if_spppsubr.c revision 190818
1/* 2 * Synchronous PPP/Cisco/Frame Relay link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 */ 5/*- 6 * Copyright (C) 1994-2000 Cronyx Engineering. 7 * Author: Serge Vakulenko, <vak@cronyx.ru> 8 * 9 * Heavily revamped to conform to RFC 1661. 10 * Copyright (C) 1997, 2001 Joerg Wunsch. 11 * 12 * This software is distributed with NO WARRANTIES, not even the implied 13 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 14 * 15 * Authors grant any other persons or organisations permission to use 16 * or modify this software as long as this message is kept with the software, 17 * all derivative works or modified versions. 18 * 19 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 20 * 21 * $FreeBSD: head/sys/net/if_spppsubr.c 190818 2009-04-07 19:35:20Z ed $ 22 */ 23 24#include <sys/param.h> 25 26#include "opt_inet.h" 27#include "opt_inet6.h" 28#include "opt_ipx.h" 29 30#include <sys/systm.h> 31#include <sys/kernel.h> 32#include <sys/module.h> 33#include <sys/sockio.h> 34#include <sys/socket.h> 35#include <sys/syslog.h> 36#include <sys/random.h> 37#include <sys/malloc.h> 38#include <sys/mbuf.h> 39#include <sys/vimage.h> 40 41#include <sys/md5.h> 42 43#include <net/if.h> 44#include <net/netisr.h> 45#include <net/if_types.h> 46#include <net/route.h> 47#include <netinet/in.h> 48#include <netinet/in_systm.h> 49#include <netinet/ip.h> 50#include <net/slcompress.h> 51 52#include <machine/stdarg.h> 53 54#include <netinet/in_var.h> 55 56#ifdef INET 57#include <netinet/ip.h> 58#include <netinet/tcp.h> 59#include <netinet/vinet.h> 60#endif 61 62#ifdef INET6 63#include <netinet6/scope6_var.h> 64#endif 65 66#include <netinet/if_ether.h> 67 68#ifdef IPX 69#include <netipx/ipx.h> 70#include <netipx/ipx_if.h> 71#endif 72 73#include <net/if_sppp.h> 74 75#define IOCTL_CMD_T u_long 76#define MAXALIVECNT 3 /* max. alive packets */ 77 78/* 79 * Interface flags that can be set in an ifconfig command. 80 * 81 * Setting link0 will make the link passive, i.e. it will be marked 82 * as being administrative openable, but won't be opened to begin 83 * with. Incoming calls will be answered, or subsequent calls with 84 * -link1 will cause the administrative open of the LCP layer. 85 * 86 * Setting link1 will cause the link to auto-dial only as packets 87 * arrive to be sent. 88 * 89 * Setting IFF_DEBUG will syslog the option negotiation and state 90 * transitions at level kern.debug. Note: all logs consistently look 91 * like 92 * 93 * <if-name><unit>: <proto-name> <additional info...> 94 * 95 * with <if-name><unit> being something like "bppp0", and <proto-name> 96 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 97 */ 98 99#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 100#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 101#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 102 103#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 104#define PPP_UI 0x03 /* Unnumbered Information */ 105#define PPP_IP 0x0021 /* Internet Protocol */ 106#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 107#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 108#define PPP_IPX 0x002b /* Novell IPX Protocol */ 109#define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */ 110#define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */ 111#define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 112#define PPP_LCP 0xc021 /* Link Control Protocol */ 113#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 114#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 115#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 116#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 117 118#define CONF_REQ 1 /* PPP configure request */ 119#define CONF_ACK 2 /* PPP configure acknowledge */ 120#define CONF_NAK 3 /* PPP configure negative ack */ 121#define CONF_REJ 4 /* PPP configure reject */ 122#define TERM_REQ 5 /* PPP terminate request */ 123#define TERM_ACK 6 /* PPP terminate acknowledge */ 124#define CODE_REJ 7 /* PPP code reject */ 125#define PROTO_REJ 8 /* PPP protocol reject */ 126#define ECHO_REQ 9 /* PPP echo request */ 127#define ECHO_REPLY 10 /* PPP echo reply */ 128#define DISC_REQ 11 /* PPP discard request */ 129 130#define LCP_OPT_MRU 1 /* maximum receive unit */ 131#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 132#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 133#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 134#define LCP_OPT_MAGIC 5 /* magic number */ 135#define LCP_OPT_RESERVED 6 /* reserved */ 136#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 137#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 138 139#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 140#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 141#define IPCP_OPT_ADDRESS 3 /* local IP address */ 142 143#define IPV6CP_OPT_IFID 1 /* interface identifier */ 144#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 145 146#define IPCP_COMP_VJ 0x2d /* Code for VJ compression */ 147 148#define PAP_REQ 1 /* PAP name/password request */ 149#define PAP_ACK 2 /* PAP acknowledge */ 150#define PAP_NAK 3 /* PAP fail */ 151 152#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 153#define CHAP_RESPONSE 2 /* CHAP challenge response */ 154#define CHAP_SUCCESS 3 /* CHAP response ok */ 155#define CHAP_FAILURE 4 /* CHAP response failed */ 156 157#define CHAP_MD5 5 /* hash algorithm - MD5 */ 158 159#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 160#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 161#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 162#define CISCO_ADDR_REQ 0 /* Cisco address request */ 163#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 164#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 165 166/* states are named and numbered according to RFC 1661 */ 167#define STATE_INITIAL 0 168#define STATE_STARTING 1 169#define STATE_CLOSED 2 170#define STATE_STOPPED 3 171#define STATE_CLOSING 4 172#define STATE_STOPPING 5 173#define STATE_REQ_SENT 6 174#define STATE_ACK_RCVD 7 175#define STATE_ACK_SENT 8 176#define STATE_OPENED 9 177 178MALLOC_DEFINE(M_SPPP, "sppp", "synchronous PPP interface internals"); 179 180struct ppp_header { 181 u_char address; 182 u_char control; 183 u_short protocol; 184} __packed; 185#define PPP_HEADER_LEN sizeof (struct ppp_header) 186 187struct lcp_header { 188 u_char type; 189 u_char ident; 190 u_short len; 191} __packed; 192#define LCP_HEADER_LEN sizeof (struct lcp_header) 193 194struct cisco_packet { 195 u_long type; 196 u_long par1; 197 u_long par2; 198 u_short rel; 199 u_short time0; 200 u_short time1; 201} __packed; 202#define CISCO_PACKET_LEN sizeof (struct cisco_packet) 203 204/* 205 * We follow the spelling and capitalization of RFC 1661 here, to make 206 * it easier comparing with the standard. Please refer to this RFC in 207 * case you can't make sense out of these abbreviation; it will also 208 * explain the semantics related to the various events and actions. 209 */ 210struct cp { 211 u_short proto; /* PPP control protocol number */ 212 u_char protoidx; /* index into state table in struct sppp */ 213 u_char flags; 214#define CP_LCP 0x01 /* this is the LCP */ 215#define CP_AUTH 0x02 /* this is an authentication protocol */ 216#define CP_NCP 0x04 /* this is a NCP */ 217#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 218 const char *name; /* name of this control protocol */ 219 /* event handlers */ 220 void (*Up)(struct sppp *sp); 221 void (*Down)(struct sppp *sp); 222 void (*Open)(struct sppp *sp); 223 void (*Close)(struct sppp *sp); 224 void (*TO)(void *sp); 225 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 226 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 227 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 228 /* actions */ 229 void (*tlu)(struct sppp *sp); 230 void (*tld)(struct sppp *sp); 231 void (*tls)(struct sppp *sp); 232 void (*tlf)(struct sppp *sp); 233 void (*scr)(struct sppp *sp); 234}; 235 236#define SPP_FMT "%s: " 237#define SPP_ARGS(ifp) (ifp)->if_xname 238 239#define SPPP_LOCK(sp) mtx_lock (&(sp)->mtx) 240#define SPPP_UNLOCK(sp) mtx_unlock (&(sp)->mtx) 241#define SPPP_LOCK_ASSERT(sp) mtx_assert (&(sp)->mtx, MA_OWNED) 242#define SPPP_LOCK_OWNED(sp) mtx_owned (&(sp)->mtx) 243 244#ifdef INET 245/* 246 * The following disgusting hack gets around the problem that IP TOS 247 * can't be set yet. We want to put "interactive" traffic on a high 248 * priority queue. To decide if traffic is interactive, we check that 249 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 250 * 251 * XXX is this really still necessary? - joerg - 252 */ 253static const u_short interactive_ports[8] = { 254 0, 513, 0, 0, 255 0, 21, 0, 23, 256}; 257#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 258#endif 259 260/* almost every function needs these */ 261#define STDDCL \ 262 struct ifnet *ifp = SP2IFP(sp); \ 263 int debug = ifp->if_flags & IFF_DEBUG 264 265static int sppp_output(struct ifnet *ifp, struct mbuf *m, 266 struct sockaddr *dst, struct rtentry *rt); 267 268static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 269static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 270 271static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 272 struct mbuf *m); 273static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 274 u_char ident, u_short len, void *data); 275/* static void sppp_cp_timeout(void *arg); */ 276static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 277 int newstate); 278static void sppp_auth_send(const struct cp *cp, 279 struct sppp *sp, unsigned int type, unsigned int id, 280 ...); 281 282static void sppp_up_event(const struct cp *cp, struct sppp *sp); 283static void sppp_down_event(const struct cp *cp, struct sppp *sp); 284static void sppp_open_event(const struct cp *cp, struct sppp *sp); 285static void sppp_close_event(const struct cp *cp, struct sppp *sp); 286static void sppp_to_event(const struct cp *cp, struct sppp *sp); 287 288static void sppp_null(struct sppp *sp); 289 290static void sppp_pp_up(struct sppp *sp); 291static void sppp_pp_down(struct sppp *sp); 292 293static void sppp_lcp_init(struct sppp *sp); 294static void sppp_lcp_up(struct sppp *sp); 295static void sppp_lcp_down(struct sppp *sp); 296static void sppp_lcp_open(struct sppp *sp); 297static void sppp_lcp_close(struct sppp *sp); 298static void sppp_lcp_TO(void *sp); 299static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 300static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 301static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 302static void sppp_lcp_tlu(struct sppp *sp); 303static void sppp_lcp_tld(struct sppp *sp); 304static void sppp_lcp_tls(struct sppp *sp); 305static void sppp_lcp_tlf(struct sppp *sp); 306static void sppp_lcp_scr(struct sppp *sp); 307static void sppp_lcp_check_and_close(struct sppp *sp); 308static int sppp_ncp_check(struct sppp *sp); 309 310static void sppp_ipcp_init(struct sppp *sp); 311static void sppp_ipcp_up(struct sppp *sp); 312static void sppp_ipcp_down(struct sppp *sp); 313static void sppp_ipcp_open(struct sppp *sp); 314static void sppp_ipcp_close(struct sppp *sp); 315static void sppp_ipcp_TO(void *sp); 316static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 317static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 318static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 319static void sppp_ipcp_tlu(struct sppp *sp); 320static void sppp_ipcp_tld(struct sppp *sp); 321static void sppp_ipcp_tls(struct sppp *sp); 322static void sppp_ipcp_tlf(struct sppp *sp); 323static void sppp_ipcp_scr(struct sppp *sp); 324 325static void sppp_ipv6cp_init(struct sppp *sp); 326static void sppp_ipv6cp_up(struct sppp *sp); 327static void sppp_ipv6cp_down(struct sppp *sp); 328static void sppp_ipv6cp_open(struct sppp *sp); 329static void sppp_ipv6cp_close(struct sppp *sp); 330static void sppp_ipv6cp_TO(void *sp); 331static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 332static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 333static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 334static void sppp_ipv6cp_tlu(struct sppp *sp); 335static void sppp_ipv6cp_tld(struct sppp *sp); 336static void sppp_ipv6cp_tls(struct sppp *sp); 337static void sppp_ipv6cp_tlf(struct sppp *sp); 338static void sppp_ipv6cp_scr(struct sppp *sp); 339 340static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 341static void sppp_pap_init(struct sppp *sp); 342static void sppp_pap_open(struct sppp *sp); 343static void sppp_pap_close(struct sppp *sp); 344static void sppp_pap_TO(void *sp); 345static void sppp_pap_my_TO(void *sp); 346static void sppp_pap_tlu(struct sppp *sp); 347static void sppp_pap_tld(struct sppp *sp); 348static void sppp_pap_scr(struct sppp *sp); 349 350static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 351static void sppp_chap_init(struct sppp *sp); 352static void sppp_chap_open(struct sppp *sp); 353static void sppp_chap_close(struct sppp *sp); 354static void sppp_chap_TO(void *sp); 355static void sppp_chap_tlu(struct sppp *sp); 356static void sppp_chap_tld(struct sppp *sp); 357static void sppp_chap_scr(struct sppp *sp); 358 359static const char *sppp_auth_type_name(u_short proto, u_char type); 360static const char *sppp_cp_type_name(u_char type); 361#ifdef INET 362static const char *sppp_dotted_quad(u_long addr); 363static const char *sppp_ipcp_opt_name(u_char opt); 364#endif 365#ifdef INET6 366static const char *sppp_ipv6cp_opt_name(u_char opt); 367#endif 368static const char *sppp_lcp_opt_name(u_char opt); 369static const char *sppp_phase_name(enum ppp_phase phase); 370static const char *sppp_proto_name(u_short proto); 371static const char *sppp_state_name(int state); 372static int sppp_params(struct sppp *sp, u_long cmd, void *data); 373static int sppp_strnlen(u_char *p, int max); 374static void sppp_keepalive(void *dummy); 375static void sppp_phase_network(struct sppp *sp); 376static void sppp_print_bytes(const u_char *p, u_short len); 377static void sppp_print_string(const char *p, u_short len); 378static void sppp_qflush(struct ifqueue *ifq); 379#ifdef INET 380static void sppp_set_ip_addr(struct sppp *sp, u_long src); 381#endif 382#ifdef INET6 383static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 384 struct in6_addr *dst, struct in6_addr *srcmask); 385#ifdef IPV6CP_MYIFID_DYN 386static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 387static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 388#endif 389static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 390#endif 391 392/* if_start () wrapper */ 393static void sppp_ifstart (struct ifnet *ifp); 394 395/* our control protocol descriptors */ 396static const struct cp lcp = { 397 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 398 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 399 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 400 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 401 sppp_lcp_scr 402}; 403 404static const struct cp ipcp = { 405 PPP_IPCP, IDX_IPCP, 406#ifdef INET /* don't run IPCP if there's no IPv4 support */ 407 CP_NCP, 408#else 409 0, 410#endif 411 "ipcp", 412 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 413 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 414 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 415 sppp_ipcp_scr 416}; 417 418static const struct cp ipv6cp = { 419 PPP_IPV6CP, IDX_IPV6CP, 420#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 421 CP_NCP, 422#else 423 0, 424#endif 425 "ipv6cp", 426 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 427 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 428 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 429 sppp_ipv6cp_scr 430}; 431 432static const struct cp pap = { 433 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 434 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 435 sppp_pap_TO, 0, 0, 0, 436 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 437 sppp_pap_scr 438}; 439 440static const struct cp chap = { 441 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 442 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 443 sppp_chap_TO, 0, 0, 0, 444 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 445 sppp_chap_scr 446}; 447 448static const struct cp *cps[IDX_COUNT] = { 449 &lcp, /* IDX_LCP */ 450 &ipcp, /* IDX_IPCP */ 451 &ipv6cp, /* IDX_IPV6CP */ 452 &pap, /* IDX_PAP */ 453 &chap, /* IDX_CHAP */ 454}; 455 456static void* 457sppp_alloc(u_char type, struct ifnet *ifp) 458{ 459 struct sppp *sp; 460 461 sp = malloc(sizeof(struct sppp), M_SPPP, M_WAITOK | M_ZERO); 462 sp->pp_ifp = ifp; 463 464 return (sp); 465} 466 467static void 468sppp_free(void *com, u_char type) 469{ 470 471 free(com, M_SPPP); 472} 473 474static int 475sppp_modevent(module_t mod, int type, void *unused) 476{ 477 switch (type) { 478 case MOD_LOAD: 479 /* 480 * XXX: should probably be IFT_SPPP, but it's fairly 481 * harmless to allocate struct sppp's for non-sppp 482 * interfaces. 483 */ 484 485 if_register_com_alloc(IFT_PPP, sppp_alloc, sppp_free); 486 break; 487 case MOD_UNLOAD: 488 /* if_deregister_com_alloc(IFT_PPP); */ 489 return EACCES; 490 default: 491 return EOPNOTSUPP; 492 } 493 return 0; 494} 495static moduledata_t spppmod = { 496 "sppp", 497 sppp_modevent, 498 0 499}; 500MODULE_VERSION(sppp, 1); 501DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 502 503/* 504 * Exported functions, comprising our interface to the lower layer. 505 */ 506 507/* 508 * Process the received packet. 