if_spppsubr.c revision 36119
1/* 2 * Synchronous PPP/Cisco link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 * 5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6 * Author: Serge Vakulenko, <vak@cronyx.ru> 7 * 8 * Heavily revamped to conform to RFC 1661. 9 * Copyright (C) 1997, Joerg Wunsch. 10 * 11 * This software is distributed with NO WARRANTIES, not even the implied 12 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13 * 14 * Authors grant any other persons or organisations permission to use 15 * or modify this software as long as this message is kept with the software, 16 * all derivative works or modified versions. 17 * 18 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 19 * 20 * $Id: if_spppsubr.c,v 1.38 1998/04/06 11:40:17 phk Exp $ 21 */ 22 23#include "opt_inet.h" 24#include "opt_ipx.h" 25 26#include <sys/param.h> 27#include <sys/systm.h> 28#include <sys/kernel.h> 29#include <sys/sockio.h> 30#include <sys/socket.h> 31#include <sys/syslog.h> 32#include <machine/random.h> 33#include <sys/malloc.h> 34#include <sys/mbuf.h> 35#include <sys/md5.h> 36 37#include <net/if.h> 38#include <net/netisr.h> 39#include <net/if_types.h> 40 41#include <machine/stdarg.h> 42#include <machine/random.h> 43 44#ifdef INET 45#include <netinet/in.h> 46#include <netinet/in_systm.h> 47#include <netinet/in_var.h> 48#include <netinet/ip.h> 49#include <netinet/tcp.h> 50#include <netinet/if_ether.h> 51#else 52#error Huh? sppp without INET? 53#endif 54 55#ifdef IPX 56#include <netipx/ipx.h> 57#include <netipx/ipx_if.h> 58#endif 59 60#ifdef NS 61#include <netns/ns.h> 62#include <netns/ns_if.h> 63#endif 64 65#ifdef ISO 66#include <netiso/argo_debug.h> 67#include <netiso/iso.h> 68#include <netiso/iso_var.h> 69#include <netiso/iso_snpac.h> 70#endif 71 72#include <net/if_sppp.h> 73 74#define MAXALIVECNT 3 /* max. alive packets */ 75 76/* 77 * Interface flags that can be set in an ifconfig command. 78 * 79 * Setting link0 will make the link passive, i.e. it will be marked 80 * as being administrative openable, but won't be opened to begin 81 * with. Incoming calls will be answered, or subsequent calls with 82 * -link1 will cause the administrative open of the LCP layer. 83 * 84 * Setting link1 will cause the link to auto-dial only as packets 85 * arrive to be sent. 86 * 87 * Setting IFF_DEBUG will syslog the option negotiation and state 88 * transitions at level kern.debug. Note: all logs consistently look 89 * like 90 * 91 * <if-name><unit>: <proto-name> <additional info...> 92 * 93 * with <if-name><unit> being something like "bppp0", and <proto-name> 94 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 95 */ 96 97#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 98#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 99 100#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 101#define PPP_UI 0x03 /* Unnumbered Information */ 102#define PPP_IP 0x0021 /* Internet Protocol */ 103#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 104#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 105#define PPP_IPX 0x002b /* Novell IPX Protocol */ 106#define PPP_LCP 0xc021 /* Link Control Protocol */ 107#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 108#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 109#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 110 111#define CONF_REQ 1 /* PPP configure request */ 112#define CONF_ACK 2 /* PPP configure acknowledge */ 113#define CONF_NAK 3 /* PPP configure negative ack */ 114#define CONF_REJ 4 /* PPP configure reject */ 115#define TERM_REQ 5 /* PPP terminate request */ 116#define TERM_ACK 6 /* PPP terminate acknowledge */ 117#define CODE_REJ 7 /* PPP code reject */ 118#define PROTO_REJ 8 /* PPP protocol reject */ 119#define ECHO_REQ 9 /* PPP echo request */ 120#define ECHO_REPLY 10 /* PPP echo reply */ 121#define DISC_REQ 11 /* PPP discard request */ 122 123#define LCP_OPT_MRU 1 /* maximum receive unit */ 124#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 125#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 126#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 127#define LCP_OPT_MAGIC 5 /* magic number */ 128#define LCP_OPT_RESERVED 6 /* reserved */ 129#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 130#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 131 132#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 133#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 134#define IPCP_OPT_ADDRESS 3 /* local IP address */ 135 136#define PAP_REQ 1 /* PAP name/password request */ 137#define PAP_ACK 2 /* PAP acknowledge */ 138#define PAP_NAK 3 /* PAP fail */ 139 140#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 141#define CHAP_RESPONSE 2 /* CHAP challenge response */ 142#define CHAP_SUCCESS 3 /* CHAP response ok */ 143#define CHAP_FAILURE 4 /* CHAP response failed */ 144 145#define CHAP_MD5 5 /* hash algorithm - MD5 */ 146 147#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 148#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 149#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 150#define CISCO_ADDR_REQ 0 /* Cisco address request */ 151#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 152#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 153 154/* states are named and numbered according to RFC 1661 */ 155#define STATE_INITIAL 0 156#define STATE_STARTING 1 157#define STATE_CLOSED 2 158#define STATE_STOPPED 3 159#define STATE_CLOSING 4 160#define STATE_STOPPING 5 161#define STATE_REQ_SENT 6 162#define STATE_ACK_RCVD 7 163#define STATE_ACK_SENT 8 164#define STATE_OPENED 9 165 166struct ppp_header { 167 u_char address; 168 u_char control; 169 u_short protocol; 170}; 171#define PPP_HEADER_LEN sizeof (struct ppp_header) 172 173struct lcp_header { 174 u_char type; 175 u_char ident; 176 u_short len; 177}; 178#define LCP_HEADER_LEN sizeof (struct lcp_header) 179 180struct cisco_packet { 181 u_long type; 182 u_long par1; 183 u_long par2; 184 u_short rel; 185 u_short time0; 186 u_short time1; 187}; 188#define CISCO_PACKET_LEN 18 189 190/* 191 * We follow the spelling and capitalization of RFC 1661 here, to make 192 * it easier comparing with the standard. Please refer to this RFC in 193 * case you can't make sense out of these abbreviation; it will also 194 * explain the semantics related to the various events and actions. 195 */ 196struct cp { 197 u_short proto; /* PPP control protocol number */ 198 u_char protoidx; /* index into state table in struct sppp */ 199 u_char flags; 200#define CP_LCP 0x01 /* this is the LCP */ 201#define CP_AUTH 0x02 /* this is an authentication protocol */ 202#define CP_NCP 0x04 /* this is a NCP */ 203#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 204 const char *name; /* name of this control protocol */ 205 /* event handlers */ 206 void (*Up)(struct sppp *sp); 207 void (*Down)(struct sppp *sp); 208 void (*Open)(struct sppp *sp); 209 void (*Close)(struct sppp *sp); 210 void (*TO)(void *sp); 211 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 212 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 213 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 214 /* actions */ 215 void (*tlu)(struct sppp *sp); 216 void (*tld)(struct sppp *sp); 217 void (*tls)(struct sppp *sp); 218 void (*tlf)(struct sppp *sp); 219 void (*scr)(struct sppp *sp); 220}; 221 222static struct sppp *spppq; 223static struct callout_handle keepalive_ch; 224 225/* 226 * The following disgusting hack gets around the problem that IP TOS 227 * can't be set yet. We want to put "interactive" traffic on a high 228 * priority queue. To decide if traffic is interactive, we check that 229 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 230 * 231 * XXX is this really still necessary? - joerg - 232 */ 233static u_short interactive_ports[8] = { 234 0, 513, 0, 0, 235 0, 21, 0, 23, 236}; 237#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 238 239/* almost every function needs these */ 240#define STDDCL \ 241 struct ifnet *ifp = &sp->pp_if; \ 242 int debug = ifp->if_flags & IFF_DEBUG 243 244static int sppp_output(struct ifnet *ifp, struct mbuf *m, 245 struct sockaddr *dst, struct rtentry *rt); 246 247static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 248static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 249 250static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 251 struct mbuf *m); 252static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 253 u_char ident, u_short len, void *data); 254static void sppp_cp_timeout(void *arg); 255static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 256 int newstate); 257static void sppp_auth_send(const struct cp *cp, 258 struct sppp *sp, u_char type, u_char id, 259 ...); 260 261static void sppp_up_event(const struct cp *cp, struct sppp *sp); 262static void sppp_down_event(const struct cp *cp, struct sppp *sp); 263static void sppp_open_event(const struct cp *cp, struct sppp *sp); 264static void sppp_close_event(const struct cp *cp, struct sppp *sp); 265static void sppp_to_event(const struct cp *cp, struct sppp *sp); 266 267static void sppp_null(struct sppp *sp); 268 269static void sppp_lcp_init(struct sppp *sp); 270static void sppp_lcp_up(struct sppp *sp); 271static void sppp_lcp_down(struct sppp *sp); 272static void sppp_lcp_open(struct sppp *sp); 273static void sppp_lcp_close(struct sppp *sp); 274static void sppp_lcp_TO(void *sp); 275static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 276static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 277static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 278static void sppp_lcp_tlu(struct sppp *sp); 279static void sppp_lcp_tld(struct sppp *sp); 280static void sppp_lcp_tls(struct sppp *sp); 281static void sppp_lcp_tlf(struct sppp *sp); 282static void sppp_lcp_scr(struct sppp *sp); 283static void sppp_lcp_check_and_close(struct sppp *sp); 284static int sppp_ncp_check(struct sppp *sp); 285 286static void sppp_ipcp_init(struct sppp *sp); 287static void sppp_ipcp_up(struct sppp *sp); 288static void sppp_ipcp_down(struct sppp *sp); 289static void sppp_ipcp_open(struct sppp *sp); 290static void sppp_ipcp_close(struct sppp *sp); 291static void sppp_ipcp_TO(void *sp); 292static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 293static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 294static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 295static void sppp_ipcp_tlu(struct sppp *sp); 296static void sppp_ipcp_tld(struct sppp *sp); 297static void sppp_ipcp_tls(struct sppp *sp); 298static void sppp_ipcp_tlf(struct sppp *sp); 299static void sppp_ipcp_scr(struct sppp *sp); 300 301static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 302static void sppp_pap_init(struct sppp *sp); 303static void sppp_pap_open(struct sppp *sp); 304static void sppp_pap_close(struct sppp *sp); 305static void sppp_pap_TO(void *sp); 306static void sppp_pap_my_TO(void *sp); 307static void sppp_pap_tlu(struct sppp *sp); 308static void sppp_pap_tld(struct sppp *sp); 309static void sppp_pap_scr(struct sppp *sp); 310 311static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 312static void sppp_chap_init(struct sppp *sp); 313static void sppp_chap_open(struct sppp *sp); 314static void sppp_chap_close(struct sppp *sp); 315static void sppp_chap_TO(void *sp); 316static void sppp_chap_tlu(struct sppp *sp); 317static void sppp_chap_tld(struct sppp *sp); 318static void sppp_chap_scr(struct sppp *sp); 319 320static const char *sppp_auth_type_name(u_short proto, u_char type); 321static const char *sppp_cp_type_name(u_char type); 322static const char *sppp_dotted_quad(u_long addr); 323static const char *sppp_ipcp_opt_name(u_char opt); 324static const char *sppp_lcp_opt_name(u_char opt); 325static const char *sppp_phase_name(enum ppp_phase phase); 326static const char *sppp_proto_name(u_short proto); 327static const char *sppp_state_name(int state); 328static int sppp_params(struct sppp *sp, int cmd, void *data); 329static int sppp_strnlen(u_char *p, int max); 330static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 331 u_long *srcmask); 332static void sppp_keepalive(void *dummy); 333static void sppp_phase_network(struct sppp *sp); 334static void sppp_print_bytes(const u_char *p, u_short len); 335static void sppp_print_string(const char *p, u_short len); 336static void sppp_qflush(struct ifqueue *ifq); 337static void sppp_set_ip_addr(struct sppp *sp, u_long src); 338 339/* our control protocol descriptors */ 340static const struct cp lcp = { 341 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 342 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 343 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 344 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 345 sppp_lcp_scr 346}; 347 348static const struct cp ipcp = { 349 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp", 350 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 351 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 352 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 353 sppp_ipcp_scr 354}; 355 356static const struct cp pap = { 357 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 358 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 359 sppp_pap_TO, 0, 0, 0, 360 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 361 sppp_pap_scr 362}; 363 364static const struct cp chap = { 365 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 366 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 367 sppp_chap_TO, 0, 0, 0, 368 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 369 sppp_chap_scr 370}; 371 372static const struct cp *cps[IDX_COUNT] = { 373 &lcp, /* IDX_LCP */ 374 &ipcp, /* IDX_IPCP */ 375 &pap, /* IDX_PAP */ 376 &chap, /* IDX_CHAP */ 377}; 378 379 380/* 381 * Exported functions, comprising our interface to the lower layer. 382 */ 383 384/* 385 * Process the received packet. 