267 /* indicate to LCP that it must stay alive */ 3268 sp->lcp.protos |= (1 << IDX_IPCP); 3269} 3270 3271static void 3272sppp_ipcp_tlf(struct sppp *sp) 3273{ 3274 /* we no longer need LCP */ 3275 sp->lcp.protos &= ~(1 << IDX_IPCP); 3276 sppp_lcp_check_and_close(sp); 3277} 3278 3279static void 3280sppp_ipcp_scr(struct sppp *sp) 3281{ 3282 char opt[6 /* compression */ + 6 /* address */]; 3283 u_long ouraddr; 3284 int i = 0; 3285 3286 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3287 opt[i++] = IPCP_OPT_COMPRESSION; 3288 opt[i++] = 6; 3289 opt[i++] = IPCP_COMP_VJ >> 8; 3290 opt[i++] = IPCP_COMP_VJ; 3291 opt[i++] = sp->ipcp.max_state; 3292 opt[i++] = sp->ipcp.compress_cid; 3293 } 3294 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3295 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3296 opt[i++] = IPCP_OPT_ADDRESS; 3297 opt[i++] = 6; 3298 opt[i++] = ouraddr >> 24; 3299 opt[i++] = ouraddr >> 16; 3300 opt[i++] = ouraddr >> 8; 3301 opt[i++] = ouraddr; 3302 } 3303 3304 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3305 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3306} 3307#else /* !INET */ 3308static void 3309sppp_ipcp_init(struct sppp *sp) 3310{ 3311} 3312 3313static void 3314sppp_ipcp_up(struct sppp *sp) 3315{ 3316} 3317 3318static void 3319sppp_ipcp_down(struct sppp *sp) 3320{ 3321} 3322 3323static void 3324sppp_ipcp_open(struct sppp *sp) 3325{ 3326} 3327 3328static void 3329sppp_ipcp_close(struct sppp *sp) 3330{ 3331} 3332 3333static void 3334sppp_ipcp_TO(void *cookie) 3335{ 3336} 3337 3338static int 3339sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3340{ 3341 return (0); 3342} 3343 3344static void 3345sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3346{ 3347} 3348 3349static void 3350sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3351{ 3352} 3353 3354static void 3355sppp_ipcp_tlu(struct sppp *sp) 3356{ 3357} 3358 3359static void 3360sppp_ipcp_tld(struct sppp *sp) 3361{ 3362} 3363 3364static void 3365sppp_ipcp_tls(struct sppp *sp) 3366{ 3367} 3368 3369static void 3370sppp_ipcp_tlf(struct sppp *sp) 3371{ 3372} 3373 3374static void 3375sppp_ipcp_scr(struct sppp *sp) 3376{ 3377} 3378#endif 3379 3380/* 3381 *--------------------------------------------------------------------------* 3382 * * 3383 * The IPv6CP implementation. * 3384 * * 3385 *--------------------------------------------------------------------------* 3386 */ 3387 3388#ifdef INET6 3389static void 3390sppp_ipv6cp_init(struct sppp *sp) 3391{ 3392 sp->ipv6cp.opts = 0; 3393 sp->ipv6cp.flags = 0; 3394 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3395 sp->fail_counter[IDX_IPV6CP] = 0; 3396 sp->pp_seq[IDX_IPV6CP] = 0; 3397 sp->pp_rseq[IDX_IPV6CP] = 0; 3398 callout_init(&sp->ch[IDX_IPV6CP], 1); 3399} 3400 3401static void 3402sppp_ipv6cp_up(struct sppp *sp) 3403{ 3404 sppp_up_event(&ipv6cp, sp); 3405} 3406 3407static void 3408sppp_ipv6cp_down(struct sppp *sp) 3409{ 3410 sppp_down_event(&ipv6cp, sp); 3411} 3412 3413static void 3414sppp_ipv6cp_open(struct sppp *sp) 3415{ 3416 STDDCL; 3417 struct in6_addr myaddr, hisaddr; 3418 3419#ifdef IPV6CP_MYIFID_DYN 3420 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3421#else 3422 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3423#endif 3424 3425 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3426 /* 3427 * If we don't have our address, this probably means our 3428 * interface doesn't want to talk IPv6 at all. (This could 3429 * be the case if somebody wants to speak only IPX, for 3430 * example.) Don't open IPv6CP in this case. 3431 */ 3432 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3433 /* XXX this message should go away */ 3434 if (debug) 3435 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3436 SPP_ARGS(ifp)); 3437 return; 3438 } 3439 3440 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3441 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3442 sppp_open_event(&ipv6cp, sp); 3443} 3444 3445static void 3446sppp_ipv6cp_close(struct sppp *sp) 3447{ 3448 sppp_close_event(&ipv6cp, sp); 3449} 3450 3451static void 3452sppp_ipv6cp_TO(void *cookie) 3453{ 3454 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3455} 3456 3457/* 3458 * Analyze a configure request. Return true if it was agreeable, and 3459 * caused action sca, false if it has been rejected or nak'ed, and 3460 * caused action scn. (The return value is used to make the state 3461 * transition decision in the state automaton.) 3462 */ 3463static int 3464sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3465{ 3466 u_char *buf, *r, *p; 3467 struct ifnet *ifp = SP2IFP(sp); 3468 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3469 struct in6_addr myaddr, desiredaddr, suggestaddr; 3470 int ifidcount; 3471 int type; 3472 int collision, nohisaddr; 3473 char ip6buf[INET6_ADDRSTRLEN]; 3474 3475 len -= 4; 3476 origlen = len; 3477 /* 3478 * Make sure to allocate a buf that can at least hold a 3479 * conf-nak with an `address' option. We might need it below. 3480 */ 3481 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3482 if (! buf) 3483 return (0); 3484 3485 /* pass 1: see if we can recognize them */ 3486 if (debug) 3487 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3488 SPP_ARGS(ifp)); 3489 p = (void*) (h+1); 3490 ifidcount = 0; 3491 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3492 len-=p[1], p+=p[1]) { 3493 if (debug) 3494 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3495 switch (*p) { 3496 case IPV6CP_OPT_IFID: 3497 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3498 /* correctly formed address option */ 3499 ifidcount++; 3500 continue; 3501 } 3502 if (debug) 3503 log(-1, " [invalid]"); 3504 break; 3505#ifdef notyet 3506 case IPV6CP_OPT_COMPRESSION: 3507 if (len >= 4 && p[1] >= 4) { 3508 /* correctly formed compress option */ 3509 continue; 3510 } 3511 if (debug) 3512 log(-1, " [invalid]"); 3513 break; 3514#endif 3515 default: 3516 /* Others not supported. */ 3517 if (debug) 3518 log(-1, " [rej]"); 3519 break; 3520 } 3521 /* Add the option to rejected list. */ 3522 bcopy (p, r, p[1]); 3523 r += p[1]; 3524 rlen += p[1]; 3525 } 3526 if (rlen) { 3527 if (debug) 3528 log(-1, " send conf-rej\n"); 3529 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3530 goto end; 3531 } else if (debug) 3532 log(-1, "\n"); 3533 3534 /* pass 2: parse option values */ 3535 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3536 if (debug) 3537 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3538 SPP_ARGS(ifp)); 3539 p = (void*) (h+1); 3540 len = origlen; 3541 type = CONF_ACK; 3542 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3543 len-=p[1], p+=p[1]) { 3544 if (debug) 3545 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3546 switch (*p) { 3547#ifdef notyet 3548 case IPV6CP_OPT_COMPRESSION: 3549 continue; 3550#endif 3551 case IPV6CP_OPT_IFID: 3552 bzero(&desiredaddr, sizeof(desiredaddr)); 3553 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3554 collision = (bcmp(&desiredaddr.s6_addr[8], 3555 &myaddr.s6_addr[8], 8) == 0); 3556 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3557 3558 desiredaddr.s6_addr16[0] = htons(0xfe80); 3559 (void)in6_setscope(&desiredaddr, SP2IFP(sp), NULL); 3560 3561 if (!collision && !nohisaddr) { 3562 /* no collision, hisaddr known - Conf-Ack */ 3563 type = CONF_ACK; 3564 3565 if (debug) { 3566 log(-1, " %s [%s]", 3567 ip6_sprintf(ip6buf, &desiredaddr), 3568 sppp_cp_type_name(type)); 3569 } 3570 continue; 3571 } 3572 3573 bzero(&suggestaddr, sizeof(suggestaddr)); 3574 if (collision && nohisaddr) { 3575 /* collision, hisaddr unknown - Conf-Rej */ 3576 type = CONF_REJ; 3577 bzero(&p[2], 8); 3578 } else { 3579 /* 3580 * - no collision, hisaddr unknown, or 3581 * - collision, hisaddr known 3582 * Conf-Nak, suggest hisaddr 3583 */ 3584 type = CONF_NAK; 3585 sppp_suggest_ip6_addr(sp, &suggestaddr); 3586 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3587 } 3588 if (debug) 3589 log(-1, " %s [%s]", 3590 ip6_sprintf(ip6buf, &desiredaddr), 3591 sppp_cp_type_name(type)); 3592 break; 3593 } 3594 /* Add the option to nak'ed list. */ 3595 bcopy (p, r, p[1]); 3596 r += p[1]; 3597 rlen += p[1]; 3598 } 3599 3600 if (rlen == 0 && type == CONF_ACK) { 3601 if (debug) 3602 log(-1, " send %s\n", sppp_cp_type_name(type)); 3603 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3604 } else { 3605#ifdef DIAGNOSTIC 3606 if (type == CONF_ACK) 3607 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3608#endif 3609 3610 if (debug) { 3611 log(-1, " send %s suggest %s\n", 3612 sppp_cp_type_name(type), 3613 ip6_sprintf(ip6buf, &suggestaddr)); 3614 } 3615 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3616 } 3617 3618 end: 3619 free (buf, M_TEMP); 3620 return (rlen == 0); 3621} 3622 3623/* 3624 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3625 * negotiation. 3626 */ 3627static void 3628sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3629{ 3630 u_char *buf, *p; 3631 struct ifnet *ifp = SP2IFP(sp); 3632 int debug = ifp->if_flags & IFF_DEBUG; 3633 3634 len -= 4; 3635 buf = malloc (len, M_TEMP, M_NOWAIT); 3636 if (!buf) 3637 return; 3638 3639 if (debug) 3640 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3641 SPP_ARGS(ifp)); 3642 3643 p = (void*) (h+1); 3644 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3645 len -= p[1], p += p[1]) { 3646 if (debug) 3647 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3648 switch (*p) { 3649 case IPV6CP_OPT_IFID: 3650 /* 3651 * Peer doesn't grok address option. This is 3652 * bad. XXX Should we better give up here? 3653 */ 3654 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3655 break; 3656#ifdef notyet 3657 case IPV6CP_OPT_COMPRESS: 3658 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3659 break; 3660#endif 3661 } 3662 } 3663 if (debug) 3664 log(-1, "\n"); 3665 free (buf, M_TEMP); 3666 return; 3667} 3668 3669/* 3670 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3671 * negotiation. 3672 */ 3673static void 3674sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3675{ 3676 u_char *buf, *p; 3677 struct ifnet *ifp = SP2IFP(sp); 3678 int debug = ifp->if_flags & IFF_DEBUG; 3679 struct in6_addr suggestaddr; 3680 char ip6buf[INET6_ADDRSTRLEN]; 3681 3682 len -= 4; 3683 buf = malloc (len, M_TEMP, M_NOWAIT); 3684 if (!buf) 3685 return; 3686 3687 if (debug) 3688 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3689 SPP_ARGS(ifp)); 3690 3691 p = (void*) (h+1); 3692 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3693 len -= p[1], p += p[1]) { 3694 if (debug) 3695 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3696 switch (*p) { 3697 case IPV6CP_OPT_IFID: 3698 /* 3699 * Peer doesn't like our local ifid. See 3700 * if we can do something for him. We'll drop 3701 * him our address then. 3702 */ 3703 if (len < 10 || p[1] != 10) 3704 break; 3705 bzero(&suggestaddr, sizeof(suggestaddr)); 3706 suggestaddr.s6_addr16[0] = htons(0xfe80); 3707 (void)in6_setscope(&suggestaddr, SP2IFP(sp), NULL); 3708 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3709 3710 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3711 if (debug) 3712 log(-1, " [suggestaddr %s]", 3713 ip6_sprintf(ip6buf, &suggestaddr)); 3714#ifdef IPV6CP_MYIFID_DYN 3715 /* 3716 * When doing dynamic address assignment, 3717 * we accept his offer. 3718 */ 3719 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3720 struct in6_addr lastsuggest; 3721 /* 3722 * If <suggested myaddr from peer> equals to 3723 * <hisaddr we have suggested last time>, 3724 * we have a collision. generate new random 3725 * ifid. 3726 */ 3727 sppp_suggest_ip6_addr(&lastsuggest); 3728 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3729 lastsuggest)) { 3730 if (debug) 3731 log(-1, " [random]"); 3732 sppp_gen_ip6_addr(sp, &suggestaddr); 3733 } 3734 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3735 if (debug) 3736 log(-1, " [agree]"); 3737 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3738 } 3739#else 3740 /* 3741 * Since we do not do dynamic address assignment, 3742 * we ignore it and thus continue to negotiate 3743 * our already existing value. This can possibly 3744 * go into infinite request-reject loop. 3745 * 3746 * This is not likely because we normally use 3747 * ifid based on MAC-address. 3748 * If you have no ethernet card on the node, too bad. 3749 * XXX should we use fail_counter? 3750 */ 3751#endif 3752 break; 3753#ifdef notyet 3754 case IPV6CP_OPT_COMPRESS: 3755 /* 3756 * Peer wants different compression parameters. 3757 */ 3758 break; 3759#endif 3760 } 3761 } 3762 if (debug) 3763 log(-1, "\n"); 3764 free (buf, M_TEMP); 3765 return; 3766} 3767static void 3768sppp_ipv6cp_tlu(struct sppp *sp) 3769{ 3770 /* we are up - notify isdn daemon */ 3771 if (sp->pp_con) 3772 sp->pp_con(sp); 3773} 3774 3775static void 3776sppp_ipv6cp_tld(struct sppp *sp) 3777{ 3778} 3779 3780static void 3781sppp_ipv6cp_tls(struct sppp *sp) 3782{ 3783 /* indicate to LCP that it must stay alive */ 3784 sp->lcp.protos |= (1 << IDX_IPV6CP); 3785} 3786 3787static void 3788sppp_ipv6cp_tlf(struct sppp *sp) 3789{ 3790 3791#if 0 /* need #if 0 to close IPv6CP properly */ 3792 /* we no longer need LCP */ 3793 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3794 sppp_lcp_check_and_close(sp); 3795#endif 3796} 3797 3798static void 3799sppp_ipv6cp_scr(struct sppp *sp) 3800{ 3801 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3802 struct in6_addr ouraddr; 3803 int i = 0; 3804 3805 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3806 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3807 opt[i++] = IPV6CP_OPT_IFID; 3808 opt[i++] = 10; 3809 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3810 i += 8; 3811 } 3812 3813#ifdef notyet 3814 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3815 opt[i++] = IPV6CP_OPT_COMPRESSION; 3816 opt[i++] = 4; 3817 opt[i++] = 0; /* TBD */ 3818 opt[i++] = 0; /* TBD */ 3819 /* variable length data may follow */ 3820 } 3821#endif 3822 3823 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3824 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3825} 3826#else /*INET6*/ 3827static void sppp_ipv6cp_init(struct sppp *sp) 3828{ 3829} 3830 3831static void sppp_ipv6cp_up(struct sppp *sp) 3832{ 3833} 3834 3835static void sppp_ipv6cp_down(struct sppp *sp) 3836{ 3837} 3838 3839 3840static void sppp_ipv6cp_open(struct sppp *sp) 3841{ 3842} 3843 3844static void sppp_ipv6cp_close(struct sppp *sp) 3845{ 3846} 3847 3848static void sppp_ipv6cp_TO(void *sp) 3849{ 3850} 3851 3852static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3853{ 3854 return 0; 