509 */ 510void 511sppp_input(struct ifnet *ifp, struct mbuf *m) 512{ 513 struct ppp_header *h; 514 int isr = -1; 515 struct sppp *sp = IFP2SP(ifp); 516 int debug, do_account = 0; 517#ifdef INET 518 int hlen, vjlen; 519 u_char *iphdr; 520#endif 521 522 SPPP_LOCK(sp); 523 debug = ifp->if_flags & IFF_DEBUG; 524 525 if (ifp->if_flags & IFF_UP) 526 /* Count received bytes, add FCS and one flag */ 527 ifp->if_ibytes += m->m_pkthdr.len + 3; 528 529 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 530 /* Too small packet, drop it. */ 531 if (debug) 532 log(LOG_DEBUG, 533 SPP_FMT "input packet is too small, %d bytes\n", 534 SPP_ARGS(ifp), m->m_pkthdr.len); 535 drop: 536 m_freem (m); 537 SPPP_UNLOCK(sp); 538 drop2: 539 ++ifp->if_ierrors; 540 ++ifp->if_iqdrops; 541 return; 542 } 543 544 if (sp->pp_mode == PP_FR) { 545 sppp_fr_input (sp, m); 546 SPPP_UNLOCK(sp); 547 return; 548 } 549 550 /* Get PPP header. */ 551 h = mtod (m, struct ppp_header*); 552 m_adj (m, PPP_HEADER_LEN); 553 554 switch (h->address) { 555 case PPP_ALLSTATIONS: 556 if (h->control != PPP_UI) 557 goto invalid; 558 if (sp->pp_mode == IFF_CISCO) { 559 if (debug) 560 log(LOG_DEBUG, 561 SPP_FMT "PPP packet in Cisco mode " 562 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 563 SPP_ARGS(ifp), 564 h->address, h->control, ntohs(h->protocol)); 565 goto drop; 566 } 567 switch (ntohs (h->protocol)) { 568 default: 569 if (debug) 570 log(LOG_DEBUG, 571 SPP_FMT "rejecting protocol " 572 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 573 SPP_ARGS(ifp), 574 h->address, h->control, ntohs(h->protocol)); 575 if (sp->state[IDX_LCP] == STATE_OPENED) 576 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 577 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 578 &h->protocol); 579 ++ifp->if_noproto; 580 goto drop; 581 case PPP_LCP: 582 sppp_cp_input(&lcp, sp, m); 583 m_freem (m); 584 SPPP_UNLOCK(sp); 585 return; 586 case PPP_PAP: 587 if (sp->pp_phase >= PHASE_AUTHENTICATE) 588 sppp_pap_input(sp, m); 589 m_freem (m); 590 SPPP_UNLOCK(sp); 591 return; 592 case PPP_CHAP: 593 if (sp->pp_phase >= PHASE_AUTHENTICATE) 594 sppp_chap_input(sp, m); 595 m_freem (m); 596 SPPP_UNLOCK(sp); 597 return; 598#ifdef INET 599 case PPP_IPCP: 600 if (sp->pp_phase == PHASE_NETWORK) 601 sppp_cp_input(&ipcp, sp, m); 602 m_freem (m); 603 SPPP_UNLOCK(sp); 604 return; 605 case PPP_IP: 606 if (sp->state[IDX_IPCP] == STATE_OPENED) { 607 isr = NETISR_IP; 608 } 609 do_account++; 610 break; 611 case PPP_VJ_COMP: 612 if (sp->state[IDX_IPCP] == STATE_OPENED) { 613 if ((vjlen = 614 sl_uncompress_tcp_core(mtod(m, u_char *), 615 m->m_len, m->m_len, 616 TYPE_COMPRESSED_TCP, 617 sp->pp_comp, 618 &iphdr, &hlen)) <= 0) { 619 if (debug) 620 log(LOG_INFO, 621 SPP_FMT "VJ uncompress failed on compressed packet\n", 622 SPP_ARGS(ifp)); 623 goto drop; 624 } 625 626 /* 627 * Trim the VJ header off the packet, and prepend 628 * the uncompressed IP header (which will usually 629 * end up in two chained mbufs since there's not 630 * enough leading space in the existing mbuf). 631 */ 632 m_adj(m, vjlen); 633 M_PREPEND(m, hlen, M_DONTWAIT); 634 if (m == NULL) { 635 SPPP_UNLOCK(sp); 636 goto drop2; 637 } 638 bcopy(iphdr, mtod(m, u_char *), hlen); 639 isr = NETISR_IP; 640 } 641 do_account++; 642 break; 643 case PPP_VJ_UCOMP: 644 if (sp->state[IDX_IPCP] == STATE_OPENED) { 645 if (sl_uncompress_tcp_core(mtod(m, u_char *), 646 m->m_len, m->m_len, 647 TYPE_UNCOMPRESSED_TCP, 648 sp->pp_comp, 649 &iphdr, &hlen) != 0) { 650 if (debug) 651 log(LOG_INFO, 652 SPP_FMT "VJ uncompress failed on uncompressed packet\n", 653 SPP_ARGS(ifp)); 654 goto drop; 655 } 656 isr = NETISR_IP; 657 } 658 do_account++; 659 break; 660#endif 661#ifdef INET6 662 case PPP_IPV6CP: 663 if (sp->pp_phase == PHASE_NETWORK) 664 sppp_cp_input(&ipv6cp, sp, m); 665 m_freem (m); 666 SPPP_UNLOCK(sp); 667 return; 668 669 case PPP_IPV6: 670 if (sp->state[IDX_IPV6CP] == STATE_OPENED) 671 isr = NETISR_IPV6; 672 do_account++; 673 break; 674#endif 675#ifdef IPX 676 case PPP_IPX: 677 /* IPX IPXCP not implemented yet */ 678 if (sp->pp_phase == PHASE_NETWORK) 679 isr = NETISR_IPX; 680 do_account++; 681 break; 682#endif 683 } 684 break; 685 case CISCO_MULTICAST: 686 case CISCO_UNICAST: 687 /* Don't check the control field here (RFC 1547). */ 688 if (sp->pp_mode != IFF_CISCO) { 689 if (debug) 690 log(LOG_DEBUG, 691 SPP_FMT "Cisco packet in PPP mode " 692 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 693 SPP_ARGS(ifp), 694 h->address, h->control, ntohs(h->protocol)); 695 goto drop; 696 } 697 switch (ntohs (h->protocol)) { 698 default: 699 ++ifp->if_noproto; 700 goto invalid; 701 case CISCO_KEEPALIVE: 702 sppp_cisco_input (sp, m); 703 m_freem (m); 704 SPPP_UNLOCK(sp); 705 return; 706#ifdef INET 707 case ETHERTYPE_IP: 708 isr = NETISR_IP; 709 do_account++; 710 break; 711#endif 712#ifdef INET6 713 case ETHERTYPE_IPV6: 714 isr = NETISR_IPV6; 715 do_account++; 716 break; 717#endif 718#ifdef IPX 719 case ETHERTYPE_IPX: 720 isr = NETISR_IPX; 721 do_account++; 722 break; 723#endif 724 } 725 break; 726 default: /* Invalid PPP packet. */ 727 invalid: 728 if (debug) 729 log(LOG_DEBUG, 730 SPP_FMT "invalid input packet " 731 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 732 SPP_ARGS(ifp), 733 h->address, h->control, ntohs(h->protocol)); 734 goto drop; 735 } 736 737 if (! (ifp->if_flags & IFF_UP) || isr == -1) 738 goto drop; 739 740 SPPP_UNLOCK(sp); 741 /* Check queue. */ 742 if (netisr_queue(isr, m)) { /* (0) on success. */ 743 if (debug) 744 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 745 SPP_ARGS(ifp)); 746 goto drop2; 747 } 748 749 if (do_account) 750 /* 751 * Do only account for network packets, not for control 752 * packets. This is used by some subsystems to detect 753 * idle lines. 754 */ 755 sp->pp_last_recv = time_uptime; 756} 757 758static void 759sppp_ifstart_sched(void *dummy) 760{ 761 struct sppp *sp = dummy; 762 763 sp->if_start(SP2IFP(sp)); 764} 765 766/* if_start () wrapper function. We use it to schedule real if_start () for 767 * execution. We can't call it directly 768 */ 769static void 770sppp_ifstart(struct ifnet *ifp) 771{ 772 struct sppp *sp = IFP2SP(ifp); 773 774 if (SPPP_LOCK_OWNED(sp)) { 775 if (callout_pending(&sp->ifstart_callout)) 776 return; 777 callout_reset(&sp->ifstart_callout, 1, sppp_ifstart_sched, 778 (void *)sp); 779 } else { 780 sp->if_start(ifp); 781 } 782} 783 784/* 785 * Enqueue transmit packet. 786 */ 787static int 788sppp_output(struct ifnet *ifp, struct mbuf *m, 789 struct sockaddr *dst, struct rtentry *rt) 790{ 791 struct sppp *sp = IFP2SP(ifp); 792 struct ppp_header *h; 793 struct ifqueue *ifq = NULL; 794 int s, error, rv = 0; 795#ifdef INET 796 int ipproto = PPP_IP; 797#endif 798 int debug = ifp->if_flags & IFF_DEBUG; 799 800 s = splimp(); 801 SPPP_LOCK(sp); 802 803 if (!(ifp->if_flags & IFF_UP) || 804 (!(ifp->if_flags & IFF_AUTO) && 805 !(ifp->if_drv_flags & IFF_DRV_RUNNING))) { 806#ifdef INET6 807 drop: 808#endif 809 m_freem (m); 810 SPPP_UNLOCK(sp); 811 splx (s); 812 return (ENETDOWN); 813 } 814 815 if ((ifp->if_flags & IFF_AUTO) && 816 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 817#ifdef INET6 818 /* 819 * XXX 820 * 821 * Hack to prevent the initialization-time generated 822 * IPv6 multicast packet to erroneously cause a 823 * dialout event in case IPv6 has been 824 * administratively disabled on that interface. 825 */ 826 if (dst->sa_family == AF_INET6 && 827 !(sp->confflags & CONF_ENABLE_IPV6)) 828 goto drop; 829#endif 830 /* 831 * Interface is not yet running, but auto-dial. Need 832 * to start LCP for it. 833 */ 834 ifp->if_drv_flags |= IFF_DRV_RUNNING; 835 splx(s); 836 lcp.Open(sp); 837 s = splimp(); 838 } 839 840#ifdef INET 841 if (dst->sa_family == AF_INET) { 842 /* XXX Check mbuf length here? */ 843 struct ip *ip = mtod (m, struct ip*); 844 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 845 846 /* 847 * When using dynamic local IP address assignment by using 848 * 0.0.0.0 as a local address, the first TCP session will 849 * not connect because the local TCP checksum is computed 850 * using 0.0.0.0 which will later become our real IP address 851 * so the TCP checksum computed at the remote end will 852 * become invalid. So we 853 * - don't let packets with src ip addr 0 thru 854 * - we flag TCP packets with src ip 0 as an error 855 */ 856 857 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 858 { 859 m_freem(m); 860 SPPP_UNLOCK(sp); 861 splx(s); 862 if(ip->ip_p == IPPROTO_TCP) 863 return(EADDRNOTAVAIL); 864 else 865 return(0); 866 } 867 868 /* 869 * Put low delay, telnet, rlogin and ftp control packets 870 * in front of the queue or let ALTQ take care. 871 */ 872 if (ALTQ_IS_ENABLED(&ifp->if_snd)) 873 ; 874 else if (_IF_QFULL(&sp->pp_fastq)) 875 ; 876 else if (ip->ip_tos & IPTOS_LOWDELAY) 877 ifq = &sp->pp_fastq; 878 else if (m->m_len < sizeof *ip + sizeof *tcp) 879 ; 880 else if (ip->ip_p != IPPROTO_TCP) 881 ; 882 else if (INTERACTIVE (ntohs (tcp->th_sport))) 883 ifq = &sp->pp_fastq; 884 else if (INTERACTIVE (ntohs (tcp->th_dport))) 885 ifq = &sp->pp_fastq; 886 887 /* 888 * Do IP Header compression 889 */ 890 if (sp->pp_mode != IFF_CISCO && sp->pp_mode != PP_FR && 891 (sp->ipcp.flags & IPCP_VJ) && ip->ip_p == IPPROTO_TCP) 892 switch (sl_compress_tcp(m, ip, sp->pp_comp, 893 sp->ipcp.compress_cid)) { 894 case TYPE_COMPRESSED_TCP: 895 ipproto = PPP_VJ_COMP; 896 break; 897 case TYPE_UNCOMPRESSED_TCP: 898 ipproto = PPP_VJ_UCOMP; 899 break; 900 case TYPE_IP: 901 ipproto = PPP_IP; 902 break; 903 default: 904 m_freem(m); 905 SPPP_UNLOCK(sp); 906 splx(s); 907 return (EINVAL); 908 } 909 } 910#endif 911 912#ifdef INET6 913 if (dst->sa_family == AF_INET6) { 914 /* XXX do something tricky here? */ 915 } 916#endif 917 918 if (sp->pp_mode == PP_FR) { 919 /* Add frame relay header. */ 920 m = sppp_fr_header (sp, m, dst->sa_family); 921 if (! m) 922 goto nobufs; 923 goto out; 924 } 925 926 /* 927 * Prepend general data packet PPP header. For now, IP only. 928 */ 929 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 930 if (! m) { 931nobufs: if (debug) 932 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 933 SPP_ARGS(ifp)); 934 ++ifp->if_oerrors; 935 SPPP_UNLOCK(sp); 936 splx (s); 937 return (ENOBUFS); 938 } 939 /* 940 * May want to check size of packet 941 * (albeit due to the implementation it's always enough) 942 */ 943 h = mtod (m, struct ppp_header*); 944 if (sp->pp_mode == IFF_CISCO) { 945 h->address = CISCO_UNICAST; /* unicast address */ 946 h->control = 0; 947 } else { 948 h->address = PPP_ALLSTATIONS; /* broadcast address */ 949 h->control = PPP_UI; /* Unnumbered Info */ 950 } 951 952 switch (dst->sa_family) { 953#ifdef INET 954 case AF_INET: /* Internet Protocol */ 955 if (sp->pp_mode == IFF_CISCO) 956 h->protocol = htons (ETHERTYPE_IP); 957 else { 958 /* 959 * Don't choke with an ENETDOWN early. It's 960 * possible that we just started dialing out, 961 * so don't drop the packet immediately. If 962 * we notice that we run out of buffer space 963 * below, we will however remember that we are 964 * not ready to carry IP packets, and return 965 * ENETDOWN, as opposed to ENOBUFS. 966 */ 967 h->protocol = htons(ipproto); 968 if (sp->state[IDX_IPCP] != STATE_OPENED) 969 rv = ENETDOWN; 970 } 971 break; 972#endif 973#ifdef INET6 974 case AF_INET6: /* Internet Protocol */ 975 if (sp->pp_mode == IFF_CISCO) 976 h->protocol = htons (ETHERTYPE_IPV6); 977 else { 978 /* 979 * Don't choke with an ENETDOWN early. It's 980 * possible that we just started dialing out, 981 * so don't drop the packet immediately. If 982 * we notice that we run out of buffer space 983 * below, we will however remember that we are 984 * not ready to carry IP packets, and return 985 * ENETDOWN, as opposed to ENOBUFS. 986 */ 987 h->protocol = htons(PPP_IPV6); 988 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 989 rv = ENETDOWN; 990 } 991 break; 992#endif 993#ifdef IPX 994 case AF_IPX: /* Novell IPX Protocol */ 995 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 996 ETHERTYPE_IPX : PPP_IPX); 997 break; 998#endif 999 default: 1000 m_freem (m); 1001 ++ifp->if_oerrors; 1002 SPPP_UNLOCK(sp); 1003 splx (s); 1004 return (EAFNOSUPPORT); 1005 } 1006 1007 /* 1008 * Queue message on interface, and start output if interface 1009 * not yet active. 1010 */ 1011out: 1012 if (ifq != NULL) 1013 error = !(IF_HANDOFF_ADJ(ifq, m, ifp, 3)); 1014 else 1015 IFQ_HANDOFF_ADJ(ifp, m, 3, error); 1016 if (error) { 1017 ++ifp->if_oerrors; 1018 SPPP_UNLOCK(sp); 1019 splx (s); 1020 return (rv? rv: ENOBUFS); 1021 } 1022 SPPP_UNLOCK(sp); 1023 splx (s); 1024 /* 1025 * Unlike in sppp_input(), we can always bump the timestamp 1026 * here since sppp_output() is only called on behalf of 1027 * network-layer traffic; control-layer traffic is handled 1028 * by sppp_cp_send(). 1029 */ 1030 sp->pp_last_sent = time_uptime; 1031 return (0); 1032} 1033 1034void 1035sppp_attach(struct ifnet *ifp) 1036{ 1037 struct sppp *sp = IFP2SP(ifp); 1038 1039 /* Initialize mtx lock */ 1040 mtx_init(&sp->mtx, "sppp", MTX_NETWORK_LOCK, MTX_DEF | MTX_RECURSE); 1041 1042 /* Initialize keepalive handler. */ 1043 callout_init(&sp->keepalive_callout, CALLOUT_MPSAFE); 1044 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 1045 (void *)sp); 1046 1047 ifp->if_mtu = PP_MTU; 1048 ifp->if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 1049 ifp->if_output = sppp_output; 1050#if 0 1051 sp->pp_flags = PP_KEEPALIVE; 1052#endif 1053 ifp->if_snd.ifq_maxlen = 32; 1054 sp->pp_fastq.ifq_maxlen = 32; 1055 sp->pp_cpq.ifq_maxlen = 20; 1056 sp->pp_loopcnt = 0; 1057 sp->pp_alivecnt = 0; 1058 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 1059 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 1060 sp->pp_phase = PHASE_DEAD; 1061 sp->pp_up = sppp_pp_up; 1062 sp->pp_down = sppp_pp_down; 1063 if(!mtx_initialized(&sp->pp_cpq.ifq_mtx)) 1064 mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", NULL, MTX_DEF); 1065 if(!mtx_initialized(&sp->pp_fastq.ifq_mtx)) 1066 mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", NULL, MTX_DEF); 1067 sp->pp_last_recv = sp->pp_last_sent = time_uptime; 1068 sp->confflags = 0; 1069#ifdef INET 1070 sp->confflags |= CONF_ENABLE_VJ; 1071#endif 1072#ifdef INET6 1073 sp->confflags |= CONF_ENABLE_IPV6; 1074#endif 1075 callout_init(&sp->ifstart_callout, CALLOUT_MPSAFE); 1076 sp->if_start = ifp->if_start; 1077 ifp->if_start = sppp_ifstart; 1078 sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAITOK); 1079 sl_compress_init(sp->pp_comp, -1); 1080 sppp_lcp_init(sp); 1081 sppp_ipcp_init(sp); 1082 sppp_ipv6cp_init(sp); 1083 sppp_pap_init(sp); 1084 sppp_chap_init(sp); 1085} 1086 1087void 1088sppp_detach(struct ifnet *ifp) 1089{ 1090 struct sppp *sp = IFP2SP(ifp); 1091 int i; 1092 1093 KASSERT(mtx_initialized(&sp->mtx), ("sppp mutex is not initialized")); 1094 1095 /* Stop keepalive handler. */ 1096 if (!callout_drain(&sp->keepalive_callout)) 1097 callout_stop(&sp->keepalive_callout); 1098 1099 for (i = 0; i < IDX_COUNT; i++) { 1100 if (!callout_drain(&sp->ch[i])) 1101 callout_stop(&sp->ch[i]); 1102 } 1103 if (!callout_drain(&sp->pap_my_to_ch)) 1104 callout_stop(&sp->pap_my_to_ch); 1105 mtx_destroy(&sp->pp_cpq.ifq_mtx); 1106 mtx_destroy(&sp->pp_fastq.ifq_mtx); 1107 mtx_destroy(&sp->mtx); 1108} 1109 1110/* 1111 * Flush the interface output queue. 1112 */ 1113static void 1114sppp_flush_unlocked(struct ifnet *ifp) 1115{ 1116 struct sppp *sp = IFP2SP(ifp); 1117 1118 sppp_qflush ((struct ifqueue *)&SP2IFP(sp)->if_snd); 1119 sppp_qflush (&sp->pp_fastq); 1120 sppp_qflush (&sp->pp_cpq); 1121} 1122 1123void 1124sppp_flush(struct ifnet *ifp) 1125{ 1126 struct sppp *sp = IFP2SP(ifp); 1127 1128 SPPP_LOCK(sp); 1129 sppp_flush_unlocked (ifp); 1130 SPPP_UNLOCK(sp); 1131} 1132 1133/* 1134 * Check if the output queue is empty. 1135 */ 1136int 1137sppp_isempty(struct ifnet *ifp) 1138{ 1139 struct sppp *sp = IFP2SP(ifp); 1140 int empty, s; 1141 1142 s = splimp(); 1143 SPPP_LOCK(sp); 1144 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 1145 !SP2IFP(sp)->if_snd.ifq_head; 1146 SPPP_UNLOCK(sp); 1147 splx(s); 1148 return (empty); 1149} 1150 1151/* 1152 * Get next packet to send. 1153 */ 1154struct mbuf * 1155sppp_dequeue(struct ifnet *ifp) 1156{ 1157 struct sppp *sp = IFP2SP(ifp); 1158 struct mbuf *m; 1159 int s; 1160 1161 s = splimp(); 1162 SPPP_LOCK(sp); 1163 /* 1164 * Process only the control protocol queue until we have at 1165 * least one NCP open. 1166 * 1167 * Do always serve all three queues in Cisco mode. 1168 */ 1169 IF_DEQUEUE(&sp->pp_cpq, m); 1170 if (m == NULL && 1171 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO || 1172 sp->pp_mode == PP_FR)) { 1173 IF_DEQUEUE(&sp->pp_fastq, m); 1174 if (m == NULL) 1175 IF_DEQUEUE (&SP2IFP(sp)->if_snd, m); 1176 } 1177 SPPP_UNLOCK(sp); 1178 splx(s); 1179 return m; 1180} 1181 1182/* 1183 * Pick the next packet, do not remove it from the queue. 1184 */ 1185struct mbuf * 1186sppp_pick(struct ifnet *ifp) 1187{ 1188 struct sppp *sp = IFP2SP(ifp); 1189 struct mbuf *m; 1190 int s; 1191 1192 s = splimp (); 1193 SPPP_LOCK(sp); 1194 1195 m = sp->pp_cpq.ifq_head; 1196 if (m == NULL && 1197 (sp->pp_phase == PHASE_NETWORK || 1198 sp->pp_mode == IFF_CISCO || 1199 sp->pp_mode == PP_FR)) 1200 if ((m = sp->pp_fastq.ifq_head) == NULL) 1201 m = SP2IFP(sp)->if_snd.ifq_head; 1202 SPPP_UNLOCK(sp); 1203 splx (s); 1204 return (m); 1205} 1206 1207/* 1208 * Process an ioctl request. Called on low priority level. 1209 */ 1210int 1211sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1212{ 1213 struct ifreq *ifr = (struct ifreq*) data; 1214 struct sppp *sp = IFP2SP(ifp); 1215 int s, rv, going_up, going_down, newmode; 1216 1217 s = splimp(); 1218 SPPP_LOCK(sp); 1219 rv = 0; 1220 switch (cmd) { 1221 case SIOCAIFADDR: 1222 case SIOCSIFDSTADDR: 1223 break; 1224 1225 case SIOCSIFADDR: 1226 /* set the interface "up" when assigning an IP address */ 1227 ifp->if_flags |= IFF_UP; 1228 /* FALLTHROUGH */ 1229 1230 case SIOCSIFFLAGS: 1231 going_up = ifp->if_flags & IFF_UP && 1232 (ifp->if_drv_flags & IFF_DRV_RUNNING) == 0; 1233 going_down = (ifp->if_flags & IFF_UP) == 0 && 1234 ifp->if_drv_flags & IFF_DRV_RUNNING; 1235 1236 newmode = ifp->if_flags & IFF_PASSIVE; 1237 if (!newmode) 1238 newmode = ifp->if_flags & IFF_AUTO; 1239 if (!newmode) 1240 newmode = ifp->if_flags & IFF_CISCO; 1241 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1242 ifp->if_flags |= newmode; 1243 1244 if (!newmode) 1245 newmode = sp->pp_flags & PP_FR; 1246 1247 if (newmode != sp->pp_mode) { 1248 going_down = 1; 1249 if (!going_up) 1250 going_up = ifp->if_drv_flags & IFF_DRV_RUNNING; 1251 } 1252 1253 if (going_down) { 1254 if (sp->pp_mode != IFF_CISCO && 1255 sp->pp_mode != PP_FR) 1256 lcp.Close(sp); 1257 else if (sp->pp_tlf) 1258 (sp->pp_tlf)(sp); 1259 sppp_flush_unlocked(ifp); 1260 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1261 sp->pp_mode = newmode; 1262 } 1263 1264 if (going_up) { 1265 if (sp->pp_mode != IFF_CISCO && 1266 sp->pp_mode != PP_FR) 1267 lcp.Close(sp); 1268 sp->pp_mode = newmode; 1269 if (sp->pp_mode == 0) { 1270 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1271 lcp.Open(sp); 1272 } 1273 if ((sp->pp_mode == IFF_CISCO) || 1274 (sp->pp_mode == PP_FR)) { 1275 if (sp->pp_tls) 1276 (sp->pp_tls)(sp); 1277 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1278 } 1279 } 1280 1281 break; 1282 1283#ifdef SIOCSIFMTU 1284#ifndef ifr_mtu 1285#define ifr_mtu ifr_metric 1286#endif 1287 case SIOCSIFMTU: 1288 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1289 return (EINVAL); 1290 ifp->if_mtu = ifr->ifr_mtu; 1291 break; 1292#endif 1293#ifdef SLIOCSETMTU 1294 case SLIOCSETMTU: 1295 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1296 return (EINVAL); 1297 ifp->if_mtu = *(short*)data; 1298 break; 1299#endif 1300#ifdef SIOCGIFMTU 1301 case SIOCGIFMTU: 1302 ifr->ifr_mtu = ifp->if_mtu; 1303 break; 1304#endif 1305#ifdef SLIOCGETMTU 1306 case SLIOCGETMTU: 1307 *(short*)data = ifp->if_mtu; 1308 break; 1309#endif 1310 case SIOCADDMULTI: 1311 case SIOCDELMULTI: 1312 break; 1313 1314 case SIOCGIFGENERIC: 1315 case SIOCSIFGENERIC: 1316 rv = sppp_params(sp, cmd, data); 1317 break; 1318 1319 default: 1320 rv = ENOTTY; 1321 } 1322 SPPP_UNLOCK(sp); 1323 splx(s); 1324 return rv; 1325} 1326 1327/* 1328 * Cisco framing implementation. 