if_spppsubr.c revision 50477
1/* 2 * Synchronous PPP/Cisco link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 * 5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6 * Author: Serge Vakulenko, <vak@cronyx.ru> 7 * 8 * Heavily revamped to conform to RFC 1661. 9 * Copyright (C) 1997, Joerg Wunsch. 10 * 11 * This software is distributed with NO WARRANTIES, not even the implied 12 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13 * 14 * Authors grant any other persons or organisations permission to use 15 * or modify this software as long as this message is kept with the software, 16 * all derivative works or modified versions. 17 * 18 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 19 * 20 * $FreeBSD: head/sys/net/if_spppsubr.c 50477 1999-08-28 01:08:13Z peter $ 21 */ 22 23#include <sys/param.h> 24 25#if defined(__FreeBSD__) && __FreeBSD__ >= 3 26#include "opt_inet.h" 27#include "opt_ipx.h" 28#endif 29 30#ifdef NetBSD1_3 31# if NetBSD1_3 > 6 32# include "opt_inet.h" 33# include "opt_iso.h" 34# endif 35#endif 36 37#include <sys/systm.h> 38#include <sys/kernel.h> 39#include <sys/sockio.h> 40#include <sys/socket.h> 41#include <sys/syslog.h> 42#if defined(__FreeBSD__) && __FreeBSD__ >= 3 43#include <machine/random.h> 44#endif 45#include <sys/malloc.h> 46#include <sys/mbuf.h> 47 48#if defined (__OpenBSD__) 49#include <sys/md5k.h> 50#else 51#include <sys/md5.h> 52#endif 53 54#include <net/if.h> 55#include <net/netisr.h> 56#include <net/if_types.h> 57#include <net/route.h> 58 59#if defined(__FreeBSD__) && __FreeBSD__ >= 3 60#include <machine/random.h> 61#endif 62#if defined (__NetBSD__) || defined (__OpenBSD__) 63#include <machine/cpu.h> /* XXX for softnet */ 64#endif 65 66#include <machine/stdarg.h> 67 68#ifdef INET 69#include <netinet/in.h> 70#include <netinet/in_systm.h> 71#include <netinet/in_var.h> 72#include <netinet/ip.h> 73#include <netinet/tcp.h> 74# if defined (__FreeBSD__) || defined (__OpenBSD__) 75# include <netinet/if_ether.h> 76# else 77# include <net/ethertypes.h> 78# endif 79#else 80# error Huh? sppp without INET? 81#endif 82 83#ifdef IPX 84#include <netipx/ipx.h> 85#include <netipx/ipx_if.h> 86#endif 87 88#ifdef NS 89#include <netns/ns.h> 90#include <netns/ns_if.h> 91#endif 92 93#ifdef ISO 94#include <netiso/argo_debug.h> 95#include <netiso/iso.h> 96#include <netiso/iso_var.h> 97#include <netiso/iso_snpac.h> 98#endif 99 100#include <net/if_sppp.h> 101 102#if defined(__FreeBSD__) && __FreeBSD__ >= 3 103# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg, handle) 104# define TIMEOUT(fun, arg1, arg2, handle) handle = timeout(fun, arg1, arg2) 105# define IOCTL_CMD_T u_long 106#else 107# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg) 108# define TIMEOUT(fun, arg1, arg2, handle) timeout(fun, arg1, arg2) 109# define IOCTL_CMD_T int 110#endif 111 112#define MAXALIVECNT 3 /* max. alive packets */ 113 114/* 115 * Interface flags that can be set in an ifconfig command. 116 * 117 * Setting link0 will make the link passive, i.e. it will be marked 118 * as being administrative openable, but won't be opened to begin 119 * with. Incoming calls will be answered, or subsequent calls with 120 * -link1 will cause the administrative open of the LCP layer. 121 * 122 * Setting link1 will cause the link to auto-dial only as packets 123 * arrive to be sent. 124 * 125 * Setting IFF_DEBUG will syslog the option negotiation and state 126 * transitions at level kern.debug. Note: all logs consistently look 127 * like 128 * 129 * <if-name><unit>: <proto-name> <additional info...> 130 * 131 * with <if-name><unit> being something like "bppp0", and <proto-name> 132 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 133 */ 134 135#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 136#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 137#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 138 139#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 140#define PPP_UI 0x03 /* Unnumbered Information */ 141#define PPP_IP 0x0021 /* Internet Protocol */ 142#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 143#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 144#define PPP_IPX 0x002b /* Novell IPX Protocol */ 145#define PPP_LCP 0xc021 /* Link Control Protocol */ 146#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 147#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 148#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 149 150#define CONF_REQ 1 /* PPP configure request */ 151#define CONF_ACK 2 /* PPP configure acknowledge */ 152#define CONF_NAK 3 /* PPP configure negative ack */ 153#define CONF_REJ 4 /* PPP configure reject */ 154#define TERM_REQ 5 /* PPP terminate request */ 155#define TERM_ACK 6 /* PPP terminate acknowledge */ 156#define CODE_REJ 7 /* PPP code reject */ 157#define PROTO_REJ 8 /* PPP protocol reject */ 158#define ECHO_REQ 9 /* PPP echo request */ 159#define ECHO_REPLY 10 /* PPP echo reply */ 160#define DISC_REQ 11 /* PPP discard request */ 161 162#define LCP_OPT_MRU 1 /* maximum receive unit */ 163#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 164#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 165#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 166#define LCP_OPT_MAGIC 5 /* magic number */ 167#define LCP_OPT_RESERVED 6 /* reserved */ 168#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 169#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 170 171#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 172#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 173#define IPCP_OPT_ADDRESS 3 /* local IP address */ 174 175#define PAP_REQ 1 /* PAP name/password request */ 176#define PAP_ACK 2 /* PAP acknowledge */ 177#define PAP_NAK 3 /* PAP fail */ 178 179#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 180#define CHAP_RESPONSE 2 /* CHAP challenge response */ 181#define CHAP_SUCCESS 3 /* CHAP response ok */ 182#define CHAP_FAILURE 4 /* CHAP response failed */ 183 184#define CHAP_MD5 5 /* hash algorithm - MD5 */ 185 186#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 187#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 188#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 189#define CISCO_ADDR_REQ 0 /* Cisco address request */ 190#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 191#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 192 193/* states are named and numbered according to RFC 1661 */ 194#define STATE_INITIAL 0 195#define STATE_STARTING 1 196#define STATE_CLOSED 2 197#define STATE_STOPPED 3 198#define STATE_CLOSING 4 199#define STATE_STOPPING 5 200#define STATE_REQ_SENT 6 201#define STATE_ACK_RCVD 7 202#define STATE_ACK_SENT 8 203#define STATE_OPENED 9 204 205struct ppp_header { 206 u_char address; 207 u_char control; 208 u_short protocol; 209}; 210#define PPP_HEADER_LEN sizeof (struct ppp_header) 211 212struct lcp_header { 213 u_char type; 214 u_char ident; 215 u_short len; 216}; 217#define LCP_HEADER_LEN sizeof (struct lcp_header) 218 219struct cisco_packet { 220 u_long type; 221 u_long par1; 222 u_long par2; 223 u_short rel; 224 u_short time0; 225 u_short time1; 226}; 227#define CISCO_PACKET_LEN 18 228 229/* 230 * We follow the spelling and capitalization of RFC 1661 here, to make 231 * it easier comparing with the standard. Please refer to this RFC in 232 * case you can't make sense out of these abbreviation; it will also 233 * explain the semantics related to the various events and actions. 234 */ 235struct cp { 236 u_short proto; /* PPP control protocol number */ 237 u_char protoidx; /* index into state table in struct sppp */ 238 u_char flags; 239#define CP_LCP 0x01 /* this is the LCP */ 240#define CP_AUTH 0x02 /* this is an authentication protocol */ 241#define CP_NCP 0x04 /* this is a NCP */ 242#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 243 const char *name; /* name of this control protocol */ 244 /* event handlers */ 245 void (*Up)(struct sppp *sp); 246 void (*Down)(struct sppp *sp); 247 void (*Open)(struct sppp *sp); 248 void (*Close)(struct sppp *sp); 249 void (*TO)(void *sp); 250 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 251 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 252 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 253 /* actions */ 254 void (*tlu)(struct sppp *sp); 255 void (*tld)(struct sppp *sp); 256 void (*tls)(struct sppp *sp); 257 void (*tlf)(struct sppp *sp); 258 void (*scr)(struct sppp *sp); 259}; 260 261static struct sppp *spppq; 262#if defined(__FreeBSD__) && __FreeBSD__ >= 3 263static struct callout_handle keepalive_ch; 264#endif 265 266#if defined(__FreeBSD__) && __FreeBSD__ >= 3 267#define SPP_FMT "%s%d: " 268#define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 269#else 270#define SPP_FMT "%s: " 271#define SPP_ARGS(ifp) (ifp)->if_xname 272#endif 273 274/* 275 * The following disgusting hack gets around the problem that IP TOS 276 * can't be set yet. We want to put "interactive" traffic on a high 277 * priority queue. To decide if traffic is interactive, we check that 278 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 279 * 280 * XXX is this really still necessary? - joerg - 281 */ 282static u_short interactive_ports[8] = { 283 0, 513, 0, 0, 284 0, 21, 0, 23, 285}; 286#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 287 288/* almost every function needs these */ 289#define STDDCL \ 290 struct ifnet *ifp = &sp->pp_if; \ 291 int debug = ifp->if_flags & IFF_DEBUG 292 293static int sppp_output(struct ifnet *ifp, struct mbuf *m, 294 struct sockaddr *dst, struct rtentry *rt); 295 296static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 297static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 298 299static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 300 struct mbuf *m); 301static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 302 u_char ident, u_short len, void *data); 303/* static void sppp_cp_timeout(void *arg); */ 304static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 305 int newstate); 306static void sppp_auth_send(const struct cp *cp, 307 struct sppp *sp, unsigned int type, unsigned int id, 308 ...); 309 310static void sppp_up_event(const struct cp *cp, struct sppp *sp); 311static void sppp_down_event(const struct cp *cp, struct sppp *sp); 312static void sppp_open_event(const struct cp *cp, struct sppp *sp); 313static void sppp_close_event(const struct cp *cp, struct sppp *sp); 314static void sppp_to_event(const struct cp *cp, struct sppp *sp); 315 316static void sppp_null(struct sppp *sp); 317 318static void sppp_lcp_init(struct sppp *sp); 319static void sppp_lcp_up(struct sppp *sp); 320static void sppp_lcp_down(struct sppp *sp); 321static void sppp_lcp_open(struct sppp *sp); 322static void sppp_lcp_close(struct sppp *sp); 323static void sppp_lcp_TO(void *sp); 324static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 325static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 326static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 327static void sppp_lcp_tlu(struct sppp *sp); 328static void sppp_lcp_tld(struct sppp *sp); 329static void sppp_lcp_tls(struct sppp *sp); 330static void sppp_lcp_tlf(struct sppp *sp); 331static void sppp_lcp_scr(struct sppp *sp); 332static void sppp_lcp_check_and_close(struct sppp *sp); 333static int sppp_ncp_check(struct sppp *sp); 334 335static void sppp_ipcp_init(struct sppp *sp); 336static void sppp_ipcp_up(struct sppp *sp); 337static void sppp_ipcp_down(struct sppp *sp); 338static void sppp_ipcp_open(struct sppp *sp); 339static void sppp_ipcp_close(struct sppp *sp); 340static void sppp_ipcp_TO(void *sp); 341static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 342static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 343static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 344static void sppp_ipcp_tlu(struct sppp *sp); 345static void sppp_ipcp_tld(struct sppp *sp); 346static void sppp_ipcp_tls(struct sppp *sp); 347static void sppp_ipcp_tlf(struct sppp *sp); 348static void sppp_ipcp_scr(struct sppp *sp); 349 350static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 351static void sppp_pap_init(struct sppp *sp); 352static void sppp_pap_open(struct sppp *sp); 353static void sppp_pap_close(struct sppp *sp); 354static void sppp_pap_TO(void *sp); 355static void sppp_pap_my_TO(void *sp); 356static void sppp_pap_tlu(struct sppp *sp); 357static void sppp_pap_tld(struct sppp *sp); 358static void sppp_pap_scr(struct sppp *sp); 359 360static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 361static void sppp_chap_init(struct sppp *sp); 362static void sppp_chap_open(struct sppp *sp); 363static void sppp_chap_close(struct sppp *sp); 364static void sppp_chap_TO(void *sp); 365static void sppp_chap_tlu(struct sppp *sp); 366static void sppp_chap_tld(struct sppp *sp); 367static void sppp_chap_scr(struct sppp *sp); 368 369static const char *sppp_auth_type_name(u_short proto, u_char type); 370static const char *sppp_cp_type_name(u_char type); 371static const char *sppp_dotted_quad(u_long addr); 372static const char *sppp_ipcp_opt_name(u_char opt); 373static const char *sppp_lcp_opt_name(u_char opt); 374static const char *sppp_phase_name(enum ppp_phase phase); 375static const char *sppp_proto_name(u_short proto); 376static const char *sppp_state_name(int state); 377static int sppp_params(struct sppp *sp, u_long cmd, void *data); 378static int sppp_strnlen(u_char *p, int max); 379static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 380 u_long *srcmask); 381static void sppp_keepalive(void *dummy); 382static void sppp_phase_network(struct sppp *sp); 383static void sppp_print_bytes(const u_char *p, u_short len); 384static void sppp_print_string(const char *p, u_short len); 385static void sppp_qflush(struct ifqueue *ifq); 386static void sppp_set_ip_addr(struct sppp *sp, u_long src); 387 388/* our control protocol descriptors */ 389static const struct cp lcp = { 390 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 391 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 392 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 393 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 394 sppp_lcp_scr 395}; 396 397static const struct cp ipcp = { 398 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp", 399 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 400 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 401 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 402 sppp_ipcp_scr 403}; 404 405static const struct cp pap = { 406 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 407 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 408 sppp_pap_TO, 0, 0, 0, 409 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 410 sppp_pap_scr 411}; 412 413static const struct cp chap = { 414 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 415 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 416 sppp_chap_TO, 0, 0, 0, 417 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 418 sppp_chap_scr 419}; 420 421static const struct cp *cps[IDX_COUNT] = { 422 &lcp, /* IDX_LCP */ 423 &ipcp, /* IDX_IPCP */ 424 &pap, /* IDX_PAP */ 425 &chap, /* IDX_CHAP */ 426}; 427 428 429/* 430 * Exported functions, comprising our interface to the lower layer. 