if_spppsubr.c revision 105228
1/* 2 * Synchronous PPP/Cisco link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 * 5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6 * Author: Serge Vakulenko, <vak@cronyx.ru> 7 * 8 * Heavily revamped to conform to RFC 1661. 9 * Copyright (C) 1997, 2001 Joerg Wunsch. 10 * 11 * This software is distributed with NO WARRANTIES, not even the implied 12 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13 * 14 * Authors grant any other persons or organisations permission to use 15 * or modify this software as long as this message is kept with the software, 16 * all derivative works or modified versions. 17 * 18 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 19 * 20 * $FreeBSD: head/sys/net/if_spppsubr.c 105228 2002-10-16 10:45:53Z phk $ 21 */ 22 23#include <sys/param.h> 24 25#if defined(__FreeBSD__) && __FreeBSD__ >= 3 26#include "opt_inet.h" 27#include "opt_inet6.h" 28#include "opt_ipx.h" 29#endif 30 31#ifdef NetBSD1_3 32# if NetBSD1_3 > 6 33# include "opt_inet.h" 34# include "opt_inet6.h" 35# include "opt_iso.h" 36# endif 37#endif 38 39#include <sys/systm.h> 40#include <sys/kernel.h> 41#include <sys/module.h> 42#include <sys/sockio.h> 43#include <sys/socket.h> 44#include <sys/syslog.h> 45#if defined(__FreeBSD__) && __FreeBSD__ >= 3 46#include <sys/random.h> 47#endif 48#include <sys/malloc.h> 49#include <sys/mbuf.h> 50 51#if defined (__OpenBSD__) 52#include <sys/md5k.h> 53#else 54#include <sys/md5.h> 55#endif 56 57#include <net/if.h> 58#include <net/netisr.h> 59#include <net/if_types.h> 60#include <net/route.h> 61#include <netinet/in.h> 62#include <netinet/in_systm.h> 63#include <netinet/ip.h> 64#include <net/slcompress.h> 65 66#if defined (__NetBSD__) || defined (__OpenBSD__) 67#include <machine/cpu.h> /* XXX for softnet */ 68#endif 69 70#include <machine/stdarg.h> 71 72#include <netinet/in.h> 73#include <netinet/in_systm.h> 74#include <netinet/in_var.h> 75 76#ifdef INET 77#include <netinet/ip.h> 78#include <netinet/tcp.h> 79#endif 80 81#if defined (__FreeBSD__) || defined (__OpenBSD__) 82# include <netinet/if_ether.h> 83#else 84# include <net/ethertypes.h> 85#endif 86 87#ifdef IPX 88#include <netipx/ipx.h> 89#include <netipx/ipx_if.h> 90#endif 91 92#ifdef NS 93#include <netns/ns.h> 94#include <netns/ns_if.h> 95#endif 96 97#include <net/if_sppp.h> 98 99#if defined(__FreeBSD__) && __FreeBSD__ >= 3 100# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg, handle) 101# define TIMEOUT(fun, arg1, arg2, handle) handle = timeout(fun, arg1, arg2) 102# define IOCTL_CMD_T u_long 103#else 104# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg) 105# define TIMEOUT(fun, arg1, arg2, handle) timeout(fun, arg1, arg2) 106# define IOCTL_CMD_T int 107#endif 108 109#define MAXALIVECNT 3 /* max. alive packets */ 110 111/* 112 * Interface flags that can be set in an ifconfig command. 113 * 114 * Setting link0 will make the link passive, i.e. it will be marked 115 * as being administrative openable, but won't be opened to begin 116 * with. Incoming calls will be answered, or subsequent calls with 117 * -link1 will cause the administrative open of the LCP layer. 118 * 119 * Setting link1 will cause the link to auto-dial only as packets 120 * arrive to be sent. 121 * 122 * Setting IFF_DEBUG will syslog the option negotiation and state 123 * transitions at level kern.debug. Note: all logs consistently look 124 * like 125 * 126 * <if-name><unit>: <proto-name> <additional info...> 127 * 128 * with <if-name><unit> being something like "bppp0", and <proto-name> 129 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 130 */ 131 132#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 133#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 134#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 135 136#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 137#define PPP_UI 0x03 /* Unnumbered Information */ 138#define PPP_IP 0x0021 /* Internet Protocol */ 139#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 140#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 141#define PPP_IPX 0x002b /* Novell IPX Protocol */ 142#define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */ 143#define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */ 144#define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 145#define PPP_LCP 0xc021 /* Link Control Protocol */ 146#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 147#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 148#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 149#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 150 151#define CONF_REQ 1 /* PPP configure request */ 152#define CONF_ACK 2 /* PPP configure acknowledge */ 153#define CONF_NAK 3 /* PPP configure negative ack */ 154#define CONF_REJ 4 /* PPP configure reject */ 155#define TERM_REQ 5 /* PPP terminate request */ 156#define TERM_ACK 6 /* PPP terminate acknowledge */ 157#define CODE_REJ 7 /* PPP code reject */ 158#define PROTO_REJ 8 /* PPP protocol reject */ 159#define ECHO_REQ 9 /* PPP echo request */ 160#define ECHO_REPLY 10 /* PPP echo reply */ 161#define DISC_REQ 11 /* PPP discard request */ 162 163#define LCP_OPT_MRU 1 /* maximum receive unit */ 164#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 165#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 166#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 167#define LCP_OPT_MAGIC 5 /* magic number */ 168#define LCP_OPT_RESERVED 6 /* reserved */ 169#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 170#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 171 172#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 173#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 174#define IPCP_OPT_ADDRESS 3 /* local IP address */ 175 176#define IPV6CP_OPT_IFID 1 /* interface identifier */ 177#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 178 179#define IPCP_COMP_VJ 0x2d /* Code for VJ compression */ 180 181#define PAP_REQ 1 /* PAP name/password request */ 182#define PAP_ACK 2 /* PAP acknowledge */ 183#define PAP_NAK 3 /* PAP fail */ 184 185#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 186#define CHAP_RESPONSE 2 /* CHAP challenge response */ 187#define CHAP_SUCCESS 3 /* CHAP response ok */ 188#define CHAP_FAILURE 4 /* CHAP response failed */ 189 190#define CHAP_MD5 5 /* hash algorithm - MD5 */ 191 192#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 193#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 194#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 195#define CISCO_ADDR_REQ 0 /* Cisco address request */ 196#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 197#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 198 199/* states are named and numbered according to RFC 1661 */ 200#define STATE_INITIAL 0 201#define STATE_STARTING 1 202#define STATE_CLOSED 2 203#define STATE_STOPPED 3 204#define STATE_CLOSING 4 205#define STATE_STOPPING 5 206#define STATE_REQ_SENT 6 207#define STATE_ACK_RCVD 7 208#define STATE_ACK_SENT 8 209#define STATE_OPENED 9 210 211struct ppp_header { 212 u_char address; 213 u_char control; 214 u_short protocol; 215} __packed; 216#define PPP_HEADER_LEN sizeof (struct ppp_header) 217 218struct lcp_header { 219 u_char type; 220 u_char ident; 221 u_short len; 222} __packed; 223#define LCP_HEADER_LEN sizeof (struct lcp_header) 224 225struct cisco_packet { 226 u_long type; 227 u_long par1; 228 u_long par2; 229 u_short rel; 230 u_short time0; 231 u_short time1; 232} __packed; 233#define CISCO_PACKET_LEN sizeof (struct cisco_packet) 234 235/* 236 * We follow the spelling and capitalization of RFC 1661 here, to make 237 * it easier comparing with the standard. Please refer to this RFC in 238 * case you can't make sense out of these abbreviation; it will also 239 * explain the semantics related to the various events and actions. 240 */ 241struct cp { 242 u_short proto; /* PPP control protocol number */ 243 u_char protoidx; /* index into state table in struct sppp */ 244 u_char flags; 245#define CP_LCP 0x01 /* this is the LCP */ 246#define CP_AUTH 0x02 /* this is an authentication protocol */ 247#define CP_NCP 0x04 /* this is a NCP */ 248#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 249 const char *name; /* name of this control protocol */ 250 /* event handlers */ 251 void (*Up)(struct sppp *sp); 252 void (*Down)(struct sppp *sp); 253 void (*Open)(struct sppp *sp); 254 void (*Close)(struct sppp *sp); 255 void (*TO)(void *sp); 256 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 257 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 258 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 259 /* actions */ 260 void (*tlu)(struct sppp *sp); 261 void (*tld)(struct sppp *sp); 262 void (*tls)(struct sppp *sp); 263 void (*tlf)(struct sppp *sp); 264 void (*scr)(struct sppp *sp); 265}; 266 267static struct sppp *spppq; 268#if defined(__FreeBSD__) && __FreeBSD__ >= 3 269static struct callout_handle keepalive_ch; 270#endif 271 272#if defined(__FreeBSD__) && __FreeBSD__ >= 3 273#define SPP_FMT "%s%d: " 274#define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 275#else 276#define SPP_FMT "%s: " 277#define SPP_ARGS(ifp) (ifp)->if_xname 278#endif 279 280#ifdef INET 281/* 282 * The following disgusting hack gets around the problem that IP TOS 283 * can't be set yet. We want to put "interactive" traffic on a high 284 * priority queue. To decide if traffic is interactive, we check that 285 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 286 * 287 * XXX is this really still necessary? - joerg - 288 */ 289static u_short interactive_ports[8] = { 290 0, 513, 0, 0, 291 0, 21, 0, 23, 292}; 293#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 294#endif 295 296/* almost every function needs these */ 297#define STDDCL \ 298 struct ifnet *ifp = &sp->pp_if; \ 299 int debug = ifp->if_flags & IFF_DEBUG 300 301static int sppp_output(struct ifnet *ifp, struct mbuf *m, 302 struct sockaddr *dst, struct rtentry *rt); 303 304static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 305static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 306 307static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 308 struct mbuf *m); 309static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 310 u_char ident, u_short len, void *data); 311/* static void sppp_cp_timeout(void *arg); */ 312static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 313 int newstate); 314static void sppp_auth_send(const struct cp *cp, 315 struct sppp *sp, unsigned int type, unsigned int id, 316 ...); 317 318static void sppp_up_event(const struct cp *cp, struct sppp *sp); 319static void sppp_down_event(const struct cp *cp, struct sppp *sp); 320static void sppp_open_event(const struct cp *cp, struct sppp *sp); 321static void sppp_close_event(const struct cp *cp, struct sppp *sp); 322static void sppp_to_event(const struct cp *cp, struct sppp *sp); 323 324static void sppp_null(struct sppp *sp); 325 326static void sppp_lcp_init(struct sppp *sp); 327static void sppp_lcp_up(struct sppp *sp); 328static void sppp_lcp_down(struct sppp *sp); 329static void sppp_lcp_open(struct sppp *sp); 330static void sppp_lcp_close(struct sppp *sp); 331static void sppp_lcp_TO(void *sp); 332static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 333static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 334static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 335static void sppp_lcp_tlu(struct sppp *sp); 336static void sppp_lcp_tld(struct sppp *sp); 337static void sppp_lcp_tls(struct sppp *sp); 338static void sppp_lcp_tlf(struct sppp *sp); 339static void sppp_lcp_scr(struct sppp *sp); 340static void sppp_lcp_check_and_close(struct sppp *sp); 341static int sppp_ncp_check(struct sppp *sp); 342 343static void sppp_ipcp_init(struct sppp *sp); 344static void sppp_ipcp_up(struct sppp *sp); 345static void sppp_ipcp_down(struct sppp *sp); 346static void sppp_ipcp_open(struct sppp *sp); 347static void sppp_ipcp_close(struct sppp *sp); 348static void sppp_ipcp_TO(void *sp); 349static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 350static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 351static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 352static void sppp_ipcp_tlu(struct sppp *sp); 353static void sppp_ipcp_tld(struct sppp *sp); 354static void sppp_ipcp_tls(struct sppp *sp); 355static void sppp_ipcp_tlf(struct sppp *sp); 356static void sppp_ipcp_scr(struct sppp *sp); 357 358static void sppp_ipv6cp_init(struct sppp *sp); 359static void sppp_ipv6cp_up(struct sppp *sp); 360static void sppp_ipv6cp_down(struct sppp *sp); 361static void sppp_ipv6cp_open(struct sppp *sp); 362static void sppp_ipv6cp_close(struct sppp *sp); 363static void sppp_ipv6cp_TO(void *sp); 364static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 365static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 366static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 367static void sppp_ipv6cp_tlu(struct sppp *sp); 368static void sppp_ipv6cp_tld(struct sppp *sp); 369static void sppp_ipv6cp_tls(struct sppp *sp); 370static void sppp_ipv6cp_tlf(struct sppp *sp); 371static void sppp_ipv6cp_scr(struct sppp *sp); 372 373static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 374static void sppp_pap_init(struct sppp *sp); 375static void sppp_pap_open(struct sppp *sp); 376static void sppp_pap_close(struct sppp *sp); 377static void sppp_pap_TO(void *sp); 378static void sppp_pap_my_TO(void *sp); 379static void sppp_pap_tlu(struct sppp *sp); 380static void sppp_pap_tld(struct sppp *sp); 381static void sppp_pap_scr(struct sppp *sp); 382 383static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 384static void sppp_chap_init(struct sppp *sp); 385static void sppp_chap_open(struct sppp *sp); 386static void sppp_chap_close(struct sppp *sp); 387static void sppp_chap_TO(void *sp); 388static void sppp_chap_tlu(struct sppp *sp); 389static void sppp_chap_tld(struct sppp *sp); 390static void sppp_chap_scr(struct sppp *sp); 391 392static const char *sppp_auth_type_name(u_short proto, u_char type); 393static const char *sppp_cp_type_name(u_char type); 394static const char *sppp_dotted_quad(u_long addr); 395static const char *sppp_ipcp_opt_name(u_char opt); 396#ifdef INET6 397static const char *sppp_ipv6cp_opt_name(u_char opt); 398#endif 399static const char *sppp_lcp_opt_name(u_char opt); 400static const char *sppp_phase_name(enum ppp_phase phase); 401static const char *sppp_proto_name(u_short proto); 402static const char *sppp_state_name(int state); 403static int sppp_params(struct sppp *sp, u_long cmd, void *data); 404static int sppp_strnlen(u_char *p, int max); 405static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 406 u_long *srcmask); 407static void sppp_keepalive(void *dummy); 408static void sppp_phase_network(struct sppp *sp); 409static void sppp_print_bytes(const u_char *p, u_short len); 410static void sppp_print_string(const char *p, u_short len); 411static void sppp_qflush(struct ifqueue *ifq); 412static void sppp_set_ip_addr(struct sppp *sp, u_long src); 413#ifdef INET6 414static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 415 struct in6_addr *dst, struct in6_addr *srcmask); 416#ifdef IPV6CP_MYIFID_DYN 417static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 418static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 419#endif 420static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 421#endif 422 423/* our control protocol descriptors */ 424static const struct cp lcp = { 425 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 426 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 427 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 428 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 429 sppp_lcp_scr 430}; 431 432static const struct cp ipcp = { 433 PPP_IPCP, IDX_IPCP, 434#ifdef INET /* don't run IPCP if there's no IPv4 support */ 435 CP_NCP, 436#else 437 0, 438#endif 439 "ipcp", 440 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 441 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 442 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 443 sppp_ipcp_scr 444}; 445 446static const struct cp ipv6cp = { 447 PPP_IPV6CP, IDX_IPV6CP, 448#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 449 CP_NCP, 450#else 451 0, 452#endif 453 "ipv6cp", 454 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 455 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 456 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 457 sppp_ipv6cp_scr 458}; 459 460static const struct cp pap = { 461 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 462 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 463 sppp_pap_TO, 0, 0, 0, 464 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 465 sppp_pap_scr 466}; 467 468static const struct cp chap = { 469 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 470 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 471 sppp_chap_TO, 0, 0, 0, 472 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 473 sppp_chap_scr 474}; 475 476static const struct cp *cps[IDX_COUNT] = { 477 &lcp, /* IDX_LCP */ 478 &ipcp, /* IDX_IPCP */ 479 &ipv6cp, /* IDX_IPV6CP */ 480 &pap, /* IDX_PAP */ 481 &chap, /* IDX_CHAP */ 482}; 483 484static int 485sppp_modevent(module_t mod, int type, void *unused) 486{ 487 switch (type) { 488 case MOD_LOAD: 489 break; 490 case MOD_UNLOAD: 491 return EACCES; 492 break; 493 default: 494 break; 495 } 496 return 0; 497} 498static moduledata_t spppmod = { 499 "sppp", 500 sppp_modevent, 501 0 502}; 503MODULE_VERSION(sppp, 1); 504DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 505 506/* 507 * Exported functions, comprising our interface to the lower layer. 508 */ 509 510/* 511 * Process the received packet. 