3855} 3856 3857static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3858{ 3859} 3860 3861static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3862{ 3863} 3864 3865static void sppp_ipv6cp_tlu(struct sppp *sp) 3866{ 3867} 3868 3869static void sppp_ipv6cp_tld(struct sppp *sp) 3870{ 3871} 3872 3873static void sppp_ipv6cp_tls(struct sppp *sp) 3874{ 3875} 3876 3877static void sppp_ipv6cp_tlf(struct sppp *sp) 3878{ 3879} 3880 3881static void sppp_ipv6cp_scr(struct sppp *sp) 3882{ 3883} 3884#endif /*INET6*/ 3885 3886/* 3887 *--------------------------------------------------------------------------* 3888 * * 3889 * The CHAP implementation. * 3890 * * 3891 *--------------------------------------------------------------------------* 3892 */ 3893 3894/* 3895 * The authentication protocols don't employ a full-fledged state machine as 3896 * the control protocols do, since they do have Open and Close events, but 3897 * not Up and Down, nor are they explicitly terminated. Also, use of the 3898 * authentication protocols may be different in both directions (this makes 3899 * sense, think of a machine that never accepts incoming calls but only 3900 * calls out, it doesn't require the called party to authenticate itself). 3901 * 3902 * Our state machine for the local authentication protocol (we are requesting 3903 * the peer to authenticate) looks like: 3904 * 3905 * RCA- 3906 * +--------------------------------------------+ 3907 * V scn,tld| 3908 * +--------+ Close +---------+ RCA+ 3909 * | |<----------------------------------| |------+ 3910 * +--->| Closed | TO* | Opened | sca | 3911 * | | |-----+ +-------| |<-----+ 3912 * | +--------+ irc | | +---------+ 3913 * | ^ | | ^ 3914 * | | | | | 3915 * | | | | | 3916 * | TO-| | | | 3917 * | |tld TO+ V | | 3918 * | | +------->+ | | 3919 * | | | | | | 3920 * | +--------+ V | | 3921 * | | |<----+<--------------------+ | 3922 * | | Req- | scr | 3923 * | | Sent | | 3924 * | | | | 3925 * | +--------+ | 3926 * | RCA- | | RCA+ | 3927 * +------+ +------------------------------------------+ 3928 * scn,tld sca,irc,ict,tlu 3929 * 3930 * 3931 * with: 3932 * 3933 * Open: LCP reached authentication phase 3934 * Close: LCP reached terminate phase 3935 * 3936 * RCA+: received reply (pap-req, chap-response), acceptable 3937 * RCN: received reply (pap-req, chap-response), not acceptable 3938 * TO+: timeout with restart counter >= 0 3939 * TO-: timeout with restart counter < 0 3940 * TO*: reschedule timeout for CHAP 3941 * 3942 * scr: send request packet (none for PAP, chap-challenge) 3943 * sca: send ack packet (pap-ack, chap-success) 3944 * scn: send nak packet (pap-nak, chap-failure) 3945 * ict: initialize re-challenge timer (CHAP only) 3946 * 3947 * tlu: this-layer-up, LCP reaches network phase 3948 * tld: this-layer-down, LCP enters terminate phase 3949 * 3950 * Note that in CHAP mode, after sending a new challenge, while the state 3951 * automaton falls back into Req-Sent state, it doesn't signal a tld 3952 * event to LCP, so LCP remains in network phase. Only after not getting 3953 * any response (or after getting an unacceptable response), CHAP closes, 3954 * causing LCP to enter terminate phase. 3955 * 3956 * With PAP, there is no initial request that can be sent. The peer is 3957 * expected to send one based on the successful negotiation of PAP as 3958 * the authentication protocol during the LCP option negotiation. 3959 * 3960 * Incoming authentication protocol requests (remote requests 3961 * authentication, we are peer) don't employ a state machine at all, 3962 * they are simply answered. Some peers [Ascend P50 firmware rev 3963 * 4.50] react allergically when sending IPCP requests while they are 3964 * still in authentication phase (thereby violating the standard that 3965 * demands that these NCP packets are to be discarded), so we keep 3966 * track of the peer demanding us to authenticate, and only proceed to 3967 * phase network once we've seen a positive acknowledge for the 3968 * authentication. 3969 */ 3970 3971/* 3972 * Handle incoming CHAP packets. 3973 */ 3974static void 3975sppp_chap_input(struct sppp *sp, struct mbuf *m) 3976{ 3977 STDDCL; 3978 struct lcp_header *h; 3979 int len; 3980 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3981 int value_len, name_len; 3982 MD5_CTX ctx; 3983 3984 len = m->m_pkthdr.len; 3985 if (len < 4) { 3986 if (debug) 3987 log(LOG_DEBUG, 3988 SPP_FMT "chap invalid packet length: %d bytes\n", 3989 SPP_ARGS(ifp), len); 3990 return; 3991 } 3992 h = mtod (m, struct lcp_header*); 3993 if (len > ntohs (h->len)) 3994 len = ntohs (h->len); 3995 3996 switch (h->type) { 3997 /* challenge, failure and success are his authproto */ 3998 case CHAP_CHALLENGE: 3999 value = 1 + (u_char*)(h+1); 4000 value_len = value[-1]; 4001 name = value + value_len; 4002 name_len = len - value_len - 5; 4003 if (name_len < 0) { 4004 if (debug) { 4005 log(LOG_DEBUG, 4006 SPP_FMT "chap corrupted challenge " 4007 "<%s id=0x%x len=%d", 4008 SPP_ARGS(ifp), 4009 sppp_auth_type_name(PPP_CHAP, h->type), 4010 h->ident, ntohs(h->len)); 4011 sppp_print_bytes((u_char*) (h+1), len-4); 4012 log(-1, ">\n"); 4013 } 4014 break; 4015 } 4016 4017 if (debug) { 4018 log(LOG_DEBUG, 4019 SPP_FMT "chap input <%s id=0x%x len=%d name=", 4020 SPP_ARGS(ifp), 4021 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 4022 ntohs(h->len)); 4023 sppp_print_string((char*) name, name_len); 4024 log(-1, " value-size=%d value=", value_len); 4025 sppp_print_bytes(value, value_len); 4026 log(-1, ">\n"); 4027 } 4028 4029 /* Compute reply value. */ 4030 MD5Init(&ctx); 4031 MD5Update(&ctx, &h->ident, 1); 4032 MD5Update(&ctx, sp->myauth.secret, 4033 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 4034 MD5Update(&ctx, value, value_len); 4035 MD5Final(digest, &ctx); 4036 dsize = sizeof digest; 4037 4038 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 4039 sizeof dsize, (const char *)&dsize, 4040 sizeof digest, digest, 4041 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4042 sp->myauth.name, 4043 0); 4044 break; 4045 4046 case CHAP_SUCCESS: 4047 if (debug) { 4048 log(LOG_DEBUG, SPP_FMT "chap success", 4049 SPP_ARGS(ifp)); 4050 if (len > 4) { 4051 log(-1, ": "); 4052 sppp_print_string((char*)(h + 1), len - 4); 4053 } 4054 log(-1, "\n"); 4055 } 4056 SPPP_LOCK(sp); 4057 sp->pp_flags &= ~PP_NEEDAUTH; 4058 if (sp->myauth.proto == PPP_CHAP && 4059 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4060 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 4061 /* 4062 * We are authenticator for CHAP but didn't 4063 * complete yet. Leave it to tlu to proceed 4064 * to network phase. 