if_spppsubr.c revision 71959
1/* 2 * Synchronous PPP/Cisco link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 * 5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6 * Author: Serge Vakulenko, <vak@cronyx.ru> 7 * 8 * Heavily revamped to conform to RFC 1661. 9 * Copyright (C) 1997, Joerg Wunsch. 10 * 11 * This software is distributed with NO WARRANTIES, not even the implied 12 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13 * 14 * Authors grant any other persons or organisations permission to use 15 * or modify this software as long as this message is kept with the software, 16 * all derivative works or modified versions. 17 * 18 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 19 * 20 * $FreeBSD: head/sys/net/if_spppsubr.c 71959 2001-02-03 11:46:35Z phk $ 21 */ 22 23#include <sys/param.h> 24 25#if defined(__FreeBSD__) && __FreeBSD__ >= 3 26#include "opt_inet.h" 27#include "opt_inet6.h" 28#include "opt_ipx.h" 29#endif 30 31#ifdef NetBSD1_3 32# if NetBSD1_3 > 6 33# include "opt_inet.h" 34# include "opt_inet6.h" 35# include "opt_iso.h" 36# endif 37#endif 38 39#include <sys/systm.h> 40#include <sys/kernel.h> 41#include <sys/module.h> 42#include <sys/sockio.h> 43#include <sys/socket.h> 44#include <sys/syslog.h> 45#if defined(__FreeBSD__) && __FreeBSD__ >= 3 46#include <sys/random.h> 47#endif 48#include <sys/malloc.h> 49#include <sys/mbuf.h> 50 51#if defined (__OpenBSD__) 52#include <sys/md5k.h> 53#else 54#include <sys/md5.h> 55#endif 56 57#include <net/if.h> 58#include <net/netisr.h> 59#include <net/if_types.h> 60#include <net/route.h> 61 62#if defined (__NetBSD__) || defined (__OpenBSD__) 63#include <machine/cpu.h> /* XXX for softnet */ 64#endif 65 66#include <machine/stdarg.h> 67 68#ifdef INET 69#include <netinet/in.h> 70#include <netinet/in_systm.h> 71#include <netinet/in_var.h> 72#include <netinet/ip.h> 73#include <netinet/tcp.h> 74# if defined (__FreeBSD__) || defined (__OpenBSD__) 75# include <netinet/if_ether.h> 76# else 77# include <net/ethertypes.h> 78# endif 79#else 80# error Huh? sppp without INET? 81#endif 82 83#ifdef IPX 84#include <netipx/ipx.h> 85#include <netipx/ipx_if.h> 86#endif 87 88#ifdef NS 89#include <netns/ns.h> 90#include <netns/ns_if.h> 91#endif 92 93#include <net/if_sppp.h> 94 95#if defined(__FreeBSD__) && __FreeBSD__ >= 3 96# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg, handle) 97# define TIMEOUT(fun, arg1, arg2, handle) handle = timeout(fun, arg1, arg2) 98# define IOCTL_CMD_T u_long 99#else 100# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg) 101# define TIMEOUT(fun, arg1, arg2, handle) timeout(fun, arg1, arg2) 102# define IOCTL_CMD_T int 103#endif 104 105#define MAXALIVECNT 3 /* max. alive packets */ 106 107/* 108 * Interface flags that can be set in an ifconfig command. 109 * 110 * Setting link0 will make the link passive, i.e. it will be marked 111 * as being administrative openable, but won't be opened to begin 112 * with. Incoming calls will be answered, or subsequent calls with 113 * -link1 will cause the administrative open of the LCP layer. 114 * 115 * Setting link1 will cause the link to auto-dial only as packets 116 * arrive to be sent. 117 * 118 * Setting IFF_DEBUG will syslog the option negotiation and state 119 * transitions at level kern.debug. Note: all logs consistently look 120 * like 121 * 122 * <if-name><unit>: <proto-name> <additional info...> 123 * 124 * with <if-name><unit> being something like "bppp0", and <proto-name> 125 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 126 */ 127 128#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 129#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 130#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 131 132#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 133#define PPP_UI 0x03 /* Unnumbered Information */ 134#define PPP_IP 0x0021 /* Internet Protocol */ 135#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 136#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 137#define PPP_IPX 0x002b /* Novell IPX Protocol */ 138#define PPP_LCP 0xc021 /* Link Control Protocol */ 139#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 140#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 141#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 142 143#define CONF_REQ 1 /* PPP configure request */ 144#define CONF_ACK 2 /* PPP configure acknowledge */ 145#define CONF_NAK 3 /* PPP configure negative ack */ 146#define CONF_REJ 4 /* PPP configure reject */ 147#define TERM_REQ 5 /* PPP terminate request */ 148#define TERM_ACK 6 /* PPP terminate acknowledge */ 149#define CODE_REJ 7 /* PPP code reject */ 150#define PROTO_REJ 8 /* PPP protocol reject */ 151#define ECHO_REQ 9 /* PPP echo request */ 152#define ECHO_REPLY 10 /* PPP echo reply */ 153#define DISC_REQ 11 /* PPP discard request */ 154 155#define LCP_OPT_MRU 1 /* maximum receive unit */ 156#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 157#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 158#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 159#define LCP_OPT_MAGIC 5 /* magic number */ 160#define LCP_OPT_RESERVED 6 /* reserved */ 161#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 162#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 163 164#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 165#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 166#define IPCP_OPT_ADDRESS 3 /* local IP address */ 167 168#define PAP_REQ 1 /* PAP name/password request */ 169#define PAP_ACK 2 /* PAP acknowledge */ 170#define PAP_NAK 3 /* PAP fail */ 171 172#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 173#define CHAP_RESPONSE 2 /* CHAP challenge response */ 174#define CHAP_SUCCESS 3 /* CHAP response ok */ 175#define CHAP_FAILURE 4 /* CHAP response failed */ 176 177#define CHAP_MD5 5 /* hash algorithm - MD5 */ 178 179#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 180#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 181#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 182#define CISCO_ADDR_REQ 0 /* Cisco address request */ 183#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 184#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 185 186/* states are named and numbered according to RFC 1661 */ 187#define STATE_INITIAL 0 188#define STATE_STARTING 1 189#define STATE_CLOSED 2 190#define STATE_STOPPED 3 191#define STATE_CLOSING 4 192#define STATE_STOPPING 5 193#define STATE_REQ_SENT 6 194#define STATE_ACK_RCVD 7 195#define STATE_ACK_SENT 8 196#define STATE_OPENED 9 197 198struct ppp_header { 199 u_char address; 200 u_char control; 201 u_short protocol; 202}; 203#define PPP_HEADER_LEN sizeof (struct ppp_header) 204 205struct lcp_header { 206 u_char type; 207 u_char ident; 208 u_short len; 209}; 210#define LCP_HEADER_LEN sizeof (struct lcp_header) 211 212struct cisco_packet { 213 u_long type; 214 u_long par1; 215 u_long par2; 216 u_short rel; 217 u_short time0; 218 u_short time1; 219}; 220#define CISCO_PACKET_LEN 18 221 222/* 223 * We follow the spelling and capitalization of RFC 1661 here, to make 224 * it easier comparing with the standard. Please refer to this RFC in 225 * case you can't make sense out of these abbreviation; it will also 226 * explain the semantics related to the various events and actions. 227 */ 228struct cp { 229 u_short proto; /* PPP control protocol number */ 230 u_char protoidx; /* index into state table in struct sppp */ 231 u_char flags; 232#define CP_LCP 0x01 /* this is the LCP */ 233#define CP_AUTH 0x02 /* this is an authentication protocol */ 234#define CP_NCP 0x04 /* this is a NCP */ 235#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 236 const char *name; /* name of this control protocol */ 237 /* event handlers */ 238 void (*Up)(struct sppp *sp); 239 void (*Down)(struct sppp *sp); 240 void (*Open)(struct sppp *sp); 241 void (*Close)(struct sppp *sp); 242 void (*TO)(void *sp); 243 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 244 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 245 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 246 /* actions */ 247 void (*tlu)(struct sppp *sp); 248 void (*tld)(struct sppp *sp); 249 void (*tls)(struct sppp *sp); 250 void (*tlf)(struct sppp *sp); 251 void (*scr)(struct sppp *sp); 252}; 253 254static struct sppp *spppq; 255#if defined(__FreeBSD__) && __FreeBSD__ >= 3 256static struct callout_handle keepalive_ch; 257#endif 258 259#if defined(__FreeBSD__) && __FreeBSD__ >= 3 260#define SPP_FMT "%s%d: " 261#define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 262#else 263#define SPP_FMT "%s: " 264#define SPP_ARGS(ifp) (ifp)->if_xname 265#endif 266 267/* 268 * The following disgusting hack gets around the problem that IP TOS 269 * can't be set yet. We want to put "interactive" traffic on a high 270 * priority queue. To decide if traffic is interactive, we check that 271 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 272 * 273 * XXX is this really still necessary? - joerg - 274 */ 275static u_short interactive_ports[8] = { 276 0, 513, 0, 0, 277 0, 21, 0, 23, 278}; 279#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 280 281/* almost every function needs these */ 282#define STDDCL \ 283 struct ifnet *ifp = &sp->pp_if; \ 284 int debug = ifp->if_flags & IFF_DEBUG 285 286static int sppp_output(struct ifnet *ifp, struct mbuf *m, 287 struct sockaddr *dst, struct rtentry *rt); 288 289static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 290static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 291 292static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 293 struct mbuf *m); 294static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 295 u_char ident, u_short len, void *data); 296/* static void sppp_cp_timeout(void *arg); */ 297static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 298 int newstate); 299static void sppp_auth_send(const struct cp *cp, 300 struct sppp *sp, unsigned int type, unsigned int id, 301 ...); 302 303static void sppp_up_event(const struct cp *cp, struct sppp *sp); 304static void sppp_down_event(const struct cp *cp, struct sppp *sp); 305static void sppp_open_event(const struct cp *cp, struct sppp *sp); 306static void sppp_close_event(const struct cp *cp, struct sppp *sp); 307static void sppp_to_event(const struct cp *cp, struct sppp *sp); 308 309static void sppp_null(struct sppp *sp); 310 311static void sppp_lcp_init(struct sppp *sp); 312static void sppp_lcp_up(struct sppp *sp); 313static void sppp_lcp_down(struct sppp *sp); 314static void sppp_lcp_open(struct sppp *sp); 315static void sppp_lcp_close(struct sppp *sp); 316static void sppp_lcp_TO(void *sp); 317static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 318static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 319static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 320static void sppp_lcp_tlu(struct sppp *sp); 321static void sppp_lcp_tld(struct sppp *sp); 322static void sppp_lcp_tls(struct sppp *sp); 323static void sppp_lcp_tlf(struct sppp *sp); 324static void sppp_lcp_scr(struct sppp *sp); 325static void sppp_lcp_check_and_close(struct sppp *sp); 326static int sppp_ncp_check(struct sppp *sp); 327 328static void sppp_ipcp_init(struct sppp *sp); 329static void sppp_ipcp_up(struct sppp *sp); 330static void sppp_ipcp_down(struct sppp *sp); 331static void sppp_ipcp_open(struct sppp *sp); 332static void sppp_ipcp_close(struct sppp *sp); 333static void sppp_ipcp_TO(void *sp); 334static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 335static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 336static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 337static void sppp_ipcp_tlu(struct sppp *sp); 338static void sppp_ipcp_tld(struct sppp *sp); 339static void sppp_ipcp_tls(struct sppp *sp); 340static void sppp_ipcp_tlf(struct sppp *sp); 341static void sppp_ipcp_scr(struct sppp *sp); 342 343static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 344static void sppp_pap_init(struct sppp *sp); 345static void sppp_pap_open(struct sppp *sp); 346static void sppp_pap_close(struct sppp *sp); 347static void sppp_pap_TO(void *sp); 348static void sppp_pap_my_TO(void *sp); 349static void sppp_pap_tlu(struct sppp *sp); 350static void sppp_pap_tld(struct sppp *sp); 351static void sppp_pap_scr(struct sppp *sp); 352 353static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 354static void sppp_chap_init(struct sppp *sp); 355static void sppp_chap_open(struct sppp *sp); 356static void sppp_chap_close(struct sppp *sp); 357static void sppp_chap_TO(void *sp); 358static void sppp_chap_tlu(struct sppp *sp); 359static void sppp_chap_tld(struct sppp *sp); 360static void sppp_chap_scr(struct sppp *sp); 361 362static const char *sppp_auth_type_name(u_short proto, u_char type); 363static const char *sppp_cp_type_name(u_char type); 364static const char *sppp_dotted_quad(u_long addr); 365static const char *sppp_ipcp_opt_name(u_char opt); 366static const char *sppp_lcp_opt_name(u_char opt); 367static const char *sppp_phase_name(enum ppp_phase phase); 368static const char *sppp_proto_name(u_short proto); 369static const char *sppp_state_name(int state); 370static int sppp_params(struct sppp *sp, u_long cmd, void *data); 371static int sppp_strnlen(u_char *p, int max); 372static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 373 u_long *srcmask); 374static void sppp_keepalive(void *dummy); 375static void sppp_phase_network(struct sppp *sp); 376static void sppp_print_bytes(const u_char *p, u_short len); 377static void sppp_print_string(const char *p, u_short len); 378static void sppp_qflush(struct ifqueue *ifq); 379static void sppp_set_ip_addr(struct sppp *sp, u_long src); 380 381/* our control protocol descriptors */ 382static const struct cp lcp = { 383 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 384 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 385 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 386 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 387 sppp_lcp_scr 388}; 389 390static const struct cp ipcp = { 391 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp", 392 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 393 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 394 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 395 sppp_ipcp_scr 396}; 397 398static const struct cp pap = { 399 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 400 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 401 sppp_pap_TO, 0, 0, 0, 402 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 403 sppp_pap_scr 404}; 405 406static const struct cp chap = { 407 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 408 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 409 sppp_chap_TO, 0, 0, 0, 410 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 411 sppp_chap_scr 412}; 413 414static const struct cp *cps[IDX_COUNT] = { 415 &lcp, /* IDX_LCP */ 416 &ipcp, /* IDX_IPCP */ 417 &pap, /* IDX_PAP */ 418 &chap, /* IDX_CHAP */ 419}; 420 421static int 422sppp_modevent(module_t mod, int type, void *unused) 423{ 424 switch (type) { 425 case MOD_LOAD: 426 break; 427 case MOD_UNLOAD: 428 return EACCES; 429 break; 430 default: 431 break; 432 } 433 return 0; 434} 435static moduledata_t spppmod = { 436 "sppp", 437 sppp_modevent, 438 0 439}; 440MODULE_VERSION(sppp, 1); 441DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 442 443/* 444 * Exported functions, comprising our interface to the lower layer. 