512 */ 513void 514sppp_input(struct ifnet *ifp, struct mbuf *m) 515{ 516 struct ppp_header *h; 517 struct ifqueue *inq = 0; 518 struct sppp *sp = (struct sppp *)ifp; 519 u_char *iphdr; 520 int hlen, vjlen, do_account = 0; 521 int debug = ifp->if_flags & IFF_DEBUG; 522 523 if (ifp->if_flags & IFF_UP) 524 /* Count received bytes, add FCS and one flag */ 525 ifp->if_ibytes += m->m_pkthdr.len + 3; 526 527 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 528 /* Too small packet, drop it. */ 529 if (debug) 530 log(LOG_DEBUG, 531 SPP_FMT "input packet is too small, %d bytes\n", 532 SPP_ARGS(ifp), m->m_pkthdr.len); 533 drop: 534 m_freem (m); 535 drop2: 536 ++ifp->if_ierrors; 537 ++ifp->if_iqdrops; 538 return; 539 } 540 541 /* Get PPP header. */ 542 h = mtod (m, struct ppp_header*); 543 m_adj (m, PPP_HEADER_LEN); 544 545 switch (h->address) { 546 case PPP_ALLSTATIONS: 547 if (h->control != PPP_UI) 548 goto invalid; 549 if (sp->pp_mode == IFF_CISCO) { 550 if (debug) 551 log(LOG_DEBUG, 552 SPP_FMT "PPP packet in Cisco mode " 553 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 554 SPP_ARGS(ifp), 555 h->address, h->control, ntohs(h->protocol)); 556 goto drop; 557 } 558 switch (ntohs (h->protocol)) { 559 default: 560 if (debug) 561 log(LOG_DEBUG, 562 SPP_FMT "rejecting protocol " 563 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 564 SPP_ARGS(ifp), 565 h->address, h->control, ntohs(h->protocol)); 566 if (sp->state[IDX_LCP] == STATE_OPENED) 567 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 568 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 569 &h->protocol); 570 ++ifp->if_noproto; 571 goto drop; 572 case PPP_LCP: 573 sppp_cp_input(&lcp, sp, m); 574 m_freem (m); 575 return; 576 case PPP_PAP: 577 if (sp->pp_phase >= PHASE_AUTHENTICATE) 578 sppp_pap_input(sp, m); 579 m_freem (m); 580 return; 581 case PPP_CHAP: 582 if (sp->pp_phase >= PHASE_AUTHENTICATE) 583 sppp_chap_input(sp, m); 584 m_freem (m); 585 return; 586#ifdef INET 587 case PPP_IPCP: 588 if (sp->pp_phase == PHASE_NETWORK) 589 sppp_cp_input(&ipcp, sp, m); 590 m_freem (m); 591 return; 592 case PPP_IP: 593 if (sp->state[IDX_IPCP] == STATE_OPENED) { 594 schednetisr (NETISR_IP); 595 inq = &ipintrq; 596 } 597 do_account++; 598 break; 599 case PPP_VJ_COMP: 600 if (sp->state[IDX_IPCP] == STATE_OPENED) { 601 if ((vjlen = 602 sl_uncompress_tcp_core(mtod(m, u_char *), 603 m->m_len, m->m_len, 604 TYPE_COMPRESSED_TCP, 605 sp->pp_comp, 606 &iphdr, &hlen)) <= 0) { 607 if (debug) 608 log(LOG_INFO, 609 SPP_FMT "VJ uncompress failed on compressed packet\n", 610 SPP_ARGS(ifp)); 611 goto drop; 612 } 613 614 /* 615 * Trim the VJ header off the packet, and prepend 616 * the uncompressed IP header (which will usually 617 * end up in two chained mbufs since there's not 618 * enough leading space in the existing mbuf). 619 */ 620 m_adj(m, vjlen); 621 M_PREPEND(m, hlen, M_DONTWAIT); 622 if (m == NULL) 623 goto drop2; 624 bcopy(iphdr, mtod(m, u_char *), hlen); 625 626 schednetisr (NETISR_IP); 627 inq = &ipintrq; 628 } 629 do_account++; 630 break; 631 case PPP_VJ_UCOMP: 632 if (sp->state[IDX_IPCP] == STATE_OPENED) { 633 if (sl_uncompress_tcp_core(mtod(m, u_char *), 634 m->m_len, m->m_len, 635 TYPE_UNCOMPRESSED_TCP, 636 sp->pp_comp, 637 &iphdr, &hlen) != 0) { 638 if (debug) 639 log(LOG_INFO, 640 SPP_FMT "VJ uncompress failed on uncompressed packet\n", 641 SPP_ARGS(ifp)); 642 goto drop; 643 } 644 schednetisr (NETISR_IP); 645 inq = &ipintrq; 646 } 647 do_account++; 648 break; 649#endif 650#ifdef INET6 651 case PPP_IPV6CP: 652 if (sp->pp_phase == PHASE_NETWORK) 653 sppp_cp_input(&ipv6cp, sp, m); 654 m_freem (m); 655 return; 656 657 case PPP_IPV6: 658 if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 659 schednetisr (NETISR_IPV6); 660 inq = &ip6intrq; 661 } 662 do_account++; 663 break; 664#endif 665#ifdef IPX 666 case PPP_IPX: 667 /* IPX IPXCP not implemented yet */ 668 if (sp->pp_phase == PHASE_NETWORK) { 669 schednetisr (NETISR_IPX); 670 inq = &ipxintrq; 671 } 672 do_account++; 673 break; 674#endif 675#ifdef NS 676 case PPP_XNS: 677 /* XNS IDPCP not implemented yet */ 678 if (sp->pp_phase == PHASE_NETWORK) { 679 schednetisr (NETISR_NS); 680 inq = &nsintrq; 681 } 682 do_account++; 683 break; 684#endif 685 } 686 break; 687 case CISCO_MULTICAST: 688 case CISCO_UNICAST: 689 /* Don't check the control field here (RFC 1547). */ 690 if (sp->pp_mode != IFF_CISCO) { 691 if (debug) 692 log(LOG_DEBUG, 693 SPP_FMT "Cisco packet in PPP mode " 694 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 695 SPP_ARGS(ifp), 696 h->address, h->control, ntohs(h->protocol)); 697 goto drop; 698 } 699 switch (ntohs (h->protocol)) { 700 default: 701 ++ifp->if_noproto; 702 goto invalid; 703 case CISCO_KEEPALIVE: 704 sppp_cisco_input ((struct sppp*) ifp, m); 705 m_freem (m); 706 return; 707#ifdef INET 708 case ETHERTYPE_IP: 709 schednetisr (NETISR_IP); 710 inq = &ipintrq; 711 do_account++; 712 break; 713#endif 714#ifdef INET6 715 case ETHERTYPE_IPV6: 716 schednetisr (NETISR_IPV6); 717 inq = &ip6intrq; 718 do_account++; 719 break; 720#endif 721#ifdef IPX 722 case ETHERTYPE_IPX: 723 schednetisr (NETISR_IPX); 724 inq = &ipxintrq; 725 do_account++; 726 break; 727#endif 728#ifdef NS 729 case ETHERTYPE_NS: 730 schednetisr (NETISR_NS); 731 inq = &nsintrq; 732 do_account++; 733 break; 734#endif 735 } 736 break; 737 default: /* Invalid PPP packet. */ 738 invalid: 739 if (debug) 740 log(LOG_DEBUG, 741 SPP_FMT "invalid input packet " 742 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 743 SPP_ARGS(ifp), 744 h->address, h->control, ntohs(h->protocol)); 745 goto drop; 746 } 747 748 if (! (ifp->if_flags & IFF_UP) || ! inq) 749 goto drop; 750 751 /* Check queue. */ 752 if (! IF_HANDOFF(inq, m, NULL)) { 753 if (debug) 754 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 755 SPP_ARGS(ifp)); 756 goto drop; 757 } 758 if (do_account) 759 /* 760 * Do only account for network packets, not for control 761 * packets. This is used by some subsystems to detect 762 * idle lines. 763 */ 764 sp->pp_last_recv = time_second; 765} 766 767/* 768 * Enqueue transmit packet. 769 */ 770static int 771sppp_output(struct ifnet *ifp, struct mbuf *m, 772 struct sockaddr *dst, struct rtentry *rt) 773{ 774 struct sppp *sp = (struct sppp*) ifp; 775 struct ppp_header *h; 776 struct ifqueue *ifq = NULL; 777 int s, rv = 0; 778 int ipproto = PPP_IP; 779 int debug = ifp->if_flags & IFF_DEBUG; 780 781 s = splimp(); 782 783 if ((ifp->if_flags & IFF_UP) == 0 || 784 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 785#ifdef INET6 786 drop: 787#endif 788 m_freem (m); 789 splx (s); 790 return (ENETDOWN); 791 } 792 793 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 794#ifdef INET6 795 /* 796 * XXX 797 * 798 * Hack to prevent the initialization-time generated 799 * IPv6 multicast packet to erroneously cause a 800 * dialout event in case IPv6 has been 801 * administratively disabled on that interface. 802 */ 803 if (dst->sa_family == AF_INET6 && 804 !(sp->confflags & CONF_ENABLE_IPV6)) 805 goto drop; 806#endif 807 /* 808 * Interface is not yet running, but auto-dial. Need 809 * to start LCP for it. 810 */ 811 ifp->if_flags |= IFF_RUNNING; 812 splx(s); 813 lcp.Open(sp); 814 s = splimp(); 815 } 816 817 ifq = &ifp->if_snd; 818#ifdef INET 819 if (dst->sa_family == AF_INET) { 820 /* XXX Check mbuf length here? */ 821 struct ip *ip = mtod (m, struct ip*); 822 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 823 824 /* 825 * When using dynamic local IP address assignment by using 826 * 0.0.0.0 as a local address, the first TCP session will 827 * not connect because the local TCP checksum is computed 828 * using 0.0.0.0 which will later become our real IP address 829 * so the TCP checksum computed at the remote end will 830 * become invalid. So we 831 * - don't let packets with src ip addr 0 thru 832 * - we flag TCP packets with src ip 0 as an error 833 */ 834 835 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 836 { 837 m_freem(m); 838 splx(s); 839 if(ip->ip_p == IPPROTO_TCP) 840 return(EADDRNOTAVAIL); 841 else 842 return(0); 843 } 844 845 /* 846 * Put low delay, telnet, rlogin and ftp control packets 847 * in front of the queue. 848 */ 849 if (_IF_QFULL(&sp->pp_fastq)) 850 ; 851 else if (ip->ip_tos & IPTOS_LOWDELAY) 852 ifq = &sp->pp_fastq; 853 else if (m->m_len < sizeof *ip + sizeof *tcp) 854 ; 855 else if (ip->ip_p != IPPROTO_TCP) 856 ; 857 else if (INTERACTIVE (ntohs (tcp->th_sport))) 858 ifq = &sp->pp_fastq; 859 else if (INTERACTIVE (ntohs (tcp->th_dport))) 860 ifq = &sp->pp_fastq; 861 862 /* 863 * Do IP Header compression 864 */ 865 if (sp->pp_mode != IFF_CISCO && (sp->ipcp.flags & IPCP_VJ) && 866 ip->ip_p == IPPROTO_TCP) 867 switch (sl_compress_tcp(m, ip, sp->pp_comp, 868 sp->ipcp.compress_cid)) { 869 case TYPE_COMPRESSED_TCP: 870 ipproto = PPP_VJ_COMP; 871 break; 872 case TYPE_UNCOMPRESSED_TCP: 873 ipproto = PPP_VJ_UCOMP; 874 break; 875 case TYPE_IP: 876 ipproto = PPP_IP; 877 break; 878 default: 879 m_freem(m); 880 splx(s); 881 return (EINVAL); 882 } 883 } 884#endif 885 886#ifdef INET6 887 if (dst->sa_family == AF_INET6) { 888 /* XXX do something tricky here? */ 889 } 890#endif 891 892 /* 893 * Prepend general data packet PPP header. For now, IP only. 894 */ 895 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 896 if (! m) { 897 if (debug) 898 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 899 SPP_ARGS(ifp)); 900 ++ifp->if_oerrors; 901 splx (s); 902 return (ENOBUFS); 903 } 904 /* 905 * May want to check size of packet 906 * (albeit due to the implementation it's always enough) 907 */ 908 h = mtod (m, struct ppp_header*); 909 if (sp->pp_mode == IFF_CISCO) { 910 h->address = CISCO_UNICAST; /* unicast address */ 911 h->control = 0; 912 } else { 913 h->address = PPP_ALLSTATIONS; /* broadcast address */ 914 h->control = PPP_UI; /* Unnumbered Info */ 915 } 916 917 switch (dst->sa_family) { 918#ifdef INET 919 case AF_INET: /* Internet Protocol */ 920 if (sp->pp_mode == IFF_CISCO) 921 h->protocol = htons (ETHERTYPE_IP); 922 else { 923 /* 924 * Don't choke with an ENETDOWN early. It's 925 * possible that we just started dialing out, 926 * so don't drop the packet immediately. If 927 * we notice that we run out of buffer space 928 * below, we will however remember that we are 929 * not ready to carry IP packets, and return 930 * ENETDOWN, as opposed to ENOBUFS. 931 */ 932 h->protocol = htons(ipproto); 933 if (sp->state[IDX_IPCP] != STATE_OPENED) 934 rv = ENETDOWN; 935 } 936 break; 937#endif 938#ifdef INET6 939 case AF_INET6: /* Internet Protocol */ 940 if (sp->pp_mode == IFF_CISCO) 941 h->protocol = htons (ETHERTYPE_IPV6); 942 else { 943 /* 944 * Don't choke with an ENETDOWN early. It's 945 * possible that we just started dialing out, 946 * so don't drop the packet immediately. If 947 * we notice that we run out of buffer space 948 * below, we will however remember that we are 949 * not ready to carry IP packets, and return 950 * ENETDOWN, as opposed to ENOBUFS. 951 */ 952 h->protocol = htons(PPP_IPV6); 953 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 954 rv = ENETDOWN; 955 } 956 break; 957#endif 958#ifdef NS 959 case AF_NS: /* Xerox NS Protocol */ 960 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 961 ETHERTYPE_NS : PPP_XNS); 962 break; 963#endif 964#ifdef IPX 965 case AF_IPX: /* Novell IPX Protocol */ 966 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 967 ETHERTYPE_IPX : PPP_IPX); 968 break; 969#endif 970 default: 971 m_freem (m); 972 ++ifp->if_oerrors; 973 splx (s); 974 return (EAFNOSUPPORT); 975 } 976 977 /* 978 * Queue message on interface, and start output if interface 979 * not yet active. 980 */ 981 if (! IF_HANDOFF_ADJ(ifq, m, ifp, 3)) { 982 ++ifp->if_oerrors; 983 return (rv? rv: ENOBUFS); 984 } 985 /* 986 * Unlike in sppp_input(), we can always bump the timestamp 987 * here since sppp_output() is only called on behalf of 988 * network-layer traffic; control-layer traffic is handled 989 * by sppp_cp_send(). 990 */ 991 sp->pp_last_sent = time_second; 992 return (0); 993} 994 995void 996sppp_attach(struct ifnet *ifp) 997{ 998 struct sppp *sp = (struct sppp*) ifp; 999 1000 /* Initialize keepalive handler. */ 1001 if (! spppq) 1002 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 1003 1004 /* Insert new entry into the keepalive list. */ 1005 sp->pp_next = spppq; 1006 spppq = sp; 1007 1008 sp->pp_if.if_mtu = PP_MTU; 1009 sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 1010 sp->pp_if.if_type = IFT_PPP; 1011 sp->pp_if.if_output = sppp_output; 1012#if 0 1013 sp->pp_flags = PP_KEEPALIVE; 1014#endif 1015 sp->pp_if.if_snd.ifq_maxlen = 32; 1016 sp->pp_fastq.ifq_maxlen = 32; 1017 sp->pp_cpq.ifq_maxlen = 20; 1018 sp->pp_loopcnt = 0; 1019 sp->pp_alivecnt = 0; 1020 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 1021 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 1022 sp->pp_phase = PHASE_DEAD; 1023 sp->pp_up = lcp.Up; 1024 sp->pp_down = lcp.Down; 1025 if(!mtx_initialized(&sp->pp_cpq.ifq_mtx)) 1026 mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", NULL, MTX_DEF); 1027 if(!mtx_initialized(&sp->pp_fastq.ifq_mtx)) 1028 mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", NULL, MTX_DEF); 1029 sp->pp_last_recv = sp->pp_last_sent = time_second; 1030 sp->confflags = 0; 1031#ifdef INET 1032 sp->confflags |= CONF_ENABLE_VJ; 1033#endif 1034#ifdef INET6 1035 sp->confflags |= CONF_ENABLE_IPV6; 1036#endif 1037 sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAIT); 1038 sl_compress_init(sp->pp_comp, -1); 1039 sppp_lcp_init(sp); 1040 sppp_ipcp_init(sp); 1041 sppp_ipv6cp_init(sp); 1042 sppp_pap_init(sp); 1043 sppp_chap_init(sp); 1044} 1045 1046void 1047sppp_detach(struct ifnet *ifp) 1048{ 1049 struct sppp **q, *p, *sp = (struct sppp*) ifp; 1050 int i; 1051 1052 /* Remove the entry from the keepalive list. */ 1053 for (q = &spppq; (p = *q); q = &p->pp_next) 1054 if (p == sp) { 1055 *q = p->pp_next; 1056 break; 1057 } 1058 1059 /* Stop keepalive handler. */ 1060 if (! spppq) 1061 UNTIMEOUT(sppp_keepalive, 0, keepalive_ch); 1062 1063 for (i = 0; i < IDX_COUNT; i++) 1064 UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]); 1065 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 1066 mtx_destroy(&sp->pp_cpq.ifq_mtx); 1067 mtx_destroy(&sp->pp_fastq.ifq_mtx); 1068} 1069 1070/* 1071 * Flush the interface output queue. 1072 */ 1073void 1074sppp_flush(struct ifnet *ifp) 1075{ 1076 struct sppp *sp = (struct sppp*) ifp; 1077 1078 sppp_qflush (&sp->pp_if.if_snd); 1079 sppp_qflush (&sp->pp_fastq); 1080 sppp_qflush (&sp->pp_cpq); 1081} 1082 1083/* 1084 * Check if the output queue is empty. 1085 */ 1086int 1087sppp_isempty(struct ifnet *ifp) 1088{ 1089 struct sppp *sp = (struct sppp*) ifp; 1090 int empty, s; 1091 1092 s = splimp(); 1093 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 1094 !sp->pp_if.if_snd.ifq_head; 1095 splx(s); 1096 return (empty); 1097} 1098 1099/* 1100 * Get next packet to send. 1101 */ 1102struct mbuf * 1103sppp_dequeue(struct ifnet *ifp) 1104{ 1105 struct sppp *sp = (struct sppp*) ifp; 1106 struct mbuf *m; 1107 int s; 1108 1109 s = splimp(); 1110 /* 1111 * Process only the control protocol queue until we have at 1112 * least one NCP open. 1113 * 1114 * Do always serve all three queues in Cisco mode. 1115 */ 1116 IF_DEQUEUE(&sp->pp_cpq, m); 1117 if (m == NULL && 1118 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO)) { 1119 IF_DEQUEUE(&sp->pp_fastq, m); 1120 if (m == NULL) 1121 IF_DEQUEUE (&sp->pp_if.if_snd, m); 1122 } 1123 splx(s); 1124 return m; 1125} 1126 1127/* 1128 * Pick the next packet, do not remove it from the queue. 1129 */ 1130struct mbuf * 1131sppp_pick(struct ifnet *ifp) 1132{ 1133 struct sppp *sp = (struct sppp*)ifp; 1134 struct mbuf *m; 1135 int s; 1136 1137 s= splimp (); 1138 1139 m = sp->pp_cpq.ifq_head; 1140 if (m == NULL && 1141 (sp->pp_phase == PHASE_NETWORK || sp->pp_mode == IFF_CISCO)) 1142 if ((m = sp->pp_fastq.ifq_head) == NULL) 1143 m = sp->pp_if.if_snd.ifq_head; 1144 splx (s); 1145 return (m); 1146} 1147 1148/* 1149 * Process an ioctl request. Called on low priority level. 1150 */ 1151int 1152sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1153{ 1154 struct ifreq *ifr = (struct ifreq*) data; 1155 struct sppp *sp = (struct sppp*) ifp; 1156 int s, rv, going_up, going_down, newmode; 1157 1158 s = splimp(); 1159 rv = 0; 1160 switch (cmd) { 1161 case SIOCAIFADDR: 1162 case SIOCSIFDSTADDR: 1163 break; 1164 1165 case SIOCSIFADDR: 1166 /* set the interface "up" when assigning an IP address */ 1167 ifp->if_flags |= IFF_UP; 1168 /* FALLTHROUGH */ 1169 1170 case SIOCSIFFLAGS: 1171 going_up = ifp->if_flags & IFF_UP && 1172 (ifp->if_flags & IFF_RUNNING) == 0; 1173 going_down = (ifp->if_flags & IFF_UP) == 0 && 1174 ifp->if_flags & IFF_RUNNING; 1175 1176 newmode = ifp->if_flags & IFF_PASSIVE; 1177 if (!newmode) 1178 newmode = ifp->if_flags & IFF_AUTO; 1179 if (!newmode) 1180 newmode = ifp->if_flags & IFF_CISCO; 1181 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1182 ifp->if_flags |= newmode; 1183 1184 if (newmode != sp->pp_mode) { 1185 going_down = 1; 1186 if (!going_up) 1187 going_up = ifp->if_flags & IFF_RUNNING; 1188 } 1189 1190 if (going_down) { 1191 if (sp->pp_mode != IFF_CISCO) 1192 lcp.Close(sp); 1193 else if (sp->pp_tlf) 1194 (sp->pp_tlf)(sp); 1195 sppp_flush(ifp); 1196 ifp->if_flags &= ~IFF_RUNNING; 1197 sp->pp_mode = newmode; 1198 } 1199 1200 if (going_up) { 1201 if (sp->pp_mode != IFF_CISCO) 1202 lcp.Close(sp); 1203 sp->pp_mode = newmode; 1204 if (sp->pp_mode == 0) { 1205 ifp->if_flags |= IFF_RUNNING; 1206 lcp.Open(sp); 1207 } 1208 if (sp->pp_mode == IFF_CISCO) { 1209 if (sp->pp_tls) 1210 (sp->pp_tls)(sp); 1211 ifp->if_flags |= IFF_RUNNING; 1212 } 1213 } 1214 1215 break; 1216 1217#ifdef SIOCSIFMTU 1218#ifndef ifr_mtu 1219#define ifr_mtu ifr_metric 1220#endif 1221 case SIOCSIFMTU: 1222 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1223 return (EINVAL); 1224 ifp->if_mtu = ifr->ifr_mtu; 1225 break; 1226#endif 1227#ifdef SLIOCSETMTU 1228 case SLIOCSETMTU: 1229 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1230 return (EINVAL); 1231 ifp->if_mtu = *(short*)data; 1232 break; 1233#endif 1234#ifdef SIOCGIFMTU 1235 case SIOCGIFMTU: 1236 ifr->ifr_mtu = ifp->if_mtu; 1237 break; 1238#endif 1239#ifdef SLIOCGETMTU 1240 case SLIOCGETMTU: 1241 *(short*)data = ifp->if_mtu; 1242 break; 1243#endif 1244 case SIOCADDMULTI: 1245 case SIOCDELMULTI: 1246 break; 1247 1248 case SIOCGIFGENERIC: 1249 case SIOCSIFGENERIC: 1250 rv = sppp_params(sp, cmd, data); 1251 break; 1252 1253 default: 1254 rv = ENOTTY; 1255 } 1256 splx(s); 1257 return rv; 1258} 1259 1260/* 1261 * Cisco framing implementation. 1262 */ 1263 1264/* 1265 * Handle incoming Cisco keepalive protocol packets. 1266 */ 1267static void 1268sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1269{ 1270 STDDCL; 1271 struct cisco_packet *h; 1272 u_long me, mymask; 1273 1274 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1275 if (debug) 1276 log(LOG_DEBUG, 1277 SPP_FMT "cisco invalid packet length: %d bytes\n", 1278 SPP_ARGS(ifp), m->m_pkthdr.len); 1279 return; 1280 } 1281 h = mtod (m, struct cisco_packet*); 1282 if (debug) 1283 log(LOG_DEBUG, 1284 SPP_FMT "cisco input: %d bytes " 1285 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1286 SPP_ARGS(ifp), m->m_pkthdr.len, 1287 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1288 (u_int)h->time0, (u_int)h->time1); 1289 switch (ntohl (h->type)) { 1290 default: 1291 if (debug) 1292 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1293 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1294 break; 1295 case CISCO_ADDR_REPLY: 1296 /* Reply on address request, ignore */ 1297 break; 1298 case CISCO_KEEPALIVE_REQ: 1299 sp->pp_alivecnt = 0; 1300 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1301 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1302 /* Local and remote sequence numbers are equal. 