4065 */ 4066 SPPP_UNLOCK(sp); 4067 break; 4068 } 4069 SPPP_UNLOCK(sp); 4070 sppp_phase_network(sp); 4071 break; 4072 4073 case CHAP_FAILURE: 4074 if (debug) { 4075 log(LOG_INFO, SPP_FMT "chap failure", 4076 SPP_ARGS(ifp)); 4077 if (len > 4) { 4078 log(-1, ": "); 4079 sppp_print_string((char*)(h + 1), len - 4); 4080 } 4081 log(-1, "\n"); 4082 } else 4083 log(LOG_INFO, SPP_FMT "chap failure\n", 4084 SPP_ARGS(ifp)); 4085 /* await LCP shutdown by authenticator */ 4086 break; 4087 4088 /* response is my authproto */ 4089 case CHAP_RESPONSE: 4090 value = 1 + (u_char*)(h+1); 4091 value_len = value[-1]; 4092 name = value + value_len; 4093 name_len = len - value_len - 5; 4094 if (name_len < 0) { 4095 if (debug) { 4096 log(LOG_DEBUG, 4097 SPP_FMT "chap corrupted response " 4098 "<%s id=0x%x len=%d", 4099 SPP_ARGS(ifp), 4100 sppp_auth_type_name(PPP_CHAP, h->type), 4101 h->ident, ntohs(h->len)); 4102 sppp_print_bytes((u_char*)(h+1), len-4); 4103 log(-1, ">\n"); 4104 } 4105 break; 4106 } 4107 if (h->ident != sp->confid[IDX_CHAP]) { 4108 if (debug) 4109 log(LOG_DEBUG, 4110 SPP_FMT "chap dropping response for old ID " 4111 "(got %d, expected %d)\n", 4112 SPP_ARGS(ifp), 4113 h->ident, sp->confid[IDX_CHAP]); 4114 break; 4115 } 4116 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 4117 || bcmp(name, sp->hisauth.name, name_len) != 0) { 4118 log(LOG_INFO, SPP_FMT "chap response, his name ", 4119 SPP_ARGS(ifp)); 4120 sppp_print_string(name, name_len); 4121 log(-1, " != expected "); 4122 sppp_print_string(sp->hisauth.name, 4123 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 4124 log(-1, "\n"); 4125 } 4126 if (debug) { 4127 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 4128 "<%s id=0x%x len=%d name=", 4129 SPP_ARGS(ifp), 4130 sppp_state_name(sp->state[IDX_CHAP]), 4131 sppp_auth_type_name(PPP_CHAP, h->type), 4132 h->ident, ntohs (h->len)); 4133 sppp_print_string((char*)name, name_len); 4134 log(-1, " value-size=%d value=", value_len); 4135 sppp_print_bytes(value, value_len); 4136 log(-1, ">\n"); 4137 } 4138 if (value_len != AUTHKEYLEN) { 4139 if (debug) 4140 log(LOG_DEBUG, 4141 SPP_FMT "chap bad hash value length: " 4142 "%d bytes, should be %d\n", 4143 SPP_ARGS(ifp), value_len, 4144 AUTHKEYLEN); 4145 break; 4146 } 4147 4148 MD5Init(&ctx); 4149 MD5Update(&ctx, &h->ident, 1); 4150 MD5Update(&ctx, sp->hisauth.secret, 4151 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 4152 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 4153 MD5Final(digest, &ctx); 4154 4155#define FAILMSG "Failed..." 4156#define SUCCMSG "Welcome!" 4157 4158 if (value_len != sizeof digest || 4159 bcmp(digest, value, value_len) != 0) { 4160 /* action scn, tld */ 4161 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4162 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4163 0); 4164 chap.tld(sp); 4165 break; 4166 } 4167 /* action sca, perhaps tlu */ 4168 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4169 sp->state[IDX_CHAP] == STATE_OPENED) 4170 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4171 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4172 0); 4173 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4174 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4175 chap.tlu(sp); 4176 } 4177 break; 4178 4179 default: 4180 /* Unknown CHAP packet type -- ignore. */ 4181 if (debug) { 4182 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4183 "<0x%x id=0x%xh len=%d", 4184 SPP_ARGS(ifp), 4185 sppp_state_name(sp->state[IDX_CHAP]), 4186 h->type, h->ident, ntohs(h->len)); 4187 sppp_print_bytes((u_char*)(h+1), len-4); 4188 log(-1, ">\n"); 4189 } 4190 break; 4191 4192 } 4193} 4194 4195static void 4196sppp_chap_init(struct sppp *sp) 4197{ 4198 /* Chap doesn't have STATE_INITIAL at all. */ 4199 sp->state[IDX_CHAP] = STATE_CLOSED; 4200 sp->fail_counter[IDX_CHAP] = 0; 4201 sp->pp_seq[IDX_CHAP] = 0; 4202 sp->pp_rseq[IDX_CHAP] = 0; 4203 callout_init(&sp->ch[IDX_CHAP], 1); 4204} 4205 4206static void 4207sppp_chap_open(struct sppp *sp) 4208{ 4209 if (sp->myauth.proto == PPP_CHAP && 4210 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4211 /* we are authenticator for CHAP, start it */ 4212 chap.scr(sp); 4213 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4214 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4215 } 4216 /* nothing to be done if we are peer, await a challenge */ 4217} 4218 4219static void 4220sppp_chap_close(struct sppp *sp) 4221{ 4222 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4223 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4224} 4225 4226static void 4227sppp_chap_TO(void *cookie) 4228{ 4229 struct sppp *sp = (struct sppp *)cookie; 4230 STDDCL; 4231 4232 SPPP_LOCK(sp); 4233 if (debug) 4234 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4235 SPP_ARGS(ifp), 4236 sppp_state_name(sp->state[IDX_CHAP]), 4237 sp->rst_counter[IDX_CHAP]); 4238 4239 if (--sp->rst_counter[IDX_CHAP] < 0) 4240 /* TO- event */ 4241 switch (sp->state[IDX_CHAP]) { 4242 case STATE_REQ_SENT: 4243 chap.tld(sp); 4244 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4245 break; 4246 } 4247 else 4248 /* TO+ (or TO*) event */ 4249 switch (sp->state[IDX_CHAP]) { 4250 case STATE_OPENED: 4251 /* TO* event */ 4252 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4253 /* FALLTHROUGH */ 4254 case STATE_REQ_SENT: 4255 chap.scr(sp); 4256 /* sppp_cp_change_state() will restart the timer */ 4257 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4258 break; 4259 } 4260 4261 SPPP_UNLOCK(sp); 4262} 4263 4264static void 4265sppp_chap_tlu(struct sppp *sp) 4266{ 4267 STDDCL; 4268 int i; 4269 4270 i = 0; 4271 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4272 4273 /* 4274 * Some broken CHAP implementations (Conware CoNet, firmware 4275 * 4.0.?) don't want to re-authenticate their CHAP once the 4276 * initial challenge-response exchange has taken place. 4277 * Provide for an option to avoid rechallenges. 4278 */ 4279 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4280 /* 4281 * Compute the re-challenge timeout. This will yield 4282 * a number between 300 and 810 seconds. 4283 */ 4284 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4285 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, (void *)sp); 4286 } 4287 4288 if (debug) { 4289 log(LOG_DEBUG, 4290 SPP_FMT "chap %s, ", 4291 SPP_ARGS(ifp), 4292 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4293 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4294 log(-1, "next re-challenge in %d seconds\n", i); 4295 else 4296 log(-1, "re-challenging suppressed\n"); 4297 } 4298 4299 SPPP_LOCK(sp); 4300 /* indicate to LCP that we need to be closed down */ 4301 sp->lcp.protos |= (1 << IDX_CHAP); 4302 4303 if (sp->pp_flags & PP_NEEDAUTH) { 4304 /* 4305 * Remote is authenticator, but his auth proto didn't 4306 * complete yet. Defer the transition to network 4307 * phase. 4308 */ 4309 SPPP_UNLOCK(sp); 4310 return; 4311 } 4312 SPPP_UNLOCK(sp); 4313 4314 /* 4315 * If we are already in phase network, we are done here. This 4316 * is the case if this is a dummy tlu event after a re-challenge. 4317 */ 4318 if (sp->pp_phase != PHASE_NETWORK) 4319 sppp_phase_network(sp); 4320} 4321 4322static void 4323sppp_chap_tld(struct sppp *sp) 4324{ 4325 STDDCL; 4326 4327 if (debug) 4328 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4329 callout_stop(&sp->ch[IDX_CHAP]); 4330 sp->lcp.protos &= ~(1 << IDX_CHAP); 4331 4332 lcp.Close(sp); 4333} 4334 4335static void 4336sppp_chap_scr(struct sppp *sp) 4337{ 4338 u_long *ch, seed; 4339 u_char clen; 4340 4341 /* Compute random challenge. */ 4342 ch = (u_long *)sp->myauth.challenge; 4343 read_random(&seed, sizeof seed); 4344 ch[0] = seed ^ random(); 4345 ch[1] = seed ^ random(); 4346 ch[2] = seed ^ random(); 4347 ch[3] = seed ^ random(); 4348 clen = AUTHKEYLEN; 4349 4350 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4351 4352 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4353 sizeof clen, (const char *)&clen, 4354 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4355 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4356 sp->myauth.name, 4357 0); 4358} 4359 4360/* 4361 *--------------------------------------------------------------------------* 4362 * * 4363 * The PAP implementation. * 4364 * * 4365 *--------------------------------------------------------------------------* 4366 */ 4367/* 4368 * For PAP, we need to keep a little state also if we are the peer, not the 4369 * authenticator. This is since we don't get a request to authenticate, but 4370 * have to repeatedly authenticate ourself until we got a response (or the 4371 * retry counter is expired). 