445 */ 446 447/* 448 * Process the received packet. 449 */ 450void 451sppp_input(struct ifnet *ifp, struct mbuf *m) 452{ 453 struct ppp_header *h; 454 struct ifqueue *inq = 0; 455 struct sppp *sp = (struct sppp *)ifp; 456 int debug = ifp->if_flags & IFF_DEBUG; 457 458 if (ifp->if_flags & IFF_UP) 459 /* Count received bytes, add FCS and one flag */ 460 ifp->if_ibytes += m->m_pkthdr.len + 3; 461 462 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 463 /* Too small packet, drop it. */ 464 if (debug) 465 log(LOG_DEBUG, 466 SPP_FMT "input packet is too small, %d bytes\n", 467 SPP_ARGS(ifp), m->m_pkthdr.len); 468 drop: 469 ++ifp->if_ierrors; 470 ++ifp->if_iqdrops; 471 m_freem (m); 472 return; 473 } 474 475 /* Get PPP header. */ 476 h = mtod (m, struct ppp_header*); 477 m_adj (m, PPP_HEADER_LEN); 478 479 switch (h->address) { 480 case PPP_ALLSTATIONS: 481 if (h->control != PPP_UI) 482 goto invalid; 483 if (sp->pp_mode == IFF_CISCO) { 484 if (debug) 485 log(LOG_DEBUG, 486 SPP_FMT "PPP packet in Cisco mode " 487 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 488 SPP_ARGS(ifp), 489 h->address, h->control, ntohs(h->protocol)); 490 goto drop; 491 } 492 switch (ntohs (h->protocol)) { 493 default: 494 if (debug) 495 log(LOG_DEBUG, 496 SPP_FMT "rejecting protocol " 497 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 498 SPP_ARGS(ifp), 499 h->address, h->control, ntohs(h->protocol)); 500 if (sp->state[IDX_LCP] == STATE_OPENED) 501 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 502 ++sp->pp_seq, m->m_pkthdr.len + 2, 503 &h->protocol); 504 ++ifp->if_noproto; 505 goto drop; 506 case PPP_LCP: 507 sppp_cp_input(&lcp, sp, m); 508 m_freem (m); 509 return; 510 case PPP_PAP: 511 if (sp->pp_phase >= PHASE_AUTHENTICATE) 512 sppp_pap_input(sp, m); 513 m_freem (m); 514 return; 515 case PPP_CHAP: 516 if (sp->pp_phase >= PHASE_AUTHENTICATE) 517 sppp_chap_input(sp, m); 518 m_freem (m); 519 return; 520#ifdef INET 521 case PPP_IPCP: 522 if (sp->pp_phase == PHASE_NETWORK) 523 sppp_cp_input(&ipcp, sp, m); 524 m_freem (m); 525 return; 526 case PPP_IP: 527 if (sp->state[IDX_IPCP] == STATE_OPENED) { 528 schednetisr (NETISR_IP); 529 inq = &ipintrq; 530 } 531 break; 532#endif 533#ifdef IPX 534 case PPP_IPX: 535 /* IPX IPXCP not implemented yet */ 536 if (sp->pp_phase == PHASE_NETWORK) { 537 schednetisr (NETISR_IPX); 538 inq = &ipxintrq; 539 } 540 break; 541#endif 542#ifdef NS 543 case PPP_XNS: 544 /* XNS IDPCP not implemented yet */ 545 if (sp->pp_phase == PHASE_NETWORK) { 546 schednetisr (NETISR_NS); 547 inq = &nsintrq; 548 } 549 break; 550#endif 551 } 552 break; 553 case CISCO_MULTICAST: 554 case CISCO_UNICAST: 555 /* Don't check the control field here (RFC 1547). */ 556 if (sp->pp_mode != IFF_CISCO) { 557 if (debug) 558 log(LOG_DEBUG, 559 SPP_FMT "Cisco packet in PPP mode " 560 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 561 SPP_ARGS(ifp), 562 h->address, h->control, ntohs(h->protocol)); 563 goto drop; 564 } 565 switch (ntohs (h->protocol)) { 566 default: 567 ++ifp->if_noproto; 568 goto invalid; 569 case CISCO_KEEPALIVE: 570 sppp_cisco_input ((struct sppp*) ifp, m); 571 m_freem (m); 572 return; 573#ifdef INET 574 case ETHERTYPE_IP: 575 schednetisr (NETISR_IP); 576 inq = &ipintrq; 577 break; 578#endif 579#ifdef INET6 580 case ETHERTYPE_IPV6: 581 schednetisr (NETISR_IPV6); 582 inq = &ip6intrq; 583 break; 584#endif 585#ifdef IPX 586 case ETHERTYPE_IPX: 587 schednetisr (NETISR_IPX); 588 inq = &ipxintrq; 589 break; 590#endif 591#ifdef NS 592 case ETHERTYPE_NS: 593 schednetisr (NETISR_NS); 594 inq = &nsintrq; 595 break; 596#endif 597 } 598 break; 599 default: /* Invalid PPP packet. */ 600 invalid: 601 if (debug) 602 log(LOG_DEBUG, 603 SPP_FMT "invalid input packet " 604 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 605 SPP_ARGS(ifp), 606 h->address, h->control, ntohs(h->protocol)); 607 goto drop; 608 } 609 610 if (! (ifp->if_flags & IFF_UP) || ! inq) 611 goto drop; 612 613 /* Check queue. */ 614 if (! IF_HANDOFF(inq, m, NULL)) { 615 if (debug) 616 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 617 SPP_ARGS(ifp)); 618 goto drop; 619 } 620} 621 622/* 623 * Enqueue transmit packet. 624 */ 625static int 626sppp_output(struct ifnet *ifp, struct mbuf *m, 627 struct sockaddr *dst, struct rtentry *rt) 628{ 629 struct sppp *sp = (struct sppp*) ifp; 630 struct ppp_header *h; 631 struct ifqueue *ifq; 632 int s, rv = 0; 633 int debug = ifp->if_flags & IFF_DEBUG; 634 635 s = splimp(); 636 637 if ((ifp->if_flags & IFF_UP) == 0 || 638 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 639 m_freem (m); 640 splx (s); 641 return (ENETDOWN); 642 } 643 644 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 645 /* 646 * Interface is not yet running, but auto-dial. Need 647 * to start LCP for it. 648 */ 649 ifp->if_flags |= IFF_RUNNING; 650 splx(s); 651 lcp.Open(sp); 652 s = splimp(); 653 } 654 655 ifq = &ifp->if_snd; 656#ifdef INET 657 if (dst->sa_family == AF_INET) { 658 /* XXX Check mbuf length here? */ 659 struct ip *ip = mtod (m, struct ip*); 660 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 661 662 /* 663 * When using dynamic local IP address assignment by using 664 * 0.0.0.0 as a local address, the first TCP session will 665 * not connect because the local TCP checksum is computed 666 * using 0.0.0.0 which will later become our real IP address 667 * so the TCP checksum computed at the remote end will 668 * become invalid. So we 669 * - don't let packets with src ip addr 0 thru 670 * - we flag TCP packets with src ip 0 as an error 671 */ 672 673 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 674 { 675 m_freem(m); 676 splx(s); 677 if(ip->ip_p == IPPROTO_TCP) 678 return(EADDRNOTAVAIL); 679 else 680 return(0); 681 } 682 683 /* 684 * Put low delay, telnet, rlogin and ftp control packets 685 * in front of the queue. 686 */ 687 if (_IF_QFULL(&sp->pp_fastq)) 688 ; 689 else if (ip->ip_tos & IPTOS_LOWDELAY) 690 ifq = &sp->pp_fastq; 691 else if (m->m_len < sizeof *ip + sizeof *tcp) 692 ; 693 else if (ip->ip_p != IPPROTO_TCP) 694 ; 695 else if (INTERACTIVE (ntohs (tcp->th_sport))) 696 ifq = &sp->pp_fastq; 697 else if (INTERACTIVE (ntohs (tcp->th_dport))) 698 ifq = &sp->pp_fastq; 699 } 700#endif 701 702 /* 703 * Prepend general data packet PPP header. For now, IP only. 704 */ 705 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 706 if (! m) { 707 if (debug) 708 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 709 SPP_ARGS(ifp)); 710 ++ifp->if_oerrors; 711 splx (s); 712 return (ENOBUFS); 713 } 714 /* 715 * May want to check size of packet 716 * (albeit due to the implementation it's always enough) 717 */ 718 h = mtod (m, struct ppp_header*); 719 if (sp->pp_mode == IFF_CISCO) { 720 h->address = CISCO_UNICAST; /* unicast address */ 721 h->control = 0; 722 } else { 723 h->address = PPP_ALLSTATIONS; /* broadcast address */ 724 h->control = PPP_UI; /* Unnumbered Info */ 725 } 726 727 switch (dst->sa_family) { 728#ifdef INET 729 case AF_INET: /* Internet Protocol */ 730 if (sp->pp_mode == IFF_CISCO) 731 h->protocol = htons (ETHERTYPE_IP); 732 else { 733 /* 734 * Don't choke with an ENETDOWN early. It's 735 * possible that we just started dialing out, 736 * so don't drop the packet immediately. If 737 * we notice that we run out of buffer space 738 * below, we will however remember that we are 739 * not ready to carry IP packets, and return 740 * ENETDOWN, as opposed to ENOBUFS. 741 */ 742 h->protocol = htons(PPP_IP); 743 if (sp->state[IDX_IPCP] != STATE_OPENED) 744 rv = ENETDOWN; 745 } 746 break; 747#endif 748#ifdef INET6 749 case AF_INET6: /* Internet Protocol */ 750 if (sp->pp_mode == IFF_CISCO) 751 h->protocol = htons (ETHERTYPE_IPV6); 752 else { 753 goto nosupport; 754 } 755 break; 756#endif 757#ifdef NS 758 case AF_NS: /* Xerox NS Protocol */ 759 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 760 ETHERTYPE_NS : PPP_XNS); 761 break; 762#endif 763#ifdef IPX 764 case AF_IPX: /* Novell IPX Protocol */ 765 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 766 ETHERTYPE_IPX : PPP_IPX); 767 break; 768#endif 769nosupport: 770 default: 771 m_freem (m); 772 ++ifp->if_oerrors; 773 splx (s); 774 return (EAFNOSUPPORT); 775 } 776 777 /* 778 * Queue message on interface, and start output if interface 779 * not yet active. Also adjust output byte count. 780 * The packet length includes header, FCS and 1 flag, 781 * according to RFC 1333. 782 */ 783 if (! IF_HANDOFF_ADJ(ifq, m, ifp, 3)) { 784 ++ifp->if_oerrors; 785 return (rv? rv: ENOBUFS); 786 } 787 return (0); 788} 789 790void 791sppp_attach(struct ifnet *ifp) 792{ 793 struct sppp *sp = (struct sppp*) ifp; 794 795 /* Initialize keepalive handler. */ 796 if (! spppq) 797 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 798 799 /* Insert new entry into the keepalive list. */ 800 sp->pp_next = spppq; 801 spppq = sp; 802 803 sp->pp_if.if_mtu = PP_MTU; 804 sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 805 sp->pp_if.if_type = IFT_PPP; 806 sp->pp_if.if_output = sppp_output; 807#if 0 808 sp->pp_flags = PP_KEEPALIVE; 809#endif 810 sp->pp_if.if_snd.ifq_maxlen = 32; 811 sp->pp_fastq.ifq_maxlen = 32; 812 sp->pp_cpq.ifq_maxlen = 20; 813 sp->pp_loopcnt = 0; 814 sp->pp_alivecnt = 0; 815 sp->pp_seq = 0; 816 sp->pp_rseq = 0; 817 sp->pp_phase = PHASE_DEAD; 818 sp->pp_up = lcp.Up; 819 sp->pp_down = lcp.Down; 820 mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", MTX_DEF); 821 mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", MTX_DEF); 822 823 sppp_lcp_init(sp); 824 sppp_ipcp_init(sp); 825 sppp_pap_init(sp); 826 sppp_chap_init(sp); 827} 828 829void 830sppp_detach(struct ifnet *ifp) 831{ 832 struct sppp **q, *p, *sp = (struct sppp*) ifp; 833 int i; 834 835 /* Remove the entry from the keepalive list. */ 836 for (q = &spppq; (p = *q); q = &p->pp_next) 837 if (p == sp) { 838 *q = p->pp_next; 839 break; 840 } 841 842 /* Stop keepalive handler. */ 843 if (! spppq) 844 UNTIMEOUT(sppp_keepalive, 0, keepalive_ch); 845 846 for (i = 0; i < IDX_COUNT; i++) 847 UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]); 848 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 849 mtx_destroy(&sp->pp_cpq.ifq_mtx); 850 mtx_destroy(&sp->pp_fastq.ifq_mtx); 851} 852 853/* 854 * Flush the interface output queue. 855 */ 856void 857sppp_flush(struct ifnet *ifp) 858{ 859 struct sppp *sp = (struct sppp*) ifp; 860 861 sppp_qflush (&sp->pp_if.if_snd); 862 sppp_qflush (&sp->pp_fastq); 863 sppp_qflush (&sp->pp_cpq); 864} 865 866/* 867 * Check if the output queue is empty. 868 */ 869int 870sppp_isempty(struct ifnet *ifp) 871{ 872 struct sppp *sp = (struct sppp*) ifp; 873 int empty, s; 874 875 s = splimp(); 876 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 877 !sp->pp_if.if_snd.ifq_head; 878 splx(s); 879 return (empty); 880} 881 882/* 883 * Get next packet to send. 884 */ 885struct mbuf * 886sppp_dequeue(struct ifnet *ifp) 887{ 888 struct sppp *sp = (struct sppp*) ifp; 889 struct mbuf *m; 890 int s; 891 892 s = splimp(); 893 /* 894 * Process only the control protocol queue until we have at 895 * least one NCP open. 896 * 897 * Do always serve all three queues in Cisco mode. 898 */ 899 IF_DEQUEUE(&sp->pp_cpq, m); 900 if (m == NULL && 901 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO)) { 902 IF_DEQUEUE(&sp->pp_fastq, m); 903 if (m == NULL) 904 IF_DEQUEUE (&sp->pp_if.if_snd, m); 905 } 906 splx(s); 907 return m; 908} 909 910/* 911 * Pick the next packet, do not remove it from the queue. 912 */ 913struct mbuf * 914sppp_pick(struct ifnet *ifp) 915{ 916 struct sppp *sp = (struct sppp*)ifp; 917 struct mbuf *m; 918 int s; 919 920 s= splimp (); 921 922 m = sp->pp_cpq.ifq_head; 923 if (m == NULL && 924 (sp->pp_phase == PHASE_NETWORK || sp->pp_mode == IFF_CISCO)) 925 if ((m = sp->pp_fastq.ifq_head) == NULL) 926 m = sp->pp_if.if_snd.ifq_head; 927 splx (s); 928 return (m); 929} 930 931/* 932 * Process an ioctl request. Called on low priority level. 933 */ 934int 935sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 936{ 937 struct ifreq *ifr = (struct ifreq*) data; 938 struct sppp *sp = (struct sppp*) ifp; 939 int s, rv, going_up, going_down, newmode; 940 941 s = splimp(); 942 rv = 0; 943 switch (cmd) { 944 case SIOCAIFADDR: 945 case SIOCSIFDSTADDR: 946 break; 947 948 case SIOCSIFADDR: 949 if_up(ifp); 950 /* fall through... */ 951 952 case SIOCSIFFLAGS: 953 going_up = ifp->if_flags & IFF_UP && 954 (ifp->if_flags & IFF_RUNNING) == 0; 955 going_down = (ifp->if_flags & IFF_UP) == 0 && 956 ifp->if_flags & IFF_RUNNING; 957 958 newmode = ifp->if_flags & IFF_PASSIVE; 959 if (!newmode) 960 newmode = ifp->if_flags & IFF_AUTO; 961 if (!newmode) 962 newmode = ifp->if_flags & IFF_CISCO; 963 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 964 ifp->if_flags |= newmode; 965 966 if (newmode != sp->pp_mode) { 967 going_down = 1; 968 if (!going_up) 969 going_up = ifp->if_flags & IFF_RUNNING; 970 } 971 972 if (going_down) { 973 if (sp->pp_mode != IFF_CISCO) 974 lcp.Close(sp); 975 else if (sp->pp_tlf) 976 (sp->pp_tlf)(sp); 977 sppp_flush(ifp); 978 ifp->if_flags &= ~IFF_RUNNING; 979 sp->pp_mode = newmode; 980 } 981 982 if (going_up) { 983 if (sp->pp_mode != IFF_CISCO) 984 lcp.Close(sp); 985 sp->pp_mode = newmode; 986 if (sp->pp_mode == 0) { 987 ifp->if_flags |= IFF_RUNNING; 988 lcp.Open(sp); 989 } 990 if (sp->pp_mode == IFF_CISCO) { 991 if (sp->pp_tls) 992 (sp->pp_tls)(sp); 993 ifp->if_flags |= IFF_RUNNING; 994 } 995 } 996 997 break; 998 999#ifdef SIOCSIFMTU 1000#ifndef ifr_mtu 1001#define ifr_mtu ifr_metric 1002#endif 1003 case SIOCSIFMTU: 1004 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1005 return (EINVAL); 1006 ifp->if_mtu = ifr->ifr_mtu; 1007 break; 1008#endif 1009#ifdef SLIOCSETMTU 1010 case SLIOCSETMTU: 1011 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1012 return (EINVAL); 1013 ifp->if_mtu = *(short*)data; 1014 break; 1015#endif 1016#ifdef SIOCGIFMTU 1017 case SIOCGIFMTU: 1018 ifr->ifr_mtu = ifp->if_mtu; 1019 break; 1020#endif 1021#ifdef SLIOCGETMTU 1022 case SLIOCGETMTU: 1023 *(short*)data = ifp->if_mtu; 1024 break; 1025#endif 1026 case SIOCADDMULTI: 1027 case SIOCDELMULTI: 1028 break; 1029 1030 case SIOCGIFGENERIC: 1031 case SIOCSIFGENERIC: 1032 rv = sppp_params(sp, cmd, data); 1033 break; 1034 1035 default: 1036 rv = ENOTTY; 1037 } 1038 splx(s); 1039 return rv; 1040} 1041 1042/* 1043 * Cisco framing implementation. 