431 */ 432 433/* 434 * Process the received packet. 435 */ 436void 437sppp_input(struct ifnet *ifp, struct mbuf *m) 438{ 439 struct ppp_header *h; 440 struct ifqueue *inq = 0; 441 int s; 442 struct sppp *sp = (struct sppp *)ifp; 443 int debug = ifp->if_flags & IFF_DEBUG; 444 445 if (ifp->if_flags & IFF_UP) 446 /* Count received bytes, add FCS and one flag */ 447 ifp->if_ibytes += m->m_pkthdr.len + 3; 448 449 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 450 /* Too small packet, drop it. */ 451 if (debug) 452 log(LOG_DEBUG, 453 SPP_FMT "input packet is too small, %d bytes\n", 454 SPP_ARGS(ifp), m->m_pkthdr.len); 455 drop: 456 ++ifp->if_ierrors; 457 ++ifp->if_iqdrops; 458 m_freem (m); 459 return; 460 } 461 462 /* Get PPP header. */ 463 h = mtod (m, struct ppp_header*); 464 m_adj (m, PPP_HEADER_LEN); 465 466 switch (h->address) { 467 case PPP_ALLSTATIONS: 468 if (h->control != PPP_UI) 469 goto invalid; 470 if (sp->pp_mode == IFF_CISCO) { 471 if (debug) 472 log(LOG_DEBUG, 473 SPP_FMT "PPP packet in Cisco mode " 474 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 475 SPP_ARGS(ifp), 476 h->address, h->control, ntohs(h->protocol)); 477 goto drop; 478 } 479 switch (ntohs (h->protocol)) { 480 default: 481 if (debug) 482 log(LOG_DEBUG, 483 SPP_FMT "rejecting protocol " 484 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 485 SPP_ARGS(ifp), 486 h->address, h->control, ntohs(h->protocol)); 487 if (sp->state[IDX_LCP] == STATE_OPENED) 488 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 489 ++sp->pp_seq, m->m_pkthdr.len + 2, 490 &h->protocol); 491 ++ifp->if_noproto; 492 goto drop; 493 case PPP_LCP: 494 sppp_cp_input(&lcp, sp, m); 495 m_freem (m); 496 return; 497 case PPP_PAP: 498 if (sp->pp_phase >= PHASE_AUTHENTICATE) 499 sppp_pap_input(sp, m); 500 m_freem (m); 501 return; 502 case PPP_CHAP: 503 if (sp->pp_phase >= PHASE_AUTHENTICATE) 504 sppp_chap_input(sp, m); 505 m_freem (m); 506 return; 507#ifdef INET 508 case PPP_IPCP: 509 if (sp->pp_phase == PHASE_NETWORK) 510 sppp_cp_input(&ipcp, sp, m); 511 m_freem (m); 512 return; 513 case PPP_IP: 514 if (sp->state[IDX_IPCP] == STATE_OPENED) { 515 schednetisr (NETISR_IP); 516 inq = &ipintrq; 517 } 518 break; 519#endif 520#ifdef IPX 521 case PPP_IPX: 522 /* IPX IPXCP not implemented yet */ 523 if (sp->pp_phase == PHASE_NETWORK) { 524 schednetisr (NETISR_IPX); 525 inq = &ipxintrq; 526 } 527 break; 528#endif 529#ifdef NS 530 case PPP_XNS: 531 /* XNS IDPCP not implemented yet */ 532 if (sp->pp_phase == PHASE_NETWORK) { 533 schednetisr (NETISR_NS); 534 inq = &nsintrq; 535 } 536 break; 537#endif 538#ifdef ISO 539 case PPP_ISO: 540 /* OSI NLCP not implemented yet */ 541 if (sp->pp_phase == PHASE_NETWORK) { 542 schednetisr (NETISR_ISO); 543 inq = &clnlintrq; 544 } 545 break; 546#endif 547 } 548 break; 549 case CISCO_MULTICAST: 550 case CISCO_UNICAST: 551 /* Don't check the control field here (RFC 1547). */ 552 if (sp->pp_mode != IFF_CISCO) { 553 if (debug) 554 log(LOG_DEBUG, 555 SPP_FMT "Cisco packet in PPP mode " 556 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 557 SPP_ARGS(ifp), 558 h->address, h->control, ntohs(h->protocol)); 559 goto drop; 560 } 561 switch (ntohs (h->protocol)) { 562 default: 563 ++ifp->if_noproto; 564 goto invalid; 565 case CISCO_KEEPALIVE: 566 sppp_cisco_input ((struct sppp*) ifp, m); 567 m_freem (m); 568 return; 569#ifdef INET 570 case ETHERTYPE_IP: 571 schednetisr (NETISR_IP); 572 inq = &ipintrq; 573 break; 574#endif 575#ifdef IPX 576 case ETHERTYPE_IPX: 577 schednetisr (NETISR_IPX); 578 inq = &ipxintrq; 579 break; 580#endif 581#ifdef NS 582 case ETHERTYPE_NS: 583 schednetisr (NETISR_NS); 584 inq = &nsintrq; 585 break; 586#endif 587 } 588 break; 589 default: /* Invalid PPP packet. */ 590 invalid: 591 if (debug) 592 log(LOG_DEBUG, 593 SPP_FMT "invalid input packet " 594 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 595 SPP_ARGS(ifp), 596 h->address, h->control, ntohs(h->protocol)); 597 goto drop; 598 } 599 600 if (! (ifp->if_flags & IFF_UP) || ! inq) 601 goto drop; 602 603 /* Check queue. */ 604 s = splimp(); 605 if (IF_QFULL (inq)) { 606 /* Queue overflow. */ 607 IF_DROP(inq); 608 splx(s); 609 if (debug) 610 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 611 SPP_ARGS(ifp)); 612 goto drop; 613 } 614 IF_ENQUEUE(inq, m); 615 splx(s); 616} 617 618/* 619 * Enqueue transmit packet. 620 */ 621static int 622sppp_output(struct ifnet *ifp, struct mbuf *m, 623 struct sockaddr *dst, struct rtentry *rt) 624{ 625 struct sppp *sp = (struct sppp*) ifp; 626 struct ppp_header *h; 627 struct ifqueue *ifq; 628 int s, rv = 0; 629 int debug = ifp->if_flags & IFF_DEBUG; 630 631 s = splimp(); 632 633 if ((ifp->if_flags & IFF_UP) == 0 || 634 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 635 m_freem (m); 636 splx (s); 637 return (ENETDOWN); 638 } 639 640 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 641 /* 642 * Interface is not yet running, but auto-dial. Need 643 * to start LCP for it. 644 */ 645 ifp->if_flags |= IFF_RUNNING; 646 splx(s); 647 lcp.Open(sp); 648 s = splimp(); 649 } 650 651 ifq = &ifp->if_snd; 652#ifdef INET 653 if (dst->sa_family == AF_INET) { 654 /* XXX Check mbuf length here? */ 655 struct ip *ip = mtod (m, struct ip*); 656 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 657 658 /* 659 * When using dynamic local IP address assignment by using 660 * 0.0.0.0 as a local address, the first TCP session will 661 * not connect because the local TCP checksum is computed 662 * using 0.0.0.0 which will later become our real IP address 663 * so the TCP checksum computed at the remote end will 664 * become invalid. So we 665 * - don't let packets with src ip addr 0 thru 666 * - we flag TCP packets with src ip 0 as an error 667 */ 668 669 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 670 { 671 m_freem(m); 672 splx(s); 673 if(ip->ip_p == IPPROTO_TCP) 674 return(EADDRNOTAVAIL); 675 else 676 return(0); 677 } 678 679 /* 680 * Put low delay, telnet, rlogin and ftp control packets 681 * in front of the queue. 682 */ 683 if (IF_QFULL (&sp->pp_fastq)) 684 ; 685 else if (ip->ip_tos & IPTOS_LOWDELAY) 686 ifq = &sp->pp_fastq; 687 else if (m->m_len < sizeof *ip + sizeof *tcp) 688 ; 689 else if (ip->ip_p != IPPROTO_TCP) 690 ; 691 else if (INTERACTIVE (ntohs (tcp->th_sport))) 692 ifq = &sp->pp_fastq; 693 else if (INTERACTIVE (ntohs (tcp->th_dport))) 694 ifq = &sp->pp_fastq; 695 } 696#endif 697 698 /* 699 * Prepend general data packet PPP header. For now, IP only. 700 */ 701 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 702 if (! m) { 703 if (debug) 704 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 705 SPP_ARGS(ifp)); 706 ++ifp->if_oerrors; 707 splx (s); 708 return (ENOBUFS); 709 } 710 /* 711 * May want to check size of packet 712 * (albeit due to the implementation it's always enough) 713 */ 714 h = mtod (m, struct ppp_header*); 715 if (sp->pp_mode == IFF_CISCO) { 716 h->address = CISCO_UNICAST; /* unicast address */ 717 h->control = 0; 718 } else { 719 h->address = PPP_ALLSTATIONS; /* broadcast address */ 720 h->control = PPP_UI; /* Unnumbered Info */ 721 } 722 723 switch (dst->sa_family) { 724#ifdef INET 725 case AF_INET: /* Internet Protocol */ 726 if (sp->pp_mode == IFF_CISCO) 727 h->protocol = htons (ETHERTYPE_IP); 728 else { 729 /* 730 * Don't choke with an ENETDOWN early. It's 731 * possible that we just started dialing out, 732 * so don't drop the packet immediately. If 733 * we notice that we run out of buffer space 734 * below, we will however remember that we are 735 * not ready to carry IP packets, and return 736 * ENETDOWN, as opposed to ENOBUFS. 737 */ 738 h->protocol = htons(PPP_IP); 739 if (sp->state[IDX_IPCP] != STATE_OPENED) 740 rv = ENETDOWN; 741 } 742 break; 743#endif 744#ifdef NS 745 case AF_NS: /* Xerox NS Protocol */ 746 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 747 ETHERTYPE_NS : PPP_XNS); 748 break; 749#endif 750#ifdef IPX 751 case AF_IPX: /* Novell IPX Protocol */ 752 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 753 ETHERTYPE_IPX : PPP_IPX); 754 break; 755#endif 756#ifdef ISO 757 case AF_ISO: /* ISO OSI Protocol */ 758 if (sp->pp_mode == IFF_CISCO) 759 goto nosupport; 760 h->protocol = htons (PPP_ISO); 761 break; 762nosupport: 763#endif 764 default: 765 m_freem (m); 766 ++ifp->if_oerrors; 767 splx (s); 768 return (EAFNOSUPPORT); 769 } 770 771 /* 772 * Queue message on interface, and start output if interface 773 * not yet active. 774 */ 775 if (IF_QFULL (ifq)) { 776 IF_DROP (&ifp->if_snd); 777 m_freem (m); 778 ++ifp->if_oerrors; 779 splx (s); 780 return (rv? rv: ENOBUFS); 781 } 782 IF_ENQUEUE (ifq, m); 783 if (! (ifp->if_flags & IFF_OACTIVE)) 784 (*ifp->if_start) (ifp); 785 786 /* 787 * Count output packets and bytes. 788 * The packet length includes header, FCS and 1 flag, 789 * according to RFC 1333. 790 */ 791 ifp->if_obytes += m->m_pkthdr.len + 3; 792 splx (s); 793 return (0); 794} 795 796void 797sppp_attach(struct ifnet *ifp) 798{ 799 struct sppp *sp = (struct sppp*) ifp; 800 801 /* Initialize keepalive handler. */ 802 if (! spppq) 803 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 804 805 /* Insert new entry into the keepalive list. */ 806 sp->pp_next = spppq; 807 spppq = sp; 808 809 sp->pp_if.if_mtu = PP_MTU; 810 sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 811 sp->pp_if.if_type = IFT_PPP; 812 sp->pp_if.if_output = sppp_output; 813#if 0 814 sp->pp_flags = PP_KEEPALIVE; 815#endif 816 sp->pp_fastq.ifq_maxlen = 32; 817 sp->pp_cpq.ifq_maxlen = 20; 818 sp->pp_loopcnt = 0; 819 sp->pp_alivecnt = 0; 820 sp->pp_seq = 0; 821 sp->pp_rseq = 0; 822 sp->pp_phase = PHASE_DEAD; 823 sp->pp_up = lcp.Up; 824 sp->pp_down = lcp.Down; 825 826 sppp_lcp_init(sp); 827 sppp_ipcp_init(sp); 828 sppp_pap_init(sp); 829 sppp_chap_init(sp); 830} 831 832void 833sppp_detach(struct ifnet *ifp) 834{ 835 struct sppp **q, *p, *sp = (struct sppp*) ifp; 836 int i; 837 838 /* Remove the entry from the keepalive list. */ 839 for (q = &spppq; (p = *q); q = &p->pp_next) 840 if (p == sp) { 841 *q = p->pp_next; 842 break; 843 } 844 845 /* Stop keepalive handler. */ 846 if (! spppq) 847 UNTIMEOUT(sppp_keepalive, 0, keepalive_ch); 848 849 for (i = 0; i < IDX_COUNT; i++) 850 UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]); 851 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 852} 853 854/* 855 * Flush the interface output queue. 856 */ 857void 858sppp_flush(struct ifnet *ifp) 859{ 860 struct sppp *sp = (struct sppp*) ifp; 861 862 sppp_qflush (&sp->pp_if.if_snd); 863 sppp_qflush (&sp->pp_fastq); 864 sppp_qflush (&sp->pp_cpq); 865} 866 867/* 868 * Check if the output queue is empty. 869 */ 870int 871sppp_isempty(struct ifnet *ifp) 872{ 873 struct sppp *sp = (struct sppp*) ifp; 874 int empty, s; 875 876 s = splimp(); 877 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 878 !sp->pp_if.if_snd.ifq_head; 879 splx(s); 880 return (empty); 881} 882 883/* 884 * Get next packet to send. 885 */ 886struct mbuf * 887sppp_dequeue(struct ifnet *ifp) 888{ 889 struct sppp *sp = (struct sppp*) ifp; 890 struct mbuf *m; 891 int s; 892 893 s = splimp(); 894 /* 895 * Process only the control protocol queue until we have at 896 * least one NCP open. 897 * 898 * Do always serve all three queues in Cisco mode. 899 */ 900 IF_DEQUEUE(&sp->pp_cpq, m); 901 if (m == NULL && 902 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO)) { 903 IF_DEQUEUE(&sp->pp_fastq, m); 904 if (m == NULL) 905 IF_DEQUEUE (&sp->pp_if.if_snd, m); 906 } 907 splx(s); 908 return m; 909} 910 911/* 912 * Pick the next packet, do not remove it from the queue. 913 */ 914struct mbuf * 915sppp_pick(struct ifnet *ifp) 916{ 917 struct sppp *sp = (struct sppp*)ifp; 918 struct mbuf *m; 919 int s; 920 921 s= splimp (); 922 923 m = sp->pp_cpq.ifq_head; 924 if (m == NULL && 925 (sp->pp_phase == PHASE_NETWORK || sp->pp_mode == IFF_CISCO)) 926 if ((m = sp->pp_fastq.ifq_head) == NULL) 927 m = sp->pp_if.if_snd.ifq_head; 928 splx (s); 929 return (m); 930} 931 932/* 933 * Process an ioctl request. Called on low priority level. 934 */ 935int 936sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 937{ 938 struct ifreq *ifr = (struct ifreq*) data; 939 struct sppp *sp = (struct sppp*) ifp; 940 int s, rv, going_up, going_down, newmode; 941 942 s = splimp(); 943 rv = 0; 944 switch (cmd) { 945 case SIOCAIFADDR: 946 case SIOCSIFDSTADDR: 947 break; 948 949 case SIOCSIFADDR: 950 if_up(ifp); 951 /* fall through... */ 952 953 case SIOCSIFFLAGS: 954 going_up = ifp->if_flags & IFF_UP && 955 (ifp->if_flags & IFF_RUNNING) == 0; 956 going_down = (ifp->if_flags & IFF_UP) == 0 && 957 ifp->if_flags & IFF_RUNNING; 958 959 newmode = ifp->if_flags & IFF_PASSIVE; 960 if (!newmode) 961 newmode = ifp->if_flags & IFF_AUTO; 962 if (!newmode) 963 newmode = ifp->if_flags & IFF_CISCO; 964 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 965 ifp->if_flags |= newmode; 966 967 if (newmode != sp->pp_mode) { 968 going_down = 1; 969 if (!going_up) 970 going_up = ifp->if_flags & IFF_RUNNING; 971 } 972 973 if (going_down) { 974 if (sp->pp_mode != IFF_CISCO) 975 lcp.Close(sp); 976 else if (sp->pp_tlf) 977 (sp->pp_tlf)(sp); 978 sppp_flush(ifp); 979 ifp->if_flags &= ~IFF_RUNNING; 980 sp->pp_mode = newmode; 981 } 982 983 if (going_up) { 984 if (sp->pp_mode != IFF_CISCO) 985 lcp.Close(sp); 986 sp->pp_mode = newmode; 987 if (sp->pp_mode == 0) { 988 ifp->if_flags |= IFF_RUNNING; 989 lcp.Open(sp); 990 } 991 if (sp->pp_mode == IFF_CISCO) { 992 if (sp->pp_tls) 993 (sp->pp_tls)(sp); 994 ifp->if_flags |= IFF_RUNNING; 995 } 996 } 997 998 break; 999 1000#ifdef SIOCSIFMTU 1001#ifndef ifr_mtu 1002#define ifr_mtu ifr_metric 1003#endif 1004 case SIOCSIFMTU: 1005 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1006 return (EINVAL); 1007 ifp->if_mtu = ifr->ifr_mtu; 1008 break; 1009#endif 1010#ifdef SLIOCSETMTU 1011 case SLIOCSETMTU: 1012 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1013 return (EINVAL); 1014 ifp->if_mtu = *(short*)data; 1015 break; 1016#endif 1017#ifdef SIOCGIFMTU 1018 case SIOCGIFMTU: 1019 ifr->ifr_mtu = ifp->if_mtu; 1020 break; 1021#endif 1022#ifdef SLIOCGETMTU 1023 case SLIOCGETMTU: 1024 *(short*)data = ifp->if_mtu; 1025 break; 1026#endif 1027 case SIOCADDMULTI: 1028 case SIOCDELMULTI: 1029 break; 1030 1031 case SIOCGIFGENERIC: 1032 case SIOCSIFGENERIC: 1033 rv = sppp_params(sp, cmd, data); 1034 break; 1035 1036 default: 1037 rv = ENOTTY; 1038 } 1039 splx(s); 1040 return rv; 1041} 1042 1043 1044/* 1045 * Cisco framing implementation. 