1329 */ 1330 1331/* 1332 * Handle incoming Cisco keepalive protocol packets. 1333 */ 1334static void 1335sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1336{ 1337 STDDCL; 1338 struct cisco_packet *h; 1339 u_long me, mymask; 1340 1341 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1342 if (debug) 1343 log(LOG_DEBUG, 1344 SPP_FMT "cisco invalid packet length: %d bytes\n", 1345 SPP_ARGS(ifp), m->m_pkthdr.len); 1346 return; 1347 } 1348 h = mtod (m, struct cisco_packet*); 1349 if (debug) 1350 log(LOG_DEBUG, 1351 SPP_FMT "cisco input: %d bytes " 1352 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1353 SPP_ARGS(ifp), m->m_pkthdr.len, 1354 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1355 (u_int)h->time0, (u_int)h->time1); 1356 switch (ntohl (h->type)) { 1357 default: 1358 if (debug) 1359 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1360 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1361 break; 1362 case CISCO_ADDR_REPLY: 1363 /* Reply on address request, ignore */ 1364 break; 1365 case CISCO_KEEPALIVE_REQ: 1366 sp->pp_alivecnt = 0; 1367 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1368 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1369 /* Local and remote sequence numbers are equal. 1370 * Probably, the line is in loopback mode. */ 1371 if (sp->pp_loopcnt >= MAXALIVECNT) { 1372 printf (SPP_FMT "loopback\n", 1373 SPP_ARGS(ifp)); 1374 sp->pp_loopcnt = 0; 1375 if (ifp->if_flags & IFF_UP) { 1376 if_down (ifp); 1377 sppp_qflush (&sp->pp_cpq); 1378 } 1379 } 1380 ++sp->pp_loopcnt; 1381 1382 /* Generate new local sequence number */ 1383 sp->pp_seq[IDX_LCP] = random(); 1384 break; 1385 } 1386 sp->pp_loopcnt = 0; 1387 if (! (ifp->if_flags & IFF_UP) && 1388 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 1389 if_up(ifp); 1390 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1391 } 1392 break; 1393 case CISCO_ADDR_REQ: 1394 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1395 if (me != 0L) 1396 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1397 break; 1398 } 1399} 1400 1401/* 1402 * Send Cisco keepalive packet. 1403 */ 1404static void 1405sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1406{ 1407 STDDCL; 1408 struct ppp_header *h; 1409 struct cisco_packet *ch; 1410 struct mbuf *m; 1411 struct timeval tv; 1412 1413 getmicrouptime(&tv); 1414 1415 MGETHDR (m, M_DONTWAIT, MT_DATA); 1416 if (! m) 1417 return; 1418 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1419 m->m_pkthdr.rcvif = 0; 1420 1421 h = mtod (m, struct ppp_header*); 1422 h->address = CISCO_MULTICAST; 1423 h->control = 0; 1424 h->protocol = htons (CISCO_KEEPALIVE); 1425 1426 ch = (struct cisco_packet*) (h + 1); 1427 ch->type = htonl (type); 1428 ch->par1 = htonl (par1); 1429 ch->par2 = htonl (par2); 1430 ch->rel = -1; 1431 1432 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1433 ch->time1 = htons ((u_short) tv.tv_sec); 1434 1435 if (debug) 1436 log(LOG_DEBUG, 1437 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1438 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1439 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1440 1441 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1442 ifp->if_oerrors++; 1443} 1444 1445/* 1446 * PPP protocol implementation. 1447 */ 1448 1449/* 1450 * Send PPP control protocol packet. 1451 */ 1452static void 1453sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1454 u_char ident, u_short len, void *data) 1455{ 1456 STDDCL; 1457 struct ppp_header *h; 1458 struct lcp_header *lh; 1459 struct mbuf *m; 1460 1461 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1462 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1463 MGETHDR (m, M_DONTWAIT, MT_DATA); 1464 if (! m) 1465 return; 1466 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1467 m->m_pkthdr.rcvif = 0; 1468 1469 h = mtod (m, struct ppp_header*); 1470 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1471 h->control = PPP_UI; /* Unnumbered Info */ 1472 h->protocol = htons (proto); /* Link Control Protocol */ 1473 1474 lh = (struct lcp_header*) (h + 1); 1475 lh->type = type; 1476 lh->ident = ident; 1477 lh->len = htons (LCP_HEADER_LEN + len); 1478 if (len) 1479 bcopy (data, lh+1, len); 1480 1481 if (debug) { 1482 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1483 SPP_ARGS(ifp), 1484 sppp_proto_name(proto), 1485 sppp_cp_type_name (lh->type), lh->ident, 1486 ntohs (lh->len)); 1487 sppp_print_bytes ((u_char*) (lh+1), len); 1488 log(-1, ">\n"); 1489 } 1490 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1491 ifp->if_oerrors++; 1492} 1493 1494/* 1495 * Handle incoming PPP control protocol packets. 1496 */ 1497static void 1498sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1499{ 1500 STDDCL; 1501 struct lcp_header *h; 1502 int len = m->m_pkthdr.len; 1503 int rv; 1504 u_char *p; 1505 1506 if (len < 4) { 1507 if (debug) 1508 log(LOG_DEBUG, 1509 SPP_FMT "%s invalid packet length: %d bytes\n", 1510 SPP_ARGS(ifp), cp->name, len); 1511 return; 1512 } 1513 h = mtod (m, struct lcp_header*); 1514 if (debug) { 1515 log(LOG_DEBUG, 1516 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1517 SPP_ARGS(ifp), cp->name, 1518 sppp_state_name(sp->state[cp->protoidx]), 1519 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1520 sppp_print_bytes ((u_char*) (h+1), len-4); 1521 log(-1, ">\n"); 1522 } 1523 if (len > ntohs (h->len)) 1524 len = ntohs (h->len); 1525 p = (u_char *)(h + 1); 1526 switch (h->type) { 1527 case CONF_REQ: 1528 if (len < 4) { 1529 if (debug) 1530 log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1531 SPP_ARGS(ifp), cp->name, 1532 len); 1533 ++ifp->if_ierrors; 1534 break; 1535 } 1536 /* handle states where RCR doesn't get a SCA/SCN */ 1537 switch (sp->state[cp->protoidx]) { 1538 case STATE_CLOSING: 1539 case STATE_STOPPING: 1540 return; 1541 case STATE_CLOSED: 1542 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1543 0, 0); 1544 return; 1545 } 1546 rv = (cp->RCR)(sp, h, len); 1547 switch (sp->state[cp->protoidx]) { 1548 case STATE_OPENED: 1549 (cp->tld)(sp); 1550 (cp->scr)(sp); 1551 /* FALLTHROUGH */ 1552 case STATE_ACK_SENT: 1553 case STATE_REQ_SENT: 1554 /* 1555 * sppp_cp_change_state() have the side effect of 1556 * restarting the timeouts. We want to avoid that 1557 * if the state don't change, otherwise we won't 1558 * ever timeout and resend a configuration request 1559 * that got lost. 1560 */ 1561 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1562 STATE_REQ_SENT)) 1563 break; 1564 sppp_cp_change_state(cp, sp, rv? 1565 STATE_ACK_SENT: STATE_REQ_SENT); 1566 break; 1567 case STATE_STOPPED: 1568 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1569 (cp->scr)(sp); 1570 sppp_cp_change_state(cp, sp, rv? 1571 STATE_ACK_SENT: STATE_REQ_SENT); 1572 break; 1573 case STATE_ACK_RCVD: 1574 if (rv) { 1575 sppp_cp_change_state(cp, sp, STATE_OPENED); 1576 if (debug) 1577 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1578 SPP_ARGS(ifp), 1579 cp->name); 1580 (cp->tlu)(sp); 1581 } else 1582 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1583 break; 1584 default: 1585 printf(SPP_FMT "%s illegal %s in state %s\n", 1586 SPP_ARGS(ifp), cp->name, 1587 sppp_cp_type_name(h->type), 1588 sppp_state_name(sp->state[cp->protoidx])); 1589 ++ifp->if_ierrors; 1590 } 1591 break; 1592 case CONF_ACK: 1593 if (h->ident != sp->confid[cp->protoidx]) { 1594 if (debug) 1595 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1596 SPP_ARGS(ifp), cp->name, 1597 h->ident, sp->confid[cp->protoidx]); 1598 ++ifp->if_ierrors; 1599 break; 1600 } 1601 switch (sp->state[cp->protoidx]) { 1602 case STATE_CLOSED: 1603 case STATE_STOPPED: 1604 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1605 break; 1606 case STATE_CLOSING: 1607 case STATE_STOPPING: 1608 break; 1609 case STATE_REQ_SENT: 1610 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1611 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1612 break; 1613 case STATE_OPENED: 1614 (cp->tld)(sp); 1615 /* FALLTHROUGH */ 1616 case STATE_ACK_RCVD: 1617 (cp->scr)(sp); 1618 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1619 break; 1620 case STATE_ACK_SENT: 1621 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1622 sppp_cp_change_state(cp, sp, STATE_OPENED); 1623 if (debug) 1624 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1625 SPP_ARGS(ifp), cp->name); 1626 (cp->tlu)(sp); 1627 break; 1628 default: 1629 printf(SPP_FMT "%s illegal %s in state %s\n", 1630 SPP_ARGS(ifp), cp->name, 1631 sppp_cp_type_name(h->type), 1632 sppp_state_name(sp->state[cp->protoidx])); 1633 ++ifp->if_ierrors; 1634 } 1635 break; 1636 case CONF_NAK: 1637 case CONF_REJ: 1638 if (h->ident != sp->confid[cp->protoidx]) { 1639 if (debug) 1640 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1641 SPP_ARGS(ifp), cp->name, 1642 h->ident, sp->confid[cp->protoidx]); 1643 ++ifp->if_ierrors; 1644 break; 1645 } 1646 if (h->type == CONF_NAK) 1647 (cp->RCN_nak)(sp, h, len); 1648 else /* CONF_REJ */ 1649 (cp->RCN_rej)(sp, h, len); 1650 1651 switch (sp->state[cp->protoidx]) { 1652 case STATE_CLOSED: 1653 case STATE_STOPPED: 1654 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1655 break; 1656 case STATE_REQ_SENT: 1657 case STATE_ACK_SENT: 1658 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1659 /* 1660 * Slow things down a bit if we think we might be 1661 * in loopback. Depend on the timeout to send the 1662 * next configuration request. 1663 */ 1664 if (sp->pp_loopcnt) 1665 break; 1666 (cp->scr)(sp); 1667 break; 1668 case STATE_OPENED: 1669 (cp->tld)(sp); 1670 /* FALLTHROUGH */ 1671 case STATE_ACK_RCVD: 1672 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1673 (cp->scr)(sp); 1674 break; 1675 case STATE_CLOSING: 1676 case STATE_STOPPING: 1677 break; 1678 default: 1679 printf(SPP_FMT "%s illegal %s in state %s\n", 1680 SPP_ARGS(ifp), cp->name, 1681 sppp_cp_type_name(h->type), 1682 sppp_state_name(sp->state[cp->protoidx])); 1683 ++ifp->if_ierrors; 1684 } 1685 break; 1686 1687 case TERM_REQ: 1688 switch (sp->state[cp->protoidx]) { 1689 case STATE_ACK_RCVD: 1690 case STATE_ACK_SENT: 1691 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1692 /* FALLTHROUGH */ 1693 case STATE_CLOSED: 1694 case STATE_STOPPED: 1695 case STATE_CLOSING: 1696 case STATE_STOPPING: 1697 case STATE_REQ_SENT: 1698 sta: 1699 /* Send Terminate-Ack packet. */ 1700 if (debug) 1701 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1702 SPP_ARGS(ifp), cp->name); 1703 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1704 break; 1705 case STATE_OPENED: 1706 (cp->tld)(sp); 1707 sp->rst_counter[cp->protoidx] = 0; 1708 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1709 goto sta; 1710 break; 1711 default: 1712 printf(SPP_FMT "%s illegal %s in state %s\n", 1713 SPP_ARGS(ifp), cp->name, 1714 sppp_cp_type_name(h->type), 1715 sppp_state_name(sp->state[cp->protoidx])); 1716 ++ifp->if_ierrors; 1717 } 1718 break; 1719 case TERM_ACK: 1720 switch (sp->state[cp->protoidx]) { 1721 case STATE_CLOSED: 1722 case STATE_STOPPED: 1723 case STATE_REQ_SENT: 1724 case STATE_ACK_SENT: 1725 break; 1726 case STATE_CLOSING: 1727 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1728 (cp->tlf)(sp); 1729 break; 1730 case STATE_STOPPING: 1731 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1732 (cp->tlf)(sp); 1733 break; 1734 case STATE_ACK_RCVD: 1735 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1736 break; 1737 case STATE_OPENED: 1738 (cp->tld)(sp); 1739 (cp->scr)(sp); 1740 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1741 break; 1742 default: 1743 printf(SPP_FMT "%s illegal %s in state %s\n", 1744 SPP_ARGS(ifp), cp->name, 1745 sppp_cp_type_name(h->type), 1746 sppp_state_name(sp->state[cp->protoidx])); 1747 ++ifp->if_ierrors; 1748 } 1749 break; 1750 case CODE_REJ: 1751 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1752 log(LOG_INFO, 1753 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1754 "danger will robinson\n", 1755 SPP_ARGS(ifp), cp->name, 1756 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1757 switch (sp->state[cp->protoidx]) { 1758 case STATE_CLOSED: 1759 case STATE_STOPPED: 1760 case STATE_REQ_SENT: 1761 case STATE_ACK_SENT: 1762 case STATE_CLOSING: 1763 case STATE_STOPPING: 1764 case STATE_OPENED: 1765 break; 1766 case STATE_ACK_RCVD: 1767 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1768 break; 1769 default: 1770 printf(SPP_FMT "%s illegal %s in state %s\n", 1771 SPP_ARGS(ifp), cp->name, 1772 sppp_cp_type_name(h->type), 1773 sppp_state_name(sp->state[cp->protoidx])); 1774 ++ifp->if_ierrors; 1775 } 1776 break; 1777 case PROTO_REJ: 1778 { 1779 int catastrophic; 1780 const struct cp *upper; 1781 int i; 1782 u_int16_t proto; 1783 1784 catastrophic = 0; 1785 upper = NULL; 1786 proto = ntohs(*((u_int16_t *)p)); 1787 for (i = 0; i < IDX_COUNT; i++) { 1788 if (cps[i]->proto == proto) { 1789 upper = cps[i]; 1790 break; 1791 } 1792 } 1793 if (upper == NULL) 1794 catastrophic++; 1795 1796 if (catastrophic || debug) 1797 log(catastrophic? LOG_INFO: LOG_DEBUG, 1798 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1799 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1800 sppp_cp_type_name(h->type), proto, 1801 upper ? upper->name : "unknown", 1802 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1803 1804 /* 1805 * if we got RXJ+ against conf-req, the peer does not implement 1806 * this particular protocol type. terminate the protocol. 1807 */ 1808 if (upper && !catastrophic) { 1809 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1810 upper->Close(sp); 1811 break; 1812 } 1813 } 1814 1815 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1816 switch (sp->state[cp->protoidx]) { 1817 case STATE_CLOSED: 1818 case STATE_STOPPED: 1819 case STATE_REQ_SENT: 1820 case STATE_ACK_SENT: 1821 case STATE_CLOSING: 1822 case STATE_STOPPING: 1823 case STATE_OPENED: 1824 break; 1825 case STATE_ACK_RCVD: 1826 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1827 break; 1828 default: 1829 printf(SPP_FMT "%s illegal %s in state %s\n", 1830 SPP_ARGS(ifp), cp->name, 1831 sppp_cp_type_name(h->type), 1832 sppp_state_name(sp->state[cp->protoidx])); 1833 ++ifp->if_ierrors; 1834 } 1835 break; 1836 } 1837 case DISC_REQ: 1838 if (cp->proto != PPP_LCP) 1839 goto illegal; 1840 /* Discard the packet. */ 1841 break; 1842 case ECHO_REQ: 1843 if (cp->proto != PPP_LCP) 1844 goto illegal; 1845 if (sp->state[cp->protoidx] != STATE_OPENED) { 1846 if (debug) 1847 log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1848 SPP_ARGS(ifp)); 1849 ++ifp->if_ierrors; 1850 break; 1851 } 1852 if (len < 8) { 1853 if (debug) 1854 log(-1, SPP_FMT "invalid lcp echo request " 1855 "packet length: %d bytes\n", 1856 SPP_ARGS(ifp), len); 1857 break; 1858 } 1859 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1860 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1861 /* Line loopback mode detected. */ 1862 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1863 sp->pp_loopcnt = MAXALIVECNT * 5; 1864 if_down (ifp); 1865 sppp_qflush (&sp->pp_cpq); 1866 1867 /* Shut down the PPP link. */ 1868 /* XXX */ 1869 lcp.Down(sp); 1870 lcp.Up(sp); 1871 break; 1872 } 1873 *(long*)(h+1) = htonl (sp->lcp.magic); 1874 if (debug) 1875 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1876 SPP_ARGS(ifp)); 1877 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1878 break; 1879 case ECHO_REPLY: 1880 if (cp->proto != PPP_LCP) 1881 goto illegal; 1882 if (h->ident != sp->lcp.echoid) { 1883 ++ifp->if_ierrors; 1884 break; 1885 } 1886 if (len < 8) { 1887 if (debug) 1888 log(-1, SPP_FMT "lcp invalid echo reply " 1889 "packet length: %d bytes\n", 1890 SPP_ARGS(ifp), len); 1891 break; 1892 } 1893 if (debug) 1894 log(-1, SPP_FMT "lcp got echo rep\n", 1895 SPP_ARGS(ifp)); 1896 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1897 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1898 sp->pp_alivecnt = 0; 1899 break; 1900 default: 1901 /* Unknown packet type -- send Code-Reject packet. */ 1902 illegal: 1903 if (debug) 1904 log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1905 SPP_ARGS(ifp), cp->name, h->type); 1906 sppp_cp_send(sp, cp->proto, CODE_REJ, 1907 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1908 ++ifp->if_ierrors; 1909 } 1910} 1911 1912 1913/* 1914 * The generic part of all Up/Down/Open/Close/TO event handlers. 1915 * Basically, the state transition handling in the automaton. 1916 */ 1917static void 1918sppp_up_event(const struct cp *cp, struct sppp *sp) 1919{ 1920 STDDCL; 1921 1922 if (debug) 1923 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1924 SPP_ARGS(ifp), cp->name, 1925 sppp_state_name(sp->state[cp->protoidx])); 1926 1927 switch (sp->state[cp->protoidx]) { 1928 case STATE_INITIAL: 1929 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1930 break; 1931 case STATE_STARTING: 1932 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1933 (cp->scr)(sp); 1934 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1935 break; 1936 default: 1937 printf(SPP_FMT "%s illegal up in state %s\n", 1938 SPP_ARGS(ifp), cp->name, 1939 sppp_state_name(sp->state[cp->protoidx])); 1940 } 1941} 1942 1943static void 1944sppp_down_event(const struct cp *cp, struct sppp *sp) 1945{ 1946 STDDCL; 1947 1948 if (debug) 1949 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1950 SPP_ARGS(ifp), cp->name, 1951 sppp_state_name(sp->state[cp->protoidx])); 1952 1953 switch (sp->state[cp->protoidx]) { 1954 case STATE_CLOSED: 1955 case STATE_CLOSING: 1956 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1957 break; 1958 case STATE_STOPPED: 1959 sppp_cp_change_state(cp, sp, STATE_STARTING); 1960 (cp->tls)(sp); 1961 break; 1962 case STATE_STOPPING: 1963 case STATE_REQ_SENT: 1964 case STATE_ACK_RCVD: 1965 case STATE_ACK_SENT: 1966 sppp_cp_change_state(cp, sp, STATE_STARTING); 1967 break; 1968 case STATE_OPENED: 1969 (cp->tld)(sp); 1970 sppp_cp_change_state(cp, sp, STATE_STARTING); 1971 break; 1972 default: 1973 printf(SPP_FMT "%s illegal down in state %s\n", 1974 SPP_ARGS(ifp), cp->name, 1975 sppp_state_name(sp->state[cp->protoidx])); 1976 } 1977} 1978 1979 1980static void 1981sppp_open_event(const struct cp *cp, struct sppp *sp) 1982{ 1983 STDDCL; 1984 1985 if (debug) 1986 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1987 SPP_ARGS(ifp), cp->name, 1988 sppp_state_name(sp->state[cp->protoidx])); 1989 1990 switch (sp->state[cp->protoidx]) { 1991 case STATE_INITIAL: 1992 sppp_cp_change_state(cp, sp, STATE_STARTING); 1993 (cp->tls)(sp); 1994 break; 1995 case STATE_STARTING: 1996 break; 1997 case STATE_CLOSED: 1998 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1999 (cp->scr)(sp); 2000 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2001 break; 2002 case STATE_STOPPED: 2003 /* 2004 * Try escaping stopped state. This seems to bite 2005 * people occasionally, in particular for IPCP, 2006 * presumably following previous IPCP negotiation 2007 * aborts. Somehow, we must have missed a Down event 2008 * which would have caused a transition into starting 2009 * state, so as a bandaid we force the Down event now. 2010 * This effectively implements (something like the) 2011 * `restart' option mentioned in the state transition 2012 * table of RFC 1661. 