386 */ 387void 388sppp_input(struct ifnet *ifp, struct mbuf *m) 389{ 390 struct ppp_header *h; 391 struct ifqueue *inq = 0; 392 int s; 393 struct sppp *sp = (struct sppp *)ifp; 394 int debug = ifp->if_flags & IFF_DEBUG; 395 396 if (ifp->if_flags & IFF_UP) 397 /* Count received bytes, add FCS and one flag */ 398 ifp->if_ibytes += m->m_pkthdr.len + 3; 399 400 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 401 /* Too small packet, drop it. */ 402 if (debug) 403 log(LOG_DEBUG, 404 "%s%d: input packet is too small, %d bytes\n", 405 ifp->if_name, ifp->if_unit, m->m_pkthdr.len); 406 drop: 407 ++ifp->if_ierrors; 408 ++ifp->if_iqdrops; 409 m_freem (m); 410 return; 411 } 412 413 /* Get PPP header. */ 414 h = mtod (m, struct ppp_header*); 415 m_adj (m, PPP_HEADER_LEN); 416 417 switch (h->address) { 418 case PPP_ALLSTATIONS: 419 if (h->control != PPP_UI) 420 goto invalid; 421 if (sp->pp_flags & PP_CISCO) { 422 if (debug) 423 log(LOG_DEBUG, 424 "%s%d: PPP packet in Cisco mode " 425 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 426 ifp->if_name, ifp->if_unit, 427 h->address, h->control, ntohs(h->protocol)); 428 goto drop; 429 } 430 switch (ntohs (h->protocol)) { 431 default: 432 if (sp->state[IDX_LCP] == STATE_OPENED) 433 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 434 ++sp->pp_seq, m->m_pkthdr.len + 2, 435 &h->protocol); 436 if (debug) 437 log(LOG_DEBUG, 438 "%s%d: invalid input protocol " 439 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 440 ifp->if_name, ifp->if_unit, 441 h->address, h->control, ntohs(h->protocol)); 442 ++ifp->if_noproto; 443 goto drop; 444 case PPP_LCP: 445 sppp_cp_input(&lcp, sp, m); 446 m_freem (m); 447 return; 448 case PPP_PAP: 449 if (sp->pp_phase >= PHASE_AUTHENTICATE) 450 sppp_pap_input(sp, m); 451 m_freem (m); 452 return; 453 case PPP_CHAP: 454 if (sp->pp_phase >= PHASE_AUTHENTICATE) 455 sppp_chap_input(sp, m); 456 m_freem (m); 457 return; 458#ifdef INET 459 case PPP_IPCP: 460 if (sp->pp_phase == PHASE_NETWORK) 461 sppp_cp_input(&ipcp, sp, m); 462 m_freem (m); 463 return; 464 case PPP_IP: 465 if (sp->state[IDX_IPCP] == STATE_OPENED) { 466 schednetisr (NETISR_IP); 467 inq = &ipintrq; 468 } 469 break; 470#endif 471#ifdef IPX 472 case PPP_IPX: 473 /* IPX IPXCP not implemented yet */ 474 if (sp->pp_phase == PHASE_NETWORK) { 475 schednetisr (NETISR_IPX); 476 inq = &ipxintrq; 477 } 478 break; 479#endif 480#ifdef NS 481 case PPP_XNS: 482 /* XNS IDPCP not implemented yet */ 483 if (sp->pp_phase == PHASE_NETWORK) { 484 schednetisr (NETISR_NS); 485 inq = &nsintrq; 486 } 487 break; 488#endif 489#ifdef ISO 490 case PPP_ISO: 491 /* OSI NLCP not implemented yet */ 492 if (sp->pp_phase == PHASE_NETWORK) { 493 schednetisr (NETISR_ISO); 494 inq = &clnlintrq; 495 } 496 break; 497#endif 498 } 499 break; 500 case CISCO_MULTICAST: 501 case CISCO_UNICAST: 502 /* Don't check the control field here (RFC 1547). */ 503 if (! (sp->pp_flags & PP_CISCO)) { 504 if (debug) 505 log(LOG_DEBUG, 506 "%s%d: Cisco packet in PPP mode " 507 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 508 ifp->if_name, ifp->if_unit, 509 h->address, h->control, ntohs(h->protocol)); 510 goto drop; 511 } 512 switch (ntohs (h->protocol)) { 513 default: 514 ++ifp->if_noproto; 515 goto invalid; 516 case CISCO_KEEPALIVE: 517 sppp_cisco_input ((struct sppp*) ifp, m); 518 m_freem (m); 519 return; 520#ifdef INET 521 case ETHERTYPE_IP: 522 schednetisr (NETISR_IP); 523 inq = &ipintrq; 524 break; 525#endif 526#ifdef IPX 527 case ETHERTYPE_IPX: 528 schednetisr (NETISR_IPX); 529 inq = &ipxintrq; 530 break; 531#endif 532#ifdef NS 533 case ETHERTYPE_NS: 534 schednetisr (NETISR_NS); 535 inq = &nsintrq; 536 break; 537#endif 538 } 539 break; 540 default: /* Invalid PPP packet. */ 541 invalid: 542 if (debug) 543 log(LOG_DEBUG, 544 "%s%d: invalid input packet " 545 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 546 ifp->if_name, ifp->if_unit, 547 h->address, h->control, ntohs(h->protocol)); 548 goto drop; 549 } 550 551 if (! (ifp->if_flags & IFF_UP) || ! inq) 552 goto drop; 553 554 /* Check queue. */ 555 s = splimp(); 556 if (IF_QFULL (inq)) { 557 /* Queue overflow. */ 558 IF_DROP(inq); 559 splx(s); 560 if (debug) 561 log(LOG_DEBUG, "%s%d: protocol queue overflow\n", 562 ifp->if_name, ifp->if_unit); 563 goto drop; 564 } 565 IF_ENQUEUE(inq, m); 566 splx(s); 567} 568 569/* 570 * Enqueue transmit packet. 571 */ 572static int 573sppp_output(struct ifnet *ifp, struct mbuf *m, 574 struct sockaddr *dst, struct rtentry *rt) 575{ 576 struct sppp *sp = (struct sppp*) ifp; 577 struct ppp_header *h; 578 struct ifqueue *ifq; 579 int s, rv = 0; 580 581 s = splimp(); 582 583 if ((ifp->if_flags & IFF_UP) == 0 || 584 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 585 m_freem (m); 586 splx (s); 587 return (ENETDOWN); 588 } 589 590 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 591 /* 592 * Interface is not yet running, but auto-dial. Need 593 * to start LCP for it. 594 */ 595 ifp->if_flags |= IFF_RUNNING; 596 splx(s); 597 lcp.Open(sp); 598 s = splimp(); 599 } 600 601 ifq = &ifp->if_snd; 602#ifdef INET 603 /* 604 * Put low delay, telnet, rlogin and ftp control packets 605 * in front of the queue. 606 */ 607 if (dst->sa_family == AF_INET) { 608 struct ip *ip = mtod (m, struct ip*); 609 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 610 611 if (! IF_QFULL (&sp->pp_fastq) && 612 ((ip->ip_tos & IPTOS_LOWDELAY) || 613 ip->ip_p == IPPROTO_TCP && 614 m->m_len >= sizeof (struct ip) + sizeof (struct tcphdr) && 615 (INTERACTIVE (ntohs (tcp->th_sport)) || 616 INTERACTIVE (ntohs (tcp->th_dport))))) 617 ifq = &sp->pp_fastq; 618 } 619#endif 620 621 /* 622 * Prepend general data packet PPP header. For now, IP only. 623 */ 624 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 625 if (! m) { 626 if (ifp->if_flags & IFF_DEBUG) 627 log(LOG_DEBUG, "%s%d: no memory for transmit header\n", 628 ifp->if_name, ifp->if_unit); 629 ++ifp->if_oerrors; 630 splx (s); 631 return (ENOBUFS); 632 } 633 h = mtod (m, struct ppp_header*); 634 if (sp->pp_flags & PP_CISCO) { 635 h->address = CISCO_UNICAST; /* unicast address */ 636 h->control = 0; 637 } else { 638 h->address = PPP_ALLSTATIONS; /* broadcast address */ 639 h->control = PPP_UI; /* Unnumbered Info */ 640 } 641 642 switch (dst->sa_family) { 643#ifdef INET 644 case AF_INET: /* Internet Protocol */ 645 if (sp->pp_flags & PP_CISCO) 646 h->protocol = htons (ETHERTYPE_IP); 647 else { 648 /* 649 * Don't choke with an ENETDOWN early. It's 650 * possible that we just started dialing out, 651 * so don't drop the packet immediately. If 652 * we notice that we run out of buffer space 653 * below, we will however remember that we are 654 * not ready to carry IP packets, and return 655 * ENETDOWN, as opposed to ENOBUFS. 656 */ 657 h->protocol = htons(PPP_IP); 658 if (sp->state[IDX_IPCP] != STATE_OPENED) 659 rv = ENETDOWN; 660 } 661 break; 662#endif 663#ifdef NS 664 case AF_NS: /* Xerox NS Protocol */ 665 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 666 ETHERTYPE_NS : PPP_XNS); 667 break; 668#endif 669#ifdef IPX 670 case AF_IPX: /* Novell IPX Protocol */ 671 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 672 ETHERTYPE_IPX : PPP_IPX); 673 break; 674#endif 675#ifdef ISO 676 case AF_ISO: /* ISO OSI Protocol */ 677 if (sp->pp_flags & PP_CISCO) 678 goto nosupport; 679 h->protocol = htons (PPP_ISO); 680 break; 681nosupport: 682#endif 683 default: 684 m_freem (m); 685 ++ifp->if_oerrors; 686 splx (s); 687 return (EAFNOSUPPORT); 688 } 689 690 /* 691 * Queue message on interface, and start output if interface 692 * not yet active. 693 */ 694 if (IF_QFULL (ifq)) { 695 IF_DROP (&ifp->if_snd); 696 m_freem (m); 697 ++ifp->if_oerrors; 698 splx (s); 699 return (rv? rv: ENOBUFS); 700 } 701 IF_ENQUEUE (ifq, m); 702 if (! (ifp->if_flags & IFF_OACTIVE)) 703 (*ifp->if_start) (ifp); 704 705 /* 706 * Count output packets and bytes. 707 * The packet length includes header, FCS and 1 flag, 708 * according to RFC 1333. 709 */ 710 ifp->if_obytes += m->m_pkthdr.len + 3; 711 splx (s); 712 return (0); 713} 714 715void 716sppp_attach(struct ifnet *ifp) 717{ 718 struct sppp *sp = (struct sppp*) ifp; 719 720 /* Initialize keepalive handler. */ 721 if (! spppq) 722 keepalive_ch = timeout(sppp_keepalive, 0, hz * 10); 723 724 /* Insert new entry into the keepalive list. */ 725 sp->pp_next = spppq; 726 spppq = sp; 727 728 sp->pp_if.if_type = IFT_PPP; 729 sp->pp_if.if_output = sppp_output; 730 sp->pp_fastq.ifq_maxlen = 32; 731 sp->pp_cpq.ifq_maxlen = 20; 732 sp->pp_loopcnt = 0; 733 sp->pp_alivecnt = 0; 734 sp->pp_seq = 0; 735 sp->pp_rseq = 0; 736 sp->pp_phase = PHASE_DEAD; 737 sp->pp_up = lcp.Up; 738 sp->pp_down = lcp.Down; 739 740 sppp_lcp_init(sp); 741 sppp_ipcp_init(sp); 742 sppp_pap_init(sp); 743 sppp_chap_init(sp); 744} 745 746void 747sppp_detach(struct ifnet *ifp) 748{ 749 struct sppp **q, *p, *sp = (struct sppp*) ifp; 750 int i; 751 752 /* Remove the entry from the keepalive list. */ 753 for (q = &spppq; (p = *q); q = &p->pp_next) 754 if (p == sp) { 755 *q = p->pp_next; 756 break; 757 } 758 759 /* Stop keepalive handler. */ 760 if (! spppq) 761 untimeout(sppp_keepalive, 0, keepalive_ch); 762 763 for (i = 0; i < IDX_COUNT; i++) 764 untimeout((cps[i])->TO, (void *)sp, sp->ch[i]); 765 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 766} 767 768/* 769 * Flush the interface output queue. 770 */ 771void 772sppp_flush(struct ifnet *ifp) 773{ 774 struct sppp *sp = (struct sppp*) ifp; 775 776 sppp_qflush (&sp->pp_if.if_snd); 777 sppp_qflush (&sp->pp_fastq); 778 sppp_qflush (&sp->pp_cpq); 779} 780 781/* 782 * Check if the output queue is empty. 783 */ 784int 785sppp_isempty(struct ifnet *ifp) 786{ 787 struct sppp *sp = (struct sppp*) ifp; 788 int empty, s; 789 790 s = splimp(); 791 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 792 !sp->pp_if.if_snd.ifq_head; 793 splx(s); 794 return (empty); 795} 796 797/* 798 * Get next packet to send. 799 */ 800struct mbuf * 801sppp_dequeue(struct ifnet *ifp) 802{ 803 struct sppp *sp = (struct sppp*) ifp; 804 struct mbuf *m; 805 int s; 806 807 s = splimp(); 808 /* 809 * Process only the control protocol queue until we have at 810 * least one NCP open. 811 * 812 * Do always serve all three queues in Cisco mode. 813 */ 814 IF_DEQUEUE(&sp->pp_cpq, m); 815 if (m == NULL && 816 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) { 817 IF_DEQUEUE(&sp->pp_fastq, m); 818 if (m == NULL) 819 IF_DEQUEUE (&sp->pp_if.if_snd, m); 820 } 821 splx(s); 822 return m; 823} 824 825/* 826 * Pick the next packet, do not remove it from the queue. 827 */ 828struct mbuf * 829sppp_pick(struct ifnet *ifp) 830{ 831 struct sppp *sp = (struct sppp*)ifp; 832 struct mbuf *m; 833 int s; 834 835 s= splimp (); 836 837 m = sp->pp_cpq.ifq_head; 838 if (m == NULL && 839 (sp->pp_phase == PHASE_NETWORK || 840 (sp->pp_flags & PP_CISCO) != 0)) 841 if ((m = sp->pp_fastq.ifq_head) == NULL) 842 m = sp->pp_if.if_snd.ifq_head; 843 splx (s); 844 return (m); 845} 846 847/* 848 * Process an ioctl request. Called on low priority level. 849 */ 850int 851sppp_ioctl(struct ifnet *ifp, int cmd, void *data) 852{ 853 struct ifreq *ifr = (struct ifreq*) data; 854 struct sppp *sp = (struct sppp*) ifp; 855 int s, rv, going_up, going_down, newmode; 856 857 s = splimp(); 858 rv = 0; 859 switch (cmd) { 860 case SIOCAIFADDR: 861 case SIOCSIFDSTADDR: 862 break; 863 864 case SIOCSIFADDR: 865 if_up(ifp); 866 /* fall through... */ 867 868 case SIOCSIFFLAGS: 869 going_up = ifp->if_flags & IFF_UP && 870 (ifp->if_flags & IFF_RUNNING) == 0; 871 going_down = (ifp->if_flags & IFF_UP) == 0 && 872 ifp->if_flags & IFF_RUNNING; 873 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 874 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 875 /* sanity */ 876 newmode = IFF_PASSIVE; 877 ifp->if_flags &= ~IFF_AUTO; 878 } 879 880 if (going_up || going_down) 881 lcp.Close(sp); 882 if (going_up && newmode == 0) { 883 /* neither auto-dial nor passive */ 884 ifp->if_flags |= IFF_RUNNING; 885 if (!(sp->pp_flags & PP_CISCO)) 886 lcp.Open(sp); 887 } else if (going_down) { 888 sppp_flush(ifp); 889 ifp->if_flags &= ~IFF_RUNNING; 890 } 891 892 break; 893 894#ifdef SIOCSIFMTU 895#ifndef ifr_mtu 896#define ifr_mtu ifr_metric 897#endif 898 case SIOCSIFMTU: 899 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 900 return (EINVAL); 901 ifp->if_mtu = ifr->ifr_mtu; 902 break; 903#endif 904#ifdef SLIOCSETMTU 905 case SLIOCSETMTU: 906 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 907 return (EINVAL); 908 ifp->if_mtu = *(short*)data; 909 break; 910#endif 911#ifdef SIOCGIFMTU 912 case SIOCGIFMTU: 913 ifr->ifr_mtu = ifp->if_mtu; 914 break; 915#endif 916#ifdef SLIOCGETMTU 917 case SLIOCGETMTU: 918 *(short*)data = ifp->if_mtu; 919 break; 920#endif 921 case SIOCADDMULTI: 922 case SIOCDELMULTI: 923 break; 924 925 case SIOCGIFGENERIC: 926 case SIOCSIFGENERIC: 927 rv = sppp_params(sp, cmd, data); 928 break; 929 930 default: 931 rv = ENOTTY; 932 } 933 splx(s); 934 return rv; 935} 936 937 938/* 939 * Cisco framing implementation. 940 */ 941 942/* 943 * Handle incoming Cisco keepalive protocol packets. 944 */ 945static void 946sppp_cisco_input(struct sppp *sp, struct mbuf *m) 947{ 948 STDDCL; 949 struct cisco_packet *h; 950 u_long me, mymask; 951 952 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 953 if (debug) 954 log(LOG_DEBUG, 955 "%s%d: cisco invalid packet length: %d bytes\n", 956 ifp->if_name, ifp->if_unit, m->m_pkthdr.len); 957 return; 958 } 959 h = mtod (m, struct cisco_packet*); 960 if (debug) 961 log(LOG_DEBUG, 962 "%s%d: cisco input: %d bytes " 963 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 964 ifp->if_name, ifp->if_unit, m->m_pkthdr.len, 965 ntohl (h->type), h->par1, h->par2, h->rel, 966 h->time0, h->time1); 967 switch (ntohl (h->type)) { 968 default: 969 if (debug) 970 addlog("%s%d: cisco unknown packet type: 0x%lx\n", 971 ifp->if_name, ifp->if_unit, ntohl (h->type)); 972 break; 973 case CISCO_ADDR_REPLY: 974 /* Reply on address request, ignore */ 975 break; 976 case CISCO_KEEPALIVE_REQ: 977 sp->pp_alivecnt = 0; 978 sp->pp_rseq = ntohl (h->par1); 979 if (sp->pp_seq == sp->pp_rseq) { 980 /* Local and remote sequence numbers are equal. 