sys/net/if_spppsubr.c

4910Swollman/*
4910Swollman * Synchronous PPP/Cisco link level subroutines.
4910Swollman * Keepalive protocol implemented in both Cisco and PPP modes.
4910Swollman *
30300Sjoerg * Copyright (C) 1994-1996 Cronyx Engineering Ltd.
25944Sjoerg * Author: Serge Vakulenko, <vak@cronyx.ru>
4910Swollman *
25944Sjoerg * Heavily revamped to conform to RFC 1661.
88534Sjoerg * Copyright (C) 1997, 2001 Joerg Wunsch.
25944Sjoerg *
4910Swollman * This software is distributed with NO WARRANTIES, not even the implied
4910Swollman * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
4910Swollman *
4910Swollman * Authors grant any other persons or organisations permission to use
4910Swollman * or modify this software as long as this message is kept with the software,
4910Swollman * all derivative works or modified versions.
4910Swollman *
30300Sjoerg * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997
16288Sgpalmer *
50477Speter * $FreeBSD: head/sys/net/if_spppsubr.c 88600 2001-12-28 23:36:35Z joerg $
4910Swollman */
4910Swollman
40008Sjoerg#include <sys/param.h>
40008Sjoerg
42065Sphk#if defined(__FreeBSD__) && __FreeBSD__ >= 3
32350Seivind#include "opt_inet.h"
54263Sshin#include "opt_inet6.h"
31742Seivind#include "opt_ipx.h"
40008Sjoerg#endif
31742Seivind
40008Sjoerg#ifdef NetBSD1_3
40008Sjoerg#  if NetBSD1_3 > 6
40008Sjoerg#      include "opt_inet.h"
54263Sshin#      include "opt_inet6.h"
40008Sjoerg#      include "opt_iso.h"
40008Sjoerg#  endif
40008Sjoerg#endif
40008Sjoerg
4952Sbde#include <sys/systm.h>
4952Sbde#include <sys/kernel.h>
70199Sjhay#include <sys/module.h>
24204Sbde#include <sys/sockio.h>
4910Swollman#include <sys/socket.h>
25706Sjoerg#include <sys/syslog.h>
42104Sphk#if defined(__FreeBSD__) && __FreeBSD__ >= 3
59604Sobrien#include <sys/random.h>
42104Sphk#endif
29024Sbde#include <sys/malloc.h>
4910Swollman#include <sys/mbuf.h>
40008Sjoerg
40008Sjoerg#if defined (__OpenBSD__)
40008Sjoerg#include <sys/md5k.h>
40008Sjoerg#else
30300Sjoerg#include <sys/md5.h>
40008Sjoerg#endif
4910Swollman
4910Swollman#include <net/if.h>
4910Swollman#include <net/netisr.h>
4910Swollman#include <net/if_types.h>
42104Sphk#include <net/route.h>
88534Sjoerg#include <netinet/in.h>
88534Sjoerg#include <netinet/in_systm.h>
88534Sjoerg#include <netinet/ip.h>
88534Sjoerg#include <net/slcompress.h>
4910Swollman
40008Sjoerg#if defined (__NetBSD__) || defined (__OpenBSD__)
40008Sjoerg#include <machine/cpu.h> /* XXX for softnet */
40008Sjoerg#endif
42104Sphk
30300Sjoerg#include <machine/stdarg.h>
30300Sjoerg
4910Swollman#ifdef INET
4910Swollman#include <netinet/in.h>
4910Swollman#include <netinet/in_systm.h>
4910Swollman#include <netinet/in_var.h>
4910Swollman#include <netinet/ip.h>
4910Swollman#include <netinet/tcp.h>
40008Sjoerg# if defined (__FreeBSD__) || defined (__OpenBSD__)
40008Sjoerg#  include <netinet/if_ether.h>
40008Sjoerg# else
40008Sjoerg#  include <net/ethertypes.h>
40008Sjoerg# endif
4910Swollman#endif
4910Swollman
11819Sjulian#ifdef IPX
11819Sjulian#include <netipx/ipx.h>
11819Sjulian#include <netipx/ipx_if.h>
11819Sjulian#endif
11819Sjulian
4910Swollman#ifdef NS
4910Swollman#include <netns/ns.h>
4910Swollman#include <netns/ns_if.h>
4910Swollman#endif
4910Swollman
4910Swollman#include <net/if_sppp.h>
4910Swollman
42065Sphk#if defined(__FreeBSD__) && __FreeBSD__ >= 3
42064Sphk# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg, handle)
42064Sphk# define TIMEOUT(fun, arg1, arg2, handle) handle = timeout(fun, arg1, arg2)
42104Sphk# define IOCTL_CMD_T	u_long
40008Sjoerg#else
42064Sphk# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg)
42064Sphk# define TIMEOUT(fun, arg1, arg2, handle) timeout(fun, arg1, arg2)
42104Sphk# define IOCTL_CMD_T	int
40008Sjoerg#endif
42104Sphk
4910Swollman#define MAXALIVECNT     3               /* max. alive packets */
4910Swollman
25944Sjoerg/*
25944Sjoerg * Interface flags that can be set in an ifconfig command.
25944Sjoerg *
25955Sjoerg * Setting link0 will make the link passive, i.e. it will be marked
25944Sjoerg * as being administrative openable, but won't be opened to begin
25944Sjoerg * with.  Incoming calls will be answered, or subsequent calls with
25944Sjoerg * -link1 will cause the administrative open of the LCP layer.
25955Sjoerg *
25955Sjoerg * Setting link1 will cause the link to auto-dial only as packets
25955Sjoerg * arrive to be sent.
30300Sjoerg *
30300Sjoerg * Setting IFF_DEBUG will syslog the option negotiation and state
30300Sjoerg * transitions at level kern.debug.  Note: all logs consistently look
30300Sjoerg * like
30300Sjoerg *
30300Sjoerg *   <if-name><unit>: <proto-name> <additional info...>
30300Sjoerg *
30300Sjoerg * with <if-name><unit> being something like "bppp0", and <proto-name>
30300Sjoerg * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc.