1046 */ 1047 1048/* 1049 * Handle incoming Cisco keepalive protocol packets. 1050 */ 1051static void 1052sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1053{ 1054 STDDCL; 1055 struct cisco_packet *h; 1056 u_long me, mymask; 1057 1058 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1059 if (debug) 1060 log(LOG_DEBUG, 1061 SPP_FMT "cisco invalid packet length: %d bytes\n", 1062 SPP_ARGS(ifp), m->m_pkthdr.len); 1063 return; 1064 } 1065 h = mtod (m, struct cisco_packet*); 1066 if (debug) 1067 log(LOG_DEBUG, 1068 SPP_FMT "cisco input: %d bytes " 1069 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1070 SPP_ARGS(ifp), m->m_pkthdr.len, 1071 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1072 (u_int)h->time0, (u_int)h->time1); 1073 switch (ntohl (h->type)) { 1074 default: 1075 if (debug) 1076 addlog(SPP_FMT "cisco unknown packet type: 0x%lx\n", 1077 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1078 break; 1079 case CISCO_ADDR_REPLY: 1080 /* Reply on address request, ignore */ 1081 break; 1082 case CISCO_KEEPALIVE_REQ: 1083 sp->pp_alivecnt = 0; 1084 sp->pp_rseq = ntohl (h->par1); 1085 if (sp->pp_seq == sp->pp_rseq) { 1086 /* Local and remote sequence numbers are equal. 1087 * Probably, the line is in loopback mode. */ 1088 if (sp->pp_loopcnt >= MAXALIVECNT) { 1089 printf (SPP_FMT "loopback\n", 1090 SPP_ARGS(ifp)); 1091 sp->pp_loopcnt = 0; 1092 if (ifp->if_flags & IFF_UP) { 1093 if_down (ifp); 1094 sppp_qflush (&sp->pp_cpq); 1095 } 1096 } 1097 ++sp->pp_loopcnt; 1098 1099 /* Generate new local sequence number */ 1100#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1101 sp->pp_seq = random(); 1102#else 1103 sp->pp_seq ^= time.tv_sec ^ time.tv_usec; 1104#endif 1105 break; 1106 } 1107 sp->pp_loopcnt = 0; 1108 if (! (ifp->if_flags & IFF_UP) && 1109 (ifp->if_flags & IFF_RUNNING)) { 1110 if_up(ifp); 1111 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1112 } 1113 break; 1114 case CISCO_ADDR_REQ: 1115 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1116 if (me != 0L) 1117 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1118 break; 1119 } 1120} 1121 1122/* 1123 * Send Cisco keepalive packet. 1124 */ 1125static void 1126sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1127{ 1128 STDDCL; 1129 struct ppp_header *h; 1130 struct cisco_packet *ch; 1131 struct mbuf *m; 1132#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1133 struct timeval tv; 1134#else 1135 u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1136#endif 1137 1138#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1139 getmicrouptime(&tv); 1140#endif 1141 1142 MGETHDR (m, M_DONTWAIT, MT_DATA); 1143 if (! m) 1144 return; 1145 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1146 m->m_pkthdr.rcvif = 0; 1147 1148 h = mtod (m, struct ppp_header*); 1149 h->address = CISCO_MULTICAST; 1150 h->control = 0; 1151 h->protocol = htons (CISCO_KEEPALIVE); 1152 1153 ch = (struct cisco_packet*) (h + 1); 1154 ch->type = htonl (type); 1155 ch->par1 = htonl (par1); 1156 ch->par2 = htonl (par2); 1157 ch->rel = -1; 1158 1159#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1160 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1161 ch->time1 = htons ((u_short) tv.tv_sec); 1162#else 1163 ch->time0 = htons ((u_short) (t >> 16)); 1164 ch->time1 = htons ((u_short) t); 1165#endif 1166 1167 if (debug) 1168 log(LOG_DEBUG, 1169 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1170 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1171 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1172 1173 if (IF_QFULL (&sp->pp_cpq)) { 1174 IF_DROP (&sp->pp_fastq); 1175 IF_DROP (&ifp->if_snd); 1176 m_freem (m); 1177 } else 1178 IF_ENQUEUE (&sp->pp_cpq, m); 1179 if (! (ifp->if_flags & IFF_OACTIVE)) 1180 (*ifp->if_start) (ifp); 1181 ifp->if_obytes += m->m_pkthdr.len + 3; 1182} 1183 1184/* 1185 * PPP protocol implementation. 1186 */ 1187 1188/* 1189 * Send PPP control protocol packet. 1190 */ 1191static void 1192sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1193 u_char ident, u_short len, void *data) 1194{ 1195 STDDCL; 1196 struct ppp_header *h; 1197 struct lcp_header *lh; 1198 struct mbuf *m; 1199 1200 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1201 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1202 MGETHDR (m, M_DONTWAIT, MT_DATA); 1203 if (! m) 1204 return; 1205 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1206 m->m_pkthdr.rcvif = 0; 1207 1208 h = mtod (m, struct ppp_header*); 1209 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1210 h->control = PPP_UI; /* Unnumbered Info */ 1211 h->protocol = htons (proto); /* Link Control Protocol */ 1212 1213 lh = (struct lcp_header*) (h + 1); 1214 lh->type = type; 1215 lh->ident = ident; 1216 lh->len = htons (LCP_HEADER_LEN + len); 1217 if (len) 1218 bcopy (data, lh+1, len); 1219 1220 if (debug) { 1221 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1222 SPP_ARGS(ifp), 1223 sppp_proto_name(proto), 1224 sppp_cp_type_name (lh->type), lh->ident, 1225 ntohs (lh->len)); 1226 sppp_print_bytes ((u_char*) (lh+1), len); 1227 addlog(">\n"); 1228 } 1229 if (IF_QFULL (&sp->pp_cpq)) { 1230 IF_DROP (&sp->pp_fastq); 1231 IF_DROP (&ifp->if_snd); 1232 m_freem (m); 1233 ++ifp->if_oerrors; 1234 } else 1235 IF_ENQUEUE (&sp->pp_cpq, m); 1236 if (! (ifp->if_flags & IFF_OACTIVE)) 1237 (*ifp->if_start) (ifp); 1238 ifp->if_obytes += m->m_pkthdr.len + 3; 1239} 1240 1241/* 1242 * Handle incoming PPP control protocol packets. 1243 */ 1244static void 1245sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1246{ 1247 STDDCL; 1248 struct lcp_header *h; 1249 int len = m->m_pkthdr.len; 1250 int rv; 1251 u_char *p; 1252 1253 if (len < 4) { 1254 if (debug) 1255 log(LOG_DEBUG, 1256 SPP_FMT "%s invalid packet length: %d bytes\n", 1257 SPP_ARGS(ifp), cp->name, len); 1258 return; 1259 } 1260 h = mtod (m, struct lcp_header*); 1261 if (debug) { 1262 log(LOG_DEBUG, 1263 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1264 SPP_ARGS(ifp), cp->name, 1265 sppp_state_name(sp->state[cp->protoidx]), 1266 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1267 sppp_print_bytes ((u_char*) (h+1), len-4); 1268 addlog(">\n"); 1269 } 1270 if (len > ntohs (h->len)) 1271 len = ntohs (h->len); 1272 p = (u_char *)(h + 1); 1273 switch (h->type) { 1274 case CONF_REQ: 1275 if (len < 4) { 1276 if (debug) 1277 addlog(SPP_FMT "%s invalid conf-req length %d\n", 1278 SPP_ARGS(ifp), cp->name, 1279 len); 1280 ++ifp->if_ierrors; 1281 break; 1282 } 1283 /* handle states where RCR doesn't get a SCA/SCN */ 1284 switch (sp->state[cp->protoidx]) { 1285 case STATE_CLOSING: 1286 case STATE_STOPPING: 1287 return; 1288 case STATE_CLOSED: 1289 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1290 0, 0); 1291 return; 1292 } 1293 rv = (cp->RCR)(sp, h, len); 1294 switch (sp->state[cp->protoidx]) { 1295 case STATE_OPENED: 1296 (cp->tld)(sp); 1297 (cp->scr)(sp); 1298 /* fall through... */ 1299 case STATE_ACK_SENT: 1300 case STATE_REQ_SENT: 1301 sppp_cp_change_state(cp, sp, rv? 1302 STATE_ACK_SENT: STATE_REQ_SENT); 1303 break; 1304 case STATE_STOPPED: 1305 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1306 (cp->scr)(sp); 1307 sppp_cp_change_state(cp, sp, rv? 1308 STATE_ACK_SENT: STATE_REQ_SENT); 1309 break; 1310 case STATE_ACK_RCVD: 1311 if (rv) { 1312 sppp_cp_change_state(cp, sp, STATE_OPENED); 1313 if (debug) 1314 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1315 SPP_ARGS(ifp), 1316 cp->name); 1317 (cp->tlu)(sp); 1318 } else 1319 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1320 break; 1321 default: 1322 printf(SPP_FMT "%s illegal %s in state %s\n", 1323 SPP_ARGS(ifp), cp->name, 1324 sppp_cp_type_name(h->type), 1325 sppp_state_name(sp->state[cp->protoidx])); 1326 ++ifp->if_ierrors; 1327 } 1328 break; 1329 case CONF_ACK: 1330 if (h->ident != sp->confid[cp->protoidx]) { 1331 if (debug) 1332 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1333 SPP_ARGS(ifp), cp->name, 1334 h->ident, sp->confid[cp->protoidx]); 1335 ++ifp->if_ierrors; 1336 break; 1337 } 1338 switch (sp->state[cp->protoidx]) { 1339 case STATE_CLOSED: 1340 case STATE_STOPPED: 1341 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1342 break; 1343 case STATE_CLOSING: 1344 case STATE_STOPPING: 1345 break; 1346 case STATE_REQ_SENT: 1347 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1348 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1349 break; 1350 case STATE_OPENED: 1351 (cp->tld)(sp); 1352 /* fall through */ 1353 case STATE_ACK_RCVD: 1354 (cp->scr)(sp); 1355 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1356 break; 1357 case STATE_ACK_SENT: 1358 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1359 sppp_cp_change_state(cp, sp, STATE_OPENED); 1360 if (debug) 1361 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1362 SPP_ARGS(ifp), cp->name); 1363 (cp->tlu)(sp); 1364 break; 1365 default: 1366 printf(SPP_FMT "%s illegal %s in state %s\n", 1367 SPP_ARGS(ifp), cp->name, 1368 sppp_cp_type_name(h->type), 1369 sppp_state_name(sp->state[cp->protoidx])); 1370 ++ifp->if_ierrors; 1371 } 1372 break; 1373 case CONF_NAK: 1374 case CONF_REJ: 1375 if (h->ident != sp->confid[cp->protoidx]) { 1376 if (debug) 1377 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1378 SPP_ARGS(ifp), cp->name, 1379 h->ident, sp->confid[cp->protoidx]); 1380 ++ifp->if_ierrors; 1381 break; 1382 } 1383 if (h->type == CONF_NAK) 1384 (cp->RCN_nak)(sp, h, len); 1385 else /* CONF_REJ */ 1386 (cp->RCN_rej)(sp, h, len); 1387 1388 switch (sp->state[cp->protoidx]) { 1389 case STATE_CLOSED: 1390 case STATE_STOPPED: 1391 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1392 break; 1393 case STATE_REQ_SENT: 1394 case STATE_ACK_SENT: 1395 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1396 (cp->scr)(sp); 1397 break; 1398 case STATE_OPENED: 1399 (cp->tld)(sp); 1400 /* fall through */ 1401 case STATE_ACK_RCVD: 1402 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1403 (cp->scr)(sp); 1404 break; 1405 case STATE_CLOSING: 1406 case STATE_STOPPING: 1407 break; 1408 default: 1409 printf(SPP_FMT "%s illegal %s in state %s\n", 1410 SPP_ARGS(ifp), cp->name, 1411 sppp_cp_type_name(h->type), 1412 sppp_state_name(sp->state[cp->protoidx])); 1413 ++ifp->if_ierrors; 1414 } 1415 break; 1416 1417 case TERM_REQ: 1418 switch (sp->state[cp->protoidx]) { 1419 case STATE_ACK_RCVD: 1420 case STATE_ACK_SENT: 1421 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1422 /* fall through */ 1423 case STATE_CLOSED: 1424 case STATE_STOPPED: 1425 case STATE_CLOSING: 1426 case STATE_STOPPING: 1427 case STATE_REQ_SENT: 1428 sta: 1429 /* Send Terminate-Ack packet. */ 1430 if (debug) 1431 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1432 SPP_ARGS(ifp), cp->name); 1433 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1434 break; 1435 case STATE_OPENED: 1436 (cp->tld)(sp); 1437 sp->rst_counter[cp->protoidx] = 0; 1438 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1439 goto sta; 1440 break; 1441 default: 1442 printf(SPP_FMT "%s illegal %s in state %s\n", 1443 SPP_ARGS(ifp), cp->name, 1444 sppp_cp_type_name(h->type), 1445 sppp_state_name(sp->state[cp->protoidx])); 1446 ++ifp->if_ierrors; 1447 } 1448 break; 1449 case TERM_ACK: 1450 switch (sp->state[cp->protoidx]) { 1451 case STATE_CLOSED: 1452 case STATE_STOPPED: 1453 case STATE_REQ_SENT: 1454 case STATE_ACK_SENT: 1455 break; 1456 case STATE_CLOSING: 1457 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1458 (cp->tlf)(sp); 1459 break; 1460 case STATE_STOPPING: 1461 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1462 (cp->tlf)(sp); 1463 break; 1464 case STATE_ACK_RCVD: 1465 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1466 break; 1467 case STATE_OPENED: 1468 (cp->tld)(sp); 1469 (cp->scr)(sp); 1470 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1471 break; 1472 default: 1473 printf(SPP_FMT "%s illegal %s in state %s\n", 1474 SPP_ARGS(ifp), cp->name, 1475 sppp_cp_type_name(h->type), 1476 sppp_state_name(sp->state[cp->protoidx])); 1477 ++ifp->if_ierrors; 1478 } 1479 break; 1480 case CODE_REJ: 1481 case PROTO_REJ: 1482 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1483 log(LOG_INFO, 1484 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1485 "danger will robinson\n", 1486 SPP_ARGS(ifp), cp->name, 1487 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1488 switch (sp->state[cp->protoidx]) { 1489 case STATE_CLOSED: 1490 case STATE_STOPPED: 1491 case STATE_REQ_SENT: 1492 case STATE_ACK_SENT: 1493 case STATE_CLOSING: 1494 case STATE_STOPPING: 1495 case STATE_OPENED: 1496 break; 1497 case STATE_ACK_RCVD: 1498 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1499 break; 1500 default: 1501 printf(SPP_FMT "%s illegal %s in state %s\n", 1502 SPP_ARGS(ifp), cp->name, 1503 sppp_cp_type_name(h->type), 1504 sppp_state_name(sp->state[cp->protoidx])); 1505 ++ifp->if_ierrors; 1506 } 1507 break; 1508 case DISC_REQ: 1509 if (cp->proto != PPP_LCP) 1510 goto illegal; 1511 /* Discard the packet. */ 1512 break; 1513 case ECHO_REQ: 1514 if (cp->proto != PPP_LCP) 1515 goto illegal; 1516 if (sp->state[cp->protoidx] != STATE_OPENED) { 1517 if (debug) 1518 addlog(SPP_FMT "lcp echo req but lcp closed\n", 1519 SPP_ARGS(ifp)); 1520 ++ifp->if_ierrors; 1521 break; 1522 } 1523 if (len < 8) { 1524 if (debug) 1525 addlog(SPP_FMT "invalid lcp echo request " 1526 "packet length: %d bytes\n", 1527 SPP_ARGS(ifp), len); 1528 break; 1529 } 1530 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1531 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1532 /* Line loopback mode detected. */ 1533 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1534 if_down (ifp); 1535 sppp_qflush (&sp->pp_cpq); 1536 1537 /* Shut down the PPP link. */ 1538 /* XXX */ 1539 lcp.Down(sp); 1540 lcp.Up(sp); 1541 break; 1542 } 1543 *(long*)(h+1) = htonl (sp->lcp.magic); 1544 if (debug) 1545 addlog(SPP_FMT "got lcp echo req, sending echo rep\n", 1546 SPP_ARGS(ifp)); 1547 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1548 break; 1549 case ECHO_REPLY: 1550 if (cp->proto != PPP_LCP) 1551 goto illegal; 1552 if (h->ident != sp->lcp.echoid) { 1553 ++ifp->if_ierrors; 1554 break; 1555 } 1556 if (len < 8) { 1557 if (debug) 1558 addlog(SPP_FMT "lcp invalid echo reply " 1559 "packet length: %d bytes\n", 1560 SPP_ARGS(ifp), len); 1561 break; 1562 } 1563 if (debug) 1564 addlog(SPP_FMT "lcp got echo rep\n", 1565 SPP_ARGS(ifp)); 1566 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1567 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1568 sp->pp_alivecnt = 0; 1569 break; 1570 default: 1571 /* Unknown packet type -- send Code-Reject packet. */ 1572 illegal: 1573 if (debug) 1574 addlog(SPP_FMT "%s send code-rej for 0x%x\n", 1575 SPP_ARGS(ifp), cp->name, h->type); 1576 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq, 1577 m->m_pkthdr.len, h); 1578 ++ifp->if_ierrors; 1579 } 1580} 1581 1582 1583/* 1584 * The generic part of all Up/Down/Open/Close/TO event handlers. 