981 * Probably, the line is in loopback mode. */ 982 if (sp->pp_loopcnt >= MAXALIVECNT) { 983 printf ("%s%d: loopback\n", 984 ifp->if_name, ifp->if_unit); 985 sp->pp_loopcnt = 0; 986 if (ifp->if_flags & IFF_UP) { 987 if_down (ifp); 988 sppp_qflush (&sp->pp_cpq); 989 } 990 } 991 ++sp->pp_loopcnt; 992 993 /* Generate new local sequence number */ 994 sp->pp_seq = random(); 995 break; 996 } 997 sp->pp_loopcnt = 0; 998 if (! (ifp->if_flags & IFF_UP) && 999 (ifp->if_flags & IFF_RUNNING)) { 1000 if_up(ifp); 1001 printf ("%s%d: up\n", ifp->if_name, ifp->if_unit); 1002 } 1003 break; 1004 case CISCO_ADDR_REQ: 1005 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1006 if (me != 0L) 1007 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1008 break; 1009 } 1010} 1011 1012/* 1013 * Send Cisco keepalive packet. 1014 */ 1015static void 1016sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1017{ 1018 STDDCL; 1019 struct ppp_header *h; 1020 struct cisco_packet *ch; 1021 struct mbuf *m; 1022 struct timeval tv; 1023 1024 getmicrouptime(&tv); 1025 1026 MGETHDR (m, M_DONTWAIT, MT_DATA); 1027 if (! m) 1028 return; 1029 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1030 m->m_pkthdr.rcvif = 0; 1031 1032 h = mtod (m, struct ppp_header*); 1033 h->address = CISCO_MULTICAST; 1034 h->control = 0; 1035 h->protocol = htons (CISCO_KEEPALIVE); 1036 1037 ch = (struct cisco_packet*) (h + 1); 1038 ch->type = htonl (type); 1039 ch->par1 = htonl (par1); 1040 ch->par2 = htonl (par2); 1041 ch->rel = -1; 1042 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1043 ch->time1 = htons ((u_short) tv.tv_sec); 1044 1045 if (debug) 1046 log(LOG_DEBUG, 1047 "%s%d: cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1048 ifp->if_name, ifp->if_unit, ntohl (ch->type), ch->par1, 1049 ch->par2, ch->rel, ch->time0, ch->time1); 1050 1051 if (IF_QFULL (&sp->pp_cpq)) { 1052 IF_DROP (&sp->pp_fastq); 1053 IF_DROP (&ifp->if_snd); 1054 m_freem (m); 1055 } else 1056 IF_ENQUEUE (&sp->pp_cpq, m); 1057 if (! (ifp->if_flags & IFF_OACTIVE)) 1058 (*ifp->if_start) (ifp); 1059 ifp->if_obytes += m->m_pkthdr.len + 3; 1060} 1061 1062/* 1063 * PPP protocol implementation. 1064 */ 1065 1066/* 1067 * Send PPP control protocol packet. 1068 */ 1069static void 1070sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1071 u_char ident, u_short len, void *data) 1072{ 1073 STDDCL; 1074 struct ppp_header *h; 1075 struct lcp_header *lh; 1076 struct mbuf *m; 1077 1078 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1079 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1080 MGETHDR (m, M_DONTWAIT, MT_DATA); 1081 if (! m) 1082 return; 1083 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1084 m->m_pkthdr.rcvif = 0; 1085 1086 h = mtod (m, struct ppp_header*); 1087 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1088 h->control = PPP_UI; /* Unnumbered Info */ 1089 h->protocol = htons (proto); /* Link Control Protocol */ 1090 1091 lh = (struct lcp_header*) (h + 1); 1092 lh->type = type; 1093 lh->ident = ident; 1094 lh->len = htons (LCP_HEADER_LEN + len); 1095 if (len) 1096 bcopy (data, lh+1, len); 1097 1098 if (debug) { 1099 log(LOG_DEBUG, "%s%d: %s output <%s id=0x%x len=%d", 1100 ifp->if_name, ifp->if_unit, 1101 sppp_proto_name(proto), 1102 sppp_cp_type_name (lh->type), lh->ident, 1103 ntohs (lh->len)); 1104 if (len) 1105 sppp_print_bytes ((u_char*) (lh+1), len); 1106 addlog(">\n"); 1107 } 1108 if (IF_QFULL (&sp->pp_cpq)) { 1109 IF_DROP (&sp->pp_fastq); 1110 IF_DROP (&ifp->if_snd); 1111 m_freem (m); 1112 ++ifp->if_oerrors; 1113 } else 1114 IF_ENQUEUE (&sp->pp_cpq, m); 1115 if (! (ifp->if_flags & IFF_OACTIVE)) 1116 (*ifp->if_start) (ifp); 1117 ifp->if_obytes += m->m_pkthdr.len + 3; 1118} 1119 1120/* 1121 * Handle incoming PPP control protocol packets. 1122 */ 1123static void 1124sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1125{ 1126 STDDCL; 1127 struct lcp_header *h; 1128 int len = m->m_pkthdr.len; 1129 int rv; 1130 u_char *p; 1131 1132 if (len < 4) { 1133 if (debug) 1134 log(LOG_DEBUG, 1135 "%s%d: %s invalid packet length: %d bytes\n", 1136 ifp->if_name, ifp->if_unit, cp->name, len); 1137 return; 1138 } 1139 h = mtod (m, struct lcp_header*); 1140 if (debug) { 1141 log(LOG_DEBUG, 1142 "%s%d: %s input(%s): <%s id=0x%x len=%d", 1143 ifp->if_name, ifp->if_unit, cp->name, 1144 sppp_state_name(sp->state[cp->protoidx]), 1145 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1146 if (len > 4) 1147 sppp_print_bytes ((u_char*) (h+1), len-4); 1148 addlog(">\n"); 1149 } 1150 if (len > ntohs (h->len)) 1151 len = ntohs (h->len); 1152 p = (u_char *)(h + 1); 1153 switch (h->type) { 1154 case CONF_REQ: 1155 if (len < 4) { 1156 if (debug) 1157 addlog("%s%d: %s invalid conf-req length %d\n", 1158 ifp->if_name, ifp->if_unit, cp->name, 1159 len); 1160 ++ifp->if_ierrors; 1161 break; 1162 } 1163 /* handle states where RCR doesn't get a SCA/SCN */ 1164 switch (sp->state[cp->protoidx]) { 1165 case STATE_CLOSING: 1166 case STATE_STOPPING: 1167 return; 1168 case STATE_CLOSED: 1169 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1170 0, 0); 1171 return; 1172 } 1173 rv = (cp->RCR)(sp, h, len); 1174 switch (sp->state[cp->protoidx]) { 1175 case STATE_OPENED: 1176 (cp->tld)(sp); 1177 (cp->scr)(sp); 1178 /* fall through... */ 1179 case STATE_ACK_SENT: 1180 case STATE_REQ_SENT: 1181 sppp_cp_change_state(cp, sp, rv? 1182 STATE_ACK_SENT: STATE_REQ_SENT); 1183 break; 1184 case STATE_STOPPED: 1185 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1186 (cp->scr)(sp); 1187 sppp_cp_change_state(cp, sp, rv? 1188 STATE_ACK_SENT: STATE_REQ_SENT); 1189 break; 1190 case STATE_ACK_RCVD: 1191 if (rv) { 1192 sppp_cp_change_state(cp, sp, STATE_OPENED); 1193 if (debug) 1194 log(LOG_DEBUG, "%s%d: %s tlu\n", 1195 ifp->if_name, ifp->if_unit, 1196 cp->name); 1197 (cp->tlu)(sp); 1198 } else 1199 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1200 break; 1201 default: 1202 printf("%s%d: %s illegal %s in state %s\n", 1203 ifp->if_name, ifp->if_unit, cp->name, 1204 sppp_cp_type_name(h->type), 1205 sppp_state_name(sp->state[cp->protoidx])); 1206 ++ifp->if_ierrors; 1207 } 1208 break; 1209 case CONF_ACK: 1210 if (h->ident != sp->confid[cp->protoidx]) { 1211 if (debug) 1212 addlog("%s%d: %s id mismatch 0x%x != 0x%x\n", 1213 ifp->if_name, ifp->if_unit, cp->name, 1214 h->ident, sp->confid[cp->protoidx]); 1215 ++ifp->if_ierrors; 1216 break; 1217 } 1218 switch (sp->state[cp->protoidx]) { 1219 case STATE_CLOSED: 1220 case STATE_STOPPED: 1221 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1222 break; 1223 case STATE_CLOSING: 1224 case STATE_STOPPING: 1225 break; 1226 case STATE_REQ_SENT: 1227 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1228 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1229 break; 1230 case STATE_OPENED: 1231 (cp->tld)(sp); 1232 /* fall through */ 1233 case STATE_ACK_RCVD: 1234 (cp->scr)(sp); 1235 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1236 break; 1237 case STATE_ACK_SENT: 1238 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1239 sppp_cp_change_state(cp, sp, STATE_OPENED); 1240 if (debug) 1241 log(LOG_DEBUG, "%s%d: %s tlu\n", 1242 ifp->if_name, ifp->if_unit, cp->name); 1243 (cp->tlu)(sp); 1244 break; 1245 default: 1246 printf("%s%d: %s illegal %s in state %s\n", 1247 ifp->if_name, ifp->if_unit, cp->name, 1248 sppp_cp_type_name(h->type), 1249 sppp_state_name(sp->state[cp->protoidx])); 1250 ++ifp->if_ierrors; 1251 } 1252 break; 1253 case CONF_NAK: 1254 case CONF_REJ: 1255 if (h->ident != sp->confid[cp->protoidx]) { 1256 if (debug) 1257 addlog("%s%d: %s id mismatch 0x%x != 0x%x\n", 1258 ifp->if_name, ifp->if_unit, cp->name, 1259 h->ident, sp->confid[cp->protoidx]); 1260 ++ifp->if_ierrors; 1261 break; 1262 } 1263 if (h->type == CONF_NAK) 1264 (cp->RCN_nak)(sp, h, len); 1265 else /* CONF_REJ */ 1266 (cp->RCN_rej)(sp, h, len); 1267 1268 switch (sp->state[cp->protoidx]) { 1269 case STATE_CLOSED: 1270 case STATE_STOPPED: 1271 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1272 break; 1273 case STATE_REQ_SENT: 1274 case STATE_ACK_SENT: 1275 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1276 (cp->scr)(sp); 1277 break; 1278 case STATE_OPENED: 1279 (cp->tld)(sp); 1280 /* fall through */ 1281 case STATE_ACK_RCVD: 1282 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1283 (cp->scr)(sp); 1284 break; 1285 case STATE_CLOSING: 1286 case STATE_STOPPING: 1287 break; 1288 default: 1289 printf("%s%d: %s illegal %s in state %s\n", 1290 ifp->if_name, ifp->if_unit, cp->name, 1291 sppp_cp_type_name(h->type), 1292 sppp_state_name(sp->state[cp->protoidx])); 1293 ++ifp->if_ierrors; 1294 } 1295 break; 1296 1297 case TERM_REQ: 1298 switch (sp->state[cp->protoidx]) { 1299 case STATE_ACK_RCVD: 1300 case STATE_ACK_SENT: 1301 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1302 /* fall through */ 1303 case STATE_CLOSED: 1304 case STATE_STOPPED: 1305 case STATE_CLOSING: 1306 case STATE_STOPPING: 1307 case STATE_REQ_SENT: 1308 sta: 1309 /* Send Terminate-Ack packet. */ 1310 if (debug) 1311 log(LOG_DEBUG, "%s%d: %s send terminate-ack\n", 1312 ifp->if_name, ifp->if_unit, cp->name); 1313 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1314 break; 1315 case STATE_OPENED: 1316 (cp->tld)(sp); 1317 sp->rst_counter[cp->protoidx] = 0; 1318 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1319 goto sta; 1320 break; 1321 default: 1322 printf("%s%d: %s illegal %s in state %s\n", 1323 ifp->if_name, ifp->if_unit, cp->name, 1324 sppp_cp_type_name(h->type), 1325 sppp_state_name(sp->state[cp->protoidx])); 1326 ++ifp->if_ierrors; 1327 } 1328 break; 1329 case TERM_ACK: 1330 switch (sp->state[cp->protoidx]) { 1331 case STATE_CLOSED: 1332 case STATE_STOPPED: 1333 case STATE_REQ_SENT: 1334 case STATE_ACK_SENT: 1335 break; 1336 case STATE_CLOSING: 1337 (cp->tlf)(sp); 1338 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1339 break; 1340 case STATE_STOPPING: 1341 (cp->tlf)(sp); 1342 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1343 break; 1344 case STATE_ACK_RCVD: 1345 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1346 break; 1347 case STATE_OPENED: 1348 (cp->tld)(sp); 1349 (cp->scr)(sp); 1350 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1351 break; 1352 default: 1353 printf("%s%d: %s illegal %s in state %s\n", 1354 ifp->if_name, ifp->if_unit, cp->name, 1355 sppp_cp_type_name(h->type), 1356 sppp_state_name(sp->state[cp->protoidx])); 1357 ++ifp->if_ierrors; 1358 } 1359 break; 1360 case CODE_REJ: 1361 case PROTO_REJ: 1362 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1363 log(LOG_INFO, 1364 "%s%d: %s: ignoring RXJ (%s) for proto 0x%x, " 1365 "danger will robinson\n", 1366 ifp->if_name, ifp->if_unit, cp->name, 1367 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1368 switch (sp->state[cp->protoidx]) { 1369 case STATE_CLOSED: 1370 case STATE_STOPPED: 1371 case STATE_REQ_SENT: 1372 case STATE_ACK_SENT: 1373 case STATE_CLOSING: 1374 case STATE_STOPPING: 1375 case STATE_OPENED: 1376 break; 1377 case STATE_ACK_RCVD: 1378 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1379 break; 1380 default: 1381 printf("%s%d: %s illegal %s in state %s\n", 1382 ifp->if_name, ifp->if_unit, cp->name, 1383 sppp_cp_type_name(h->type), 1384 sppp_state_name(sp->state[cp->protoidx])); 1385 ++ifp->if_ierrors; 1386 } 1387 break; 1388 case DISC_REQ: 1389 if (cp->proto != PPP_LCP) 1390 goto illegal; 1391 /* Discard the packet. */ 1392 break; 1393 case ECHO_REQ: 1394 if (cp->proto != PPP_LCP) 1395 goto illegal; 1396 if (sp->state[cp->protoidx] != STATE_OPENED) { 1397 if (debug) 1398 addlog("%s%d: lcp echo req but lcp closed\n", 1399 ifp->if_name, ifp->if_unit); 1400 ++ifp->if_ierrors; 1401 break; 1402 } 1403 if (len < 8) { 1404 if (debug) 1405 addlog("%s%d: invalid lcp echo request " 1406 "packet length: %d bytes\n", 1407 ifp->if_name, ifp->if_unit, len); 1408 break; 1409 } 1410 if (ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1411 /* Line loopback mode detected. */ 1412 printf("%s%d: loopback\n", ifp->if_name, ifp->if_unit); 1413 if_down (ifp); 1414 sppp_qflush (&sp->pp_cpq); 1415 1416 /* Shut down the PPP link. */ 1417 /* XXX */ 1418 lcp.Down(sp); 1419 lcp.Up(sp); 1420 break; 1421 } 1422 *(long*)(h+1) = htonl (sp->lcp.magic); 1423 if (debug) 1424 addlog("%s%d: got lcp echo req, sending echo rep\n", 1425 ifp->if_name, ifp->if_unit); 1426 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1427 break; 1428 case ECHO_REPLY: 1429 if (cp->proto != PPP_LCP) 1430 goto illegal; 1431 if (h->ident != sp->lcp.echoid) { 1432 ++ifp->if_ierrors; 1433 break; 1434 } 1435 if (len < 8) { 1436 if (debug) 1437 addlog("%s%d: lcp invalid echo reply " 1438 "packet length: %d bytes\n", 1439 ifp->if_name, ifp->if_unit, len); 1440 break; 1441 } 1442 if (debug) 1443 addlog("%s%d: lcp got echo rep\n", 1444 ifp->if_name, ifp->if_unit); 1445 if (ntohl (*(long*)(h+1)) != sp->lcp.magic) 1446 sp->pp_alivecnt = 0; 1447 break; 1448 default: 1449 /* Unknown packet type -- send Code-Reject packet. */ 1450 illegal: 1451 if (debug) 1452 addlog("%s%d: %c send code-rej for 0x%x\n", 1453 ifp->if_name, ifp->if_unit, cp->name, h->type); 1454 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq, 1455 m->m_pkthdr.len, h); 1456 ++ifp->if_ierrors; 1457 } 1458} 1459 1460 1461/* 1462 * The generic part of all Up/Down/Open/Close/TO event handlers. 1463 * Basically, the state transition handling in the automaton. 