1303 * Probably, the line is in loopback mode. */ 1304 if (sp->pp_loopcnt >= MAXALIVECNT) { 1305 printf (SPP_FMT "loopback\n", 1306 SPP_ARGS(ifp)); 1307 sp->pp_loopcnt = 0; 1308 if (ifp->if_flags & IFF_UP) { 1309 if_down (ifp); 1310 sppp_qflush (&sp->pp_cpq); 1311 } 1312 } 1313 ++sp->pp_loopcnt; 1314 1315 /* Generate new local sequence number */ 1316#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1317 sp->pp_seq[IDX_LCP] = random(); 1318#else 1319 sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec; 1320#endif 1321 break; 1322 } 1323 sp->pp_loopcnt = 0; 1324 if (! (ifp->if_flags & IFF_UP) && 1325 (ifp->if_flags & IFF_RUNNING)) { 1326 if_up(ifp); 1327 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1328 } 1329 break; 1330 case CISCO_ADDR_REQ: 1331 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1332 if (me != 0L) 1333 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1334 break; 1335 } 1336} 1337 1338/* 1339 * Send Cisco keepalive packet. 1340 */ 1341static void 1342sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1343{ 1344 STDDCL; 1345 struct ppp_header *h; 1346 struct cisco_packet *ch; 1347 struct mbuf *m; 1348#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1349 struct timeval tv; 1350#else 1351 u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1352#endif 1353 1354#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1355 getmicrouptime(&tv); 1356#endif 1357 1358 MGETHDR (m, M_DONTWAIT, MT_DATA); 1359 if (! m) 1360 return; 1361 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1362 m->m_pkthdr.rcvif = 0; 1363 1364 h = mtod (m, struct ppp_header*); 1365 h->address = CISCO_MULTICAST; 1366 h->control = 0; 1367 h->protocol = htons (CISCO_KEEPALIVE); 1368 1369 ch = (struct cisco_packet*) (h + 1); 1370 ch->type = htonl (type); 1371 ch->par1 = htonl (par1); 1372 ch->par2 = htonl (par2); 1373 ch->rel = -1; 1374 1375#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1376 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1377 ch->time1 = htons ((u_short) tv.tv_sec); 1378#else 1379 ch->time0 = htons ((u_short) (t >> 16)); 1380 ch->time1 = htons ((u_short) t); 1381#endif 1382 1383 if (debug) 1384 log(LOG_DEBUG, 1385 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1386 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1387 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1388 1389 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1390 ifp->if_oerrors++; 1391} 1392 1393/* 1394 * PPP protocol implementation. 1395 */ 1396 1397/* 1398 * Send PPP control protocol packet. 1399 */ 1400static void 1401sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1402 u_char ident, u_short len, void *data) 1403{ 1404 STDDCL; 1405 struct ppp_header *h; 1406 struct lcp_header *lh; 1407 struct mbuf *m; 1408 1409 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1410 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1411 MGETHDR (m, M_DONTWAIT, MT_DATA); 1412 if (! m) 1413 return; 1414 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1415 m->m_pkthdr.rcvif = 0; 1416 1417 h = mtod (m, struct ppp_header*); 1418 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1419 h->control = PPP_UI; /* Unnumbered Info */ 1420 h->protocol = htons (proto); /* Link Control Protocol */ 1421 1422 lh = (struct lcp_header*) (h + 1); 1423 lh->type = type; 1424 lh->ident = ident; 1425 lh->len = htons (LCP_HEADER_LEN + len); 1426 if (len) 1427 bcopy (data, lh+1, len); 1428 1429 if (debug) { 1430 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1431 SPP_ARGS(ifp), 1432 sppp_proto_name(proto), 1433 sppp_cp_type_name (lh->type), lh->ident, 1434 ntohs (lh->len)); 1435 sppp_print_bytes ((u_char*) (lh+1), len); 1436 log(-1, ">\n"); 1437 } 1438 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1439 ifp->if_oerrors++; 1440} 1441 1442/* 1443 * Handle incoming PPP control protocol packets. 1444 */ 1445static void 1446sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1447{ 1448 STDDCL; 1449 struct lcp_header *h; 1450 int len = m->m_pkthdr.len; 1451 int rv; 1452 u_char *p; 1453 1454 if (len < 4) { 1455 if (debug) 1456 log(LOG_DEBUG, 1457 SPP_FMT "%s invalid packet length: %d bytes\n", 1458 SPP_ARGS(ifp), cp->name, len); 1459 return; 1460 } 1461 h = mtod (m, struct lcp_header*); 1462 if (debug) { 1463 log(LOG_DEBUG, 1464 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1465 SPP_ARGS(ifp), cp->name, 1466 sppp_state_name(sp->state[cp->protoidx]), 1467 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1468 sppp_print_bytes ((u_char*) (h+1), len-4); 1469 log(-1, ">\n"); 1470 } 1471 if (len > ntohs (h->len)) 1472 len = ntohs (h->len); 1473 p = (u_char *)(h + 1); 1474 switch (h->type) { 1475 case CONF_REQ: 1476 if (len < 4) { 1477 if (debug) 1478 log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1479 SPP_ARGS(ifp), cp->name, 1480 len); 1481 ++ifp->if_ierrors; 1482 break; 1483 } 1484 /* handle states where RCR doesn't get a SCA/SCN */ 1485 switch (sp->state[cp->protoidx]) { 1486 case STATE_CLOSING: 1487 case STATE_STOPPING: 1488 return; 1489 case STATE_CLOSED: 1490 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1491 0, 0); 1492 return; 1493 } 1494 rv = (cp->RCR)(sp, h, len); 1495 switch (sp->state[cp->protoidx]) { 1496 case STATE_OPENED: 1497 (cp->tld)(sp); 1498 (cp->scr)(sp); 1499 /* FALLTHROUGH */ 1500 case STATE_ACK_SENT: 1501 case STATE_REQ_SENT: 1502 /* 1503 * sppp_cp_change_state() have the side effect of 1504 * restarting the timeouts. We want to avoid that 1505 * if the state don't change, otherwise we won't 1506 * ever timeout and resend a configuration request 1507 * that got lost. 1508 */ 1509 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1510 STATE_REQ_SENT)) 1511 break; 1512 sppp_cp_change_state(cp, sp, rv? 1513 STATE_ACK_SENT: STATE_REQ_SENT); 1514 break; 1515 case STATE_STOPPED: 1516 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1517 (cp->scr)(sp); 1518 sppp_cp_change_state(cp, sp, rv? 1519 STATE_ACK_SENT: STATE_REQ_SENT); 1520 break; 1521 case STATE_ACK_RCVD: 1522 if (rv) { 1523 sppp_cp_change_state(cp, sp, STATE_OPENED); 1524 if (debug) 1525 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1526 SPP_ARGS(ifp), 1527 cp->name); 1528 (cp->tlu)(sp); 1529 } else 1530 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1531 break; 1532 default: 1533 printf(SPP_FMT "%s illegal %s in state %s\n", 1534 SPP_ARGS(ifp), cp->name, 1535 sppp_cp_type_name(h->type), 1536 sppp_state_name(sp->state[cp->protoidx])); 1537 ++ifp->if_ierrors; 1538 } 1539 break; 1540 case CONF_ACK: 1541 if (h->ident != sp->confid[cp->protoidx]) { 1542 if (debug) 1543 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1544 SPP_ARGS(ifp), cp->name, 1545 h->ident, sp->confid[cp->protoidx]); 1546 ++ifp->if_ierrors; 1547 break; 1548 } 1549 switch (sp->state[cp->protoidx]) { 1550 case STATE_CLOSED: 1551 case STATE_STOPPED: 1552 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1553 break; 1554 case STATE_CLOSING: 1555 case STATE_STOPPING: 1556 break; 1557 case STATE_REQ_SENT: 1558 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1559 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1560 break; 1561 case STATE_OPENED: 1562 (cp->tld)(sp); 1563 /* FALLTHROUGH */ 1564 case STATE_ACK_RCVD: 1565 (cp->scr)(sp); 1566 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1567 break; 1568 case STATE_ACK_SENT: 1569 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1570 sppp_cp_change_state(cp, sp, STATE_OPENED); 1571 if (debug) 1572 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1573 SPP_ARGS(ifp), cp->name); 1574 (cp->tlu)(sp); 1575 break; 1576 default: 1577 printf(SPP_FMT "%s illegal %s in state %s\n", 1578 SPP_ARGS(ifp), cp->name, 1579 sppp_cp_type_name(h->type), 1580 sppp_state_name(sp->state[cp->protoidx])); 1581 ++ifp->if_ierrors; 1582 } 1583 break; 1584 case CONF_NAK: 1585 case CONF_REJ: 1586 if (h->ident != sp->confid[cp->protoidx]) { 1587 if (debug) 1588 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1589 SPP_ARGS(ifp), cp->name, 1590 h->ident, sp->confid[cp->protoidx]); 1591 ++ifp->if_ierrors; 1592 break; 1593 } 1594 if (h->type == CONF_NAK) 1595 (cp->RCN_nak)(sp, h, len); 1596 else /* CONF_REJ */ 1597 (cp->RCN_rej)(sp, h, len); 1598 1599 switch (sp->state[cp->protoidx]) { 1600 case STATE_CLOSED: 1601 case STATE_STOPPED: 1602 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1603 break; 1604 case STATE_REQ_SENT: 1605 case STATE_ACK_SENT: 1606 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1607 /* 1608 * Slow things down a bit if we think we might be 1609 * in loopback. Depend on the timeout to send the 1610 * next configuration request. 1611 */ 1612 if (sp->pp_loopcnt) 1613 break; 1614 (cp->scr)(sp); 1615 break; 1616 case STATE_OPENED: 1617 (cp->tld)(sp); 1618 /* FALLTHROUGH */ 1619 case STATE_ACK_RCVD: 1620 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1621 (cp->scr)(sp); 1622 break; 1623 case STATE_CLOSING: 1624 case STATE_STOPPING: 1625 break; 1626 default: 1627 printf(SPP_FMT "%s illegal %s in state %s\n", 1628 SPP_ARGS(ifp), cp->name, 1629 sppp_cp_type_name(h->type), 1630 sppp_state_name(sp->state[cp->protoidx])); 1631 ++ifp->if_ierrors; 1632 } 1633 break; 1634 1635 case TERM_REQ: 1636 switch (sp->state[cp->protoidx]) { 1637 case STATE_ACK_RCVD: 1638 case STATE_ACK_SENT: 1639 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1640 /* FALLTHROUGH */ 1641 case STATE_CLOSED: 1642 case STATE_STOPPED: 1643 case STATE_CLOSING: 1644 case STATE_STOPPING: 1645 case STATE_REQ_SENT: 1646 sta: 1647 /* Send Terminate-Ack packet. */ 1648 if (debug) 1649 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1650 SPP_ARGS(ifp), cp->name); 1651 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1652 break; 1653 case STATE_OPENED: 1654 (cp->tld)(sp); 1655 sp->rst_counter[cp->protoidx] = 0; 1656 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1657 goto sta; 1658 break; 1659 default: 1660 printf(SPP_FMT "%s illegal %s in state %s\n", 1661 SPP_ARGS(ifp), cp->name, 1662 sppp_cp_type_name(h->type), 1663 sppp_state_name(sp->state[cp->protoidx])); 1664 ++ifp->if_ierrors; 1665 } 1666 break; 1667 case TERM_ACK: 1668 switch (sp->state[cp->protoidx]) { 1669 case STATE_CLOSED: 1670 case STATE_STOPPED: 1671 case STATE_REQ_SENT: 1672 case STATE_ACK_SENT: 1673 break; 1674 case STATE_CLOSING: 1675 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1676 (cp->tlf)(sp); 1677 break; 1678 case STATE_STOPPING: 1679 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1680 (cp->tlf)(sp); 1681 break; 1682 case STATE_ACK_RCVD: 1683 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1684 break; 1685 case STATE_OPENED: 1686 (cp->tld)(sp); 1687 (cp->scr)(sp); 1688 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1689 break; 1690 default: 1691 printf(SPP_FMT "%s illegal %s in state %s\n", 1692 SPP_ARGS(ifp), cp->name, 1693 sppp_cp_type_name(h->type), 1694 sppp_state_name(sp->state[cp->protoidx])); 1695 ++ifp->if_ierrors; 1696 } 1697 break; 1698 case CODE_REJ: 1699 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1700 log(LOG_INFO, 1701 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1702 "danger will robinson\n", 1703 SPP_ARGS(ifp), cp->name, 1704 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1705 switch (sp->state[cp->protoidx]) { 1706 case STATE_CLOSED: 1707 case STATE_STOPPED: 1708 case STATE_REQ_SENT: 1709 case STATE_ACK_SENT: 1710 case STATE_CLOSING: 1711 case STATE_STOPPING: 1712 case STATE_OPENED: 1713 break; 1714 case STATE_ACK_RCVD: 1715 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1716 break; 1717 default: 1718 printf(SPP_FMT "%s illegal %s in state %s\n", 1719 SPP_ARGS(ifp), cp->name, 1720 sppp_cp_type_name(h->type), 1721 sppp_state_name(sp->state[cp->protoidx])); 1722 ++ifp->if_ierrors; 1723 } 1724 break; 1725 case PROTO_REJ: 1726 { 1727 int catastrophic; 1728 const struct cp *upper; 1729 int i; 1730 u_int16_t proto; 1731 1732 catastrophic = 0; 1733 upper = NULL; 1734 proto = ntohs(*((u_int16_t *)p)); 1735 for (i = 0; i < IDX_COUNT; i++) { 1736 if (cps[i]->proto == proto) { 1737 upper = cps[i]; 1738 break; 1739 } 1740 } 1741 if (upper == NULL) 1742 catastrophic++; 1743 1744 if (catastrophic || debug) 1745 log(catastrophic? LOG_INFO: LOG_DEBUG, 1746 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1747 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1748 sppp_cp_type_name(h->type), proto, 1749 upper ? upper->name : "unknown", 1750 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1751 1752 /* 1753 * if we got RXJ+ against conf-req, the peer does not implement 1754 * this particular protocol type. terminate the protocol. 1755 */ 1756 if (upper && !catastrophic) { 1757 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1758 upper->Close(sp); 1759 break; 1760 } 1761 } 1762 1763 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1764 switch (sp->state[cp->protoidx]) { 1765 case STATE_CLOSED: 1766 case STATE_STOPPED: 1767 case STATE_REQ_SENT: 1768 case STATE_ACK_SENT: 1769 case STATE_CLOSING: 1770 case STATE_STOPPING: 1771 case STATE_OPENED: 1772 break; 1773 case STATE_ACK_RCVD: 1774 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1775 break; 1776 default: 1777 printf(SPP_FMT "%s illegal %s in state %s\n", 1778 SPP_ARGS(ifp), cp->name, 1779 sppp_cp_type_name(h->type), 1780 sppp_state_name(sp->state[cp->protoidx])); 1781 ++ifp->if_ierrors; 1782 } 1783 break; 1784 } 1785 case DISC_REQ: 1786 if (cp->proto != PPP_LCP) 1787 goto illegal; 1788 /* Discard the packet. */ 1789 break; 1790 case ECHO_REQ: 1791 if (cp->proto != PPP_LCP) 1792 goto illegal; 1793 if (sp->state[cp->protoidx] != STATE_OPENED) { 1794 if (debug) 1795 log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1796 SPP_ARGS(ifp)); 1797 ++ifp->if_ierrors; 1798 break; 1799 } 1800 if (len < 8) { 1801 if (debug) 1802 log(-1, SPP_FMT "invalid lcp echo request " 1803 "packet length: %d bytes\n", 1804 SPP_ARGS(ifp), len); 1805 break; 1806 } 1807 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1808 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1809 /* Line loopback mode detected. */ 1810 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1811 sp->pp_loopcnt = MAXALIVECNT * 5; 1812 if_down (ifp); 1813 sppp_qflush (&sp->pp_cpq); 1814 1815 /* Shut down the PPP link. */ 1816 /* XXX */ 1817 lcp.Down(sp); 1818 lcp.Up(sp); 1819 break; 1820 } 1821 *(long*)(h+1) = htonl (sp->lcp.magic); 1822 if (debug) 1823 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1824 SPP_ARGS(ifp)); 1825 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1826 break; 1827 case ECHO_REPLY: 1828 if (cp->proto != PPP_LCP) 1829 goto illegal; 1830 if (h->ident != sp->lcp.echoid) { 1831 ++ifp->if_ierrors; 1832 break; 1833 } 1834 if (len < 8) { 1835 if (debug) 1836 log(-1, SPP_FMT "lcp invalid echo reply " 1837 "packet length: %d bytes\n", 1838 SPP_ARGS(ifp), len); 1839 break; 1840 } 1841 if (debug) 1842 log(-1, SPP_FMT "lcp got echo rep\n", 1843 SPP_ARGS(ifp)); 1844 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1845 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1846 sp->pp_alivecnt = 0; 1847 break; 1848 default: 1849 /* Unknown packet type -- send Code-Reject packet. */ 1850 illegal: 1851 if (debug) 1852 log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1853 SPP_ARGS(ifp), cp->name, h->type); 1854 sppp_cp_send(sp, cp->proto, CODE_REJ, 1855 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1856 ++ifp->if_ierrors; 1857 } 1858} 1859 1860 1861/* 1862 * The generic part of all Up/Down/Open/Close/TO event handlers. 1863 * Basically, the state transition handling in the automaton. 1864 */ 1865static void 1866sppp_up_event(const struct cp *cp, struct sppp *sp) 1867{ 1868 STDDCL; 1869 1870 if (debug) 1871 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1872 SPP_ARGS(ifp), cp->name, 1873 sppp_state_name(sp->state[cp->protoidx])); 1874 1875 switch (sp->state[cp->protoidx]) { 1876 case STATE_INITIAL: 1877 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1878 break; 1879 case STATE_STARTING: 1880 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1881 (cp->scr)(sp); 1882 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1883 break; 1884 default: 1885 printf(SPP_FMT "%s illegal up in state %s\n", 1886 SPP_ARGS(ifp), cp->name, 1887 sppp_state_name(sp->state[cp->protoidx])); 1888 } 1889} 1890 1891static void 1892sppp_down_event(const struct cp *cp, struct sppp *sp) 1893{ 1894 STDDCL; 1895 1896 if (debug) 1897 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1898 SPP_ARGS(ifp), cp->name, 1899 sppp_state_name(sp->state[cp->protoidx])); 1900 1901 switch (sp->state[cp->protoidx]) { 1902 case STATE_CLOSED: 1903 case STATE_CLOSING: 1904 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1905 break; 1906 case STATE_STOPPED: 1907 sppp_cp_change_state(cp, sp, STATE_STARTING); 1908 (cp->tls)(sp); 1909 break; 1910 case STATE_STOPPING: 1911 case STATE_REQ_SENT: 1912 case STATE_ACK_RCVD: 1913 case STATE_ACK_SENT: 1914 sppp_cp_change_state(cp, sp, STATE_STARTING); 1915 break; 1916 case STATE_OPENED: 1917 (cp->tld)(sp); 1918 sppp_cp_change_state(cp, sp, STATE_STARTING); 1919 break; 1920 default: 1921 printf(SPP_FMT "%s illegal down in state %s\n", 1922 SPP_ARGS(ifp), cp->name, 1923 sppp_state_name(sp->state[cp->protoidx])); 1924 } 1925} 1926 1927 1928static void 1929sppp_open_event(const struct cp *cp, struct sppp *sp) 1930{ 1931 STDDCL; 1932 1933 if (debug) 1934 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1935 SPP_ARGS(ifp), cp->name, 1936 sppp_state_name(sp->state[cp->protoidx])); 1937 1938 switch (sp->state[cp->protoidx]) { 1939 case STATE_INITIAL: 1940 sppp_cp_change_state(cp, sp, STATE_STARTING); 1941 (cp->tls)(sp); 1942 break; 1943 case STATE_STARTING: 1944 break; 1945 case STATE_CLOSED: 1946 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1947 (cp->scr)(sp); 1948 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1949 break; 1950 case STATE_STOPPED: 1951 /* 1952 * Try escaping stopped state. This seems to bite 1953 * people occasionally, in particular for IPCP, 1954 * presumably following previous IPCP negotiation 1955 * aborts. Somehow, we must have missed a Down event 1956 * which would have caused a transition into starting 1957 * state, so as a bandaid we force the Down event now. 1958 * This effectively implements (something like the) 1959 * `restart' option mentioned in the state transition 1960 * table of RFC 1661. 