2013 */ 2014 sppp_cp_change_state(cp, sp, STATE_STARTING); 2015 (cp->tls)(sp); 2016 break; 2017 case STATE_STOPPING: 2018 case STATE_REQ_SENT: 2019 case STATE_ACK_RCVD: 2020 case STATE_ACK_SENT: 2021 case STATE_OPENED: 2022 break; 2023 case STATE_CLOSING: 2024 sppp_cp_change_state(cp, sp, STATE_STOPPING); 2025 break; 2026 } 2027} 2028 2029 2030static void 2031sppp_close_event(const struct cp *cp, struct sppp *sp) 2032{ 2033 STDDCL; 2034 2035 if (debug) 2036 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 2037 SPP_ARGS(ifp), cp->name, 2038 sppp_state_name(sp->state[cp->protoidx])); 2039 2040 switch (sp->state[cp->protoidx]) { 2041 case STATE_INITIAL: 2042 case STATE_CLOSED: 2043 case STATE_CLOSING: 2044 break; 2045 case STATE_STARTING: 2046 sppp_cp_change_state(cp, sp, STATE_INITIAL); 2047 (cp->tlf)(sp); 2048 break; 2049 case STATE_STOPPED: 2050 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2051 break; 2052 case STATE_STOPPING: 2053 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2054 break; 2055 case STATE_OPENED: 2056 (cp->tld)(sp); 2057 /* FALLTHROUGH */ 2058 case STATE_REQ_SENT: 2059 case STATE_ACK_RCVD: 2060 case STATE_ACK_SENT: 2061 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 2062 sppp_cp_send(sp, cp->proto, TERM_REQ, 2063 ++sp->pp_seq[cp->protoidx], 0, 0); 2064 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2065 break; 2066 } 2067} 2068 2069static void 2070sppp_to_event(const struct cp *cp, struct sppp *sp) 2071{ 2072 STDDCL; 2073 int s; 2074 2075 s = splimp(); 2076 SPPP_LOCK(sp); 2077 if (debug) 2078 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 2079 SPP_ARGS(ifp), cp->name, 2080 sppp_state_name(sp->state[cp->protoidx]), 2081 sp->rst_counter[cp->protoidx]); 2082 2083 if (--sp->rst_counter[cp->protoidx] < 0) 2084 /* TO- event */ 2085 switch (sp->state[cp->protoidx]) { 2086 case STATE_CLOSING: 2087 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2088 (cp->tlf)(sp); 2089 break; 2090 case STATE_STOPPING: 2091 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2092 (cp->tlf)(sp); 2093 break; 2094 case STATE_REQ_SENT: 2095 case STATE_ACK_RCVD: 2096 case STATE_ACK_SENT: 2097 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2098 (cp->tlf)(sp); 2099 break; 2100 } 2101 else 2102 /* TO+ event */ 2103 switch (sp->state[cp->protoidx]) { 2104 case STATE_CLOSING: 2105 case STATE_STOPPING: 2106 sppp_cp_send(sp, cp->proto, TERM_REQ, 2107 ++sp->pp_seq[cp->protoidx], 0, 0); 2108 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2109 cp->TO, (void *)sp); 2110 break; 2111 case STATE_REQ_SENT: 2112 case STATE_ACK_RCVD: 2113 (cp->scr)(sp); 2114 /* sppp_cp_change_state() will restart the timer */ 2115 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2116 break; 2117 case STATE_ACK_SENT: 2118 (cp->scr)(sp); 2119 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2120 cp->TO, (void *)sp); 2121 break; 2122 } 2123 2124 SPPP_UNLOCK(sp); 2125 splx(s); 2126} 2127 2128/* 2129 * Change the state of a control protocol in the state automaton. 2130 * Takes care of starting/stopping the restart timer. 2131 */ 2132static void 2133sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2134{ 2135 sp->state[cp->protoidx] = newstate; 2136 2137 callout_stop (&sp->ch[cp->protoidx]); 2138 2139 switch (newstate) { 2140 case STATE_INITIAL: 2141 case STATE_STARTING: 2142 case STATE_CLOSED: 2143 case STATE_STOPPED: 2144 case STATE_OPENED: 2145 break; 2146 case STATE_CLOSING: 2147 case STATE_STOPPING: 2148 case STATE_REQ_SENT: 2149 case STATE_ACK_RCVD: 2150 case STATE_ACK_SENT: 2151 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2152 cp->TO, (void *)sp); 2153 break; 2154 } 2155} 2156 2157/* 2158 *--------------------------------------------------------------------------* 2159 * * 2160 * The LCP implementation. * 2161 * * 2162 *--------------------------------------------------------------------------* 2163 */ 2164static void 2165sppp_pp_up(struct sppp *sp) 2166{ 2167 SPPP_LOCK(sp); 2168 lcp.Up(sp); 2169 SPPP_UNLOCK(sp); 2170} 2171 2172static void 2173sppp_pp_down(struct sppp *sp) 2174{ 2175 SPPP_LOCK(sp); 2176 lcp.Down(sp); 2177 SPPP_UNLOCK(sp); 2178} 2179 2180static void 2181sppp_lcp_init(struct sppp *sp) 2182{ 2183 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2184 sp->lcp.magic = 0; 2185 sp->state[IDX_LCP] = STATE_INITIAL; 2186 sp->fail_counter[IDX_LCP] = 0; 2187 sp->pp_seq[IDX_LCP] = 0; 2188 sp->pp_rseq[IDX_LCP] = 0; 2189 sp->lcp.protos = 0; 2190 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2191 2192 /* Note that these values are relevant for all control protocols */ 2193 sp->lcp.timeout = 3 * hz; 2194 sp->lcp.max_terminate = 2; 2195 sp->lcp.max_configure = 10; 2196 sp->lcp.max_failure = 10; 2197 callout_init(&sp->ch[IDX_LCP], CALLOUT_MPSAFE); 2198} 2199 2200static void 2201sppp_lcp_up(struct sppp *sp) 2202{ 2203 STDDCL; 2204 2205 sp->pp_alivecnt = 0; 2206 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2207 sp->lcp.magic = 0; 2208 sp->lcp.protos = 0; 2209 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2210 /* 2211 * If we are authenticator, negotiate LCP_AUTH 2212 */ 2213 if (sp->hisauth.proto != 0) 2214 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2215 else 2216 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2217 sp->pp_flags &= ~PP_NEEDAUTH; 2218 /* 2219 * If this interface is passive or dial-on-demand, and we are 2220 * still in Initial state, it means we've got an incoming 2221 * call. Activate the interface. 2222 */ 2223 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2224 if (debug) 2225 log(LOG_DEBUG, 2226 SPP_FMT "Up event", SPP_ARGS(ifp)); 2227 ifp->if_drv_flags |= IFF_DRV_RUNNING; 2228 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2229 if (debug) 2230 log(-1, "(incoming call)\n"); 2231 sp->pp_flags |= PP_CALLIN; 2232 lcp.Open(sp); 2233 } else if (debug) 2234 log(-1, "\n"); 2235 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2236 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2237 ifp->if_drv_flags |= IFF_DRV_RUNNING; 2238 lcp.Open(sp); 2239 } 2240 2241 sppp_up_event(&lcp, sp); 2242} 2243 2244static void 2245sppp_lcp_down(struct sppp *sp) 2246{ 2247 STDDCL; 2248 2249 sppp_down_event(&lcp, sp); 2250 2251 /* 2252 * If this is neither a dial-on-demand nor a passive 2253 * interface, simulate an ``ifconfig down'' action, so the 2254 * administrator can force a redial by another ``ifconfig 2255 * up''. XXX For leased line operation, should we immediately 2256 * try to reopen the connection here? 2257 */ 2258 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2259 log(LOG_INFO, 2260 SPP_FMT "Down event, taking interface down.\n", 2261 SPP_ARGS(ifp)); 2262 if_down(ifp); 2263 } else { 2264 if (debug) 2265 log(LOG_DEBUG, 2266 SPP_FMT "Down event (carrier loss)\n", 2267 SPP_ARGS(ifp)); 2268 sp->pp_flags &= ~PP_CALLIN; 2269 if (sp->state[IDX_LCP] != STATE_INITIAL) 2270 lcp.Close(sp); 2271 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 2272 } 2273} 2274 2275static void 2276sppp_lcp_open(struct sppp *sp) 2277{ 2278 sppp_open_event(&lcp, sp); 2279} 2280 2281static void 2282sppp_lcp_close(struct sppp *sp) 2283{ 2284 sppp_close_event(&lcp, sp); 2285} 2286 2287static void 2288sppp_lcp_TO(void *cookie) 2289{ 2290 sppp_to_event(&lcp, (struct sppp *)cookie); 2291} 2292 2293/* 2294 * Analyze a configure request. Return true if it was agreeable, and 2295 * caused action sca, false if it has been rejected or nak'ed, and 2296 * caused action scn. (The return value is used to make the state 2297 * transition decision in the state automaton.) 2298 */ 2299static int 2300sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2301{ 2302 STDDCL; 2303 u_char *buf, *r, *p; 2304 int origlen, rlen; 2305 u_long nmagic; 2306 u_short authproto; 2307 2308 len -= 4; 2309 origlen = len; 2310 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2311 if (! buf) 2312 return (0); 2313 2314 if (debug) 2315 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2316 SPP_ARGS(ifp)); 2317 2318 /* pass 1: check for things that need to be rejected */ 2319 p = (void*) (h+1); 2320 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2321 len-=p[1], p+=p[1]) { 2322 if (debug) 2323 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2324 switch (*p) { 2325 case LCP_OPT_MAGIC: 2326 /* Magic number. */ 2327 if (len >= 6 && p[1] == 6) 2328 continue; 2329 if (debug) 2330 log(-1, "[invalid] "); 2331 break; 2332 case LCP_OPT_ASYNC_MAP: 2333 /* Async control character map. */ 2334 if (len >= 6 && p[1] == 6) 2335 continue; 2336 if (debug) 2337 log(-1, "[invalid] "); 2338 break; 2339 case LCP_OPT_MRU: 2340 /* Maximum receive unit. */ 2341 if (len >= 4 && p[1] == 4) 2342 continue; 2343 if (debug) 2344 log(-1, "[invalid] "); 2345 break; 2346 case LCP_OPT_AUTH_PROTO: 2347 if (len < 4) { 2348 if (debug) 2349 log(-1, "[invalid] "); 2350 break; 2351 } 2352 authproto = (p[2] << 8) + p[3]; 2353 if (authproto == PPP_CHAP && p[1] != 5) { 2354 if (debug) 2355 log(-1, "[invalid chap len] "); 2356 break; 2357 } 2358 if (sp->myauth.proto == 0) { 2359 /* we are not configured to do auth */ 2360 if (debug) 2361 log(-1, "[not configured] "); 2362 break; 2363 } 2364 /* 2365 * Remote want us to authenticate, remember this, 2366 * so we stay in PHASE_AUTHENTICATE after LCP got 2367 * up. 2368 */ 2369 sp->pp_flags |= PP_NEEDAUTH; 2370 continue; 2371 default: 2372 /* Others not supported. */ 2373 if (debug) 2374 log(-1, "[rej] "); 2375 break; 2376 } 2377 /* Add the option to rejected list. */ 2378 bcopy (p, r, p[1]); 2379 r += p[1]; 2380 rlen += p[1]; 2381 } 2382 if (rlen) { 2383 if (debug) 2384 log(-1, " send conf-rej\n"); 2385 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2386 return 0; 2387 } else if (debug) 2388 log(-1, "\n"); 2389 2390 /* 2391 * pass 2: check for option values that are unacceptable and 2392 * thus require to be nak'ed. 2393 */ 2394 if (debug) 2395 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2396 SPP_ARGS(ifp)); 2397 2398 p = (void*) (h+1); 2399 len = origlen; 2400 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2401 len-=p[1], p+=p[1]) { 2402 if (debug) 2403 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2404 switch (*p) { 2405 case LCP_OPT_MAGIC: 2406 /* Magic number -- extract. */ 2407 nmagic = (u_long)p[2] << 24 | 2408 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2409 if (nmagic != sp->lcp.magic) { 2410 sp->pp_loopcnt = 0; 2411 if (debug) 2412 log(-1, "0x%lx ", nmagic); 2413 continue; 2414 } 2415 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2416 log(-1, "[glitch] "); 2417 ++sp->pp_loopcnt; 2418 /* 2419 * We negate our magic here, and NAK it. If 2420 * we see it later in an NAK packet, we 2421 * suggest a new one. 2422 */ 2423 nmagic = ~sp->lcp.magic; 2424 /* Gonna NAK it. */ 2425 p[2] = nmagic >> 24; 2426 p[3] = nmagic >> 16; 2427 p[4] = nmagic >> 8; 2428 p[5] = nmagic; 2429 break; 2430 2431 case LCP_OPT_ASYNC_MAP: 2432 /* 2433 * Async control character map -- just ignore it. 2434 * 2435 * Quote from RFC 1662, chapter 6: 2436 * To enable this functionality, synchronous PPP 2437 * implementations MUST always respond to the 2438 * Async-Control-Character-Map Configuration 2439 * Option with the LCP Configure-Ack. However, 2440 * acceptance of the Configuration Option does 2441 * not imply that the synchronous implementation 2442 * will do any ACCM mapping. Instead, all such 2443 * octet mapping will be performed by the 2444 * asynchronous-to-synchronous converter. 2445 */ 2446 continue; 2447 2448 case LCP_OPT_MRU: 2449 /* 2450 * Maximum receive unit. Always agreeable, 2451 * but ignored by now. 2452 */ 2453 sp->lcp.their_mru = p[2] * 256 + p[3]; 2454 if (debug) 2455 log(-1, "%lu ", sp->lcp.their_mru); 2456 continue; 2457 2458 case LCP_OPT_AUTH_PROTO: 2459 authproto = (p[2] << 8) + p[3]; 2460 if (sp->myauth.proto != authproto) { 2461 /* not agreed, nak */ 2462 if (debug) 2463 log(-1, "[mine %s != his %s] ", 2464 sppp_proto_name(sp->hisauth.proto), 2465 sppp_proto_name(authproto)); 2466 p[2] = sp->myauth.proto >> 8; 2467 p[3] = sp->myauth.proto; 2468 break; 2469 } 2470 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2471 if (debug) 2472 log(-1, "[chap not MD5] "); 2473 p[4] = CHAP_MD5; 2474 break; 2475 } 2476 continue; 2477 } 2478 /* Add the option to nak'ed list. */ 2479 bcopy (p, r, p[1]); 2480 r += p[1]; 2481 rlen += p[1]; 2482 } 2483 if (rlen) { 2484 /* 2485 * Local and remote magics equal -- loopback? 2486 */ 2487 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2488 if (sp->pp_loopcnt == MAXALIVECNT*5) 2489 printf (SPP_FMT "loopback\n", 2490 SPP_ARGS(ifp)); 2491 if (ifp->if_flags & IFF_UP) { 2492 if_down(ifp); 2493 sppp_qflush(&sp->pp_cpq); 2494 /* XXX ? */ 2495 lcp.Down(sp); 2496 lcp.Up(sp); 2497 } 2498 } else if (!sp->pp_loopcnt && 2499 ++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2500 if (debug) 2501 log(-1, " max_failure (%d) exceeded, " 2502 "send conf-rej\n", 2503 sp->lcp.max_failure); 2504 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2505 } else { 2506 if (debug) 2507 log(-1, " send conf-nak\n"); 2508 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2509 } 2510 } else { 2511 if (debug) 2512 log(-1, " send conf-ack\n"); 2513 sp->fail_counter[IDX_LCP] = 0; 2514 sp->pp_loopcnt = 0; 2515 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2516 h->ident, origlen, h+1); 2517 } 2518 2519 free (buf, M_TEMP); 2520 return (rlen == 0); 2521} 2522 2523/* 2524 * Analyze the LCP Configure-Reject option list, and adjust our 2525 * negotiation. 2526 */ 2527static void 2528sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2529{ 2530 STDDCL; 2531 u_char *buf, *p; 2532 2533 len -= 4; 2534 buf = malloc (len, M_TEMP, M_NOWAIT); 2535 if (!buf) 2536 return; 2537 2538 if (debug) 2539 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2540 SPP_ARGS(ifp)); 2541 2542 p = (void*) (h+1); 2543 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 2544 len -= p[1], p += p[1]) { 2545 if (debug) 2546 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2547 switch (*p) { 2548 case LCP_OPT_MAGIC: 2549 /* Magic number -- can't use it, use 0 */ 2550 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2551 sp->lcp.magic = 0; 2552 break; 2553 case LCP_OPT_MRU: 2554 /* 2555 * Should not be rejected anyway, since we only 2556 * negotiate a MRU if explicitly requested by 2557 * peer. 2558 */ 2559 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2560 break; 2561 case LCP_OPT_AUTH_PROTO: 2562 /* 2563 * Peer doesn't want to authenticate himself, 2564 * deny unless this is a dialout call, and 2565 * AUTHFLAG_NOCALLOUT is set. 2566 */ 2567 if ((sp->pp_flags & PP_CALLIN) == 0 && 2568 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2569 if (debug) 2570 log(-1, "[don't insist on auth " 2571 "for callout]"); 2572 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2573 break; 2574 } 2575 if (debug) 2576 log(-1, "[access denied]\n"); 2577 lcp.Close(sp); 2578 break; 2579 } 2580 } 2581 if (debug) 2582 log(-1, "\n"); 2583 free (buf, M_TEMP); 2584 return; 2585} 2586 2587/* 2588 * Analyze the LCP Configure-NAK option list, and adjust our 2589 * negotiation. 2590 */ 2591static void 2592sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2593{ 2594 STDDCL; 2595 u_char *buf, *p; 2596 u_long magic; 2597 2598 len -= 4; 2599 buf = malloc (len, M_TEMP, M_NOWAIT); 2600 if (!buf) 2601 return; 2602 2603 if (debug) 2604 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2605 SPP_ARGS(ifp)); 2606 2607 p = (void*) (h+1); 2608 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 2609 len -= p[1], p += p[1]) { 2610 if (debug) 2611 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2612 switch (*p) { 2613 case LCP_OPT_MAGIC: 2614 /* Magic number -- renegotiate */ 2615 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2616 len >= 6 && p[1] == 6) { 2617 magic = (u_long)p[2] << 24 | 2618 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2619 /* 2620 * If the remote magic is our negated one, 2621 * this looks like a loopback problem. 2622 * Suggest a new magic to make sure. 2623 */ 2624 if (magic == ~sp->lcp.magic) { 2625 if (debug) 2626 log(-1, "magic glitch "); 2627 sp->lcp.magic = random(); 2628 } else { 2629 sp->lcp.magic = magic; 2630 if (debug) 2631 log(-1, "%lu ", magic); 2632 } 2633 } 2634 break; 2635 case LCP_OPT_MRU: 2636 /* 2637 * Peer wants to advise us to negotiate an MRU. 2638 * Agree on it if it's reasonable, or use 2639 * default otherwise. 2640 */ 2641 if (len >= 4 && p[1] == 4) { 2642 u_int mru = p[2] * 256 + p[3]; 2643 if (debug) 2644 log(-1, "%d ", mru); 2645 if (mru < PP_MTU || mru > PP_MAX_MRU) 2646 mru = PP_MTU; 2647 sp->lcp.mru = mru; 2648 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2649 } 2650 break; 2651 case LCP_OPT_AUTH_PROTO: 2652 /* 2653 * Peer doesn't like our authentication method, 2654 * deny. 2655 */ 2656 if (debug) 2657 log(-1, "[access denied]\n"); 2658 lcp.Close(sp); 2659 break; 2660 } 2661 } 2662 if (debug) 2663 log(-1, "\n"); 2664 free (buf, M_TEMP); 2665 return; 2666} 2667 2668static void 2669sppp_lcp_tlu(struct sppp *sp) 2670{ 2671 STDDCL; 2672 int i; 2673 u_long mask; 2674 2675 /* XXX ? */ 2676 if (! (ifp->if_flags & IFF_UP) && 2677 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 2678 /* Coming out of loopback mode. */ 2679 if_up(ifp); 2680 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2681 } 2682 2683 for (i = 0; i < IDX_COUNT; i++) 2684 if ((cps[i])->flags & CP_QUAL) 2685 (cps[i])->Open(sp); 2686 2687 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2688 (sp->pp_flags & PP_NEEDAUTH) != 0) 2689 sp->pp_phase = PHASE_AUTHENTICATE; 2690 else 2691 sp->pp_phase = PHASE_NETWORK; 2692 2693 if (debug) 2694 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2695 sppp_phase_name(sp->pp_phase)); 2696 2697 /* 2698 * Open all authentication protocols. This is even required 2699 * if we already proceeded to network phase, since it might be 2700 * that remote wants us to authenticate, so we might have to 2701 * send a PAP request. Undesired authentication protocols 2702 * don't do anything when they get an Open event. 