1585 * Basically, the state transition handling in the automaton. 1586 */ 1587static void 1588sppp_up_event(const struct cp *cp, struct sppp *sp) 1589{ 1590 STDDCL; 1591 1592 if (debug) 1593 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1594 SPP_ARGS(ifp), cp->name, 1595 sppp_state_name(sp->state[cp->protoidx])); 1596 1597 switch (sp->state[cp->protoidx]) { 1598 case STATE_INITIAL: 1599 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1600 break; 1601 case STATE_STARTING: 1602 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1603 (cp->scr)(sp); 1604 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1605 break; 1606 default: 1607 printf(SPP_FMT "%s illegal up in state %s\n", 1608 SPP_ARGS(ifp), cp->name, 1609 sppp_state_name(sp->state[cp->protoidx])); 1610 } 1611} 1612 1613static void 1614sppp_down_event(const struct cp *cp, struct sppp *sp) 1615{ 1616 STDDCL; 1617 1618 if (debug) 1619 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1620 SPP_ARGS(ifp), cp->name, 1621 sppp_state_name(sp->state[cp->protoidx])); 1622 1623 switch (sp->state[cp->protoidx]) { 1624 case STATE_CLOSED: 1625 case STATE_CLOSING: 1626 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1627 break; 1628 case STATE_STOPPED: 1629 sppp_cp_change_state(cp, sp, STATE_STARTING); 1630 (cp->tls)(sp); 1631 break; 1632 case STATE_STOPPING: 1633 case STATE_REQ_SENT: 1634 case STATE_ACK_RCVD: 1635 case STATE_ACK_SENT: 1636 sppp_cp_change_state(cp, sp, STATE_STARTING); 1637 break; 1638 case STATE_OPENED: 1639 (cp->tld)(sp); 1640 sppp_cp_change_state(cp, sp, STATE_STARTING); 1641 break; 1642 default: 1643 printf(SPP_FMT "%s illegal down in state %s\n", 1644 SPP_ARGS(ifp), cp->name, 1645 sppp_state_name(sp->state[cp->protoidx])); 1646 } 1647} 1648 1649 1650static void 1651sppp_open_event(const struct cp *cp, struct sppp *sp) 1652{ 1653 STDDCL; 1654 1655 if (debug) 1656 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1657 SPP_ARGS(ifp), cp->name, 1658 sppp_state_name(sp->state[cp->protoidx])); 1659 1660 switch (sp->state[cp->protoidx]) { 1661 case STATE_INITIAL: 1662 sppp_cp_change_state(cp, sp, STATE_STARTING); 1663 (cp->tls)(sp); 1664 break; 1665 case STATE_STARTING: 1666 break; 1667 case STATE_CLOSED: 1668 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1669 (cp->scr)(sp); 1670 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1671 break; 1672 case STATE_STOPPED: 1673 case STATE_STOPPING: 1674 case STATE_REQ_SENT: 1675 case STATE_ACK_RCVD: 1676 case STATE_ACK_SENT: 1677 case STATE_OPENED: 1678 break; 1679 case STATE_CLOSING: 1680 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1681 break; 1682 } 1683} 1684 1685 1686static void 1687sppp_close_event(const struct cp *cp, struct sppp *sp) 1688{ 1689 STDDCL; 1690 1691 if (debug) 1692 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1693 SPP_ARGS(ifp), cp->name, 1694 sppp_state_name(sp->state[cp->protoidx])); 1695 1696 switch (sp->state[cp->protoidx]) { 1697 case STATE_INITIAL: 1698 case STATE_CLOSED: 1699 case STATE_CLOSING: 1700 break; 1701 case STATE_STARTING: 1702 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1703 (cp->tlf)(sp); 1704 break; 1705 case STATE_STOPPED: 1706 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1707 break; 1708 case STATE_STOPPING: 1709 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1710 break; 1711 case STATE_OPENED: 1712 (cp->tld)(sp); 1713 /* fall through */ 1714 case STATE_REQ_SENT: 1715 case STATE_ACK_RCVD: 1716 case STATE_ACK_SENT: 1717 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1718 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1719 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1720 break; 1721 } 1722} 1723 1724static void 1725sppp_to_event(const struct cp *cp, struct sppp *sp) 1726{ 1727 STDDCL; 1728 int s; 1729 1730 s = splimp(); 1731 if (debug) 1732 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1733 SPP_ARGS(ifp), cp->name, 1734 sppp_state_name(sp->state[cp->protoidx]), 1735 sp->rst_counter[cp->protoidx]); 1736 1737 if (--sp->rst_counter[cp->protoidx] < 0) 1738 /* TO- event */ 1739 switch (sp->state[cp->protoidx]) { 1740 case STATE_CLOSING: 1741 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1742 (cp->tlf)(sp); 1743 break; 1744 case STATE_STOPPING: 1745 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1746 (cp->tlf)(sp); 1747 break; 1748 case STATE_REQ_SENT: 1749 case STATE_ACK_RCVD: 1750 case STATE_ACK_SENT: 1751 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1752 (cp->tlf)(sp); 1753 break; 1754 } 1755 else 1756 /* TO+ event */ 1757 switch (sp->state[cp->protoidx]) { 1758 case STATE_CLOSING: 1759 case STATE_STOPPING: 1760 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 1761 0, 0); 1762 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1763 sp->ch[cp->protoidx]); 1764 break; 1765 case STATE_REQ_SENT: 1766 case STATE_ACK_RCVD: 1767 (cp->scr)(sp); 1768 /* sppp_cp_change_state() will restart the timer */ 1769 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1770 break; 1771 case STATE_ACK_SENT: 1772 (cp->scr)(sp); 1773 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1774 sp->ch[cp->protoidx]); 1775 break; 1776 } 1777 1778 splx(s); 1779} 1780 1781/* 1782 * Change the state of a control protocol in the state automaton. 1783 * Takes care of starting/stopping the restart timer. 1784 */ 1785void 1786sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1787{ 1788 sp->state[cp->protoidx] = newstate; 1789 1790 UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 1791 switch (newstate) { 1792 case STATE_INITIAL: 1793 case STATE_STARTING: 1794 case STATE_CLOSED: 1795 case STATE_STOPPED: 1796 case STATE_OPENED: 1797 break; 1798 case STATE_CLOSING: 1799 case STATE_STOPPING: 1800 case STATE_REQ_SENT: 1801 case STATE_ACK_RCVD: 1802 case STATE_ACK_SENT: 1803 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1804 sp->ch[cp->protoidx]); 1805 break; 1806 } 1807} 1808/* 1809 *--------------------------------------------------------------------------* 1810 * * 1811 * The LCP implementation. * 1812 * * 1813 *--------------------------------------------------------------------------* 1814 */ 1815static void 1816sppp_lcp_init(struct sppp *sp) 1817{ 1818 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1819 sp->lcp.magic = 0; 1820 sp->state[IDX_LCP] = STATE_INITIAL; 1821 sp->fail_counter[IDX_LCP] = 0; 1822 sp->lcp.protos = 0; 1823 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 1824 1825 /* Note that these values are relevant for all control protocols */ 1826 sp->lcp.timeout = 3 * hz; 1827 sp->lcp.max_terminate = 2; 1828 sp->lcp.max_configure = 10; 1829 sp->lcp.max_failure = 10; 1830#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1831 callout_handle_init(&sp->ch[IDX_LCP]); 1832#endif 1833} 1834 1835static void 1836sppp_lcp_up(struct sppp *sp) 1837{ 1838 STDDCL; 1839 1840 /* 1841 * If this interface is passive or dial-on-demand, and we are 1842 * still in Initial state, it means we've got an incoming 1843 * call. Activate the interface. 1844 */ 1845 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 1846 if (debug) 1847 log(LOG_DEBUG, 1848 SPP_FMT "Up event", SPP_ARGS(ifp)); 1849 ifp->if_flags |= IFF_RUNNING; 1850 if (sp->state[IDX_LCP] == STATE_INITIAL) { 1851 if (debug) 1852 addlog("(incoming call)\n"); 1853 sp->pp_flags |= PP_CALLIN; 1854 lcp.Open(sp); 1855 } else if (debug) 1856 addlog("\n"); 1857 } 1858 1859 sppp_up_event(&lcp, sp); 1860} 1861 1862static void 1863sppp_lcp_down(struct sppp *sp) 1864{ 1865 STDDCL; 1866 1867 sppp_down_event(&lcp, sp); 1868 1869 /* 1870 * If this is neither a dial-on-demand nor a passive 1871 * interface, simulate an ``ifconfig down'' action, so the 1872 * administrator can force a redial by another ``ifconfig 1873 * up''. XXX For leased line operation, should we immediately 1874 * try to reopen the connection here? 1875 */ 1876 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 1877 log(LOG_INFO, 1878 SPP_FMT "Down event, taking interface down.\n", 1879 SPP_ARGS(ifp)); 1880 if_down(ifp); 1881 } else { 1882 if (debug) 1883 log(LOG_DEBUG, 1884 SPP_FMT "Down event (carrier loss)\n", 1885 SPP_ARGS(ifp)); 1886 } 1887 sp->pp_flags &= ~PP_CALLIN; 1888 if (sp->state[IDX_LCP] != STATE_INITIAL) 1889 lcp.Close(sp); 1890 ifp->if_flags &= ~IFF_RUNNING; 1891} 1892 1893static void 1894sppp_lcp_open(struct sppp *sp) 1895{ 1896 /* 1897 * If we are authenticator, negotiate LCP_AUTH 1898 */ 1899 if (sp->hisauth.proto != 0) 1900 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 1901 else 1902 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1903 sp->pp_flags &= ~PP_NEEDAUTH; 1904 sppp_open_event(&lcp, sp); 1905} 1906 1907static void 1908sppp_lcp_close(struct sppp *sp) 1909{ 1910 sppp_close_event(&lcp, sp); 1911} 1912 1913static void 1914sppp_lcp_TO(void *cookie) 1915{ 1916 sppp_to_event(&lcp, (struct sppp *)cookie); 1917} 1918 1919/* 1920 * Analyze a configure request. Return true if it was agreeable, and 1921 * caused action sca, false if it has been rejected or nak'ed, and 1922 * caused action scn. (The return value is used to make the state 1923 * transition decision in the state automaton.) 1924 */ 1925static int 1926sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 1927{ 1928 STDDCL; 1929 u_char *buf, *r, *p; 1930 int origlen, rlen; 1931 u_long nmagic; 1932 u_short authproto; 1933 1934 len -= 4; 1935 origlen = len; 1936 buf = r = malloc (len, M_TEMP, M_NOWAIT); 1937 if (! buf) 1938 return (0); 1939 1940 if (debug) 1941 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 1942 SPP_ARGS(ifp)); 1943 1944 /* pass 1: check for things that need to be rejected */ 1945 p = (void*) (h+1); 1946 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 1947 if (debug) 1948 addlog(" %s ", sppp_lcp_opt_name(*p)); 1949 switch (*p) { 1950 case LCP_OPT_MAGIC: 1951 /* Magic number. */ 1952 /* fall through, both are same length */ 1953 case LCP_OPT_ASYNC_MAP: 1954 /* Async control character map. */ 1955 if (len >= 6 || p[1] == 6) 1956 continue; 1957 if (debug) 1958 addlog("[invalid] "); 1959 break; 1960 case LCP_OPT_MRU: 1961 /* Maximum receive unit. */ 1962 if (len >= 4 && p[1] == 4) 1963 continue; 1964 if (debug) 1965 addlog("[invalid] "); 1966 break; 1967 case LCP_OPT_AUTH_PROTO: 1968 if (len < 4) { 1969 if (debug) 1970 addlog("[invalid] "); 1971 break; 1972 } 1973 authproto = (p[2] << 8) + p[3]; 1974 if (authproto == PPP_CHAP && p[1] != 5) { 1975 if (debug) 1976 addlog("[invalid chap len] "); 1977 break; 1978 } 1979 if (sp->myauth.proto == 0) { 1980 /* we are not configured to do auth */ 1981 if (debug) 1982 addlog("[not configured] "); 1983 break; 1984 } 1985 /* 1986 * Remote want us to authenticate, remember this, 1987 * so we stay in PHASE_AUTHENTICATE after LCP got 1988 * up. 1989 */ 1990 sp->pp_flags |= PP_NEEDAUTH; 1991 continue; 1992 default: 1993 /* Others not supported. */ 1994 if (debug) 1995 addlog("[rej] "); 1996 break; 1997 } 1998 /* Add the option to rejected list. */ 1999 bcopy (p, r, p[1]); 2000 r += p[1]; 2001 rlen += p[1]; 2002 } 2003 if (rlen) { 2004 if (debug) 2005 addlog(" send conf-rej\n"); 2006 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2007 return 0; 2008 } else if (debug) 2009 addlog("\n"); 2010 2011 /* 2012 * pass 2: check for option values that are unacceptable and 2013 * thus require to be nak'ed. 2014 */ 2015 if (debug) 2016 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2017 SPP_ARGS(ifp)); 2018 2019 p = (void*) (h+1); 2020 len = origlen; 2021 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2022 if (debug) 2023 addlog(" %s ", sppp_lcp_opt_name(*p)); 2024 switch (*p) { 2025 case LCP_OPT_MAGIC: 2026 /* Magic number -- extract. */ 2027 nmagic = (u_long)p[2] << 24 | 2028 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2029 if (nmagic != sp->lcp.magic) { 2030 if (debug) 2031 addlog("0x%lx ", nmagic); 2032 continue; 2033 } 2034 /* 2035 * Local and remote magics equal -- loopback? 2036 */ 2037 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2038 printf (SPP_FMT "loopback\n", 2039 SPP_ARGS(ifp)); 2040 sp->pp_loopcnt = 0; 2041 if (ifp->if_flags & IFF_UP) { 2042 if_down(ifp); 2043 sppp_qflush(&sp->pp_cpq); 2044 /* XXX ? */ 2045 lcp.Down(sp); 2046 lcp.Up(sp); 2047 } 2048 } else if (debug) 2049 addlog("[glitch] "); 2050 ++sp->pp_loopcnt; 2051 /* 2052 * We negate our magic here, and NAK it. If 2053 * we see it later in an NAK packet, we 2054 * suggest a new one. 2055 */ 2056 nmagic = ~sp->lcp.magic; 2057 /* Gonna NAK it. */ 2058 p[2] = nmagic >> 24; 2059 p[3] = nmagic >> 16; 2060 p[4] = nmagic >> 8; 2061 p[5] = nmagic; 2062 break; 2063 2064 case LCP_OPT_ASYNC_MAP: 2065 /* Async control character map -- check to be zero. */ 2066 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 2067 if (debug) 2068 addlog("[empty] "); 2069 continue; 2070 } 2071 if (debug) 2072 addlog("[non-empty] "); 2073 /* suggest a zero one */ 2074 p[2] = p[3] = p[4] = p[5] = 0; 2075 break; 2076 2077 case LCP_OPT_MRU: 2078 /* 2079 * Maximum receive unit. Always agreeable, 2080 * but ignored by now. 2081 */ 2082 sp->lcp.their_mru = p[2] * 256 + p[3]; 2083 if (debug) 2084 addlog("%lu ", sp->lcp.their_mru); 2085 continue; 2086 2087 case LCP_OPT_AUTH_PROTO: 2088 authproto = (p[2] << 8) + p[3]; 2089 if (sp->myauth.proto != authproto) { 2090 /* not agreed, nak */ 2091 if (debug) 2092 addlog("[mine %s != his %s] ", 2093 sppp_proto_name(sp->hisauth.proto), 2094 sppp_proto_name(authproto)); 2095 p[2] = sp->myauth.proto >> 8; 2096 p[3] = sp->myauth.proto; 2097 break; 2098 } 2099 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2100 if (debug) 2101 addlog("[chap not MD5] "); 2102 p[4] = CHAP_MD5; 2103 break; 2104 } 2105 continue; 2106 } 2107 /* Add the option to nak'ed list. */ 2108 bcopy (p, r, p[1]); 2109 r += p[1]; 2110 rlen += p[1]; 2111 } 2112 if (rlen) { 2113 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2114 if (debug) 2115 addlog(" max_failure (%d) exceeded, " 2116 "send conf-rej\n", 2117 sp->lcp.max_failure); 2118 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2119 } else { 2120 if (debug) 2121 addlog(" send conf-nak\n"); 2122 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2123 } 2124 return 0; 2125 } else { 2126 if (debug) 2127 addlog(" send conf-ack\n"); 2128 sp->fail_counter[IDX_LCP] = 0; 2129 sp->pp_loopcnt = 0; 2130 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2131 h->ident, origlen, h+1); 2132 } 2133 2134 free (buf, M_TEMP); 2135 return (rlen == 0); 2136} 2137 2138/* 2139 * Analyze the LCP Configure-Reject option list, and adjust our 2140 * negotiation. 