25944Sjoerg */
25944Sjoerg
25955Sjoerg#define IFF_PASSIVE	IFF_LINK0	/* wait passively for connection */
25955Sjoerg#define IFF_AUTO	IFF_LINK1	/* auto-dial on output */
45152Sphk#define IFF_CISCO	IFF_LINK2	/* auto-dial on output */
25944Sjoerg
30300Sjoerg#define PPP_ALLSTATIONS 0xff		/* All-Stations broadcast address */
30300Sjoerg#define PPP_UI		0x03		/* Unnumbered Information */
30300Sjoerg#define PPP_IP		0x0021		/* Internet Protocol */
30300Sjoerg#define PPP_ISO		0x0023		/* ISO OSI Protocol */
30300Sjoerg#define PPP_XNS		0x0025		/* Xerox NS Protocol */
30300Sjoerg#define PPP_IPX		0x002b		/* Novell IPX Protocol */
88534Sjoerg#define PPP_VJ_COMP	0x002d		/* VJ compressed TCP/IP */
88534Sjoerg#define PPP_VJ_UCOMP	0x002f		/* VJ uncompressed TCP/IP */
78064Sume#define PPP_IPV6	0x0057		/* Internet Protocol Version 6 */
30300Sjoerg#define PPP_LCP		0xc021		/* Link Control Protocol */
30300Sjoerg#define PPP_PAP		0xc023		/* Password Authentication Protocol */
30300Sjoerg#define PPP_CHAP	0xc223		/* Challenge-Handshake Auth Protocol */
30300Sjoerg#define PPP_IPCP	0x8021		/* Internet Protocol Control Protocol */
78064Sume#define PPP_IPV6CP	0x8057		/* IPv6 Control Protocol */
4910Swollman
25944Sjoerg#define CONF_REQ	1		/* PPP configure request */
25944Sjoerg#define CONF_ACK	2		/* PPP configure acknowledge */
25944Sjoerg#define CONF_NAK	3		/* PPP configure negative ack */
25944Sjoerg#define CONF_REJ	4		/* PPP configure reject */
25944Sjoerg#define TERM_REQ	5		/* PPP terminate request */
25944Sjoerg#define TERM_ACK	6		/* PPP terminate acknowledge */
25944Sjoerg#define CODE_REJ	7		/* PPP code reject */
25944Sjoerg#define PROTO_REJ	8		/* PPP protocol reject */
25944Sjoerg#define ECHO_REQ	9		/* PPP echo request */
25944Sjoerg#define ECHO_REPLY	10		/* PPP echo reply */
25944Sjoerg#define DISC_REQ	11		/* PPP discard request */
4910Swollman
30300Sjoerg#define LCP_OPT_MRU		1	/* maximum receive unit */
30300Sjoerg#define LCP_OPT_ASYNC_MAP	2	/* async control character map */
30300Sjoerg#define LCP_OPT_AUTH_PROTO	3	/* authentication protocol */
30300Sjoerg#define LCP_OPT_QUAL_PROTO	4	/* quality protocol */
30300Sjoerg#define LCP_OPT_MAGIC		5	/* magic number */
30300Sjoerg#define LCP_OPT_RESERVED	6	/* reserved */
30300Sjoerg#define LCP_OPT_PROTO_COMP	7	/* protocol field compression */
30300Sjoerg#define LCP_OPT_ADDR_COMP	8	/* address/control field compression */
4910Swollman
25944Sjoerg#define IPCP_OPT_ADDRESSES	1	/* both IP addresses; deprecated */
25944Sjoerg#define IPCP_OPT_COMPRESSION	2	/* IP compression protocol (VJ) */
25944Sjoerg#define IPCP_OPT_ADDRESS	3	/* local IP address */
4910Swollman
78064Sume#define IPV6CP_OPT_IFID	1	/* interface identifier */
78064Sume#define IPV6CP_OPT_COMPRESSION	2	/* IPv6 compression protocol */
78064Sume
88534Sjoerg#define IPCP_COMP_VJ		0x2d	/* Code for VJ compression */
88534Sjoerg
30300Sjoerg#define PAP_REQ			1	/* PAP name/password request */
30300Sjoerg#define PAP_ACK			2	/* PAP acknowledge */
30300Sjoerg#define PAP_NAK			3	/* PAP fail */
4910Swollman
30300Sjoerg#define CHAP_CHALLENGE		1	/* CHAP challenge request */
30300Sjoerg#define CHAP_RESPONSE		2	/* CHAP challenge response */
30300Sjoerg#define CHAP_SUCCESS		3	/* CHAP response ok */
30300Sjoerg#define CHAP_FAILURE		4	/* CHAP response failed */
30300Sjoerg
30300Sjoerg#define CHAP_MD5		5	/* hash algorithm - MD5 */
30300Sjoerg
30300Sjoerg#define CISCO_MULTICAST		0x8f	/* Cisco multicast address */
30300Sjoerg#define CISCO_UNICAST		0x0f	/* Cisco unicast address */
30300Sjoerg#define CISCO_KEEPALIVE		0x8035	/* Cisco keepalive protocol */
30300Sjoerg#define CISCO_ADDR_REQ		0	/* Cisco address request */
30300Sjoerg#define CISCO_ADDR_REPLY	1	/* Cisco address reply */
30300Sjoerg#define CISCO_KEEPALIVE_REQ	2	/* Cisco keepalive request */
30300Sjoerg
25944Sjoerg/* states are named and numbered according to RFC 1661 */
25944Sjoerg#define STATE_INITIAL	0
25944Sjoerg#define STATE_STARTING	1
25944Sjoerg#define STATE_CLOSED	2
25944Sjoerg#define STATE_STOPPED	3
25944Sjoerg#define STATE_CLOSING	4
25944Sjoerg#define STATE_STOPPING	5
25944Sjoerg#define STATE_REQ_SENT	6
25944Sjoerg#define STATE_ACK_RCVD	7
25944Sjoerg#define STATE_ACK_SENT	8
25944Sjoerg#define STATE_OPENED	9
25944Sjoerg
4910Swollmanstruct ppp_header {
11189Sjkh	u_char address;
11189Sjkh	u_char control;
11189Sjkh	u_short protocol;
4910Swollman};
4910Swollman#define PPP_HEADER_LEN          sizeof (struct ppp_header)
4910Swollman
4910Swollmanstruct lcp_header {
11189Sjkh	u_char type;
11189Sjkh	u_char ident;
11189Sjkh	u_short len;
4910Swollman};
4910Swollman#define LCP_HEADER_LEN          sizeof (struct lcp_header)
4910Swollman
4910Swollmanstruct cisco_packet {
11189Sjkh	u_long type;
11189Sjkh	u_long par1;
11189Sjkh	u_long par2;
11189Sjkh	u_short rel;
11189Sjkh	u_short time0;
11189Sjkh	u_short time1;
4910Swollman};
4910Swollman#define CISCO_PACKET_LEN 18
4910Swollman
25944Sjoerg/*
25944Sjoerg * We follow the spelling and capitalization of RFC 1661 here, to make
25944Sjoerg * it easier comparing with the standard.  Please refer to this RFC in
25944Sjoerg * case you can't make sense out of these abbreviation; it will also
25944Sjoerg * explain the semantics related to the various events and actions.