1464 */ 1465static void 1466sppp_up_event(const struct cp *cp, struct sppp *sp) 1467{ 1468 STDDCL; 1469 1470 if (debug) 1471 log(LOG_DEBUG, "%s%d: %s up(%s)\n", 1472 ifp->if_name, ifp->if_unit, cp->name, 1473 sppp_state_name(sp->state[cp->protoidx])); 1474 1475 switch (sp->state[cp->protoidx]) { 1476 case STATE_INITIAL: 1477 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1478 break; 1479 case STATE_STARTING: 1480 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1481 (cp->scr)(sp); 1482 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1483 break; 1484 default: 1485 printf("%s%d: %s illegal up in state %s\n", 1486 ifp->if_name, ifp->if_unit, cp->name, 1487 sppp_state_name(sp->state[cp->protoidx])); 1488 } 1489} 1490 1491static void 1492sppp_down_event(const struct cp *cp, struct sppp *sp) 1493{ 1494 STDDCL; 1495 1496 if (debug) 1497 log(LOG_DEBUG, "%s%d: %s down(%s)\n", 1498 ifp->if_name, ifp->if_unit, cp->name, 1499 sppp_state_name(sp->state[cp->protoidx])); 1500 1501 switch (sp->state[cp->protoidx]) { 1502 case STATE_CLOSED: 1503 case STATE_CLOSING: 1504 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1505 break; 1506 case STATE_STOPPED: 1507 (cp->tls)(sp); 1508 /* fall through */ 1509 case STATE_STOPPING: 1510 case STATE_REQ_SENT: 1511 case STATE_ACK_RCVD: 1512 case STATE_ACK_SENT: 1513 sppp_cp_change_state(cp, sp, STATE_STARTING); 1514 break; 1515 case STATE_OPENED: 1516 (cp->tld)(sp); 1517 sppp_cp_change_state(cp, sp, STATE_STARTING); 1518 break; 1519 default: 1520 printf("%s%d: %s illegal down in state %s\n", 1521 ifp->if_name, ifp->if_unit, cp->name, 1522 sppp_state_name(sp->state[cp->protoidx])); 1523 } 1524} 1525 1526 1527static void 1528sppp_open_event(const struct cp *cp, struct sppp *sp) 1529{ 1530 STDDCL; 1531 1532 if (debug) 1533 log(LOG_DEBUG, "%s%d: %s open(%s)\n", 1534 ifp->if_name, ifp->if_unit, cp->name, 1535 sppp_state_name(sp->state[cp->protoidx])); 1536 1537 switch (sp->state[cp->protoidx]) { 1538 case STATE_INITIAL: 1539 (cp->tls)(sp); 1540 sppp_cp_change_state(cp, sp, STATE_STARTING); 1541 break; 1542 case STATE_STARTING: 1543 break; 1544 case STATE_CLOSED: 1545 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1546 (cp->scr)(sp); 1547 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1548 break; 1549 case STATE_STOPPED: 1550 case STATE_STOPPING: 1551 case STATE_REQ_SENT: 1552 case STATE_ACK_RCVD: 1553 case STATE_ACK_SENT: 1554 case STATE_OPENED: 1555 break; 1556 case STATE_CLOSING: 1557 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1558 break; 1559 } 1560} 1561 1562 1563static void 1564sppp_close_event(const struct cp *cp, struct sppp *sp) 1565{ 1566 STDDCL; 1567 1568 if (debug) 1569 log(LOG_DEBUG, "%s%d: %s close(%s)\n", 1570 ifp->if_name, ifp->if_unit, cp->name, 1571 sppp_state_name(sp->state[cp->protoidx])); 1572 1573 switch (sp->state[cp->protoidx]) { 1574 case STATE_INITIAL: 1575 case STATE_CLOSED: 1576 case STATE_CLOSING: 1577 break; 1578 case STATE_STARTING: 1579 (cp->tlf)(sp); 1580 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1581 break; 1582 case STATE_STOPPED: 1583 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1584 break; 1585 case STATE_STOPPING: 1586 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1587 break; 1588 case STATE_OPENED: 1589 (cp->tld)(sp); 1590 /* fall through */ 1591 case STATE_REQ_SENT: 1592 case STATE_ACK_RCVD: 1593 case STATE_ACK_SENT: 1594 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1595 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1596 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1597 break; 1598 } 1599} 1600 1601static void 1602sppp_to_event(const struct cp *cp, struct sppp *sp) 1603{ 1604 STDDCL; 1605 int s; 1606 1607 s = splimp(); 1608 if (debug) 1609 log(LOG_DEBUG, "%s%d: %s TO(%s) rst_counter = %d\n", 1610 ifp->if_name, ifp->if_unit, cp->name, 1611 sppp_state_name(sp->state[cp->protoidx]), 1612 sp->rst_counter[cp->protoidx]); 1613 1614 if (--sp->rst_counter[cp->protoidx] < 0) 1615 /* TO- event */ 1616 switch (sp->state[cp->protoidx]) { 1617 case STATE_CLOSING: 1618 (cp->tlf)(sp); 1619 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1620 break; 1621 case STATE_STOPPING: 1622 (cp->tlf)(sp); 1623 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1624 break; 1625 case STATE_REQ_SENT: 1626 case STATE_ACK_RCVD: 1627 case STATE_ACK_SENT: 1628 (cp->tlf)(sp); 1629 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1630 break; 1631 } 1632 else 1633 /* TO+ event */ 1634 switch (sp->state[cp->protoidx]) { 1635 case STATE_CLOSING: 1636 case STATE_STOPPING: 1637 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 1638 0, 0); 1639 sp->ch[cp->protoidx] = timeout(cp->TO, (void *)sp, 1640 sp->lcp.timeout); 1641 break; 1642 case STATE_REQ_SENT: 1643 case STATE_ACK_RCVD: 1644 (cp->scr)(sp); 1645 /* sppp_cp_change_state() will restart the timer */ 1646 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1647 break; 1648 case STATE_ACK_SENT: 1649 (cp->scr)(sp); 1650 sp->ch[cp->protoidx] = timeout(cp->TO, (void *)sp, 1651 sp->lcp.timeout); 1652 break; 1653 } 1654 1655 splx(s); 1656} 1657 1658/* 1659 * Change the state of a control protocol in the state automaton. 1660 * Takes care of starting/stopping the restart timer. 1661 */ 1662void 1663sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1664{ 1665 sp->state[cp->protoidx] = newstate; 1666 1667 untimeout(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 1668 switch (newstate) { 1669 case STATE_INITIAL: 1670 case STATE_STARTING: 1671 case STATE_CLOSED: 1672 case STATE_STOPPED: 1673 case STATE_OPENED: 1674 break; 1675 case STATE_CLOSING: 1676 case STATE_STOPPING: 1677 case STATE_REQ_SENT: 1678 case STATE_ACK_RCVD: 1679 case STATE_ACK_SENT: 1680 sp->ch[cp->protoidx] = timeout(cp->TO, (void *)sp, 1681 sp->lcp.timeout); 1682 break; 1683 } 1684} 1685/* 1686 *--------------------------------------------------------------------------* 1687 * * 1688 * The LCP implementation. * 1689 * * 1690 *--------------------------------------------------------------------------* 1691 */ 1692static void 1693sppp_lcp_init(struct sppp *sp) 1694{ 1695 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1696 sp->lcp.magic = 0; 1697 sp->state[IDX_LCP] = STATE_INITIAL; 1698 sp->fail_counter[IDX_LCP] = 0; 1699 sp->lcp.protos = 0; 1700 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 1701 1702 /* 1703 * Initialize counters and timeout values. Note that we don't 1704 * use the 3 seconds suggested in RFC 1661 since we are likely 1705 * running on a fast link. XXX We should probably implement 1706 * the exponential backoff option. Note that these values are 1707 * relevant for all control protocols, not just LCP only. 1708 */ 1709 sp->lcp.timeout = 1 * hz; 1710 sp->lcp.max_terminate = 2; 1711 sp->lcp.max_configure = 10; 1712 sp->lcp.max_failure = 10; 1713 callout_handle_init(&sp->ch[IDX_LCP]); 1714} 1715 1716static void 1717sppp_lcp_up(struct sppp *sp) 1718{ 1719 STDDCL; 1720 1721 /* 1722 * If this interface is passive or dial-on-demand, and we are 1723 * still in Initial state, it means we've got an incoming 1724 * call. Activate the interface. 1725 */ 1726 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 1727 if (debug) 1728 log(LOG_DEBUG, 1729 "%s%d: Up event", ifp->if_name, ifp->if_unit); 1730 ifp->if_flags |= IFF_RUNNING; 1731 if (sp->state[IDX_LCP] == STATE_INITIAL) { 1732 if (debug) 1733 addlog("(incoming call)\n"); 1734 sp->pp_flags |= PP_CALLIN; 1735 lcp.Open(sp); 1736 } else if (debug) 1737 addlog("\n"); 1738 } 1739 1740 sppp_up_event(&lcp, sp); 1741} 1742 1743static void 1744sppp_lcp_down(struct sppp *sp) 1745{ 1746 STDDCL; 1747 1748 sppp_down_event(&lcp, sp); 1749 1750 /* 1751 * If this is neither a dial-on-demand nor a passive 1752 * interface, simulate an ``ifconfig down'' action, so the 1753 * administrator can force a redial by another ``ifconfig 1754 * up''. XXX For leased line operation, should we immediately 1755 * try to reopen the connection here? 1756 */ 1757 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 1758 log(LOG_INFO, 1759 "%s%d: Down event (carrier loss), taking interface down.\n", 1760 ifp->if_name, ifp->if_unit); 1761 if_down(ifp); 1762 } else { 1763 if (debug) 1764 log(LOG_DEBUG, 1765 "%s%d: Down event (carrier loss)\n", 1766 ifp->if_name, ifp->if_unit); 1767 } 1768 sp->pp_flags &= ~PP_CALLIN; 1769 if (sp->state[IDX_LCP] != STATE_INITIAL) 1770 lcp.Close(sp); 1771 ifp->if_flags &= ~IFF_RUNNING; 1772} 1773 1774static void 1775sppp_lcp_open(struct sppp *sp) 1776{ 1777 /* 1778 * If we are authenticator, negotiate LCP_AUTH 1779 */ 1780 if (sp->hisauth.proto != 0) 1781 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 1782 else 1783 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1784 sp->pp_flags &= ~PP_NEEDAUTH; 1785 sppp_open_event(&lcp, sp); 1786} 1787 1788static void 1789sppp_lcp_close(struct sppp *sp) 1790{ 1791 sppp_close_event(&lcp, sp); 1792} 1793 1794static void 1795sppp_lcp_TO(void *cookie) 1796{ 1797 sppp_to_event(&lcp, (struct sppp *)cookie); 1798} 1799 1800/* 1801 * Analyze a configure request. Return true if it was agreeable, and 1802 * caused action sca, false if it has been rejected or nak'ed, and 1803 * caused action scn. (The return value is used to make the state 1804 * transition decision in the state automaton.) 1805 */ 1806static int 1807sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 1808{ 1809 STDDCL; 1810 u_char *buf, *r, *p; 1811 int origlen, rlen; 1812 u_long nmagic; 1813 u_short authproto; 1814 1815 len -= 4; 1816 origlen = len; 1817 buf = r = malloc (len, M_TEMP, M_NOWAIT); 1818 if (! buf) 1819 return (0); 1820 1821 if (debug) 1822 log(LOG_DEBUG, "%s%d: lcp parse opts: ", 1823 ifp->if_name, ifp->if_unit); 1824 1825 /* pass 1: check for things that need to be rejected */ 1826 p = (void*) (h+1); 1827 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 1828 if (debug) 1829 addlog(" %s ", sppp_lcp_opt_name(*p)); 1830 switch (*p) { 1831 case LCP_OPT_MAGIC: 1832 /* Magic number. */ 1833 /* fall through, both are same length */ 1834 case LCP_OPT_ASYNC_MAP: 1835 /* Async control character map. */ 1836 if (len >= 6 || p[1] == 6) 1837 continue; 1838 if (debug) 1839 addlog("[invalid] "); 1840 break; 1841 case LCP_OPT_MRU: 1842 /* Maximum receive unit. */ 1843 if (len >= 4 && p[1] == 4) 1844 continue; 1845 if (debug) 1846 addlog("[invalid] "); 1847 break; 1848 case LCP_OPT_AUTH_PROTO: 1849 if (len < 4) { 1850 if (debug) 1851 addlog("[invalid] "); 1852 break; 1853 } 1854 authproto = (p[2] << 8) + p[3]; 1855 if (authproto == PPP_CHAP && p[1] != 5) { 1856 if (debug) 1857 addlog("[invalid chap len] "); 1858 break; 1859 } 1860 if (sp->myauth.proto == 0) { 1861 /* we are not configured to do auth */ 1862 if (debug) 1863 addlog("[not configured] "); 1864 break; 1865 } 1866 /* 1867 * Remote want us to authenticate, remember this, 1868 * so we stay in PHASE_AUTHENTICATE after LCP got 1869 * up. 1870 */ 1871 sp->pp_flags |= PP_NEEDAUTH; 1872 continue; 1873 default: 1874 /* Others not supported. */ 1875 if (debug) 1876 addlog("[rej] "); 1877 break; 1878 } 1879 /* Add the option to rejected list. */ 1880 bcopy (p, r, p[1]); 1881 r += p[1]; 1882 rlen += p[1]; 1883 } 1884 if (rlen) { 1885 if (debug) 1886 addlog(" send conf-rej\n"); 1887 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 1888 return 0; 1889 } else if (debug) 1890 addlog("\n"); 1891 1892 /* 1893 * pass 2: check for option values that are unacceptable and 1894 * thus require to be nak'ed. 1895 */ 1896 if (debug) 1897 log(LOG_DEBUG, "%s%d: lcp parse opt values: ", 1898 ifp->if_name, ifp->if_unit); 1899 1900 p = (void*) (h+1); 1901 len = origlen; 1902 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 1903 if (debug) 1904 addlog(" %s ", sppp_lcp_opt_name(*p)); 1905 switch (*p) { 1906 case LCP_OPT_MAGIC: 1907 /* Magic number -- extract. */ 1908 nmagic = (u_long)p[2] << 24 | 1909 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 1910 if (nmagic != sp->lcp.magic) { 1911 if (debug) 1912 addlog("0x%x ", nmagic); 1913 continue; 1914 } 1915 /* 1916 * Local and remote magics equal -- loopback? 1917 */ 1918 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 1919 printf ("%s%d: loopback\n", 1920 ifp->if_name, ifp->if_unit); 1921 sp->pp_loopcnt = 0; 1922 if (ifp->if_flags & IFF_UP) { 1923 if_down(ifp); 1924 sppp_qflush(&sp->pp_cpq); 1925 /* XXX ? */ 1926 lcp.Down(sp); 1927 lcp.Up(sp); 1928 } 1929 } else if (debug) 1930 addlog("[glitch] "); 1931 ++sp->pp_loopcnt; 1932 /* 1933 * We negate our magic here, and NAK it. If 1934 * we see it later in an NAK packet, we 1935 * suggest a new one. 1936 */ 1937 nmagic = ~sp->lcp.magic; 1938 /* Gonna NAK it. */ 1939 p[2] = nmagic >> 24; 1940 p[3] = nmagic >> 16; 1941 p[4] = nmagic >> 8; 1942 p[5] = nmagic; 1943 break; 1944 1945 case LCP_OPT_ASYNC_MAP: 1946 /* Async control character map -- check to be zero. */ 1947 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 1948 if (debug) 1949 addlog("[empty] "); 1950 continue; 1951 } 1952 if (debug) 1953 addlog("[non-empty] "); 1954 /* suggest a zero one */ 1955 p[2] = p[3] = p[4] = p[5] = 0; 1956 break; 1957 1958 case LCP_OPT_MRU: 1959 /* 1960 * Maximum receive unit. Always agreeable, 1961 * but ignored by now. 1962 */ 1963 sp->lcp.their_mru = p[2] * 256 + p[3]; 1964 if (debug) 1965 addlog("%d ", sp->lcp.their_mru); 1966 continue; 1967 1968 case LCP_OPT_AUTH_PROTO: 1969 authproto = (p[2] << 8) + p[3]; 1970 if (sp->myauth.proto != authproto) { 1971 /* not agreed, nak */ 1972 if (debug) 1973 addlog("[mine %s != his %s] ", 1974 sppp_proto_name(sp->hisauth.proto), 1975 sppp_proto_name(authproto)); 1976 p[2] = sp->myauth.proto >> 8; 1977 p[3] = sp->myauth.proto; 1978 break; 1979 } 1980 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 1981 if (debug) 1982 addlog("[chap not MD5] "); 1983 p[4] == CHAP_MD5; 1984 break; 1985 } 1986 continue; 1987 } 1988 /* Add the option to nak'ed list. */ 1989 bcopy (p, r, p[1]); 1990 r += p[1]; 1991 rlen += p[1]; 1992 } 1993 if (rlen) { 1994 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 1995 if (debug) 1996 addlog(" max_failure (%d) exceeded, " 1997 "send conf-rej\n", 1998 sp->lcp.max_failure); 1999 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2000 } else { 2001 if (debug) 2002 addlog(" send conf-nak\n"); 2003 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2004 } 2005 return 0; 2006 } else { 2007 if (debug) 2008 addlog(" send conf-ack\n"); 2009 sp->fail_counter[IDX_LCP] = 0; 2010 sp->pp_loopcnt = 0; 2011 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2012 h->ident, origlen, h+1); 2013 } 2014 2015 free (buf, M_TEMP); 2016 return (rlen == 0); 2017} 2018 2019/* 2020 * Analyze the LCP Configure-Reject option list, and adjust our 2021 * negotiation. 