1044 */ 1045 1046/* 1047 * Handle incoming Cisco keepalive protocol packets. 1048 */ 1049static void 1050sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1051{ 1052 STDDCL; 1053 struct cisco_packet *h; 1054 u_long me, mymask; 1055 1056 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1057 if (debug) 1058 log(LOG_DEBUG, 1059 SPP_FMT "cisco invalid packet length: %d bytes\n", 1060 SPP_ARGS(ifp), m->m_pkthdr.len); 1061 return; 1062 } 1063 h = mtod (m, struct cisco_packet*); 1064 if (debug) 1065 log(LOG_DEBUG, 1066 SPP_FMT "cisco input: %d bytes " 1067 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1068 SPP_ARGS(ifp), m->m_pkthdr.len, 1069 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1070 (u_int)h->time0, (u_int)h->time1); 1071 switch (ntohl (h->type)) { 1072 default: 1073 if (debug) 1074 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1075 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1076 break; 1077 case CISCO_ADDR_REPLY: 1078 /* Reply on address request, ignore */ 1079 break; 1080 case CISCO_KEEPALIVE_REQ: 1081 sp->pp_alivecnt = 0; 1082 sp->pp_rseq = ntohl (h->par1); 1083 if (sp->pp_seq == sp->pp_rseq) { 1084 /* Local and remote sequence numbers are equal. 1085 * Probably, the line is in loopback mode. */ 1086 if (sp->pp_loopcnt >= MAXALIVECNT) { 1087 printf (SPP_FMT "loopback\n", 1088 SPP_ARGS(ifp)); 1089 sp->pp_loopcnt = 0; 1090 if (ifp->if_flags & IFF_UP) { 1091 if_down (ifp); 1092 sppp_qflush (&sp->pp_cpq); 1093 } 1094 } 1095 ++sp->pp_loopcnt; 1096 1097 /* Generate new local sequence number */ 1098#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1099 sp->pp_seq = random(); 1100#else 1101 sp->pp_seq ^= time.tv_sec ^ time.tv_usec; 1102#endif 1103 break; 1104 } 1105 sp->pp_loopcnt = 0; 1106 if (! (ifp->if_flags & IFF_UP) && 1107 (ifp->if_flags & IFF_RUNNING)) { 1108 if_up(ifp); 1109 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1110 } 1111 break; 1112 case CISCO_ADDR_REQ: 1113 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1114 if (me != 0L) 1115 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1116 break; 1117 } 1118} 1119 1120/* 1121 * Send Cisco keepalive packet. 1122 */ 1123static void 1124sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1125{ 1126 STDDCL; 1127 struct ppp_header *h; 1128 struct cisco_packet *ch; 1129 struct mbuf *m; 1130#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1131 struct timeval tv; 1132#else 1133 u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1134#endif 1135 1136#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1137 getmicrouptime(&tv); 1138#endif 1139 1140 MGETHDR (m, M_DONTWAIT, MT_DATA); 1141 if (! m) 1142 return; 1143 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1144 m->m_pkthdr.rcvif = 0; 1145 1146 h = mtod (m, struct ppp_header*); 1147 h->address = CISCO_MULTICAST; 1148 h->control = 0; 1149 h->protocol = htons (CISCO_KEEPALIVE); 1150 1151 ch = (struct cisco_packet*) (h + 1); 1152 ch->type = htonl (type); 1153 ch->par1 = htonl (par1); 1154 ch->par2 = htonl (par2); 1155 ch->rel = -1; 1156 1157#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1158 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1159 ch->time1 = htons ((u_short) tv.tv_sec); 1160#else 1161 ch->time0 = htons ((u_short) (t >> 16)); 1162 ch->time1 = htons ((u_short) t); 1163#endif 1164 1165 if (debug) 1166 log(LOG_DEBUG, 1167 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1168 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1169 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1170 1171 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1172 ifp->if_oerrors++; 1173} 1174 1175/* 1176 * PPP protocol implementation. 1177 */ 1178 1179/* 1180 * Send PPP control protocol packet. 1181 */ 1182static void 1183sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1184 u_char ident, u_short len, void *data) 1185{ 1186 STDDCL; 1187 struct ppp_header *h; 1188 struct lcp_header *lh; 1189 struct mbuf *m; 1190 1191 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1192 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1193 MGETHDR (m, M_DONTWAIT, MT_DATA); 1194 if (! m) 1195 return; 1196 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1197 m->m_pkthdr.rcvif = 0; 1198 1199 h = mtod (m, struct ppp_header*); 1200 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1201 h->control = PPP_UI; /* Unnumbered Info */ 1202 h->protocol = htons (proto); /* Link Control Protocol */ 1203 1204 lh = (struct lcp_header*) (h + 1); 1205 lh->type = type; 1206 lh->ident = ident; 1207 lh->len = htons (LCP_HEADER_LEN + len); 1208 if (len) 1209 bcopy (data, lh+1, len); 1210 1211 if (debug) { 1212 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1213 SPP_ARGS(ifp), 1214 sppp_proto_name(proto), 1215 sppp_cp_type_name (lh->type), lh->ident, 1216 ntohs (lh->len)); 1217 sppp_print_bytes ((u_char*) (lh+1), len); 1218 log(-1, ">\n"); 1219 } 1220 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1221 ifp->if_oerrors++; 1222} 1223 1224/* 1225 * Handle incoming PPP control protocol packets. 1226 */ 1227static void 1228sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1229{ 1230 STDDCL; 1231 struct lcp_header *h; 1232 int len = m->m_pkthdr.len; 1233 int rv; 1234 u_char *p; 1235 1236 if (len < 4) { 1237 if (debug) 1238 log(LOG_DEBUG, 1239 SPP_FMT "%s invalid packet length: %d bytes\n", 1240 SPP_ARGS(ifp), cp->name, len); 1241 return; 1242 } 1243 h = mtod (m, struct lcp_header*); 1244 if (debug) { 1245 log(LOG_DEBUG, 1246 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1247 SPP_ARGS(ifp), cp->name, 1248 sppp_state_name(sp->state[cp->protoidx]), 1249 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1250 sppp_print_bytes ((u_char*) (h+1), len-4); 1251 log(-1, ">\n"); 1252 } 1253 if (len > ntohs (h->len)) 1254 len = ntohs (h->len); 1255 p = (u_char *)(h + 1); 1256 switch (h->type) { 1257 case CONF_REQ: 1258 if (len < 4) { 1259 if (debug) 1260 log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1261 SPP_ARGS(ifp), cp->name, 1262 len); 1263 ++ifp->if_ierrors; 1264 break; 1265 } 1266 /* handle states where RCR doesn't get a SCA/SCN */ 1267 switch (sp->state[cp->protoidx]) { 1268 case STATE_CLOSING: 1269 case STATE_STOPPING: 1270 return; 1271 case STATE_CLOSED: 1272 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1273 0, 0); 1274 return; 1275 } 1276 rv = (cp->RCR)(sp, h, len); 1277 switch (sp->state[cp->protoidx]) { 1278 case STATE_OPENED: 1279 (cp->tld)(sp); 1280 (cp->scr)(sp); 1281 /* fall through... */ 1282 case STATE_ACK_SENT: 1283 case STATE_REQ_SENT: 1284 /* 1285 * sppp_cp_change_state() have the side effect of 1286 * restarting the timeouts. We want to avoid that 1287 * if the state don't change, otherwise we won't 1288 * ever timeout and resend a configuration request 1289 * that got lost. 1290 */ 1291 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1292 STATE_REQ_SENT)) 1293 break; 1294 sppp_cp_change_state(cp, sp, rv? 1295 STATE_ACK_SENT: STATE_REQ_SENT); 1296 break; 1297 case STATE_STOPPED: 1298 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1299 (cp->scr)(sp); 1300 sppp_cp_change_state(cp, sp, rv? 1301 STATE_ACK_SENT: STATE_REQ_SENT); 1302 break; 1303 case STATE_ACK_RCVD: 1304 if (rv) { 1305 sppp_cp_change_state(cp, sp, STATE_OPENED); 1306 if (debug) 1307 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1308 SPP_ARGS(ifp), 1309 cp->name); 1310 (cp->tlu)(sp); 1311 } else 1312 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1313 break; 1314 default: 1315 printf(SPP_FMT "%s illegal %s in state %s\n", 1316 SPP_ARGS(ifp), cp->name, 1317 sppp_cp_type_name(h->type), 1318 sppp_state_name(sp->state[cp->protoidx])); 1319 ++ifp->if_ierrors; 1320 } 1321 break; 1322 case CONF_ACK: 1323 if (h->ident != sp->confid[cp->protoidx]) { 1324 if (debug) 1325 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1326 SPP_ARGS(ifp), cp->name, 1327 h->ident, sp->confid[cp->protoidx]); 1328 ++ifp->if_ierrors; 1329 break; 1330 } 1331 switch (sp->state[cp->protoidx]) { 1332 case STATE_CLOSED: 1333 case STATE_STOPPED: 1334 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1335 break; 1336 case STATE_CLOSING: 1337 case STATE_STOPPING: 1338 break; 1339 case STATE_REQ_SENT: 1340 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1341 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1342 break; 1343 case STATE_OPENED: 1344 (cp->tld)(sp); 1345 /* fall through */ 1346 case STATE_ACK_RCVD: 1347 (cp->scr)(sp); 1348 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1349 break; 1350 case STATE_ACK_SENT: 1351 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1352 sppp_cp_change_state(cp, sp, STATE_OPENED); 1353 if (debug) 1354 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1355 SPP_ARGS(ifp), cp->name); 1356 (cp->tlu)(sp); 1357 break; 1358 default: 1359 printf(SPP_FMT "%s illegal %s in state %s\n", 1360 SPP_ARGS(ifp), cp->name, 1361 sppp_cp_type_name(h->type), 1362 sppp_state_name(sp->state[cp->protoidx])); 1363 ++ifp->if_ierrors; 1364 } 1365 break; 1366 case CONF_NAK: 1367 case CONF_REJ: 1368 if (h->ident != sp->confid[cp->protoidx]) { 1369 if (debug) 1370 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1371 SPP_ARGS(ifp), cp->name, 1372 h->ident, sp->confid[cp->protoidx]); 1373 ++ifp->if_ierrors; 1374 break; 1375 } 1376 if (h->type == CONF_NAK) 1377 (cp->RCN_nak)(sp, h, len); 1378 else /* CONF_REJ */ 1379 (cp->RCN_rej)(sp, h, len); 1380 1381 switch (sp->state[cp->protoidx]) { 1382 case STATE_CLOSED: 1383 case STATE_STOPPED: 1384 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1385 break; 1386 case STATE_REQ_SENT: 1387 case STATE_ACK_SENT: 1388 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1389 /* 1390 * Slow things down a bit if we think we might be 1391 * in loopback. Depend on the timeout to send the 1392 * next configuration request. 1393 */ 1394 if (sp->pp_loopcnt) 1395 break; 1396 (cp->scr)(sp); 1397 break; 1398 case STATE_OPENED: 1399 (cp->tld)(sp); 1400 /* fall through */ 1401 case STATE_ACK_RCVD: 1402 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1403 (cp->scr)(sp); 1404 break; 1405 case STATE_CLOSING: 1406 case STATE_STOPPING: 1407 break; 1408 default: 1409 printf(SPP_FMT "%s illegal %s in state %s\n", 1410 SPP_ARGS(ifp), cp->name, 1411 sppp_cp_type_name(h->type), 1412 sppp_state_name(sp->state[cp->protoidx])); 1413 ++ifp->if_ierrors; 1414 } 1415 break; 1416 1417 case TERM_REQ: 1418 switch (sp->state[cp->protoidx]) { 1419 case STATE_ACK_RCVD: 1420 case STATE_ACK_SENT: 1421 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1422 /* fall through */ 1423 case STATE_CLOSED: 1424 case STATE_STOPPED: 1425 case STATE_CLOSING: 1426 case STATE_STOPPING: 1427 case STATE_REQ_SENT: 1428 sta: 1429 /* Send Terminate-Ack packet. */ 1430 if (debug) 1431 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1432 SPP_ARGS(ifp), cp->name); 1433 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1434 break; 1435 case STATE_OPENED: 1436 (cp->tld)(sp); 1437 sp->rst_counter[cp->protoidx] = 0; 1438 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1439 goto sta; 1440 break; 1441 default: 1442 printf(SPP_FMT "%s illegal %s in state %s\n", 1443 SPP_ARGS(ifp), cp->name, 1444 sppp_cp_type_name(h->type), 1445 sppp_state_name(sp->state[cp->protoidx])); 1446 ++ifp->if_ierrors; 1447 } 1448 break; 1449 case TERM_ACK: 1450 switch (sp->state[cp->protoidx]) { 1451 case STATE_CLOSED: 1452 case STATE_STOPPED: 1453 case STATE_REQ_SENT: 1454 case STATE_ACK_SENT: 1455 break; 1456 case STATE_CLOSING: 1457 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1458 (cp->tlf)(sp); 1459 break; 1460 case STATE_STOPPING: 1461 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1462 (cp->tlf)(sp); 1463 break; 1464 case STATE_ACK_RCVD: 1465 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1466 break; 1467 case STATE_OPENED: 1468 (cp->tld)(sp); 1469 (cp->scr)(sp); 1470 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1471 break; 1472 default: 1473 printf(SPP_FMT "%s illegal %s in state %s\n", 1474 SPP_ARGS(ifp), cp->name, 1475 sppp_cp_type_name(h->type), 1476 sppp_state_name(sp->state[cp->protoidx])); 1477 ++ifp->if_ierrors; 1478 } 1479 break; 1480 case CODE_REJ: 1481 case PROTO_REJ: 1482 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1483 log(LOG_INFO, 1484 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1485 "danger will robinson\n", 1486 SPP_ARGS(ifp), cp->name, 1487 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1488 switch (sp->state[cp->protoidx]) { 1489 case STATE_CLOSED: 1490 case STATE_STOPPED: 1491 case STATE_REQ_SENT: 1492 case STATE_ACK_SENT: 1493 case STATE_CLOSING: 1494 case STATE_STOPPING: 1495 case STATE_OPENED: 1496 break; 1497 case STATE_ACK_RCVD: 1498 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1499 break; 1500 default: 1501 printf(SPP_FMT "%s illegal %s in state %s\n", 1502 SPP_ARGS(ifp), cp->name, 1503 sppp_cp_type_name(h->type), 1504 sppp_state_name(sp->state[cp->protoidx])); 1505 ++ifp->if_ierrors; 1506 } 1507 break; 1508 case DISC_REQ: 1509 if (cp->proto != PPP_LCP) 1510 goto illegal; 1511 /* Discard the packet. */ 1512 break; 1513 case ECHO_REQ: 1514 if (cp->proto != PPP_LCP) 1515 goto illegal; 1516 if (sp->state[cp->protoidx] != STATE_OPENED) { 1517 if (debug) 1518 log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1519 SPP_ARGS(ifp)); 1520 ++ifp->if_ierrors; 1521 break; 1522 } 1523 if (len < 8) { 1524 if (debug) 1525 log(-1, SPP_FMT "invalid lcp echo request " 1526 "packet length: %d bytes\n", 1527 SPP_ARGS(ifp), len); 1528 break; 1529 } 1530 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1531 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1532 /* Line loopback mode detected. */ 1533 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1534 sp->pp_loopcnt = MAXALIVECNT * 5; 1535 if_down (ifp); 1536 sppp_qflush (&sp->pp_cpq); 1537 1538 /* Shut down the PPP link. */ 1539 /* XXX */ 1540 lcp.Down(sp); 1541 lcp.Up(sp); 1542 break; 1543 } 1544 *(long*)(h+1) = htonl (sp->lcp.magic); 1545 if (debug) 1546 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1547 SPP_ARGS(ifp)); 1548 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1549 break; 1550 case ECHO_REPLY: 1551 if (cp->proto != PPP_LCP) 1552 goto illegal; 1553 if (h->ident != sp->lcp.echoid) { 1554 ++ifp->if_ierrors; 1555 break; 1556 } 1557 if (len < 8) { 1558 if (debug) 1559 log(-1, SPP_FMT "lcp invalid echo reply " 1560 "packet length: %d bytes\n", 1561 SPP_ARGS(ifp), len); 1562 break; 1563 } 1564 if (debug) 1565 log(-1, SPP_FMT "lcp got echo rep\n", 1566 SPP_ARGS(ifp)); 1567 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1568 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1569 sp->pp_alivecnt = 0; 1570 break; 1571 default: 1572 /* Unknown packet type -- send Code-Reject packet. */ 1573 illegal: 1574 if (debug) 1575 log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1576 SPP_ARGS(ifp), cp->name, h->type); 1577 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq, 1578 m->m_pkthdr.len, h); 1579 ++ifp->if_ierrors; 1580 } 1581} 1582 1583 1584/* 1585 * The generic part of all Up/Down/Open/Close/TO event handlers. 