25944Sjoerg */
25944Sjoergstruct cp {
25944Sjoerg	u_short	proto;		/* PPP control protocol number */
25944Sjoerg	u_char protoidx;	/* index into state table in struct sppp */
25944Sjoerg	u_char flags;
25944Sjoerg#define CP_LCP		0x01	/* this is the LCP */
25944Sjoerg#define CP_AUTH		0x02	/* this is an authentication protocol */
25944Sjoerg#define CP_NCP		0x04	/* this is a NCP */
25944Sjoerg#define CP_QUAL		0x08	/* this is a quality reporting protocol */
25944Sjoerg	const char *name;	/* name of this control protocol */
25944Sjoerg	/* event handlers */
25944Sjoerg	void	(*Up)(struct sppp *sp);
25944Sjoerg	void	(*Down)(struct sppp *sp);
25944Sjoerg	void	(*Open)(struct sppp *sp);
25944Sjoerg	void	(*Close)(struct sppp *sp);
25944Sjoerg	void	(*TO)(void *sp);
25944Sjoerg	int	(*RCR)(struct sppp *sp, struct lcp_header *h, int len);
25944Sjoerg	void	(*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len);
25944Sjoerg	void	(*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len);
25944Sjoerg	/* actions */
25944Sjoerg	void	(*tlu)(struct sppp *sp);
25944Sjoerg	void	(*tld)(struct sppp *sp);
25944Sjoerg	void	(*tls)(struct sppp *sp);
25944Sjoerg	void	(*tlf)(struct sppp *sp);
25944Sjoerg	void	(*scr)(struct sppp *sp);
25944Sjoerg};
25944Sjoerg
12820Sphkstatic struct sppp *spppq;
42065Sphk#if defined(__FreeBSD__) && __FreeBSD__ >= 3
30300Sjoergstatic struct callout_handle keepalive_ch;
40008Sjoerg#endif
4910Swollman
42065Sphk#if defined(__FreeBSD__) && __FreeBSD__ >= 3
40008Sjoerg#define	SPP_FMT		"%s%d: "
40008Sjoerg#define	SPP_ARGS(ifp)	(ifp)->if_name, (ifp)->if_unit
40008Sjoerg#else
40008Sjoerg#define	SPP_FMT		"%s: "
40008Sjoerg#define	SPP_ARGS(ifp)	(ifp)->if_xname
40008Sjoerg#endif
40008Sjoerg
4910Swollman/*
4910Swollman * The following disgusting hack gets around the problem that IP TOS
4910Swollman * can't be set yet.  We want to put "interactive" traffic on a high
4910Swollman * priority queue.  To decide if traffic is interactive, we check that
4910Swollman * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control.
30300Sjoerg *
30300Sjoerg * XXX is this really still necessary?  - joerg -
4910Swollman */
11189Sjkhstatic u_short interactive_ports[8] = {
4910Swollman	0,	513,	0,	0,
4910Swollman	0,	21,	0,	23,
4910Swollman};
4910Swollman#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p))
4910Swollman
25944Sjoerg/* almost every function needs these */
25944Sjoerg#define STDDCL							\
25944Sjoerg	struct ifnet *ifp = &sp->pp_if;				\
25944Sjoerg	int debug = ifp->if_flags & IFF_DEBUG
11189Sjkh
30300Sjoergstatic int sppp_output(struct ifnet *ifp, struct mbuf *m,
25944Sjoerg		       struct sockaddr *dst, struct rtentry *rt);
4910Swollman
25944Sjoergstatic void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2);
25944Sjoergstatic void sppp_cisco_input(struct sppp *sp, struct mbuf *m);
25944Sjoerg
25944Sjoergstatic void sppp_cp_input(const struct cp *cp, struct sppp *sp,
25944Sjoerg			  struct mbuf *m);
25944Sjoergstatic void sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
25944Sjoerg			 u_char ident, u_short len, void *data);
42104Sphk/* static void sppp_cp_timeout(void *arg); */
25944Sjoergstatic void sppp_cp_change_state(const struct cp *cp, struct sppp *sp,
25944Sjoerg				 int newstate);
30300Sjoergstatic void sppp_auth_send(const struct cp *cp,
42104Sphk			   struct sppp *sp, unsigned int type, unsigned int id,
30300Sjoerg			   ...);
25944Sjoerg
25944Sjoergstatic void sppp_up_event(const struct cp *cp, struct sppp *sp);
25944Sjoergstatic void sppp_down_event(const struct cp *cp, struct sppp *sp);
25944Sjoergstatic void sppp_open_event(const struct cp *cp, struct sppp *sp);
25944Sjoergstatic void sppp_close_event(const struct cp *cp, struct sppp *sp);
25944Sjoergstatic void sppp_to_event(const struct cp *cp, struct sppp *sp);
25944Sjoerg
30300Sjoergstatic void sppp_null(struct sppp *sp);
30300Sjoerg
25944Sjoergstatic void sppp_lcp_init(struct sppp *sp);
25944Sjoergstatic void sppp_lcp_up(struct sppp *sp);
25944Sjoergstatic void sppp_lcp_down(struct sppp *sp);
25944Sjoergstatic void sppp_lcp_open(struct sppp *sp);
25944Sjoergstatic void sppp_lcp_close(struct sppp *sp);
25944Sjoergstatic void sppp_lcp_TO(void *sp);
25944Sjoergstatic int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
25944Sjoergstatic void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
25944Sjoergstatic void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