2141 */ 2142static void 2143sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2144{ 2145 STDDCL; 2146 u_char *buf, *p; 2147 2148 len -= 4; 2149 buf = malloc (len, M_TEMP, M_NOWAIT); 2150 if (!buf) 2151 return; 2152 2153 if (debug) 2154 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2155 SPP_ARGS(ifp)); 2156 2157 p = (void*) (h+1); 2158 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2159 if (debug) 2160 addlog(" %s ", sppp_lcp_opt_name(*p)); 2161 switch (*p) { 2162 case LCP_OPT_MAGIC: 2163 /* Magic number -- can't use it, use 0 */ 2164 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2165 sp->lcp.magic = 0; 2166 break; 2167 case LCP_OPT_MRU: 2168 /* 2169 * Should not be rejected anyway, since we only 2170 * negotiate a MRU if explicitly requested by 2171 * peer. 2172 */ 2173 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2174 break; 2175 case LCP_OPT_AUTH_PROTO: 2176 /* 2177 * Peer doesn't want to authenticate himself, 2178 * deny unless this is a dialout call, and 2179 * AUTHFLAG_NOCALLOUT is set. 2180 */ 2181 if ((sp->pp_flags & PP_CALLIN) == 0 && 2182 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2183 if (debug) 2184 addlog("[don't insist on auth " 2185 "for callout]"); 2186 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2187 break; 2188 } 2189 if (debug) 2190 addlog("[access denied]\n"); 2191 lcp.Close(sp); 2192 break; 2193 } 2194 } 2195 if (debug) 2196 addlog("\n"); 2197 free (buf, M_TEMP); 2198 return; 2199} 2200 2201/* 2202 * Analyze the LCP Configure-NAK option list, and adjust our 2203 * negotiation. 2204 */ 2205static void 2206sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2207{ 2208 STDDCL; 2209 u_char *buf, *p; 2210 u_long magic; 2211 2212 len -= 4; 2213 buf = malloc (len, M_TEMP, M_NOWAIT); 2214 if (!buf) 2215 return; 2216 2217 if (debug) 2218 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2219 SPP_ARGS(ifp)); 2220 2221 p = (void*) (h+1); 2222 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2223 if (debug) 2224 addlog(" %s ", sppp_lcp_opt_name(*p)); 2225 switch (*p) { 2226 case LCP_OPT_MAGIC: 2227 /* Magic number -- renegotiate */ 2228 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2229 len >= 6 && p[1] == 6) { 2230 magic = (u_long)p[2] << 24 | 2231 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2232 /* 2233 * If the remote magic is our negated one, 2234 * this looks like a loopback problem. 2235 * Suggest a new magic to make sure. 2236 */ 2237 if (magic == ~sp->lcp.magic) { 2238 if (debug) 2239 addlog("magic glitch "); 2240#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2241 sp->lcp.magic = random(); 2242#else 2243 sp->lcp.magic = time.tv_sec + time.tv_usec; 2244#endif 2245 } else { 2246 sp->lcp.magic = magic; 2247 if (debug) 2248 addlog("%lu ", magic); 2249 } 2250 } 2251 break; 2252 case LCP_OPT_MRU: 2253 /* 2254 * Peer wants to advise us to negotiate an MRU. 2255 * Agree on it if it's reasonable, or use 2256 * default otherwise. 2257 */ 2258 if (len >= 4 && p[1] == 4) { 2259 u_int mru = p[2] * 256 + p[3]; 2260 if (debug) 2261 addlog("%d ", mru); 2262 if (mru < PP_MTU || mru > PP_MAX_MRU) 2263 mru = PP_MTU; 2264 sp->lcp.mru = mru; 2265 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2266 } 2267 break; 2268 case LCP_OPT_AUTH_PROTO: 2269 /* 2270 * Peer doesn't like our authentication method, 2271 * deny. 2272 */ 2273 if (debug) 2274 addlog("[access denied]\n"); 2275 lcp.Close(sp); 2276 break; 2277 } 2278 } 2279 if (debug) 2280 addlog("\n"); 2281 free (buf, M_TEMP); 2282 return; 2283} 2284 2285static void 2286sppp_lcp_tlu(struct sppp *sp) 2287{ 2288 STDDCL; 2289 int i; 2290 u_long mask; 2291 2292 /* XXX ? */ 2293 if (! (ifp->if_flags & IFF_UP) && 2294 (ifp->if_flags & IFF_RUNNING)) { 2295 /* Coming out of loopback mode. */ 2296 if_up(ifp); 2297 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2298 } 2299 2300 for (i = 0; i < IDX_COUNT; i++) 2301 if ((cps[i])->flags & CP_QUAL) 2302 (cps[i])->Open(sp); 2303 2304 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2305 (sp->pp_flags & PP_NEEDAUTH) != 0) 2306 sp->pp_phase = PHASE_AUTHENTICATE; 2307 else 2308 sp->pp_phase = PHASE_NETWORK; 2309 2310 if (debug) 2311 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2312 sppp_phase_name(sp->pp_phase)); 2313 2314 /* 2315 * Open all authentication protocols. This is even required 2316 * if we already proceeded to network phase, since it might be 2317 * that remote wants us to authenticate, so we might have to 2318 * send a PAP request. Undesired authentication protocols 2319 * don't do anything when they get an Open event. 2320 */ 2321 for (i = 0; i < IDX_COUNT; i++) 2322 if ((cps[i])->flags & CP_AUTH) 2323 (cps[i])->Open(sp); 2324 2325 if (sp->pp_phase == PHASE_NETWORK) { 2326 /* Notify all NCPs. */ 2327 for (i = 0; i < IDX_COUNT; i++) 2328 if ((cps[i])->flags & CP_NCP) 2329 (cps[i])->Open(sp); 2330 } 2331 2332 /* Send Up events to all started protos. */ 2333 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2334 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2335 (cps[i])->Up(sp); 2336 2337 /* notify low-level driver of state change */ 2338 if (sp->pp_chg) 2339 sp->pp_chg(sp, (int)sp->pp_phase); 2340 2341 if (sp->pp_phase == PHASE_NETWORK) 2342 /* if no NCP is starting, close down */ 2343 sppp_lcp_check_and_close(sp); 2344} 2345 2346static void 2347sppp_lcp_tld(struct sppp *sp) 2348{ 2349 STDDCL; 2350 int i; 2351 u_long mask; 2352 2353 sp->pp_phase = PHASE_TERMINATE; 2354 2355 if (debug) 2356 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2357 sppp_phase_name(sp->pp_phase)); 2358 2359 /* 2360 * Take upper layers down. We send the Down event first and 2361 * the Close second to prevent the upper layers from sending 2362 * ``a flurry of terminate-request packets'', as the RFC 2363 * describes it. 2364 */ 2365 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2366 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2367 (cps[i])->Down(sp); 2368 (cps[i])->Close(sp); 2369 } 2370} 2371 2372static void 2373sppp_lcp_tls(struct sppp *sp) 2374{ 2375 STDDCL; 2376 2377 sp->pp_phase = PHASE_ESTABLISH; 2378 2379 if (debug) 2380 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2381 sppp_phase_name(sp->pp_phase)); 2382 2383 /* Notify lower layer if desired. */ 2384 if (sp->pp_tls) 2385 (sp->pp_tls)(sp); 2386 else 2387 (sp->pp_up)(sp); 2388} 2389 2390static void 2391sppp_lcp_tlf(struct sppp *sp) 2392{ 2393 STDDCL; 2394 2395 sp->pp_phase = PHASE_DEAD; 2396 if (debug) 2397 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2398 sppp_phase_name(sp->pp_phase)); 2399 2400 /* Notify lower layer if desired. */ 2401 if (sp->pp_tlf) 2402 (sp->pp_tlf)(sp); 2403 else 2404 (sp->pp_down)(sp); 2405} 2406 2407static void 2408sppp_lcp_scr(struct sppp *sp) 2409{ 2410 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2411 int i = 0; 2412 u_short authproto; 2413 2414 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2415 if (! sp->lcp.magic) 2416#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2417 sp->lcp.magic = random(); 2418#else 2419 sp->lcp.magic = time.tv_sec + time.tv_usec; 2420#endif 2421 opt[i++] = LCP_OPT_MAGIC; 2422 opt[i++] = 6; 2423 opt[i++] = sp->lcp.magic >> 24; 2424 opt[i++] = sp->lcp.magic >> 16; 2425 opt[i++] = sp->lcp.magic >> 8; 2426 opt[i++] = sp->lcp.magic; 2427 } 2428 2429 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2430 opt[i++] = LCP_OPT_MRU; 2431 opt[i++] = 4; 2432 opt[i++] = sp->lcp.mru >> 8; 2433 opt[i++] = sp->lcp.mru; 2434 } 2435 2436 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2437 authproto = sp->hisauth.proto; 2438 opt[i++] = LCP_OPT_AUTH_PROTO; 2439 opt[i++] = authproto == PPP_CHAP? 5: 4; 2440 opt[i++] = authproto >> 8; 2441 opt[i++] = authproto; 2442 if (authproto == PPP_CHAP) 2443 opt[i++] = CHAP_MD5; 2444 } 2445 2446 sp->confid[IDX_LCP] = ++sp->pp_seq; 2447 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2448} 2449 2450/* 2451 * Check the open NCPs, return true if at least one NCP is open. 2452 */ 2453static int 2454sppp_ncp_check(struct sppp *sp) 2455{ 2456 int i, mask; 2457 2458 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2459 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2460 return 1; 2461 return 0; 2462} 2463 2464/* 2465 * Re-check the open NCPs and see if we should terminate the link. 2466 * Called by the NCPs during their tlf action handling. 2467 */ 2468static void 2469sppp_lcp_check_and_close(struct sppp *sp) 2470{ 2471 2472 if (sp->pp_phase < PHASE_NETWORK) 2473 /* don't bother, we are already going down */ 2474 return; 2475 2476 if (sppp_ncp_check(sp)) 2477 return; 2478 2479 lcp.Close(sp); 2480} 2481/* 2482 *--------------------------------------------------------------------------* 2483 * * 2484 * The IPCP implementation. * 2485 * * 2486 *--------------------------------------------------------------------------* 2487 */ 2488 2489static void 2490sppp_ipcp_init(struct sppp *sp) 2491{ 2492 sp->ipcp.opts = 0; 2493 sp->ipcp.flags = 0; 2494 sp->state[IDX_IPCP] = STATE_INITIAL; 2495 sp->fail_counter[IDX_IPCP] = 0; 2496#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2497 callout_handle_init(&sp->ch[IDX_IPCP]); 2498#endif 2499} 2500 2501static void 2502sppp_ipcp_up(struct sppp *sp) 2503{ 2504 sppp_up_event(&ipcp, sp); 2505} 2506 2507static void 2508sppp_ipcp_down(struct sppp *sp) 2509{ 2510 sppp_down_event(&ipcp, sp); 2511} 2512 2513static void 2514sppp_ipcp_open(struct sppp *sp) 2515{ 2516 STDDCL; 2517 u_long myaddr, hisaddr; 2518 2519 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN); 2520 2521 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2522 /* 2523 * If we don't have his address, this probably means our 2524 * interface doesn't want to talk IP at all. (This could 2525 * be the case if somebody wants to speak only IPX, for 2526 * example.) Don't open IPCP in this case. 2527 */ 2528 if (hisaddr == 0L) { 2529 /* XXX this message should go away */ 2530 if (debug) 2531 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2532 SPP_ARGS(ifp)); 2533 return; 2534 } 2535 2536 if (myaddr == 0L) { 2537 /* 2538 * I don't have an assigned address, so i need to 2539 * negotiate my address. 2540 */ 2541 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2542 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2543 } else 2544 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2545 sppp_open_event(&ipcp, sp); 2546} 2547 2548static void 2549sppp_ipcp_close(struct sppp *sp) 2550{ 2551 sppp_close_event(&ipcp, sp); 2552 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2553 /* 2554 * My address was dynamic, clear it again. 2555 */ 2556 sppp_set_ip_addr(sp, 0L); 2557} 2558 2559static void 2560sppp_ipcp_TO(void *cookie) 2561{ 2562 sppp_to_event(&ipcp, (struct sppp *)cookie); 2563} 2564 2565/* 2566 * Analyze a configure request. Return true if it was agreeable, and 2567 * caused action sca, false if it has been rejected or nak'ed, and 2568 * caused action scn. (The return value is used to make the state 2569 * transition decision in the state automaton.) 2570 */ 2571static int 2572sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2573{ 2574 u_char *buf, *r, *p; 2575 struct ifnet *ifp = &sp->pp_if; 2576 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2577 u_long hisaddr, desiredaddr; 2578 int gotmyaddr = 0; 2579 2580 len -= 4; 2581 origlen = len; 2582 /* 2583 * Make sure to allocate a buf that can at least hold a 2584 * conf-nak with an `address' option. We might need it below. 2585 */ 2586 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2587 if (! buf) 2588 return (0); 2589 2590 /* pass 1: see if we can recognize them */ 2591 if (debug) 2592 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2593 SPP_ARGS(ifp)); 2594 p = (void*) (h+1); 2595 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2596 if (debug) 2597 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2598 switch (*p) { 2599 case IPCP_OPT_ADDRESS: 2600 if (len >= 6 && p[1] == 6) { 2601 /* correctly formed address option */ 2602 continue; 2603 } 2604 if (debug) 2605 addlog("[invalid] "); 2606 break; 2607 default: 2608 /* Others not supported. */ 2609 if (debug) 2610 addlog("[rej] "); 2611 break; 2612 } 2613 /* Add the option to rejected list. */ 2614 bcopy (p, r, p[1]); 2615 r += p[1]; 2616 rlen += p[1]; 2617 } 2618 if (rlen) { 2619 if (debug) 2620 addlog(" send conf-rej\n"); 2621 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2622 return 0; 2623 } else if (debug) 2624 addlog("\n"); 2625 2626 /* pass 2: parse option values */ 2627 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2628 if (debug) 2629 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2630 SPP_ARGS(ifp)); 2631 p = (void*) (h+1); 2632 len = origlen; 2633 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2634 if (debug) 2635 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2636 switch (*p) { 2637 case IPCP_OPT_ADDRESS: 2638 /* This is the address he wants in his end */ 2639 desiredaddr = p[2] << 24 | p[3] << 16 | 2640 p[4] << 8 | p[5]; 2641 if (desiredaddr == hisaddr || 2642 (hisaddr == 1 && desiredaddr != 0)) { 2643 /* 2644 * Peer's address is same as our value, 2645 * or we have set it to 0.0.0.1 to 2646 * indicate that we do not really care, 2647 * this is agreeable. Gonna conf-ack 2648 * it. 2649 */ 2650 if (debug) 2651 addlog("%s [ack] ", 2652 sppp_dotted_quad(hisaddr)); 2653 /* record that we've seen it already */ 2654 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2655 continue; 2656 } 2657 /* 2658 * The address wasn't agreeable. This is either 2659 * he sent us 0.0.0.0, asking to assign him an 2660 * address, or he send us another address not 2661 * matching our value. Either case, we gonna 2662 * conf-nak it with our value. 