1586 * Basically, the state transition handling in the automaton. 1587 */ 1588static void 1589sppp_up_event(const struct cp *cp, struct sppp *sp) 1590{ 1591 STDDCL; 1592 1593 if (debug) 1594 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1595 SPP_ARGS(ifp), cp->name, 1596 sppp_state_name(sp->state[cp->protoidx])); 1597 1598 switch (sp->state[cp->protoidx]) { 1599 case STATE_INITIAL: 1600 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1601 break; 1602 case STATE_STARTING: 1603 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1604 (cp->scr)(sp); 1605 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1606 break; 1607 default: 1608 printf(SPP_FMT "%s illegal up in state %s\n", 1609 SPP_ARGS(ifp), cp->name, 1610 sppp_state_name(sp->state[cp->protoidx])); 1611 } 1612} 1613 1614static void 1615sppp_down_event(const struct cp *cp, struct sppp *sp) 1616{ 1617 STDDCL; 1618 1619 if (debug) 1620 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1621 SPP_ARGS(ifp), cp->name, 1622 sppp_state_name(sp->state[cp->protoidx])); 1623 1624 switch (sp->state[cp->protoidx]) { 1625 case STATE_CLOSED: 1626 case STATE_CLOSING: 1627 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1628 break; 1629 case STATE_STOPPED: 1630 sppp_cp_change_state(cp, sp, STATE_STARTING); 1631 (cp->tls)(sp); 1632 break; 1633 case STATE_STOPPING: 1634 case STATE_REQ_SENT: 1635 case STATE_ACK_RCVD: 1636 case STATE_ACK_SENT: 1637 sppp_cp_change_state(cp, sp, STATE_STARTING); 1638 break; 1639 case STATE_OPENED: 1640 (cp->tld)(sp); 1641 sppp_cp_change_state(cp, sp, STATE_STARTING); 1642 break; 1643 default: 1644 printf(SPP_FMT "%s illegal down in state %s\n", 1645 SPP_ARGS(ifp), cp->name, 1646 sppp_state_name(sp->state[cp->protoidx])); 1647 } 1648} 1649 1650 1651static void 1652sppp_open_event(const struct cp *cp, struct sppp *sp) 1653{ 1654 STDDCL; 1655 1656 if (debug) 1657 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1658 SPP_ARGS(ifp), cp->name, 1659 sppp_state_name(sp->state[cp->protoidx])); 1660 1661 switch (sp->state[cp->protoidx]) { 1662 case STATE_INITIAL: 1663 sppp_cp_change_state(cp, sp, STATE_STARTING); 1664 (cp->tls)(sp); 1665 break; 1666 case STATE_STARTING: 1667 break; 1668 case STATE_CLOSED: 1669 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1670 (cp->scr)(sp); 1671 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1672 break; 1673 case STATE_STOPPED: 1674 case STATE_STOPPING: 1675 case STATE_REQ_SENT: 1676 case STATE_ACK_RCVD: 1677 case STATE_ACK_SENT: 1678 case STATE_OPENED: 1679 break; 1680 case STATE_CLOSING: 1681 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1682 break; 1683 } 1684} 1685 1686 1687static void 1688sppp_close_event(const struct cp *cp, struct sppp *sp) 1689{ 1690 STDDCL; 1691 1692 if (debug) 1693 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1694 SPP_ARGS(ifp), cp->name, 1695 sppp_state_name(sp->state[cp->protoidx])); 1696 1697 switch (sp->state[cp->protoidx]) { 1698 case STATE_INITIAL: 1699 case STATE_CLOSED: 1700 case STATE_CLOSING: 1701 break; 1702 case STATE_STARTING: 1703 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1704 (cp->tlf)(sp); 1705 break; 1706 case STATE_STOPPED: 1707 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1708 break; 1709 case STATE_STOPPING: 1710 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1711 break; 1712 case STATE_OPENED: 1713 (cp->tld)(sp); 1714 /* fall through */ 1715 case STATE_REQ_SENT: 1716 case STATE_ACK_RCVD: 1717 case STATE_ACK_SENT: 1718 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1719 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1720 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1721 break; 1722 } 1723} 1724 1725static void 1726sppp_to_event(const struct cp *cp, struct sppp *sp) 1727{ 1728 STDDCL; 1729 int s; 1730 1731 s = splimp(); 1732 if (debug) 1733 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1734 SPP_ARGS(ifp), cp->name, 1735 sppp_state_name(sp->state[cp->protoidx]), 1736 sp->rst_counter[cp->protoidx]); 1737 1738 if (--sp->rst_counter[cp->protoidx] < 0) 1739 /* TO- event */ 1740 switch (sp->state[cp->protoidx]) { 1741 case STATE_CLOSING: 1742 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1743 (cp->tlf)(sp); 1744 break; 1745 case STATE_STOPPING: 1746 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1747 (cp->tlf)(sp); 1748 break; 1749 case STATE_REQ_SENT: 1750 case STATE_ACK_RCVD: 1751 case STATE_ACK_SENT: 1752 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1753 (cp->tlf)(sp); 1754 break; 1755 } 1756 else 1757 /* TO+ event */ 1758 switch (sp->state[cp->protoidx]) { 1759 case STATE_CLOSING: 1760 case STATE_STOPPING: 1761 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 1762 0, 0); 1763 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1764 sp->ch[cp->protoidx]); 1765 break; 1766 case STATE_REQ_SENT: 1767 case STATE_ACK_RCVD: 1768 (cp->scr)(sp); 1769 /* sppp_cp_change_state() will restart the timer */ 1770 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1771 break; 1772 case STATE_ACK_SENT: 1773 (cp->scr)(sp); 1774 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1775 sp->ch[cp->protoidx]); 1776 break; 1777 } 1778 1779 splx(s); 1780} 1781 1782/* 1783 * Change the state of a control protocol in the state automaton. 1784 * Takes care of starting/stopping the restart timer. 1785 */ 1786void 1787sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1788{ 1789 sp->state[cp->protoidx] = newstate; 1790 1791 UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 1792 switch (newstate) { 1793 case STATE_INITIAL: 1794 case STATE_STARTING: 1795 case STATE_CLOSED: 1796 case STATE_STOPPED: 1797 case STATE_OPENED: 1798 break; 1799 case STATE_CLOSING: 1800 case STATE_STOPPING: 1801 case STATE_REQ_SENT: 1802 case STATE_ACK_RCVD: 1803 case STATE_ACK_SENT: 1804 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1805 sp->ch[cp->protoidx]); 1806 break; 1807 } 1808} 1809 1810/* 1811 *--------------------------------------------------------------------------* 1812 * * 1813 * The LCP implementation. * 1814 * * 1815 *--------------------------------------------------------------------------* 1816 */ 1817static void 1818sppp_lcp_init(struct sppp *sp) 1819{ 1820 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1821 sp->lcp.magic = 0; 1822 sp->state[IDX_LCP] = STATE_INITIAL; 1823 sp->fail_counter[IDX_LCP] = 0; 1824 sp->lcp.protos = 0; 1825 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 1826 1827 /* Note that these values are relevant for all control protocols */ 1828 sp->lcp.timeout = 3 * hz; 1829 sp->lcp.max_terminate = 2; 1830 sp->lcp.max_configure = 10; 1831 sp->lcp.max_failure = 10; 1832#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1833 callout_handle_init(&sp->ch[IDX_LCP]); 1834#endif 1835} 1836 1837static void 1838sppp_lcp_up(struct sppp *sp) 1839{ 1840 STDDCL; 1841 1842 sp->pp_alivecnt = 0; 1843 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1844 sp->lcp.magic = 0; 1845 sp->lcp.protos = 0; 1846 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 1847 /* 1848 * If this interface is passive or dial-on-demand, and we are 1849 * still in Initial state, it means we've got an incoming 1850 * call. Activate the interface. 1851 */ 1852 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 1853 if (debug) 1854 log(LOG_DEBUG, 1855 SPP_FMT "Up event", SPP_ARGS(ifp)); 1856 ifp->if_flags |= IFF_RUNNING; 1857 if (sp->state[IDX_LCP] == STATE_INITIAL) { 1858 if (debug) 1859 log(-1, "(incoming call)\n"); 1860 sp->pp_flags |= PP_CALLIN; 1861 lcp.Open(sp); 1862 } else if (debug) 1863 log(-1, "\n"); 1864 } 1865 1866 sppp_up_event(&lcp, sp); 1867} 1868 1869static void 1870sppp_lcp_down(struct sppp *sp) 1871{ 1872 STDDCL; 1873 1874 sppp_down_event(&lcp, sp); 1875 1876 /* 1877 * If this is neither a dial-on-demand nor a passive 1878 * interface, simulate an ``ifconfig down'' action, so the 1879 * administrator can force a redial by another ``ifconfig 1880 * up''. XXX For leased line operation, should we immediately 1881 * try to reopen the connection here? 1882 */ 1883 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 1884 log(LOG_INFO, 1885 SPP_FMT "Down event, taking interface down.\n", 1886 SPP_ARGS(ifp)); 1887 if_down(ifp); 1888 } else { 1889 if (debug) 1890 log(LOG_DEBUG, 1891 SPP_FMT "Down event (carrier loss)\n", 1892 SPP_ARGS(ifp)); 1893 sp->pp_flags &= ~PP_CALLIN; 1894 if (sp->state[IDX_LCP] != STATE_INITIAL) 1895 lcp.Close(sp); 1896 ifp->if_flags &= ~IFF_RUNNING; 1897 } 1898} 1899 1900static void 1901sppp_lcp_open(struct sppp *sp) 1902{ 1903 /* 1904 * If we are authenticator, negotiate LCP_AUTH 1905 */ 1906 if (sp->hisauth.proto != 0) 1907 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 1908 else 1909 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1910 sp->pp_flags &= ~PP_NEEDAUTH; 1911 sppp_open_event(&lcp, sp); 1912} 1913 1914static void 1915sppp_lcp_close(struct sppp *sp) 1916{ 1917 sppp_close_event(&lcp, sp); 1918} 1919 1920static void 1921sppp_lcp_TO(void *cookie) 1922{ 1923 sppp_to_event(&lcp, (struct sppp *)cookie); 1924} 1925 1926/* 1927 * Analyze a configure request. Return true if it was agreeable, and 1928 * caused action sca, false if it has been rejected or nak'ed, and 1929 * caused action scn. (The return value is used to make the state 1930 * transition decision in the state automaton.) 1931 */ 1932static int 1933sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 1934{ 1935 STDDCL; 1936 u_char *buf, *r, *p; 1937 int origlen, rlen; 1938 u_long nmagic; 1939 u_short authproto; 1940 1941 len -= 4; 1942 origlen = len; 1943 buf = r = malloc (len, M_TEMP, M_NOWAIT); 1944 if (! buf) 1945 return (0); 1946 1947 if (debug) 1948 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 1949 SPP_ARGS(ifp)); 1950 1951 /* pass 1: check for things that need to be rejected */ 1952 p = (void*) (h+1); 1953 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 1954 if (debug) 1955 log(-1, " %s ", sppp_lcp_opt_name(*p)); 1956 switch (*p) { 1957 case LCP_OPT_MAGIC: 1958 /* Magic number. */ 1959 if (len >= 6 && p[1] == 6) 1960 continue; 1961 if (debug) 1962 log(-1, "[invalid] "); 1963 break; 1964 case LCP_OPT_ASYNC_MAP: 1965 /* Async control character map. */ 1966 if (len >= 6 && p[1] == 6) 1967 continue; 1968 if (debug) 1969 log(-1, "[invalid] "); 1970 break; 1971 case LCP_OPT_MRU: 1972 /* Maximum receive unit. */ 1973 if (len >= 4 && p[1] == 4) 1974 continue; 1975 if (debug) 1976 log(-1, "[invalid] "); 1977 break; 1978 case LCP_OPT_AUTH_PROTO: 1979 if (len < 4) { 1980 if (debug) 1981 log(-1, "[invalid] "); 1982 break; 1983 } 1984 authproto = (p[2] << 8) + p[3]; 1985 if (authproto == PPP_CHAP && p[1] != 5) { 1986 if (debug) 1987 log(-1, "[invalid chap len] "); 1988 break; 1989 } 1990 if (sp->myauth.proto == 0) { 1991 /* we are not configured to do auth */ 1992 if (debug) 1993 log(-1, "[not configured] "); 1994 break; 1995 } 1996 /* 1997 * Remote want us to authenticate, remember this, 1998 * so we stay in PHASE_AUTHENTICATE after LCP got 1999 * up. 2000 */ 2001 sp->pp_flags |= PP_NEEDAUTH; 2002 continue; 2003 default: 2004 /* Others not supported. */ 2005 if (debug) 2006 log(-1, "[rej] "); 2007 break; 2008 } 2009 /* Add the option to rejected list. */ 2010 bcopy (p, r, p[1]); 2011 r += p[1]; 2012 rlen += p[1]; 2013 } 2014 if (rlen) { 2015 if (debug) 2016 log(-1, " send conf-rej\n"); 2017 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2018 return 0; 2019 } else if (debug) 2020 log(-1, "\n"); 2021 2022 /* 2023 * pass 2: check for option values that are unacceptable and 2024 * thus require to be nak'ed. 2025 */ 2026 if (debug) 2027 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2028 SPP_ARGS(ifp)); 2029 2030 p = (void*) (h+1); 2031 len = origlen; 2032 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2033 if (debug) 2034 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2035 switch (*p) { 2036 case LCP_OPT_MAGIC: 2037 /* Magic number -- extract. */ 2038 nmagic = (u_long)p[2] << 24 | 2039 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2040 if (nmagic != sp->lcp.magic) { 2041 sp->pp_loopcnt = 0; 2042 if (debug) 2043 log(-1, "0x%lx ", nmagic); 2044 continue; 2045 } 2046 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2047 log(-1, "[glitch] "); 2048 ++sp->pp_loopcnt; 2049 /* 2050 * We negate our magic here, and NAK it. If 2051 * we see it later in an NAK packet, we 2052 * suggest a new one. 2053 */ 2054 nmagic = ~sp->lcp.magic; 2055 /* Gonna NAK it. */ 2056 p[2] = nmagic >> 24; 2057 p[3] = nmagic >> 16; 2058 p[4] = nmagic >> 8; 2059 p[5] = nmagic; 2060 break; 2061 2062 case LCP_OPT_ASYNC_MAP: 2063 /* Async control character map -- check to be zero. */ 2064 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 2065 if (debug) 2066 log(-1, "[empty] "); 2067 continue; 2068 } 2069 if (debug) 2070 log(-1, "[non-empty] "); 2071 /* suggest a zero one */ 2072 p[2] = p[3] = p[4] = p[5] = 0; 2073 break; 2074 2075 case LCP_OPT_MRU: 2076 /* 2077 * Maximum receive unit. Always agreeable, 2078 * but ignored by now. 2079 */ 2080 sp->lcp.their_mru = p[2] * 256 + p[3]; 2081 if (debug) 2082 log(-1, "%lu ", sp->lcp.their_mru); 2083 continue; 2084 2085 case LCP_OPT_AUTH_PROTO: 2086 authproto = (p[2] << 8) + p[3]; 2087 if (sp->myauth.proto != authproto) { 2088 /* not agreed, nak */ 2089 if (debug) 2090 log(-1, "[mine %s != his %s] ", 2091 sppp_proto_name(sp->hisauth.proto), 2092 sppp_proto_name(authproto)); 2093 p[2] = sp->myauth.proto >> 8; 2094 p[3] = sp->myauth.proto; 2095 break; 2096 } 2097 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2098 if (debug) 2099 log(-1, "[chap not MD5] "); 2100 p[4] = CHAP_MD5; 2101 break; 2102 } 2103 continue; 2104 } 2105 /* Add the option to nak'ed list. */ 2106 bcopy (p, r, p[1]); 2107 r += p[1]; 2108 rlen += p[1]; 2109 } 2110 if (rlen) { 2111 /* 2112 * Local and remote magics equal -- loopback? 