25944Sjoergstatic void sppp_lcp_tlu(struct sppp *sp);
25944Sjoergstatic void sppp_lcp_tld(struct sppp *sp);
25944Sjoergstatic void sppp_lcp_tls(struct sppp *sp);
25944Sjoergstatic void sppp_lcp_tlf(struct sppp *sp);
25944Sjoergstatic void sppp_lcp_scr(struct sppp *sp);
30300Sjoergstatic void sppp_lcp_check_and_close(struct sppp *sp);
30300Sjoergstatic int sppp_ncp_check(struct sppp *sp);
25944Sjoerg
25944Sjoergstatic void sppp_ipcp_init(struct sppp *sp);
25944Sjoergstatic void sppp_ipcp_up(struct sppp *sp);
25944Sjoergstatic void sppp_ipcp_down(struct sppp *sp);
25944Sjoergstatic void sppp_ipcp_open(struct sppp *sp);
25944Sjoergstatic void sppp_ipcp_close(struct sppp *sp);
25944Sjoergstatic void sppp_ipcp_TO(void *sp);
25944Sjoergstatic int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
25944Sjoergstatic void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
25944Sjoergstatic void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
25944Sjoergstatic void sppp_ipcp_tlu(struct sppp *sp);
25944Sjoergstatic void sppp_ipcp_tld(struct sppp *sp);
25944Sjoergstatic void sppp_ipcp_tls(struct sppp *sp);
25944Sjoergstatic void sppp_ipcp_tlf(struct sppp *sp);
25944Sjoergstatic void sppp_ipcp_scr(struct sppp *sp);
25944Sjoerg
78064Sumestatic void sppp_ipv6cp_init(struct sppp *sp);
78064Sumestatic void sppp_ipv6cp_up(struct sppp *sp);
78064Sumestatic void sppp_ipv6cp_down(struct sppp *sp);
78064Sumestatic void sppp_ipv6cp_open(struct sppp *sp);
78064Sumestatic void sppp_ipv6cp_close(struct sppp *sp);
78064Sumestatic void sppp_ipv6cp_TO(void *sp);
78064Sumestatic int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len);
78064Sumestatic void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
78064Sumestatic void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
78064Sumestatic void sppp_ipv6cp_tlu(struct sppp *sp);
78064Sumestatic void sppp_ipv6cp_tld(struct sppp *sp);
78064Sumestatic void sppp_ipv6cp_tls(struct sppp *sp);
78064Sumestatic void sppp_ipv6cp_tlf(struct sppp *sp);
78064Sumestatic void sppp_ipv6cp_scr(struct sppp *sp);
78064Sume
30300Sjoergstatic void sppp_pap_input(struct sppp *sp, struct mbuf *m);
30300Sjoergstatic void sppp_pap_init(struct sppp *sp);
30300Sjoergstatic void sppp_pap_open(struct sppp *sp);
30300Sjoergstatic void sppp_pap_close(struct sppp *sp);
30300Sjoergstatic void sppp_pap_TO(void *sp);
30300Sjoergstatic void sppp_pap_my_TO(void *sp);
30300Sjoergstatic void sppp_pap_tlu(struct sppp *sp);
30300Sjoergstatic void sppp_pap_tld(struct sppp *sp);
30300Sjoergstatic void sppp_pap_scr(struct sppp *sp);
30300Sjoerg
30300Sjoergstatic void sppp_chap_input(struct sppp *sp, struct mbuf *m);
30300Sjoergstatic void sppp_chap_init(struct sppp *sp);
30300Sjoergstatic void sppp_chap_open(struct sppp *sp);
30300Sjoergstatic void sppp_chap_close(struct sppp *sp);
30300Sjoergstatic void sppp_chap_TO(void *sp);
30300Sjoergstatic void sppp_chap_tlu(struct sppp *sp);
30300Sjoergstatic void sppp_chap_tld(struct sppp *sp);
30300Sjoergstatic void sppp_chap_scr(struct sppp *sp);
30300Sjoerg
30300Sjoergstatic const char *sppp_auth_type_name(u_short proto, u_char type);
25944Sjoergstatic const char *sppp_cp_type_name(u_char type);
30300Sjoergstatic const char *sppp_dotted_quad(u_long addr);
30300Sjoergstatic const char *sppp_ipcp_opt_name(u_char opt);
78064Sume#ifdef INET6
78064Sumestatic const char *sppp_ipv6cp_opt_name(u_char opt);
78064Sume#endif
25944Sjoergstatic const char *sppp_lcp_opt_name(u_char opt);
25944Sjoergstatic const char *sppp_phase_name(enum ppp_phase phase);
25944Sjoergstatic const char *sppp_proto_name(u_short proto);
30300Sjoergstatic const char *sppp_state_name(int state);
38343Sbdestatic int sppp_params(struct sppp *sp, u_long cmd, void *data);
30300Sjoergstatic int sppp_strnlen(u_char *p, int max);
30300Sjoergstatic void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst,
30300Sjoerg			      u_long *srcmask);
25944Sjoergstatic void sppp_keepalive(void *dummy);
30300Sjoergstatic void sppp_phase_network(struct sppp *sp);
30300Sjoergstatic void sppp_print_bytes(const u_char *p, u_short len);
30300Sjoergstatic void sppp_print_string(const char *p, u_short len);
25944Sjoergstatic void sppp_qflush(struct ifqueue *ifq);
25944Sjoergstatic void sppp_set_ip_addr(struct sppp *sp, u_long src);
78064Sume#ifdef INET6
78064Sumestatic void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src,
78064Sume			       struct in6_addr *dst, struct in6_addr *srcmask);