4372 */ 4373 4374/* 4375 * Handle incoming PAP packets. */ 4376static void 4377sppp_pap_input(struct sppp *sp, struct mbuf *m) 4378{ 4379 STDDCL; 4380 struct lcp_header *h; 4381 int len; 4382 u_char *name, *passwd, mlen; 4383 int name_len, passwd_len; 4384 4385 len = m->m_pkthdr.len; 4386 if (len < 5) { 4387 if (debug) 4388 log(LOG_DEBUG, 4389 SPP_FMT "pap invalid packet length: %d bytes\n", 4390 SPP_ARGS(ifp), len); 4391 return; 4392 } 4393 h = mtod (m, struct lcp_header*); 4394 if (len > ntohs (h->len)) 4395 len = ntohs (h->len); 4396 switch (h->type) { 4397 /* PAP request is my authproto */ 4398 case PAP_REQ: 4399 name = 1 + (u_char*)(h+1); 4400 name_len = name[-1]; 4401 passwd = name + name_len + 1; 4402 if (name_len > len - 6 || 4403 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4404 if (debug) { 4405 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4406 "<%s id=0x%x len=%d", 4407 SPP_ARGS(ifp), 4408 sppp_auth_type_name(PPP_PAP, h->type), 4409 h->ident, ntohs(h->len)); 4410 sppp_print_bytes((u_char*)(h+1), len-4); 4411 log(-1, ">\n"); 4412 } 4413 break; 4414 } 4415 if (debug) { 4416 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4417 "<%s id=0x%x len=%d name=", 4418 SPP_ARGS(ifp), 4419 sppp_state_name(sp->state[IDX_PAP]), 4420 sppp_auth_type_name(PPP_PAP, h->type), 4421 h->ident, ntohs(h->len)); 4422 sppp_print_string((char*)name, name_len); 4423 log(-1, " passwd="); 4424 sppp_print_string((char*)passwd, passwd_len); 4425 log(-1, ">\n"); 4426 } 4427 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4428 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4429 bcmp(name, sp->hisauth.name, name_len) != 0 || 4430 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4431 /* action scn, tld */ 4432 mlen = sizeof(FAILMSG) - 1; 4433 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4434 sizeof mlen, (const char *)&mlen, 4435 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4436 0); 4437 pap.tld(sp); 4438 break; 4439 } 4440 /* action sca, perhaps tlu */ 4441 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4442 sp->state[IDX_PAP] == STATE_OPENED) { 4443 mlen = sizeof(SUCCMSG) - 1; 4444 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4445 sizeof mlen, (const char *)&mlen, 4446 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4447 0); 4448 } 4449 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4450 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4451 pap.tlu(sp); 4452 } 4453 break; 4454 4455 /* ack and nak are his authproto */ 4456 case PAP_ACK: 4457 callout_stop(&sp->pap_my_to_ch); 4458 if (debug) { 4459 log(LOG_DEBUG, SPP_FMT "pap success", 4460 SPP_ARGS(ifp)); 4461 name_len = *((char *)h); 4462 if (len > 5 && name_len) { 4463 log(-1, ": "); 4464 sppp_print_string((char*)(h+1), name_len); 4465 } 4466 log(-1, "\n"); 4467 } 4468 SPPP_LOCK(sp); 4469 sp->pp_flags &= ~PP_NEEDAUTH; 4470 if (sp->myauth.proto == PPP_PAP && 4471 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4472 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4473 /* 4474 * We are authenticator for PAP but didn't 4475 * complete yet. Leave it to tlu to proceed 4476 * to network phase. 4477 */ 4478 SPPP_UNLOCK(sp); 4479 break; 4480 } 4481 SPPP_UNLOCK(sp); 4482 sppp_phase_network(sp); 4483 break; 4484 4485 case PAP_NAK: 4486 callout_stop (&sp->pap_my_to_ch); 4487 if (debug) { 4488 log(LOG_INFO, SPP_FMT "pap failure", 4489 SPP_ARGS(ifp)); 4490 name_len = *((char *)h); 4491 if (len > 5 && name_len) { 4492 log(-1, ": "); 4493 sppp_print_string((char*)(h+1), name_len); 4494 } 4495 log(-1, "\n"); 4496 } else 4497 log(LOG_INFO, SPP_FMT "pap failure\n", 4498 SPP_ARGS(ifp)); 4499 /* await LCP shutdown by authenticator */ 4500 break; 4501 4502 default: 4503 /* Unknown PAP packet type -- ignore. */ 4504 if (debug) { 4505 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4506 "<0x%x id=0x%x len=%d", 4507 SPP_ARGS(ifp), 4508 h->type, h->ident, ntohs(h->len)); 4509 sppp_print_bytes((u_char*)(h+1), len-4); 4510 log(-1, ">\n"); 4511 } 4512 break; 4513 4514 } 4515} 4516 4517static void 4518sppp_pap_init(struct sppp *sp) 4519{ 4520 /* PAP doesn't have STATE_INITIAL at all. */ 4521 sp->state[IDX_PAP] = STATE_CLOSED; 4522 sp->fail_counter[IDX_PAP] = 0; 4523 sp->pp_seq[IDX_PAP] = 0; 4524 sp->pp_rseq[IDX_PAP] = 0; 4525 callout_init(&sp->ch[IDX_PAP], 1); 4526 callout_init(&sp->pap_my_to_ch, 1); 4527} 4528 4529static void 4530sppp_pap_open(struct sppp *sp) 4531{ 4532 if (sp->hisauth.proto == PPP_PAP && 4533 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4534 /* we are authenticator for PAP, start our timer */ 4535 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4536 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4537 } 4538 if (sp->myauth.proto == PPP_PAP) { 4539 /* we are peer, send a request, and start a timer */ 4540 pap.scr(sp); 4541 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 4542 sppp_pap_my_TO, (void *)sp); 4543 } 4544} 4545 4546static void 4547sppp_pap_close(struct sppp *sp) 4548{ 4549 if (sp->state[IDX_PAP] != STATE_CLOSED) 4550 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4551} 4552 4553/* 4554 * That's the timeout routine if we are authenticator. Since the 4555 * authenticator is basically passive in PAP, we can't do much here. 4556 */ 4557static void 4558sppp_pap_TO(void *cookie) 4559{ 4560 struct sppp *sp = (struct sppp *)cookie; 4561 STDDCL; 4562 4563 SPPP_LOCK(sp); 4564 if (debug) 4565 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4566 SPP_ARGS(ifp), 4567 sppp_state_name(sp->state[IDX_PAP]), 4568 sp->rst_counter[IDX_PAP]); 4569 4570 if (--sp->rst_counter[IDX_PAP] < 0) 4571 /* TO- event */ 4572 switch (sp->state[IDX_PAP]) { 4573 case STATE_REQ_SENT: 4574 pap.tld(sp); 4575 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4576 break; 4577 } 4578 else 4579 /* TO+ event, not very much we could do */ 4580 switch (sp->state[IDX_PAP]) { 4581 case STATE_REQ_SENT: 4582 /* sppp_cp_change_state() will restart the timer */ 4583 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4584 break; 4585 } 4586 4587 SPPP_UNLOCK(sp); 4588} 4589 4590/* 4591 * That's the timeout handler if we are peer. Since the peer is active, 4592 * we need to retransmit our PAP request since it is apparently lost. 4593 * XXX We should impose a max counter. 