2663 * XXX: we should "rej" if hisaddr == 0 2664 */ 2665 if (debug) { 2666 if (desiredaddr == 0) 2667 addlog("[addr requested] "); 2668 else 2669 addlog("%s [not agreed] ", 2670 sppp_dotted_quad(desiredaddr)); 2671 2672 } 2673 p[2] = hisaddr >> 24; 2674 p[3] = hisaddr >> 16; 2675 p[4] = hisaddr >> 8; 2676 p[5] = hisaddr; 2677 break; 2678 } 2679 /* Add the option to nak'ed list. */ 2680 bcopy (p, r, p[1]); 2681 r += p[1]; 2682 rlen += p[1]; 2683 } 2684 2685 /* 2686 * If we are about to conf-ack the request, but haven't seen 2687 * his address so far, gonna conf-nak it instead, with the 2688 * `address' option present and our idea of his address being 2689 * filled in there, to request negotiation of both addresses. 2690 * 2691 * XXX This can result in an endless req - nak loop if peer 2692 * doesn't want to send us his address. Q: What should we do 2693 * about it? XXX A: implement the max-failure counter. 2694 */ 2695 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 2696 buf[0] = IPCP_OPT_ADDRESS; 2697 buf[1] = 6; 2698 buf[2] = hisaddr >> 24; 2699 buf[3] = hisaddr >> 16; 2700 buf[4] = hisaddr >> 8; 2701 buf[5] = hisaddr; 2702 rlen = 6; 2703 if (debug) 2704 addlog("still need hisaddr "); 2705 } 2706 2707 if (rlen) { 2708 if (debug) 2709 addlog(" send conf-nak\n"); 2710 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2711 } else { 2712 if (debug) 2713 addlog(" send conf-ack\n"); 2714 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2715 h->ident, origlen, h+1); 2716 } 2717 2718 free (buf, M_TEMP); 2719 return (rlen == 0); 2720} 2721 2722/* 2723 * Analyze the IPCP Configure-Reject option list, and adjust our 2724 * negotiation. 2725 */ 2726static void 2727sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2728{ 2729 u_char *buf, *p; 2730 struct ifnet *ifp = &sp->pp_if; 2731 int debug = ifp->if_flags & IFF_DEBUG; 2732 2733 len -= 4; 2734 buf = malloc (len, M_TEMP, M_NOWAIT); 2735 if (!buf) 2736 return; 2737 2738 if (debug) 2739 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 2740 SPP_ARGS(ifp)); 2741 2742 p = (void*) (h+1); 2743 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2744 if (debug) 2745 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2746 switch (*p) { 2747 case IPCP_OPT_ADDRESS: 2748 /* 2749 * Peer doesn't grok address option. This is 2750 * bad. XXX Should we better give up here? 2751 * XXX We could try old "addresses" option... 2752 */ 2753 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 2754 break; 2755 } 2756 } 2757 if (debug) 2758 addlog("\n"); 2759 free (buf, M_TEMP); 2760 return; 2761} 2762 2763/* 2764 * Analyze the IPCP Configure-NAK option list, and adjust our 2765 * negotiation. 2766 */ 2767static void 2768sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2769{ 2770 u_char *buf, *p; 2771 struct ifnet *ifp = &sp->pp_if; 2772 int debug = ifp->if_flags & IFF_DEBUG; 2773 u_long wantaddr; 2774 2775 len -= 4; 2776 buf = malloc (len, M_TEMP, M_NOWAIT); 2777 if (!buf) 2778 return; 2779 2780 if (debug) 2781 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 2782 SPP_ARGS(ifp)); 2783 2784 p = (void*) (h+1); 2785 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2786 if (debug) 2787 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2788 switch (*p) { 2789 case IPCP_OPT_ADDRESS: 2790 /* 2791 * Peer doesn't like our local IP address. See 2792 * if we can do something for him. We'll drop 2793 * him our address then. 2794 */ 2795 if (len >= 6 && p[1] == 6) { 2796 wantaddr = p[2] << 24 | p[3] << 16 | 2797 p[4] << 8 | p[5]; 2798 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2799 if (debug) 2800 addlog("[wantaddr %s] ", 2801 sppp_dotted_quad(wantaddr)); 2802 /* 2803 * When doing dynamic address assignment, 2804 * we accept his offer. Otherwise, we 2805 * ignore it and thus continue to negotiate 2806 * our already existing value. 2807 * XXX: Bogus, if he said no once, he'll 2808 * just say no again, might as well die. 2809 */ 2810 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 2811 sppp_set_ip_addr(sp, wantaddr); 2812 if (debug) 2813 addlog("[agree] "); 2814 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2815 } 2816 } 2817 break; 2818 } 2819 } 2820 if (debug) 2821 addlog("\n"); 2822 free (buf, M_TEMP); 2823 return; 2824} 2825 2826static void 2827sppp_ipcp_tlu(struct sppp *sp) 2828{ 2829 /* we are up - notify isdn daemon */ 2830 if (sp->pp_con) 2831 sp->pp_con(sp); 2832} 2833 2834static void 2835sppp_ipcp_tld(struct sppp *sp) 2836{ 2837} 2838 2839static void 2840sppp_ipcp_tls(struct sppp *sp) 2841{ 2842 /* indicate to LCP that it must stay alive */ 2843 sp->lcp.protos |= (1 << IDX_IPCP); 2844} 2845 2846static void 2847sppp_ipcp_tlf(struct sppp *sp) 2848{ 2849 /* we no longer need LCP */ 2850 sp->lcp.protos &= ~(1 << IDX_IPCP); 2851 sppp_lcp_check_and_close(sp); 2852} 2853 2854static void 2855sppp_ipcp_scr(struct sppp *sp) 2856{ 2857 char opt[6 /* compression */ + 6 /* address */]; 2858 u_long ouraddr; 2859 int i = 0; 2860 2861 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 2862 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 2863 opt[i++] = IPCP_OPT_ADDRESS; 2864 opt[i++] = 6; 2865 opt[i++] = ouraddr >> 24; 2866 opt[i++] = ouraddr >> 16; 2867 opt[i++] = ouraddr >> 8; 2868 opt[i++] = ouraddr; 2869 } 2870 2871 sp->confid[IDX_IPCP] = ++sp->pp_seq; 2872 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 2873} 2874 2875 2876/* 2877 *--------------------------------------------------------------------------* 2878 * * 2879 * The CHAP implementation. * 2880 * * 2881 *--------------------------------------------------------------------------* 2882 */ 2883 2884/* 2885 * The authentication protocols don't employ a full-fledged state machine as 2886 * the control protocols do, since they do have Open and Close events, but 2887 * not Up and Down, nor are they explicitly terminated. Also, use of the 2888 * authentication protocols may be different in both directions (this makes 2889 * sense, think of a machine that never accepts incoming calls but only 2890 * calls out, it doesn't require the called party to authenticate itself). 2891 * 2892 * Our state machine for the local authentication protocol (we are requesting 2893 * the peer to authenticate) looks like: 2894 * 2895 * RCA- 2896 * +--------------------------------------------+ 2897 * V scn,tld| 2898 * +--------+ Close +---------+ RCA+ 2899 * | |<----------------------------------| |------+ 2900 * +--->| Closed | TO* | Opened | sca | 2901 * | | |-----+ +-------| |<-----+ 2902 * | +--------+ irc | | +---------+ 2903 * | ^ | | ^ 2904 * | | | | | 2905 * | | | | | 2906 * | TO-| | | | 2907 * | |tld TO+ V | | 2908 * | | +------->+ | | 2909 * | | | | | | 2910 * | +--------+ V | | 2911 * | | |<----+<--------------------+ | 2912 * | | Req- | scr | 2913 * | | Sent | | 2914 * | | | | 2915 * | +--------+ | 2916 * | RCA- | | RCA+ | 2917 * +------+ +------------------------------------------+ 2918 * scn,tld sca,irc,ict,tlu 2919 * 2920 * 2921 * with: 2922 * 2923 * Open: LCP reached authentication phase 2924 * Close: LCP reached terminate phase 2925 * 2926 * RCA+: received reply (pap-req, chap-response), acceptable 2927 * RCN: received reply (pap-req, chap-response), not acceptable 2928 * TO+: timeout with restart counter >= 0 2929 * TO-: timeout with restart counter < 0 2930 * TO*: reschedule timeout for CHAP 2931 * 2932 * scr: send request packet (none for PAP, chap-challenge) 2933 * sca: send ack packet (pap-ack, chap-success) 2934 * scn: send nak packet (pap-nak, chap-failure) 2935 * ict: initialize re-challenge timer (CHAP only) 2936 * 2937 * tlu: this-layer-up, LCP reaches network phase 2938 * tld: this-layer-down, LCP enters terminate phase 2939 * 2940 * Note that in CHAP mode, after sending a new challenge, while the state 2941 * automaton falls back into Req-Sent state, it doesn't signal a tld 2942 * event to LCP, so LCP remains in network phase. Only after not getting 2943 * any response (or after getting an unacceptable response), CHAP closes, 2944 * causing LCP to enter terminate phase. 2945 * 2946 * With PAP, there is no initial request that can be sent. The peer is 2947 * expected to send one based on the successful negotiation of PAP as 2948 * the authentication protocol during the LCP option negotiation. 2949 * 2950 * Incoming authentication protocol requests (remote requests 2951 * authentication, we are peer) don't employ a state machine at all, 2952 * they are simply answered. Some peers [Ascend P50 firmware rev 2953 * 4.50] react allergically when sending IPCP requests while they are 2954 * still in authentication phase (thereby violating the standard that 2955 * demands that these NCP packets are to be discarded), so we keep 2956 * track of the peer demanding us to authenticate, and only proceed to 2957 * phase network once we've seen a positive acknowledge for the 2958 * authentication. 2959 */ 2960 2961/* 2962 * Handle incoming CHAP packets. 2963 */ 2964void 2965sppp_chap_input(struct sppp *sp, struct mbuf *m) 2966{ 2967 STDDCL; 2968 struct lcp_header *h; 2969 int len, x; 2970 u_char *value, *name, digest[AUTHKEYLEN], dsize; 2971 int value_len, name_len; 2972 MD5_CTX ctx; 2973 2974 len = m->m_pkthdr.len; 2975 if (len < 4) { 2976 if (debug) 2977 log(LOG_DEBUG, 2978 SPP_FMT "chap invalid packet length: %d bytes\n", 2979 SPP_ARGS(ifp), len); 2980 return; 2981 } 2982 h = mtod (m, struct lcp_header*); 2983 if (len > ntohs (h->len)) 2984 len = ntohs (h->len); 2985 2986 switch (h->type) { 2987 /* challenge, failure and success are his authproto */ 2988 case CHAP_CHALLENGE: 2989 value = 1 + (u_char*)(h+1); 2990 value_len = value[-1]; 2991 name = value + value_len; 2992 name_len = len - value_len - 5; 2993 if (name_len < 0) { 2994 if (debug) { 2995 log(LOG_DEBUG, 2996 SPP_FMT "chap corrupted challenge " 2997 "<%s id=0x%x len=%d", 2998 SPP_ARGS(ifp), 2999 sppp_auth_type_name(PPP_CHAP, h->type), 3000 h->ident, ntohs(h->len)); 3001 sppp_print_bytes((u_char*) (h+1), len-4); 3002 addlog(">\n"); 3003 } 3004 break; 3005 } 3006 3007 if (debug) { 3008 log(LOG_DEBUG, 3009 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3010 SPP_ARGS(ifp), 3011 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3012 ntohs(h->len)); 3013 sppp_print_string((char*) name, name_len); 3014 addlog(" value-size=%d value=", value_len); 3015 sppp_print_bytes(value, value_len); 3016 addlog(">\n"); 3017 } 3018 3019 /* Compute reply value. */ 3020 MD5Init(&ctx); 3021 MD5Update(&ctx, &h->ident, 1); 3022 MD5Update(&ctx, sp->myauth.secret, 3023 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3024 MD5Update(&ctx, value, value_len); 3025 MD5Final(digest, &ctx); 3026 dsize = sizeof digest; 3027 3028 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3029 sizeof dsize, (const char *)&dsize, 3030 sizeof digest, digest, 3031 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3032 sp->myauth.name, 3033 0); 3034 break; 3035 3036 case CHAP_SUCCESS: 3037 if (debug) { 3038 log(LOG_DEBUG, SPP_FMT "chap success", 3039 SPP_ARGS(ifp)); 3040 if (len > 4) { 3041 addlog(": "); 3042 sppp_print_string((char*)(h + 1), len - 4); 3043 } 3044 addlog("\n"); 3045 } 3046 x = splimp(); 3047 sp->pp_flags &= ~PP_NEEDAUTH; 3048 if (sp->myauth.proto == PPP_CHAP && 3049 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3050 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3051 /* 3052 * We are authenticator for CHAP but didn't 3053 * complete yet. Leave it to tlu to proceed 3054 * to network phase. 3055 */ 3056 splx(x); 3057 break; 3058 } 3059 splx(x); 3060 sppp_phase_network(sp); 3061 break; 3062 3063 case CHAP_FAILURE: 3064 if (debug) { 3065 log(LOG_INFO, SPP_FMT "chap failure", 3066 SPP_ARGS(ifp)); 3067 if (len > 4) { 3068 addlog(": "); 3069 sppp_print_string((char*)(h + 1), len - 4); 3070 } 3071 addlog("\n"); 3072 } else 3073 log(LOG_INFO, SPP_FMT "chap failure\n", 3074 SPP_ARGS(ifp)); 3075 /* await LCP shutdown by authenticator */ 3076 break; 3077 3078 /* response is my authproto */ 3079 case CHAP_RESPONSE: 3080 value = 1 + (u_char*)(h+1); 3081 value_len = value[-1]; 3082 name = value + value_len; 3083 name_len = len - value_len - 5; 3084 if (name_len < 0) { 3085 if (debug) { 3086 log(LOG_DEBUG, 3087 SPP_FMT "chap corrupted response " 3088 "<%s id=0x%x len=%d", 3089 SPP_ARGS(ifp), 3090 sppp_auth_type_name(PPP_CHAP, h->type), 3091 h->ident, ntohs(h->len)); 3092 sppp_print_bytes((u_char*)(h+1), len-4); 3093 addlog(">\n"); 3094 } 3095 break; 3096 } 3097 if (h->ident != sp->confid[IDX_CHAP]) { 3098 if (debug) 3099 log(LOG_DEBUG, 3100 SPP_FMT "chap dropping response for old ID " 3101 "(got %d, expected %d)\n", 3102 SPP_ARGS(ifp), 3103 h->ident, sp->confid[IDX_CHAP]); 3104 break; 3105 } 3106 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 3107 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3108 log(LOG_INFO, SPP_FMT "chap response, his name ", 3109 SPP_ARGS(ifp)); 3110 sppp_print_string(name, name_len); 3111 addlog(" != expected "); 3112 sppp_print_string(sp->hisauth.name, 3113 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 3114 addlog("\n"); 3115 } 3116 if (debug) { 3117 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3118 "<%s id=0x%x len=%d name=", 3119 SPP_ARGS(ifp), 3120 sppp_state_name(sp->state[IDX_CHAP]), 3121 sppp_auth_type_name(PPP_CHAP, h->type), 3122 h->ident, ntohs (h->len)); 3123 sppp_print_string((char*)name, name_len); 3124 addlog(" value-size=%d value=", value_len); 3125 sppp_print_bytes(value, value_len); 3126 addlog(">\n"); 3127 } 3128 if (value_len != AUTHKEYLEN) { 3129 if (debug) 3130 log(LOG_DEBUG, 3131 SPP_FMT "chap bad hash value length: " 3132 "%d bytes, should be %d\n", 3133 SPP_ARGS(ifp), value_len, 3134 AUTHKEYLEN); 3135 break; 3136 } 3137 3138 MD5Init(&ctx); 3139 MD5Update(&ctx, &h->ident, 1); 3140 MD5Update(&ctx, sp->hisauth.secret, 3141 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 3142 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 3143 MD5Final(digest, &ctx); 3144 3145#define FAILMSG "Failed..." 3146#define SUCCMSG "Welcome!" 