78064Sume#ifdef IPV6CP_MYIFID_DYN
78064Sumestatic void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src);
78064Sumestatic void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src);
78064Sume#endif
78064Sumestatic void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src);
78064Sume#endif
25944Sjoerg
25944Sjoerg/* our control protocol descriptors */
33181Seivindstatic const struct cp lcp = {
25944Sjoerg	PPP_LCP, IDX_LCP, CP_LCP, "lcp",
25944Sjoerg	sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close,
25944Sjoerg	sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak,
25944Sjoerg	sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf,
25944Sjoerg	sppp_lcp_scr
25944Sjoerg};
25944Sjoerg
33181Seivindstatic const struct cp ipcp = {
25944Sjoerg	PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp",
25944Sjoerg	sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close,
25944Sjoerg	sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak,
25944Sjoerg	sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf,
25944Sjoerg	sppp_ipcp_scr
25944Sjoerg};
25944Sjoerg
78064Sumestatic const struct cp ipv6cp = {
78064Sume	PPP_IPV6CP, IDX_IPV6CP,
78064Sume#ifdef INET6	/*don't run IPv6CP if there's no IPv6 support*/
78064Sume	CP_NCP,
78064Sume#else
78064Sume	0,
78064Sume#endif
78064Sume	"ipv6cp",
78064Sume	sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close,
78064Sume	sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak,
78064Sume	sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf,
78064Sume	sppp_ipv6cp_scr
78064Sume};
78064Sume
33181Seivindstatic const struct cp pap = {
30300Sjoerg	PPP_PAP, IDX_PAP, CP_AUTH, "pap",
30300Sjoerg	sppp_null, sppp_null, sppp_pap_open, sppp_pap_close,
30300Sjoerg	sppp_pap_TO, 0, 0, 0,
30300Sjoerg	sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null,
30300Sjoerg	sppp_pap_scr
30300Sjoerg};
30300Sjoerg
33181Seivindstatic const struct cp chap = {
30300Sjoerg	PPP_CHAP, IDX_CHAP, CP_AUTH, "chap",
30300Sjoerg	sppp_null, sppp_null, sppp_chap_open, sppp_chap_close,
30300Sjoerg	sppp_chap_TO, 0, 0, 0,
30300Sjoerg	sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null,
30300Sjoerg	sppp_chap_scr
30300Sjoerg};
30300Sjoerg
33181Seivindstatic const struct cp *cps[IDX_COUNT] = {
25944Sjoerg	&lcp,			/* IDX_LCP */
25944Sjoerg	&ipcp,			/* IDX_IPCP */
78064Sume	&ipv6cp,		/* IDX_IPV6CP */
30300Sjoerg	&pap,			/* IDX_PAP */
30300Sjoerg	&chap,			/* IDX_CHAP */
25944Sjoerg};
25944Sjoerg
70199Sjhaystatic int
70199Sjhaysppp_modevent(module_t mod, int type, void *unused)
70199Sjhay{
70199Sjhay	switch (type) {
70199Sjhay	case MOD_LOAD:
70199Sjhay		break;
70199Sjhay	case MOD_UNLOAD:
70199Sjhay		return EACCES;
70199Sjhay		break;
70199Sjhay	default:
70199Sjhay		break;
70199Sjhay	}
70199Sjhay	return 0;
70199Sjhay}
70199Sjhaystatic moduledata_t spppmod = {
70199Sjhay	"sppp",
70199Sjhay	sppp_modevent,
70199Sjhay	0
70199Sjhay};
70199SjhayMODULE_VERSION(sppp, 1);
70199SjhayDECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY);
25944Sjoerg
70199Sjhay/*
25944Sjoerg * Exported functions, comprising our interface to the lower layer.
4910Swollman */
4910Swollman
4910Swollman/*
4910Swollman * Process the received packet.
4910Swollman */
25706Sjoergvoid
25706Sjoergsppp_input(struct ifnet *ifp, struct mbuf *m)
4910Swollman{
4910Swollman	struct ppp_header *h;
4910Swollman	struct ifqueue *inq = 0;
25944Sjoerg	struct sppp *sp = (struct sppp *)ifp;
88577Sjoerg	int len, do_account = 0;
25944Sjoerg	int debug = ifp->if_flags & IFF_DEBUG;
4910Swollman
4910Swollman	if (ifp->if_flags & IFF_UP)
4910Swollman		/* Count received bytes, add FCS and one flag */
4910Swollman		ifp->if_ibytes += m->m_pkthdr.len + 3;
4910Swollman
4910Swollman	if (m->m_pkthdr.len <= PPP_HEADER_LEN) {
4910Swollman		/* Too small packet, drop it. */
25944Sjoerg		if (debug)
25706Sjoerg			log(LOG_DEBUG,
40008Sjoerg			    SPP_FMT "input packet is too small, %d bytes\n",
40008Sjoerg			    SPP_ARGS(ifp), m->m_pkthdr.len);
25944Sjoerg	  drop:
25944Sjoerg		++ifp->if_ierrors;
25944Sjoerg		++ifp->if_iqdrops;
4910Swollman		m_freem (m);
4910Swollman		return;
4910Swollman	}
4910Swollman
4910Swollman	/* Get PPP header. */
4910Swollman	h = mtod (m, struct ppp_header*);
4910Swollman	m_adj (m, PPP_HEADER_LEN);
4910Swollman
4910Swollman	switch (h->address) {
4910Swollman	case PPP_ALLSTATIONS:
4910Swollman		if (h->control != PPP_UI)
4910Swollman			goto invalid;
45152Sphk		if (sp->pp_mode == IFF_CISCO) {