2703 */ 2704 for (i = 0; i < IDX_COUNT; i++) 2705 if ((cps[i])->flags & CP_AUTH) 2706 (cps[i])->Open(sp); 2707 2708 if (sp->pp_phase == PHASE_NETWORK) { 2709 /* Notify all NCPs. */ 2710 for (i = 0; i < IDX_COUNT; i++) 2711 if (((cps[i])->flags & CP_NCP) && 2712 /* 2713 * XXX 2714 * Hack to administratively disable IPv6 if 2715 * not desired. Perhaps we should have another 2716 * flag for this, but right now, we can make 2717 * all struct cp's read/only. 2718 */ 2719 (cps[i] != &ipv6cp || 2720 (sp->confflags & CONF_ENABLE_IPV6))) 2721 (cps[i])->Open(sp); 2722 } 2723 2724 /* Send Up events to all started protos. */ 2725 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2726 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2727 (cps[i])->Up(sp); 2728 2729 /* notify low-level driver of state change */ 2730 if (sp->pp_chg) 2731 sp->pp_chg(sp, (int)sp->pp_phase); 2732 2733 if (sp->pp_phase == PHASE_NETWORK) 2734 /* if no NCP is starting, close down */ 2735 sppp_lcp_check_and_close(sp); 2736} 2737 2738static void 2739sppp_lcp_tld(struct sppp *sp) 2740{ 2741 STDDCL; 2742 int i; 2743 u_long mask; 2744 2745 sp->pp_phase = PHASE_TERMINATE; 2746 2747 if (debug) 2748 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2749 sppp_phase_name(sp->pp_phase)); 2750 2751 /* 2752 * Take upper layers down. We send the Down event first and 2753 * the Close second to prevent the upper layers from sending 2754 * ``a flurry of terminate-request packets'', as the RFC 2755 * describes it. 2756 */ 2757 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2758 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2759 (cps[i])->Down(sp); 2760 (cps[i])->Close(sp); 2761 } 2762} 2763 2764static void 2765sppp_lcp_tls(struct sppp *sp) 2766{ 2767 STDDCL; 2768 2769 sp->pp_phase = PHASE_ESTABLISH; 2770 2771 if (debug) 2772 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2773 sppp_phase_name(sp->pp_phase)); 2774 2775 /* Notify lower layer if desired. */ 2776 if (sp->pp_tls) 2777 (sp->pp_tls)(sp); 2778 else 2779 (sp->pp_up)(sp); 2780} 2781 2782static void 2783sppp_lcp_tlf(struct sppp *sp) 2784{ 2785 STDDCL; 2786 2787 sp->pp_phase = PHASE_DEAD; 2788 if (debug) 2789 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2790 sppp_phase_name(sp->pp_phase)); 2791 2792 /* Notify lower layer if desired. */ 2793 if (sp->pp_tlf) 2794 (sp->pp_tlf)(sp); 2795 else 2796 (sp->pp_down)(sp); 2797} 2798 2799static void 2800sppp_lcp_scr(struct sppp *sp) 2801{ 2802 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2803 int i = 0; 2804 u_short authproto; 2805 2806 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2807 if (! sp->lcp.magic) 2808 sp->lcp.magic = random(); 2809 opt[i++] = LCP_OPT_MAGIC; 2810 opt[i++] = 6; 2811 opt[i++] = sp->lcp.magic >> 24; 2812 opt[i++] = sp->lcp.magic >> 16; 2813 opt[i++] = sp->lcp.magic >> 8; 2814 opt[i++] = sp->lcp.magic; 2815 } 2816 2817 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2818 opt[i++] = LCP_OPT_MRU; 2819 opt[i++] = 4; 2820 opt[i++] = sp->lcp.mru >> 8; 2821 opt[i++] = sp->lcp.mru; 2822 } 2823 2824 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2825 authproto = sp->hisauth.proto; 2826 opt[i++] = LCP_OPT_AUTH_PROTO; 2827 opt[i++] = authproto == PPP_CHAP? 5: 4; 2828 opt[i++] = authproto >> 8; 2829 opt[i++] = authproto; 2830 if (authproto == PPP_CHAP) 2831 opt[i++] = CHAP_MD5; 2832 } 2833 2834 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2835 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2836} 2837 2838/* 2839 * Check the open NCPs, return true if at least one NCP is open. 2840 */ 2841static int 2842sppp_ncp_check(struct sppp *sp) 2843{ 2844 int i, mask; 2845 2846 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2847 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2848 return 1; 2849 return 0; 2850} 2851 2852/* 2853 * Re-check the open NCPs and see if we should terminate the link. 2854 * Called by the NCPs during their tlf action handling. 2855 */ 2856static void 2857sppp_lcp_check_and_close(struct sppp *sp) 2858{ 2859 2860 if (sp->pp_phase < PHASE_NETWORK) 2861 /* don't bother, we are already going down */ 2862 return; 2863 2864 if (sppp_ncp_check(sp)) 2865 return; 2866 2867 lcp.Close(sp); 2868} 2869 2870/* 2871 *--------------------------------------------------------------------------* 2872 * * 2873 * The IPCP implementation. * 2874 * * 2875 *--------------------------------------------------------------------------* 2876 */ 2877 2878#ifdef INET 2879static void 2880sppp_ipcp_init(struct sppp *sp) 2881{ 2882 sp->ipcp.opts = 0; 2883 sp->ipcp.flags = 0; 2884 sp->state[IDX_IPCP] = STATE_INITIAL; 2885 sp->fail_counter[IDX_IPCP] = 0; 2886 sp->pp_seq[IDX_IPCP] = 0; 2887 sp->pp_rseq[IDX_IPCP] = 0; 2888 callout_init(&sp->ch[IDX_IPCP], CALLOUT_MPSAFE); 2889} 2890 2891static void 2892sppp_ipcp_up(struct sppp *sp) 2893{ 2894 sppp_up_event(&ipcp, sp); 2895} 2896 2897static void 2898sppp_ipcp_down(struct sppp *sp) 2899{ 2900 sppp_down_event(&ipcp, sp); 2901} 2902 2903static void 2904sppp_ipcp_open(struct sppp *sp) 2905{ 2906 STDDCL; 2907 u_long myaddr, hisaddr; 2908 2909 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN | 2910 IPCP_MYADDR_DYN | IPCP_VJ); 2911 sp->ipcp.opts = 0; 2912 2913 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2914 /* 2915 * If we don't have his address, this probably means our 2916 * interface doesn't want to talk IP at all. (This could 2917 * be the case if somebody wants to speak only IPX, for 2918 * example.) Don't open IPCP in this case. 2919 */ 2920 if (hisaddr == 0L) { 2921 /* XXX this message should go away */ 2922 if (debug) 2923 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2924 SPP_ARGS(ifp)); 2925 return; 2926 } 2927 if (myaddr == 0L) { 2928 /* 2929 * I don't have an assigned address, so i need to 2930 * negotiate my address. 2931 */ 2932 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2933 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2934 } else 2935 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2936 if (sp->confflags & CONF_ENABLE_VJ) { 2937 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION); 2938 sp->ipcp.max_state = MAX_STATES - 1; 2939 sp->ipcp.compress_cid = 1; 2940 } 2941 sppp_open_event(&ipcp, sp); 2942} 2943 2944static void 2945sppp_ipcp_close(struct sppp *sp) 2946{ 2947 sppp_close_event(&ipcp, sp); 2948 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2949 /* 2950 * My address was dynamic, clear it again. 2951 */ 2952 sppp_set_ip_addr(sp, 0L); 2953} 2954 2955static void 2956sppp_ipcp_TO(void *cookie) 2957{ 2958 sppp_to_event(&ipcp, (struct sppp *)cookie); 2959} 2960 2961/* 2962 * Analyze a configure request. Return true if it was agreeable, and 2963 * caused action sca, false if it has been rejected or nak'ed, and 2964 * caused action scn. (The return value is used to make the state 2965 * transition decision in the state automaton.) 2966 */ 2967static int 2968sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2969{ 2970 u_char *buf, *r, *p; 2971 struct ifnet *ifp = SP2IFP(sp); 2972 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2973 u_long hisaddr, desiredaddr; 2974 int gotmyaddr = 0; 2975 int desiredcomp; 2976 2977 len -= 4; 2978 origlen = len; 2979 /* 2980 * Make sure to allocate a buf that can at least hold a 2981 * conf-nak with an `address' option. We might need it below. 2982 */ 2983 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2984 if (! buf) 2985 return (0); 2986 2987 /* pass 1: see if we can recognize them */ 2988 if (debug) 2989 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2990 SPP_ARGS(ifp)); 2991 p = (void*) (h+1); 2992 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2993 len-=p[1], p+=p[1]) { 2994 if (debug) 2995 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2996 switch (*p) { 2997 case IPCP_OPT_COMPRESSION: 2998 if (!(sp->confflags & CONF_ENABLE_VJ)) { 2999 /* VJ compression administratively disabled */ 3000 if (debug) 3001 log(-1, "[locally disabled] "); 3002 break; 3003 } 3004 /* 3005 * In theory, we should only conf-rej an 3006 * option that is shorter than RFC 1618 3007 * requires (i.e. < 4), and should conf-nak 3008 * anything else that is not VJ. However, 3009 * since our algorithm always uses the 3010 * original option to NAK it with new values, 3011 * things would become more complicated. In 3012 * pratice, the only commonly implemented IP 3013 * compression option is VJ anyway, so the 3014 * difference is negligible. 3015 */ 3016 if (len >= 6 && p[1] == 6) { 3017 /* 3018 * correctly formed compression option 3019 * that could be VJ compression 3020 */ 3021 continue; 3022 } 3023 if (debug) 3024 log(-1, 3025 "optlen %d [invalid/unsupported] ", 3026 p[1]); 3027 break; 3028 case IPCP_OPT_ADDRESS: 3029 if (len >= 6 && p[1] == 6) { 3030 /* correctly formed address option */ 3031 continue; 3032 } 3033 if (debug) 3034 log(-1, "[invalid] "); 3035 break; 3036 default: 3037 /* Others not supported. */ 3038 if (debug) 3039 log(-1, "[rej] "); 3040 break; 3041 } 3042 /* Add the option to rejected list. */ 3043 bcopy (p, r, p[1]); 3044 r += p[1]; 3045 rlen += p[1]; 3046 } 3047 if (rlen) { 3048 if (debug) 3049 log(-1, " send conf-rej\n"); 3050 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 3051 return 0; 3052 } else if (debug) 3053 log(-1, "\n"); 3054 3055 /* pass 2: parse option values */ 3056 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 3057 if (debug) 3058 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 3059 SPP_ARGS(ifp)); 3060 p = (void*) (h+1); 3061 len = origlen; 3062 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3063 len-=p[1], p+=p[1]) { 3064 if (debug) 3065 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3066 switch (*p) { 3067 case IPCP_OPT_COMPRESSION: 3068 desiredcomp = p[2] << 8 | p[3]; 3069 /* We only support VJ */ 3070 if (desiredcomp == IPCP_COMP_VJ) { 3071 if (debug) 3072 log(-1, "VJ [ack] "); 3073 sp->ipcp.flags |= IPCP_VJ; 3074 sl_compress_init(sp->pp_comp, p[4]); 3075 sp->ipcp.max_state = p[4]; 3076 sp->ipcp.compress_cid = p[5]; 3077 continue; 3078 } 3079 if (debug) 3080 log(-1, 3081 "compproto %#04x [not supported] ", 3082 desiredcomp); 3083 p[2] = IPCP_COMP_VJ >> 8; 3084 p[3] = IPCP_COMP_VJ; 3085 p[4] = sp->ipcp.max_state; 3086 p[5] = sp->ipcp.compress_cid; 3087 break; 3088 case IPCP_OPT_ADDRESS: 3089 /* This is the address he wants in his end */ 3090 desiredaddr = p[2] << 24 | p[3] << 16 | 3091 p[4] << 8 | p[5]; 3092 if (desiredaddr == hisaddr || 3093 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) { 3094 /* 3095 * Peer's address is same as our value, 3096 * or we have set it to 0.0.0.* to 3097 * indicate that we do not really care, 3098 * this is agreeable. Gonna conf-ack 3099 * it. 3100 */ 3101 if (debug) 3102 log(-1, "%s [ack] ", 3103 sppp_dotted_quad(hisaddr)); 3104 /* record that we've seen it already */ 3105 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3106 continue; 3107 } 3108 /* 3109 * The address wasn't agreeable. This is either 3110 * he sent us 0.0.0.0, asking to assign him an 3111 * address, or he send us another address not 3112 * matching our value. Either case, we gonna 3113 * conf-nak it with our value. 3114 * XXX: we should "rej" if hisaddr == 0 3115 */ 3116 if (debug) { 3117 if (desiredaddr == 0) 3118 log(-1, "[addr requested] "); 3119 else 3120 log(-1, "%s [not agreed] ", 3121 sppp_dotted_quad(desiredaddr)); 3122 3123 } 3124 p[2] = hisaddr >> 24; 3125 p[3] = hisaddr >> 16; 3126 p[4] = hisaddr >> 8; 3127 p[5] = hisaddr; 3128 break; 3129 } 3130 /* Add the option to nak'ed list. */ 3131 bcopy (p, r, p[1]); 3132 r += p[1]; 3133 rlen += p[1]; 3134 } 3135 3136 /* 3137 * If we are about to conf-ack the request, but haven't seen 3138 * his address so far, gonna conf-nak it instead, with the 3139 * `address' option present and our idea of his address being 3140 * filled in there, to request negotiation of both addresses. 3141 * 3142 * XXX This can result in an endless req - nak loop if peer 3143 * doesn't want to send us his address. Q: What should we do 3144 * about it? XXX A: implement the max-failure counter. 3145 */ 3146 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 3147 buf[0] = IPCP_OPT_ADDRESS; 3148 buf[1] = 6; 3149 buf[2] = hisaddr >> 24; 3150 buf[3] = hisaddr >> 16; 3151 buf[4] = hisaddr >> 8; 3152 buf[5] = hisaddr; 3153 rlen = 6; 3154 if (debug) 3155 log(-1, "still need hisaddr "); 3156 } 3157 3158 if (rlen) { 3159 if (debug) 3160 log(-1, " send conf-nak\n"); 3161 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3162 } else { 3163 if (debug) 3164 log(-1, " send conf-ack\n"); 3165 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 3166 h->ident, origlen, h+1); 3167 } 3168 3169 free (buf, M_TEMP); 3170 return (rlen == 0); 3171} 3172 3173/* 3174 * Analyze the IPCP Configure-Reject option list, and adjust our 3175 * negotiation. 3176 */ 3177static void 3178sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3179{ 3180 u_char *buf, *p; 3181 struct ifnet *ifp = SP2IFP(sp); 3182 int debug = ifp->if_flags & IFF_DEBUG; 3183 3184 len -= 4; 3185 buf = malloc (len, M_TEMP, M_NOWAIT); 3186 if (!buf) 3187 return; 3188 3189 if (debug) 3190 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 3191 SPP_ARGS(ifp)); 3192 3193 p = (void*) (h+1); 3194 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3195 len -= p[1], p += p[1]) { 3196 if (debug) 3197 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3198 switch (*p) { 3199 case IPCP_OPT_COMPRESSION: 3200 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION); 3201 break; 3202 case IPCP_OPT_ADDRESS: 3203 /* 3204 * Peer doesn't grok address option. This is 3205 * bad. XXX Should we better give up here? 3206 * XXX We could try old "addresses" option... 3207 */ 3208 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3209 break; 3210 } 3211 } 3212 if (debug) 3213 log(-1, "\n"); 3214 free (buf, M_TEMP); 3215 return; 3216} 3217 3218/* 3219 * Analyze the IPCP Configure-NAK option list, and adjust our 3220 * negotiation. 3221 */ 3222static void 3223sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3224{ 3225 u_char *buf, *p; 3226 struct ifnet *ifp = SP2IFP(sp); 3227 int debug = ifp->if_flags & IFF_DEBUG; 3228 int desiredcomp; 3229 u_long wantaddr; 3230 3231 len -= 4; 3232 buf = malloc (len, M_TEMP, M_NOWAIT); 3233 if (!buf) 3234 return; 3235 3236 if (debug) 3237 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 3238 SPP_ARGS(ifp)); 3239 3240 p = (void*) (h+1); 3241 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3242 len -= p[1], p += p[1]) { 3243 if (debug) 3244 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3245 switch (*p) { 3246 case IPCP_OPT_COMPRESSION: 3247 if (len >= 6 && p[1] == 6) { 3248 desiredcomp = p[2] << 8 | p[3]; 3249 if (debug) 3250 log(-1, "[wantcomp %#04x] ", 3251 desiredcomp); 3252 if (desiredcomp == IPCP_COMP_VJ) { 3253 sl_compress_init(sp->pp_comp, p[4]); 3254 sp->ipcp.max_state = p[4]; 3255 sp->ipcp.compress_cid = p[5]; 3256 if (debug) 3257 log(-1, "[agree] "); 3258 } else 3259 sp->ipcp.opts &= 3260 ~(1 << IPCP_OPT_COMPRESSION); 3261 } 3262 break; 3263 case IPCP_OPT_ADDRESS: 3264 /* 3265 * Peer doesn't like our local IP address. See 3266 * if we can do something for him. We'll drop 3267 * him our address then. 3268 */ 3269 if (len >= 6 && p[1] == 6) { 3270 wantaddr = p[2] << 24 | p[3] << 16 | 3271 p[4] << 8 | p[5]; 3272 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3273 if (debug) 3274 log(-1, "[wantaddr %s] ", 3275 sppp_dotted_quad(wantaddr)); 3276 /* 3277 * When doing dynamic address assignment, 3278 * we accept his offer. Otherwise, we 3279 * ignore it and thus continue to negotiate 3280 * our already existing value. 3281 * XXX: Bogus, if he said no once, he'll 3282 * just say no again, might as well die. 3283 */ 3284 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3285 sppp_set_ip_addr(sp, wantaddr); 3286 if (debug) 3287 log(-1, "[agree] "); 3288 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3289 } 3290 } 3291 break; 3292 } 3293 } 3294 if (debug) 3295 log(-1, "\n"); 3296 free (buf, M_TEMP); 3297 return; 3298} 3299 3300static void 3301sppp_ipcp_tlu(struct sppp *sp) 3302{ 3303 /* we are up - notify isdn daemon */ 3304 if (sp->pp_con) 3305 sp->pp_con(sp); 3306} 3307 3308static void 3309sppp_ipcp_tld(struct sppp *sp) 3310{ 3311} 3312 3313static void 3314sppp_ipcp_tls(struct sppp *sp) 3315{ 3316 /* indicate to LCP that it must stay alive */ 3317 sp->lcp.protos |= (1 << IDX_IPCP); 3318} 3319 3320static void 3321sppp_ipcp_tlf(struct sppp *sp) 3322{ 3323 /* we no longer need LCP */ 3324 sp->lcp.protos &= ~(1 << IDX_IPCP); 3325 sppp_lcp_check_and_close(sp); 3326} 3327 3328static void 3329sppp_ipcp_scr(struct sppp *sp) 3330{ 3331 char opt[6 /* compression */ + 6 /* address */]; 3332 u_long ouraddr; 3333 int i = 0; 3334 3335 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3336 opt[i++] = IPCP_OPT_COMPRESSION; 3337 opt[i++] = 6; 3338 opt[i++] = IPCP_COMP_VJ >> 8; 3339 opt[i++] = IPCP_COMP_VJ; 3340 opt[i++] = sp->ipcp.max_state; 3341 opt[i++] = sp->ipcp.compress_cid; 3342 } 3343 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3344 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3345 opt[i++] = IPCP_OPT_ADDRESS; 3346 opt[i++] = 6; 3347 opt[i++] = ouraddr >> 24; 3348 opt[i++] = ouraddr >> 16; 3349 opt[i++] = ouraddr >> 8; 3350 opt[i++] = ouraddr; 3351 } 3352 3353 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3354 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3355} 3356#else /* !INET */ 3357static void 3358sppp_ipcp_init(struct sppp *sp) 3359{ 3360} 3361 3362static void 3363sppp_ipcp_up(struct sppp *sp) 3364{ 3365} 3366 3367static void 3368sppp_ipcp_down(struct sppp *sp) 3369{ 3370} 3371 3372static void 3373sppp_ipcp_open(struct sppp *sp) 3374{ 3375} 3376 3377static void 3378sppp_ipcp_close(struct sppp *sp) 3379{ 3380} 3381 3382static void 3383sppp_ipcp_TO(void *cookie) 3384{ 3385} 3386 3387static int 3388sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3389{ 3390 return (0); 3391} 3392 3393static void 3394sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3395{ 3396} 3397 3398static void 3399sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3400{ 3401} 3402 3403static void 3404sppp_ipcp_tlu(struct sppp *sp) 3405{ 3406} 3407 3408static void 3409sppp_ipcp_tld(struct sppp *sp) 3410{ 3411} 3412 3413static void 3414sppp_ipcp_tls(struct sppp *sp) 3415{ 3416} 3417 3418static void 3419sppp_ipcp_tlf(struct sppp *sp) 3420{ 3421} 3422 3423static void 3424sppp_ipcp_scr(struct sppp *sp) 3425{ 3426} 3427#endif 3428 3429/* 3430 *--------------------------------------------------------------------------* 3431 * * 3432 * The IPv6CP implementation. * 3433 * * 3434 *--------------------------------------------------------------------------* 3435 */ 3436 3437#ifdef INET6 3438static void 3439sppp_ipv6cp_init(struct sppp *sp) 3440{ 3441 sp->ipv6cp.opts = 0; 3442 sp->ipv6cp.flags = 0; 3443 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3444 sp->fail_counter[IDX_IPV6CP] = 0; 3445 sp->pp_seq[IDX_IPV6CP] = 0; 3446 sp->pp_rseq[IDX_IPV6CP] = 0; 3447 callout_init(&sp->ch[IDX_IPV6CP], CALLOUT_MPSAFE); 3448} 3449 3450static void 3451sppp_ipv6cp_up(struct sppp *sp) 3452{ 3453 sppp_up_event(&ipv6cp, sp); 3454} 3455 3456static void 3457sppp_ipv6cp_down(struct sppp *sp) 3458{ 3459 sppp_down_event(&ipv6cp, sp); 3460} 3461 3462static void 3463sppp_ipv6cp_open(struct sppp *sp) 3464{ 3465 STDDCL; 3466 struct in6_addr myaddr, hisaddr; 3467 3468#ifdef IPV6CP_MYIFID_DYN 3469 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3470#else 3471 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3472#endif 3473 3474 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3475 /* 3476 * If we don't have our address, this probably means our 3477 * interface doesn't want to talk IPv6 at all. (This could 3478 * be the case if somebody wants to speak only IPX, for 3479 * example.) Don't open IPv6CP in this case. 3480 */ 3481 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3482 /* XXX this message should go away */ 3483 if (debug) 3484 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3485 SPP_ARGS(ifp)); 3486 return; 3487 } 3488 3489 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3490 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3491 sppp_open_event(&ipv6cp, sp); 3492} 3493 3494static void 3495sppp_ipv6cp_close(struct sppp *sp) 3496{ 3497 sppp_close_event(&ipv6cp, sp); 3498} 3499 3500static void 3501sppp_ipv6cp_TO(void *cookie) 3502{ 3503 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3504} 3505 3506/* 3507 * Analyze a configure request. Return true if it was agreeable, and 3508 * caused action sca, false if it has been rejected or nak'ed, and 3509 * caused action scn. (The return value is used to make the state 3510 * transition decision in the state automaton.) 