3147 3148 if (value_len != sizeof digest || 3149 bcmp(digest, value, value_len) != 0) { 3150 /* action scn, tld */ 3151 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3152 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3153 0); 3154 chap.tld(sp); 3155 break; 3156 } 3157 /* action sca, perhaps tlu */ 3158 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3159 sp->state[IDX_CHAP] == STATE_OPENED) 3160 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3161 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3162 0); 3163 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3164 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3165 chap.tlu(sp); 3166 } 3167 break; 3168 3169 default: 3170 /* Unknown CHAP packet type -- ignore. */ 3171 if (debug) { 3172 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 3173 "<0x%x id=0x%xh len=%d", 3174 SPP_ARGS(ifp), 3175 sppp_state_name(sp->state[IDX_CHAP]), 3176 h->type, h->ident, ntohs(h->len)); 3177 sppp_print_bytes((u_char*)(h+1), len-4); 3178 addlog(">\n"); 3179 } 3180 break; 3181 3182 } 3183} 3184 3185static void 3186sppp_chap_init(struct sppp *sp) 3187{ 3188 /* Chap doesn't have STATE_INITIAL at all. */ 3189 sp->state[IDX_CHAP] = STATE_CLOSED; 3190 sp->fail_counter[IDX_CHAP] = 0; 3191#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3192 callout_handle_init(&sp->ch[IDX_CHAP]); 3193#endif 3194} 3195 3196static void 3197sppp_chap_open(struct sppp *sp) 3198{ 3199 if (sp->myauth.proto == PPP_CHAP && 3200 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3201 /* we are authenticator for CHAP, start it */ 3202 chap.scr(sp); 3203 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3204 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3205 } 3206 /* nothing to be done if we are peer, await a challenge */ 3207} 3208 3209static void 3210sppp_chap_close(struct sppp *sp) 3211{ 3212 if (sp->state[IDX_CHAP] != STATE_CLOSED) 3213 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3214} 3215 3216static void 3217sppp_chap_TO(void *cookie) 3218{ 3219 struct sppp *sp = (struct sppp *)cookie; 3220 STDDCL; 3221 int s; 3222 3223 s = splimp(); 3224 if (debug) 3225 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 3226 SPP_ARGS(ifp), 3227 sppp_state_name(sp->state[IDX_CHAP]), 3228 sp->rst_counter[IDX_CHAP]); 3229 3230 if (--sp->rst_counter[IDX_CHAP] < 0) 3231 /* TO- event */ 3232 switch (sp->state[IDX_CHAP]) { 3233 case STATE_REQ_SENT: 3234 chap.tld(sp); 3235 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3236 break; 3237 } 3238 else 3239 /* TO+ (or TO*) event */ 3240 switch (sp->state[IDX_CHAP]) { 3241 case STATE_OPENED: 3242 /* TO* event */ 3243 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3244 /* fall through */ 3245 case STATE_REQ_SENT: 3246 chap.scr(sp); 3247 /* sppp_cp_change_state() will restart the timer */ 3248 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3249 break; 3250 } 3251 3252 splx(s); 3253} 3254 3255static void 3256sppp_chap_tlu(struct sppp *sp) 3257{ 3258 STDDCL; 3259 int i, x; 3260 3261 i = 0; 3262 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3263 3264 /* 3265 * Some broken CHAP implementations (Conware CoNet, firmware 3266 * 4.0.?) don't want to re-authenticate their CHAP once the 3267 * initial challenge-response exchange has taken place. 3268 * Provide for an option to avoid rechallenges. 3269 */ 3270 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 3271 /* 3272 * Compute the re-challenge timeout. This will yield 3273 * a number between 300 and 810 seconds. 3274 */ 3275 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 3276 TIMEOUT(chap.TO, (void *)sp, i * hz, sp->ch[IDX_CHAP]); 3277 } 3278 3279 if (debug) { 3280 log(LOG_DEBUG, 3281 SPP_FMT "chap %s, ", 3282 SPP_ARGS(ifp), 3283 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 3284 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 3285 addlog("next re-challenge in %d seconds\n", i); 3286 else 3287 addlog("re-challenging supressed\n"); 3288 } 3289 3290 x = splimp(); 3291 /* indicate to LCP that we need to be closed down */ 3292 sp->lcp.protos |= (1 << IDX_CHAP); 3293 3294 if (sp->pp_flags & PP_NEEDAUTH) { 3295 /* 3296 * Remote is authenticator, but his auth proto didn't 3297 * complete yet. Defer the transition to network 3298 * phase. 3299 */ 3300 splx(x); 3301 return; 3302 } 3303 splx(x); 3304 3305 /* 3306 * If we are already in phase network, we are done here. This 3307 * is the case if this is a dummy tlu event after a re-challenge. 3308 */ 3309 if (sp->pp_phase != PHASE_NETWORK) 3310 sppp_phase_network(sp); 3311} 3312 3313static void 3314sppp_chap_tld(struct sppp *sp) 3315{ 3316 STDDCL; 3317 3318 if (debug) 3319 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 3320 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 3321 sp->lcp.protos &= ~(1 << IDX_CHAP); 3322 3323 lcp.Close(sp); 3324} 3325 3326static void 3327sppp_chap_scr(struct sppp *sp) 3328{ 3329 u_long *ch, seed; 3330 u_char clen; 3331 3332 /* Compute random challenge. */ 3333 ch = (u_long *)sp->myauth.challenge; 3334#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3335 read_random(&seed, sizeof seed); 3336#else 3337 { 3338 struct timeval tv; 3339 microtime(&tv); 3340 seed = tv.tv_sec ^ tv.tv_usec; 3341 } 3342#endif 3343 ch[0] = seed ^ random(); 3344 ch[1] = seed ^ random(); 3345 ch[2] = seed ^ random(); 3346 ch[3] = seed ^ random(); 3347 clen = AUTHKEYLEN; 3348 3349 sp->confid[IDX_CHAP] = ++sp->pp_seq; 3350 3351 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 3352 sizeof clen, (const char *)&clen, 3353 (size_t)AUTHKEYLEN, sp->myauth.challenge, 3354 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3355 sp->myauth.name, 3356 0); 3357} 3358/* 3359 *--------------------------------------------------------------------------* 3360 * * 3361 * The PAP implementation. * 3362 * * 3363 *--------------------------------------------------------------------------* 3364 */ 3365/* 3366 * For PAP, we need to keep a little state also if we are the peer, not the 3367 * authenticator. This is since we don't get a request to authenticate, but 3368 * have to repeatedly authenticate ourself until we got a response (or the 3369 * retry counter is expired). 3370 */ 3371 3372/* 3373 * Handle incoming PAP packets. */ 3374static void 3375sppp_pap_input(struct sppp *sp, struct mbuf *m) 3376{ 3377 STDDCL; 3378 struct lcp_header *h; 3379 int len, x; 3380 u_char *name, *passwd, mlen; 3381 int name_len, passwd_len; 3382 3383 len = m->m_pkthdr.len; 3384 if (len < 5) { 3385 if (debug) 3386 log(LOG_DEBUG, 3387 SPP_FMT "pap invalid packet length: %d bytes\n", 3388 SPP_ARGS(ifp), len); 3389 return; 3390 } 3391 h = mtod (m, struct lcp_header*); 3392 if (len > ntohs (h->len)) 3393 len = ntohs (h->len); 3394 switch (h->type) { 3395 /* PAP request is my authproto */ 3396 case PAP_REQ: 3397 name = 1 + (u_char*)(h+1); 3398 name_len = name[-1]; 3399 passwd = name + name_len + 1; 3400 if (name_len > len - 6 || 3401 (passwd_len = passwd[-1]) > len - 6 - name_len) { 3402 if (debug) { 3403 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3404 "<%s id=0x%x len=%d", 3405 SPP_ARGS(ifp), 3406 sppp_auth_type_name(PPP_PAP, h->type), 3407 h->ident, ntohs(h->len)); 3408 sppp_print_bytes((u_char*)(h+1), len-4); 3409 addlog(">\n"); 3410 } 3411 break; 3412 } 3413 if (debug) { 3414 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 3415 "<%s id=0x%x len=%d name=", 3416 SPP_ARGS(ifp), 3417 sppp_state_name(sp->state[IDX_PAP]), 3418 sppp_auth_type_name(PPP_PAP, h->type), 3419 h->ident, ntohs(h->len)); 3420 sppp_print_string((char*)name, name_len); 3421 addlog(" passwd="); 3422 sppp_print_string((char*)passwd, passwd_len); 3423 addlog(">\n"); 3424 } 3425 if (name_len > AUTHNAMELEN || 3426 passwd_len > AUTHKEYLEN || 3427 bcmp(name, sp->hisauth.name, name_len) != 0 || 3428 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 3429 /* action scn, tld */ 3430 mlen = sizeof(FAILMSG) - 1; 3431 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 3432 sizeof mlen, (const char *)&mlen, 3433 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3434 0); 3435 pap.tld(sp); 3436 break; 3437 } 3438 /* action sca, perhaps tlu */ 3439 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 3440 sp->state[IDX_PAP] == STATE_OPENED) { 3441 mlen = sizeof(SUCCMSG) - 1; 3442 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 3443 sizeof mlen, (const char *)&mlen, 3444 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3445 0); 3446 } 3447 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 3448 sppp_cp_change_state(&pap, sp, STATE_OPENED); 3449 pap.tlu(sp); 3450 } 3451 break; 3452 3453 /* ack and nak are his authproto */ 3454 case PAP_ACK: 3455 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3456 if (debug) { 3457 log(LOG_DEBUG, SPP_FMT "pap success", 3458 SPP_ARGS(ifp)); 3459 name_len = *((char *)h); 3460 if (len > 5 && name_len) { 3461 addlog(": "); 3462 sppp_print_string((char*)(h+1), name_len); 3463 } 3464 addlog("\n"); 3465 } 3466 x = splimp(); 3467 sp->pp_flags &= ~PP_NEEDAUTH; 3468 if (sp->myauth.proto == PPP_PAP && 3469 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3470 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 3471 /* 3472 * We are authenticator for PAP but didn't 3473 * complete yet. Leave it to tlu to proceed 3474 * to network phase. 3475 */ 3476 splx(x); 3477 break; 3478 } 3479 splx(x); 3480 sppp_phase_network(sp); 3481 break; 3482 3483 case PAP_NAK: 3484 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3485 if (debug) { 3486 log(LOG_INFO, SPP_FMT "pap failure", 3487 SPP_ARGS(ifp)); 3488 name_len = *((char *)h); 3489 if (len > 5 && name_len) { 3490 addlog(": "); 3491 sppp_print_string((char*)(h+1), name_len); 3492 } 3493 addlog("\n"); 3494 } else 3495 log(LOG_INFO, SPP_FMT "pap failure\n", 3496 SPP_ARGS(ifp)); 3497 /* await LCP shutdown by authenticator */ 3498 break; 3499 3500 default: 3501 /* Unknown PAP packet type -- ignore. */ 3502 if (debug) { 3503 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3504 "<0x%x id=0x%x len=%d", 3505 SPP_ARGS(ifp), 3506 h->type, h->ident, ntohs(h->len)); 3507 sppp_print_bytes((u_char*)(h+1), len-4); 3508 addlog(">\n"); 3509 } 3510 break; 3511 3512 } 3513} 3514 3515static void 3516sppp_pap_init(struct sppp *sp) 3517{ 3518 /* PAP doesn't have STATE_INITIAL at all. */ 3519 sp->state[IDX_PAP] = STATE_CLOSED; 3520 sp->fail_counter[IDX_PAP] = 0; 3521#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3522 callout_handle_init(&sp->ch[IDX_PAP]); 3523 callout_handle_init(&sp->pap_my_to_ch); 3524#endif 3525} 3526 3527static void 3528sppp_pap_open(struct sppp *sp) 3529{ 3530 if (sp->hisauth.proto == PPP_PAP && 3531 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3532 /* we are authenticator for PAP, start our timer */ 3533 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3534 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3535 } 3536 if (sp->myauth.proto == PPP_PAP) { 3537 /* we are peer, send a request, and start a timer */ 3538 pap.scr(sp); 3539 TIMEOUT(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout, 3540 sp->pap_my_to_ch); 3541 } 3542} 3543 3544static void 3545sppp_pap_close(struct sppp *sp) 3546{ 3547 if (sp->state[IDX_PAP] != STATE_CLOSED) 3548 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3549} 3550 3551/* 3552 * That's the timeout routine if we are authenticator. Since the 3553 * authenticator is basically passive in PAP, we can't do much here. 3554 */ 3555static void 3556sppp_pap_TO(void *cookie) 3557{ 3558 struct sppp *sp = (struct sppp *)cookie; 3559 STDDCL; 3560 int s; 3561 3562 s = splimp(); 3563 if (debug) 3564 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 3565 SPP_ARGS(ifp), 3566 sppp_state_name(sp->state[IDX_PAP]), 3567 sp->rst_counter[IDX_PAP]); 3568 3569 if (--sp->rst_counter[IDX_PAP] < 0) 3570 /* TO- event */ 3571 switch (sp->state[IDX_PAP]) { 3572 case STATE_REQ_SENT: 3573 pap.tld(sp); 3574 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3575 break; 3576 } 3577 else 3578 /* TO+ event, not very much we could do */ 3579 switch (sp->state[IDX_PAP]) { 3580 case STATE_REQ_SENT: 3581 /* sppp_cp_change_state() will restart the timer */ 3582 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3583 break; 3584 } 3585 3586 splx(s); 3587} 3588 3589/* 3590 * That's the timeout handler if we are peer. Since the peer is active, 3591 * we need to retransmit our PAP request since it is apparently lost. 3592 * XXX We should impose a max counter. 3593 */ 3594static void 3595sppp_pap_my_TO(void *cookie) 3596{ 3597 struct sppp *sp = (struct sppp *)cookie; 3598 STDDCL; 3599 3600 if (debug) 3601 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 3602 SPP_ARGS(ifp)); 3603 3604 pap.scr(sp); 3605} 3606 3607static void 3608sppp_pap_tlu(struct sppp *sp) 3609{ 3610 STDDCL; 3611 int x; 3612 3613 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3614 3615 if (debug) 3616 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 3617 SPP_ARGS(ifp), pap.name); 3618 3619 x = splimp(); 3620 /* indicate to LCP that we need to be closed down */ 3621 sp->lcp.protos |= (1 << IDX_PAP); 3622 3623 if (sp->pp_flags & PP_NEEDAUTH) { 3624 /* 3625 * Remote is authenticator, but his auth proto didn't 3626 * complete yet. Defer the transition to network 3627 * phase. 3628 */ 3629 splx(x); 3630 return; 3631 } 3632 splx(x); 3633 sppp_phase_network(sp); 3634} 3635 3636static void 3637sppp_pap_tld(struct sppp *sp) 3638{ 3639 STDDCL; 3640 3641 if (debug) 3642 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 3643 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 3644 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3645 sp->lcp.protos &= ~(1 << IDX_PAP); 3646 3647 lcp.Close(sp); 3648} 3649 3650static void 3651sppp_pap_scr(struct sppp *sp) 3652{ 3653 u_char idlen, pwdlen; 3654 3655 sp->confid[IDX_PAP] = ++sp->pp_seq; 3656 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 3657 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 3658 3659 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 3660 sizeof idlen, (const char *)&idlen, 3661 (size_t)idlen, sp->myauth.name, 3662 sizeof pwdlen, (const char *)&pwdlen, 3663 (size_t)pwdlen, sp->myauth.secret, 3664 0); 3665} 3666/* 3667 * Random miscellaneous functions. 3668 */ 3669 3670/* 3671 * Send a PAP or CHAP proto packet. 3672 * 3673 * Varadic function, each of the elements for the ellipsis is of type 3674 * ``size_t mlen, const u_char *msg''. Processing will stop iff 3675 * mlen == 0. 3676 * NOTE: never declare variadic functions with types subject to type 3677 * promotion (i.e. u_char). This is asking for big trouble depending 3678 * on the architecture you are on... 3679 */ 3680 3681static void 3682sppp_auth_send(const struct cp *cp, struct sppp *sp, 3683 unsigned int type, unsigned int id, 3684 ...) 