2022 */ 2023static void 2024sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2025{ 2026 STDDCL; 2027 u_char *buf, *p; 2028 2029 len -= 4; 2030 buf = malloc (len, M_TEMP, M_NOWAIT); 2031 if (!buf) 2032 return; 2033 2034 if (debug) 2035 log(LOG_DEBUG, "%s%d: lcp rej opts: ", 2036 ifp->if_name, ifp->if_unit); 2037 2038 p = (void*) (h+1); 2039 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2040 if (debug) 2041 addlog(" %s ", sppp_lcp_opt_name(*p)); 2042 switch (*p) { 2043 case LCP_OPT_MAGIC: 2044 /* Magic number -- can't use it, use 0 */ 2045 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2046 sp->lcp.magic = 0; 2047 break; 2048 case LCP_OPT_MRU: 2049 /* 2050 * Should not be rejected anyway, since we only 2051 * negotiate a MRU if explicitly requested by 2052 * peer. 2053 */ 2054 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2055 break; 2056 case LCP_OPT_AUTH_PROTO: 2057 /* 2058 * Peer doesn't want to authenticate himself, 2059 * deny unless this is a dialout call, and 2060 * AUTHFLAG_NOCALLOUT is set. 2061 */ 2062 if ((sp->pp_flags & PP_CALLIN) == 0 && 2063 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2064 if (debug) 2065 addlog("[don't insist on auth " 2066 "for callout]"); 2067 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2068 break; 2069 } 2070 if (debug) 2071 addlog("[access denied]\n"); 2072 lcp.Close(sp); 2073 break; 2074 } 2075 } 2076 if (debug) 2077 addlog("\n"); 2078 free (buf, M_TEMP); 2079 return; 2080} 2081 2082/* 2083 * Analyze the LCP Configure-NAK option list, and adjust our 2084 * negotiation. 2085 */ 2086static void 2087sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2088{ 2089 STDDCL; 2090 u_char *buf, *p; 2091 u_long magic; 2092 2093 len -= 4; 2094 buf = malloc (len, M_TEMP, M_NOWAIT); 2095 if (!buf) 2096 return; 2097 2098 if (debug) 2099 log(LOG_DEBUG, "%s%d: lcp nak opts: ", 2100 ifp->if_name, ifp->if_unit); 2101 2102 p = (void*) (h+1); 2103 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2104 if (debug) 2105 addlog(" %s ", sppp_lcp_opt_name(*p)); 2106 switch (*p) { 2107 case LCP_OPT_MAGIC: 2108 /* Magic number -- renegotiate */ 2109 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2110 len >= 6 && p[1] == 6) { 2111 magic = (u_long)p[2] << 24 | 2112 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2113 /* 2114 * If the remote magic is our negated one, 2115 * this looks like a loopback problem. 2116 * Suggest a new magic to make sure. 2117 */ 2118 if (magic == ~sp->lcp.magic) { 2119 if (debug) 2120 addlog("magic glitch "); 2121 sp->lcp.magic = random(); 2122 } else { 2123 sp->lcp.magic = magic; 2124 if (debug) 2125 addlog("%d "); 2126 } 2127 } 2128 break; 2129 case LCP_OPT_MRU: 2130 /* 2131 * Peer wants to advise us to negotiate an MRU. 2132 * Agree on it if it's reasonable, or use 2133 * default otherwise. 2134 */ 2135 if (len >= 4 && p[1] == 4) { 2136 u_int mru = p[2] * 256 + p[3]; 2137 if (debug) 2138 addlog("%d ", mru); 2139 if (mru < PP_MTU || mru > PP_MAX_MRU) 2140 mru = PP_MTU; 2141 sp->lcp.mru = mru; 2142 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2143 } 2144 break; 2145 case LCP_OPT_AUTH_PROTO: 2146 /* 2147 * Peer doesn't like our authentication method, 2148 * deny. 2149 */ 2150 if (debug) 2151 addlog("[access denied]\n"); 2152 lcp.Close(sp); 2153 break; 2154 } 2155 } 2156 if (debug) 2157 addlog("\n"); 2158 free (buf, M_TEMP); 2159 return; 2160} 2161 2162static void 2163sppp_lcp_tlu(struct sppp *sp) 2164{ 2165 STDDCL; 2166 int i; 2167 u_long mask; 2168 2169 /* XXX ? */ 2170 if (! (ifp->if_flags & IFF_UP) && 2171 (ifp->if_flags & IFF_RUNNING)) { 2172 /* Coming out of loopback mode. */ 2173 if_up(ifp); 2174 printf ("%s%d: up\n", ifp->if_name, ifp->if_unit); 2175 } 2176 2177 for (i = 0; i < IDX_COUNT; i++) 2178 if ((cps[i])->flags & CP_QUAL) 2179 (cps[i])->Open(sp); 2180 2181 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2182 (sp->pp_flags & PP_NEEDAUTH) != 0) 2183 sp->pp_phase = PHASE_AUTHENTICATE; 2184 else 2185 sp->pp_phase = PHASE_NETWORK; 2186 2187 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit, 2188 sppp_phase_name(sp->pp_phase)); 2189 2190 /* 2191 * Open all authentication protocols. This is even required 2192 * if we already proceeded to network phase, since it might be 2193 * that remote wants us to authenticate, so we might have to 2194 * send a PAP request. Undesired authentication protocols 2195 * don't do anything when they get an Open event. 2196 */ 2197 for (i = 0; i < IDX_COUNT; i++) 2198 if ((cps[i])->flags & CP_AUTH) 2199 (cps[i])->Open(sp); 2200 2201 if (sp->pp_phase == PHASE_NETWORK) { 2202 /* Notify all NCPs. */ 2203 for (i = 0; i < IDX_COUNT; i++) 2204 if ((cps[i])->flags & CP_NCP) 2205 (cps[i])->Open(sp); 2206 } 2207 2208 /* Send Up events to all started protos. */ 2209 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2210 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2211 (cps[i])->Up(sp); 2212 2213 if (sp->pp_phase == PHASE_NETWORK) 2214 /* if no NCP is starting, close down */ 2215 sppp_lcp_check_and_close(sp); 2216} 2217 2218static void 2219sppp_lcp_tld(struct sppp *sp) 2220{ 2221 STDDCL; 2222 int i; 2223 u_long mask; 2224 2225 sp->pp_phase = PHASE_TERMINATE; 2226 2227 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit, 2228 sppp_phase_name(sp->pp_phase)); 2229 2230 /* 2231 * Take upper layers down. We send the Down event first and 2232 * the Close second to prevent the upper layers from sending 2233 * ``a flurry of terminate-request packets'', as the RFC 2234 * describes it. 2235 */ 2236 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2237 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2238 (cps[i])->Down(sp); 2239 (cps[i])->Close(sp); 2240 } 2241} 2242 2243static void 2244sppp_lcp_tls(struct sppp *sp) 2245{ 2246 STDDCL; 2247 2248 sp->pp_phase = PHASE_ESTABLISH; 2249 2250 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit, 2251 sppp_phase_name(sp->pp_phase)); 2252 2253 /* Notify lower layer if desired. */ 2254 if (sp->pp_tls) 2255 (sp->pp_tls)(sp); 2256} 2257 2258static void 2259sppp_lcp_tlf(struct sppp *sp) 2260{ 2261 STDDCL; 2262 2263 sp->pp_phase = PHASE_DEAD; 2264 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit, 2265 sppp_phase_name(sp->pp_phase)); 2266 2267 /* Notify lower layer if desired. */ 2268 if (sp->pp_tlf) 2269 (sp->pp_tlf)(sp); 2270} 2271 2272static void 2273sppp_lcp_scr(struct sppp *sp) 2274{ 2275 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2276 int i = 0; 2277 u_short authproto; 2278 2279 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2280 if (! sp->lcp.magic) 2281 sp->lcp.magic = random(); 2282 opt[i++] = LCP_OPT_MAGIC; 2283 opt[i++] = 6; 2284 opt[i++] = sp->lcp.magic >> 24; 2285 opt[i++] = sp->lcp.magic >> 16; 2286 opt[i++] = sp->lcp.magic >> 8; 2287 opt[i++] = sp->lcp.magic; 2288 } 2289 2290 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2291 opt[i++] = LCP_OPT_MRU; 2292 opt[i++] = 4; 2293 opt[i++] = sp->lcp.mru >> 8; 2294 opt[i++] = sp->lcp.mru; 2295 } 2296 2297 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2298 authproto = sp->hisauth.proto; 2299 opt[i++] = LCP_OPT_AUTH_PROTO; 2300 opt[i++] = authproto == PPP_CHAP? 5: 4; 2301 opt[i++] = authproto >> 8; 2302 opt[i++] = authproto; 2303 if (authproto == PPP_CHAP) 2304 opt[i++] = CHAP_MD5; 2305 } 2306 2307 sp->confid[IDX_LCP] = ++sp->pp_seq; 2308 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2309} 2310 2311/* 2312 * Check the open NCPs, return true if at least one NCP is open. 2313 */ 2314static int 2315sppp_ncp_check(struct sppp *sp) 2316{ 2317 int i, mask; 2318 2319 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2320 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2321 return 1; 2322 return 0; 2323} 2324 2325/* 2326 * Re-check the open NCPs and see if we should terminate the link. 2327 * Called by the NCPs during their tlf action handling. 2328 */ 2329static void 2330sppp_lcp_check_and_close(struct sppp *sp) 2331{ 2332 2333 if (sp->pp_phase < PHASE_NETWORK) 2334 /* don't bother, we are already going down */ 2335 return; 2336 2337 if (sppp_ncp_check(sp)) 2338 return; 2339 2340 lcp.Close(sp); 2341} 2342/* 2343 *--------------------------------------------------------------------------* 2344 * * 2345 * The IPCP implementation. * 2346 * * 2347 *--------------------------------------------------------------------------* 2348 */ 2349 2350static void 2351sppp_ipcp_init(struct sppp *sp) 2352{ 2353 sp->ipcp.opts = 0; 2354 sp->ipcp.flags = 0; 2355 sp->state[IDX_IPCP] = STATE_INITIAL; 2356 sp->fail_counter[IDX_IPCP] = 0; 2357 callout_handle_init(&sp->ch[IDX_IPCP]); 2358} 2359 2360static void 2361sppp_ipcp_up(struct sppp *sp) 2362{ 2363 sppp_up_event(&ipcp, sp); 2364} 2365 2366static void 2367sppp_ipcp_down(struct sppp *sp) 2368{ 2369 sppp_down_event(&ipcp, sp); 2370} 2371 2372static void 2373sppp_ipcp_open(struct sppp *sp) 2374{ 2375 STDDCL; 2376 u_long myaddr, hisaddr; 2377 2378 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2379 /* 2380 * If we don't have his address, this probably means our 2381 * interface doesn't want to talk IP at all. (This could 2382 * be the case if somebody wants to speak only IPX, for 2383 * example.) Don't open IPCP in this case. 2384 */ 2385 if (hisaddr == 0L) { 2386 /* XXX this message should go away */ 2387 if (debug) 2388 log(LOG_DEBUG, "%s%d: ipcp_open(): no IP interface\n", 2389 ifp->if_name, ifp->if_unit); 2390 return; 2391 } 2392 2393 if (myaddr == 0L) { 2394 /* 2395 * I don't have an assigned address, so i need to 2396 * negotiate my address. 2397 */ 2398 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2399 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2400 } 2401 sppp_open_event(&ipcp, sp); 2402} 2403 2404static void 2405sppp_ipcp_close(struct sppp *sp) 2406{ 2407 sppp_close_event(&ipcp, sp); 2408 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2409 /* 2410 * My address was dynamic, clear it again. 2411 */ 2412 sppp_set_ip_addr(sp, 0L); 2413} 2414 2415static void 2416sppp_ipcp_TO(void *cookie) 2417{ 2418 sppp_to_event(&ipcp, (struct sppp *)cookie); 2419} 2420 2421/* 2422 * Analyze a configure request. Return true if it was agreeable, and 2423 * caused action sca, false if it has been rejected or nak'ed, and 2424 * caused action scn. (The return value is used to make the state 2425 * transition decision in the state automaton.) 2426 */ 2427static int 2428sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2429{ 2430 u_char *buf, *r, *p; 2431 struct ifnet *ifp = &sp->pp_if; 2432 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2433 u_long hisaddr, desiredaddr; 2434 2435 len -= 4; 2436 origlen = len; 2437 /* 2438 * Make sure to allocate a buf that can at least hold a 2439 * conf-nak with an `address' option. We might need it below. 2440 */ 2441 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2442 if (! buf) 2443 return (0); 2444 2445 /* pass 1: see if we can recognize them */ 2446 if (debug) 2447 log(LOG_DEBUG, "%s%d: ipcp parse opts: ", 2448 ifp->if_name, ifp->if_unit); 2449 p = (void*) (h+1); 2450 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2451 if (debug) 2452 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2453 switch (*p) { 2454#ifdef notyet 2455 case IPCP_OPT_COMPRESSION: 2456 if (len >= 6 && p[1] >= 6) { 2457 /* correctly formed compress option */ 2458 continue; 2459 } 2460 if (debug) 2461 addlog("[invalid] "); 2462 break; 2463#endif 2464 case IPCP_OPT_ADDRESS: 2465 if (len >= 6 && p[1] == 6) { 2466 /* correctly formed address option */ 2467 continue; 2468 } 2469 if (debug) 2470 addlog("[invalid] "); 2471 break; 2472 default: 2473 /* Others not supported. */ 2474 if (debug) 2475 addlog("[rej] "); 2476 break; 2477 } 2478 /* Add the option to rejected list. */ 2479 bcopy (p, r, p[1]); 2480 r += p[1]; 2481 rlen += p[1]; 2482 } 2483 if (rlen) { 2484 if (debug) 2485 addlog(" send conf-rej\n"); 2486 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2487 return 0; 2488 } else if (debug) 2489 addlog("\n"); 2490 2491 /* pass 2: parse option values */ 2492 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2493 if (debug) 2494 log(LOG_DEBUG, "%s%d: ipcp parse opt values: ", 2495 ifp->if_name, ifp->if_unit); 2496 p = (void*) (h+1); 2497 len = origlen; 2498 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2499 if (debug) 2500 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2501 switch (*p) { 2502#ifdef notyet 2503 case IPCP_OPT_COMPRESSION: 2504 continue; 2505#endif 2506 case IPCP_OPT_ADDRESS: 2507 desiredaddr = p[2] << 24 | p[3] << 16 | 2508 p[4] << 8 | p[5]; 2509 if (desiredaddr == hisaddr || 2510 hisaddr == 1 && desiredaddr != 0) { 2511 /* 2512 * Peer's address is same as our value, 2513 * or we have set it to 0.0.0.1 to 2514 * indicate that we do not really care, 2515 * this is agreeable. Gonna conf-ack 2516 * it. 2517 */ 2518 if (debug) 2519 addlog("%s [ack] ", 2520 sppp_dotted_quad(desiredaddr)); 2521 /* record that we've seen it already */ 2522 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2523 continue; 2524 } 2525 /* 2526 * The address wasn't agreeable. This is either 2527 * he sent us 0.0.0.0, asking to assign him an 2528 * address, or he send us another address not 2529 * matching our value. Either case, we gonna 2530 * conf-nak it with our value. 2531 */ 2532 if (debug) { 2533 if (desiredaddr == 0) 2534 addlog("[addr requested] "); 2535 else 2536 addlog("%s [not agreed] ", 2537 sppp_dotted_quad(desiredaddr)); 2538 2539 p[2] = hisaddr >> 24; 2540 p[3] = hisaddr >> 16; 2541 p[4] = hisaddr >> 8; 2542 p[5] = hisaddr; 2543 } 2544 break; 2545 } 2546 /* Add the option to nak'ed list. */ 2547 bcopy (p, r, p[1]); 2548 r += p[1]; 2549 rlen += p[1]; 2550 } 2551 2552 /* 2553 * If we are about to conf-ack the request, but haven't seen 2554 * his address so far, gonna conf-nak it instead, with the 2555 * `address' option present and our idea of his address being 2556 * filled in there, to request negotiation of both addresses. 2557 * 2558 * XXX This can result in an endless req - nak loop if peer 2559 * doesn't want to send us his address. Q: What should we do 2560 * about it? XXX A: implement the max-failure counter. 