3511 */ 3512static int 3513sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3514{ 3515 u_char *buf, *r, *p; 3516 struct ifnet *ifp = SP2IFP(sp); 3517 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3518 struct in6_addr myaddr, desiredaddr, suggestaddr; 3519 int ifidcount; 3520 int type; 3521 int collision, nohisaddr; 3522 char ip6buf[INET6_ADDRSTRLEN]; 3523 3524 len -= 4; 3525 origlen = len; 3526 /* 3527 * Make sure to allocate a buf that can at least hold a 3528 * conf-nak with an `address' option. We might need it below. 3529 */ 3530 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3531 if (! buf) 3532 return (0); 3533 3534 /* pass 1: see if we can recognize them */ 3535 if (debug) 3536 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3537 SPP_ARGS(ifp)); 3538 p = (void*) (h+1); 3539 ifidcount = 0; 3540 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3541 len-=p[1], p+=p[1]) { 3542 if (debug) 3543 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3544 switch (*p) { 3545 case IPV6CP_OPT_IFID: 3546 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3547 /* correctly formed address option */ 3548 ifidcount++; 3549 continue; 3550 } 3551 if (debug) 3552 log(-1, " [invalid]"); 3553 break; 3554#ifdef notyet 3555 case IPV6CP_OPT_COMPRESSION: 3556 if (len >= 4 && p[1] >= 4) { 3557 /* correctly formed compress option */ 3558 continue; 3559 } 3560 if (debug) 3561 log(-1, " [invalid]"); 3562 break; 3563#endif 3564 default: 3565 /* Others not supported. */ 3566 if (debug) 3567 log(-1, " [rej]"); 3568 break; 3569 } 3570 /* Add the option to rejected list. */ 3571 bcopy (p, r, p[1]); 3572 r += p[1]; 3573 rlen += p[1]; 3574 } 3575 if (rlen) { 3576 if (debug) 3577 log(-1, " send conf-rej\n"); 3578 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3579 goto end; 3580 } else if (debug) 3581 log(-1, "\n"); 3582 3583 /* pass 2: parse option values */ 3584 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3585 if (debug) 3586 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3587 SPP_ARGS(ifp)); 3588 p = (void*) (h+1); 3589 len = origlen; 3590 type = CONF_ACK; 3591 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3592 len-=p[1], p+=p[1]) { 3593 if (debug) 3594 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3595 switch (*p) { 3596#ifdef notyet 3597 case IPV6CP_OPT_COMPRESSION: 3598 continue; 3599#endif 3600 case IPV6CP_OPT_IFID: 3601 bzero(&desiredaddr, sizeof(desiredaddr)); 3602 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3603 collision = (bcmp(&desiredaddr.s6_addr[8], 3604 &myaddr.s6_addr[8], 8) == 0); 3605 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3606 3607 desiredaddr.s6_addr16[0] = htons(0xfe80); 3608 (void)in6_setscope(&desiredaddr, SP2IFP(sp), NULL); 3609 3610 if (!collision && !nohisaddr) { 3611 /* no collision, hisaddr known - Conf-Ack */ 3612 type = CONF_ACK; 3613 3614 if (debug) { 3615 log(-1, " %s [%s]", 3616 ip6_sprintf(ip6buf, &desiredaddr), 3617 sppp_cp_type_name(type)); 3618 } 3619 continue; 3620 } 3621 3622 bzero(&suggestaddr, sizeof(&suggestaddr)); 3623 if (collision && nohisaddr) { 3624 /* collision, hisaddr unknown - Conf-Rej */ 3625 type = CONF_REJ; 3626 bzero(&p[2], 8); 3627 } else { 3628 /* 3629 * - no collision, hisaddr unknown, or 3630 * - collision, hisaddr known 3631 * Conf-Nak, suggest hisaddr 3632 */ 3633 type = CONF_NAK; 3634 sppp_suggest_ip6_addr(sp, &suggestaddr); 3635 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3636 } 3637 if (debug) 3638 log(-1, " %s [%s]", 3639 ip6_sprintf(ip6buf, &desiredaddr), 3640 sppp_cp_type_name(type)); 3641 break; 3642 } 3643 /* Add the option to nak'ed list. */ 3644 bcopy (p, r, p[1]); 3645 r += p[1]; 3646 rlen += p[1]; 3647 } 3648 3649 if (rlen == 0 && type == CONF_ACK) { 3650 if (debug) 3651 log(-1, " send %s\n", sppp_cp_type_name(type)); 3652 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3653 } else { 3654#ifdef DIAGNOSTIC 3655 if (type == CONF_ACK) 3656 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3657#endif 3658 3659 if (debug) { 3660 log(-1, " send %s suggest %s\n", 3661 sppp_cp_type_name(type), 3662 ip6_sprintf(ip6buf, &suggestaddr)); 3663 } 3664 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3665 } 3666 3667 end: 3668 free (buf, M_TEMP); 3669 return (rlen == 0); 3670} 3671 3672/* 3673 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3674 * negotiation. 3675 */ 3676static void 3677sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3678{ 3679 u_char *buf, *p; 3680 struct ifnet *ifp = SP2IFP(sp); 3681 int debug = ifp->if_flags & IFF_DEBUG; 3682 3683 len -= 4; 3684 buf = malloc (len, M_TEMP, M_NOWAIT); 3685 if (!buf) 3686 return; 3687 3688 if (debug) 3689 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3690 SPP_ARGS(ifp)); 3691 3692 p = (void*) (h+1); 3693 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3694 len -= p[1], p += p[1]) { 3695 if (debug) 3696 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3697 switch (*p) { 3698 case IPV6CP_OPT_IFID: 3699 /* 3700 * Peer doesn't grok address option. This is 3701 * bad. XXX Should we better give up here? 3702 */ 3703 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3704 break; 3705#ifdef notyet 3706 case IPV6CP_OPT_COMPRESS: 3707 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3708 break; 3709#endif 3710 } 3711 } 3712 if (debug) 3713 log(-1, "\n"); 3714 free (buf, M_TEMP); 3715 return; 3716} 3717 3718/* 3719 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3720 * negotiation. 3721 */ 3722static void 3723sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3724{ 3725 u_char *buf, *p; 3726 struct ifnet *ifp = SP2IFP(sp); 3727 int debug = ifp->if_flags & IFF_DEBUG; 3728 struct in6_addr suggestaddr; 3729 char ip6buf[INET6_ADDRSTRLEN]; 3730 3731 len -= 4; 3732 buf = malloc (len, M_TEMP, M_NOWAIT); 3733 if (!buf) 3734 return; 3735 3736 if (debug) 3737 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3738 SPP_ARGS(ifp)); 3739 3740 p = (void*) (h+1); 3741 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3742 len -= p[1], p += p[1]) { 3743 if (debug) 3744 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3745 switch (*p) { 3746 case IPV6CP_OPT_IFID: 3747 /* 3748 * Peer doesn't like our local ifid. See 3749 * if we can do something for him. We'll drop 3750 * him our address then. 3751 */ 3752 if (len < 10 || p[1] != 10) 3753 break; 3754 bzero(&suggestaddr, sizeof(suggestaddr)); 3755 suggestaddr.s6_addr16[0] = htons(0xfe80); 3756 (void)in6_setscope(&suggestaddr, SP2IFP(sp), NULL); 3757 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3758 3759 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3760 if (debug) 3761 log(-1, " [suggestaddr %s]", 3762 ip6_sprintf(ip6buf, &suggestaddr)); 3763#ifdef IPV6CP_MYIFID_DYN 3764 /* 3765 * When doing dynamic address assignment, 3766 * we accept his offer. 3767 */ 3768 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3769 struct in6_addr lastsuggest; 3770 /* 3771 * If <suggested myaddr from peer> equals to 3772 * <hisaddr we have suggested last time>, 3773 * we have a collision. generate new random 3774 * ifid. 3775 */ 3776 sppp_suggest_ip6_addr(&lastsuggest); 3777 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3778 lastsuggest)) { 3779 if (debug) 3780 log(-1, " [random]"); 3781 sppp_gen_ip6_addr(sp, &suggestaddr); 3782 } 3783 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3784 if (debug) 3785 log(-1, " [agree]"); 3786 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3787 } 3788#else 3789 /* 3790 * Since we do not do dynamic address assignment, 3791 * we ignore it and thus continue to negotiate 3792 * our already existing value. This can possibly 3793 * go into infinite request-reject loop. 3794 * 3795 * This is not likely because we normally use 3796 * ifid based on MAC-address. 3797 * If you have no ethernet card on the node, too bad. 3798 * XXX should we use fail_counter? 3799 */ 3800#endif 3801 break; 3802#ifdef notyet 3803 case IPV6CP_OPT_COMPRESS: 3804 /* 3805 * Peer wants different compression parameters. 3806 */ 3807 break; 3808#endif 3809 } 3810 } 3811 if (debug) 3812 log(-1, "\n"); 3813 free (buf, M_TEMP); 3814 return; 3815} 3816static void 3817sppp_ipv6cp_tlu(struct sppp *sp) 3818{ 3819 /* we are up - notify isdn daemon */ 3820 if (sp->pp_con) 3821 sp->pp_con(sp); 3822} 3823 3824static void 3825sppp_ipv6cp_tld(struct sppp *sp) 3826{ 3827} 3828 3829static void 3830sppp_ipv6cp_tls(struct sppp *sp) 3831{ 3832 /* indicate to LCP that it must stay alive */ 3833 sp->lcp.protos |= (1 << IDX_IPV6CP); 3834} 3835 3836static void 3837sppp_ipv6cp_tlf(struct sppp *sp) 3838{ 3839 3840#if 0 /* need #if 0 to close IPv6CP properly */ 3841 /* we no longer need LCP */ 3842 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3843 sppp_lcp_check_and_close(sp); 3844#endif 3845} 3846 3847static void 3848sppp_ipv6cp_scr(struct sppp *sp) 3849{ 3850 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3851 struct in6_addr ouraddr; 3852 int i = 0; 3853 3854 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3855 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3856 opt[i++] = IPV6CP_OPT_IFID; 3857 opt[i++] = 10; 3858 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3859 i += 8; 3860 } 3861 3862#ifdef notyet 3863 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3864 opt[i++] = IPV6CP_OPT_COMPRESSION; 3865 opt[i++] = 4; 3866 opt[i++] = 0; /* TBD */ 3867 opt[i++] = 0; /* TBD */ 3868 /* variable length data may follow */ 3869 } 3870#endif 3871 3872 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3873 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3874} 3875#else /*INET6*/ 3876static void sppp_ipv6cp_init(struct sppp *sp) 3877{ 3878} 3879 3880static void sppp_ipv6cp_up(struct sppp *sp) 3881{ 3882} 3883 3884static void sppp_ipv6cp_down(struct sppp *sp) 3885{ 3886} 3887 3888 3889static void sppp_ipv6cp_open(struct sppp *sp) 3890{ 3891} 3892 3893static void sppp_ipv6cp_close(struct sppp *sp) 3894{ 3895} 3896 3897static void sppp_ipv6cp_TO(void *sp) 3898{ 3899} 3900 3901static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3902{ 3903 return 0; 3904} 3905 3906static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3907{ 3908} 3909 3910static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3911{ 3912} 3913 3914static void sppp_ipv6cp_tlu(struct sppp *sp) 3915{ 3916} 3917 3918static void sppp_ipv6cp_tld(struct sppp *sp) 3919{ 3920} 3921 3922static void sppp_ipv6cp_tls(struct sppp *sp) 3923{ 3924} 3925 3926static void sppp_ipv6cp_tlf(struct sppp *sp) 3927{ 3928} 3929 3930static void sppp_ipv6cp_scr(struct sppp *sp) 3931{ 3932} 3933#endif /*INET6*/ 3934 3935/* 3936 *--------------------------------------------------------------------------* 3937 * * 3938 * The CHAP implementation. * 3939 * * 3940 *--------------------------------------------------------------------------* 3941 */ 3942 3943/* 3944 * The authentication protocols don't employ a full-fledged state machine as 3945 * the control protocols do, since they do have Open and Close events, but 3946 * not Up and Down, nor are they explicitly terminated. Also, use of the 3947 * authentication protocols may be different in both directions (this makes 3948 * sense, think of a machine that never accepts incoming calls but only 3949 * calls out, it doesn't require the called party to authenticate itself). 3950 * 3951 * Our state machine for the local authentication protocol (we are requesting 3952 * the peer to authenticate) looks like: 3953 * 3954 * RCA- 3955 * +--------------------------------------------+ 3956 * V scn,tld| 3957 * +--------+ Close +---------+ RCA+ 3958 * | |<----------------------------------| |------+ 3959 * +--->| Closed | TO* | Opened | sca | 3960 * | | |-----+ +-------| |<-----+ 3961 * | +--------+ irc | | +---------+ 3962 * | ^ | | ^ 3963 * | | | | | 3964 * | | | | | 3965 * | TO-| | | | 3966 * | |tld TO+ V | | 3967 * | | +------->+ | | 3968 * | | | | | | 3969 * | +--------+ V | | 3970 * | | |<----+<--------------------+ | 3971 * | | Req- | scr | 3972 * | | Sent | | 3973 * | | | | 3974 * | +--------+ | 3975 * | RCA- | | RCA+ | 3976 * +------+ +------------------------------------------+ 3977 * scn,tld sca,irc,ict,tlu 3978 * 3979 * 3980 * with: 3981 * 3982 * Open: LCP reached authentication phase 3983 * Close: LCP reached terminate phase 3984 * 3985 * RCA+: received reply (pap-req, chap-response), acceptable 3986 * RCN: received reply (pap-req, chap-response), not acceptable 3987 * TO+: timeout with restart counter >= 0 3988 * TO-: timeout with restart counter < 0 3989 * TO*: reschedule timeout for CHAP 3990 * 3991 * scr: send request packet (none for PAP, chap-challenge) 3992 * sca: send ack packet (pap-ack, chap-success) 3993 * scn: send nak packet (pap-nak, chap-failure) 3994 * ict: initialize re-challenge timer (CHAP only) 3995 * 3996 * tlu: this-layer-up, LCP reaches network phase 3997 * tld: this-layer-down, LCP enters terminate phase 3998 * 3999 * Note that in CHAP mode, after sending a new challenge, while the state 4000 * automaton falls back into Req-Sent state, it doesn't signal a tld 4001 * event to LCP, so LCP remains in network phase. Only after not getting 4002 * any response (or after getting an unacceptable response), CHAP closes, 4003 * causing LCP to enter terminate phase. 4004 * 4005 * With PAP, there is no initial request that can be sent. The peer is 4006 * expected to send one based on the successful negotiation of PAP as 4007 * the authentication protocol during the LCP option negotiation. 4008 * 4009 * Incoming authentication protocol requests (remote requests 4010 * authentication, we are peer) don't employ a state machine at all, 4011 * they are simply answered. Some peers [Ascend P50 firmware rev 4012 * 4.50] react allergically when sending IPCP requests while they are 4013 * still in authentication phase (thereby violating the standard that 4014 * demands that these NCP packets are to be discarded), so we keep 4015 * track of the peer demanding us to authenticate, and only proceed to 4016 * phase network once we've seen a positive acknowledge for the 4017 * authentication. 4018 */ 4019 4020/* 4021 * Handle incoming CHAP packets. 4022 */ 4023static void 4024sppp_chap_input(struct sppp *sp, struct mbuf *m) 4025{ 4026 STDDCL; 4027 struct lcp_header *h; 4028 int len, x; 4029 u_char *value, *name, digest[AUTHKEYLEN], dsize; 4030 int value_len, name_len; 4031 MD5_CTX ctx; 4032 4033 len = m->m_pkthdr.len; 4034 if (len < 4) { 4035 if (debug) 4036 log(LOG_DEBUG, 4037 SPP_FMT "chap invalid packet length: %d bytes\n", 4038 SPP_ARGS(ifp), len); 4039 return; 4040 } 4041 h = mtod (m, struct lcp_header*); 4042 if (len > ntohs (h->len)) 4043 len = ntohs (h->len); 4044 4045 switch (h->type) { 4046 /* challenge, failure and success are his authproto */ 4047 case CHAP_CHALLENGE: 4048 value = 1 + (u_char*)(h+1); 4049 value_len = value[-1]; 4050 name = value + value_len; 4051 name_len = len - value_len - 5; 4052 if (name_len < 0) { 4053 if (debug) { 4054 log(LOG_DEBUG, 4055 SPP_FMT "chap corrupted challenge " 4056 "<%s id=0x%x len=%d", 4057 SPP_ARGS(ifp), 4058 sppp_auth_type_name(PPP_CHAP, h->type), 4059 h->ident, ntohs(h->len)); 4060 sppp_print_bytes((u_char*) (h+1), len-4); 4061 log(-1, ">\n"); 4062 } 4063 break; 4064 } 4065 4066 if (debug) { 4067 log(LOG_DEBUG, 4068 SPP_FMT "chap input <%s id=0x%x len=%d name=", 4069 SPP_ARGS(ifp), 4070 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 4071 ntohs(h->len)); 4072 sppp_print_string((char*) name, name_len); 4073 log(-1, " value-size=%d value=", value_len); 4074 sppp_print_bytes(value, value_len); 4075 log(-1, ">\n"); 4076 } 4077 4078 /* Compute reply value. */ 4079 MD5Init(&ctx); 4080 MD5Update(&ctx, &h->ident, 1); 4081 MD5Update(&ctx, sp->myauth.secret, 4082 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 4083 MD5Update(&ctx, value, value_len); 4084 MD5Final(digest, &ctx); 4085 dsize = sizeof digest; 4086 4087 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 4088 sizeof dsize, (const char *)&dsize, 4089 sizeof digest, digest, 4090 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4091 sp->myauth.name, 4092 0); 4093 break; 4094 4095 case CHAP_SUCCESS: 4096 if (debug) { 4097 log(LOG_DEBUG, SPP_FMT "chap success", 4098 SPP_ARGS(ifp)); 4099 if (len > 4) { 4100 log(-1, ": "); 4101 sppp_print_string((char*)(h + 1), len - 4); 4102 } 4103 log(-1, "\n"); 4104 } 4105 x = splimp(); 4106 SPPP_LOCK(sp); 4107 sp->pp_flags &= ~PP_NEEDAUTH; 4108 if (sp->myauth.proto == PPP_CHAP && 4109 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4110 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 4111 /* 4112 * We are authenticator for CHAP but didn't 4113 * complete yet. Leave it to tlu to proceed 4114 * to network phase. 