2113 */ 2114 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2115 if (sp->pp_loopcnt == MAXALIVECNT*5) 2116 printf (SPP_FMT "loopback\n", 2117 SPP_ARGS(ifp)); 2118 if (ifp->if_flags & IFF_UP) { 2119 if_down(ifp); 2120 sppp_qflush(&sp->pp_cpq); 2121 /* XXX ? */ 2122 lcp.Down(sp); 2123 lcp.Up(sp); 2124 } 2125 } else if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2126 if (debug) 2127 log(-1, " max_failure (%d) exceeded, " 2128 "send conf-rej\n", 2129 sp->lcp.max_failure); 2130 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2131 } else { 2132 if (debug) 2133 log(-1, " send conf-nak\n"); 2134 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2135 } 2136 } else { 2137 if (debug) 2138 log(-1, " send conf-ack\n"); 2139 sp->fail_counter[IDX_LCP] = 0; 2140 sp->pp_loopcnt = 0; 2141 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2142 h->ident, origlen, h+1); 2143 } 2144 2145 free (buf, M_TEMP); 2146 return (rlen == 0); 2147} 2148 2149/* 2150 * Analyze the LCP Configure-Reject option list, and adjust our 2151 * negotiation. 2152 */ 2153static void 2154sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2155{ 2156 STDDCL; 2157 u_char *buf, *p; 2158 2159 len -= 4; 2160 buf = malloc (len, M_TEMP, M_NOWAIT); 2161 if (!buf) 2162 return; 2163 2164 if (debug) 2165 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2166 SPP_ARGS(ifp)); 2167 2168 p = (void*) (h+1); 2169 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2170 if (debug) 2171 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2172 switch (*p) { 2173 case LCP_OPT_MAGIC: 2174 /* Magic number -- can't use it, use 0 */ 2175 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2176 sp->lcp.magic = 0; 2177 break; 2178 case LCP_OPT_MRU: 2179 /* 2180 * Should not be rejected anyway, since we only 2181 * negotiate a MRU if explicitly requested by 2182 * peer. 2183 */ 2184 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2185 break; 2186 case LCP_OPT_AUTH_PROTO: 2187 /* 2188 * Peer doesn't want to authenticate himself, 2189 * deny unless this is a dialout call, and 2190 * AUTHFLAG_NOCALLOUT is set. 2191 */ 2192 if ((sp->pp_flags & PP_CALLIN) == 0 && 2193 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2194 if (debug) 2195 log(-1, "[don't insist on auth " 2196 "for callout]"); 2197 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2198 break; 2199 } 2200 if (debug) 2201 log(-1, "[access denied]\n"); 2202 lcp.Close(sp); 2203 break; 2204 } 2205 } 2206 if (debug) 2207 log(-1, "\n"); 2208 free (buf, M_TEMP); 2209 return; 2210} 2211 2212/* 2213 * Analyze the LCP Configure-NAK option list, and adjust our 2214 * negotiation. 2215 */ 2216static void 2217sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2218{ 2219 STDDCL; 2220 u_char *buf, *p; 2221 u_long magic; 2222 2223 len -= 4; 2224 buf = malloc (len, M_TEMP, M_NOWAIT); 2225 if (!buf) 2226 return; 2227 2228 if (debug) 2229 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2230 SPP_ARGS(ifp)); 2231 2232 p = (void*) (h+1); 2233 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2234 if (debug) 2235 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2236 switch (*p) { 2237 case LCP_OPT_MAGIC: 2238 /* Magic number -- renegotiate */ 2239 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2240 len >= 6 && p[1] == 6) { 2241 magic = (u_long)p[2] << 24 | 2242 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2243 /* 2244 * If the remote magic is our negated one, 2245 * this looks like a loopback problem. 2246 * Suggest a new magic to make sure. 2247 */ 2248 if (magic == ~sp->lcp.magic) { 2249 if (debug) 2250 log(-1, "magic glitch "); 2251#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2252 sp->lcp.magic = random(); 2253#else 2254 sp->lcp.magic = time.tv_sec + time.tv_usec; 2255#endif 2256 } else { 2257 sp->lcp.magic = magic; 2258 if (debug) 2259 log(-1, "%lu ", magic); 2260 } 2261 } 2262 break; 2263 case LCP_OPT_MRU: 2264 /* 2265 * Peer wants to advise us to negotiate an MRU. 2266 * Agree on it if it's reasonable, or use 2267 * default otherwise. 2268 */ 2269 if (len >= 4 && p[1] == 4) { 2270 u_int mru = p[2] * 256 + p[3]; 2271 if (debug) 2272 log(-1, "%d ", mru); 2273 if (mru < PP_MTU || mru > PP_MAX_MRU) 2274 mru = PP_MTU; 2275 sp->lcp.mru = mru; 2276 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2277 } 2278 break; 2279 case LCP_OPT_AUTH_PROTO: 2280 /* 2281 * Peer doesn't like our authentication method, 2282 * deny. 2283 */ 2284 if (debug) 2285 log(-1, "[access denied]\n"); 2286 lcp.Close(sp); 2287 break; 2288 } 2289 } 2290 if (debug) 2291 log(-1, "\n"); 2292 free (buf, M_TEMP); 2293 return; 2294} 2295 2296static void 2297sppp_lcp_tlu(struct sppp *sp) 2298{ 2299 STDDCL; 2300 int i; 2301 u_long mask; 2302 2303 /* XXX ? */ 2304 if (! (ifp->if_flags & IFF_UP) && 2305 (ifp->if_flags & IFF_RUNNING)) { 2306 /* Coming out of loopback mode. */ 2307 if_up(ifp); 2308 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2309 } 2310 2311 for (i = 0; i < IDX_COUNT; i++) 2312 if ((cps[i])->flags & CP_QUAL) 2313 (cps[i])->Open(sp); 2314 2315 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2316 (sp->pp_flags & PP_NEEDAUTH) != 0) 2317 sp->pp_phase = PHASE_AUTHENTICATE; 2318 else 2319 sp->pp_phase = PHASE_NETWORK; 2320 2321 if (debug) 2322 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2323 sppp_phase_name(sp->pp_phase)); 2324 2325 /* 2326 * Open all authentication protocols. This is even required 2327 * if we already proceeded to network phase, since it might be 2328 * that remote wants us to authenticate, so we might have to 2329 * send a PAP request. Undesired authentication protocols 2330 * don't do anything when they get an Open event. 2331 */ 2332 for (i = 0; i < IDX_COUNT; i++) 2333 if ((cps[i])->flags & CP_AUTH) 2334 (cps[i])->Open(sp); 2335 2336 if (sp->pp_phase == PHASE_NETWORK) { 2337 /* Notify all NCPs. */ 2338 for (i = 0; i < IDX_COUNT; i++) 2339 if ((cps[i])->flags & CP_NCP) 2340 (cps[i])->Open(sp); 2341 } 2342 2343 /* Send Up events to all started protos. */ 2344 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2345 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2346 (cps[i])->Up(sp); 2347 2348 /* notify low-level driver of state change */ 2349 if (sp->pp_chg) 2350 sp->pp_chg(sp, (int)sp->pp_phase); 2351 2352 if (sp->pp_phase == PHASE_NETWORK) 2353 /* if no NCP is starting, close down */ 2354 sppp_lcp_check_and_close(sp); 2355} 2356 2357static void 2358sppp_lcp_tld(struct sppp *sp) 2359{ 2360 STDDCL; 2361 int i; 2362 u_long mask; 2363 2364 sp->pp_phase = PHASE_TERMINATE; 2365 2366 if (debug) 2367 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2368 sppp_phase_name(sp->pp_phase)); 2369 2370 /* 2371 * Take upper layers down. We send the Down event first and 2372 * the Close second to prevent the upper layers from sending 2373 * ``a flurry of terminate-request packets'', as the RFC 2374 * describes it. 2375 */ 2376 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2377 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2378 (cps[i])->Down(sp); 2379 (cps[i])->Close(sp); 2380 } 2381} 2382 2383static void 2384sppp_lcp_tls(struct sppp *sp) 2385{ 2386 STDDCL; 2387 2388 sp->pp_phase = PHASE_ESTABLISH; 2389 2390 if (debug) 2391 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2392 sppp_phase_name(sp->pp_phase)); 2393 2394 /* Notify lower layer if desired. */ 2395 if (sp->pp_tls) 2396 (sp->pp_tls)(sp); 2397 else 2398 (sp->pp_up)(sp); 2399} 2400 2401static void 2402sppp_lcp_tlf(struct sppp *sp) 2403{ 2404 STDDCL; 2405 2406 sp->pp_phase = PHASE_DEAD; 2407 if (debug) 2408 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2409 sppp_phase_name(sp->pp_phase)); 2410 2411 /* Notify lower layer if desired. */ 2412 if (sp->pp_tlf) 2413 (sp->pp_tlf)(sp); 2414 else 2415 (sp->pp_down)(sp); 2416} 2417 2418static void 2419sppp_lcp_scr(struct sppp *sp) 2420{ 2421 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2422 int i = 0; 2423 u_short authproto; 2424 2425 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2426 if (! sp->lcp.magic) 2427#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2428 sp->lcp.magic = random(); 2429#else 2430 sp->lcp.magic = time.tv_sec + time.tv_usec; 2431#endif 2432 opt[i++] = LCP_OPT_MAGIC; 2433 opt[i++] = 6; 2434 opt[i++] = sp->lcp.magic >> 24; 2435 opt[i++] = sp->lcp.magic >> 16; 2436 opt[i++] = sp->lcp.magic >> 8; 2437 opt[i++] = sp->lcp.magic; 2438 } 2439 2440 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2441 opt[i++] = LCP_OPT_MRU; 2442 opt[i++] = 4; 2443 opt[i++] = sp->lcp.mru >> 8; 2444 opt[i++] = sp->lcp.mru; 2445 } 2446 2447 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2448 authproto = sp->hisauth.proto; 2449 opt[i++] = LCP_OPT_AUTH_PROTO; 2450 opt[i++] = authproto == PPP_CHAP? 5: 4; 2451 opt[i++] = authproto >> 8; 2452 opt[i++] = authproto; 2453 if (authproto == PPP_CHAP) 2454 opt[i++] = CHAP_MD5; 2455 } 2456 2457 sp->confid[IDX_LCP] = ++sp->pp_seq; 2458 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2459} 2460 2461/* 2462 * Check the open NCPs, return true if at least one NCP is open. 2463 */ 2464static int 2465sppp_ncp_check(struct sppp *sp) 2466{ 2467 int i, mask; 2468 2469 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2470 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2471 return 1; 2472 return 0; 2473} 2474 2475/* 2476 * Re-check the open NCPs and see if we should terminate the link. 2477 * Called by the NCPs during their tlf action handling. 2478 */ 2479static void 2480sppp_lcp_check_and_close(struct sppp *sp) 2481{ 2482 2483 if (sp->pp_phase < PHASE_NETWORK) 2484 /* don't bother, we are already going down */ 2485 return; 2486 2487 if (sppp_ncp_check(sp)) 2488 return; 2489 2490 lcp.Close(sp); 2491} 2492 2493/* 2494 *--------------------------------------------------------------------------* 2495 * * 2496 * The IPCP implementation. * 2497 * * 2498 *--------------------------------------------------------------------------* 2499 */ 2500 2501static void 2502sppp_ipcp_init(struct sppp *sp) 2503{ 2504 sp->ipcp.opts = 0; 2505 sp->ipcp.flags = 0; 2506 sp->state[IDX_IPCP] = STATE_INITIAL; 2507 sp->fail_counter[IDX_IPCP] = 0; 2508#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2509 callout_handle_init(&sp->ch[IDX_IPCP]); 2510#endif 2511} 2512 2513static void 2514sppp_ipcp_up(struct sppp *sp) 2515{ 2516 sppp_up_event(&ipcp, sp); 2517} 2518 2519static void 2520sppp_ipcp_down(struct sppp *sp) 2521{ 2522 sppp_down_event(&ipcp, sp); 2523} 2524 2525static void 2526sppp_ipcp_open(struct sppp *sp) 2527{ 2528 STDDCL; 2529 u_long myaddr, hisaddr; 2530 2531 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN); 2532 2533 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2534 /* 2535 * If we don't have his address, this probably means our 2536 * interface doesn't want to talk IP at all. (This could 2537 * be the case if somebody wants to speak only IPX, for 2538 * example.) Don't open IPCP in this case. 2539 */ 2540 if (hisaddr == 0L) { 2541 /* XXX this message should go away */ 2542 if (debug) 2543 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2544 SPP_ARGS(ifp)); 2545 return; 2546 } 2547 2548 if (myaddr == 0L) { 2549 /* 2550 * I don't have an assigned address, so i need to 2551 * negotiate my address. 2552 */ 2553 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2554 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2555 } else 2556 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2557 sppp_open_event(&ipcp, sp); 2558} 2559 2560static void 2561sppp_ipcp_close(struct sppp *sp) 2562{ 2563 sppp_close_event(&ipcp, sp); 2564 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2565 /* 2566 * My address was dynamic, clear it again. 2567 */ 2568 sppp_set_ip_addr(sp, 0L); 2569} 2570 2571static void 2572sppp_ipcp_TO(void *cookie) 2573{ 2574 sppp_to_event(&ipcp, (struct sppp *)cookie); 2575} 2576 2577/* 2578 * Analyze a configure request. Return true if it was agreeable, and 2579 * caused action sca, false if it has been rejected or nak'ed, and 2580 * caused action scn. (The return value is used to make the state 2581 * transition decision in the state automaton.) 2582 */ 2583static int 2584sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2585{ 2586 u_char *buf, *r, *p; 2587 struct ifnet *ifp = &sp->pp_if; 2588 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2589 u_long hisaddr, desiredaddr; 2590 int gotmyaddr = 0; 2591 2592 len -= 4; 2593 origlen = len; 2594 /* 2595 * Make sure to allocate a buf that can at least hold a 2596 * conf-nak with an `address' option. We might need it below. 2597 */ 2598 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2599 if (! buf) 2600 return (0); 2601 2602 /* pass 1: see if we can recognize them */ 2603 if (debug) 2604 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2605 SPP_ARGS(ifp)); 2606 p = (void*) (h+1); 2607 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2608 if (debug) 2609 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2610 switch (*p) { 2611 case IPCP_OPT_ADDRESS: 2612 if (len >= 6 && p[1] == 6) { 2613 /* correctly formed address option */ 2614 continue; 2615 } 2616 if (debug) 2617 log(-1, "[invalid] "); 2618 break; 2619 default: 2620 /* Others not supported. */ 2621 if (debug) 2622 log(-1, "[rej] "); 2623 break; 2624 } 2625 /* Add the option to rejected list. */ 2626 bcopy (p, r, p[1]); 2627 r += p[1]; 2628 rlen += p[1]; 2629 } 2630 if (rlen) { 2631 if (debug) 2632 log(-1, " send conf-rej\n"); 2633 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2634 return 0; 2635 } else if (debug) 2636 log(-1, "\n"); 2637 2638 /* pass 2: parse option values */ 2639 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2640 if (debug) 2641 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2642 SPP_ARGS(ifp)); 2643 p = (void*) (h+1); 2644 len = origlen; 2645 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2646 if (debug) 2647 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2648 switch (*p) { 2649 case IPCP_OPT_ADDRESS: 2650 /* This is the address he wants in his end */ 2651 desiredaddr = p[2] << 24 | p[3] << 16 | 2652 p[4] << 8 | p[5]; 2653 if (desiredaddr == hisaddr || 2654 (hisaddr == 1 && desiredaddr != 0)) { 2655 /* 2656 * Peer's address is same as our value, 2657 * or we have set it to 0.0.0.1 to 2658 * indicate that we do not really care, 2659 * this is agreeable. Gonna conf-ack 2660 * it. 2661 */ 2662 if (debug) 2663 log(-1, "%s [ack] ", 2664 sppp_dotted_quad(hisaddr)); 2665 /* record that we've seen it already */ 2666 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2667 continue; 2668 } 2669 /* 2670 * The address wasn't agreeable. This is either 2671 * he sent us 0.0.0.0, asking to assign him an 2672 * address, or he send us another address not 2673 * matching our value. Either case, we gonna 2674 * conf-nak it with our value. 