2561 */ 2562 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) { 2563 buf[0] = IPCP_OPT_ADDRESS; 2564 buf[1] = 6; 2565 buf[2] = hisaddr >> 24; 2566 buf[3] = hisaddr >> 16; 2567 buf[4] = hisaddr >> 8; 2568 buf[5] = hisaddr; 2569 rlen = 6; 2570 if (debug) 2571 addlog("still need hisaddr "); 2572 } 2573 2574 if (rlen) { 2575 if (debug) 2576 addlog(" send conf-nak\n"); 2577 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2578 } else { 2579 if (debug) 2580 addlog(" send conf-ack\n"); 2581 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2582 h->ident, origlen, h+1); 2583 } 2584 2585 free (buf, M_TEMP); 2586 return (rlen == 0); 2587} 2588 2589/* 2590 * Analyze the IPCP Configure-Reject option list, and adjust our 2591 * negotiation. 2592 */ 2593static void 2594sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2595{ 2596 u_char *buf, *p; 2597 struct ifnet *ifp = &sp->pp_if; 2598 int debug = ifp->if_flags & IFF_DEBUG; 2599 2600 len -= 4; 2601 buf = malloc (len, M_TEMP, M_NOWAIT); 2602 if (!buf) 2603 return; 2604 2605 if (debug) 2606 log(LOG_DEBUG, "%s%d: ipcp rej opts: ", 2607 ifp->if_name, ifp->if_unit); 2608 2609 p = (void*) (h+1); 2610 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2611 if (debug) 2612 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2613 switch (*p) { 2614 case IPCP_OPT_ADDRESS: 2615 /* 2616 * Peer doesn't grok address option. This is 2617 * bad. XXX Should we better give up here? 2618 */ 2619 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 2620 break; 2621#ifdef notyet 2622 case IPCP_OPT_COMPRESS: 2623 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 2624 break; 2625#endif 2626 } 2627 } 2628 if (debug) 2629 addlog("\n"); 2630 free (buf, M_TEMP); 2631 return; 2632} 2633 2634/* 2635 * Analyze the IPCP Configure-NAK option list, and adjust our 2636 * negotiation. 2637 */ 2638static void 2639sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2640{ 2641 u_char *buf, *p; 2642 struct ifnet *ifp = &sp->pp_if; 2643 int debug = ifp->if_flags & IFF_DEBUG; 2644 u_long wantaddr; 2645 2646 len -= 4; 2647 buf = malloc (len, M_TEMP, M_NOWAIT); 2648 if (!buf) 2649 return; 2650 2651 if (debug) 2652 log(LOG_DEBUG, "%s%d: ipcp nak opts: ", 2653 ifp->if_name, ifp->if_unit); 2654 2655 p = (void*) (h+1); 2656 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2657 if (debug) 2658 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2659 switch (*p) { 2660 case IPCP_OPT_ADDRESS: 2661 /* 2662 * Peer doesn't like our local IP address. See 2663 * if we can do something for him. We'll drop 2664 * him our address then. 2665 */ 2666 if (len >= 6 && p[1] == 6) { 2667 wantaddr = p[2] << 24 | p[3] << 16 | 2668 p[4] << 8 | p[5]; 2669 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2670 if (debug) 2671 addlog("[wantaddr %s] ", 2672 sppp_dotted_quad(wantaddr)); 2673 /* 2674 * When doing dynamic address assignment, 2675 * we accept his offer. Otherwise, we 2676 * ignore it and thus continue to negotiate 2677 * our already existing value. 2678 */ 2679 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 2680 sppp_set_ip_addr(sp, wantaddr); 2681 if (debug) 2682 addlog("[agree] "); 2683 } 2684 } 2685 break; 2686#ifdef notyet 2687 case IPCP_OPT_COMPRESS: 2688 /* 2689 * Peer wants different compression parameters. 2690 */ 2691 break; 2692#endif 2693 } 2694 } 2695 if (debug) 2696 addlog("\n"); 2697 free (buf, M_TEMP); 2698 return; 2699} 2700 2701static void 2702sppp_ipcp_tlu(struct sppp *sp) 2703{ 2704} 2705 2706static void 2707sppp_ipcp_tld(struct sppp *sp) 2708{ 2709} 2710 2711static void 2712sppp_ipcp_tls(struct sppp *sp) 2713{ 2714 /* indicate to LCP that it must stay alive */ 2715 sp->lcp.protos |= (1 << IDX_IPCP); 2716} 2717 2718static void 2719sppp_ipcp_tlf(struct sppp *sp) 2720{ 2721 /* we no longer need LCP */ 2722 sp->lcp.protos &= ~(1 << IDX_IPCP); 2723 sppp_lcp_check_and_close(sp); 2724} 2725 2726static void 2727sppp_ipcp_scr(struct sppp *sp) 2728{ 2729 char opt[6 /* compression */ + 6 /* address */]; 2730 u_long ouraddr; 2731 int i = 0; 2732 2733#ifdef notyet 2734 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 2735 opt[i++] = IPCP_OPT_COMPRESSION; 2736 opt[i++] = 6; 2737 opt[i++] = 0; /* VJ header compression */ 2738 opt[i++] = 0x2d; /* VJ header compression */ 2739 opt[i++] = max_slot_id; 2740 opt[i++] = comp_slot_id; 2741 } 2742#endif 2743 2744 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 2745 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 2746 opt[i++] = IPCP_OPT_ADDRESS; 2747 opt[i++] = 6; 2748 opt[i++] = ouraddr >> 24; 2749 opt[i++] = ouraddr >> 16; 2750 opt[i++] = ouraddr >> 8; 2751 opt[i++] = ouraddr; 2752 } 2753 2754 sp->confid[IDX_IPCP] = ++sp->pp_seq; 2755 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 2756} 2757 2758 2759/* 2760 *--------------------------------------------------------------------------* 2761 * * 2762 * The CHAP implementation. * 2763 * * 2764 *--------------------------------------------------------------------------* 2765 */ 2766 2767/* 2768 * The authentication protocols don't employ a full-fledged state machine as 2769 * the control protocols do, since they do have Open and Close events, but 2770 * not Up and Down, nor are they explicitly terminated. Also, use of the 2771 * authentication protocols may be different in both directions (this makes 2772 * sense, think of a machine that never accepts incoming calls but only 2773 * calls out, it doesn't require the called party to authenticate itself). 2774 * 2775 * Our state machine for the local authentication protocol (we are requesting 2776 * the peer to authenticate) looks like: 2777 * 2778 * RCA- 2779 * +--------------------------------------------+ 2780 * V scn,tld| 2781 * +--------+ Close +---------+ RCA+ 2782 * | |<----------------------------------| |------+ 2783 * +--->| Closed | TO* | Opened | sca | 2784 * | | |-----+ +-------| |<-----+ 2785 * | +--------+ irc | | +---------+ 2786 * | ^ | | ^ 2787 * | | | | | 2788 * | | | | | 2789 * | TO-| | | | 2790 * | |tld TO+ V | | 2791 * | | +------->+ | | 2792 * | | | | | | 2793 * | +--------+ V | | 2794 * | | |<----+<--------------------+ | 2795 * | | Req- | scr | 2796 * | | Sent | | 2797 * | | | | 2798 * | +--------+ | 2799 * | RCA- | | RCA+ | 2800 * +------+ +------------------------------------------+ 2801 * scn,tld sca,irc,ict,tlu 2802 * 2803 * 2804 * with: 2805 * 2806 * Open: LCP reached authentication phase 2807 * Close: LCP reached terminate phase 2808 * 2809 * RCA+: received reply (pap-req, chap-response), acceptable 2810 * RCN: received reply (pap-req, chap-response), not acceptable 2811 * TO+: timeout with restart counter >= 0 2812 * TO-: timeout with restart counter < 0 2813 * TO*: reschedule timeout for CHAP 2814 * 2815 * scr: send request packet (none for PAP, chap-challenge) 2816 * sca: send ack packet (pap-ack, chap-success) 2817 * scn: send nak packet (pap-nak, chap-failure) 2818 * ict: initialize re-challenge timer (CHAP only) 2819 * 2820 * tlu: this-layer-up, LCP reaches network phase 2821 * tld: this-layer-down, LCP enters terminate phase 2822 * 2823 * Note that in CHAP mode, after sending a new challenge, while the state 2824 * automaton falls back into Req-Sent state, it doesn't signal a tld 2825 * event to LCP, so LCP remains in network phase. Only after not getting 2826 * any response (or after getting an unacceptable response), CHAP closes, 2827 * causing LCP to enter terminate phase. 2828 * 2829 * With PAP, there is no initial request that can be sent. The peer is 2830 * expected to send one based on the successful negotiation of PAP as 2831 * the authentication protocol during the LCP option negotiation. 2832 * 2833 * Incoming authentication protocol requests (remote requests 2834 * authentication, we are peer) don't employ a state machine at all, 2835 * they are simply answered. Some peers [Ascend P50 firmware rev 2836 * 4.50] react allergically when sending IPCP requests while they are 2837 * still in authentication phase (thereby violating the standard that 2838 * demands that these NCP packets are to be discarded), so we keep 2839 * track of the peer demanding us to authenticate, and only proceed to 2840 * phase network once we've seen a positive acknowledge for the 2841 * authentication. 2842 */ 2843 2844/* 2845 * Handle incoming CHAP packets. 2846 */ 2847void 2848sppp_chap_input(struct sppp *sp, struct mbuf *m) 2849{ 2850 STDDCL; 2851 struct lcp_header *h; 2852 int len, x; 2853 u_char *value, *name, digest[AUTHKEYLEN], dsize; 2854 int value_len, name_len; 2855 MD5_CTX ctx; 2856 2857 len = m->m_pkthdr.len; 2858 if (len < 4) { 2859 if (debug) 2860 log(LOG_DEBUG, 2861 "%s%d: chap invalid packet length: %d bytes\n", 2862 ifp->if_name, ifp->if_unit, len); 2863 return; 2864 } 2865 h = mtod (m, struct lcp_header*); 2866 if (len > ntohs (h->len)) 2867 len = ntohs (h->len); 2868 2869 switch (h->type) { 2870 /* challenge, failure and success are his authproto */ 2871 case CHAP_CHALLENGE: 2872 value = 1 + (u_char*)(h+1); 2873 value_len = value[-1]; 2874 name = value + value_len; 2875 name_len = len - value_len - 5; 2876 if (name_len < 0) { 2877 if (debug) { 2878 log(LOG_DEBUG, 2879 "%s%d: chap corrupted challenge " 2880 "<%s id=0x%x len=%d", 2881 ifp->if_name, ifp->if_unit, 2882 sppp_auth_type_name(PPP_CHAP, h->type), 2883 h->ident, ntohs(h->len)); 2884 if (len > 4) 2885 sppp_print_bytes((u_char*) (h+1), len-4); 2886 addlog(">\n"); 2887 } 2888 break; 2889 } 2890 2891 if (debug) { 2892 log(LOG_DEBUG, 2893 "%s%d: chap input <%s id=0x%x len=%d name=", 2894 ifp->if_name, ifp->if_unit, 2895 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 2896 ntohs(h->len)); 2897 sppp_print_string((char*) name, name_len); 2898 addlog(" value-size=%d value=", value_len); 2899 sppp_print_bytes(value, value_len); 2900 addlog(">\n"); 2901 } 2902 2903 /* Compute reply value. */ 2904 MD5Init(&ctx); 2905 MD5Update(&ctx, &h->ident, 1); 2906 MD5Update(&ctx, sp->myauth.secret, 2907 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 2908 MD5Update(&ctx, value, value_len); 2909 MD5Final(digest, &ctx); 2910 dsize = sizeof digest; 2911 2912 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 2913 sizeof dsize, (const char *)&dsize, 2914 sizeof digest, digest, 2915 sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 2916 sp->myauth.name, 2917 0); 2918 break; 2919 2920 case CHAP_SUCCESS: 2921 if (debug) { 2922 log(LOG_DEBUG, "%s%d: chap success", 2923 ifp->if_name, ifp->if_unit); 2924 if (len > 4) { 2925 addlog(": "); 2926 sppp_print_string((char*)(h + 1), len - 4); 2927 } 2928 addlog("\n"); 2929 } 2930 x = splimp(); 2931 sp->pp_flags &= ~PP_NEEDAUTH; 2932 if (sp->myauth.proto == PPP_CHAP && 2933 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 2934 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 2935 /* 2936 * We are authenticator for CHAP but didn't 2937 * complete yet. Leave it to tlu to proceed 2938 * to network phase. 2939 */ 2940 splx(x); 2941 break; 2942 } 2943 splx(x); 2944 sppp_phase_network(sp); 2945 break; 2946 2947 case CHAP_FAILURE: 2948 if (debug) { 2949 log(LOG_INFO, "%s%d: chap failure", 2950 ifp->if_name, ifp->if_unit); 2951 if (len > 4) { 2952 addlog(": "); 2953 sppp_print_string((char*)(h + 1), len - 4); 2954 } 2955 addlog("\n"); 2956 } else 2957 log(LOG_INFO, "%s%d: chap failure\n", 2958 ifp->if_name, ifp->if_unit); 2959 /* await LCP shutdown by authenticator */ 2960 break; 2961 2962 /* response is my authproto */ 2963 case CHAP_RESPONSE: 2964 value = 1 + (u_char*)(h+1); 2965 value_len = value[-1]; 2966 name = value + value_len; 2967 name_len = len - value_len - 5; 2968 if (name_len < 0) { 2969 if (debug) { 2970 log(LOG_DEBUG, 2971 "%s%d: chap corrupted response " 2972 "<%s id=0x%x len=%d", 2973 ifp->if_name, ifp->if_unit, 2974 sppp_auth_type_name(PPP_CHAP, h->type), 2975 h->ident, ntohs(h->len)); 2976 if (len > 4) 2977 sppp_print_bytes((u_char*)(h+1), len-4); 2978 addlog(">\n"); 2979 } 2980 break; 2981 } 2982 if (h->ident != sp->confid[IDX_CHAP]) { 2983 if (debug) 2984 log(LOG_DEBUG, 2985 "%s%d: chap dropping response for old ID " 2986 "(got %d, expected %d)\n", 2987 h->ident, sp->confid[IDX_CHAP]); 2988 break; 2989 } 2990 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 2991 || bcmp(name, sp->hisauth.name, name_len) != 0) { 2992 log(LOG_INFO, "%s%d: chap response, his name ", 2993 ifp->if_name, ifp->if_unit); 2994 sppp_print_string(name, name_len); 2995 addlog(" != expected "); 2996 sppp_print_string(sp->hisauth.name, 2997 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 2998 addlog("\n"); 2999 } 3000 if (debug) { 3001 log(LOG_DEBUG, "%s%d: chap input(%s) " 3002 "<%s id=0x%x len=%d name=", 3003 ifp->if_name, ifp->if_unit, 3004 sppp_state_name(sp->state[IDX_CHAP]), 3005 sppp_auth_type_name(PPP_CHAP, h->type), 3006 h->ident, ntohs (h->len)); 3007 sppp_print_string((char*)name, name_len); 3008 addlog(" value-size=%d value=", value_len); 3009 sppp_print_bytes(value, value_len); 3010 addlog(">\n"); 3011 } 3012 if (value_len != AUTHKEYLEN) { 3013 if (debug) 3014 log(LOG_DEBUG, 3015 "%s%d: chap bad hash value length: " 3016 "%d bytes, should be %d\n", 3017 ifp->if_name, ifp->if_unit, value_len, 3018 AUTHKEYLEN); 3019 break; 3020 } 3021 3022 MD5Init(&ctx); 3023 MD5Update(&ctx, &h->ident, 1); 3024 MD5Update(&ctx, sp->hisauth.secret, 3025 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 3026 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 3027 MD5Final(digest, &ctx); 3028 3029#define FAILMSG "Failed..." 3030#define SUCCMSG "Welcome!" 