4115 */ 4116 SPPP_UNLOCK(sp); 4117 splx(x); 4118 break; 4119 } 4120 SPPP_UNLOCK(sp); 4121 splx(x); 4122 sppp_phase_network(sp); 4123 break; 4124 4125 case CHAP_FAILURE: 4126 if (debug) { 4127 log(LOG_INFO, SPP_FMT "chap failure", 4128 SPP_ARGS(ifp)); 4129 if (len > 4) { 4130 log(-1, ": "); 4131 sppp_print_string((char*)(h + 1), len - 4); 4132 } 4133 log(-1, "\n"); 4134 } else 4135 log(LOG_INFO, SPP_FMT "chap failure\n", 4136 SPP_ARGS(ifp)); 4137 /* await LCP shutdown by authenticator */ 4138 break; 4139 4140 /* response is my authproto */ 4141 case CHAP_RESPONSE: 4142 value = 1 + (u_char*)(h+1); 4143 value_len = value[-1]; 4144 name = value + value_len; 4145 name_len = len - value_len - 5; 4146 if (name_len < 0) { 4147 if (debug) { 4148 log(LOG_DEBUG, 4149 SPP_FMT "chap corrupted response " 4150 "<%s id=0x%x len=%d", 4151 SPP_ARGS(ifp), 4152 sppp_auth_type_name(PPP_CHAP, h->type), 4153 h->ident, ntohs(h->len)); 4154 sppp_print_bytes((u_char*)(h+1), len-4); 4155 log(-1, ">\n"); 4156 } 4157 break; 4158 } 4159 if (h->ident != sp->confid[IDX_CHAP]) { 4160 if (debug) 4161 log(LOG_DEBUG, 4162 SPP_FMT "chap dropping response for old ID " 4163 "(got %d, expected %d)\n", 4164 SPP_ARGS(ifp), 4165 h->ident, sp->confid[IDX_CHAP]); 4166 break; 4167 } 4168 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 4169 || bcmp(name, sp->hisauth.name, name_len) != 0) { 4170 log(LOG_INFO, SPP_FMT "chap response, his name ", 4171 SPP_ARGS(ifp)); 4172 sppp_print_string(name, name_len); 4173 log(-1, " != expected "); 4174 sppp_print_string(sp->hisauth.name, 4175 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 4176 log(-1, "\n"); 4177 } 4178 if (debug) { 4179 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 4180 "<%s id=0x%x len=%d name=", 4181 SPP_ARGS(ifp), 4182 sppp_state_name(sp->state[IDX_CHAP]), 4183 sppp_auth_type_name(PPP_CHAP, h->type), 4184 h->ident, ntohs (h->len)); 4185 sppp_print_string((char*)name, name_len); 4186 log(-1, " value-size=%d value=", value_len); 4187 sppp_print_bytes(value, value_len); 4188 log(-1, ">\n"); 4189 } 4190 if (value_len != AUTHKEYLEN) { 4191 if (debug) 4192 log(LOG_DEBUG, 4193 SPP_FMT "chap bad hash value length: " 4194 "%d bytes, should be %d\n", 4195 SPP_ARGS(ifp), value_len, 4196 AUTHKEYLEN); 4197 break; 4198 } 4199 4200 MD5Init(&ctx); 4201 MD5Update(&ctx, &h->ident, 1); 4202 MD5Update(&ctx, sp->hisauth.secret, 4203 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 4204 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 4205 MD5Final(digest, &ctx); 4206 4207#define FAILMSG "Failed..." 4208#define SUCCMSG "Welcome!" 4209 4210 if (value_len != sizeof digest || 4211 bcmp(digest, value, value_len) != 0) { 4212 /* action scn, tld */ 4213 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4214 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4215 0); 4216 chap.tld(sp); 4217 break; 4218 } 4219 /* action sca, perhaps tlu */ 4220 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4221 sp->state[IDX_CHAP] == STATE_OPENED) 4222 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4223 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4224 0); 4225 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4226 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4227 chap.tlu(sp); 4228 } 4229 break; 4230 4231 default: 4232 /* Unknown CHAP packet type -- ignore. */ 4233 if (debug) { 4234 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4235 "<0x%x id=0x%xh len=%d", 4236 SPP_ARGS(ifp), 4237 sppp_state_name(sp->state[IDX_CHAP]), 4238 h->type, h->ident, ntohs(h->len)); 4239 sppp_print_bytes((u_char*)(h+1), len-4); 4240 log(-1, ">\n"); 4241 } 4242 break; 4243 4244 } 4245} 4246 4247static void 4248sppp_chap_init(struct sppp *sp) 4249{ 4250 /* Chap doesn't have STATE_INITIAL at all. */ 4251 sp->state[IDX_CHAP] = STATE_CLOSED; 4252 sp->fail_counter[IDX_CHAP] = 0; 4253 sp->pp_seq[IDX_CHAP] = 0; 4254 sp->pp_rseq[IDX_CHAP] = 0; 4255 callout_init(&sp->ch[IDX_CHAP], CALLOUT_MPSAFE); 4256} 4257 4258static void 4259sppp_chap_open(struct sppp *sp) 4260{ 4261 if (sp->myauth.proto == PPP_CHAP && 4262 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4263 /* we are authenticator for CHAP, start it */ 4264 chap.scr(sp); 4265 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4266 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4267 } 4268 /* nothing to be done if we are peer, await a challenge */ 4269} 4270 4271static void 4272sppp_chap_close(struct sppp *sp) 4273{ 4274 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4275 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4276} 4277 4278static void 4279sppp_chap_TO(void *cookie) 4280{ 4281 struct sppp *sp = (struct sppp *)cookie; 4282 STDDCL; 4283 int s; 4284 4285 s = splimp(); 4286 SPPP_LOCK(sp); 4287 if (debug) 4288 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4289 SPP_ARGS(ifp), 4290 sppp_state_name(sp->state[IDX_CHAP]), 4291 sp->rst_counter[IDX_CHAP]); 4292 4293 if (--sp->rst_counter[IDX_CHAP] < 0) 4294 /* TO- event */ 4295 switch (sp->state[IDX_CHAP]) { 4296 case STATE_REQ_SENT: 4297 chap.tld(sp); 4298 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4299 break; 4300 } 4301 else 4302 /* TO+ (or TO*) event */ 4303 switch (sp->state[IDX_CHAP]) { 4304 case STATE_OPENED: 4305 /* TO* event */ 4306 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4307 /* FALLTHROUGH */ 4308 case STATE_REQ_SENT: 4309 chap.scr(sp); 4310 /* sppp_cp_change_state() will restart the timer */ 4311 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4312 break; 4313 } 4314 4315 SPPP_UNLOCK(sp); 4316 splx(s); 4317} 4318 4319static void 4320sppp_chap_tlu(struct sppp *sp) 4321{ 4322 STDDCL; 4323 int i, x; 4324 4325 i = 0; 4326 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4327 4328 /* 4329 * Some broken CHAP implementations (Conware CoNet, firmware 4330 * 4.0.?) don't want to re-authenticate their CHAP once the 4331 * initial challenge-response exchange has taken place. 4332 * Provide for an option to avoid rechallenges. 4333 */ 4334 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4335 /* 4336 * Compute the re-challenge timeout. This will yield 4337 * a number between 300 and 810 seconds. 4338 */ 4339 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4340 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, (void *)sp); 4341 } 4342 4343 if (debug) { 4344 log(LOG_DEBUG, 4345 SPP_FMT "chap %s, ", 4346 SPP_ARGS(ifp), 4347 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4348 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4349 log(-1, "next re-challenge in %d seconds\n", i); 4350 else 4351 log(-1, "re-challenging supressed\n"); 4352 } 4353 4354 x = splimp(); 4355 SPPP_LOCK(sp); 4356 /* indicate to LCP that we need to be closed down */ 4357 sp->lcp.protos |= (1 << IDX_CHAP); 4358 4359 if (sp->pp_flags & PP_NEEDAUTH) { 4360 /* 4361 * Remote is authenticator, but his auth proto didn't 4362 * complete yet. Defer the transition to network 4363 * phase. 4364 */ 4365 SPPP_UNLOCK(sp); 4366 splx(x); 4367 return; 4368 } 4369 SPPP_UNLOCK(sp); 4370 splx(x); 4371 4372 /* 4373 * If we are already in phase network, we are done here. This 4374 * is the case if this is a dummy tlu event after a re-challenge. 4375 */ 4376 if (sp->pp_phase != PHASE_NETWORK) 4377 sppp_phase_network(sp); 4378} 4379 4380static void 4381sppp_chap_tld(struct sppp *sp) 4382{ 4383 STDDCL; 4384 4385 if (debug) 4386 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4387 callout_stop(&sp->ch[IDX_CHAP]); 4388 sp->lcp.protos &= ~(1 << IDX_CHAP); 4389 4390 lcp.Close(sp); 4391} 4392 4393static void 4394sppp_chap_scr(struct sppp *sp) 4395{ 4396 u_long *ch, seed; 4397 u_char clen; 4398 4399 /* Compute random challenge. */ 4400 ch = (u_long *)sp->myauth.challenge; 4401 read_random(&seed, sizeof seed); 4402 ch[0] = seed ^ random(); 4403 ch[1] = seed ^ random(); 4404 ch[2] = seed ^ random(); 4405 ch[3] = seed ^ random(); 4406 clen = AUTHKEYLEN; 4407 4408 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4409 4410 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4411 sizeof clen, (const char *)&clen, 4412 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4413 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4414 sp->myauth.name, 4415 0); 4416} 4417 4418/* 4419 *--------------------------------------------------------------------------* 4420 * * 4421 * The PAP implementation. * 4422 * * 4423 *--------------------------------------------------------------------------* 4424 */ 4425/* 4426 * For PAP, we need to keep a little state also if we are the peer, not the 4427 * authenticator. This is since we don't get a request to authenticate, but 4428 * have to repeatedly authenticate ourself until we got a response (or the 4429 * retry counter is expired). 4430 */ 4431 4432/* 4433 * Handle incoming PAP packets. */ 4434static void 4435sppp_pap_input(struct sppp *sp, struct mbuf *m) 4436{ 4437 STDDCL; 4438 struct lcp_header *h; 4439 int len, x; 4440 u_char *name, *passwd, mlen; 4441 int name_len, passwd_len; 4442 4443 len = m->m_pkthdr.len; 4444 if (len < 5) { 4445 if (debug) 4446 log(LOG_DEBUG, 4447 SPP_FMT "pap invalid packet length: %d bytes\n", 4448 SPP_ARGS(ifp), len); 4449 return; 4450 } 4451 h = mtod (m, struct lcp_header*); 4452 if (len > ntohs (h->len)) 4453 len = ntohs (h->len); 4454 switch (h->type) { 4455 /* PAP request is my authproto */ 4456 case PAP_REQ: 4457 name = 1 + (u_char*)(h+1); 4458 name_len = name[-1]; 4459 passwd = name + name_len + 1; 4460 if (name_len > len - 6 || 4461 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4462 if (debug) { 4463 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4464 "<%s id=0x%x len=%d", 4465 SPP_ARGS(ifp), 4466 sppp_auth_type_name(PPP_PAP, h->type), 4467 h->ident, ntohs(h->len)); 4468 sppp_print_bytes((u_char*)(h+1), len-4); 4469 log(-1, ">\n"); 4470 } 4471 break; 4472 } 4473 if (debug) { 4474 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4475 "<%s id=0x%x len=%d name=", 4476 SPP_ARGS(ifp), 4477 sppp_state_name(sp->state[IDX_PAP]), 4478 sppp_auth_type_name(PPP_PAP, h->type), 4479 h->ident, ntohs(h->len)); 4480 sppp_print_string((char*)name, name_len); 4481 log(-1, " passwd="); 4482 sppp_print_string((char*)passwd, passwd_len); 4483 log(-1, ">\n"); 4484 } 4485 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4486 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4487 bcmp(name, sp->hisauth.name, name_len) != 0 || 4488 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4489 /* action scn, tld */ 4490 mlen = sizeof(FAILMSG) - 1; 4491 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4492 sizeof mlen, (const char *)&mlen, 4493 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4494 0); 4495 pap.tld(sp); 4496 break; 4497 } 4498 /* action sca, perhaps tlu */ 4499 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4500 sp->state[IDX_PAP] == STATE_OPENED) { 4501 mlen = sizeof(SUCCMSG) - 1; 4502 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4503 sizeof mlen, (const char *)&mlen, 4504 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4505 0); 4506 } 4507 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4508 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4509 pap.tlu(sp); 4510 } 4511 break; 4512 4513 /* ack and nak are his authproto */ 4514 case PAP_ACK: 4515 callout_stop(&sp->pap_my_to_ch); 4516 if (debug) { 4517 log(LOG_DEBUG, SPP_FMT "pap success", 4518 SPP_ARGS(ifp)); 4519 name_len = *((char *)h); 4520 if (len > 5 && name_len) { 4521 log(-1, ": "); 4522 sppp_print_string((char*)(h+1), name_len); 4523 } 4524 log(-1, "\n"); 4525 } 4526 x = splimp(); 4527 SPPP_LOCK(sp); 4528 sp->pp_flags &= ~PP_NEEDAUTH; 4529 if (sp->myauth.proto == PPP_PAP && 4530 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4531 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4532 /* 4533 * We are authenticator for PAP but didn't 4534 * complete yet. Leave it to tlu to proceed 4535 * to network phase. 4536 */ 4537 SPPP_UNLOCK(sp); 4538 splx(x); 4539 break; 4540 } 4541 SPPP_UNLOCK(sp); 4542 splx(x); 4543 sppp_phase_network(sp); 4544 break; 4545 4546 case PAP_NAK: 4547 callout_stop (&sp->pap_my_to_ch); 4548 if (debug) { 4549 log(LOG_INFO, SPP_FMT "pap failure", 4550 SPP_ARGS(ifp)); 4551 name_len = *((char *)h); 4552 if (len > 5 && name_len) { 4553 log(-1, ": "); 4554 sppp_print_string((char*)(h+1), name_len); 4555 } 4556 log(-1, "\n"); 4557 } else 4558 log(LOG_INFO, SPP_FMT "pap failure\n", 4559 SPP_ARGS(ifp)); 4560 /* await LCP shutdown by authenticator */ 4561 break; 4562 4563 default: 4564 /* Unknown PAP packet type -- ignore. */ 4565 if (debug) { 4566 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4567 "<0x%x id=0x%x len=%d", 4568 SPP_ARGS(ifp), 4569 h->type, h->ident, ntohs(h->len)); 4570 sppp_print_bytes((u_char*)(h+1), len-4); 4571 log(-1, ">\n"); 4572 } 4573 break; 4574 4575 } 4576} 4577 4578static void 4579sppp_pap_init(struct sppp *sp) 4580{ 4581 /* PAP doesn't have STATE_INITIAL at all. */ 4582 sp->state[IDX_PAP] = STATE_CLOSED; 4583 sp->fail_counter[IDX_PAP] = 0; 4584 sp->pp_seq[IDX_PAP] = 0; 4585 sp->pp_rseq[IDX_PAP] = 0; 4586 callout_init(&sp->ch[IDX_PAP], CALLOUT_MPSAFE); 4587 callout_init(&sp->pap_my_to_ch, CALLOUT_MPSAFE); 4588} 4589 4590static void 4591sppp_pap_open(struct sppp *sp) 4592{ 4593 if (sp->hisauth.proto == PPP_PAP && 4594 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4595 /* we are authenticator for PAP, start our timer */ 4596 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4597 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4598 } 4599 if (sp->myauth.proto == PPP_PAP) { 4600 /* we are peer, send a request, and start a timer */ 4601 pap.scr(sp); 4602 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 4603 sppp_pap_my_TO, (void *)sp); 4604 } 4605} 4606 4607static void 4608sppp_pap_close(struct sppp *sp) 4609{ 4610 if (sp->state[IDX_PAP] != STATE_CLOSED) 4611 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4612} 4613 4614/* 4615 * That's the timeout routine if we are authenticator. Since the 4616 * authenticator is basically passive in PAP, we can't do much here. 4617 */ 4618static void 4619sppp_pap_TO(void *cookie) 4620{ 4621 struct sppp *sp = (struct sppp *)cookie; 4622 STDDCL; 4623 int s; 4624 4625 s = splimp(); 4626 SPPP_LOCK(sp); 4627 if (debug) 4628 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4629 SPP_ARGS(ifp), 4630 sppp_state_name(sp->state[IDX_PAP]), 4631 sp->rst_counter[IDX_PAP]); 4632 4633 if (--sp->rst_counter[IDX_PAP] < 0) 4634 /* TO- event */ 4635 switch (sp->state[IDX_PAP]) { 4636 case STATE_REQ_SENT: 4637 pap.tld(sp); 4638 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4639 break; 4640 } 4641 else 4642 /* TO+ event, not very much we could do */ 4643 switch (sp->state[IDX_PAP]) { 4644 case STATE_REQ_SENT: 4645 /* sppp_cp_change_state() will restart the timer */ 4646 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4647 break; 4648 } 4649 4650 SPPP_UNLOCK(sp); 4651 splx(s); 4652} 4653 4654/* 4655 * That's the timeout handler if we are peer. Since the peer is active, 4656 * we need to retransmit our PAP request since it is apparently lost. 4657 * XXX We should impose a max counter. 4658 */ 4659static void 4660sppp_pap_my_TO(void *cookie) 4661{ 4662 struct sppp *sp = (struct sppp *)cookie; 4663 STDDCL; 4664 4665 if (debug) 4666 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4667 SPP_ARGS(ifp)); 4668 4669 SPPP_LOCK(sp); 4670 pap.scr(sp); 4671 SPPP_UNLOCK(sp); 4672} 4673 4674static void 4675sppp_pap_tlu(struct sppp *sp) 4676{ 4677 STDDCL; 4678 int x; 4679 4680 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4681 4682 if (debug) 4683 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4684 SPP_ARGS(ifp), pap.name); 4685 4686 x = splimp(); 4687 SPPP_LOCK(sp); 4688 /* indicate to LCP that we need to be closed down */ 4689 sp->lcp.protos |= (1 << IDX_PAP); 4690 4691 if (sp->pp_flags & PP_NEEDAUTH) { 4692 /* 4693 * Remote is authenticator, but his auth proto didn't 4694 * complete yet. Defer the transition to network 4695 * phase. 4696 */ 4697 SPPP_UNLOCK(sp); 4698 splx(x); 4699 return; 4700 } 4701 SPPP_UNLOCK(sp); 4702 splx(x); 4703 sppp_phase_network(sp); 4704} 4705 4706static void 4707sppp_pap_tld(struct sppp *sp) 4708{ 4709 STDDCL; 4710 4711 if (debug) 4712 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4713 callout_stop (&sp->ch[IDX_PAP]); 4714 callout_stop (&sp->pap_my_to_ch); 4715 sp->lcp.protos &= ~(1 << IDX_PAP); 4716 4717 lcp.Close(sp); 4718} 4719 4720static void 4721sppp_pap_scr(struct sppp *sp) 4722{ 4723 u_char idlen, pwdlen; 4724 4725 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4726 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4727 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4728 4729 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4730 sizeof idlen, (const char *)&idlen, 4731 (size_t)idlen, sp->myauth.name, 4732 sizeof pwdlen, (const char *)&pwdlen, 4733 (size_t)pwdlen, sp->myauth.secret, 4734 0); 4735} 4736 4737/* 4738 * Random miscellaneous functions. 4739 */ 4740 4741/* 4742 * Send a PAP or CHAP proto packet. 4743 * 4744 * Varadic function, each of the elements for the ellipsis is of type 4745 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4746 * mlen == 0. 4747 * NOTE: never declare variadic functions with types subject to type 4748 * promotion (i.e. u_char). This is asking for big trouble depending 4749 * on the architecture you are on... 4750 */ 4751 4752static void 4753sppp_auth_send(const struct cp *cp, struct sppp *sp, 4754 unsigned int type, unsigned int id, 4755 ...) 4756{ 4757 STDDCL; 4758 struct ppp_header *h; 4759 struct lcp_header *lh; 4760 struct mbuf *m; 4761 u_char *p; 4762 int len; 4763 unsigned int mlen; 4764 const char *msg; 4765 va_list ap; 4766 4767 MGETHDR (m, M_DONTWAIT, MT_DATA); 4768 if (! m) 4769 return; 4770 m->m_pkthdr.rcvif = 0; 4771 4772 h = mtod (m, struct ppp_header*); 4773 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4774 h->control = PPP_UI; /* Unnumbered Info */ 4775 h->protocol = htons(cp->proto); 4776 4777 lh = (struct lcp_header*)(h + 1); 4778 lh->type = type; 4779 lh->ident = id; 4780 p = (u_char*) (lh+1); 4781 4782 va_start(ap, id); 4783 len = 0; 4784 4785 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4786 msg = va_arg(ap, const char *); 4787 len += mlen; 4788 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4789 va_end(ap); 4790 m_freem(m); 4791 return; 4792 } 4793 4794 bcopy(msg, p, mlen); 4795 p += mlen; 4796 } 4797 va_end(ap); 4798 4799 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4800 lh->len = htons (LCP_HEADER_LEN + len); 4801 4802 if (debug) { 4803 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4804 SPP_ARGS(ifp), cp->name, 4805 sppp_auth_type_name(cp->proto, lh->type), 4806 lh->ident, ntohs(lh->len)); 4807 sppp_print_bytes((u_char*) (lh+1), len); 4808 log(-1, ">\n"); 4809 } 4810 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 4811 ifp->if_oerrors++; 4812} 4813 4814/* 4815 * Flush interface queue. 