1961 */ 1962 sppp_cp_change_state(cp, sp, STATE_STARTING); 1963 (cp->tls)(sp); 1964 break; 1965 case STATE_STOPPING: 1966 case STATE_REQ_SENT: 1967 case STATE_ACK_RCVD: 1968 case STATE_ACK_SENT: 1969 case STATE_OPENED: 1970 break; 1971 case STATE_CLOSING: 1972 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1973 break; 1974 } 1975} 1976 1977 1978static void 1979sppp_close_event(const struct cp *cp, struct sppp *sp) 1980{ 1981 STDDCL; 1982 1983 if (debug) 1984 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1985 SPP_ARGS(ifp), cp->name, 1986 sppp_state_name(sp->state[cp->protoidx])); 1987 1988 switch (sp->state[cp->protoidx]) { 1989 case STATE_INITIAL: 1990 case STATE_CLOSED: 1991 case STATE_CLOSING: 1992 break; 1993 case STATE_STARTING: 1994 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1995 (cp->tlf)(sp); 1996 break; 1997 case STATE_STOPPED: 1998 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1999 break; 2000 case STATE_STOPPING: 2001 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2002 break; 2003 case STATE_OPENED: 2004 (cp->tld)(sp); 2005 /* FALLTHROUGH */ 2006 case STATE_REQ_SENT: 2007 case STATE_ACK_RCVD: 2008 case STATE_ACK_SENT: 2009 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 2010 sppp_cp_send(sp, cp->proto, TERM_REQ, 2011 ++sp->pp_seq[cp->protoidx], 0, 0); 2012 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2013 break; 2014 } 2015} 2016 2017static void 2018sppp_to_event(const struct cp *cp, struct sppp *sp) 2019{ 2020 STDDCL; 2021 int s; 2022 2023 s = splimp(); 2024 if (debug) 2025 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 2026 SPP_ARGS(ifp), cp->name, 2027 sppp_state_name(sp->state[cp->protoidx]), 2028 sp->rst_counter[cp->protoidx]); 2029 2030 if (--sp->rst_counter[cp->protoidx] < 0) 2031 /* TO- event */ 2032 switch (sp->state[cp->protoidx]) { 2033 case STATE_CLOSING: 2034 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2035 (cp->tlf)(sp); 2036 break; 2037 case STATE_STOPPING: 2038 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2039 (cp->tlf)(sp); 2040 break; 2041 case STATE_REQ_SENT: 2042 case STATE_ACK_RCVD: 2043 case STATE_ACK_SENT: 2044 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2045 (cp->tlf)(sp); 2046 break; 2047 } 2048 else 2049 /* TO+ event */ 2050 switch (sp->state[cp->protoidx]) { 2051 case STATE_CLOSING: 2052 case STATE_STOPPING: 2053 sppp_cp_send(sp, cp->proto, TERM_REQ, 2054 ++sp->pp_seq[cp->protoidx], 0, 0); 2055 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 2056 sp->ch[cp->protoidx]); 2057 break; 2058 case STATE_REQ_SENT: 2059 case STATE_ACK_RCVD: 2060 (cp->scr)(sp); 2061 /* sppp_cp_change_state() will restart the timer */ 2062 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2063 break; 2064 case STATE_ACK_SENT: 2065 (cp->scr)(sp); 2066 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 2067 sp->ch[cp->protoidx]); 2068 break; 2069 } 2070 2071 splx(s); 2072} 2073 2074/* 2075 * Change the state of a control protocol in the state automaton. 2076 * Takes care of starting/stopping the restart timer. 2077 */ 2078static void 2079sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2080{ 2081 sp->state[cp->protoidx] = newstate; 2082 2083 UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 2084 switch (newstate) { 2085 case STATE_INITIAL: 2086 case STATE_STARTING: 2087 case STATE_CLOSED: 2088 case STATE_STOPPED: 2089 case STATE_OPENED: 2090 break; 2091 case STATE_CLOSING: 2092 case STATE_STOPPING: 2093 case STATE_REQ_SENT: 2094 case STATE_ACK_RCVD: 2095 case STATE_ACK_SENT: 2096 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 2097 sp->ch[cp->protoidx]); 2098 break; 2099 } 2100} 2101 2102/* 2103 *--------------------------------------------------------------------------* 2104 * * 2105 * The LCP implementation. * 2106 * * 2107 *--------------------------------------------------------------------------* 2108 */ 2109static void 2110sppp_lcp_init(struct sppp *sp) 2111{ 2112 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2113 sp->lcp.magic = 0; 2114 sp->state[IDX_LCP] = STATE_INITIAL; 2115 sp->fail_counter[IDX_LCP] = 0; 2116 sp->pp_seq[IDX_LCP] = 0; 2117 sp->pp_rseq[IDX_LCP] = 0; 2118 sp->lcp.protos = 0; 2119 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2120 2121 /* Note that these values are relevant for all control protocols */ 2122 sp->lcp.timeout = 3 * hz; 2123 sp->lcp.max_terminate = 2; 2124 sp->lcp.max_configure = 10; 2125 sp->lcp.max_failure = 10; 2126#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2127 callout_handle_init(&sp->ch[IDX_LCP]); 2128#endif 2129} 2130 2131static void 2132sppp_lcp_up(struct sppp *sp) 2133{ 2134 STDDCL; 2135 2136 sp->pp_alivecnt = 0; 2137 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2138 sp->lcp.magic = 0; 2139 sp->lcp.protos = 0; 2140 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2141 /* 2142 * If we are authenticator, negotiate LCP_AUTH 2143 */ 2144 if (sp->hisauth.proto != 0) 2145 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2146 else 2147 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2148 sp->pp_flags &= ~PP_NEEDAUTH; 2149 /* 2150 * If this interface is passive or dial-on-demand, and we are 2151 * still in Initial state, it means we've got an incoming 2152 * call. Activate the interface. 2153 */ 2154 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2155 if (debug) 2156 log(LOG_DEBUG, 2157 SPP_FMT "Up event", SPP_ARGS(ifp)); 2158 ifp->if_flags |= IFF_RUNNING; 2159 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2160 if (debug) 2161 log(-1, "(incoming call)\n"); 2162 sp->pp_flags |= PP_CALLIN; 2163 lcp.Open(sp); 2164 } else if (debug) 2165 log(-1, "\n"); 2166 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2167 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2168 ifp->if_flags |= IFF_RUNNING; 2169 lcp.Open(sp); 2170 } 2171 2172 sppp_up_event(&lcp, sp); 2173} 2174 2175static void 2176sppp_lcp_down(struct sppp *sp) 2177{ 2178 STDDCL; 2179 2180 sppp_down_event(&lcp, sp); 2181 2182 /* 2183 * If this is neither a dial-on-demand nor a passive 2184 * interface, simulate an ``ifconfig down'' action, so the 2185 * administrator can force a redial by another ``ifconfig 2186 * up''. XXX For leased line operation, should we immediately 2187 * try to reopen the connection here? 2188 */ 2189 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2190 log(LOG_INFO, 2191 SPP_FMT "Down event, taking interface down.\n", 2192 SPP_ARGS(ifp)); 2193 if_down(ifp); 2194 } else { 2195 if (debug) 2196 log(LOG_DEBUG, 2197 SPP_FMT "Down event (carrier loss)\n", 2198 SPP_ARGS(ifp)); 2199 sp->pp_flags &= ~PP_CALLIN; 2200 if (sp->state[IDX_LCP] != STATE_INITIAL) 2201 lcp.Close(sp); 2202 ifp->if_flags &= ~IFF_RUNNING; 2203 } 2204} 2205 2206static void 2207sppp_lcp_open(struct sppp *sp) 2208{ 2209 sppp_open_event(&lcp, sp); 2210} 2211 2212static void 2213sppp_lcp_close(struct sppp *sp) 2214{ 2215 sppp_close_event(&lcp, sp); 2216} 2217 2218static void 2219sppp_lcp_TO(void *cookie) 2220{ 2221 sppp_to_event(&lcp, (struct sppp *)cookie); 2222} 2223 2224/* 2225 * Analyze a configure request. Return true if it was agreeable, and 2226 * caused action sca, false if it has been rejected or nak'ed, and 2227 * caused action scn. (The return value is used to make the state 2228 * transition decision in the state automaton.) 2229 */ 2230static int 2231sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2232{ 2233 STDDCL; 2234 u_char *buf, *r, *p; 2235 int origlen, rlen; 2236 u_long nmagic; 2237 u_short authproto; 2238 2239 len -= 4; 2240 origlen = len; 2241 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2242 if (! buf) 2243 return (0); 2244 2245 if (debug) 2246 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2247 SPP_ARGS(ifp)); 2248 2249 /* pass 1: check for things that need to be rejected */ 2250 p = (void*) (h+1); 2251 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2252 if (debug) 2253 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2254 switch (*p) { 2255 case LCP_OPT_MAGIC: 2256 /* Magic number. */ 2257 if (len >= 6 && p[1] == 6) 2258 continue; 2259 if (debug) 2260 log(-1, "[invalid] "); 2261 break; 2262 case LCP_OPT_ASYNC_MAP: 2263 /* Async control character map. */ 2264 if (len >= 6 && p[1] == 6) 2265 continue; 2266 if (debug) 2267 log(-1, "[invalid] "); 2268 break; 2269 case LCP_OPT_MRU: 2270 /* Maximum receive unit. */ 2271 if (len >= 4 && p[1] == 4) 2272 continue; 2273 if (debug) 2274 log(-1, "[invalid] "); 2275 break; 2276 case LCP_OPT_AUTH_PROTO: 2277 if (len < 4) { 2278 if (debug) 2279 log(-1, "[invalid] "); 2280 break; 2281 } 2282 authproto = (p[2] << 8) + p[3]; 2283 if (authproto == PPP_CHAP && p[1] != 5) { 2284 if (debug) 2285 log(-1, "[invalid chap len] "); 2286 break; 2287 } 2288 if (sp->myauth.proto == 0) { 2289 /* we are not configured to do auth */ 2290 if (debug) 2291 log(-1, "[not configured] "); 2292 break; 2293 } 2294 /* 2295 * Remote want us to authenticate, remember this, 2296 * so we stay in PHASE_AUTHENTICATE after LCP got 2297 * up. 2298 */ 2299 sp->pp_flags |= PP_NEEDAUTH; 2300 continue; 2301 default: 2302 /* Others not supported. */ 2303 if (debug) 2304 log(-1, "[rej] "); 2305 break; 2306 } 2307 /* Add the option to rejected list. */ 2308 bcopy (p, r, p[1]); 2309 r += p[1]; 2310 rlen += p[1]; 2311 } 2312 if (rlen) { 2313 if (debug) 2314 log(-1, " send conf-rej\n"); 2315 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2316 return 0; 2317 } else if (debug) 2318 log(-1, "\n"); 2319 2320 /* 2321 * pass 2: check for option values that are unacceptable and 2322 * thus require to be nak'ed. 2323 */ 2324 if (debug) 2325 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2326 SPP_ARGS(ifp)); 2327 2328 p = (void*) (h+1); 2329 len = origlen; 2330 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2331 if (debug) 2332 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2333 switch (*p) { 2334 case LCP_OPT_MAGIC: 2335 /* Magic number -- extract. */ 2336 nmagic = (u_long)p[2] << 24 | 2337 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2338 if (nmagic != sp->lcp.magic) { 2339 sp->pp_loopcnt = 0; 2340 if (debug) 2341 log(-1, "0x%lx ", nmagic); 2342 continue; 2343 } 2344 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2345 log(-1, "[glitch] "); 2346 ++sp->pp_loopcnt; 2347 /* 2348 * We negate our magic here, and NAK it. If 2349 * we see it later in an NAK packet, we 2350 * suggest a new one. 2351 */ 2352 nmagic = ~sp->lcp.magic; 2353 /* Gonna NAK it. */ 2354 p[2] = nmagic >> 24; 2355 p[3] = nmagic >> 16; 2356 p[4] = nmagic >> 8; 2357 p[5] = nmagic; 2358 break; 2359 2360 case LCP_OPT_ASYNC_MAP: 2361 /* 2362 * Async control character map -- just ignore it. 2363 * 2364 * Quote from RFC 1662, chapter 6: 2365 * To enable this functionality, synchronous PPP 2366 * implementations MUST always respond to the 2367 * Async-Control-Character-Map Configuration 2368 * Option with the LCP Configure-Ack. However, 2369 * acceptance of the Configuration Option does 2370 * not imply that the synchronous implementation 2371 * will do any ACCM mapping. Instead, all such 2372 * octet mapping will be performed by the 2373 * asynchronous-to-synchronous converter. 2374 */ 2375 continue; 2376 2377 case LCP_OPT_MRU: 2378 /* 2379 * Maximum receive unit. Always agreeable, 2380 * but ignored by now. 2381 */ 2382 sp->lcp.their_mru = p[2] * 256 + p[3]; 2383 if (debug) 2384 log(-1, "%lu ", sp->lcp.their_mru); 2385 continue; 2386 2387 case LCP_OPT_AUTH_PROTO: 2388 authproto = (p[2] << 8) + p[3]; 2389 if (sp->myauth.proto != authproto) { 2390 /* not agreed, nak */ 2391 if (debug) 2392 log(-1, "[mine %s != his %s] ", 2393 sppp_proto_name(sp->hisauth.proto), 2394 sppp_proto_name(authproto)); 2395 p[2] = sp->myauth.proto >> 8; 2396 p[3] = sp->myauth.proto; 2397 break; 2398 } 2399 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2400 if (debug) 2401 log(-1, "[chap not MD5] "); 2402 p[4] = CHAP_MD5; 2403 break; 2404 } 2405 continue; 2406 } 2407 /* Add the option to nak'ed list. */ 2408 bcopy (p, r, p[1]); 2409 r += p[1]; 2410 rlen += p[1]; 2411 } 2412 if (rlen) { 2413 /* 2414 * Local and remote magics equal -- loopback? 2415 */ 2416 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2417 if (sp->pp_loopcnt == MAXALIVECNT*5) 2418 printf (SPP_FMT "loopback\n", 2419 SPP_ARGS(ifp)); 2420 if (ifp->if_flags & IFF_UP) { 2421 if_down(ifp); 2422 sppp_qflush(&sp->pp_cpq); 2423 /* XXX ? */ 2424 lcp.Down(sp); 2425 lcp.Up(sp); 2426 } 2427 } else if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2428 if (debug) 2429 log(-1, " max_failure (%d) exceeded, " 2430 "send conf-rej\n", 2431 sp->lcp.max_failure); 2432 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2433 } else { 2434 if (debug) 2435 log(-1, " send conf-nak\n"); 2436 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2437 } 2438 } else { 2439 if (debug) 2440 log(-1, " send conf-ack\n"); 2441 sp->fail_counter[IDX_LCP] = 0; 2442 sp->pp_loopcnt = 0; 2443 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2444 h->ident, origlen, h+1); 2445 } 2446 2447 free (buf, M_TEMP); 2448 return (rlen == 0); 2449} 2450 2451/* 2452 * Analyze the LCP Configure-Reject option list, and adjust our 2453 * negotiation. 2454 */ 2455static void 2456sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2457{ 2458 STDDCL; 2459 u_char *buf, *p; 2460 2461 len -= 4; 2462 buf = malloc (len, M_TEMP, M_NOWAIT); 2463 if (!buf) 2464 return; 2465 2466 if (debug) 2467 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2468 SPP_ARGS(ifp)); 2469 2470 p = (void*) (h+1); 2471 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2472 if (debug) 2473 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2474 switch (*p) { 2475 case LCP_OPT_MAGIC: 2476 /* Magic number -- can't use it, use 0 */ 2477 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2478 sp->lcp.magic = 0; 2479 break; 2480 case LCP_OPT_MRU: 2481 /* 2482 * Should not be rejected anyway, since we only 2483 * negotiate a MRU if explicitly requested by 2484 * peer. 2485 */ 2486 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2487 break; 2488 case LCP_OPT_AUTH_PROTO: 2489 /* 2490 * Peer doesn't want to authenticate himself, 2491 * deny unless this is a dialout call, and 2492 * AUTHFLAG_NOCALLOUT is set. 2493 */ 2494 if ((sp->pp_flags & PP_CALLIN) == 0 && 2495 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2496 if (debug) 2497 log(-1, "[don't insist on auth " 2498 "for callout]"); 2499 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2500 break; 2501 } 2502 if (debug) 2503 log(-1, "[access denied]\n"); 2504 lcp.Close(sp); 2505 break; 2506 } 2507 } 2508 if (debug) 2509 log(-1, "\n"); 2510 free (buf, M_TEMP); 2511 return; 2512} 2513 2514/* 2515 * Analyze the LCP Configure-NAK option list, and adjust our 2516 * negotiation. 2517 */ 2518static void 2519sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2520{ 2521 STDDCL; 2522 u_char *buf, *p; 2523 u_long magic; 2524 2525 len -= 4; 2526 buf = malloc (len, M_TEMP, M_NOWAIT); 2527 if (!buf) 2528 return; 2529 2530 if (debug) 2531 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2532 SPP_ARGS(ifp)); 2533 2534 p = (void*) (h+1); 2535 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2536 if (debug) 2537 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2538 switch (*p) { 2539 case LCP_OPT_MAGIC: 2540 /* Magic number -- renegotiate */ 2541 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2542 len >= 6 && p[1] == 6) { 2543 magic = (u_long)p[2] << 24 | 2544 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2545 /* 2546 * If the remote magic is our negated one, 2547 * this looks like a loopback problem. 2548 * Suggest a new magic to make sure. 2549 */ 2550 if (magic == ~sp->lcp.magic) { 2551 if (debug) 2552 log(-1, "magic glitch "); 2553#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2554 sp->lcp.magic = random(); 2555#else 2556 sp->lcp.magic = time.tv_sec + time.tv_usec; 2557#endif 2558 } else { 2559 sp->lcp.magic = magic; 2560 if (debug) 2561 log(-1, "%lu ", magic); 2562 } 2563 } 2564 break; 2565 case LCP_OPT_MRU: 2566 /* 2567 * Peer wants to advise us to negotiate an MRU. 2568 * Agree on it if it's reasonable, or use 2569 * default otherwise. 2570 */ 2571 if (len >= 4 && p[1] == 4) { 2572 u_int mru = p[2] * 256 + p[3]; 2573 if (debug) 2574 log(-1, "%d ", mru); 2575 if (mru < PP_MTU || mru > PP_MAX_MRU) 2576 mru = PP_MTU; 2577 sp->lcp.mru = mru; 2578 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2579 } 2580 break; 2581 case LCP_OPT_AUTH_PROTO: 2582 /* 2583 * Peer doesn't like our authentication method, 2584 * deny. 2585 */ 2586 if (debug) 2587 log(-1, "[access denied]\n"); 2588 lcp.Close(sp); 2589 break; 2590 } 2591 } 2592 if (debug) 2593 log(-1, "\n"); 2594 free (buf, M_TEMP); 2595 return; 2596} 2597 2598static void 2599sppp_lcp_tlu(struct sppp *sp) 2600{ 2601 STDDCL; 2602 int i; 2603 u_long mask; 2604 2605 /* XXX ? */ 2606 if (! (ifp->if_flags & IFF_UP) && 2607 (ifp->if_flags & IFF_RUNNING)) { 2608 /* Coming out of loopback mode. */ 2609 if_up(ifp); 2610 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2611 } 2612 2613 for (i = 0; i < IDX_COUNT; i++) 2614 if ((cps[i])->flags & CP_QUAL) 2615 (cps[i])->Open(sp); 2616 2617 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2618 (sp->pp_flags & PP_NEEDAUTH) != 0) 2619 sp->pp_phase = PHASE_AUTHENTICATE; 2620 else 2621 sp->pp_phase = PHASE_NETWORK; 2622 2623 if (debug) 2624 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2625 sppp_phase_name(sp->pp_phase)); 2626 2627 /* 2628 * Open all authentication protocols. This is even required 2629 * if we already proceeded to network phase, since it might be 2630 * that remote wants us to authenticate, so we might have to 2631 * send a PAP request. Undesired authentication protocols 2632 * don't do anything when they get an Open event. 