4594 */ 4595static void 4596sppp_pap_my_TO(void *cookie) 4597{ 4598 struct sppp *sp = (struct sppp *)cookie; 4599 STDDCL; 4600 4601 if (debug) 4602 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4603 SPP_ARGS(ifp)); 4604 4605 SPPP_LOCK(sp); 4606 pap.scr(sp); 4607 SPPP_UNLOCK(sp); 4608} 4609 4610static void 4611sppp_pap_tlu(struct sppp *sp) 4612{ 4613 STDDCL; 4614 4615 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4616 4617 if (debug) 4618 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4619 SPP_ARGS(ifp), pap.name); 4620 4621 SPPP_LOCK(sp); 4622 /* indicate to LCP that we need to be closed down */ 4623 sp->lcp.protos |= (1 << IDX_PAP); 4624 4625 if (sp->pp_flags & PP_NEEDAUTH) { 4626 /* 4627 * Remote is authenticator, but his auth proto didn't 4628 * complete yet. Defer the transition to network 4629 * phase. 4630 */ 4631 SPPP_UNLOCK(sp); 4632 return; 4633 } 4634 SPPP_UNLOCK(sp); 4635 sppp_phase_network(sp); 4636} 4637 4638static void 4639sppp_pap_tld(struct sppp *sp) 4640{ 4641 STDDCL; 4642 4643 if (debug) 4644 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4645 callout_stop (&sp->ch[IDX_PAP]); 4646 callout_stop (&sp->pap_my_to_ch); 4647 sp->lcp.protos &= ~(1 << IDX_PAP); 4648 4649 lcp.Close(sp); 4650} 4651 4652static void 4653sppp_pap_scr(struct sppp *sp) 4654{ 4655 u_char idlen, pwdlen; 4656 4657 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4658 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4659 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4660 4661 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4662 sizeof idlen, (const char *)&idlen, 4663 (size_t)idlen, sp->myauth.name, 4664 sizeof pwdlen, (const char *)&pwdlen, 4665 (size_t)pwdlen, sp->myauth.secret, 4666 0); 4667} 4668 4669/* 4670 * Random miscellaneous functions. 4671 */ 4672 4673/* 4674 * Send a PAP or CHAP proto packet. 4675 * 4676 * Varadic function, each of the elements for the ellipsis is of type 4677 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4678 * mlen == 0. 4679 * NOTE: never declare variadic functions with types subject to type 4680 * promotion (i.e. u_char). This is asking for big trouble depending 4681 * on the architecture you are on... 4682 */ 4683 4684static void 4685sppp_auth_send(const struct cp *cp, struct sppp *sp, 4686 unsigned int type, unsigned int id, 4687 ...) 4688{ 4689 STDDCL; 4690 struct ppp_header *h; 4691 struct lcp_header *lh; 4692 struct mbuf *m; 4693 u_char *p; 4694 int len; 4695 unsigned int mlen; 4696 const char *msg; 4697 va_list ap; 4698 4699 MGETHDR (m, M_NOWAIT, MT_DATA); 4700 if (! m) 4701 return; 4702 m->m_pkthdr.rcvif = 0; 4703 4704 h = mtod (m, struct ppp_header*); 4705 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4706 h->control = PPP_UI; /* Unnumbered Info */ 4707 h->protocol = htons(cp->proto); 4708 4709 lh = (struct lcp_header*)(h + 1); 4710 lh->type = type; 4711 lh->ident = id; 4712 p = (u_char*) (lh+1); 4713 4714 va_start(ap, id); 4715 len = 0; 4716 4717 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4718 msg = va_arg(ap, const char *); 4719 len += mlen; 4720 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4721 va_end(ap); 4722 m_freem(m); 4723 return; 4724 } 4725 4726 bcopy(msg, p, mlen); 4727 p += mlen; 4728 } 4729 va_end(ap); 4730 4731 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4732 lh->len = htons (LCP_HEADER_LEN + len); 4733 4734 if (debug) { 4735 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4736 SPP_ARGS(ifp), cp->name, 4737 sppp_auth_type_name(cp->proto, lh->type), 4738 lh->ident, ntohs(lh->len)); 4739 sppp_print_bytes((u_char*) (lh+1), len); 4740 log(-1, ">\n"); 4741 } 4742 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 4743 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 4744} 4745 4746/* 4747 * Flush interface queue. 4748 */ 4749static void 4750sppp_qflush(struct ifqueue *ifq) 4751{ 4752 struct mbuf *m, *n; 4753 4754 n = ifq->ifq_head; 4755 while ((m = n)) { 4756 n = m->m_nextpkt; 4757 m_freem (m); 4758 } 4759 ifq->ifq_head = 0; 4760 ifq->ifq_tail = 0; 4761 ifq->ifq_len = 0; 4762} 4763 4764/* 4765 * Send keepalive packets, every 10 seconds. 4766 */ 4767static void 4768sppp_keepalive(void *dummy) 4769{ 4770 struct sppp *sp = (struct sppp*)dummy; 4771 struct ifnet *ifp = SP2IFP(sp); 4772 4773 SPPP_LOCK(sp); 4774 /* Keepalive mode disabled or channel down? */ 4775 if (! (sp->pp_flags & PP_KEEPALIVE) || 4776 ! (ifp->if_drv_flags & IFF_DRV_RUNNING)) 4777 goto out; 4778 4779 if (sp->pp_mode == PP_FR) { 4780 sppp_fr_keepalive (sp); 4781 goto out; 4782 } 4783 4784 /* No keepalive in PPP mode if LCP not opened yet. */ 4785 if (sp->pp_mode != IFF_CISCO && 4786 sp->pp_phase < PHASE_AUTHENTICATE) 4787 goto out; 4788 4789 if (sp->pp_alivecnt == MAXALIVECNT) { 4790 /* No keepalive packets got. Stop the interface. */ 4791 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4792 if_down (ifp); 4793 sppp_qflush (&sp->pp_cpq); 4794 if (sp->pp_mode != IFF_CISCO) { 4795 /* XXX */ 4796 /* Shut down the PPP link. */ 4797 lcp.Down(sp); 4798 /* Initiate negotiation. XXX */ 4799 lcp.Up(sp); 4800 } 4801 } 4802 if (sp->pp_alivecnt <= MAXALIVECNT) 4803 ++sp->pp_alivecnt; 4804 if (sp->pp_mode == IFF_CISCO) 4805 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4806 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4807 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4808 uint32_t nmagic = htonl(sp->lcp.magic); 4809 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4810 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4811 sp->lcp.echoid, 4, &nmagic); 4812 } 4813out: 4814 SPPP_UNLOCK(sp); 4815 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 4816 (void *)sp); 4817} 4818 4819/* 4820 * Get both IP addresses. 4821 */ 4822void 4823sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4824{ 4825 struct ifnet *ifp = SP2IFP(sp); 4826 struct ifaddr *ifa; 4827 struct sockaddr_in *si, *sm; 4828 u_long ssrc, ddst; 4829 4830 sm = NULL; 4831 ssrc = ddst = 0L; 4832 /* 4833 * Pick the first AF_INET address from the list, 4834 * aliases don't make any sense on a p2p link anyway. 4835 */ 4836 si = NULL; 4837 if_addr_rlock(ifp); 4838 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4839 if (ifa->ifa_addr->sa_family == AF_INET) { 4840 si = (struct sockaddr_in *)ifa->ifa_addr; 4841 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4842 if (si) 4843 break; 4844 } 4845 if (ifa) { 4846 if (si && si->sin_addr.s_addr) { 4847 ssrc = si->sin_addr.s_addr; 4848 if (srcmask) 4849 *srcmask = ntohl(sm->sin_addr.s_addr); 4850 } 4851 4852 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4853 if (si && si->sin_addr.s_addr) 4854 ddst = si->sin_addr.s_addr; 4855 } 4856 if_addr_runlock(ifp); 4857 4858 if (dst) *dst = ntohl(ddst); 4859 if (src) *src = ntohl(ssrc); 4860} 4861 4862#ifdef INET 4863/* 4864 * Set my IP address. 4865 */ 4866static void 4867sppp_set_ip_addr(struct sppp *sp, u_long src) 4868{ 4869 STDDCL; 4870 struct ifaddr *ifa; 4871 struct sockaddr_in *si; 4872 struct in_ifaddr *ia; 4873 4874 /* 4875 * Pick the first AF_INET address from the list, 4876 * aliases don't make any sense on a p2p link anyway. 