2675 * XXX: we should "rej" if hisaddr == 0 2676 */ 2677 if (debug) { 2678 if (desiredaddr == 0) 2679 log(-1, "[addr requested] "); 2680 else 2681 log(-1, "%s [not agreed] ", 2682 sppp_dotted_quad(desiredaddr)); 2683 2684 } 2685 p[2] = hisaddr >> 24; 2686 p[3] = hisaddr >> 16; 2687 p[4] = hisaddr >> 8; 2688 p[5] = hisaddr; 2689 break; 2690 } 2691 /* Add the option to nak'ed list. */ 2692 bcopy (p, r, p[1]); 2693 r += p[1]; 2694 rlen += p[1]; 2695 } 2696 2697 /* 2698 * If we are about to conf-ack the request, but haven't seen 2699 * his address so far, gonna conf-nak it instead, with the 2700 * `address' option present and our idea of his address being 2701 * filled in there, to request negotiation of both addresses. 2702 * 2703 * XXX This can result in an endless req - nak loop if peer 2704 * doesn't want to send us his address. Q: What should we do 2705 * about it? XXX A: implement the max-failure counter. 2706 */ 2707 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 2708 buf[0] = IPCP_OPT_ADDRESS; 2709 buf[1] = 6; 2710 buf[2] = hisaddr >> 24; 2711 buf[3] = hisaddr >> 16; 2712 buf[4] = hisaddr >> 8; 2713 buf[5] = hisaddr; 2714 rlen = 6; 2715 if (debug) 2716 log(-1, "still need hisaddr "); 2717 } 2718 2719 if (rlen) { 2720 if (debug) 2721 log(-1, " send conf-nak\n"); 2722 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2723 } else { 2724 if (debug) 2725 log(-1, " send conf-ack\n"); 2726 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2727 h->ident, origlen, h+1); 2728 } 2729 2730 free (buf, M_TEMP); 2731 return (rlen == 0); 2732} 2733 2734/* 2735 * Analyze the IPCP Configure-Reject option list, and adjust our 2736 * negotiation. 2737 */ 2738static void 2739sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2740{ 2741 u_char *buf, *p; 2742 struct ifnet *ifp = &sp->pp_if; 2743 int debug = ifp->if_flags & IFF_DEBUG; 2744 2745 len -= 4; 2746 buf = malloc (len, M_TEMP, M_NOWAIT); 2747 if (!buf) 2748 return; 2749 2750 if (debug) 2751 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 2752 SPP_ARGS(ifp)); 2753 2754 p = (void*) (h+1); 2755 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2756 if (debug) 2757 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2758 switch (*p) { 2759 case IPCP_OPT_ADDRESS: 2760 /* 2761 * Peer doesn't grok address option. This is 2762 * bad. XXX Should we better give up here? 2763 * XXX We could try old "addresses" option... 2764 */ 2765 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 2766 break; 2767 } 2768 } 2769 if (debug) 2770 log(-1, "\n"); 2771 free (buf, M_TEMP); 2772 return; 2773} 2774 2775/* 2776 * Analyze the IPCP Configure-NAK option list, and adjust our 2777 * negotiation. 2778 */ 2779static void 2780sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2781{ 2782 u_char *buf, *p; 2783 struct ifnet *ifp = &sp->pp_if; 2784 int debug = ifp->if_flags & IFF_DEBUG; 2785 u_long wantaddr; 2786 2787 len -= 4; 2788 buf = malloc (len, M_TEMP, M_NOWAIT); 2789 if (!buf) 2790 return; 2791 2792 if (debug) 2793 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 2794 SPP_ARGS(ifp)); 2795 2796 p = (void*) (h+1); 2797 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2798 if (debug) 2799 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2800 switch (*p) { 2801 case IPCP_OPT_ADDRESS: 2802 /* 2803 * Peer doesn't like our local IP address. See 2804 * if we can do something for him. We'll drop 2805 * him our address then. 2806 */ 2807 if (len >= 6 && p[1] == 6) { 2808 wantaddr = p[2] << 24 | p[3] << 16 | 2809 p[4] << 8 | p[5]; 2810 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2811 if (debug) 2812 log(-1, "[wantaddr %s] ", 2813 sppp_dotted_quad(wantaddr)); 2814 /* 2815 * When doing dynamic address assignment, 2816 * we accept his offer. Otherwise, we 2817 * ignore it and thus continue to negotiate 2818 * our already existing value. 2819 * XXX: Bogus, if he said no once, he'll 2820 * just say no again, might as well die. 2821 */ 2822 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 2823 sppp_set_ip_addr(sp, wantaddr); 2824 if (debug) 2825 log(-1, "[agree] "); 2826 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2827 } 2828 } 2829 break; 2830 } 2831 } 2832 if (debug) 2833 log(-1, "\n"); 2834 free (buf, M_TEMP); 2835 return; 2836} 2837 2838static void 2839sppp_ipcp_tlu(struct sppp *sp) 2840{ 2841 /* we are up - notify isdn daemon */ 2842 if (sp->pp_con) 2843 sp->pp_con(sp); 2844} 2845 2846static void 2847sppp_ipcp_tld(struct sppp *sp) 2848{ 2849} 2850 2851static void 2852sppp_ipcp_tls(struct sppp *sp) 2853{ 2854 /* indicate to LCP that it must stay alive */ 2855 sp->lcp.protos |= (1 << IDX_IPCP); 2856} 2857 2858static void 2859sppp_ipcp_tlf(struct sppp *sp) 2860{ 2861 /* we no longer need LCP */ 2862 sp->lcp.protos &= ~(1 << IDX_IPCP); 2863 sppp_lcp_check_and_close(sp); 2864} 2865 2866static void 2867sppp_ipcp_scr(struct sppp *sp) 2868{ 2869 char opt[6 /* compression */ + 6 /* address */]; 2870 u_long ouraddr; 2871 int i = 0; 2872 2873 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 2874 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 2875 opt[i++] = IPCP_OPT_ADDRESS; 2876 opt[i++] = 6; 2877 opt[i++] = ouraddr >> 24; 2878 opt[i++] = ouraddr >> 16; 2879 opt[i++] = ouraddr >> 8; 2880 opt[i++] = ouraddr; 2881 } 2882 2883 sp->confid[IDX_IPCP] = ++sp->pp_seq; 2884 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 2885} 2886 2887/* 2888 *--------------------------------------------------------------------------* 2889 * * 2890 * The CHAP implementation. * 2891 * * 2892 *--------------------------------------------------------------------------* 2893 */ 2894 2895/* 2896 * The authentication protocols don't employ a full-fledged state machine as 2897 * the control protocols do, since they do have Open and Close events, but 2898 * not Up and Down, nor are they explicitly terminated. Also, use of the 2899 * authentication protocols may be different in both directions (this makes 2900 * sense, think of a machine that never accepts incoming calls but only 2901 * calls out, it doesn't require the called party to authenticate itself). 2902 * 2903 * Our state machine for the local authentication protocol (we are requesting 2904 * the peer to authenticate) looks like: 2905 * 2906 * RCA- 2907 * +--------------------------------------------+ 2908 * V scn,tld| 2909 * +--------+ Close +---------+ RCA+ 2910 * | |<----------------------------------| |------+ 2911 * +--->| Closed | TO* | Opened | sca | 2912 * | | |-----+ +-------| |<-----+ 2913 * | +--------+ irc | | +---------+ 2914 * | ^ | | ^ 2915 * | | | | | 2916 * | | | | | 2917 * | TO-| | | | 2918 * | |tld TO+ V | | 2919 * | | +------->+ | | 2920 * | | | | | | 2921 * | +--------+ V | | 2922 * | | |<----+<--------------------+ | 2923 * | | Req- | scr | 2924 * | | Sent | | 2925 * | | | | 2926 * | +--------+ | 2927 * | RCA- | | RCA+ | 2928 * +------+ +------------------------------------------+ 2929 * scn,tld sca,irc,ict,tlu 2930 * 2931 * 2932 * with: 2933 * 2934 * Open: LCP reached authentication phase 2935 * Close: LCP reached terminate phase 2936 * 2937 * RCA+: received reply (pap-req, chap-response), acceptable 2938 * RCN: received reply (pap-req, chap-response), not acceptable 2939 * TO+: timeout with restart counter >= 0 2940 * TO-: timeout with restart counter < 0 2941 * TO*: reschedule timeout for CHAP 2942 * 2943 * scr: send request packet (none for PAP, chap-challenge) 2944 * sca: send ack packet (pap-ack, chap-success) 2945 * scn: send nak packet (pap-nak, chap-failure) 2946 * ict: initialize re-challenge timer (CHAP only) 2947 * 2948 * tlu: this-layer-up, LCP reaches network phase 2949 * tld: this-layer-down, LCP enters terminate phase 2950 * 2951 * Note that in CHAP mode, after sending a new challenge, while the state 2952 * automaton falls back into Req-Sent state, it doesn't signal a tld 2953 * event to LCP, so LCP remains in network phase. Only after not getting 2954 * any response (or after getting an unacceptable response), CHAP closes, 2955 * causing LCP to enter terminate phase. 2956 * 2957 * With PAP, there is no initial request that can be sent. The peer is 2958 * expected to send one based on the successful negotiation of PAP as 2959 * the authentication protocol during the LCP option negotiation. 2960 * 2961 * Incoming authentication protocol requests (remote requests 2962 * authentication, we are peer) don't employ a state machine at all, 2963 * they are simply answered. Some peers [Ascend P50 firmware rev 2964 * 4.50] react allergically when sending IPCP requests while they are 2965 * still in authentication phase (thereby violating the standard that 2966 * demands that these NCP packets are to be discarded), so we keep 2967 * track of the peer demanding us to authenticate, and only proceed to 2968 * phase network once we've seen a positive acknowledge for the 2969 * authentication. 2970 */ 2971 2972/* 2973 * Handle incoming CHAP packets. 2974 */ 2975void 2976sppp_chap_input(struct sppp *sp, struct mbuf *m) 2977{ 2978 STDDCL; 2979 struct lcp_header *h; 2980 int len, x; 2981 u_char *value, *name, digest[AUTHKEYLEN], dsize; 2982 int value_len, name_len; 2983 MD5_CTX ctx; 2984 2985 len = m->m_pkthdr.len; 2986 if (len < 4) { 2987 if (debug) 2988 log(LOG_DEBUG, 2989 SPP_FMT "chap invalid packet length: %d bytes\n", 2990 SPP_ARGS(ifp), len); 2991 return; 2992 } 2993 h = mtod (m, struct lcp_header*); 2994 if (len > ntohs (h->len)) 2995 len = ntohs (h->len); 2996 2997 switch (h->type) { 2998 /* challenge, failure and success are his authproto */ 2999 case CHAP_CHALLENGE: 3000 value = 1 + (u_char*)(h+1); 3001 value_len = value[-1]; 3002 name = value + value_len; 3003 name_len = len - value_len - 5; 3004 if (name_len < 0) { 3005 if (debug) { 3006 log(LOG_DEBUG, 3007 SPP_FMT "chap corrupted challenge " 3008 "<%s id=0x%x len=%d", 3009 SPP_ARGS(ifp), 3010 sppp_auth_type_name(PPP_CHAP, h->type), 3011 h->ident, ntohs(h->len)); 3012 sppp_print_bytes((u_char*) (h+1), len-4); 3013 log(-1, ">\n"); 3014 } 3015 break; 3016 } 3017 3018 if (debug) { 3019 log(LOG_DEBUG, 3020 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3021 SPP_ARGS(ifp), 3022 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3023 ntohs(h->len)); 3024 sppp_print_string((char*) name, name_len); 3025 log(-1, " value-size=%d value=", value_len); 3026 sppp_print_bytes(value, value_len); 3027 log(-1, ">\n"); 3028 } 3029 3030 /* Compute reply value. */ 3031 MD5Init(&ctx); 3032 MD5Update(&ctx, &h->ident, 1); 3033 MD5Update(&ctx, sp->myauth.secret, 3034 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3035 MD5Update(&ctx, value, value_len); 3036 MD5Final(digest, &ctx); 3037 dsize = sizeof digest; 3038 3039 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3040 sizeof dsize, (const char *)&dsize, 3041 sizeof digest, digest, 3042 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3043 sp->myauth.name, 3044 0); 3045 break; 3046 3047 case CHAP_SUCCESS: 3048 if (debug) { 3049 log(LOG_DEBUG, SPP_FMT "chap success", 3050 SPP_ARGS(ifp)); 3051 if (len > 4) { 3052 log(-1, ": "); 3053 sppp_print_string((char*)(h + 1), len - 4); 3054 } 3055 log(-1, "\n"); 3056 } 3057 x = splimp(); 3058 sp->pp_flags &= ~PP_NEEDAUTH; 3059 if (sp->myauth.proto == PPP_CHAP && 3060 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3061 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3062 /* 3063 * We are authenticator for CHAP but didn't 3064 * complete yet. Leave it to tlu to proceed 3065 * to network phase. 3066 */ 3067 splx(x); 3068 break; 3069 } 3070 splx(x); 3071 sppp_phase_network(sp); 3072 break; 3073 3074 case CHAP_FAILURE: 3075 if (debug) { 3076 log(LOG_INFO, SPP_FMT "chap failure", 3077 SPP_ARGS(ifp)); 3078 if (len > 4) { 3079 log(-1, ": "); 3080 sppp_print_string((char*)(h + 1), len - 4); 3081 } 3082 log(-1, "\n"); 3083 } else 3084 log(LOG_INFO, SPP_FMT "chap failure\n", 3085 SPP_ARGS(ifp)); 3086 /* await LCP shutdown by authenticator */ 3087 break; 3088 3089 /* response is my authproto */ 3090 case CHAP_RESPONSE: 3091 value = 1 + (u_char*)(h+1); 3092 value_len = value[-1]; 3093 name = value + value_len; 3094 name_len = len - value_len - 5; 3095 if (name_len < 0) { 3096 if (debug) { 3097 log(LOG_DEBUG, 3098 SPP_FMT "chap corrupted response " 3099 "<%s id=0x%x len=%d", 3100 SPP_ARGS(ifp), 3101 sppp_auth_type_name(PPP_CHAP, h->type), 3102 h->ident, ntohs(h->len)); 3103 sppp_print_bytes((u_char*)(h+1), len-4); 3104 log(-1, ">\n"); 3105 } 3106 break; 3107 } 3108 if (h->ident != sp->confid[IDX_CHAP]) { 3109 if (debug) 3110 log(LOG_DEBUG, 3111 SPP_FMT "chap dropping response for old ID " 3112 "(got %d, expected %d)\n", 3113 SPP_ARGS(ifp), 3114 h->ident, sp->confid[IDX_CHAP]); 3115 break; 3116 } 3117 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 3118 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3119 log(LOG_INFO, SPP_FMT "chap response, his name ", 3120 SPP_ARGS(ifp)); 3121 sppp_print_string(name, name_len); 3122 log(-1, " != expected "); 3123 sppp_print_string(sp->hisauth.name, 3124 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 3125 log(-1, "\n"); 3126 } 3127 if (debug) { 3128 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3129 "<%s id=0x%x len=%d name=", 3130 SPP_ARGS(ifp), 3131 sppp_state_name(sp->state[IDX_CHAP]), 3132 sppp_auth_type_name(PPP_CHAP, h->type), 3133 h->ident, ntohs (h->len)); 3134 sppp_print_string((char*)name, name_len); 3135 log(-1, " value-size=%d value=", value_len); 3136 sppp_print_bytes(value, value_len); 3137 log(-1, ">\n"); 3138 } 3139 if (value_len != AUTHKEYLEN) { 3140 if (debug) 3141 log(LOG_DEBUG, 3142 SPP_FMT "chap bad hash value length: " 3143 "%d bytes, should be %d\n", 3144 SPP_ARGS(ifp), value_len, 3145 AUTHKEYLEN); 3146 break; 3147 } 3148 3149 MD5Init(&ctx); 3150 MD5Update(&ctx, &h->ident, 1); 3151 MD5Update(&ctx, sp->hisauth.secret, 3152 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 3153 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 3154 MD5Final(digest, &ctx); 3155 3156#define FAILMSG "Failed..." 3157#define SUCCMSG "Welcome!" 