2633 */ 2634 for (i = 0; i < IDX_COUNT; i++) 2635 if ((cps[i])->flags & CP_AUTH) 2636 (cps[i])->Open(sp); 2637 2638 if (sp->pp_phase == PHASE_NETWORK) { 2639 /* Notify all NCPs. */ 2640 for (i = 0; i < IDX_COUNT; i++) 2641 if (((cps[i])->flags & CP_NCP) && 2642 /* 2643 * XXX 2644 * Hack to administratively disable IPv6 if 2645 * not desired. Perhaps we should have another 2646 * flag for this, but right now, we can make 2647 * all struct cp's read/only. 2648 */ 2649 (cps[i] != &ipv6cp || 2650 (sp->confflags & CONF_ENABLE_IPV6))) 2651 (cps[i])->Open(sp); 2652 } 2653 2654 /* Send Up events to all started protos. */ 2655 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2656 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2657 (cps[i])->Up(sp); 2658 2659 /* notify low-level driver of state change */ 2660 if (sp->pp_chg) 2661 sp->pp_chg(sp, (int)sp->pp_phase); 2662 2663 if (sp->pp_phase == PHASE_NETWORK) 2664 /* if no NCP is starting, close down */ 2665 sppp_lcp_check_and_close(sp); 2666} 2667 2668static void 2669sppp_lcp_tld(struct sppp *sp) 2670{ 2671 STDDCL; 2672 int i; 2673 u_long mask; 2674 2675 sp->pp_phase = PHASE_TERMINATE; 2676 2677 if (debug) 2678 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2679 sppp_phase_name(sp->pp_phase)); 2680 2681 /* 2682 * Take upper layers down. We send the Down event first and 2683 * the Close second to prevent the upper layers from sending 2684 * ``a flurry of terminate-request packets'', as the RFC 2685 * describes it. 2686 */ 2687 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2688 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2689 (cps[i])->Down(sp); 2690 (cps[i])->Close(sp); 2691 } 2692} 2693 2694static void 2695sppp_lcp_tls(struct sppp *sp) 2696{ 2697 STDDCL; 2698 2699 sp->pp_phase = PHASE_ESTABLISH; 2700 2701 if (debug) 2702 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2703 sppp_phase_name(sp->pp_phase)); 2704 2705 /* Notify lower layer if desired. */ 2706 if (sp->pp_tls) 2707 (sp->pp_tls)(sp); 2708 else 2709 (sp->pp_up)(sp); 2710} 2711 2712static void 2713sppp_lcp_tlf(struct sppp *sp) 2714{ 2715 STDDCL; 2716 2717 sp->pp_phase = PHASE_DEAD; 2718 if (debug) 2719 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2720 sppp_phase_name(sp->pp_phase)); 2721 2722 /* Notify lower layer if desired. */ 2723 if (sp->pp_tlf) 2724 (sp->pp_tlf)(sp); 2725 else 2726 (sp->pp_down)(sp); 2727} 2728 2729static void 2730sppp_lcp_scr(struct sppp *sp) 2731{ 2732 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2733 int i = 0; 2734 u_short authproto; 2735 2736 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2737 if (! sp->lcp.magic) 2738#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2739 sp->lcp.magic = random(); 2740#else 2741 sp->lcp.magic = time.tv_sec + time.tv_usec; 2742#endif 2743 opt[i++] = LCP_OPT_MAGIC; 2744 opt[i++] = 6; 2745 opt[i++] = sp->lcp.magic >> 24; 2746 opt[i++] = sp->lcp.magic >> 16; 2747 opt[i++] = sp->lcp.magic >> 8; 2748 opt[i++] = sp->lcp.magic; 2749 } 2750 2751 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2752 opt[i++] = LCP_OPT_MRU; 2753 opt[i++] = 4; 2754 opt[i++] = sp->lcp.mru >> 8; 2755 opt[i++] = sp->lcp.mru; 2756 } 2757 2758 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2759 authproto = sp->hisauth.proto; 2760 opt[i++] = LCP_OPT_AUTH_PROTO; 2761 opt[i++] = authproto == PPP_CHAP? 5: 4; 2762 opt[i++] = authproto >> 8; 2763 opt[i++] = authproto; 2764 if (authproto == PPP_CHAP) 2765 opt[i++] = CHAP_MD5; 2766 } 2767 2768 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2769 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2770} 2771 2772/* 2773 * Check the open NCPs, return true if at least one NCP is open. 2774 */ 2775static int 2776sppp_ncp_check(struct sppp *sp) 2777{ 2778 int i, mask; 2779 2780 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2781 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2782 return 1; 2783 return 0; 2784} 2785 2786/* 2787 * Re-check the open NCPs and see if we should terminate the link. 2788 * Called by the NCPs during their tlf action handling. 2789 */ 2790static void 2791sppp_lcp_check_and_close(struct sppp *sp) 2792{ 2793 2794 if (sp->pp_phase < PHASE_NETWORK) 2795 /* don't bother, we are already going down */ 2796 return; 2797 2798 if (sppp_ncp_check(sp)) 2799 return; 2800 2801 lcp.Close(sp); 2802} 2803 2804/* 2805 *--------------------------------------------------------------------------* 2806 * * 2807 * The IPCP implementation. * 2808 * * 2809 *--------------------------------------------------------------------------* 2810 */ 2811 2812static void 2813sppp_ipcp_init(struct sppp *sp) 2814{ 2815 sp->ipcp.opts = 0; 2816 sp->ipcp.flags = 0; 2817 sp->state[IDX_IPCP] = STATE_INITIAL; 2818 sp->fail_counter[IDX_IPCP] = 0; 2819 sp->pp_seq[IDX_IPCP] = 0; 2820 sp->pp_rseq[IDX_IPCP] = 0; 2821#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2822 callout_handle_init(&sp->ch[IDX_IPCP]); 2823#endif 2824} 2825 2826static void 2827sppp_ipcp_up(struct sppp *sp) 2828{ 2829 sppp_up_event(&ipcp, sp); 2830} 2831 2832static void 2833sppp_ipcp_down(struct sppp *sp) 2834{ 2835 sppp_down_event(&ipcp, sp); 2836} 2837 2838static void 2839sppp_ipcp_open(struct sppp *sp) 2840{ 2841 STDDCL; 2842 u_long myaddr, hisaddr; 2843 2844 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN | 2845 IPCP_MYADDR_DYN | IPCP_VJ); 2846 sp->ipcp.opts = 0; 2847 2848 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2849 /* 2850 * If we don't have his address, this probably means our 2851 * interface doesn't want to talk IP at all. (This could 2852 * be the case if somebody wants to speak only IPX, for 2853 * example.) Don't open IPCP in this case. 2854 */ 2855 if (hisaddr == 0L) { 2856 /* XXX this message should go away */ 2857 if (debug) 2858 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2859 SPP_ARGS(ifp)); 2860 return; 2861 } 2862 if (myaddr == 0L) { 2863 /* 2864 * I don't have an assigned address, so i need to 2865 * negotiate my address. 2866 */ 2867 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2868 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2869 } else 2870 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2871 if (sp->confflags & CONF_ENABLE_VJ) { 2872 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION); 2873 sp->ipcp.max_state = MAX_STATES - 1; 2874 sp->ipcp.compress_cid = 1; 2875 } 2876 sppp_open_event(&ipcp, sp); 2877} 2878 2879static void 2880sppp_ipcp_close(struct sppp *sp) 2881{ 2882 sppp_close_event(&ipcp, sp); 2883 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2884 /* 2885 * My address was dynamic, clear it again. 2886 */ 2887 sppp_set_ip_addr(sp, 0L); 2888} 2889 2890static void 2891sppp_ipcp_TO(void *cookie) 2892{ 2893 sppp_to_event(&ipcp, (struct sppp *)cookie); 2894} 2895 2896/* 2897 * Analyze a configure request. Return true if it was agreeable, and 2898 * caused action sca, false if it has been rejected or nak'ed, and 2899 * caused action scn. (The return value is used to make the state 2900 * transition decision in the state automaton.) 2901 */ 2902static int 2903sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2904{ 2905 u_char *buf, *r, *p; 2906 struct ifnet *ifp = &sp->pp_if; 2907 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2908 u_long hisaddr, desiredaddr; 2909 int gotmyaddr = 0; 2910 int desiredcomp; 2911 2912 len -= 4; 2913 origlen = len; 2914 /* 2915 * Make sure to allocate a buf that can at least hold a 2916 * conf-nak with an `address' option. We might need it below. 2917 */ 2918 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2919 if (! buf) 2920 return (0); 2921 2922 /* pass 1: see if we can recognize them */ 2923 if (debug) 2924 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2925 SPP_ARGS(ifp)); 2926 p = (void*) (h+1); 2927 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2928 if (debug) 2929 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2930 switch (*p) { 2931 case IPCP_OPT_COMPRESSION: 2932 if (!(sp->confflags & CONF_ENABLE_VJ)) { 2933 /* VJ compression administratively disabled */ 2934 if (debug) 2935 log(-1, "[locally disabled] "); 2936 break; 2937 } 2938 /* 2939 * In theory, we should only conf-rej an 2940 * option that is shorter than RFC 1618 2941 * requires (i.e. < 4), and should conf-nak 2942 * anything else that is not VJ. However, 2943 * since our algorithm always uses the 2944 * original option to NAK it with new values, 2945 * things would become more complicated. In 2946 * pratice, the only commonly implemented IP 2947 * compression option is VJ anyway, so the 2948 * difference is negligible. 2949 */ 2950 if (len >= 6 && p[1] == 6) { 2951 /* 2952 * correctly formed compression option 2953 * that could be VJ compression 2954 */ 2955 continue; 2956 } 2957 if (debug) 2958 log(-1, 2959 "optlen %d [invalid/unsupported] ", 2960 p[1]); 2961 break; 2962 case IPCP_OPT_ADDRESS: 2963 if (len >= 6 && p[1] == 6) { 2964 /* correctly formed address option */ 2965 continue; 2966 } 2967 if (debug) 2968 log(-1, "[invalid] "); 2969 break; 2970 default: 2971 /* Others not supported. */ 2972 if (debug) 2973 log(-1, "[rej] "); 2974 break; 2975 } 2976 /* Add the option to rejected list. */ 2977 bcopy (p, r, p[1]); 2978 r += p[1]; 2979 rlen += p[1]; 2980 } 2981 if (rlen) { 2982 if (debug) 2983 log(-1, " send conf-rej\n"); 2984 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2985 return 0; 2986 } else if (debug) 2987 log(-1, "\n"); 2988 2989 /* pass 2: parse option values */ 2990 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2991 if (debug) 2992 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2993 SPP_ARGS(ifp)); 2994 p = (void*) (h+1); 2995 len = origlen; 2996 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2997 if (debug) 2998 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2999 switch (*p) { 3000 case IPCP_OPT_COMPRESSION: 3001 desiredcomp = p[2] << 8 | p[3]; 3002 /* We only support VJ */ 3003 if (desiredcomp == IPCP_COMP_VJ) { 3004 if (debug) 3005 log(-1, "VJ [ack] "); 3006 sp->ipcp.flags |= IPCP_VJ; 3007 sl_compress_init(sp->pp_comp, p[4]); 3008 sp->ipcp.max_state = p[4]; 3009 sp->ipcp.compress_cid = p[5]; 3010 continue; 3011 } 3012 if (debug) 3013 log(-1, 3014 "compproto %#04x [not supported] ", 3015 desiredcomp); 3016 p[2] = IPCP_COMP_VJ >> 8; 3017 p[3] = IPCP_COMP_VJ; 3018 p[4] = sp->ipcp.max_state; 3019 p[5] = sp->ipcp.compress_cid; 3020 break; 3021 case IPCP_OPT_ADDRESS: 3022 /* This is the address he wants in his end */ 3023 desiredaddr = p[2] << 24 | p[3] << 16 | 3024 p[4] << 8 | p[5]; 3025 if (desiredaddr == hisaddr || 3026 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) { 3027 /* 3028 * Peer's address is same as our value, 3029 * or we have set it to 0.0.0.* to 3030 * indicate that we do not really care, 3031 * this is agreeable. Gonna conf-ack 3032 * it. 3033 */ 3034 if (debug) 3035 log(-1, "%s [ack] ", 3036 sppp_dotted_quad(hisaddr)); 3037 /* record that we've seen it already */ 3038 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3039 continue; 3040 } 3041 /* 3042 * The address wasn't agreeable. This is either 3043 * he sent us 0.0.0.0, asking to assign him an 3044 * address, or he send us another address not 3045 * matching our value. Either case, we gonna 3046 * conf-nak it with our value. 3047 * XXX: we should "rej" if hisaddr == 0 3048 */ 3049 if (debug) { 3050 if (desiredaddr == 0) 3051 log(-1, "[addr requested] "); 3052 else 3053 log(-1, "%s [not agreed] ", 3054 sppp_dotted_quad(desiredaddr)); 3055 3056 } 3057 p[2] = hisaddr >> 24; 3058 p[3] = hisaddr >> 16; 3059 p[4] = hisaddr >> 8; 3060 p[5] = hisaddr; 3061 break; 3062 } 3063 /* Add the option to nak'ed list. */ 3064 bcopy (p, r, p[1]); 3065 r += p[1]; 3066 rlen += p[1]; 3067 } 3068 3069 /* 3070 * If we are about to conf-ack the request, but haven't seen 3071 * his address so far, gonna conf-nak it instead, with the 3072 * `address' option present and our idea of his address being 3073 * filled in there, to request negotiation of both addresses. 3074 * 3075 * XXX This can result in an endless req - nak loop if peer 3076 * doesn't want to send us his address. Q: What should we do 3077 * about it? XXX A: implement the max-failure counter. 3078 */ 3079 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 3080 buf[0] = IPCP_OPT_ADDRESS; 3081 buf[1] = 6; 3082 buf[2] = hisaddr >> 24; 3083 buf[3] = hisaddr >> 16; 3084 buf[4] = hisaddr >> 8; 3085 buf[5] = hisaddr; 3086 rlen = 6; 3087 if (debug) 3088 log(-1, "still need hisaddr "); 3089 } 3090 3091 if (rlen) { 3092 if (debug) 3093 log(-1, " send conf-nak\n"); 3094 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3095 } else { 3096 if (debug) 3097 log(-1, " send conf-ack\n"); 3098 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 3099 h->ident, origlen, h+1); 3100 } 3101 3102 free (buf, M_TEMP); 3103 return (rlen == 0); 3104} 3105 3106/* 3107 * Analyze the IPCP Configure-Reject option list, and adjust our 3108 * negotiation. 3109 */ 3110static void 3111sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3112{ 3113 u_char *buf, *p; 3114 struct ifnet *ifp = &sp->pp_if; 3115 int debug = ifp->if_flags & IFF_DEBUG; 3116 3117 len -= 4; 3118 buf = malloc (len, M_TEMP, M_NOWAIT); 3119 if (!buf) 3120 return; 3121 3122 if (debug) 3123 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 3124 SPP_ARGS(ifp)); 3125 3126 p = (void*) (h+1); 3127 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3128 if (debug) 3129 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3130 switch (*p) { 3131 case IPCP_OPT_COMPRESSION: 3132 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION); 3133 break; 3134 case IPCP_OPT_ADDRESS: 3135 /* 3136 * Peer doesn't grok address option. This is 3137 * bad. XXX Should we better give up here? 3138 * XXX We could try old "addresses" option... 3139 */ 3140 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3141 break; 3142 } 3143 } 3144 if (debug) 3145 log(-1, "\n"); 3146 free (buf, M_TEMP); 3147 return; 3148} 3149 3150/* 3151 * Analyze the IPCP Configure-NAK option list, and adjust our 3152 * negotiation. 3153 */ 3154static void 3155sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3156{ 3157 u_char *buf, *p; 3158 struct ifnet *ifp = &sp->pp_if; 3159 int debug = ifp->if_flags & IFF_DEBUG; 3160 int desiredcomp; 3161 u_long wantaddr; 3162 3163 len -= 4; 3164 buf = malloc (len, M_TEMP, M_NOWAIT); 3165 if (!buf) 3166 return; 3167 3168 if (debug) 3169 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 3170 SPP_ARGS(ifp)); 3171 3172 p = (void*) (h+1); 3173 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3174 if (debug) 3175 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3176 switch (*p) { 3177 case IPCP_OPT_COMPRESSION: 3178 if (len >= 6 && p[1] == 6) { 3179 desiredcomp = p[2] << 8 | p[3]; 3180 if (debug) 3181 log(-1, "[wantcomp %#04x] ", 3182 desiredcomp); 3183 if (desiredcomp == IPCP_COMP_VJ) { 3184 sl_compress_init(sp->pp_comp, p[4]); 3185 sp->ipcp.max_state = p[4]; 3186 sp->ipcp.compress_cid = p[5]; 3187 if (debug) 3188 log(-1, "[agree] "); 3189 } else 3190 sp->ipcp.opts &= 3191 ~(1 << IPCP_OPT_COMPRESSION); 3192 } 3193 break; 3194 case IPCP_OPT_ADDRESS: 3195 /* 3196 * Peer doesn't like our local IP address. See 3197 * if we can do something for him. We'll drop 3198 * him our address then. 3199 */ 3200 if (len >= 6 && p[1] == 6) { 3201 wantaddr = p[2] << 24 | p[3] << 16 | 3202 p[4] << 8 | p[5]; 3203 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3204 if (debug) 3205 log(-1, "[wantaddr %s] ", 3206 sppp_dotted_quad(wantaddr)); 3207 /* 3208 * When doing dynamic address assignment, 3209 * we accept his offer. Otherwise, we 3210 * ignore it and thus continue to negotiate 3211 * our already existing value. 3212 * XXX: Bogus, if he said no once, he'll 3213 * just say no again, might as well die. 3214 */ 3215 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3216 sppp_set_ip_addr(sp, wantaddr); 3217 if (debug) 3218 log(-1, "[agree] "); 3219 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3220 } 3221 } 3222 break; 3223 } 3224 } 3225 if (debug) 3226 log(-1, "\n"); 3227 free (buf, M_TEMP); 3228 return; 3229} 3230 3231static void 3232sppp_ipcp_tlu(struct sppp *sp) 3233{ 3234 /* we are up - notify isdn daemon */ 3235 if (sp->pp_con) 3236 sp->pp_con(sp); 3237} 3238 3239static void 3240sppp_ipcp_tld(struct sppp *sp) 3241{ 3242} 3243 3244static void 3245sppp_ipcp_tls(struct sppp *sp) 3246{ 3247 /* indicate to LCP that it must stay alive */ 3248 sp->lcp.protos |= (1 << IDX_IPCP); 3249} 3250 3251static void 3252sppp_ipcp_tlf(struct sppp *sp) 3253{ 3254 /* we no longer need LCP */ 3255 sp->lcp.protos &= ~(1 << IDX_IPCP); 3256 sppp_lcp_check_and_close(sp); 3257} 3258 3259static void 3260sppp_ipcp_scr(struct sppp *sp) 3261{ 3262 char opt[6 /* compression */ + 6 /* address */]; 3263 u_long ouraddr; 3264 int i = 0; 3265 3266 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3267 opt[i++] = IPCP_OPT_COMPRESSION; 3268 opt[i++] = 6; 3269 opt[i++] = IPCP_COMP_VJ >> 8; 3270 opt[i++] = IPCP_COMP_VJ; 3271 opt[i++] = sp->ipcp.max_state; 3272 opt[i++] = sp->ipcp.compress_cid; 3273 } 3274 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3275 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3276 opt[i++] = IPCP_OPT_ADDRESS; 3277 opt[i++] = 6; 3278 opt[i++] = ouraddr >> 24; 3279 opt[i++] = ouraddr >> 16; 3280 opt[i++] = ouraddr >> 8; 3281 opt[i++] = ouraddr; 3282 } 3283 3284 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3285 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3286} 3287 3288/* 3289 *--------------------------------------------------------------------------* 3290 * * 3291 * The IPv6CP implementation. * 3292 * * 3293 *--------------------------------------------------------------------------* 3294 */ 3295 3296#ifdef INET6 3297static void 3298sppp_ipv6cp_init(struct sppp *sp) 3299{ 3300 sp->ipv6cp.opts = 0; 3301 sp->ipv6cp.flags = 0; 3302 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3303 sp->fail_counter[IDX_IPV6CP] = 0; 3304 sp->pp_seq[IDX_IPV6CP] = 0; 3305 sp->pp_rseq[IDX_IPV6CP] = 0; 3306#if defined(__NetBSD__) 3307 callout_init(&sp->ch[IDX_IPV6CP]); 3308#endif 3309#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3310 callout_handle_init(&sp->ch[IDX_IPV6CP]); 3311#endif 3312} 3313 3314static void 3315sppp_ipv6cp_up(struct sppp *sp) 3316{ 3317 sppp_up_event(&ipv6cp, sp); 3318} 3319 3320static void 3321sppp_ipv6cp_down(struct sppp *sp) 3322{ 3323 sppp_down_event(&ipv6cp, sp); 3324} 3325 3326static void 3327sppp_ipv6cp_open(struct sppp *sp) 3328{ 3329 STDDCL; 3330 struct in6_addr myaddr, hisaddr; 3331 3332#ifdef IPV6CP_MYIFID_DYN 3333 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3334#else 3335 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3336#endif 3337 3338 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3339 /* 3340 * If we don't have our address, this probably means our 3341 * interface doesn't want to talk IPv6 at all. (This could 3342 * be the case if somebody wants to speak only IPX, for 3343 * example.) Don't open IPv6CP in this case. 3344 */ 3345 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3346 /* XXX this message should go away */ 3347 if (debug) 3348 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3349 SPP_ARGS(ifp)); 3350 return; 3351 } 3352 3353 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3354 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3355 sppp_open_event(&ipv6cp, sp); 3356} 3357 3358static void 3359sppp_ipv6cp_close(struct sppp *sp) 3360{ 3361 sppp_close_event(&ipv6cp, sp); 3362} 3363 3364static void 3365sppp_ipv6cp_TO(void *cookie) 3366{ 3367 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3368} 3369 3370/* 3371 * Analyze a configure request. Return true if it was agreeable, and 3372 * caused action sca, false if it has been rejected or nak'ed, and 3373 * caused action scn. (The return value is used to make the state 3374 * transition decision in the state automaton.) 