25944Sjoerg			if (debug)
25706Sjoerg				log(LOG_DEBUG,
40008Sjoerg				    SPP_FMT "PPP packet in Cisco mode "
25706Sjoerg				    "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
40008Sjoerg				    SPP_ARGS(ifp),
25706Sjoerg				    h->address, h->control, ntohs(h->protocol));
11189Sjkh			goto drop;
11189Sjkh		}
4910Swollman		switch (ntohs (h->protocol)) {
4910Swollman		default:
25944Sjoerg			if (debug)
25706Sjoerg				log(LOG_DEBUG,
44145Sphk				    SPP_FMT "rejecting protocol "
25706Sjoerg				    "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
40008Sjoerg				    SPP_ARGS(ifp),
25706Sjoerg				    h->address, h->control, ntohs(h->protocol));
44145Sphk			if (sp->state[IDX_LCP] == STATE_OPENED)
44145Sphk				sppp_cp_send (sp, PPP_LCP, PROTO_REJ,
78064Sume					++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2,
44145Sphk					&h->protocol);
4910Swollman			++ifp->if_noproto;
4910Swollman			goto drop;
4910Swollman		case PPP_LCP:
30300Sjoerg			sppp_cp_input(&lcp, sp, m);
4910Swollman			m_freem (m);
4910Swollman			return;
30300Sjoerg		case PPP_PAP:
30300Sjoerg			if (sp->pp_phase >= PHASE_AUTHENTICATE)
30300Sjoerg				sppp_pap_input(sp, m);
30300Sjoerg			m_freem (m);
30300Sjoerg			return;
30300Sjoerg		case PPP_CHAP:
30300Sjoerg			if (sp->pp_phase >= PHASE_AUTHENTICATE)
30300Sjoerg				sppp_chap_input(sp, m);
30300Sjoerg			m_freem (m);
30300Sjoerg			return;
4910Swollman#ifdef INET
4910Swollman		case PPP_IPCP:
25944Sjoerg			if (sp->pp_phase == PHASE_NETWORK)
30300Sjoerg				sppp_cp_input(&ipcp, sp, m);
4910Swollman			m_freem (m);
4910Swollman			return;
4910Swollman		case PPP_IP:
25944Sjoerg			if (sp->state[IDX_IPCP] == STATE_OPENED) {
4910Swollman				schednetisr (NETISR_IP);
4910Swollman				inq = &ipintrq;
4910Swollman			}
88577Sjoerg			do_account++;
4910Swollman			break;
88534Sjoerg		case PPP_VJ_COMP:
88534Sjoerg			if (sp->state[IDX_IPCP] == STATE_OPENED) {
88534Sjoerg				if ((len =
88534Sjoerg				     sl_uncompress_tcp((u_char **)&m->m_data,
88534Sjoerg						       m->m_len,
88534Sjoerg						       TYPE_COMPRESSED_TCP,
88599Sjoerg						       sp->pp_comp)) <= 0)
88534Sjoerg					goto drop;
88534Sjoerg				m->m_len = m->m_pkthdr.len = len;
88534Sjoerg				schednetisr (NETISR_IP);
88534Sjoerg				inq = &ipintrq;
88534Sjoerg			}
88599Sjoerg			do_account++;
88534Sjoerg			break;
88534Sjoerg		case PPP_VJ_UCOMP:
88534Sjoerg			if (sp->state[IDX_IPCP] == STATE_OPENED) {
88534Sjoerg				if ((len =
88534Sjoerg				     sl_uncompress_tcp((u_char **)&m->m_data,
88534Sjoerg						       m->m_len,
88534Sjoerg						       TYPE_UNCOMPRESSED_TCP,
88599Sjoerg						       sp->pp_comp)) <= 0)
88534Sjoerg					goto drop;
88534Sjoerg				m->m_len = m->m_pkthdr.len = len;
88534Sjoerg				schednetisr (NETISR_IP);
88534Sjoerg				inq = &ipintrq;
88534Sjoerg			}
88599Sjoerg			do_account++;
88534Sjoerg			break;
78064Sume#endif
88599Sjoerg#ifdef INET6
88599Sjoerg		case PPP_IPV6CP:
88599Sjoerg			if (sp->pp_phase == PHASE_NETWORK)
88599Sjoerg			    sppp_cp_input(&ipv6cp, sp, m);
88599Sjoerg			m_freem (m);
88599Sjoerg			return;
88599Sjoerg
88599Sjoerg		case PPP_IPV6:
88599Sjoerg			if (sp->state[IDX_IPV6CP] == STATE_OPENED) {
88599Sjoerg				schednetisr (NETISR_IPV6);
88599Sjoerg				inq = &ip6intrq;
88599Sjoerg			}
88599Sjoerg			do_account++;
88599Sjoerg			break;
88599Sjoerg#endif
12495Speter#ifdef IPX
12495Speter		case PPP_IPX:
12495Speter			/* IPX IPXCP not implemented yet */
25944Sjoerg			if (sp->pp_phase == PHASE_NETWORK) {
12495Speter				schednetisr (NETISR_IPX);
12495Speter				inq = &ipxintrq;
12495Speter			}
88577Sjoerg			do_account++;
12495Speter			break;
12495Speter#endif
4910Swollman#ifdef NS
4910Swollman		case PPP_XNS:
4910Swollman			/* XNS IDPCP not implemented yet */
25944Sjoerg			if (sp->pp_phase == PHASE_NETWORK) {
4910Swollman				schednetisr (NETISR_NS);
4910Swollman				inq = &nsintrq;
4910Swollman			}
88577Sjoerg			do_account++;
4910Swollman			break;
4910Swollman#endif
4910Swollman		}
4910Swollman		break;
4910Swollman	case CISCO_MULTICAST:
4910Swollman	case CISCO_UNICAST:
4910Swollman		/* Don't check the control field here (RFC 1547). */
45152Sphk		if (sp->pp_mode != IFF_CISCO) {
25944Sjoerg			if (debug)
25706Sjoerg				log(LOG_DEBUG,
40008Sjoerg				    SPP_FMT "Cisco packet in PPP mode "
25706Sjoerg				    "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
40008Sjoerg				    SPP_ARGS(ifp),
25706Sjoerg				    h->address, h->control, ntohs(h->protocol));
11189Sjkh			goto drop;