4877 */ 4878 si = NULL; 4879 if_addr_rlock(ifp); 4880 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 4881 if (ifa->ifa_addr->sa_family == AF_INET) { 4882 si = (struct sockaddr_in *)ifa->ifa_addr; 4883 if (si != NULL) { 4884 ifa_ref(ifa); 4885 break; 4886 } 4887 } 4888 } 4889 if_addr_runlock(ifp); 4890 4891 if (ifa != NULL) { 4892 int error; 4893 4894 /* delete old route */ 4895 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4896 if (debug && error) { 4897 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4898 SPP_ARGS(ifp), error); 4899 } 4900 4901 /* set new address */ 4902 si->sin_addr.s_addr = htonl(src); 4903 ia = ifatoia(ifa); 4904 IN_IFADDR_WLOCK(); 4905 LIST_REMOVE(ia, ia_hash); 4906 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4907 IN_IFADDR_WUNLOCK(); 4908 4909 /* add new route */ 4910 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4911 if (debug && error) { 4912 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4913 SPP_ARGS(ifp), error); 4914 } 4915 ifa_free(ifa); 4916 } 4917} 4918#endif 4919 4920#ifdef INET6 4921/* 4922 * Get both IPv6 addresses. 4923 */ 4924static void 4925sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4926 struct in6_addr *srcmask) 4927{ 4928 struct ifnet *ifp = SP2IFP(sp); 4929 struct ifaddr *ifa; 4930 struct sockaddr_in6 *si, *sm; 4931 struct in6_addr ssrc, ddst; 4932 4933 sm = NULL; 4934 bzero(&ssrc, sizeof(ssrc)); 4935 bzero(&ddst, sizeof(ddst)); 4936 /* 4937 * Pick the first link-local AF_INET6 address from the list, 4938 * aliases don't make any sense on a p2p link anyway. 4939 */ 4940 si = NULL; 4941 if_addr_rlock(ifp); 4942 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4943 if (ifa->ifa_addr->sa_family == AF_INET6) { 4944 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4945 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4946 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4947 break; 4948 } 4949 if (ifa) { 4950 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4951 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4952 if (srcmask) { 4953 bcopy(&sm->sin6_addr, srcmask, 4954 sizeof(*srcmask)); 4955 } 4956 } 4957 4958 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4959 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4960 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4961 } 4962 4963 if (dst) 4964 bcopy(&ddst, dst, sizeof(*dst)); 4965 if (src) 4966 bcopy(&ssrc, src, sizeof(*src)); 4967 if_addr_runlock(ifp); 4968} 4969 4970#ifdef IPV6CP_MYIFID_DYN 4971/* 4972 * Generate random ifid. 4973 */ 4974static void 4975sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4976{ 4977 /* TBD */ 4978} 4979 4980/* 4981 * Set my IPv6 address. 4982 */ 4983static void 4984sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4985{ 4986 STDDCL; 4987 struct ifaddr *ifa; 4988 struct sockaddr_in6 *sin6; 4989 4990 /* 4991 * Pick the first link-local AF_INET6 address from the list, 4992 * aliases don't make any sense on a p2p link anyway. 4993 */ 4994 4995 sin6 = NULL; 4996 if_addr_rlock(ifp); 4997 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 4998 if (ifa->ifa_addr->sa_family == AF_INET6) { 4999 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 5000 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 5001 ifa_ref(ifa); 5002 break; 5003 } 5004 } 5005 } 5006 if_addr_runlock(ifp); 5007 5008 if (ifa != NULL) { 5009 int error; 5010 struct sockaddr_in6 new_sin6 = *sin6; 5011 5012 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 5013 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 5014 if (debug && error) { 5015 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 5016 " failed, error=%d\n", SPP_ARGS(ifp), error); 5017 } 5018 ifa_free(ifa); 5019 } 5020} 5021#endif 5022 5023/* 5024 * Suggest a candidate address to be used by peer. 5025 */ 5026static void 5027sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5028{ 5029 struct in6_addr myaddr; 5030 struct timeval tv; 5031 5032 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5033 5034 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5035 microtime(&tv); 5036 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5037 myaddr.s6_addr[14] ^= 0xff; 5038 myaddr.s6_addr[15] ^= 0xff; 5039 } else { 5040 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5041 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5042 } 5043 if (suggest) 5044 bcopy(&myaddr, suggest, sizeof(myaddr)); 5045} 5046#endif /*INET6*/ 5047 5048static int 5049sppp_params(struct sppp *sp, u_long cmd, void *data) 5050{ 5051 u_long subcmd; 5052 struct ifreq *ifr = (struct ifreq *)data; 5053 struct spppreq *spr; 5054 int rv = 0; 5055 5056 if ((spr = malloc(sizeof(struct spppreq), M_TEMP, M_NOWAIT)) == NULL) 5057 return (EAGAIN); 5058 /* 5059 * ifr_data_get_ptr(ifr) is supposed to point to a struct spppreq. 5060 * Check the cmd word first before attempting to fetch all the 5061 * data. 5062 */ 5063 rv = fueword(ifr_data_get_ptr(ifr), &subcmd); 5064 if (rv == -1) { 5065 rv = EFAULT; 5066 goto quit; 5067 } 5068 5069 if (copyin(ifr_data_get_ptr(ifr), spr, sizeof(struct spppreq)) != 0) { 5070 rv = EFAULT; 5071 goto quit; 5072 } 5073 5074 switch (subcmd) { 5075 case (u_long)SPPPIOGDEFS: 5076 if (cmd != SIOCGIFGENERIC) { 5077 rv = EINVAL; 5078 break; 5079 } 5080 /* 5081 * We copy over the entire current state, but clean 5082 * out some of the stuff we don't wanna pass up. 5083 * Remember, SIOCGIFGENERIC is unprotected, and can be 5084 * called by any user. No need to ever get PAP or 5085 * CHAP secrets back to userland anyway. 5086 */ 5087 spr->defs.pp_phase = sp->pp_phase; 5088 spr->defs.enable_vj = (sp->confflags & CONF_ENABLE_VJ) != 0; 5089 spr->defs.enable_ipv6 = (sp->confflags & CONF_ENABLE_IPV6) != 0; 5090 spr->defs.lcp = sp->lcp; 5091 spr->defs.ipcp = sp->ipcp; 5092 spr->defs.ipv6cp = sp->ipv6cp; 5093 spr->defs.myauth = sp->myauth; 5094 spr->defs.hisauth = sp->hisauth; 5095 bzero(spr->defs.myauth.secret, AUTHKEYLEN); 5096 bzero(spr->defs.myauth.challenge, AUTHKEYLEN); 5097 bzero(spr->defs.hisauth.secret, AUTHKEYLEN); 5098 bzero(spr->defs.hisauth.challenge, AUTHKEYLEN); 5099 /* 5100 * Fixup the LCP timeout value to milliseconds so 5101 * spppcontrol doesn't need to bother about the value 5102 * of "hz". We do the reverse calculation below when 5103 * setting it. 5104 */ 5105 spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz; 5106 rv = copyout(spr, ifr_data_get_ptr(ifr), 5107 sizeof(struct spppreq)); 5108 break; 5109 5110 case (u_long)SPPPIOSDEFS: 5111 if (cmd != SIOCSIFGENERIC) { 5112 rv = EINVAL; 5113 break; 5114 } 5115 /* 5116 * We have a very specific idea of which fields we 5117 * allow being passed back from userland, so to not 5118 * clobber our current state. For one, we only allow 5119 * setting anything if LCP is in dead or establish 5120 * phase. Once the authentication negotiations 5121 * started, the authentication settings must not be 5122 * changed again. (The administrator can force an 5123 * ifconfig down in order to get LCP back into dead 5124 * phase.) 5125 * 5126 * Also, we only allow for authentication parameters to be 5127 * specified. 5128 * 5129 * XXX Should allow to set or clear pp_flags. 5130 * 5131 * Finally, if the respective authentication protocol to 5132 * be used is set differently than 0, but the secret is 5133 * passed as all zeros, we don't trash the existing secret. 