3375 */ 3376static int 3377sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3378{ 3379 u_char *buf, *r, *p; 3380 struct ifnet *ifp = &sp->pp_if; 3381 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3382 struct in6_addr myaddr, desiredaddr, suggestaddr; 3383 int ifidcount; 3384 int type; 3385 int collision, nohisaddr; 3386 3387 len -= 4; 3388 origlen = len; 3389 /* 3390 * Make sure to allocate a buf that can at least hold a 3391 * conf-nak with an `address' option. We might need it below. 3392 */ 3393 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3394 if (! buf) 3395 return (0); 3396 3397 /* pass 1: see if we can recognize them */ 3398 if (debug) 3399 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3400 SPP_ARGS(ifp)); 3401 p = (void*) (h+1); 3402 ifidcount = 0; 3403 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3404 if (debug) 3405 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3406 switch (*p) { 3407 case IPV6CP_OPT_IFID: 3408 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3409 /* correctly formed address option */ 3410 ifidcount++; 3411 continue; 3412 } 3413 if (debug) 3414 log(-1, " [invalid]"); 3415 break; 3416#ifdef notyet 3417 case IPV6CP_OPT_COMPRESSION: 3418 if (len >= 4 && p[1] >= 4) { 3419 /* correctly formed compress option */ 3420 continue; 3421 } 3422 if (debug) 3423 log(-1, " [invalid]"); 3424 break; 3425#endif 3426 default: 3427 /* Others not supported. */ 3428 if (debug) 3429 log(-1, " [rej]"); 3430 break; 3431 } 3432 /* Add the option to rejected list. */ 3433 bcopy (p, r, p[1]); 3434 r += p[1]; 3435 rlen += p[1]; 3436 } 3437 if (rlen) { 3438 if (debug) 3439 log(-1, " send conf-rej\n"); 3440 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3441 goto end; 3442 } else if (debug) 3443 log(-1, "\n"); 3444 3445 /* pass 2: parse option values */ 3446 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3447 if (debug) 3448 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3449 SPP_ARGS(ifp)); 3450 p = (void*) (h+1); 3451 len = origlen; 3452 type = CONF_ACK; 3453 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3454 if (debug) 3455 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3456 switch (*p) { 3457#ifdef notyet 3458 case IPV6CP_OPT_COMPRESSION: 3459 continue; 3460#endif 3461 case IPV6CP_OPT_IFID: 3462 bzero(&desiredaddr, sizeof(desiredaddr)); 3463 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3464 collision = (bcmp(&desiredaddr.s6_addr[8], 3465 &myaddr.s6_addr[8], 8) == 0); 3466 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3467 3468 desiredaddr.s6_addr16[0] = htons(0xfe80); 3469 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3470 3471 if (!collision && !nohisaddr) { 3472 /* no collision, hisaddr known - Conf-Ack */ 3473 type = CONF_ACK; 3474 3475 if (debug) { 3476 log(-1, " %s [%s]", 3477 ip6_sprintf(&desiredaddr), 3478 sppp_cp_type_name(type)); 3479 } 3480 continue; 3481 } 3482 3483 bzero(&suggestaddr, sizeof(&suggestaddr)); 3484 if (collision && nohisaddr) { 3485 /* collision, hisaddr unknown - Conf-Rej */ 3486 type = CONF_REJ; 3487 bzero(&p[2], 8); 3488 } else { 3489 /* 3490 * - no collision, hisaddr unknown, or 3491 * - collision, hisaddr known 3492 * Conf-Nak, suggest hisaddr 3493 */ 3494 type = CONF_NAK; 3495 sppp_suggest_ip6_addr(sp, &suggestaddr); 3496 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3497 } 3498 if (debug) 3499 log(-1, " %s [%s]", ip6_sprintf(&desiredaddr), 3500 sppp_cp_type_name(type)); 3501 break; 3502 } 3503 /* Add the option to nak'ed list. */ 3504 bcopy (p, r, p[1]); 3505 r += p[1]; 3506 rlen += p[1]; 3507 } 3508 3509 if (rlen == 0 && type == CONF_ACK) { 3510 if (debug) 3511 log(-1, " send %s\n", sppp_cp_type_name(type)); 3512 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3513 } else { 3514#ifdef DIAGNOSTIC 3515 if (type == CONF_ACK) 3516 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3517#endif 3518 3519 if (debug) { 3520 log(-1, " send %s suggest %s\n", 3521 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3522 } 3523 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3524 } 3525 3526 end: 3527 free (buf, M_TEMP); 3528 return (rlen == 0); 3529} 3530 3531/* 3532 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3533 * negotiation. 3534 */ 3535static void 3536sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3537{ 3538 u_char *buf, *p; 3539 struct ifnet *ifp = &sp->pp_if; 3540 int debug = ifp->if_flags & IFF_DEBUG; 3541 3542 len -= 4; 3543 buf = malloc (len, M_TEMP, M_NOWAIT); 3544 if (!buf) 3545 return; 3546 3547 if (debug) 3548 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3549 SPP_ARGS(ifp)); 3550 3551 p = (void*) (h+1); 3552 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3553 if (debug) 3554 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3555 switch (*p) { 3556 case IPV6CP_OPT_IFID: 3557 /* 3558 * Peer doesn't grok address option. This is 3559 * bad. XXX Should we better give up here? 3560 */ 3561 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3562 break; 3563#ifdef notyet 3564 case IPV6CP_OPT_COMPRESS: 3565 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3566 break; 3567#endif 3568 } 3569 } 3570 if (debug) 3571 log(-1, "\n"); 3572 free (buf, M_TEMP); 3573 return; 3574} 3575 3576/* 3577 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3578 * negotiation. 3579 */ 3580static void 3581sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3582{ 3583 u_char *buf, *p; 3584 struct ifnet *ifp = &sp->pp_if; 3585 int debug = ifp->if_flags & IFF_DEBUG; 3586 struct in6_addr suggestaddr; 3587 3588 len -= 4; 3589 buf = malloc (len, M_TEMP, M_NOWAIT); 3590 if (!buf) 3591 return; 3592 3593 if (debug) 3594 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3595 SPP_ARGS(ifp)); 3596 3597 p = (void*) (h+1); 3598 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3599 if (debug) 3600 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3601 switch (*p) { 3602 case IPV6CP_OPT_IFID: 3603 /* 3604 * Peer doesn't like our local ifid. See 3605 * if we can do something for him. We'll drop 3606 * him our address then. 3607 */ 3608 if (len < 10 || p[1] != 10) 3609 break; 3610 bzero(&suggestaddr, sizeof(suggestaddr)); 3611 suggestaddr.s6_addr16[0] = htons(0xfe80); 3612 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3613 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3614 3615 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3616 if (debug) 3617 log(-1, " [suggestaddr %s]", 3618 ip6_sprintf(&suggestaddr)); 3619#ifdef IPV6CP_MYIFID_DYN 3620 /* 3621 * When doing dynamic address assignment, 3622 * we accept his offer. 3623 */ 3624 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3625 struct in6_addr lastsuggest; 3626 /* 3627 * If <suggested myaddr from peer> equals to 3628 * <hisaddr we have suggested last time>, 3629 * we have a collision. generate new random 3630 * ifid. 3631 */ 3632 sppp_suggest_ip6_addr(&lastsuggest); 3633 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3634 lastsuggest)) { 3635 if (debug) 3636 log(-1, " [random]"); 3637 sppp_gen_ip6_addr(sp, &suggestaddr); 3638 } 3639 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3640 if (debug) 3641 log(-1, " [agree]"); 3642 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3643 } 3644#else 3645 /* 3646 * Since we do not do dynamic address assignment, 3647 * we ignore it and thus continue to negotiate 3648 * our already existing value. This can possibly 3649 * go into infinite request-reject loop. 3650 * 3651 * This is not likely because we normally use 3652 * ifid based on MAC-address. 3653 * If you have no ethernet card on the node, too bad. 3654 * XXX should we use fail_counter? 3655 */ 3656#endif 3657 break; 3658#ifdef notyet 3659 case IPV6CP_OPT_COMPRESS: 3660 /* 3661 * Peer wants different compression parameters. 3662 */ 3663 break; 3664#endif 3665 } 3666 } 3667 if (debug) 3668 log(-1, "\n"); 3669 free (buf, M_TEMP); 3670 return; 3671} 3672static void 3673sppp_ipv6cp_tlu(struct sppp *sp) 3674{ 3675 /* we are up - notify isdn daemon */ 3676 if (sp->pp_con) 3677 sp->pp_con(sp); 3678} 3679 3680static void 3681sppp_ipv6cp_tld(struct sppp *sp) 3682{ 3683} 3684 3685static void 3686sppp_ipv6cp_tls(struct sppp *sp) 3687{ 3688 /* indicate to LCP that it must stay alive */ 3689 sp->lcp.protos |= (1 << IDX_IPV6CP); 3690} 3691 3692static void 3693sppp_ipv6cp_tlf(struct sppp *sp) 3694{ 3695 3696#if 0 /* need #if 0 to close IPv6CP properly */ 3697 /* we no longer need LCP */ 3698 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3699 sppp_lcp_check_and_close(sp); 3700#endif 3701} 3702 3703static void 3704sppp_ipv6cp_scr(struct sppp *sp) 3705{ 3706 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3707 struct in6_addr ouraddr; 3708 int i = 0; 3709 3710 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3711 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3712 opt[i++] = IPV6CP_OPT_IFID; 3713 opt[i++] = 10; 3714 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3715 i += 8; 3716 } 3717 3718#ifdef notyet 3719 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3720 opt[i++] = IPV6CP_OPT_COMPRESSION; 3721 opt[i++] = 4; 3722 opt[i++] = 0; /* TBD */ 3723 opt[i++] = 0; /* TBD */ 3724 /* variable length data may follow */ 3725 } 3726#endif 3727 3728 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3729 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3730} 3731#else /*INET6*/ 3732static void sppp_ipv6cp_init(struct sppp *sp) 3733{ 3734} 3735 3736static void sppp_ipv6cp_up(struct sppp *sp) 3737{ 3738} 3739 3740static void sppp_ipv6cp_down(struct sppp *sp) 3741{ 3742} 3743 3744 3745static void sppp_ipv6cp_open(struct sppp *sp) 3746{ 3747} 3748 3749static void sppp_ipv6cp_close(struct sppp *sp) 3750{ 3751} 3752 3753static void sppp_ipv6cp_TO(void *sp) 3754{ 3755} 3756 3757static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3758{ 3759 return 0; 3760} 3761 3762static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3763{ 3764} 3765 3766static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3767{ 3768} 3769 3770static void sppp_ipv6cp_tlu(struct sppp *sp) 3771{ 3772} 3773 3774static void sppp_ipv6cp_tld(struct sppp *sp) 3775{ 3776} 3777 3778static void sppp_ipv6cp_tls(struct sppp *sp) 3779{ 3780} 3781 3782static void sppp_ipv6cp_tlf(struct sppp *sp) 3783{ 3784} 3785 3786static void sppp_ipv6cp_scr(struct sppp *sp) 3787{ 3788} 3789#endif /*INET6*/ 3790 3791/* 3792 *--------------------------------------------------------------------------* 3793 * * 3794 * The CHAP implementation. * 3795 * * 3796 *--------------------------------------------------------------------------* 3797 */ 3798 3799/* 3800 * The authentication protocols don't employ a full-fledged state machine as 3801 * the control protocols do, since they do have Open and Close events, but 3802 * not Up and Down, nor are they explicitly terminated. Also, use of the 3803 * authentication protocols may be different in both directions (this makes 3804 * sense, think of a machine that never accepts incoming calls but only 3805 * calls out, it doesn't require the called party to authenticate itself). 3806 * 3807 * Our state machine for the local authentication protocol (we are requesting 3808 * the peer to authenticate) looks like: 3809 * 3810 * RCA- 3811 * +--------------------------------------------+ 3812 * V scn,tld| 3813 * +--------+ Close +---------+ RCA+ 3814 * | |<----------------------------------| |------+ 3815 * +--->| Closed | TO* | Opened | sca | 3816 * | | |-----+ +-------| |<-----+ 3817 * | +--------+ irc | | +---------+ 3818 * | ^ | | ^ 3819 * | | | | | 3820 * | | | | | 3821 * | TO-| | | | 3822 * | |tld TO+ V | | 3823 * | | +------->+ | | 3824 * | | | | | | 3825 * | +--------+ V | | 3826 * | | |<----+<--------------------+ | 3827 * | | Req- | scr | 3828 * | | Sent | | 3829 * | | | | 3830 * | +--------+ | 3831 * | RCA- | | RCA+ | 3832 * +------+ +------------------------------------------+ 3833 * scn,tld sca,irc,ict,tlu 3834 * 3835 * 3836 * with: 3837 * 3838 * Open: LCP reached authentication phase 3839 * Close: LCP reached terminate phase 3840 * 3841 * RCA+: received reply (pap-req, chap-response), acceptable 3842 * RCN: received reply (pap-req, chap-response), not acceptable 3843 * TO+: timeout with restart counter >= 0 3844 * TO-: timeout with restart counter < 0 3845 * TO*: reschedule timeout for CHAP 3846 * 3847 * scr: send request packet (none for PAP, chap-challenge) 3848 * sca: send ack packet (pap-ack, chap-success) 3849 * scn: send nak packet (pap-nak, chap-failure) 3850 * ict: initialize re-challenge timer (CHAP only) 3851 * 3852 * tlu: this-layer-up, LCP reaches network phase 3853 * tld: this-layer-down, LCP enters terminate phase 3854 * 3855 * Note that in CHAP mode, after sending a new challenge, while the state 3856 * automaton falls back into Req-Sent state, it doesn't signal a tld 3857 * event to LCP, so LCP remains in network phase. Only after not getting 3858 * any response (or after getting an unacceptable response), CHAP closes, 3859 * causing LCP to enter terminate phase. 3860 * 3861 * With PAP, there is no initial request that can be sent. The peer is 3862 * expected to send one based on the successful negotiation of PAP as 3863 * the authentication protocol during the LCP option negotiation. 3864 * 3865 * Incoming authentication protocol requests (remote requests 3866 * authentication, we are peer) don't employ a state machine at all, 3867 * they are simply answered. Some peers [Ascend P50 firmware rev 3868 * 4.50] react allergically when sending IPCP requests while they are 3869 * still in authentication phase (thereby violating the standard that 3870 * demands that these NCP packets are to be discarded), so we keep 3871 * track of the peer demanding us to authenticate, and only proceed to 3872 * phase network once we've seen a positive acknowledge for the 3873 * authentication. 3874 */ 3875 3876/* 3877 * Handle incoming CHAP packets. 3878 */ 3879static void 3880sppp_chap_input(struct sppp *sp, struct mbuf *m) 3881{ 3882 STDDCL; 3883 struct lcp_header *h; 3884 int len, x; 3885 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3886 int value_len, name_len; 3887 MD5_CTX ctx; 3888 3889 len = m->m_pkthdr.len; 3890 if (len < 4) { 3891 if (debug) 3892 log(LOG_DEBUG, 3893 SPP_FMT "chap invalid packet length: %d bytes\n", 3894 SPP_ARGS(ifp), len); 3895 return; 3896 } 3897 h = mtod (m, struct lcp_header*); 3898 if (len > ntohs (h->len)) 3899 len = ntohs (h->len); 3900 3901 switch (h->type) { 3902 /* challenge, failure and success are his authproto */ 3903 case CHAP_CHALLENGE: 3904 value = 1 + (u_char*)(h+1); 3905 value_len = value[-1]; 3906 name = value + value_len; 3907 name_len = len - value_len - 5; 3908 if (name_len < 0) { 3909 if (debug) { 3910 log(LOG_DEBUG, 3911 SPP_FMT "chap corrupted challenge " 3912 "<%s id=0x%x len=%d", 3913 SPP_ARGS(ifp), 3914 sppp_auth_type_name(PPP_CHAP, h->type), 3915 h->ident, ntohs(h->len)); 3916 sppp_print_bytes((u_char*) (h+1), len-4); 3917 log(-1, ">\n"); 3918 } 3919 break; 3920 } 3921 3922 if (debug) { 3923 log(LOG_DEBUG, 3924 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3925 SPP_ARGS(ifp), 3926 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3927 ntohs(h->len)); 3928 sppp_print_string((char*) name, name_len); 3929 log(-1, " value-size=%d value=", value_len); 3930 sppp_print_bytes(value, value_len); 3931 log(-1, ">\n"); 3932 } 3933 3934 /* Compute reply value. */ 3935 MD5Init(&ctx); 3936 MD5Update(&ctx, &h->ident, 1); 3937 MD5Update(&ctx, sp->myauth.secret, 3938 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3939 MD5Update(&ctx, value, value_len); 3940 MD5Final(digest, &ctx); 3941 dsize = sizeof digest; 3942 3943 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3944 sizeof dsize, (const char *)&dsize, 3945 sizeof digest, digest, 3946 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3947 sp->myauth.name, 3948 0); 3949 break; 3950 3951 case CHAP_SUCCESS: 3952 if (debug) { 3953 log(LOG_DEBUG, SPP_FMT "chap success", 3954 SPP_ARGS(ifp)); 3955 if (len > 4) { 3956 log(-1, ": "); 3957 sppp_print_string((char*)(h + 1), len - 4); 3958 } 3959 log(-1, "\n"); 3960 } 3961 x = splimp(); 3962 sp->pp_flags &= ~PP_NEEDAUTH; 3963 if (sp->myauth.proto == PPP_CHAP && 3964 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3965 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3966 /* 3967 * We are authenticator for CHAP but didn't 3968 * complete yet. Leave it to tlu to proceed 3969 * to network phase. 3970 */ 3971 splx(x); 3972 break; 3973 } 3974 splx(x); 3975 sppp_phase_network(sp); 3976 break; 3977 3978 case CHAP_FAILURE: 3979 if (debug) { 3980 log(LOG_INFO, SPP_FMT "chap failure", 3981 SPP_ARGS(ifp)); 3982 if (len > 4) { 3983 log(-1, ": "); 3984 sppp_print_string((char*)(h + 1), len - 4); 3985 } 3986 log(-1, "\n"); 3987 } else 3988 log(LOG_INFO, SPP_FMT "chap failure\n", 3989 SPP_ARGS(ifp)); 3990 /* await LCP shutdown by authenticator */ 3991 break; 3992 3993 /* response is my authproto */ 3994 case CHAP_RESPONSE: 3995 value = 1 + (u_char*)(h+1); 3996 value_len = value[-1]; 3997 name = value + value_len; 3998 name_len = len - value_len - 5; 3999 if (name_len < 0) { 4000 if (debug) { 4001 log(LOG_DEBUG, 4002 SPP_FMT "chap corrupted response " 4003 "<%s id=0x%x len=%d", 4004 SPP_ARGS(ifp), 4005 sppp_auth_type_name(PPP_CHAP, h->type), 4006 h->ident, ntohs(h->len)); 4007 sppp_print_bytes((u_char*)(h+1), len-4); 4008 log(-1, ">\n"); 4009 } 4010 break; 4011 } 4012 if (h->ident != sp->confid[IDX_CHAP]) { 4013 if (debug) 4014 log(LOG_DEBUG, 4015 SPP_FMT "chap dropping response for old ID " 4016 "(got %d, expected %d)\n", 4017 SPP_ARGS(ifp), 4018 h->ident, sp->confid[IDX_CHAP]); 4019 break; 4020 } 4021 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 4022 || bcmp(name, sp->hisauth.name, name_len) != 0) { 4023 log(LOG_INFO, SPP_FMT "chap response, his name ", 4024 SPP_ARGS(ifp)); 4025 sppp_print_string(name, name_len); 4026 log(-1, " != expected "); 4027 sppp_print_string(sp->hisauth.name, 4028 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 4029 log(-1, "\n"); 4030 } 4031 if (debug) { 4032 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 4033 "<%s id=0x%x len=%d name=", 4034 SPP_ARGS(ifp), 4035 sppp_state_name(sp->state[IDX_CHAP]), 4036 sppp_auth_type_name(PPP_CHAP, h->type), 4037 h->ident, ntohs (h->len)); 4038 sppp_print_string((char*)name, name_len); 4039 log(-1, " value-size=%d value=", value_len); 4040 sppp_print_bytes(value, value_len); 4041 log(-1, ">\n"); 4042 } 4043 if (value_len != AUTHKEYLEN) { 4044 if (debug) 4045 log(LOG_DEBUG, 4046 SPP_FMT "chap bad hash value length: " 4047 "%d bytes, should be %d\n", 4048 SPP_ARGS(ifp), value_len, 4049 AUTHKEYLEN); 4050 break; 4051 } 4052 4053 MD5Init(&ctx); 4054 MD5Update(&ctx, &h->ident, 1); 4055 MD5Update(&ctx, sp->hisauth.secret, 4056 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 4057 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 4058 MD5Final(digest, &ctx); 4059 4060#define FAILMSG "Failed..." 