4816 */ 4817static void 4818sppp_qflush(struct ifqueue *ifq) 4819{ 4820 struct mbuf *m, *n; 4821 4822 n = ifq->ifq_head; 4823 while ((m = n)) { 4824 n = m->m_act; 4825 m_freem (m); 4826 } 4827 ifq->ifq_head = 0; 4828 ifq->ifq_tail = 0; 4829 ifq->ifq_len = 0; 4830} 4831 4832/* 4833 * Send keepalive packets, every 10 seconds. 4834 */ 4835static void 4836sppp_keepalive(void *dummy) 4837{ 4838 struct sppp *sp = (struct sppp*)dummy; 4839 struct ifnet *ifp = SP2IFP(sp); 4840 int s; 4841 4842 s = splimp(); 4843 SPPP_LOCK(sp); 4844 /* Keepalive mode disabled or channel down? */ 4845 if (! (sp->pp_flags & PP_KEEPALIVE) || 4846 ! (ifp->if_drv_flags & IFF_DRV_RUNNING)) 4847 goto out; 4848 4849 if (sp->pp_mode == PP_FR) { 4850 sppp_fr_keepalive (sp); 4851 goto out; 4852 } 4853 4854 /* No keepalive in PPP mode if LCP not opened yet. */ 4855 if (sp->pp_mode != IFF_CISCO && 4856 sp->pp_phase < PHASE_AUTHENTICATE) 4857 goto out; 4858 4859 if (sp->pp_alivecnt == MAXALIVECNT) { 4860 /* No keepalive packets got. Stop the interface. */ 4861 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4862 if_down (ifp); 4863 sppp_qflush (&sp->pp_cpq); 4864 if (sp->pp_mode != IFF_CISCO) { 4865 /* XXX */ 4866 /* Shut down the PPP link. */ 4867 lcp.Down(sp); 4868 /* Initiate negotiation. XXX */ 4869 lcp.Up(sp); 4870 } 4871 } 4872 if (sp->pp_alivecnt <= MAXALIVECNT) 4873 ++sp->pp_alivecnt; 4874 if (sp->pp_mode == IFF_CISCO) 4875 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4876 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4877 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4878 long nmagic = htonl (sp->lcp.magic); 4879 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4880 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4881 sp->lcp.echoid, 4, &nmagic); 4882 } 4883out: 4884 SPPP_UNLOCK(sp); 4885 splx(s); 4886 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 4887 (void *)sp); 4888} 4889 4890/* 4891 * Get both IP addresses. 4892 */ 4893void 4894sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4895{ 4896 struct ifnet *ifp = SP2IFP(sp); 4897 struct ifaddr *ifa; 4898 struct sockaddr_in *si, *sm; 4899 u_long ssrc, ddst; 4900 4901 sm = NULL; 4902 ssrc = ddst = 0L; 4903 /* 4904 * Pick the first AF_INET address from the list, 4905 * aliases don't make any sense on a p2p link anyway. 4906 */ 4907 si = 0; 4908 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4909 if (ifa->ifa_addr->sa_family == AF_INET) { 4910 si = (struct sockaddr_in *)ifa->ifa_addr; 4911 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4912 if (si) 4913 break; 4914 } 4915 if (ifa) { 4916 if (si && si->sin_addr.s_addr) { 4917 ssrc = si->sin_addr.s_addr; 4918 if (srcmask) 4919 *srcmask = ntohl(sm->sin_addr.s_addr); 4920 } 4921 4922 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4923 if (si && si->sin_addr.s_addr) 4924 ddst = si->sin_addr.s_addr; 4925 } 4926 4927 if (dst) *dst = ntohl(ddst); 4928 if (src) *src = ntohl(ssrc); 4929} 4930 4931#ifdef INET 4932/* 4933 * Set my IP address. Must be called at splimp. 4934 */ 4935static void 4936sppp_set_ip_addr(struct sppp *sp, u_long src) 4937{ 4938 INIT_VNET_INET(curvnet); 4939 STDDCL; 4940 struct ifaddr *ifa; 4941 struct sockaddr_in *si; 4942 struct in_ifaddr *ia; 4943 4944 /* 4945 * Pick the first AF_INET address from the list, 4946 * aliases don't make any sense on a p2p link anyway. 4947 */ 4948 si = 0; 4949 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4950 { 4951 if (ifa->ifa_addr->sa_family == AF_INET) 4952 { 4953 si = (struct sockaddr_in *)ifa->ifa_addr; 4954 if (si) 4955 break; 4956 } 4957 } 4958 4959 if (ifa && si) 4960 { 4961 int error; 4962 /* delete old route */ 4963 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4964 if(debug && error) 4965 { 4966 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4967 SPP_ARGS(ifp), error); 4968 } 4969 4970 /* set new address */ 4971 si->sin_addr.s_addr = htonl(src); 4972 ia = ifatoia(ifa); 4973 LIST_REMOVE(ia, ia_hash); 4974 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4975 4976 /* add new route */ 4977 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4978 if (debug && error) 4979 { 4980 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4981 SPP_ARGS(ifp), error); 4982 } 4983 } 4984} 4985#endif 4986 4987#ifdef INET6 4988/* 4989 * Get both IPv6 addresses. 4990 */ 4991static void 4992sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4993 struct in6_addr *srcmask) 4994{ 4995 struct ifnet *ifp = SP2IFP(sp); 4996 struct ifaddr *ifa; 4997 struct sockaddr_in6 *si, *sm; 4998 struct in6_addr ssrc, ddst; 4999 5000 sm = NULL; 5001 bzero(&ssrc, sizeof(ssrc)); 5002 bzero(&ddst, sizeof(ddst)); 5003 /* 5004 * Pick the first link-local AF_INET6 address from the list, 5005 * aliases don't make any sense on a p2p link anyway. 5006 */ 5007 si = 0; 5008 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 5009 if (ifa->ifa_addr->sa_family == AF_INET6) { 5010 si = (struct sockaddr_in6 *)ifa->ifa_addr; 5011 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 5012 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 5013 break; 5014 } 5015 if (ifa) { 5016 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 5017 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 5018 if (srcmask) { 5019 bcopy(&sm->sin6_addr, srcmask, 5020 sizeof(*srcmask)); 5021 } 5022 } 5023 5024 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 5025 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 5026 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 5027 } 5028 5029 if (dst) 5030 bcopy(&ddst, dst, sizeof(*dst)); 5031 if (src) 5032 bcopy(&ssrc, src, sizeof(*src)); 5033} 5034 5035#ifdef IPV6CP_MYIFID_DYN 5036/* 5037 * Generate random ifid. 5038 */ 5039static void 5040sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 5041{ 5042 /* TBD */ 5043} 5044 5045/* 5046 * Set my IPv6 address. Must be called at splimp. 5047 */ 5048static void 5049sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 5050{ 5051 STDDCL; 5052 struct ifaddr *ifa; 5053 struct sockaddr_in6 *sin6; 5054 5055 /* 5056 * Pick the first link-local AF_INET6 address from the list, 5057 * aliases don't make any sense on a p2p link anyway. 5058 */ 5059 5060 sin6 = NULL; 5061 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 5062 { 5063 if (ifa->ifa_addr->sa_family == AF_INET6) 5064 { 5065 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 5066 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 5067 break; 5068 } 5069 } 5070 5071 if (ifa && sin6) 5072 { 5073 int error; 5074 struct sockaddr_in6 new_sin6 = *sin6; 5075 5076 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 5077 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 5078 if (debug && error) 5079 { 5080 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 5081 " failed, error=%d\n", SPP_ARGS(ifp), error); 5082 } 5083 } 5084} 5085#endif 5086 5087/* 5088 * Suggest a candidate address to be used by peer. 5089 */ 5090static void 5091sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5092{ 5093 struct in6_addr myaddr; 5094 struct timeval tv; 5095 5096 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5097 5098 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5099 microtime(&tv); 5100 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5101 myaddr.s6_addr[14] ^= 0xff; 5102 myaddr.s6_addr[15] ^= 0xff; 5103 } else { 5104 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5105 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5106 } 5107 if (suggest) 5108 bcopy(&myaddr, suggest, sizeof(myaddr)); 5109} 5110#endif /*INET6*/ 5111 5112static int 5113sppp_params(struct sppp *sp, u_long cmd, void *data) 5114{ 5115 u_long subcmd; 5116 struct ifreq *ifr = (struct ifreq *)data; 5117 struct spppreq *spr; 5118 int rv = 0; 5119 5120 if ((spr = malloc(sizeof(struct spppreq), M_TEMP, M_NOWAIT)) == 0) 5121 return (EAGAIN); 5122 /* 5123 * ifr->ifr_data is supposed to point to a struct spppreq. 5124 * Check the cmd word first before attempting to fetch all the 5125 * data. 5126 */ 5127 if ((subcmd = fuword(ifr->ifr_data)) == -1) { 5128 rv = EFAULT; 5129 goto quit; 5130 } 5131 5132 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(struct spppreq)) != 0) { 5133 rv = EFAULT; 5134 goto quit; 5135 } 5136 5137 switch (subcmd) { 5138 case (u_long)SPPPIOGDEFS: 5139 if (cmd != SIOCGIFGENERIC) { 5140 rv = EINVAL; 5141 break; 5142 } 5143 /* 5144 * We copy over the entire current state, but clean 5145 * out some of the stuff we don't wanna pass up. 5146 * Remember, SIOCGIFGENERIC is unprotected, and can be 5147 * called by any user. No need to ever get PAP or 5148 * CHAP secrets back to userland anyway. 5149 */ 5150 spr->defs.pp_phase = sp->pp_phase; 5151 spr->defs.enable_vj = (sp->confflags & CONF_ENABLE_VJ) != 0; 5152 spr->defs.enable_ipv6 = (sp->confflags & CONF_ENABLE_IPV6) != 0; 5153 spr->defs.lcp = sp->lcp; 5154 spr->defs.ipcp = sp->ipcp; 5155 spr->defs.ipv6cp = sp->ipv6cp; 5156 spr->defs.myauth = sp->myauth; 5157 spr->defs.hisauth = sp->hisauth; 5158 bzero(spr->defs.myauth.secret, AUTHKEYLEN); 5159 bzero(spr->defs.myauth.challenge, AUTHKEYLEN); 5160 bzero(spr->defs.hisauth.secret, AUTHKEYLEN); 5161 bzero(spr->defs.hisauth.challenge, AUTHKEYLEN); 5162 /* 5163 * Fixup the LCP timeout value to milliseconds so 5164 * spppcontrol doesn't need to bother about the value 5165 * of "hz". We do the reverse calculation below when 5166 * setting it. 5167 */ 5168 spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz; 5169 rv = copyout(spr, (caddr_t)ifr->ifr_data, 5170 sizeof(struct spppreq)); 5171 break; 5172 5173 case (u_long)SPPPIOSDEFS: 5174 if (cmd != SIOCSIFGENERIC) { 5175 rv = EINVAL; 5176 break; 5177 } 5178 /* 5179 * We have a very specific idea of which fields we 5180 * allow being passed back from userland, so to not 5181 * clobber our current state. For one, we only allow 5182 * setting anything if LCP is in dead or establish 5183 * phase. Once the authentication negotiations 5184 * started, the authentication settings must not be 5185 * changed again. (The administrator can force an 5186 * ifconfig down in order to get LCP back into dead 5187 * phase.) 5188 * 5189 * Also, we only allow for authentication parameters to be 5190 * specified. 5191 * 5192 * XXX Should allow to set or clear pp_flags. 5193 * 5194 * Finally, if the respective authentication protocol to 5195 * be used is set differently than 0, but the secret is 5196 * passed as all zeros, we don't trash the existing secret. 5197 * This allows an administrator to change the system name 5198 * only without clobbering the secret (which he didn't get 5199 * back in a previous SPPPIOGDEFS call). However, the 5200 * secrets are cleared if the authentication protocol is 5201 * reset to 0. */ 5202 if (sp->pp_phase != PHASE_DEAD && 5203 sp->pp_phase != PHASE_ESTABLISH) { 5204 rv = EBUSY; 5205 break; 5206 } 5207 5208 if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP && 5209 spr->defs.myauth.proto != PPP_CHAP) || 5210 (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP && 5211 spr->defs.hisauth.proto != PPP_CHAP)) { 5212 rv = EINVAL; 5213 break; 5214 } 5215 5216 if (spr->defs.myauth.proto == 0) 5217 /* resetting myauth */ 5218 bzero(&sp->myauth, sizeof sp->myauth); 5219 else { 5220 /* setting/changing myauth */ 5221 sp->myauth.proto = spr->defs.myauth.proto; 5222 bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 5223 if (spr->defs.myauth.secret[0] != '\0') 5224 bcopy(spr->defs.myauth.secret, sp->myauth.secret, 5225 AUTHKEYLEN); 5226 } 5227 if (spr->defs.hisauth.proto == 0) 5228 /* resetting hisauth */ 5229 bzero(&sp->hisauth, sizeof sp->hisauth); 5230 else { 5231 /* setting/changing hisauth */ 5232 sp->hisauth.proto = spr->defs.hisauth.proto; 5233 sp->hisauth.flags = spr->defs.hisauth.flags; 5234 bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5235 if (spr->defs.hisauth.secret[0] != '\0') 5236 bcopy(spr->defs.hisauth.secret, sp->hisauth.secret, 5237 AUTHKEYLEN); 5238 } 5239 /* set LCP restart timer timeout */ 5240 if (spr->defs.lcp.timeout != 0) 5241 sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000; 5242 /* set VJ enable and IPv6 disable flags */ 5243#ifdef INET 5244 if (spr->defs.enable_vj) 5245 sp->confflags |= CONF_ENABLE_VJ; 5246 else 5247 sp->confflags &= ~CONF_ENABLE_VJ; 5248#endif 5249#ifdef INET6 5250 if (spr->defs.enable_ipv6) 5251 sp->confflags |= CONF_ENABLE_IPV6; 5252 else 5253 sp->confflags &= ~CONF_ENABLE_IPV6; 5254#endif 5255 break; 5256 5257 default: 5258 rv = EINVAL; 5259 } 5260 5261 quit: 5262 free(spr, M_TEMP); 5263 5264 return (rv); 5265} 5266 5267static void 5268sppp_phase_network(struct sppp *sp) 5269{ 5270 STDDCL; 5271 int i; 5272 u_long mask; 5273 5274 sp->pp_phase = PHASE_NETWORK; 5275 5276 if (debug) 5277 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5278 sppp_phase_name(sp->pp_phase)); 5279 5280 /* Notify NCPs now. */ 5281 for (i = 0; i < IDX_COUNT; i++) 5282 if ((cps[i])->flags & CP_NCP) 5283 (cps[i])->Open(sp); 5284 5285 /* Send Up events to all NCPs. */ 5286 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5287 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5288 (cps[i])->Up(sp); 5289 5290 /* if no NCP is starting, all this was in vain, close down */ 5291 sppp_lcp_check_and_close(sp); 5292} 5293 5294 5295static const char * 5296sppp_cp_type_name(u_char type) 5297{ 5298 static char buf[12]; 5299 switch (type) { 5300 case CONF_REQ: return "conf-req"; 5301 case CONF_ACK: return "conf-ack"; 5302 case CONF_NAK: return "conf-nak"; 5303 case CONF_REJ: return "conf-rej"; 5304 case TERM_REQ: return "term-req"; 5305 case TERM_ACK: return "term-ack"; 5306 case CODE_REJ: return "code-rej"; 5307 case PROTO_REJ: return "proto-rej"; 5308 case ECHO_REQ: return "echo-req"; 5309 case ECHO_REPLY: return "echo-reply"; 5310 case DISC_REQ: return "discard-req"; 5311 } 5312 snprintf (buf, sizeof(buf), "cp/0x%x", type); 5313 return buf; 5314} 5315 5316static const char * 5317sppp_auth_type_name(u_short proto, u_char type) 5318{ 5319 static char buf[12]; 5320 switch (proto) { 5321 case PPP_CHAP: 5322 switch (type) { 5323 case CHAP_CHALLENGE: return "challenge"; 5324 case CHAP_RESPONSE: return "response"; 5325 case CHAP_SUCCESS: return "success"; 5326 case CHAP_FAILURE: return "failure"; 5327 } 5328 case PPP_PAP: 5329 switch (type) { 5330 case PAP_REQ: return "req"; 5331 case PAP_ACK: return "ack"; 5332 case PAP_NAK: return "nak"; 5333 } 5334 } 5335 snprintf (buf, sizeof(buf), "auth/0x%x", type); 5336 return buf; 5337} 5338 5339static const char * 5340sppp_lcp_opt_name(u_char opt) 5341{ 5342 static char buf[12]; 5343 switch (opt) { 5344 case LCP_OPT_MRU: return "mru"; 5345 case LCP_OPT_ASYNC_MAP: return "async-map"; 5346 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5347 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5348 case LCP_OPT_MAGIC: return "magic"; 5349 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5350 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5351 } 5352 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 5353 return buf; 5354} 5355 5356#ifdef INET 5357static const char * 5358sppp_ipcp_opt_name(u_char opt) 5359{ 5360 static char buf[12]; 5361 switch (opt) { 5362 case IPCP_OPT_ADDRESSES: return "addresses"; 5363 case IPCP_OPT_COMPRESSION: return "compression"; 5364 case IPCP_OPT_ADDRESS: return "address"; 5365 } 5366 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 5367 return buf; 5368} 5369#endif 5370 5371#ifdef INET6 5372static const char * 5373sppp_ipv6cp_opt_name(u_char opt) 5374{ 5375 static char buf[12]; 5376 switch (opt) { 5377 case IPV6CP_OPT_IFID: return "ifid"; 5378 case IPV6CP_OPT_COMPRESSION: return "compression"; 5379 } 5380 sprintf (buf, "0x%x", opt); 5381 return buf; 5382} 5383#endif 5384 5385static const char * 5386sppp_state_name(int state) 5387{ 5388 switch (state) { 5389 case STATE_INITIAL: return "initial"; 5390 case STATE_STARTING: return "starting"; 5391 case STATE_CLOSED: return "closed"; 5392 case STATE_STOPPED: return "stopped"; 5393 case STATE_CLOSING: return "closing"; 5394 case STATE_STOPPING: return "stopping"; 5395 case STATE_REQ_SENT: return "req-sent"; 5396 case STATE_ACK_RCVD: return "ack-rcvd"; 5397 case STATE_ACK_SENT: return "ack-sent"; 5398 case STATE_OPENED: return "opened"; 5399 } 5400 return "illegal"; 5401} 5402 5403static const char * 5404sppp_phase_name(enum ppp_phase phase) 5405{ 5406 switch (phase) { 5407 case PHASE_DEAD: return "dead"; 5408 case PHASE_ESTABLISH: return "establish"; 5409 case PHASE_TERMINATE: return "terminate"; 5410 case PHASE_AUTHENTICATE: return "authenticate"; 5411 case PHASE_NETWORK: return "network"; 5412 } 5413 return "illegal"; 5414} 5415 5416static const char * 5417sppp_proto_name(u_short proto) 5418{ 5419 static char buf[12]; 5420 switch (proto) { 5421 case PPP_LCP: return "lcp"; 5422 case PPP_IPCP: return "ipcp"; 5423 case PPP_PAP: return "pap"; 5424 case PPP_CHAP: return "chap"; 5425 case PPP_IPV6CP: return "ipv6cp"; 5426 } 5427 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5428 return buf; 5429} 5430 5431static void 5432sppp_print_bytes(const u_char *p, u_short len) 5433{ 5434 if (len) 5435 log(-1, " %*D", len, p, "-"); 5436} 5437 5438static void 5439sppp_print_string(const char *p, u_short len) 5440{ 5441 u_char c; 5442 5443 while (len-- > 0) { 5444 c = *p++; 5445 /* 5446 * Print only ASCII chars directly. RFC 1994 recommends 5447 * using only them, but we don't rely on it. */ 5448 if (c < ' ' || c > '~') 5449 log(-1, "\\x%x", c); 5450 else 5451 log(-1, "%c", c); 5452 } 5453} 5454 5455#ifdef INET 5456static const char * 5457sppp_dotted_quad(u_long addr) 5458{ 5459 static char s[16]; 5460 sprintf(s, "%d.%d.%d.%d", 5461 (int)((addr >> 24) & 0xff), 5462 (int)((addr >> 16) & 0xff), 5463 (int)((addr >> 8) & 0xff), 5464 (int)(addr & 0xff)); 5465 return s; 5466} 5467#endif 5468 5469static int 5470sppp_strnlen(u_char *p, int max) 5471{ 5472 int len; 5473 5474 for (len = 0; len < max && *p; ++p) 5475 ++len; 5476 return len; 5477} 5478 5479/* a dummy, used to drop uninteresting events */ 5480static void 5481sppp_null(struct sppp *unused) 5482{ 5483 /* do just nothing */ 5484} 5485