3158 3159 if (value_len != sizeof digest || 3160 bcmp(digest, value, value_len) != 0) { 3161 /* action scn, tld */ 3162 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3163 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3164 0); 3165 chap.tld(sp); 3166 break; 3167 } 3168 /* action sca, perhaps tlu */ 3169 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3170 sp->state[IDX_CHAP] == STATE_OPENED) 3171 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3172 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3173 0); 3174 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3175 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3176 chap.tlu(sp); 3177 } 3178 break; 3179 3180 default: 3181 /* Unknown CHAP packet type -- ignore. */ 3182 if (debug) { 3183 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 3184 "<0x%x id=0x%xh len=%d", 3185 SPP_ARGS(ifp), 3186 sppp_state_name(sp->state[IDX_CHAP]), 3187 h->type, h->ident, ntohs(h->len)); 3188 sppp_print_bytes((u_char*)(h+1), len-4); 3189 log(-1, ">\n"); 3190 } 3191 break; 3192 3193 } 3194} 3195 3196static void 3197sppp_chap_init(struct sppp *sp) 3198{ 3199 /* Chap doesn't have STATE_INITIAL at all. */ 3200 sp->state[IDX_CHAP] = STATE_CLOSED; 3201 sp->fail_counter[IDX_CHAP] = 0; 3202#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3203 callout_handle_init(&sp->ch[IDX_CHAP]); 3204#endif 3205} 3206 3207static void 3208sppp_chap_open(struct sppp *sp) 3209{ 3210 if (sp->myauth.proto == PPP_CHAP && 3211 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3212 /* we are authenticator for CHAP, start it */ 3213 chap.scr(sp); 3214 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3215 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3216 } 3217 /* nothing to be done if we are peer, await a challenge */ 3218} 3219 3220static void 3221sppp_chap_close(struct sppp *sp) 3222{ 3223 if (sp->state[IDX_CHAP] != STATE_CLOSED) 3224 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3225} 3226 3227static void 3228sppp_chap_TO(void *cookie) 3229{ 3230 struct sppp *sp = (struct sppp *)cookie; 3231 STDDCL; 3232 int s; 3233 3234 s = splimp(); 3235 if (debug) 3236 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 3237 SPP_ARGS(ifp), 3238 sppp_state_name(sp->state[IDX_CHAP]), 3239 sp->rst_counter[IDX_CHAP]); 3240 3241 if (--sp->rst_counter[IDX_CHAP] < 0) 3242 /* TO- event */ 3243 switch (sp->state[IDX_CHAP]) { 3244 case STATE_REQ_SENT: 3245 chap.tld(sp); 3246 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3247 break; 3248 } 3249 else 3250 /* TO+ (or TO*) event */ 3251 switch (sp->state[IDX_CHAP]) { 3252 case STATE_OPENED: 3253 /* TO* event */ 3254 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3255 /* fall through */ 3256 case STATE_REQ_SENT: 3257 chap.scr(sp); 3258 /* sppp_cp_change_state() will restart the timer */ 3259 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3260 break; 3261 } 3262 3263 splx(s); 3264} 3265 3266static void 3267sppp_chap_tlu(struct sppp *sp) 3268{ 3269 STDDCL; 3270 int i, x; 3271 3272 i = 0; 3273 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3274 3275 /* 3276 * Some broken CHAP implementations (Conware CoNet, firmware 3277 * 4.0.?) don't want to re-authenticate their CHAP once the 3278 * initial challenge-response exchange has taken place. 3279 * Provide for an option to avoid rechallenges. 3280 */ 3281 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 3282 /* 3283 * Compute the re-challenge timeout. This will yield 3284 * a number between 300 and 810 seconds. 3285 */ 3286 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 3287 TIMEOUT(chap.TO, (void *)sp, i * hz, sp->ch[IDX_CHAP]); 3288 } 3289 3290 if (debug) { 3291 log(LOG_DEBUG, 3292 SPP_FMT "chap %s, ", 3293 SPP_ARGS(ifp), 3294 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 3295 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 3296 log(-1, "next re-challenge in %d seconds\n", i); 3297 else 3298 log(-1, "re-challenging supressed\n"); 3299 } 3300 3301 x = splimp(); 3302 /* indicate to LCP that we need to be closed down */ 3303 sp->lcp.protos |= (1 << IDX_CHAP); 3304 3305 if (sp->pp_flags & PP_NEEDAUTH) { 3306 /* 3307 * Remote is authenticator, but his auth proto didn't 3308 * complete yet. Defer the transition to network 3309 * phase. 3310 */ 3311 splx(x); 3312 return; 3313 } 3314 splx(x); 3315 3316 /* 3317 * If we are already in phase network, we are done here. This 3318 * is the case if this is a dummy tlu event after a re-challenge. 3319 */ 3320 if (sp->pp_phase != PHASE_NETWORK) 3321 sppp_phase_network(sp); 3322} 3323 3324static void 3325sppp_chap_tld(struct sppp *sp) 3326{ 3327 STDDCL; 3328 3329 if (debug) 3330 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 3331 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 3332 sp->lcp.protos &= ~(1 << IDX_CHAP); 3333 3334 lcp.Close(sp); 3335} 3336 3337static void 3338sppp_chap_scr(struct sppp *sp) 3339{ 3340 u_long *ch, seed; 3341 u_char clen; 3342 3343 /* Compute random challenge. */ 3344 ch = (u_long *)sp->myauth.challenge; 3345#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3346 read_random(&seed, sizeof seed); 3347#else 3348 { 3349 struct timeval tv; 3350 microtime(&tv); 3351 seed = tv.tv_sec ^ tv.tv_usec; 3352 } 3353#endif 3354 ch[0] = seed ^ random(); 3355 ch[1] = seed ^ random(); 3356 ch[2] = seed ^ random(); 3357 ch[3] = seed ^ random(); 3358 clen = AUTHKEYLEN; 3359 3360 sp->confid[IDX_CHAP] = ++sp->pp_seq; 3361 3362 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 3363 sizeof clen, (const char *)&clen, 3364 (size_t)AUTHKEYLEN, sp->myauth.challenge, 3365 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3366 sp->myauth.name, 3367 0); 3368} 3369 3370/* 3371 *--------------------------------------------------------------------------* 3372 * * 3373 * The PAP implementation. * 3374 * * 3375 *--------------------------------------------------------------------------* 3376 */ 3377/* 3378 * For PAP, we need to keep a little state also if we are the peer, not the 3379 * authenticator. This is since we don't get a request to authenticate, but 3380 * have to repeatedly authenticate ourself until we got a response (or the 3381 * retry counter is expired). 3382 */ 3383 3384/* 3385 * Handle incoming PAP packets. */ 3386static void 3387sppp_pap_input(struct sppp *sp, struct mbuf *m) 3388{ 3389 STDDCL; 3390 struct lcp_header *h; 3391 int len, x; 3392 u_char *name, *passwd, mlen; 3393 int name_len, passwd_len; 3394 3395 len = m->m_pkthdr.len; 3396 if (len < 5) { 3397 if (debug) 3398 log(LOG_DEBUG, 3399 SPP_FMT "pap invalid packet length: %d bytes\n", 3400 SPP_ARGS(ifp), len); 3401 return; 3402 } 3403 h = mtod (m, struct lcp_header*); 3404 if (len > ntohs (h->len)) 3405 len = ntohs (h->len); 3406 switch (h->type) { 3407 /* PAP request is my authproto */ 3408 case PAP_REQ: 3409 name = 1 + (u_char*)(h+1); 3410 name_len = name[-1]; 3411 passwd = name + name_len + 1; 3412 if (name_len > len - 6 || 3413 (passwd_len = passwd[-1]) > len - 6 - name_len) { 3414 if (debug) { 3415 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3416 "<%s id=0x%x len=%d", 3417 SPP_ARGS(ifp), 3418 sppp_auth_type_name(PPP_PAP, h->type), 3419 h->ident, ntohs(h->len)); 3420 sppp_print_bytes((u_char*)(h+1), len-4); 3421 log(-1, ">\n"); 3422 } 3423 break; 3424 } 3425 if (debug) { 3426 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 3427 "<%s id=0x%x len=%d name=", 3428 SPP_ARGS(ifp), 3429 sppp_state_name(sp->state[IDX_PAP]), 3430 sppp_auth_type_name(PPP_PAP, h->type), 3431 h->ident, ntohs(h->len)); 3432 sppp_print_string((char*)name, name_len); 3433 log(-1, " passwd="); 3434 sppp_print_string((char*)passwd, passwd_len); 3435 log(-1, ">\n"); 3436 } 3437 if (name_len > AUTHNAMELEN || 3438 passwd_len > AUTHKEYLEN || 3439 bcmp(name, sp->hisauth.name, name_len) != 0 || 3440 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 3441 /* action scn, tld */ 3442 mlen = sizeof(FAILMSG) - 1; 3443 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 3444 sizeof mlen, (const char *)&mlen, 3445 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3446 0); 3447 pap.tld(sp); 3448 break; 3449 } 3450 /* action sca, perhaps tlu */ 3451 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 3452 sp->state[IDX_PAP] == STATE_OPENED) { 3453 mlen = sizeof(SUCCMSG) - 1; 3454 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 3455 sizeof mlen, (const char *)&mlen, 3456 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3457 0); 3458 } 3459 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 3460 sppp_cp_change_state(&pap, sp, STATE_OPENED); 3461 pap.tlu(sp); 3462 } 3463 break; 3464 3465 /* ack and nak are his authproto */ 3466 case PAP_ACK: 3467 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3468 if (debug) { 3469 log(LOG_DEBUG, SPP_FMT "pap success", 3470 SPP_ARGS(ifp)); 3471 name_len = *((char *)h); 3472 if (len > 5 && name_len) { 3473 log(-1, ": "); 3474 sppp_print_string((char*)(h+1), name_len); 3475 } 3476 log(-1, "\n"); 3477 } 3478 x = splimp(); 3479 sp->pp_flags &= ~PP_NEEDAUTH; 3480 if (sp->myauth.proto == PPP_PAP && 3481 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3482 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 3483 /* 3484 * We are authenticator for PAP but didn't 3485 * complete yet. Leave it to tlu to proceed 3486 * to network phase. 3487 */ 3488 splx(x); 3489 break; 3490 } 3491 splx(x); 3492 sppp_phase_network(sp); 3493 break; 3494 3495 case PAP_NAK: 3496 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3497 if (debug) { 3498 log(LOG_INFO, SPP_FMT "pap failure", 3499 SPP_ARGS(ifp)); 3500 name_len = *((char *)h); 3501 if (len > 5 && name_len) { 3502 log(-1, ": "); 3503 sppp_print_string((char*)(h+1), name_len); 3504 } 3505 log(-1, "\n"); 3506 } else 3507 log(LOG_INFO, SPP_FMT "pap failure\n", 3508 SPP_ARGS(ifp)); 3509 /* await LCP shutdown by authenticator */ 3510 break; 3511 3512 default: 3513 /* Unknown PAP packet type -- ignore. */ 3514 if (debug) { 3515 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3516 "<0x%x id=0x%x len=%d", 3517 SPP_ARGS(ifp), 3518 h->type, h->ident, ntohs(h->len)); 3519 sppp_print_bytes((u_char*)(h+1), len-4); 3520 log(-1, ">\n"); 3521 } 3522 break; 3523 3524 } 3525} 3526 3527static void 3528sppp_pap_init(struct sppp *sp) 3529{ 3530 /* PAP doesn't have STATE_INITIAL at all. */ 3531 sp->state[IDX_PAP] = STATE_CLOSED; 3532 sp->fail_counter[IDX_PAP] = 0; 3533#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3534 callout_handle_init(&sp->ch[IDX_PAP]); 3535 callout_handle_init(&sp->pap_my_to_ch); 3536#endif 3537} 3538 3539static void 3540sppp_pap_open(struct sppp *sp) 3541{ 3542 if (sp->hisauth.proto == PPP_PAP && 3543 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3544 /* we are authenticator for PAP, start our timer */ 3545 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3546 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3547 } 3548 if (sp->myauth.proto == PPP_PAP) { 3549 /* we are peer, send a request, and start a timer */ 3550 pap.scr(sp); 3551 TIMEOUT(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout, 3552 sp->pap_my_to_ch); 3553 } 3554} 3555 3556static void 3557sppp_pap_close(struct sppp *sp) 3558{ 3559 if (sp->state[IDX_PAP] != STATE_CLOSED) 3560 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3561} 3562 3563/* 3564 * That's the timeout routine if we are authenticator. Since the 3565 * authenticator is basically passive in PAP, we can't do much here. 3566 */ 3567static void 3568sppp_pap_TO(void *cookie) 3569{ 3570 struct sppp *sp = (struct sppp *)cookie; 3571 STDDCL; 3572 int s; 3573 3574 s = splimp(); 3575 if (debug) 3576 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 3577 SPP_ARGS(ifp), 3578 sppp_state_name(sp->state[IDX_PAP]), 3579 sp->rst_counter[IDX_PAP]); 3580 3581 if (--sp->rst_counter[IDX_PAP] < 0) 3582 /* TO- event */ 3583 switch (sp->state[IDX_PAP]) { 3584 case STATE_REQ_SENT: 3585 pap.tld(sp); 3586 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3587 break; 3588 } 3589 else 3590 /* TO+ event, not very much we could do */ 3591 switch (sp->state[IDX_PAP]) { 3592 case STATE_REQ_SENT: 3593 /* sppp_cp_change_state() will restart the timer */ 3594 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3595 break; 3596 } 3597 3598 splx(s); 3599} 3600 3601/* 3602 * That's the timeout handler if we are peer. Since the peer is active, 3603 * we need to retransmit our PAP request since it is apparently lost. 3604 * XXX We should impose a max counter. 3605 */ 3606static void 3607sppp_pap_my_TO(void *cookie) 3608{ 3609 struct sppp *sp = (struct sppp *)cookie; 3610 STDDCL; 3611 3612 if (debug) 3613 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 3614 SPP_ARGS(ifp)); 3615 3616 pap.scr(sp); 3617} 3618 3619static void 3620sppp_pap_tlu(struct sppp *sp) 3621{ 3622 STDDCL; 3623 int x; 3624 3625 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3626 3627 if (debug) 3628 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 3629 SPP_ARGS(ifp), pap.name); 3630 3631 x = splimp(); 3632 /* indicate to LCP that we need to be closed down */ 3633 sp->lcp.protos |= (1 << IDX_PAP); 3634 3635 if (sp->pp_flags & PP_NEEDAUTH) { 3636 /* 3637 * Remote is authenticator, but his auth proto didn't 3638 * complete yet. Defer the transition to network 3639 * phase. 3640 */ 3641 splx(x); 3642 return; 3643 } 3644 splx(x); 3645 sppp_phase_network(sp); 3646} 3647 3648static void 3649sppp_pap_tld(struct sppp *sp) 3650{ 3651 STDDCL; 3652 3653 if (debug) 3654 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 3655 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 3656 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3657 sp->lcp.protos &= ~(1 << IDX_PAP); 3658 3659 lcp.Close(sp); 3660} 3661 3662static void 3663sppp_pap_scr(struct sppp *sp) 3664{ 3665 u_char idlen, pwdlen; 3666 3667 sp->confid[IDX_PAP] = ++sp->pp_seq; 3668 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 3669 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 3670 3671 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 3672 sizeof idlen, (const char *)&idlen, 3673 (size_t)idlen, sp->myauth.name, 3674 sizeof pwdlen, (const char *)&pwdlen, 3675 (size_t)pwdlen, sp->myauth.secret, 3676 0); 3677} 3678 3679/* 3680 * Random miscellaneous functions. 3681 */ 3682 3683/* 3684 * Send a PAP or CHAP proto packet. 3685 * 3686 * Varadic function, each of the elements for the ellipsis is of type 3687 * ``size_t mlen, const u_char *msg''. Processing will stop iff 3688 * mlen == 0. 3689 * NOTE: never declare variadic functions with types subject to type 3690 * promotion (i.e. u_char). This is asking for big trouble depending 3691 * on the architecture you are on... 3692 */ 3693 3694static void 3695sppp_auth_send(const struct cp *cp, struct sppp *sp, 3696 unsigned int type, unsigned int id, 3697 ...) 