4061#define SUCCMSG "Welcome!" 4062 4063 if (value_len != sizeof digest || 4064 bcmp(digest, value, value_len) != 0) { 4065 /* action scn, tld */ 4066 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4067 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4068 0); 4069 chap.tld(sp); 4070 break; 4071 } 4072 /* action sca, perhaps tlu */ 4073 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4074 sp->state[IDX_CHAP] == STATE_OPENED) 4075 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4076 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4077 0); 4078 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4079 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4080 chap.tlu(sp); 4081 } 4082 break; 4083 4084 default: 4085 /* Unknown CHAP packet type -- ignore. */ 4086 if (debug) { 4087 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4088 "<0x%x id=0x%xh len=%d", 4089 SPP_ARGS(ifp), 4090 sppp_state_name(sp->state[IDX_CHAP]), 4091 h->type, h->ident, ntohs(h->len)); 4092 sppp_print_bytes((u_char*)(h+1), len-4); 4093 log(-1, ">\n"); 4094 } 4095 break; 4096 4097 } 4098} 4099 4100static void 4101sppp_chap_init(struct sppp *sp) 4102{ 4103 /* Chap doesn't have STATE_INITIAL at all. */ 4104 sp->state[IDX_CHAP] = STATE_CLOSED; 4105 sp->fail_counter[IDX_CHAP] = 0; 4106 sp->pp_seq[IDX_CHAP] = 0; 4107 sp->pp_rseq[IDX_CHAP] = 0; 4108#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4109 callout_handle_init(&sp->ch[IDX_CHAP]); 4110#endif 4111} 4112 4113static void 4114sppp_chap_open(struct sppp *sp) 4115{ 4116 if (sp->myauth.proto == PPP_CHAP && 4117 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4118 /* we are authenticator for CHAP, start it */ 4119 chap.scr(sp); 4120 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4121 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4122 } 4123 /* nothing to be done if we are peer, await a challenge */ 4124} 4125 4126static void 4127sppp_chap_close(struct sppp *sp) 4128{ 4129 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4130 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4131} 4132 4133static void 4134sppp_chap_TO(void *cookie) 4135{ 4136 struct sppp *sp = (struct sppp *)cookie; 4137 STDDCL; 4138 int s; 4139 4140 s = splimp(); 4141 if (debug) 4142 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4143 SPP_ARGS(ifp), 4144 sppp_state_name(sp->state[IDX_CHAP]), 4145 sp->rst_counter[IDX_CHAP]); 4146 4147 if (--sp->rst_counter[IDX_CHAP] < 0) 4148 /* TO- event */ 4149 switch (sp->state[IDX_CHAP]) { 4150 case STATE_REQ_SENT: 4151 chap.tld(sp); 4152 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4153 break; 4154 } 4155 else 4156 /* TO+ (or TO*) event */ 4157 switch (sp->state[IDX_CHAP]) { 4158 case STATE_OPENED: 4159 /* TO* event */ 4160 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4161 /* FALLTHROUGH */ 4162 case STATE_REQ_SENT: 4163 chap.scr(sp); 4164 /* sppp_cp_change_state() will restart the timer */ 4165 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4166 break; 4167 } 4168 4169 splx(s); 4170} 4171 4172static void 4173sppp_chap_tlu(struct sppp *sp) 4174{ 4175 STDDCL; 4176 int i, x; 4177 4178 i = 0; 4179 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4180 4181 /* 4182 * Some broken CHAP implementations (Conware CoNet, firmware 4183 * 4.0.?) don't want to re-authenticate their CHAP once the 4184 * initial challenge-response exchange has taken place. 4185 * Provide for an option to avoid rechallenges. 4186 */ 4187 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4188 /* 4189 * Compute the re-challenge timeout. This will yield 4190 * a number between 300 and 810 seconds. 4191 */ 4192 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4193 TIMEOUT(chap.TO, (void *)sp, i * hz, sp->ch[IDX_CHAP]); 4194 } 4195 4196 if (debug) { 4197 log(LOG_DEBUG, 4198 SPP_FMT "chap %s, ", 4199 SPP_ARGS(ifp), 4200 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4201 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4202 log(-1, "next re-challenge in %d seconds\n", i); 4203 else 4204 log(-1, "re-challenging supressed\n"); 4205 } 4206 4207 x = splimp(); 4208 /* indicate to LCP that we need to be closed down */ 4209 sp->lcp.protos |= (1 << IDX_CHAP); 4210 4211 if (sp->pp_flags & PP_NEEDAUTH) { 4212 /* 4213 * Remote is authenticator, but his auth proto didn't 4214 * complete yet. Defer the transition to network 4215 * phase. 4216 */ 4217 splx(x); 4218 return; 4219 } 4220 splx(x); 4221 4222 /* 4223 * If we are already in phase network, we are done here. This 4224 * is the case if this is a dummy tlu event after a re-challenge. 4225 */ 4226 if (sp->pp_phase != PHASE_NETWORK) 4227 sppp_phase_network(sp); 4228} 4229 4230static void 4231sppp_chap_tld(struct sppp *sp) 4232{ 4233 STDDCL; 4234 4235 if (debug) 4236 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4237 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 4238 sp->lcp.protos &= ~(1 << IDX_CHAP); 4239 4240 lcp.Close(sp); 4241} 4242 4243static void 4244sppp_chap_scr(struct sppp *sp) 4245{ 4246 u_long *ch, seed; 4247 u_char clen; 4248 4249 /* Compute random challenge. */ 4250 ch = (u_long *)sp->myauth.challenge; 4251#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4252 read_random(&seed, sizeof seed); 4253#else 4254 { 4255 struct timeval tv; 4256 microtime(&tv); 4257 seed = tv.tv_sec ^ tv.tv_usec; 4258 } 4259#endif 4260 ch[0] = seed ^ random(); 4261 ch[1] = seed ^ random(); 4262 ch[2] = seed ^ random(); 4263 ch[3] = seed ^ random(); 4264 clen = AUTHKEYLEN; 4265 4266 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4267 4268 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4269 sizeof clen, (const char *)&clen, 4270 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4271 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4272 sp->myauth.name, 4273 0); 4274} 4275 4276/* 4277 *--------------------------------------------------------------------------* 4278 * * 4279 * The PAP implementation. * 4280 * * 4281 *--------------------------------------------------------------------------* 4282 */ 4283/* 4284 * For PAP, we need to keep a little state also if we are the peer, not the 4285 * authenticator. This is since we don't get a request to authenticate, but 4286 * have to repeatedly authenticate ourself until we got a response (or the 4287 * retry counter is expired). 4288 */ 4289 4290/* 4291 * Handle incoming PAP packets. */ 4292static void 4293sppp_pap_input(struct sppp *sp, struct mbuf *m) 4294{ 4295 STDDCL; 4296 struct lcp_header *h; 4297 int len, x; 4298 u_char *name, *passwd, mlen; 4299 int name_len, passwd_len; 4300 4301 len = m->m_pkthdr.len; 4302 if (len < 5) { 4303 if (debug) 4304 log(LOG_DEBUG, 4305 SPP_FMT "pap invalid packet length: %d bytes\n", 4306 SPP_ARGS(ifp), len); 4307 return; 4308 } 4309 h = mtod (m, struct lcp_header*); 4310 if (len > ntohs (h->len)) 4311 len = ntohs (h->len); 4312 switch (h->type) { 4313 /* PAP request is my authproto */ 4314 case PAP_REQ: 4315 name = 1 + (u_char*)(h+1); 4316 name_len = name[-1]; 4317 passwd = name + name_len + 1; 4318 if (name_len > len - 6 || 4319 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4320 if (debug) { 4321 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4322 "<%s id=0x%x len=%d", 4323 SPP_ARGS(ifp), 4324 sppp_auth_type_name(PPP_PAP, h->type), 4325 h->ident, ntohs(h->len)); 4326 sppp_print_bytes((u_char*)(h+1), len-4); 4327 log(-1, ">\n"); 4328 } 4329 break; 4330 } 4331 if (debug) { 4332 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4333 "<%s id=0x%x len=%d name=", 4334 SPP_ARGS(ifp), 4335 sppp_state_name(sp->state[IDX_PAP]), 4336 sppp_auth_type_name(PPP_PAP, h->type), 4337 h->ident, ntohs(h->len)); 4338 sppp_print_string((char*)name, name_len); 4339 log(-1, " passwd="); 4340 sppp_print_string((char*)passwd, passwd_len); 4341 log(-1, ">\n"); 4342 } 4343 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4344 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4345 bcmp(name, sp->hisauth.name, name_len) != 0 || 4346 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4347 /* action scn, tld */ 4348 mlen = sizeof(FAILMSG) - 1; 4349 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4350 sizeof mlen, (const char *)&mlen, 4351 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4352 0); 4353 pap.tld(sp); 4354 break; 4355 } 4356 /* action sca, perhaps tlu */ 4357 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4358 sp->state[IDX_PAP] == STATE_OPENED) { 4359 mlen = sizeof(SUCCMSG) - 1; 4360 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4361 sizeof mlen, (const char *)&mlen, 4362 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4363 0); 4364 } 4365 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4366 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4367 pap.tlu(sp); 4368 } 4369 break; 4370 4371 /* ack and nak are his authproto */ 4372 case PAP_ACK: 4373 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4374 if (debug) { 4375 log(LOG_DEBUG, SPP_FMT "pap success", 4376 SPP_ARGS(ifp)); 4377 name_len = *((char *)h); 4378 if (len > 5 && name_len) { 4379 log(-1, ": "); 4380 sppp_print_string((char*)(h+1), name_len); 4381 } 4382 log(-1, "\n"); 4383 } 4384 x = splimp(); 4385 sp->pp_flags &= ~PP_NEEDAUTH; 4386 if (sp->myauth.proto == PPP_PAP && 4387 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4388 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4389 /* 4390 * We are authenticator for PAP but didn't 4391 * complete yet. Leave it to tlu to proceed 4392 * to network phase. 4393 */ 4394 splx(x); 4395 break; 4396 } 4397 splx(x); 4398 sppp_phase_network(sp); 4399 break; 4400 4401 case PAP_NAK: 4402 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4403 if (debug) { 4404 log(LOG_INFO, SPP_FMT "pap failure", 4405 SPP_ARGS(ifp)); 4406 name_len = *((char *)h); 4407 if (len > 5 && name_len) { 4408 log(-1, ": "); 4409 sppp_print_string((char*)(h+1), name_len); 4410 } 4411 log(-1, "\n"); 4412 } else 4413 log(LOG_INFO, SPP_FMT "pap failure\n", 4414 SPP_ARGS(ifp)); 4415 /* await LCP shutdown by authenticator */ 4416 break; 4417 4418 default: 4419 /* Unknown PAP packet type -- ignore. */ 4420 if (debug) { 4421 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4422 "<0x%x id=0x%x len=%d", 4423 SPP_ARGS(ifp), 4424 h->type, h->ident, ntohs(h->len)); 4425 sppp_print_bytes((u_char*)(h+1), len-4); 4426 log(-1, ">\n"); 4427 } 4428 break; 4429 4430 } 4431} 4432 4433static void 4434sppp_pap_init(struct sppp *sp) 4435{ 4436 /* PAP doesn't have STATE_INITIAL at all. */ 4437 sp->state[IDX_PAP] = STATE_CLOSED; 4438 sp->fail_counter[IDX_PAP] = 0; 4439 sp->pp_seq[IDX_PAP] = 0; 4440 sp->pp_rseq[IDX_PAP] = 0; 4441#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4442 callout_handle_init(&sp->ch[IDX_PAP]); 4443 callout_handle_init(&sp->pap_my_to_ch); 4444#endif 4445} 4446 4447static void 4448sppp_pap_open(struct sppp *sp) 4449{ 4450 if (sp->hisauth.proto == PPP_PAP && 4451 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4452 /* we are authenticator for PAP, start our timer */ 4453 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4454 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4455 } 4456 if (sp->myauth.proto == PPP_PAP) { 4457 /* we are peer, send a request, and start a timer */ 4458 pap.scr(sp); 4459 TIMEOUT(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout, 4460 sp->pap_my_to_ch); 4461 } 4462} 4463 4464static void 4465sppp_pap_close(struct sppp *sp) 4466{ 4467 if (sp->state[IDX_PAP] != STATE_CLOSED) 4468 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4469} 4470 4471/* 4472 * That's the timeout routine if we are authenticator. Since the 4473 * authenticator is basically passive in PAP, we can't do much here. 4474 */ 4475static void 4476sppp_pap_TO(void *cookie) 4477{ 4478 struct sppp *sp = (struct sppp *)cookie; 4479 STDDCL; 4480 int s; 4481 4482 s = splimp(); 4483 if (debug) 4484 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4485 SPP_ARGS(ifp), 4486 sppp_state_name(sp->state[IDX_PAP]), 4487 sp->rst_counter[IDX_PAP]); 4488 4489 if (--sp->rst_counter[IDX_PAP] < 0) 4490 /* TO- event */ 4491 switch (sp->state[IDX_PAP]) { 4492 case STATE_REQ_SENT: 4493 pap.tld(sp); 4494 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4495 break; 4496 } 4497 else 4498 /* TO+ event, not very much we could do */ 4499 switch (sp->state[IDX_PAP]) { 4500 case STATE_REQ_SENT: 4501 /* sppp_cp_change_state() will restart the timer */ 4502 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4503 break; 4504 } 4505 4506 splx(s); 4507} 4508 4509/* 4510 * That's the timeout handler if we are peer. Since the peer is active, 4511 * we need to retransmit our PAP request since it is apparently lost. 4512 * XXX We should impose a max counter. 4513 */ 4514static void 4515sppp_pap_my_TO(void *cookie) 4516{ 4517 struct sppp *sp = (struct sppp *)cookie; 4518 STDDCL; 4519 4520 if (debug) 4521 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4522 SPP_ARGS(ifp)); 4523 4524 pap.scr(sp); 4525} 4526 4527static void 4528sppp_pap_tlu(struct sppp *sp) 4529{ 4530 STDDCL; 4531 int x; 4532 4533 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4534 4535 if (debug) 4536 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4537 SPP_ARGS(ifp), pap.name); 4538 4539 x = splimp(); 4540 /* indicate to LCP that we need to be closed down */ 4541 sp->lcp.protos |= (1 << IDX_PAP); 4542 4543 if (sp->pp_flags & PP_NEEDAUTH) { 4544 /* 4545 * Remote is authenticator, but his auth proto didn't 4546 * complete yet. Defer the transition to network 4547 * phase. 4548 */ 4549 splx(x); 4550 return; 4551 } 4552 splx(x); 4553 sppp_phase_network(sp); 4554} 4555 4556static void 4557sppp_pap_tld(struct sppp *sp) 4558{ 4559 STDDCL; 4560 4561 if (debug) 4562 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4563 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 4564 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4565 sp->lcp.protos &= ~(1 << IDX_PAP); 4566 4567 lcp.Close(sp); 4568} 4569 4570static void 4571sppp_pap_scr(struct sppp *sp) 4572{ 4573 u_char idlen, pwdlen; 4574 4575 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4576 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4577 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4578 4579 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4580 sizeof idlen, (const char *)&idlen, 4581 (size_t)idlen, sp->myauth.name, 4582 sizeof pwdlen, (const char *)&pwdlen, 4583 (size_t)pwdlen, sp->myauth.secret, 4584 0); 4585} 4586 4587/* 4588 * Random miscellaneous functions. 4589 */ 4590 4591/* 4592 * Send a PAP or CHAP proto packet. 4593 * 4594 * Varadic function, each of the elements for the ellipsis is of type 4595 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4596 * mlen == 0. 4597 * NOTE: never declare variadic functions with types subject to type 4598 * promotion (i.e. u_char). This is asking for big trouble depending 4599 * on the architecture you are on... 4600 */ 4601 4602static void 4603sppp_auth_send(const struct cp *cp, struct sppp *sp, 4604 unsigned int type, unsigned int id, 4605 ...) 4606{ 4607 STDDCL; 4608 struct ppp_header *h; 4609 struct lcp_header *lh; 4610 struct mbuf *m; 4611 u_char *p; 4612 int len; 4613 unsigned int mlen; 4614 const char *msg; 4615 va_list ap; 4616 4617 MGETHDR (m, M_DONTWAIT, MT_DATA); 4618 if (! m) 4619 return; 4620 m->m_pkthdr.rcvif = 0; 4621 4622 h = mtod (m, struct ppp_header*); 4623 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4624 h->control = PPP_UI; /* Unnumbered Info */ 4625 h->protocol = htons(cp->proto); 4626 4627 lh = (struct lcp_header*)(h + 1); 4628 lh->type = type; 4629 lh->ident = id; 4630 p = (u_char*) (lh+1); 4631 4632 va_start(ap, id); 4633 len = 0; 4634 4635 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4636 msg = va_arg(ap, const char *); 4637 len += mlen; 4638 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4639 va_end(ap); 4640 m_freem(m); 4641 return; 4642 } 4643 4644 bcopy(msg, p, mlen); 4645 p += mlen; 4646 } 4647 va_end(ap); 4648 4649 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4650 lh->len = htons (LCP_HEADER_LEN + len); 4651 4652 if (debug) { 4653 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4654 SPP_ARGS(ifp), cp->name, 4655 sppp_auth_type_name(cp->proto, lh->type), 4656 lh->ident, ntohs(lh->len)); 4657 sppp_print_bytes((u_char*) (lh+1), len); 4658 log(-1, ">\n"); 4659 } 4660 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 4661 ifp->if_oerrors++; 4662} 4663 4664/* 4665 * Flush interface queue. 4666 */ 4667static void 4668sppp_qflush(struct ifqueue *ifq) 4669{ 4670 struct mbuf *m, *n; 4671 4672 n = ifq->ifq_head; 4673 while ((m = n)) { 4674 n = m->m_act; 4675 m_freem (m); 4676 } 4677 ifq->ifq_head = 0; 4678 ifq->ifq_tail = 0; 4679 ifq->ifq_len = 0; 4680} 4681 4682/* 4683 * Send keepalive packets, every 10 seconds. 