3685{ 3686 STDDCL; 3687 struct ppp_header *h; 3688 struct lcp_header *lh; 3689 struct mbuf *m; 3690 u_char *p; 3691 int len; 3692 unsigned int mlen; 3693 const char *msg; 3694 va_list ap; 3695 3696 MGETHDR (m, M_DONTWAIT, MT_DATA); 3697 if (! m) 3698 return; 3699 m->m_pkthdr.rcvif = 0; 3700 3701 h = mtod (m, struct ppp_header*); 3702 h->address = PPP_ALLSTATIONS; /* broadcast address */ 3703 h->control = PPP_UI; /* Unnumbered Info */ 3704 h->protocol = htons(cp->proto); 3705 3706 lh = (struct lcp_header*)(h + 1); 3707 lh->type = type; 3708 lh->ident = id; 3709 p = (u_char*) (lh+1); 3710 3711 va_start(ap, id); 3712 len = 0; 3713 3714 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 3715 msg = va_arg(ap, const char *); 3716 len += mlen; 3717 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 3718 va_end(ap); 3719 m_freem(m); 3720 return; 3721 } 3722 3723 bcopy(msg, p, mlen); 3724 p += mlen; 3725 } 3726 va_end(ap); 3727 3728 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 3729 lh->len = htons (LCP_HEADER_LEN + len); 3730 3731 if (debug) { 3732 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 3733 SPP_ARGS(ifp), cp->name, 3734 sppp_auth_type_name(cp->proto, lh->type), 3735 lh->ident, ntohs(lh->len)); 3736 sppp_print_bytes((u_char*) (lh+1), len); 3737 addlog(">\n"); 3738 } 3739 if (IF_QFULL (&sp->pp_cpq)) { 3740 IF_DROP (&sp->pp_fastq); 3741 IF_DROP (&ifp->if_snd); 3742 m_freem (m); 3743 ++ifp->if_oerrors; 3744 } else 3745 IF_ENQUEUE (&sp->pp_cpq, m); 3746 if (! (ifp->if_flags & IFF_OACTIVE)) 3747 (*ifp->if_start) (ifp); 3748 ifp->if_obytes += m->m_pkthdr.len + 3; 3749} 3750 3751/* 3752 * Flush interface queue. 3753 */ 3754static void 3755sppp_qflush(struct ifqueue *ifq) 3756{ 3757 struct mbuf *m, *n; 3758 3759 n = ifq->ifq_head; 3760 while ((m = n)) { 3761 n = m->m_act; 3762 m_freem (m); 3763 } 3764 ifq->ifq_head = 0; 3765 ifq->ifq_tail = 0; 3766 ifq->ifq_len = 0; 3767} 3768 3769/* 3770 * Send keepalive packets, every 10 seconds. 3771 */ 3772static void 3773sppp_keepalive(void *dummy) 3774{ 3775 struct sppp *sp; 3776 int s; 3777 3778 s = splimp(); 3779 for (sp=spppq; sp; sp=sp->pp_next) { 3780 struct ifnet *ifp = &sp->pp_if; 3781 3782 /* Keepalive mode disabled or channel down? */ 3783 if (! (sp->pp_flags & PP_KEEPALIVE) || 3784 ! (ifp->if_flags & IFF_RUNNING)) 3785 continue; 3786 3787 /* No keepalive in PPP mode if LCP not opened yet. */ 3788 if (sp->pp_mode != IFF_CISCO && 3789 sp->pp_phase < PHASE_AUTHENTICATE) 3790 continue; 3791 3792 if (sp->pp_alivecnt == MAXALIVECNT) { 3793 /* No keepalive packets got. Stop the interface. */ 3794 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 3795 if_down (ifp); 3796 sppp_qflush (&sp->pp_cpq); 3797 if (sp->pp_mode != IFF_CISCO) { 3798 /* XXX */ 3799 /* Shut down the PPP link. */ 3800 lcp.Down(sp); 3801 /* Initiate negotiation. XXX */ 3802 lcp.Up(sp); 3803 } 3804 } 3805 if (sp->pp_alivecnt <= MAXALIVECNT) 3806 ++sp->pp_alivecnt; 3807 if (sp->pp_mode == IFF_CISCO) 3808 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, ++sp->pp_seq, 3809 sp->pp_rseq); 3810 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 3811 long nmagic = htonl (sp->lcp.magic); 3812 sp->lcp.echoid = ++sp->pp_seq; 3813 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 3814 sp->lcp.echoid, 4, &nmagic); 3815 } 3816 } 3817 splx(s); 3818 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 3819} 3820 3821/* 3822 * Get both IP addresses. 3823 */ 3824static void 3825sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 3826{ 3827 struct ifnet *ifp = &sp->pp_if; 3828 struct ifaddr *ifa; 3829 struct sockaddr_in *si, *sm; 3830 u_long ssrc, ddst; 3831 3832 sm = NULL; 3833 ssrc = ddst = 0L; 3834 /* 3835 * Pick the first AF_INET address from the list, 3836 * aliases don't make any sense on a p2p link anyway. 3837 */ 3838 si = 0; 3839#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3840 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 3841#elif defined(__NetBSD__) || defined (__OpenBSD__) 3842 for (ifa = ifp->if_addrlist.tqh_first; 3843 ifa; 3844 ifa = ifa->ifa_list.tqe_next) 3845#else 3846 for (ifa = ifp->if_addrlist; 3847 ifa; 3848 ifa = ifa->ifa_next) 3849#endif 3850 if (ifa->ifa_addr->sa_family == AF_INET) { 3851 si = (struct sockaddr_in *)ifa->ifa_addr; 3852 sm = (struct sockaddr_in *)ifa->ifa_netmask; 3853 if (si) 3854 break; 3855 } 3856 if (ifa) { 3857 if (si && si->sin_addr.s_addr) { 3858 ssrc = si->sin_addr.s_addr; 3859 if (srcmask) 3860 *srcmask = ntohl(sm->sin_addr.s_addr); 3861 } 3862 3863 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 3864 if (si && si->sin_addr.s_addr) 3865 ddst = si->sin_addr.s_addr; 3866 } 3867 3868 if (dst) *dst = ntohl(ddst); 3869 if (src) *src = ntohl(ssrc); 3870} 3871 3872/* 3873 * Set my IP address. Must be called at splimp. 3874 */ 3875static void 3876sppp_set_ip_addr(struct sppp *sp, u_long src) 3877{ 3878 STDDCL; 3879 struct ifaddr *ifa; 3880 struct sockaddr_in *si; 3881 3882 /* 3883 * Pick the first AF_INET address from the list, 3884 * aliases don't make any sense on a p2p link anyway. 3885 */ 3886 si = 0; 3887#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3888 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 3889#elif defined(__NetBSD__) || defined (__OpenBSD__) 3890 for (ifa = ifp->if_addrlist.tqh_first; 3891 ifa; 3892 ifa = ifa->ifa_list.tqe_next) 3893#else 3894 for (ifa = ifp->if_addrlist; 3895 ifa; 3896 ifa = ifa->ifa_next) 3897#endif 3898 { 3899 if (ifa->ifa_addr->sa_family == AF_INET) 3900 { 3901 si = (struct sockaddr_in *)ifa->ifa_addr; 3902 if (si) 3903 break; 3904 } 3905 } 3906 3907 if (ifa && si) 3908 { 3909 int error; 3910#if __NetBSD_Version__ >= 103080000 3911 struct sockaddr_in new_sin = *si; 3912 3913 new_sin.sin_addr.s_addr = htonl(src); 3914 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 3915 if(debug && error) 3916 { 3917 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 3918 " failed, error=%d\n", SPP_ARGS(ifp), error); 3919 } 3920#else 3921 /* delete old route */ 3922 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 3923 if(debug && error) 3924 { 3925 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 3926 SPP_ARGS(ifp), error); 3927 } 3928 3929 /* set new address */ 3930 si->sin_addr.s_addr = htonl(src); 3931 3932 /* add new route */ 3933 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 3934 if (debug && error) 3935 { 3936 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 3937 SPP_ARGS(ifp), error); 3938 } 3939#endif 3940 } 3941} 3942 3943static int 3944sppp_params(struct sppp *sp, u_long cmd, void *data) 3945{ 3946 u_long subcmd; 3947 struct ifreq *ifr = (struct ifreq *)data; 3948 struct spppreq spr; 3949 3950 /* 3951 * ifr->ifr_data is supposed to point to a struct spppreq. 3952 * Check the cmd word first before attempting to fetch all the 3953 * data. 3954 */ 3955 if ((subcmd = fuword(ifr->ifr_data)) == -1) 3956 return EFAULT; 3957 3958 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0) 3959 return EFAULT; 3960 3961 switch (subcmd) { 3962 case SPPPIOGDEFS: 3963 if (cmd != SIOCGIFGENERIC) 3964 return EINVAL; 3965 /* 3966 * We copy over the entire current state, but clean 3967 * out some of the stuff we don't wanna pass up. 3968 * Remember, SIOCGIFGENERIC is unprotected, and can be 3969 * called by any user. No need to ever get PAP or 3970 * CHAP secrets back to userland anyway. 3971 */ 3972 bcopy(sp, &spr.defs, sizeof(struct sppp)); 3973 bzero(spr.defs.myauth.secret, AUTHKEYLEN); 3974 bzero(spr.defs.myauth.challenge, AUTHKEYLEN); 3975 bzero(spr.defs.hisauth.secret, AUTHKEYLEN); 3976 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN); 3977 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr); 3978 3979 case SPPPIOSDEFS: 3980 if (cmd != SIOCSIFGENERIC) 3981 return EINVAL; 3982 /* 3983 * We have a very specific idea of which fields we allow 3984 * being passed back from userland, so to not clobber our 3985 * current state. For one, we only allow setting 3986 * anything if LCP is in dead phase. Once the LCP 3987 * negotiations started, the authentication settings must 3988 * not be changed again. (The administrator can force an 3989 * ifconfig down in order to get LCP back into dead 3990 * phase.) 3991 * 3992 * Also, we only allow for authentication parameters to be 3993 * specified. 3994 * 3995 * XXX Should allow to set or clear pp_flags. 3996 * 3997 * Finally, if the respective authentication protocol to 3998 * be used is set differently than 0, but the secret is 3999 * passed as all zeros, we don't trash the existing secret. 4000 * This allows an administrator to change the system name 4001 * only without clobbering the secret (which he didn't get 4002 * back in a previous SPPPIOGDEFS call). However, the 4003 * secrets are cleared if the authentication protocol is 4004 * reset to 0. 4005 */ 4006 if (sp->pp_phase != PHASE_DEAD) 4007 return EBUSY; 4008 4009 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP && 4010 spr.defs.myauth.proto != PPP_CHAP) || 4011 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP && 4012 spr.defs.hisauth.proto != PPP_CHAP)) 4013 return EINVAL; 4014 4015 if (spr.defs.myauth.proto == 0) 4016 /* resetting myauth */ 4017 bzero(&sp->myauth, sizeof sp->myauth); 4018 else { 4019 /* setting/changing myauth */ 4020 sp->myauth.proto = spr.defs.myauth.proto; 4021 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 4022 if (spr.defs.myauth.secret[0] != '\0') 4023 bcopy(spr.defs.myauth.secret, sp->myauth.secret, 4024 AUTHKEYLEN); 4025 } 4026 if (spr.defs.hisauth.proto == 0) 4027 /* resetting hisauth */ 4028 bzero(&sp->hisauth, sizeof sp->hisauth); 4029 else { 4030 /* setting/changing hisauth */ 4031 sp->hisauth.proto = spr.defs.hisauth.proto; 4032 sp->hisauth.flags = spr.defs.hisauth.flags; 4033 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 4034 if (spr.defs.hisauth.secret[0] != '\0') 4035 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret, 4036 AUTHKEYLEN); 4037 } 4038 break; 4039 4040 default: 4041 return EINVAL; 4042 } 4043 4044 return 0; 4045} 4046 4047static void 4048sppp_phase_network(struct sppp *sp) 4049{ 4050 STDDCL; 4051 int i; 4052 u_long mask; 4053 4054 sp->pp_phase = PHASE_NETWORK; 4055 4056 if (debug) 4057 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 4058 sppp_phase_name(sp->pp_phase)); 4059 4060 /* Notify NCPs now. */ 4061 for (i = 0; i < IDX_COUNT; i++) 4062 if ((cps[i])->flags & CP_NCP) 4063 (cps[i])->Open(sp); 4064 4065 /* Send Up events to all NCPs. */ 4066 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 4067 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 4068 (cps[i])->Up(sp); 4069 4070 /* if no NCP is starting, all this was in vain, close down */ 4071 sppp_lcp_check_and_close(sp); 4072} 4073 4074 4075static const char * 4076sppp_cp_type_name(u_char type) 4077{ 4078 static char buf[12]; 4079 switch (type) { 4080 case CONF_REQ: return "conf-req"; 4081 case CONF_ACK: return "conf-ack"; 4082 case CONF_NAK: return "conf-nak"; 4083 case CONF_REJ: return "conf-rej"; 4084 case TERM_REQ: return "term-req"; 4085 case TERM_ACK: return "term-ack"; 4086 case CODE_REJ: return "code-rej"; 4087 case PROTO_REJ: return "proto-rej"; 4088 case ECHO_REQ: return "echo-req"; 4089 case ECHO_REPLY: return "echo-reply"; 4090 case DISC_REQ: return "discard-req"; 4091 } 4092 snprintf (buf, sizeof(buf), "cp/0x%x", type); 4093 return buf; 4094} 4095 4096static const char * 4097sppp_auth_type_name(u_short proto, u_char type) 4098{ 4099 static char buf[12]; 4100 switch (proto) { 4101 case PPP_CHAP: 4102 switch (type) { 4103 case CHAP_CHALLENGE: return "challenge"; 4104 case CHAP_RESPONSE: return "response"; 4105 case CHAP_SUCCESS: return "success"; 4106 case CHAP_FAILURE: return "failure"; 4107 } 4108 case PPP_PAP: 4109 switch (type) { 4110 case PAP_REQ: return "req"; 4111 case PAP_ACK: return "ack"; 4112 case PAP_NAK: return "nak"; 4113 } 4114 } 4115 snprintf (buf, sizeof(buf), "auth/0x%x", type); 4116 return buf; 4117} 4118 4119static const char * 4120sppp_lcp_opt_name(u_char opt) 4121{ 4122 static char buf[12]; 4123 switch (opt) { 4124 case LCP_OPT_MRU: return "mru"; 4125 case LCP_OPT_ASYNC_MAP: return "async-map"; 4126 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 4127 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 4128 case LCP_OPT_MAGIC: return "magic"; 4129 case LCP_OPT_PROTO_COMP: return "proto-comp"; 4130 case LCP_OPT_ADDR_COMP: return "addr-comp"; 4131 } 4132 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 4133 return buf; 4134} 4135 4136static const char * 4137sppp_ipcp_opt_name(u_char opt) 4138{ 4139 static char buf[12]; 4140 switch (opt) { 4141 case IPCP_OPT_ADDRESSES: return "addresses"; 4142 case IPCP_OPT_COMPRESSION: return "compression"; 4143 case IPCP_OPT_ADDRESS: return "address"; 4144 } 4145 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 4146 return buf; 4147} 4148 4149static const char * 4150sppp_state_name(int state) 4151{ 4152 switch (state) { 4153 case STATE_INITIAL: return "initial"; 4154 case STATE_STARTING: return "starting"; 4155 case STATE_CLOSED: return "closed"; 4156 case STATE_STOPPED: return "stopped"; 4157 case STATE_CLOSING: return "closing"; 4158 case STATE_STOPPING: return "stopping"; 4159 case STATE_REQ_SENT: return "req-sent"; 4160 case STATE_ACK_RCVD: return "ack-rcvd"; 4161 case STATE_ACK_SENT: return "ack-sent"; 4162 case STATE_OPENED: return "opened"; 4163 } 4164 return "illegal"; 4165} 4166 4167static const char * 4168sppp_phase_name(enum ppp_phase phase) 4169{ 4170 switch (phase) { 4171 case PHASE_DEAD: return "dead"; 4172 case PHASE_ESTABLISH: return "establish"; 4173 case PHASE_TERMINATE: return "terminate"; 4174 case PHASE_AUTHENTICATE: return "authenticate"; 4175 case PHASE_NETWORK: return "network"; 4176 } 4177 return "illegal"; 4178} 4179 4180static const char * 4181sppp_proto_name(u_short proto) 4182{ 4183 static char buf[12]; 4184 switch (proto) { 4185 case PPP_LCP: return "lcp"; 4186 case PPP_IPCP: return "ipcp"; 4187 case PPP_PAP: return "pap"; 4188 case PPP_CHAP: return "chap"; 4189 } 4190 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 4191 return buf; 4192} 4193 4194static void 4195sppp_print_bytes(const u_char *p, u_short len) 4196{ 4197 if (len) 4198 addlog(" %*D", len, p, "-"); 4199} 4200 4201static void 4202sppp_print_string(const char *p, u_short len) 4203{ 4204 u_char c; 4205 4206 while (len-- > 0) { 4207 c = *p++; 4208 /* 4209 * Print only ASCII chars directly. RFC 1994 recommends 4210 * using only them, but we don't rely on it. */ 4211 if (c < ' ' || c > '~') 4212 addlog("\\x%x", c); 4213 else 4214 addlog("%c", c); 4215 } 4216} 4217 4218static const char * 4219sppp_dotted_quad(u_long addr) 4220{ 4221 static char s[16]; 4222 sprintf(s, "%d.%d.%d.%d", 4223 (int)((addr >> 24) & 0xff), 4224 (int)((addr >> 16) & 0xff), 4225 (int)((addr >> 8) & 0xff), 4226 (int)(addr & 0xff)); 4227 return s; 4228} 4229 4230static int 4231sppp_strnlen(u_char *p, int max) 4232{ 4233 int len; 4234 4235 for (len = 0; len < max && *p; ++p) 4236 ++len; 4237 return len; 4238} 4239 4240/* a dummy, used to drop uninteresting events */ 4241static void 4242sppp_null(struct sppp *unused) 4243{ 4244 /* do just nothing */ 4245} 4246