3031 3032 if (value_len != sizeof digest || 3033 bcmp(digest, value, value_len) != 0) { 3034 /* action scn, tld */ 3035 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3036 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3037 0); 3038 chap.tld(sp); 3039 break; 3040 } 3041 /* action sca, perhaps tlu */ 3042 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3043 sp->state[IDX_CHAP] == STATE_OPENED) 3044 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3045 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3046 0); 3047 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3048 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3049 chap.tlu(sp); 3050 } 3051 break; 3052 3053 default: 3054 /* Unknown CHAP packet type -- ignore. */ 3055 if (debug) { 3056 log(LOG_DEBUG, "%s%d: chap unknown input(%s) " 3057 "<0x%x id=0x%xh len=%d", 3058 ifp->if_name, ifp->if_unit, 3059 sppp_state_name(sp->state[IDX_CHAP]), 3060 h->type, h->ident, ntohs(h->len)); 3061 if (len > 4) 3062 sppp_print_bytes((u_char*)(h+1), len-4); 3063 addlog(">\n"); 3064 } 3065 break; 3066 3067 } 3068} 3069 3070static void 3071sppp_chap_init(struct sppp *sp) 3072{ 3073 /* Chap doesn't have STATE_INITIAL at all. */ 3074 sp->state[IDX_CHAP] = STATE_CLOSED; 3075 sp->fail_counter[IDX_CHAP] = 0; 3076 callout_handle_init(&sp->ch[IDX_CHAP]); 3077} 3078 3079static void 3080sppp_chap_open(struct sppp *sp) 3081{ 3082 if (sp->myauth.proto == PPP_CHAP && 3083 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3084 /* we are authenticator for CHAP, start it */ 3085 chap.scr(sp); 3086 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3087 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3088 } 3089 /* nothing to be done if we are peer, await a challenge */ 3090} 3091 3092static void 3093sppp_chap_close(struct sppp *sp) 3094{ 3095 if (sp->state[IDX_CHAP] != STATE_CLOSED) 3096 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3097} 3098 3099static void 3100sppp_chap_TO(void *cookie) 3101{ 3102 struct sppp *sp = (struct sppp *)cookie; 3103 STDDCL; 3104 int s; 3105 3106 s = splimp(); 3107 if (debug) 3108 log(LOG_DEBUG, "%s%d: chap TO(%s) rst_counter = %d\n", 3109 ifp->if_name, ifp->if_unit, 3110 sppp_state_name(sp->state[IDX_CHAP]), 3111 sp->rst_counter[IDX_CHAP]); 3112 3113 if (--sp->rst_counter[IDX_CHAP] < 0) 3114 /* TO- event */ 3115 switch (sp->state[IDX_CHAP]) { 3116 case STATE_REQ_SENT: 3117 chap.tld(sp); 3118 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3119 break; 3120 } 3121 else 3122 /* TO+ (or TO*) event */ 3123 switch (sp->state[IDX_CHAP]) { 3124 case STATE_OPENED: 3125 /* TO* event */ 3126 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3127 /* fall through */ 3128 case STATE_REQ_SENT: 3129 chap.scr(sp); 3130 /* sppp_cp_change_state() will restart the timer */ 3131 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3132 break; 3133 } 3134 3135 splx(s); 3136} 3137 3138static void 3139sppp_chap_tlu(struct sppp *sp) 3140{ 3141 STDDCL; 3142 int i, x; 3143 3144 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3145 3146 /* 3147 * Some broken CHAP implementations (Conware CoNet, firmware 3148 * 4.0.?) don't want to re-authenticate their CHAP once the 3149 * initial challenge-response exchange has taken place. 3150 * Provide for an option to avoid rechallenges. 3151 */ 3152 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 3153 /* 3154 * Compute the re-challenge timeout. This will yield 3155 * a number between 300 and 810 seconds. 3156 */ 3157 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 3158 3159 sp->ch[IDX_CHAP] = timeout(chap.TO, (void *)sp, i * hz); 3160 } 3161 3162 if (debug) { 3163 log(LOG_DEBUG, 3164 "%s%d: chap %s, ", 3165 ifp->if_name, ifp->if_unit, 3166 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 3167 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 3168 addlog("next re-challenge in %d seconds\n", i); 3169 else 3170 addlog("re-challenging supressed\n"); 3171 } 3172 3173 x = splimp(); 3174 /* indicate to LCP that we need to be closed down */ 3175 sp->lcp.protos |= (1 << IDX_CHAP); 3176 3177 if (sp->pp_flags & PP_NEEDAUTH) { 3178 /* 3179 * Remote is authenticator, but his auth proto didn't 3180 * complete yet. Defer the transition to network 3181 * phase. 3182 */ 3183 splx(x); 3184 return; 3185 } 3186 splx(x); 3187 3188 /* 3189 * If we are already in phase network, we are done here. This 3190 * is the case if this is a dummy tlu event after a re-challenge. 3191 */ 3192 if (sp->pp_phase != PHASE_NETWORK) 3193 sppp_phase_network(sp); 3194} 3195 3196static void 3197sppp_chap_tld(struct sppp *sp) 3198{ 3199 STDDCL; 3200 3201 if (debug) 3202 log(LOG_DEBUG, "%s%d: chap tld\n", ifp->if_name, ifp->if_unit); 3203 untimeout(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 3204 sp->lcp.protos &= ~(1 << IDX_CHAP); 3205 3206 lcp.Close(sp); 3207} 3208 3209static void 3210sppp_chap_scr(struct sppp *sp) 3211{ 3212 struct timeval tv; 3213 u_long *ch, seed; 3214 u_char clen; 3215 3216 /* Compute random challenge. */ 3217 ch = (u_long *)sp->myauth.challenge; 3218 /* 3219 * XXX: This is bad!, there is a well known relationship between the 3220 * four groups of four bytes in the challenge, that improves the 3221 * predictability quite a lot. 3222 */ 3223 read_random(&seed, sizeof seed); 3224 ch[0] = seed ^ random(); 3225 ch[1] = seed ^ random(); 3226 ch[2] = seed ^ random(); 3227 ch[3] = seed ^ random(); 3228 clen = AUTHKEYLEN; 3229 3230 sp->confid[IDX_CHAP] = ++sp->pp_seq; 3231 3232 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 3233 sizeof clen, (const char *)&clen, 3234 AUTHKEYLEN, sp->myauth.challenge, 3235 sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3236 sp->myauth.name, 3237 0); 3238} 3239/* 3240 *--------------------------------------------------------------------------* 3241 * * 3242 * The PAP implementation. * 3243 * * 3244 *--------------------------------------------------------------------------* 3245 */ 3246/* 3247 * For PAP, we need to keep a little state also if we are the peer, not the 3248 * authenticator. This is since we don't get a request to authenticate, but 3249 * have to repeatedly authenticate ourself until we got a response (or the 3250 * retry counter is expired). 3251 */ 3252 3253/* 3254 * Handle incoming PAP packets. */ 3255static void 3256sppp_pap_input(struct sppp *sp, struct mbuf *m) 3257{ 3258 STDDCL; 3259 struct lcp_header *h; 3260 int len, x; 3261 u_char *name, *passwd, mlen; 3262 int name_len, passwd_len; 3263 3264 len = m->m_pkthdr.len; 3265 if (len < 5) { 3266 if (debug) 3267 log(LOG_DEBUG, 3268 "%s%d: pap invalid packet length: %d bytes\n", 3269 ifp->if_name, ifp->if_unit, len); 3270 return; 3271 } 3272 h = mtod (m, struct lcp_header*); 3273 if (len > ntohs (h->len)) 3274 len = ntohs (h->len); 3275 switch (h->type) { 3276 /* PAP request is my authproto */ 3277 case PAP_REQ: 3278 name = 1 + (u_char*)(h+1); 3279 name_len = name[-1]; 3280 passwd = name + name_len + 1; 3281 if (name_len > len - 6 || 3282 (passwd_len = passwd[-1]) > len - 6 - name_len) { 3283 if (debug) { 3284 log(LOG_DEBUG, "%s%d: pap corrupted input " 3285 "<%s id=0x%x len=%d", 3286 ifp->if_name, ifp->if_unit, 3287 sppp_auth_type_name(PPP_PAP, h->type), 3288 h->ident, ntohs(h->len)); 3289 if (len > 4) 3290 sppp_print_bytes((u_char*)(h+1), len-4); 3291 addlog(">\n"); 3292 } 3293 break; 3294 } 3295 if (debug) { 3296 log(LOG_DEBUG, "%s%d: pap input(%s) " 3297 "<%s id=0x%x len=%d name=", 3298 ifp->if_name, ifp->if_unit, 3299 sppp_state_name(sp->state[IDX_PAP]), 3300 sppp_auth_type_name(PPP_PAP, h->type), 3301 h->ident, ntohs(h->len)); 3302 sppp_print_string((char*)name, name_len); 3303 addlog(" passwd="); 3304 sppp_print_string((char*)passwd, passwd_len); 3305 addlog(">\n"); 3306 } 3307 if (name_len > AUTHNAMELEN || 3308 passwd_len > AUTHKEYLEN || 3309 bcmp(name, sp->hisauth.name, name_len) != 0 || 3310 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 3311 /* action scn, tld */ 3312 mlen = sizeof(FAILMSG) - 1; 3313 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 3314 sizeof mlen, (const char *)&mlen, 3315 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3316 0); 3317 pap.tld(sp); 3318 break; 3319 } 3320 /* action sca, perhaps tlu */ 3321 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 3322 sp->state[IDX_PAP] == STATE_OPENED) { 3323 mlen = sizeof(SUCCMSG) - 1; 3324 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 3325 sizeof mlen, (const char *)&mlen, 3326 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3327 0); 3328 } 3329 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 3330 sppp_cp_change_state(&pap, sp, STATE_OPENED); 3331 pap.tlu(sp); 3332 } 3333 break; 3334 3335 /* ack and nak are his authproto */ 3336 case PAP_ACK: 3337 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3338 if (debug) { 3339 log(LOG_DEBUG, "%s%d: pap success", 3340 ifp->if_name, ifp->if_unit); 3341 name_len = *((char *)h); 3342 if (len > 5 && name_len) { 3343 addlog(": "); 3344 sppp_print_string((char*)(h+1), name_len); 3345 } 3346 addlog("\n"); 3347 } 3348 x = splimp(); 3349 sp->pp_flags &= ~PP_NEEDAUTH; 3350 if (sp->myauth.proto == PPP_PAP && 3351 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3352 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 3353 /* 3354 * We are authenticator for PAP but didn't 3355 * complete yet. Leave it to tlu to proceed 3356 * to network phase. 3357 */ 3358 splx(x); 3359 break; 3360 } 3361 splx(x); 3362 sppp_phase_network(sp); 3363 break; 3364 3365 case PAP_NAK: 3366 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3367 if (debug) { 3368 log(LOG_INFO, "%s%d: pap failure", 3369 ifp->if_name, ifp->if_unit); 3370 name_len = *((char *)h); 3371 if (len > 5 && name_len) { 3372 addlog(": "); 3373 sppp_print_string((char*)(h+1), name_len); 3374 } 3375 addlog("\n"); 3376 } else 3377 log(LOG_INFO, "%s%d: pap failure\n", 3378 ifp->if_name, ifp->if_unit); 3379 /* await LCP shutdown by authenticator */ 3380 break; 3381 3382 default: 3383 /* Unknown PAP packet type -- ignore. */ 3384 if (debug) { 3385 log(LOG_DEBUG, "%s%d: pap corrupted input " 3386 "<0x%x id=0x%x len=%d", 3387 ifp->if_name, ifp->if_unit, 3388 h->type, h->ident, ntohs(h->len)); 3389 if (len > 4) 3390 sppp_print_bytes((u_char*)(h+1), len-4); 3391 addlog(">\n"); 3392 } 3393 break; 3394 3395 } 3396} 3397 3398static void 3399sppp_pap_init(struct sppp *sp) 3400{ 3401 /* PAP doesn't have STATE_INITIAL at all. */ 3402 sp->state[IDX_PAP] = STATE_CLOSED; 3403 sp->fail_counter[IDX_PAP] = 0; 3404 callout_handle_init(&sp->ch[IDX_PAP]); 3405 callout_handle_init(&sp->pap_my_to_ch); 3406} 3407 3408static void 3409sppp_pap_open(struct sppp *sp) 3410{ 3411 if (sp->hisauth.proto == PPP_PAP && 3412 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3413 /* we are authenticator for PAP, start our timer */ 3414 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3415 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3416 } 3417 if (sp->myauth.proto == PPP_PAP) { 3418 /* we are peer, send a request, and start a timer */ 3419 pap.scr(sp); 3420 sp->pap_my_to_ch = timeout(sppp_pap_my_TO, (void *)sp, 3421 sp->lcp.timeout); 3422 } 3423} 3424 3425static void 3426sppp_pap_close(struct sppp *sp) 3427{ 3428 if (sp->state[IDX_PAP] != STATE_CLOSED) 3429 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3430} 3431 3432/* 3433 * That's the timeout routine if we are authenticator. Since the 3434 * authenticator is basically passive in PAP, we can't do much here. 3435 */ 3436static void 3437sppp_pap_TO(void *cookie) 3438{ 3439 struct sppp *sp = (struct sppp *)cookie; 3440 STDDCL; 3441 int s; 3442 3443 s = splimp(); 3444 if (debug) 3445 log(LOG_DEBUG, "%s%d: pap TO(%s) rst_counter = %d\n", 3446 ifp->if_name, ifp->if_unit, 3447 sppp_state_name(sp->state[IDX_PAP]), 3448 sp->rst_counter[IDX_PAP]); 3449 3450 if (--sp->rst_counter[IDX_PAP] < 0) 3451 /* TO- event */ 3452 switch (sp->state[IDX_PAP]) { 3453 case STATE_REQ_SENT: 3454 pap.tld(sp); 3455 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3456 break; 3457 } 3458 else 3459 /* TO+ event, not very much we could do */ 3460 switch (sp->state[IDX_PAP]) { 3461 case STATE_REQ_SENT: 3462 /* sppp_cp_change_state() will restart the timer */ 3463 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3464 break; 3465 } 3466 3467 splx(s); 3468} 3469 3470/* 3471 * That's the timeout handler if we are peer. Since the peer is active, 3472 * we need to retransmit our PAP request since it is apparently lost. 3473 * XXX We should impose a max counter. 3474 */ 3475static void 3476sppp_pap_my_TO(void *cookie) 3477{ 3478 struct sppp *sp = (struct sppp *)cookie; 3479 STDDCL; 3480 3481 if (debug) 3482 log(LOG_DEBUG, "%s%d: pap peer TO\n", 3483 ifp->if_name, ifp->if_unit); 3484 3485 pap.scr(sp); 3486} 3487 3488static void 3489sppp_pap_tlu(struct sppp *sp) 3490{ 3491 STDDCL; 3492 int x; 3493 3494 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3495 3496 if (debug) 3497 log(LOG_DEBUG, "%s%d: %s tlu\n", 3498 ifp->if_name, ifp->if_unit, pap.name); 3499 3500 x = splimp(); 3501 /* indicate to LCP that we need to be closed down */ 3502 sp->lcp.protos |= (1 << IDX_PAP); 3503 3504 if (sp->pp_flags & PP_NEEDAUTH) { 3505 /* 3506 * Remote is authenticator, but his auth proto didn't 3507 * complete yet. Defer the transition to network 3508 * phase. 3509 */ 3510 splx(x); 3511 return; 3512 } 3513 splx(x); 3514 sppp_phase_network(sp); 3515} 3516 3517static void 3518sppp_pap_tld(struct sppp *sp) 3519{ 3520 STDDCL; 3521 3522 if (debug) 3523 log(LOG_DEBUG, "%s%d: pap tld\n", ifp->if_name, ifp->if_unit); 3524 untimeout(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 3525 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3526 sp->lcp.protos &= ~(1 << IDX_PAP); 3527 3528 lcp.Close(sp); 3529} 3530 3531static void 3532sppp_pap_scr(struct sppp *sp) 3533{ 3534 STDDCL; 3535 u_char idlen, pwdlen; 3536 3537 sp->confid[IDX_PAP] = ++sp->pp_seq; 3538 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 3539 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 3540 3541 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 3542 sizeof idlen, (const char *)&idlen, 3543 (unsigned)idlen, sp->myauth.name, 3544 sizeof pwdlen, (const char *)&pwdlen, 3545 (unsigned)pwdlen, sp->myauth.secret, 3546 0); 3547} 3548/* 3549 * Random miscellaneous functions. 3550 */ 3551 3552/* 3553 * Send a PAP or CHAP proto packet. 3554 * 3555 * Varadic function, each of the elements for the ellipsis is of type 3556 * ``unsigned mlen, const u_char *msg''. Processing will stop iff 3557 * mlen == 0. 