4684 */ 4685static void 4686sppp_keepalive(void *dummy) 4687{ 4688 struct sppp *sp; 4689 int s; 4690 4691 s = splimp(); 4692 for (sp=spppq; sp; sp=sp->pp_next) { 4693 struct ifnet *ifp = &sp->pp_if; 4694 4695 /* Keepalive mode disabled or channel down? */ 4696 if (! (sp->pp_flags & PP_KEEPALIVE) || 4697 ! (ifp->if_flags & IFF_RUNNING)) 4698 continue; 4699 4700 /* No keepalive in PPP mode if LCP not opened yet. */ 4701 if (sp->pp_mode != IFF_CISCO && 4702 sp->pp_phase < PHASE_AUTHENTICATE) 4703 continue; 4704 4705 if (sp->pp_alivecnt == MAXALIVECNT) { 4706 /* No keepalive packets got. Stop the interface. */ 4707 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4708 if_down (ifp); 4709 sppp_qflush (&sp->pp_cpq); 4710 if (sp->pp_mode != IFF_CISCO) { 4711 /* XXX */ 4712 /* Shut down the PPP link. */ 4713 lcp.Down(sp); 4714 /* Initiate negotiation. XXX */ 4715 lcp.Up(sp); 4716 } 4717 } 4718 if (sp->pp_alivecnt <= MAXALIVECNT) 4719 ++sp->pp_alivecnt; 4720 if (sp->pp_mode == IFF_CISCO) 4721 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4722 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4723 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4724 long nmagic = htonl (sp->lcp.magic); 4725 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4726 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4727 sp->lcp.echoid, 4, &nmagic); 4728 } 4729 } 4730 splx(s); 4731 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 4732} 4733 4734/* 4735 * Get both IP addresses. 4736 */ 4737static void 4738sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4739{ 4740 struct ifnet *ifp = &sp->pp_if; 4741 struct ifaddr *ifa; 4742 struct sockaddr_in *si, *sm; 4743 u_long ssrc, ddst; 4744 4745 sm = NULL; 4746 ssrc = ddst = 0L; 4747 /* 4748 * Pick the first AF_INET address from the list, 4749 * aliases don't make any sense on a p2p link anyway. 4750 */ 4751 si = 0; 4752#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4753 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4754#elif defined(__NetBSD__) || defined (__OpenBSD__) 4755 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4756 ifa; 4757 ifa = TAILQ_NEXT(ifa, ifa_list)) 4758#else 4759 for (ifa = ifp->if_addrlist; 4760 ifa; 4761 ifa = ifa->ifa_next) 4762#endif 4763 if (ifa->ifa_addr->sa_family == AF_INET) { 4764 si = (struct sockaddr_in *)ifa->ifa_addr; 4765 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4766 if (si) 4767 break; 4768 } 4769 if (ifa) { 4770 if (si && si->sin_addr.s_addr) { 4771 ssrc = si->sin_addr.s_addr; 4772 if (srcmask) 4773 *srcmask = ntohl(sm->sin_addr.s_addr); 4774 } 4775 4776 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4777 if (si && si->sin_addr.s_addr) 4778 ddst = si->sin_addr.s_addr; 4779 } 4780 4781 if (dst) *dst = ntohl(ddst); 4782 if (src) *src = ntohl(ssrc); 4783} 4784 4785/* 4786 * Set my IP address. Must be called at splimp. 4787 */ 4788static void 4789sppp_set_ip_addr(struct sppp *sp, u_long src) 4790{ 4791 STDDCL; 4792 struct ifaddr *ifa; 4793 struct sockaddr_in *si; 4794 struct in_ifaddr *ia; 4795 4796 /* 4797 * Pick the first AF_INET address from the list, 4798 * aliases don't make any sense on a p2p link anyway. 4799 */ 4800 si = 0; 4801#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4802 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4803#elif defined(__NetBSD__) || defined (__OpenBSD__) 4804 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4805 ifa; 4806 ifa = TAILQ_NEXT(ifa, ifa_list)) 4807#else 4808 for (ifa = ifp->if_addrlist; 4809 ifa; 4810 ifa = ifa->ifa_next) 4811#endif 4812 { 4813 if (ifa->ifa_addr->sa_family == AF_INET) 4814 { 4815 si = (struct sockaddr_in *)ifa->ifa_addr; 4816 if (si) 4817 break; 4818 } 4819 } 4820 4821 if (ifa && si) 4822 { 4823 int error; 4824#if __NetBSD_Version__ >= 103080000 4825 struct sockaddr_in new_sin = *si; 4826 4827 new_sin.sin_addr.s_addr = htonl(src); 4828 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4829 if(debug && error) 4830 { 4831 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4832 " failed, error=%d\n", SPP_ARGS(ifp), error); 4833 } 4834#else 4835 /* delete old route */ 4836 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4837 if(debug && error) 4838 { 4839 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4840 SPP_ARGS(ifp), error); 4841 } 4842 4843 /* set new address */ 4844 si->sin_addr.s_addr = htonl(src); 4845 ia = ifatoia(ifa); 4846 LIST_REMOVE(ia, ia_hash); 4847 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4848 4849 /* add new route */ 4850 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4851 if (debug && error) 4852 { 4853 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4854 SPP_ARGS(ifp), error); 4855 } 4856#endif 4857 } 4858} 4859 4860#ifdef INET6 4861/* 4862 * Get both IPv6 addresses. 4863 */ 4864static void 4865sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4866 struct in6_addr *srcmask) 4867{ 4868 struct ifnet *ifp = &sp->pp_if; 4869 struct ifaddr *ifa; 4870 struct sockaddr_in6 *si, *sm; 4871 struct in6_addr ssrc, ddst; 4872 4873 sm = NULL; 4874 bzero(&ssrc, sizeof(ssrc)); 4875 bzero(&ddst, sizeof(ddst)); 4876 /* 4877 * Pick the first link-local AF_INET6 address from the list, 4878 * aliases don't make any sense on a p2p link anyway. 4879 */ 4880#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4881 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 4882 ifa; 4883 ifa = ifa->ifa_link.tqe_next) 4884#elif defined(__NetBSD__) || defined (__OpenBSD__) 4885 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 4886 ifa; 4887 ifa = ifa->ifa_list.tqe_next) 4888#else 4889 for (ifa = ifp->if_addrlist, si = 0; 4890 ifa; 4891 ifa = ifa->ifa_next) 4892#endif 4893 if (ifa->ifa_addr->sa_family == AF_INET6) { 4894 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4895 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4896 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4897 break; 4898 } 4899 if (ifa) { 4900 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4901 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4902 if (srcmask) { 4903 bcopy(&sm->sin6_addr, srcmask, 4904 sizeof(*srcmask)); 4905 } 4906 } 4907 4908 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4909 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4910 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4911 } 4912 4913 if (dst) 4914 bcopy(&ddst, dst, sizeof(*dst)); 4915 if (src) 4916 bcopy(&ssrc, src, sizeof(*src)); 4917} 4918 4919#ifdef IPV6CP_MYIFID_DYN 4920/* 4921 * Generate random ifid. 4922 */ 4923static void 4924sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4925{ 4926 /* TBD */ 4927} 4928 4929/* 4930 * Set my IPv6 address. Must be called at splimp. 4931 */ 4932static void 4933sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4934{ 4935 STDDCL; 4936 struct ifaddr *ifa; 4937 struct sockaddr_in6 *sin6; 4938 4939 /* 4940 * Pick the first link-local AF_INET6 address from the list, 4941 * aliases don't make any sense on a p2p link anyway. 4942 */ 4943 4944 sin6 = NULL; 4945#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4946 for (ifa = ifp->if_addrhead.tqh_first; 4947 ifa; 4948 ifa = ifa->ifa_link.tqe_next) 4949#elif defined(__NetBSD__) || defined (__OpenBSD__) 4950 for (ifa = ifp->if_addrlist.tqh_first; 4951 ifa; 4952 ifa = ifa->ifa_list.tqe_next) 4953#else 4954 for (ifa = ifp->if_addrlist; ifa; ifa = ifa->ifa_next) 4955#endif 4956 { 4957 if (ifa->ifa_addr->sa_family == AF_INET6) 4958 { 4959 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 4960 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 4961 break; 4962 } 4963 } 4964 4965 if (ifa && sin6) 4966 { 4967 int error; 4968 struct sockaddr_in6 new_sin6 = *sin6; 4969 4970 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 4971 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 4972 if (debug && error) 4973 { 4974 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 4975 " failed, error=%d\n", SPP_ARGS(ifp), error); 4976 } 4977 } 4978} 4979#endif 4980 4981/* 4982 * Suggest a candidate address to be used by peer. 4983 */ 4984static void 4985sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4986{ 4987 struct in6_addr myaddr; 4988 struct timeval tv; 4989 4990 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4991 4992 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4993 microtime(&tv); 4994 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 4995 myaddr.s6_addr[14] ^= 0xff; 4996 myaddr.s6_addr[15] ^= 0xff; 4997 } else { 4998 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 4999 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5000 } 5001 if (suggest) 5002 bcopy(&myaddr, suggest, sizeof(myaddr)); 5003} 5004#endif /*INET6*/ 5005 5006static int 5007sppp_params(struct sppp *sp, u_long cmd, void *data) 5008{ 5009 u_long subcmd; 5010 struct ifreq *ifr = (struct ifreq *)data; 5011 struct spppreq *spr; 5012 int rv = 0; 5013 5014 if ((spr = malloc(sizeof(struct spppreq), M_TEMP, M_NOWAIT)) == 0) 5015 return (EAGAIN); 5016 /* 5017 * ifr->ifr_data is supposed to point to a struct spppreq. 5018 * Check the cmd word first before attempting to fetch all the 5019 * data. 5020 */ 5021 if ((subcmd = fuword(ifr->ifr_data)) == -1) { 5022 rv = EFAULT; 5023 goto quit; 5024 } 5025 5026 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(struct spppreq)) != 0) { 5027 rv = EFAULT; 5028 goto quit; 5029 } 5030 5031 switch (subcmd) { 5032 case (int)SPPPIOGDEFS: 5033 if (cmd != SIOCGIFGENERIC) { 5034 rv = EINVAL; 5035 break; 5036 } 5037 /* 5038 * We copy over the entire current state, but clean 5039 * out some of the stuff we don't wanna pass up. 5040 * Remember, SIOCGIFGENERIC is unprotected, and can be 5041 * called by any user. No need to ever get PAP or 5042 * CHAP secrets back to userland anyway. 5043 */ 5044 spr->defs.pp_phase = sp->pp_phase; 5045 spr->defs.enable_vj = (sp->confflags & CONF_ENABLE_VJ) != 0; 5046 spr->defs.enable_ipv6 = (sp->confflags & CONF_ENABLE_IPV6) != 0; 5047 spr->defs.lcp = sp->lcp; 5048 spr->defs.ipcp = sp->ipcp; 5049 spr->defs.ipv6cp = sp->ipv6cp; 5050 spr->defs.myauth = sp->myauth; 5051 spr->defs.hisauth = sp->hisauth; 5052 bzero(spr->defs.myauth.secret, AUTHKEYLEN); 5053 bzero(spr->defs.myauth.challenge, AUTHKEYLEN); 5054 bzero(spr->defs.hisauth.secret, AUTHKEYLEN); 5055 bzero(spr->defs.hisauth.challenge, AUTHKEYLEN); 5056 /* 5057 * Fixup the LCP timeout value to milliseconds so 5058 * spppcontrol doesn't need to bother about the value 5059 * of "hz". We do the reverse calculation below when 5060 * setting it. 5061 */ 5062 spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz; 5063 rv = copyout(spr, (caddr_t)ifr->ifr_data, 5064 sizeof(struct spppreq)); 5065 break; 5066 5067 case (int)SPPPIOSDEFS: 5068 if (cmd != SIOCSIFGENERIC) { 5069 rv = EINVAL; 5070 break; 5071 } 5072 /* 5073 * We have a very specific idea of which fields we 5074 * allow being passed back from userland, so to not 5075 * clobber our current state. For one, we only allow 5076 * setting anything if LCP is in dead or establish 5077 * phase. Once the authentication negotiations 5078 * started, the authentication settings must not be 5079 * changed again. (The administrator can force an 5080 * ifconfig down in order to get LCP back into dead 5081 * phase.) 5082 * 5083 * Also, we only allow for authentication parameters to be 5084 * specified. 5085 * 5086 * XXX Should allow to set or clear pp_flags. 5087 * 5088 * Finally, if the respective authentication protocol to 5089 * be used is set differently than 0, but the secret is 5090 * passed as all zeros, we don't trash the existing secret. 5091 * This allows an administrator to change the system name 5092 * only without clobbering the secret (which he didn't get 5093 * back in a previous SPPPIOGDEFS call). However, the 5094 * secrets are cleared if the authentication protocol is 5095 * reset to 0. */ 5096 if (sp->pp_phase != PHASE_DEAD && 5097 sp->pp_phase != PHASE_ESTABLISH) { 5098 rv = EBUSY; 5099 break; 5100 } 5101 5102 if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP && 5103 spr->defs.myauth.proto != PPP_CHAP) || 5104 (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP && 5105 spr->defs.hisauth.proto != PPP_CHAP)) { 5106 rv = EINVAL; 5107 break; 5108 } 5109 5110 if (spr->defs.myauth.proto == 0) 5111 /* resetting myauth */ 5112 bzero(&sp->myauth, sizeof sp->myauth); 5113 else { 5114 /* setting/changing myauth */ 5115 sp->myauth.proto = spr->defs.myauth.proto; 5116 bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 5117 if (spr->defs.myauth.secret[0] != '\0') 5118 bcopy(spr->defs.myauth.secret, sp->myauth.secret, 5119 AUTHKEYLEN); 5120 } 5121 if (spr->defs.hisauth.proto == 0) 5122 /* resetting hisauth */ 5123 bzero(&sp->hisauth, sizeof sp->hisauth); 5124 else { 5125 /* setting/changing hisauth */ 5126 sp->hisauth.proto = spr->defs.hisauth.proto; 5127 sp->hisauth.flags = spr->defs.hisauth.flags; 5128 bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5129 if (spr->defs.hisauth.secret[0] != '\0') 5130 bcopy(spr->defs.hisauth.secret, sp->hisauth.secret, 5131 AUTHKEYLEN); 5132 } 5133 /* set LCP restart timer timeout */ 5134 if (spr->defs.lcp.timeout != 0) 5135 sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000; 5136 /* set VJ enable and IPv6 disable flags */ 5137#ifdef INET 5138 if (spr->defs.enable_vj) 5139 sp->confflags |= CONF_ENABLE_VJ; 5140 else 5141 sp->confflags &= ~CONF_ENABLE_VJ; 5142#endif 5143#ifdef INET6 5144 if (spr->defs.enable_ipv6) 5145 sp->confflags |= CONF_ENABLE_IPV6; 5146 else 5147 sp->confflags &= ~CONF_ENABLE_IPV6; 5148#endif 5149 break; 5150 5151 default: 5152 rv = EINVAL; 5153 } 5154 5155 quit: 5156 free(spr, M_TEMP); 5157 5158 return (rv); 5159} 5160 5161static void 5162sppp_phase_network(struct sppp *sp) 5163{ 5164 STDDCL; 5165 int i; 5166 u_long mask; 5167 5168 sp->pp_phase = PHASE_NETWORK; 5169 5170 if (debug) 5171 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5172 sppp_phase_name(sp->pp_phase)); 5173 5174 /* Notify NCPs now. */ 5175 for (i = 0; i < IDX_COUNT; i++) 5176 if ((cps[i])->flags & CP_NCP) 5177 (cps[i])->Open(sp); 5178 5179 /* Send Up events to all NCPs. */ 5180 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5181 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5182 (cps[i])->Up(sp); 5183 5184 /* if no NCP is starting, all this was in vain, close down */ 5185 sppp_lcp_check_and_close(sp); 5186} 5187 5188 5189static const char * 5190sppp_cp_type_name(u_char type) 5191{ 5192 static char buf[12]; 5193 switch (type) { 5194 case CONF_REQ: return "conf-req"; 5195 case CONF_ACK: return "conf-ack"; 5196 case CONF_NAK: return "conf-nak"; 5197 case CONF_REJ: return "conf-rej"; 5198 case TERM_REQ: return "term-req"; 5199 case TERM_ACK: return "term-ack"; 5200 case CODE_REJ: return "code-rej"; 5201 case PROTO_REJ: return "proto-rej"; 5202 case ECHO_REQ: return "echo-req"; 5203 case ECHO_REPLY: return "echo-reply"; 5204 case DISC_REQ: return "discard-req"; 5205 } 5206 snprintf (buf, sizeof(buf), "cp/0x%x", type); 5207 return buf; 5208} 5209 5210static const char * 5211sppp_auth_type_name(u_short proto, u_char type) 5212{ 5213 static char buf[12]; 5214 switch (proto) { 5215 case PPP_CHAP: 5216 switch (type) { 5217 case CHAP_CHALLENGE: return "challenge"; 5218 case CHAP_RESPONSE: return "response"; 5219 case CHAP_SUCCESS: return "success"; 5220 case CHAP_FAILURE: return "failure"; 5221 } 5222 case PPP_PAP: 5223 switch (type) { 5224 case PAP_REQ: return "req"; 5225 case PAP_ACK: return "ack"; 5226 case PAP_NAK: return "nak"; 5227 } 5228 } 5229 snprintf (buf, sizeof(buf), "auth/0x%x", type); 5230 return buf; 5231} 5232 5233static const char * 5234sppp_lcp_opt_name(u_char opt) 5235{ 5236 static char buf[12]; 5237 switch (opt) { 5238 case LCP_OPT_MRU: return "mru"; 5239 case LCP_OPT_ASYNC_MAP: return "async-map"; 5240 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5241 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5242 case LCP_OPT_MAGIC: return "magic"; 5243 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5244 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5245 } 5246 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 5247 return buf; 5248} 5249 5250static const char * 5251sppp_ipcp_opt_name(u_char opt) 5252{ 5253 static char buf[12]; 5254 switch (opt) { 5255 case IPCP_OPT_ADDRESSES: return "addresses"; 5256 case IPCP_OPT_COMPRESSION: return "compression"; 5257 case IPCP_OPT_ADDRESS: return "address"; 5258 } 5259 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 5260 return buf; 5261} 5262 5263#ifdef INET6 5264static const char * 5265sppp_ipv6cp_opt_name(u_char opt) 5266{ 5267 static char buf[12]; 5268 switch (opt) { 5269 case IPV6CP_OPT_IFID: return "ifid"; 5270 case IPV6CP_OPT_COMPRESSION: return "compression"; 5271 } 5272 sprintf (buf, "0x%x", opt); 5273 return buf; 5274} 5275#endif 5276 5277static const char * 5278sppp_state_name(int state) 5279{ 5280 switch (state) { 5281 case STATE_INITIAL: return "initial"; 5282 case STATE_STARTING: return "starting"; 5283 case STATE_CLOSED: return "closed"; 5284 case STATE_STOPPED: return "stopped"; 5285 case STATE_CLOSING: return "closing"; 5286 case STATE_STOPPING: return "stopping"; 5287 case STATE_REQ_SENT: return "req-sent"; 5288 case STATE_ACK_RCVD: return "ack-rcvd"; 5289 case STATE_ACK_SENT: return "ack-sent"; 5290 case STATE_OPENED: return "opened"; 5291 } 5292 return "illegal"; 5293} 5294 5295static const char * 5296sppp_phase_name(enum ppp_phase phase) 5297{ 5298 switch (phase) { 5299 case PHASE_DEAD: return "dead"; 5300 case PHASE_ESTABLISH: return "establish"; 5301 case PHASE_TERMINATE: return "terminate"; 5302 case PHASE_AUTHENTICATE: return "authenticate"; 5303 case PHASE_NETWORK: return "network"; 5304 } 5305 return "illegal"; 5306} 5307 5308static const char * 5309sppp_proto_name(u_short proto) 5310{ 5311 static char buf[12]; 5312 switch (proto) { 5313 case PPP_LCP: return "lcp"; 5314 case PPP_IPCP: return "ipcp"; 5315 case PPP_PAP: return "pap"; 5316 case PPP_CHAP: return "chap"; 5317 case PPP_IPV6CP: return "ipv6cp"; 5318 } 5319 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5320 return buf; 5321} 5322 5323static void 5324sppp_print_bytes(const u_char *p, u_short len) 5325{ 5326 if (len) 5327 log(-1, " %*D", len, p, "-"); 5328} 5329 5330static void 5331sppp_print_string(const char *p, u_short len) 5332{ 5333 u_char c; 5334 5335 while (len-- > 0) { 5336 c = *p++; 5337 /* 5338 * Print only ASCII chars directly. RFC 1994 recommends 5339 * using only them, but we don't rely on it. */ 5340 if (c < ' ' || c > '~') 5341 log(-1, "\\x%x", c); 5342 else 5343 log(-1, "%c", c); 5344 } 5345} 5346 5347static const char * 5348sppp_dotted_quad(u_long addr) 5349{ 5350 static char s[16]; 5351 sprintf(s, "%d.%d.%d.%d", 5352 (int)((addr >> 24) & 0xff), 5353 (int)((addr >> 16) & 0xff), 5354 (int)((addr >> 8) & 0xff), 5355 (int)(addr & 0xff)); 5356 return s; 5357} 5358 5359static int 5360sppp_strnlen(u_char *p, int max) 5361{ 5362 int len; 5363 5364 for (len = 0; len < max && *p; ++p) 5365 ++len; 5366 return len; 5367} 5368 5369/* a dummy, used to drop uninteresting events */ 5370static void 5371sppp_null(struct sppp *unused) 5372{ 5373 /* do just nothing */ 5374} 5375