3698{ 3699 STDDCL; 3700 struct ppp_header *h; 3701 struct lcp_header *lh; 3702 struct mbuf *m; 3703 u_char *p; 3704 int len; 3705 unsigned int mlen; 3706 const char *msg; 3707 va_list ap; 3708 3709 MGETHDR (m, M_DONTWAIT, MT_DATA); 3710 if (! m) 3711 return; 3712 m->m_pkthdr.rcvif = 0; 3713 3714 h = mtod (m, struct ppp_header*); 3715 h->address = PPP_ALLSTATIONS; /* broadcast address */ 3716 h->control = PPP_UI; /* Unnumbered Info */ 3717 h->protocol = htons(cp->proto); 3718 3719 lh = (struct lcp_header*)(h + 1); 3720 lh->type = type; 3721 lh->ident = id; 3722 p = (u_char*) (lh+1); 3723 3724 va_start(ap, id); 3725 len = 0; 3726 3727 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 3728 msg = va_arg(ap, const char *); 3729 len += mlen; 3730 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 3731 va_end(ap); 3732 m_freem(m); 3733 return; 3734 } 3735 3736 bcopy(msg, p, mlen); 3737 p += mlen; 3738 } 3739 va_end(ap); 3740 3741 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 3742 lh->len = htons (LCP_HEADER_LEN + len); 3743 3744 if (debug) { 3745 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 3746 SPP_ARGS(ifp), cp->name, 3747 sppp_auth_type_name(cp->proto, lh->type), 3748 lh->ident, ntohs(lh->len)); 3749 sppp_print_bytes((u_char*) (lh+1), len); 3750 log(-1, ">\n"); 3751 } 3752 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 3753 ifp->if_oerrors++; 3754} 3755 3756/* 3757 * Flush interface queue. 3758 */ 3759static void 3760sppp_qflush(struct ifqueue *ifq) 3761{ 3762 struct mbuf *m, *n; 3763 3764 n = ifq->ifq_head; 3765 while ((m = n)) { 3766 n = m->m_act; 3767 m_freem (m); 3768 } 3769 ifq->ifq_head = 0; 3770 ifq->ifq_tail = 0; 3771 ifq->ifq_len = 0; 3772} 3773 3774/* 3775 * Send keepalive packets, every 10 seconds. 3776 */ 3777static void 3778sppp_keepalive(void *dummy) 3779{ 3780 struct sppp *sp; 3781 int s; 3782 3783 s = splimp(); 3784 for (sp=spppq; sp; sp=sp->pp_next) { 3785 struct ifnet *ifp = &sp->pp_if; 3786 3787 /* Keepalive mode disabled or channel down? */ 3788 if (! (sp->pp_flags & PP_KEEPALIVE) || 3789 ! (ifp->if_flags & IFF_RUNNING)) 3790 continue; 3791 3792 /* No keepalive in PPP mode if LCP not opened yet. */ 3793 if (sp->pp_mode != IFF_CISCO && 3794 sp->pp_phase < PHASE_AUTHENTICATE) 3795 continue; 3796 3797 if (sp->pp_alivecnt == MAXALIVECNT) { 3798 /* No keepalive packets got. Stop the interface. */ 3799 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 3800 if_down (ifp); 3801 sppp_qflush (&sp->pp_cpq); 3802 if (sp->pp_mode != IFF_CISCO) { 3803 /* XXX */ 3804 /* Shut down the PPP link. */ 3805 lcp.Down(sp); 3806 /* Initiate negotiation. XXX */ 3807 lcp.Up(sp); 3808 } 3809 } 3810 if (sp->pp_alivecnt <= MAXALIVECNT) 3811 ++sp->pp_alivecnt; 3812 if (sp->pp_mode == IFF_CISCO) 3813 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, ++sp->pp_seq, 3814 sp->pp_rseq); 3815 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 3816 long nmagic = htonl (sp->lcp.magic); 3817 sp->lcp.echoid = ++sp->pp_seq; 3818 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 3819 sp->lcp.echoid, 4, &nmagic); 3820 } 3821 } 3822 splx(s); 3823 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 3824} 3825 3826/* 3827 * Get both IP addresses. 3828 */ 3829static void 3830sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 3831{ 3832 struct ifnet *ifp = &sp->pp_if; 3833 struct ifaddr *ifa; 3834 struct sockaddr_in *si, *sm; 3835 u_long ssrc, ddst; 3836 3837 sm = NULL; 3838 ssrc = ddst = 0L; 3839 /* 3840 * Pick the first AF_INET address from the list, 3841 * aliases don't make any sense on a p2p link anyway. 3842 */ 3843 si = 0; 3844#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3845 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 3846#elif defined(__NetBSD__) || defined (__OpenBSD__) 3847 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 3848 ifa; 3849 ifa = TAILQ_NEXT(ifa, ifa_list)) 3850#else 3851 for (ifa = ifp->if_addrlist; 3852 ifa; 3853 ifa = ifa->ifa_next) 3854#endif 3855 if (ifa->ifa_addr->sa_family == AF_INET) { 3856 si = (struct sockaddr_in *)ifa->ifa_addr; 3857 sm = (struct sockaddr_in *)ifa->ifa_netmask; 3858 if (si) 3859 break; 3860 } 3861 if (ifa) { 3862 if (si && si->sin_addr.s_addr) { 3863 ssrc = si->sin_addr.s_addr; 3864 if (srcmask) 3865 *srcmask = ntohl(sm->sin_addr.s_addr); 3866 } 3867 3868 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 3869 if (si && si->sin_addr.s_addr) 3870 ddst = si->sin_addr.s_addr; 3871 } 3872 3873 if (dst) *dst = ntohl(ddst); 3874 if (src) *src = ntohl(ssrc); 3875} 3876 3877/* 3878 * Set my IP address. Must be called at splimp. 3879 */ 3880static void 3881sppp_set_ip_addr(struct sppp *sp, u_long src) 3882{ 3883 STDDCL; 3884 struct ifaddr *ifa; 3885 struct sockaddr_in *si; 3886 3887 /* 3888 * Pick the first AF_INET address from the list, 3889 * aliases don't make any sense on a p2p link anyway. 3890 */ 3891 si = 0; 3892#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3893 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 3894#elif defined(__NetBSD__) || defined (__OpenBSD__) 3895 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 3896 ifa; 3897 ifa = TAILQ_NEXT(ifa, ifa_list)) 3898#else 3899 for (ifa = ifp->if_addrlist; 3900 ifa; 3901 ifa = ifa->ifa_next) 3902#endif 3903 { 3904 if (ifa->ifa_addr->sa_family == AF_INET) 3905 { 3906 si = (struct sockaddr_in *)ifa->ifa_addr; 3907 if (si) 3908 break; 3909 } 3910 } 3911 3912 if (ifa && si) 3913 { 3914 int error; 3915#if __NetBSD_Version__ >= 103080000 3916 struct sockaddr_in new_sin = *si; 3917 3918 new_sin.sin_addr.s_addr = htonl(src); 3919 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 3920 if(debug && error) 3921 { 3922 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 3923 " failed, error=%d\n", SPP_ARGS(ifp), error); 3924 } 3925#else 3926 /* delete old route */ 3927 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 3928 if(debug && error) 3929 { 3930 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 3931 SPP_ARGS(ifp), error); 3932 } 3933 3934 /* set new address */ 3935 si->sin_addr.s_addr = htonl(src); 3936 3937 /* add new route */ 3938 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 3939 if (debug && error) 3940 { 3941 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 3942 SPP_ARGS(ifp), error); 3943 } 3944#endif 3945 } 3946} 3947 3948static int 3949sppp_params(struct sppp *sp, u_long cmd, void *data) 3950{ 3951 u_long subcmd; 3952 struct ifreq *ifr = (struct ifreq *)data; 3953 struct spppreq spr; 3954 3955 /* 3956 * ifr->ifr_data is supposed to point to a struct spppreq. 3957 * Check the cmd word first before attempting to fetch all the 3958 * data. 3959 */ 3960 if ((subcmd = fuword(ifr->ifr_data)) == -1) 3961 return EFAULT; 3962 3963 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0) 3964 return EFAULT; 3965 3966 switch (subcmd) { 3967 case SPPPIOGDEFS: 3968 if (cmd != SIOCGIFGENERIC) 3969 return EINVAL; 3970 /* 3971 * We copy over the entire current state, but clean 3972 * out some of the stuff we don't wanna pass up. 3973 * Remember, SIOCGIFGENERIC is unprotected, and can be 3974 * called by any user. No need to ever get PAP or 3975 * CHAP secrets back to userland anyway. 3976 */ 3977 bcopy(sp, &spr.defs, sizeof(struct sppp)); 3978 bzero(spr.defs.myauth.secret, AUTHKEYLEN); 3979 bzero(spr.defs.myauth.challenge, AUTHKEYLEN); 3980 bzero(spr.defs.hisauth.secret, AUTHKEYLEN); 3981 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN); 3982 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr); 3983 3984 case SPPPIOSDEFS: 3985 if (cmd != SIOCSIFGENERIC) 3986 return EINVAL; 3987 /* 3988 * We have a very specific idea of which fields we allow 3989 * being passed back from userland, so to not clobber our 3990 * current state. For one, we only allow setting 3991 * anything if LCP is in dead phase. Once the LCP 3992 * negotiations started, the authentication settings must 3993 * not be changed again. (The administrator can force an 3994 * ifconfig down in order to get LCP back into dead 3995 * phase.) 3996 * 3997 * Also, we only allow for authentication parameters to be 3998 * specified. 3999 * 4000 * XXX Should allow to set or clear pp_flags. 4001 * 4002 * Finally, if the respective authentication protocol to 4003 * be used is set differently than 0, but the secret is 4004 * passed as all zeros, we don't trash the existing secret. 4005 * This allows an administrator to change the system name 4006 * only without clobbering the secret (which he didn't get 4007 * back in a previous SPPPIOGDEFS call). However, the 4008 * secrets are cleared if the authentication protocol is 4009 * reset to 0. 4010 */ 4011 if (sp->pp_phase != PHASE_DEAD) 4012 return EBUSY; 4013 4014 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP && 4015 spr.defs.myauth.proto != PPP_CHAP) || 4016 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP && 4017 spr.defs.hisauth.proto != PPP_CHAP)) 4018 return EINVAL; 4019 4020 if (spr.defs.myauth.proto == 0) 4021 /* resetting myauth */ 4022 bzero(&sp->myauth, sizeof sp->myauth); 4023 else { 4024 /* setting/changing myauth */ 4025 sp->myauth.proto = spr.defs.myauth.proto; 4026 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 4027 if (spr.defs.myauth.secret[0] != '\0') 4028 bcopy(spr.defs.myauth.secret, sp->myauth.secret, 4029 AUTHKEYLEN); 4030 } 4031 if (spr.defs.hisauth.proto == 0) 4032 /* resetting hisauth */ 4033 bzero(&sp->hisauth, sizeof sp->hisauth); 4034 else { 4035 /* setting/changing hisauth */ 4036 sp->hisauth.proto = spr.defs.hisauth.proto; 4037 sp->hisauth.flags = spr.defs.hisauth.flags; 4038 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 4039 if (spr.defs.hisauth.secret[0] != '\0') 4040 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret, 4041 AUTHKEYLEN); 4042 } 4043 break; 4044 4045 default: 4046 return EINVAL; 4047 } 4048 4049 return 0; 4050} 4051 4052static void 4053sppp_phase_network(struct sppp *sp) 4054{ 4055 STDDCL; 4056 int i; 4057 u_long mask; 4058 4059 sp->pp_phase = PHASE_NETWORK; 4060 4061 if (debug) 4062 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 4063 sppp_phase_name(sp->pp_phase)); 4064 4065 /* Notify NCPs now. */ 4066 for (i = 0; i < IDX_COUNT; i++) 4067 if ((cps[i])->flags & CP_NCP) 4068 (cps[i])->Open(sp); 4069 4070 /* Send Up events to all NCPs. */ 4071 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 4072 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 4073 (cps[i])->Up(sp); 4074 4075 /* if no NCP is starting, all this was in vain, close down */ 4076 sppp_lcp_check_and_close(sp); 4077} 4078 4079 4080static const char * 4081sppp_cp_type_name(u_char type) 4082{ 4083 static char buf[12]; 4084 switch (type) { 4085 case CONF_REQ: return "conf-req"; 4086 case CONF_ACK: return "conf-ack"; 4087 case CONF_NAK: return "conf-nak"; 4088 case CONF_REJ: return "conf-rej"; 4089 case TERM_REQ: return "term-req"; 4090 case TERM_ACK: return "term-ack"; 4091 case CODE_REJ: return "code-rej"; 4092 case PROTO_REJ: return "proto-rej"; 4093 case ECHO_REQ: return "echo-req"; 4094 case ECHO_REPLY: return "echo-reply"; 4095 case DISC_REQ: return "discard-req"; 4096 } 4097 snprintf (buf, sizeof(buf), "cp/0x%x", type); 4098 return buf; 4099} 4100 4101static const char * 4102sppp_auth_type_name(u_short proto, u_char type) 4103{ 4104 static char buf[12]; 4105 switch (proto) { 4106 case PPP_CHAP: 4107 switch (type) { 4108 case CHAP_CHALLENGE: return "challenge"; 4109 case CHAP_RESPONSE: return "response"; 4110 case CHAP_SUCCESS: return "success"; 4111 case CHAP_FAILURE: return "failure"; 4112 } 4113 case PPP_PAP: 4114 switch (type) { 4115 case PAP_REQ: return "req"; 4116 case PAP_ACK: return "ack"; 4117 case PAP_NAK: return "nak"; 4118 } 4119 } 4120 snprintf (buf, sizeof(buf), "auth/0x%x", type); 4121 return buf; 4122} 4123 4124static const char * 4125sppp_lcp_opt_name(u_char opt) 4126{ 4127 static char buf[12]; 4128 switch (opt) { 4129 case LCP_OPT_MRU: return "mru"; 4130 case LCP_OPT_ASYNC_MAP: return "async-map"; 4131 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 4132 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 4133 case LCP_OPT_MAGIC: return "magic"; 4134 case LCP_OPT_PROTO_COMP: return "proto-comp"; 4135 case LCP_OPT_ADDR_COMP: return "addr-comp"; 4136 } 4137 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 4138 return buf; 4139} 4140 4141static const char * 4142sppp_ipcp_opt_name(u_char opt) 4143{ 4144 static char buf[12]; 4145 switch (opt) { 4146 case IPCP_OPT_ADDRESSES: return "addresses"; 4147 case IPCP_OPT_COMPRESSION: return "compression"; 4148 case IPCP_OPT_ADDRESS: return "address"; 4149 } 4150 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 4151 return buf; 4152} 4153 4154static const char * 4155sppp_state_name(int state) 4156{ 4157 switch (state) { 4158 case STATE_INITIAL: return "initial"; 4159 case STATE_STARTING: return "starting"; 4160 case STATE_CLOSED: return "closed"; 4161 case STATE_STOPPED: return "stopped"; 4162 case STATE_CLOSING: return "closing"; 4163 case STATE_STOPPING: return "stopping"; 4164 case STATE_REQ_SENT: return "req-sent"; 4165 case STATE_ACK_RCVD: return "ack-rcvd"; 4166 case STATE_ACK_SENT: return "ack-sent"; 4167 case STATE_OPENED: return "opened"; 4168 } 4169 return "illegal"; 4170} 4171 4172static const char * 4173sppp_phase_name(enum ppp_phase phase) 4174{ 4175 switch (phase) { 4176 case PHASE_DEAD: return "dead"; 4177 case PHASE_ESTABLISH: return "establish"; 4178 case PHASE_TERMINATE: return "terminate"; 4179 case PHASE_AUTHENTICATE: return "authenticate"; 4180 case PHASE_NETWORK: return "network"; 4181 } 4182 return "illegal"; 4183} 4184 4185static const char * 4186sppp_proto_name(u_short proto) 4187{ 4188 static char buf[12]; 4189 switch (proto) { 4190 case PPP_LCP: return "lcp"; 4191 case PPP_IPCP: return "ipcp"; 4192 case PPP_PAP: return "pap"; 4193 case PPP_CHAP: return "chap"; 4194 } 4195 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 4196 return buf; 4197} 4198 4199static void 4200sppp_print_bytes(const u_char *p, u_short len) 4201{ 4202 if (len) 4203 log(-1, " %*D", len, p, "-"); 4204} 4205 4206static void 4207sppp_print_string(const char *p, u_short len) 4208{ 4209 u_char c; 4210 4211 while (len-- > 0) { 4212 c = *p++; 4213 /* 4214 * Print only ASCII chars directly. RFC 1994 recommends 4215 * using only them, but we don't rely on it. */ 4216 if (c < ' ' || c > '~') 4217 log(-1, "\\x%x", c); 4218 else 4219 log(-1, "%c", c); 4220 } 4221} 4222 4223static const char * 4224sppp_dotted_quad(u_long addr) 4225{ 4226 static char s[16]; 4227 sprintf(s, "%d.%d.%d.%d", 4228 (int)((addr >> 24) & 0xff), 4229 (int)((addr >> 16) & 0xff), 4230 (int)((addr >> 8) & 0xff), 4231 (int)(addr & 0xff)); 4232 return s; 4233} 4234 4235static int 4236sppp_strnlen(u_char *p, int max) 4237{ 4238 int len; 4239 4240 for (len = 0; len < max && *p; ++p) 4241 ++len; 4242 return len; 4243} 4244 4245/* a dummy, used to drop uninteresting events */ 4246static void 4247sppp_null(struct sppp *unused) 4248{ 4249 /* do just nothing */ 4250} 4251