3558 */ 3559 3560static void 3561sppp_auth_send(const struct cp *cp, struct sppp *sp, u_char type, u_char id, 3562 ...) 3563{ 3564 STDDCL; 3565 struct ppp_header *h; 3566 struct lcp_header *lh; 3567 struct mbuf *m; 3568 u_char *p; 3569 int len; 3570 unsigned mlen; 3571 const char *msg; 3572 va_list ap; 3573 3574 MGETHDR (m, M_DONTWAIT, MT_DATA); 3575 if (! m) 3576 return; 3577 m->m_pkthdr.rcvif = 0; 3578 3579 h = mtod (m, struct ppp_header*); 3580 h->address = PPP_ALLSTATIONS; /* broadcast address */ 3581 h->control = PPP_UI; /* Unnumbered Info */ 3582 h->protocol = htons(cp->proto); 3583 3584 lh = (struct lcp_header*)(h + 1); 3585 lh->type = type; 3586 lh->ident = id; 3587 p = (u_char*) (lh+1); 3588 3589 va_start(ap, id); 3590 len = 0; 3591 3592 while ((mlen = va_arg(ap, unsigned)) != 0) { 3593 msg = va_arg(ap, const char *); 3594 len += mlen; 3595 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 3596 va_end(ap); 3597 m_freem(m); 3598 return; 3599 } 3600 3601 bcopy(msg, p, mlen); 3602 p += mlen; 3603 } 3604 va_end(ap); 3605 3606 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 3607 lh->len = htons (LCP_HEADER_LEN + len); 3608 3609 if (debug) { 3610 log(LOG_DEBUG, "%s%d: %s output <%s id=0x%x len=%d", 3611 ifp->if_name, ifp->if_unit, cp->name, 3612 sppp_auth_type_name(cp->proto, lh->type), 3613 lh->ident, ntohs(lh->len)); 3614 if (len) 3615 sppp_print_bytes((u_char*) (lh+1), len); 3616 addlog(">\n"); 3617 } 3618 if (IF_QFULL (&sp->pp_cpq)) { 3619 IF_DROP (&sp->pp_fastq); 3620 IF_DROP (&ifp->if_snd); 3621 m_freem (m); 3622 ++ifp->if_oerrors; 3623 } else 3624 IF_ENQUEUE (&sp->pp_cpq, m); 3625 if (! (ifp->if_flags & IFF_OACTIVE)) 3626 (*ifp->if_start) (ifp); 3627 ifp->if_obytes += m->m_pkthdr.len + 3; 3628} 3629 3630/* 3631 * Flush interface queue. 3632 */ 3633static void 3634sppp_qflush(struct ifqueue *ifq) 3635{ 3636 struct mbuf *m, *n; 3637 3638 n = ifq->ifq_head; 3639 while ((m = n)) { 3640 n = m->m_act; 3641 m_freem (m); 3642 } 3643 ifq->ifq_head = 0; 3644 ifq->ifq_tail = 0; 3645 ifq->ifq_len = 0; 3646} 3647 3648/* 3649 * Send keepalive packets, every 10 seconds. 3650 */ 3651static void 3652sppp_keepalive(void *dummy) 3653{ 3654 struct sppp *sp; 3655 int s; 3656 3657 s = splimp(); 3658 for (sp=spppq; sp; sp=sp->pp_next) { 3659 struct ifnet *ifp = &sp->pp_if; 3660 3661 /* Keepalive mode disabled or channel down? */ 3662 if (! (sp->pp_flags & PP_KEEPALIVE) || 3663 ! (ifp->if_flags & IFF_RUNNING)) 3664 continue; 3665 3666 /* No keepalive in PPP mode if LCP not opened yet. */ 3667 if (! (sp->pp_flags & PP_CISCO) && 3668 sp->pp_phase < PHASE_AUTHENTICATE) 3669 continue; 3670 3671 if (sp->pp_alivecnt == MAXALIVECNT) { 3672 /* No keepalive packets got. Stop the interface. */ 3673 printf ("%s%d: down\n", ifp->if_name, ifp->if_unit); 3674 if_down (ifp); 3675 sppp_qflush (&sp->pp_cpq); 3676 if (! (sp->pp_flags & PP_CISCO)) { 3677 /* XXX */ 3678 /* Shut down the PPP link. */ 3679 lcp.Down(sp); 3680 /* Initiate negotiation. XXX */ 3681 lcp.Up(sp); 3682 } 3683 } 3684 if (sp->pp_alivecnt <= MAXALIVECNT) 3685 ++sp->pp_alivecnt; 3686 if (sp->pp_flags & PP_CISCO) 3687 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, ++sp->pp_seq, 3688 sp->pp_rseq); 3689 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 3690 long nmagic = htonl (sp->lcp.magic); 3691 sp->lcp.echoid = ++sp->pp_seq; 3692 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 3693 sp->lcp.echoid, 4, &nmagic); 3694 } 3695 } 3696 splx(s); 3697 keepalive_ch = timeout(sppp_keepalive, 0, hz * 10); 3698} 3699 3700/* 3701 * Get both IP addresses. 3702 */ 3703static void 3704sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 3705{ 3706 struct ifnet *ifp = &sp->pp_if; 3707 struct ifaddr *ifa; 3708 struct sockaddr_in *si, *sm; 3709 u_long ssrc, ddst; 3710 3711 ssrc = ddst = 0L; 3712 /* 3713 * Pick the first AF_INET address from the list, 3714 * aliases don't make any sense on a p2p link anyway. 3715 */ 3716 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 3717 ifa; 3718 ifa = ifa->ifa_link.tqe_next) 3719 if (ifa->ifa_addr->sa_family == AF_INET) { 3720 si = (struct sockaddr_in *)ifa->ifa_addr; 3721 sm = (struct sockaddr_in *)ifa->ifa_netmask; 3722 if (si) 3723 break; 3724 } 3725 if (ifa) { 3726 if (si && si->sin_addr.s_addr) { 3727 ssrc = si->sin_addr.s_addr; 3728 if (srcmask) 3729 *srcmask = ntohl(sm->sin_addr.s_addr); 3730 } 3731 3732 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 3733 if (si && si->sin_addr.s_addr) 3734 ddst = si->sin_addr.s_addr; 3735 } 3736 3737 if (dst) *dst = ntohl(ddst); 3738 if (src) *src = ntohl(ssrc); 3739} 3740 3741/* 3742 * Set my IP address. Must be called at splimp. 3743 */ 3744static void 3745sppp_set_ip_addr(struct sppp *sp, u_long src) 3746{ 3747 struct ifnet *ifp = &sp->pp_if; 3748 struct ifaddr *ifa; 3749 struct sockaddr_in *si; 3750 u_long ssrc, ddst; 3751 3752 /* 3753 * Pick the first AF_INET address from the list, 3754 * aliases don't make any sense on a p2p link anyway. 3755 */ 3756 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 3757 ifa; 3758 ifa = ifa->ifa_link.tqe_next) 3759 if (ifa->ifa_addr->sa_family == AF_INET) { 3760 si = (struct sockaddr_in *)ifa->ifa_addr; 3761 if (si) 3762 break; 3763 } 3764 if (ifa && si) 3765 si->sin_addr.s_addr = htonl(src); 3766} 3767 3768static int 3769sppp_params(struct sppp *sp, int cmd, void *data) 3770{ 3771 int subcmd; 3772 struct ifreq *ifr = (struct ifreq *)data; 3773 struct spppreq spr; 3774 3775 /* 3776 * ifr->ifr_data is supposed to point to a struct spppreq. 3777 * Check the cmd word first before attempting to fetch all the 3778 * data. 3779 */ 3780 if ((subcmd = fuword(ifr->ifr_data)) == -1) 3781 return EFAULT; 3782 3783 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0) 3784 return EFAULT; 3785 3786 switch (subcmd) { 3787 case SPPPIOGDEFS: 3788 if (cmd != SIOCGIFGENERIC) 3789 return EINVAL; 3790 /* 3791 * We copy over the entire current state, but clean 3792 * out some of the stuff we don't wanna pass up. 3793 * Remember, SIOCGIFGENERIC is unprotected, and can be 3794 * called by any user. No need to ever get PAP or 3795 * CHAP secrets back to userland anyway. 3796 */ 3797 bcopy(sp, &spr.defs, sizeof(struct sppp)); 3798 bzero(spr.defs.myauth.secret, AUTHKEYLEN); 3799 bzero(spr.defs.myauth.challenge, AUTHKEYLEN); 3800 bzero(spr.defs.hisauth.secret, AUTHKEYLEN); 3801 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN); 3802 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr); 3803 3804 case SPPPIOSDEFS: 3805 if (cmd != SIOCSIFGENERIC) 3806 return EINVAL; 3807 /* 3808 * We have a very specific idea of which fields we allow 3809 * being passed back from userland, so to not clobber our 3810 * current state. For one, we only allow setting 3811 * anything if LCP is in dead phase. Once the LCP 3812 * negotiations started, the authentication settings must 3813 * not be changed again. (The administrator can force an 3814 * ifconfig down in order to get LCP back into dead 3815 * phase.) 3816 * 3817 * Also, we only allow for authentication parameters to be 3818 * specified. 3819 * 3820 * XXX Should allow to set or clear pp_flags. 3821 * 3822 * Finally, if the respective authentication protocol to 3823 * be used is set differently than 0, but the secret is 3824 * passed as all zeros, we don't trash the existing secret. 3825 * This allows an administrator to change the system name 3826 * only without clobbering the secret (which he didn't get 3827 * back in a previous SPPPIOGDEFS call). However, the 3828 * secrets are cleared if the authentication protocol is 3829 * reset to 0. 3830 */ 3831 if (sp->pp_phase != PHASE_DEAD) 3832 return EBUSY; 3833 3834 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP && 3835 spr.defs.myauth.proto != PPP_CHAP) || 3836 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP && 3837 spr.defs.hisauth.proto != PPP_CHAP)) 3838 return EINVAL; 3839 3840 if (spr.defs.myauth.proto == 0) 3841 /* resetting myauth */ 3842 bzero(&sp->myauth, sizeof sp->myauth); 3843 else { 3844 /* setting/changing myauth */ 3845 sp->myauth.proto = spr.defs.myauth.proto; 3846 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 3847 if (spr.defs.myauth.secret[0] != '\0') 3848 bcopy(spr.defs.myauth.secret, sp->myauth.secret, 3849 AUTHKEYLEN); 3850 } 3851 if (spr.defs.hisauth.proto == 0) 3852 /* resetting hisauth */ 3853 bzero(&sp->hisauth, sizeof sp->hisauth); 3854 else { 3855 /* setting/changing hisauth */ 3856 sp->hisauth.proto = spr.defs.hisauth.proto; 3857 sp->hisauth.flags = spr.defs.hisauth.flags; 3858 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 3859 if (spr.defs.hisauth.secret[0] != '\0') 3860 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret, 3861 AUTHKEYLEN); 3862 } 3863 break; 3864 3865 default: 3866 return EINVAL; 3867 } 3868 3869 return 0; 3870} 3871 3872static void 3873sppp_phase_network(struct sppp *sp) 3874{ 3875 struct ifnet *ifp = &sp->pp_if; 3876 int i; 3877 u_long mask; 3878 3879 sp->pp_phase = PHASE_NETWORK; 3880 3881 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit, 3882 sppp_phase_name(sp->pp_phase)); 3883 3884 /* Notify NCPs now. */ 3885 for (i = 0; i < IDX_COUNT; i++) 3886 if ((cps[i])->flags & CP_NCP) 3887 (cps[i])->Open(sp); 3888 3889 /* Send Up events to all NCPs. */ 3890 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 3891 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 3892 (cps[i])->Up(sp); 3893 3894 /* if no NCP is starting, all this was in vain, close down */ 3895 sppp_lcp_check_and_close(sp); 3896} 3897 3898 3899static const char * 3900sppp_cp_type_name(u_char type) 3901{ 3902 static char buf[12]; 3903 switch (type) { 3904 case CONF_REQ: return "conf-req"; 3905 case CONF_ACK: return "conf-ack"; 3906 case CONF_NAK: return "conf-nak"; 3907 case CONF_REJ: return "conf-rej"; 3908 case TERM_REQ: return "term-req"; 3909 case TERM_ACK: return "term-ack"; 3910 case CODE_REJ: return "code-rej"; 3911 case PROTO_REJ: return "proto-rej"; 3912 case ECHO_REQ: return "echo-req"; 3913 case ECHO_REPLY: return "echo-reply"; 3914 case DISC_REQ: return "discard-req"; 3915 } 3916 sprintf (buf, "0x%x", type); 3917 return buf; 3918} 3919 3920static const char * 3921sppp_auth_type_name(u_short proto, u_char type) 3922{ 3923 static char buf[12]; 3924 switch (proto) { 3925 case PPP_CHAP: 3926 switch (type) { 3927 case CHAP_CHALLENGE: return "challenge"; 3928 case CHAP_RESPONSE: return "response"; 3929 case CHAP_SUCCESS: return "success"; 3930 case CHAP_FAILURE: return "failure"; 3931 } 3932 case PPP_PAP: 3933 switch (type) { 3934 case PAP_REQ: return "req"; 3935 case PAP_ACK: return "ack"; 3936 case PAP_NAK: return "nak"; 3937 } 3938 } 3939 sprintf (buf, "0x%x", type); 3940 return buf; 3941} 3942 3943static const char * 3944sppp_lcp_opt_name(u_char opt) 3945{ 3946 static char buf[12]; 3947 switch (opt) { 3948 case LCP_OPT_MRU: return "mru"; 3949 case LCP_OPT_ASYNC_MAP: return "async-map"; 3950 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 3951 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 3952 case LCP_OPT_MAGIC: return "magic"; 3953 case LCP_OPT_PROTO_COMP: return "proto-comp"; 3954 case LCP_OPT_ADDR_COMP: return "addr-comp"; 3955 } 3956 sprintf (buf, "0x%x", opt); 3957 return buf; 3958} 3959 3960static const char * 3961sppp_ipcp_opt_name(u_char opt) 3962{ 3963 static char buf[12]; 3964 switch (opt) { 3965 case IPCP_OPT_ADDRESSES: return "addresses"; 3966 case IPCP_OPT_COMPRESSION: return "compression"; 3967 case IPCP_OPT_ADDRESS: return "address"; 3968 } 3969 sprintf (buf, "0x%x", opt); 3970 return buf; 3971} 3972 3973static const char * 3974sppp_state_name(int state) 3975{ 3976 switch (state) { 3977 case STATE_INITIAL: return "initial"; 3978 case STATE_STARTING: return "starting"; 3979 case STATE_CLOSED: return "closed"; 3980 case STATE_STOPPED: return "stopped"; 3981 case STATE_CLOSING: return "closing"; 3982 case STATE_STOPPING: return "stopping"; 3983 case STATE_REQ_SENT: return "req-sent"; 3984 case STATE_ACK_RCVD: return "ack-rcvd"; 3985 case STATE_ACK_SENT: return "ack-sent"; 3986 case STATE_OPENED: return "opened"; 3987 } 3988 return "illegal"; 3989} 3990 3991static const char * 3992sppp_phase_name(enum ppp_phase phase) 3993{ 3994 switch (phase) { 3995 case PHASE_DEAD: return "dead"; 3996 case PHASE_ESTABLISH: return "establish"; 3997 case PHASE_TERMINATE: return "terminate"; 3998 case PHASE_AUTHENTICATE: return "authenticate"; 3999 case PHASE_NETWORK: return "network"; 4000 } 4001 return "illegal"; 4002} 4003 4004static const char * 4005sppp_proto_name(u_short proto) 4006{ 4007 static char buf[12]; 4008 switch (proto) { 4009 case PPP_LCP: return "lcp"; 4010 case PPP_IPCP: return "ipcp"; 4011 case PPP_PAP: return "pap"; 4012 case PPP_CHAP: return "chap"; 4013 } 4014 sprintf(buf, "0x%x", (unsigned)proto); 4015 return buf; 4016} 4017 4018static void 4019sppp_print_bytes(const u_char *p, u_short len) 4020{ 4021 addlog(" %x", *p++); 4022 while (--len > 0) 4023 addlog("-%x", *p++); 4024} 4025 4026static void 4027sppp_print_string(const char *p, u_short len) 4028{ 4029 u_char c; 4030 4031 while (len-- > 0) { 4032 c = *p++; 4033 /* 4034 * Print only ASCII chars directly. RFC 1994 recommends 4035 * using only them, but we don't rely on it. */ 4036 if (c < ' ' || c > '~') 4037 addlog("\\x%x", c); 4038 else 4039 addlog("%c", c); 4040 } 4041} 4042 4043static const char * 4044sppp_dotted_quad(u_long addr) 4045{ 4046 static char s[16]; 4047 sprintf(s, "%d.%d.%d.%d", 4048 (addr >> 24) & 0xff, 4049 (addr >> 16) & 0xff, 4050 (addr >> 8) & 0xff, 4051 addr & 0xff); 4052 return s; 4053} 4054 4055static int 4056sppp_strnlen(u_char *p, int max) 4057{ 4058 int len; 4059 4060 for (len = 0; len < max && *p; ++p) 4061 ++len; 4062 return len; 4063} 4064 4065/* a dummy, used to drop uninteresting events */ 4066static void 4067sppp_null(struct sppp *unused) 4068{ 4069 /* do just nothing */ 4070} 4071/* 4072 * This file is large. Tell emacs to highlight it nevertheless. 4073 * 4074 * Local Variables: 4075 * hilit-auto-highlight-maxout: 120000 4076 * End: 4077 */ 4078