11189Sjkh		}
4910Swollman		switch (ntohs (h->protocol)) {
4910Swollman		default:
4910Swollman			++ifp->if_noproto;
4910Swollman			goto invalid;
4910Swollman		case CISCO_KEEPALIVE:
4910Swollman			sppp_cisco_input ((struct sppp*) ifp, m);
4910Swollman			m_freem (m);
4910Swollman			return;
4910Swollman#ifdef INET
4910Swollman		case ETHERTYPE_IP:
4910Swollman			schednetisr (NETISR_IP);
4910Swollman			inq = &ipintrq;
88577Sjoerg			do_account++;
4910Swollman			break;
4910Swollman#endif
54263Sshin#ifdef INET6
54263Sshin		case ETHERTYPE_IPV6:
54263Sshin			schednetisr (NETISR_IPV6);
54263Sshin			inq = &ip6intrq;
88577Sjoerg			do_account++;
54263Sshin			break;
54263Sshin#endif
12495Speter#ifdef IPX
12495Speter		case ETHERTYPE_IPX:
12495Speter			schednetisr (NETISR_IPX);
12495Speter			inq = &ipxintrq;
88577Sjoerg			do_account++;
12495Speter			break;
12495Speter#endif
4910Swollman#ifdef NS
4910Swollman		case ETHERTYPE_NS:
4910Swollman			schednetisr (NETISR_NS);
4910Swollman			inq = &nsintrq;
88577Sjoerg			do_account++;
4910Swollman			break;
4910Swollman#endif
4910Swollman		}
4910Swollman		break;
25944Sjoerg	default:        /* Invalid PPP packet. */
25944Sjoerg	  invalid:
25944Sjoerg		if (debug)
25944Sjoerg			log(LOG_DEBUG,
40008Sjoerg			    SPP_FMT "invalid input packet "
25944Sjoerg			    "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
40008Sjoerg			    SPP_ARGS(ifp),
25944Sjoerg			    h->address, h->control, ntohs(h->protocol));
25944Sjoerg		goto drop;
4910Swollman	}
4910Swollman
4910Swollman	if (! (ifp->if_flags & IFF_UP) || ! inq)
4910Swollman		goto drop;
4910Swollman
4910Swollman	/* Check queue. */
69152Sjlemon	if (! IF_HANDOFF(inq, m, NULL)) {
25944Sjoerg		if (debug)
40008Sjoerg			log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n",
40008Sjoerg				SPP_ARGS(ifp));
4910Swollman		goto drop;
4910Swollman	}
88577Sjoerg	if (do_account)
88577Sjoerg		/*
88577Sjoerg		 * Do only account for network packets, not for control
88577Sjoerg		 * packets.  This is used by some subsystems to detect
88577Sjoerg		 * idle lines.
88577Sjoerg		 */
88577Sjoerg		sp->pp_last_recv = time_second;
4910Swollman}
4910Swollman
4910Swollman/*
4910Swollman * Enqueue transmit packet.
4910Swollman */
12820Sphkstatic int
25706Sjoergsppp_output(struct ifnet *ifp, struct mbuf *m,
25706Sjoerg	    struct sockaddr *dst, struct rtentry *rt)
4910Swollman{
4910Swollman	struct sppp *sp = (struct sppp*) ifp;
4910Swollman	struct ppp_header *h;
78064Sume	struct ifqueue *ifq = NULL;
25955Sjoerg	int s, rv = 0;
88534Sjoerg	int ipproto = PPP_IP;
42066Sphk	int debug = ifp->if_flags & IFF_DEBUG;
4910Swollman
25944Sjoerg	s = splimp();
25944Sjoerg
25944Sjoerg	if ((ifp->if_flags & IFF_UP) == 0 ||
25944Sjoerg	    (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) {
4910Swollman		m_freem (m);
4910Swollman		splx (s);
4910Swollman		return (ENETDOWN);
4910Swollman	}
4910Swollman
25944Sjoerg	if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) {
25944Sjoerg		/*
25944Sjoerg		 * Interface is not yet running, but auto-dial.  Need
25944Sjoerg		 * to start LCP for it.
25944Sjoerg		 */
25944Sjoerg		ifp->if_flags |= IFF_RUNNING;
25944Sjoerg		splx(s);
25944Sjoerg		lcp.Open(sp);
25944Sjoerg		s = splimp();
25944Sjoerg	}
25944Sjoerg
78134Sume	ifq = &ifp->if_snd;
4910Swollman#ifdef INET
12436Speter	if (dst->sa_family == AF_INET) {
40008Sjoerg		/* XXX Check mbuf length here? */
12436Speter		struct ip *ip = mtod (m, struct ip*);
12436Speter		struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl);
4910Swollman
42104Sphk		/*
42104Sphk		 * When using dynamic local IP address assignment by using
42104Sphk		 * 0.0.0.0 as a local address, the first TCP session will
42104Sphk		 * not connect because the local TCP checksum is computed
42104Sphk		 * using 0.0.0.0 which will later become our real IP address
42104Sphk		 * so the TCP checksum computed at the remote end will
42104Sphk		 * become invalid. So we
42104Sphk		 * - don't let packets with src ip addr 0 thru
42104Sphk		 * - we flag TCP packets with src ip 0 as an error
70199Sjhay		 */
42104Sphk
42104Sphk		if(ip->ip_src.s_addr == INADDR_ANY)	/* -hm */
42104Sphk		{
42104Sphk			m_freem(m);
42104Sphk			splx(s);
42104Sphk			if(ip->ip_p == IPPROTO_TCP)
42104Sphk				return(EADDRNOTAVAIL);
42104Sphk			else
42104Sphk				return(0);
42104Sphk		}
70199Sjhay
42104Sphk		/*
42104Sphk		 * Put low delay, telnet, rlogin and ftp control packets
42104Sphk		 * in front of the queue.