5134 * This allows an administrator to change the system name 5135 * only without clobbering the secret (which he didn't get 5136 * back in a previous SPPPIOGDEFS call). However, the 5137 * secrets are cleared if the authentication protocol is 5138 * reset to 0. */ 5139 if (sp->pp_phase != PHASE_DEAD && 5140 sp->pp_phase != PHASE_ESTABLISH) { 5141 rv = EBUSY; 5142 break; 5143 } 5144 5145 if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP && 5146 spr->defs.myauth.proto != PPP_CHAP) || 5147 (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP && 5148 spr->defs.hisauth.proto != PPP_CHAP)) { 5149 rv = EINVAL; 5150 break; 5151 } 5152 5153 if (spr->defs.myauth.proto == 0) 5154 /* resetting myauth */ 5155 bzero(&sp->myauth, sizeof sp->myauth); 5156 else { 5157 /* setting/changing myauth */ 5158 sp->myauth.proto = spr->defs.myauth.proto; 5159 bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 5160 if (spr->defs.myauth.secret[0] != '\0') 5161 bcopy(spr->defs.myauth.secret, sp->myauth.secret, 5162 AUTHKEYLEN); 5163 } 5164 if (spr->defs.hisauth.proto == 0) 5165 /* resetting hisauth */ 5166 bzero(&sp->hisauth, sizeof sp->hisauth); 5167 else { 5168 /* setting/changing hisauth */ 5169 sp->hisauth.proto = spr->defs.hisauth.proto; 5170 sp->hisauth.flags = spr->defs.hisauth.flags; 5171 bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5172 if (spr->defs.hisauth.secret[0] != '\0') 5173 bcopy(spr->defs.hisauth.secret, sp->hisauth.secret, 5174 AUTHKEYLEN); 5175 } 5176 /* set LCP restart timer timeout */ 5177 if (spr->defs.lcp.timeout != 0) 5178 sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000; 5179 /* set VJ enable and IPv6 disable flags */ 5180#ifdef INET 5181 if (spr->defs.enable_vj) 5182 sp->confflags |= CONF_ENABLE_VJ; 5183 else 5184 sp->confflags &= ~CONF_ENABLE_VJ; 5185#endif 5186#ifdef INET6 5187 if (spr->defs.enable_ipv6) 5188 sp->confflags |= CONF_ENABLE_IPV6; 5189 else 5190 sp->confflags &= ~CONF_ENABLE_IPV6; 5191#endif 5192 break; 5193 5194 default: 5195 rv = EINVAL; 5196 } 5197 5198 quit: 5199 free(spr, M_TEMP); 5200 5201 return (rv); 5202} 5203 5204static void 5205sppp_phase_network(struct sppp *sp) 5206{ 5207 STDDCL; 5208 int i; 5209 u_long mask; 5210 5211 sp->pp_phase = PHASE_NETWORK; 5212 5213 if (debug) 5214 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5215 sppp_phase_name(sp->pp_phase)); 5216 5217 /* Notify NCPs now. */ 5218 for (i = 0; i < IDX_COUNT; i++) 5219 if ((cps[i])->flags & CP_NCP) 5220 (cps[i])->Open(sp); 5221 5222 /* Send Up events to all NCPs. */ 5223 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5224 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5225 (cps[i])->Up(sp); 5226 5227 /* if no NCP is starting, all this was in vain, close down */ 5228 sppp_lcp_check_and_close(sp); 5229} 5230 5231 5232static const char * 5233sppp_cp_type_name(u_char type) 5234{ 5235 static char buf[12]; 5236 switch (type) { 5237 case CONF_REQ: return "conf-req"; 5238 case CONF_ACK: return "conf-ack"; 5239 case CONF_NAK: return "conf-nak"; 5240 case CONF_REJ: return "conf-rej"; 5241 case TERM_REQ: return "term-req"; 5242 case TERM_ACK: return "term-ack"; 5243 case CODE_REJ: return "code-rej"; 5244 case PROTO_REJ: return "proto-rej"; 5245 case ECHO_REQ: return "echo-req"; 5246 case ECHO_REPLY: return "echo-reply"; 5247 case DISC_REQ: return "discard-req"; 5248 } 5249 snprintf (buf, sizeof(buf), "cp/0x%x", type); 5250 return buf; 5251} 5252 5253static const char * 5254sppp_auth_type_name(u_short proto, u_char type) 5255{ 5256 static char buf[12]; 5257 switch (proto) { 5258 case PPP_CHAP: 5259 switch (type) { 5260 case CHAP_CHALLENGE: return "challenge"; 5261 case CHAP_RESPONSE: return "response"; 5262 case CHAP_SUCCESS: return "success"; 5263 case CHAP_FAILURE: return "failure"; 5264 } 5265 case PPP_PAP: 5266 switch (type) { 5267 case PAP_REQ: return "req"; 5268 case PAP_ACK: return "ack"; 5269 case PAP_NAK: return "nak"; 5270 } 5271 } 5272 snprintf (buf, sizeof(buf), "auth/0x%x", type); 5273 return buf; 5274} 5275 5276static const char * 5277sppp_lcp_opt_name(u_char opt) 5278{ 5279 static char buf[12]; 5280 switch (opt) { 5281 case LCP_OPT_MRU: return "mru"; 5282 case LCP_OPT_ASYNC_MAP: return "async-map"; 5283 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5284 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5285 case LCP_OPT_MAGIC: return "magic"; 5286 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5287 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5288 } 5289 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 5290 return buf; 5291} 5292 5293#ifdef INET 5294static const char * 5295sppp_ipcp_opt_name(u_char opt) 5296{ 5297 static char buf[12]; 5298 switch (opt) { 5299 case IPCP_OPT_ADDRESSES: return "addresses"; 5300 case IPCP_OPT_COMPRESSION: return "compression"; 5301 case IPCP_OPT_ADDRESS: return "address"; 5302 } 5303 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 5304 return buf; 5305} 5306#endif 5307 5308#ifdef INET6 5309static const char * 5310sppp_ipv6cp_opt_name(u_char opt) 5311{ 5312 static char buf[12]; 5313 switch (opt) { 5314 case IPV6CP_OPT_IFID: return "ifid"; 5315 case IPV6CP_OPT_COMPRESSION: return "compression"; 5316 } 5317 sprintf (buf, "0x%x", opt); 5318 return buf; 5319} 5320#endif 5321 5322static const char * 5323sppp_state_name(int state) 5324{ 5325 switch (state) { 5326 case STATE_INITIAL: return "initial"; 5327 case STATE_STARTING: return "starting"; 5328 case STATE_CLOSED: return "closed"; 5329 case STATE_STOPPED: return "stopped"; 5330 case STATE_CLOSING: return "closing"; 5331 case STATE_STOPPING: return "stopping"; 5332 case STATE_REQ_SENT: return "req-sent"; 5333 case STATE_ACK_RCVD: return "ack-rcvd"; 5334 case STATE_ACK_SENT: return "ack-sent"; 5335 case STATE_OPENED: return "opened"; 5336 } 5337 return "illegal"; 5338} 5339 5340static const char * 5341sppp_phase_name(enum ppp_phase phase) 5342{ 5343 switch (phase) { 5344 case PHASE_DEAD: return "dead"; 5345 case PHASE_ESTABLISH: return "establish"; 5346 case PHASE_TERMINATE: return "terminate"; 5347 case PHASE_AUTHENTICATE: return "authenticate"; 5348 case PHASE_NETWORK: return "network"; 5349 } 5350 return "illegal"; 5351} 5352 5353static const char * 5354sppp_proto_name(u_short proto) 5355{ 5356 static char buf[12]; 5357 switch (proto) { 5358 case PPP_LCP: return "lcp"; 5359 case PPP_IPCP: return "ipcp"; 5360 case PPP_PAP: return "pap"; 5361 case PPP_CHAP: return "chap"; 5362 case PPP_IPV6CP: return "ipv6cp"; 5363 } 5364 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5365 return buf; 5366} 5367 5368static void 5369sppp_print_bytes(const u_char *p, u_short len) 5370{ 5371 if (len) 5372 log(-1, " %*D", len, p, "-"); 5373} 5374 5375static void 5376sppp_print_string(const char *p, u_short len) 5377{ 5378 u_char c; 5379 5380 while (len-- > 0) { 5381 c = *p++; 5382 /* 5383 * Print only ASCII chars directly. RFC 1994 recommends 5384 * using only them, but we don't rely on it. */ 5385 if (c < ' ' || c > '~') 5386 log(-1, "\\x%x", c); 5387 else 5388 log(-1, "%c", c); 5389 } 5390} 5391 5392#ifdef INET 5393static const char * 5394sppp_dotted_quad(u_long addr) 5395{ 5396 static char s[16]; 5397 sprintf(s, "%d.%d.%d.%d", 5398 (int)((addr >> 24) & 0xff), 5399 (int)((addr >> 16) & 0xff), 5400 (int)((addr >> 8) & 0xff), 5401 (int)(addr & 0xff)); 5402 return s; 5403} 5404#endif 5405 5406static int 5407sppp_strnlen(u_char *p, int max) 5408{ 5409 int len; 5410 5411 for (len = 0; len < max && *p; ++p) 5412 ++len; 5413 return len; 5414} 5415 5416/* a dummy, used to drop uninteresting events */ 5417static void 5418sppp_null(struct sppp *unused) 5419{ 5420 /* do just nothing */ 5421} 5422