42104Sphk		 */
69152Sjlemon		if (_IF_QFULL(&sp->pp_fastq))
41686Sphk			;
41686Sphk		else if (ip->ip_tos & IPTOS_LOWDELAY)
12436Speter			ifq = &sp->pp_fastq;
41686Sphk		else if (m->m_len < sizeof *ip + sizeof *tcp)
41686Sphk			;
41686Sphk		else if (ip->ip_p != IPPROTO_TCP)
41686Sphk			;
41686Sphk		else if (INTERACTIVE (ntohs (tcp->th_sport)))
41686Sphk			ifq = &sp->pp_fastq;
41686Sphk		else if (INTERACTIVE (ntohs (tcp->th_dport)))
41686Sphk			ifq = &sp->pp_fastq;
88534Sjoerg
88534Sjoerg		/*
88534Sjoerg		 * Do IP Header compression
88534Sjoerg		 */
88534Sjoerg		if (sp->pp_mode != IFF_CISCO && (sp->ipcp.flags & IPCP_VJ) &&
88534Sjoerg		    ip->ip_p == IPPROTO_TCP)
88599Sjoerg			switch (sl_compress_tcp(m, ip, sp->pp_comp,
88534Sjoerg						sp->ipcp.compress_cid)) {
88534Sjoerg			case TYPE_COMPRESSED_TCP:
88534Sjoerg				ipproto = PPP_VJ_COMP;
88534Sjoerg				break;
88534Sjoerg			case TYPE_UNCOMPRESSED_TCP:
88534Sjoerg				ipproto = PPP_VJ_UCOMP;
88534Sjoerg				break;
88534Sjoerg			case TYPE_IP:
88534Sjoerg				ipproto = PPP_IP;
88534Sjoerg				break;
88534Sjoerg			default:
88534Sjoerg				m_freem(m);
88534Sjoerg				splx(s);
88534Sjoerg				return (EINVAL);
88534Sjoerg			}
4910Swollman	}
4910Swollman#endif
4910Swollman
78064Sume#ifdef INET6
78064Sume	if (dst->sa_family == AF_INET6) {
78064Sume		/* XXX do something tricky here? */
78064Sume	}
78064Sume#endif
78064Sume
4910Swollman	/*
4910Swollman	 * Prepend general data packet PPP header. For now, IP only.
4910Swollman	 */
4910Swollman	M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT);
4910Swollman	if (! m) {
42066Sphk		if (debug)
40008Sjoerg			log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n",
40008Sjoerg				SPP_ARGS(ifp));
25944Sjoerg		++ifp->if_oerrors;
4910Swollman		splx (s);
4910Swollman		return (ENOBUFS);
4910Swollman	}
40008Sjoerg	/*
40008Sjoerg	 * May want to check size of packet
40008Sjoerg	 * (albeit due to the implementation it's always enough)
40008Sjoerg	 */
4910Swollman	h = mtod (m, struct ppp_header*);
45152Sphk	if (sp->pp_mode == IFF_CISCO) {
28088Skjc		h->address = CISCO_UNICAST;        /* unicast address */
4910Swollman		h->control = 0;
4910Swollman	} else {
4910Swollman		h->address = PPP_ALLSTATIONS;        /* broadcast address */
4910Swollman		h->control = PPP_UI;                 /* Unnumbered Info */
4910Swollman	}
4910Swollman
4910Swollman	switch (dst->sa_family) {
4910Swollman#ifdef INET
4910Swollman	case AF_INET:   /* Internet Protocol */
45152Sphk		if (sp->pp_mode == IFF_CISCO)
11189Sjkh			h->protocol = htons (ETHERTYPE_IP);
11189Sjkh		else {
25955Sjoerg			/*
25955Sjoerg			 * Don't choke with an ENETDOWN early.  It's
25955Sjoerg			 * possible that we just started dialing out,
25955Sjoerg			 * so don't drop the packet immediately.  If
25955Sjoerg			 * we notice that we run out of buffer space
25955Sjoerg			 * below, we will however remember that we are
25955Sjoerg			 * not ready to carry IP packets, and return
25955Sjoerg			 * ENETDOWN, as opposed to ENOBUFS.
25955Sjoerg			 */
88534Sjoerg			h->protocol = htons(ipproto);
25955Sjoerg			if (sp->state[IDX_IPCP] != STATE_OPENED)
25955Sjoerg				rv = ENETDOWN;
11189Sjkh		}
4910Swollman		break;
4910Swollman#endif
54263Sshin#ifdef INET6
54263Sshin	case AF_INET6:   /* Internet Protocol */
54263Sshin		if (sp->pp_mode == IFF_CISCO)
54263Sshin			h->protocol = htons (ETHERTYPE_IPV6);
54263Sshin		else {
78064Sume			/*
78064Sume			 * Don't choke with an ENETDOWN early.  It's
78064Sume			 * possible that we just started dialing out,
78064Sume			 * so don't drop the packet immediately.  If
78064Sume			 * we notice that we run out of buffer space
78064Sume			 * below, we will however remember that we are
78064Sume			 * not ready to carry IP packets, and return
78064Sume			 * ENETDOWN, as opposed to ENOBUFS.
78064Sume			 */
78064Sume			h->protocol = htons(PPP_IPV6);
78064Sume			if (sp->state[IDX_IPV6CP] != STATE_OPENED)
78064Sume				rv = ENETDOWN;
54263Sshin		}
54263Sshin		break;
54263Sshin#endif
4910Swollman#ifdef NS
4910Swollman	case AF_NS:     /* Xerox NS Protocol */
45152Sphk		h->protocol = htons (sp->pp_mode == IFF_CISCO ?
4910Swollman			ETHERTYPE_NS : PPP_XNS);
4910Swollman		break;
4910Swollman#endif
11819Sjulian#ifdef IPX
12495Speter	case AF_IPX:     /* Novell IPX Protocol */
45152Sphk		h->protocol = htons (sp->pp_mode == IFF_CISCO ?
12495Speter			ETHERTYPE_IPX : PPP_IPX);
11819Sjulian		break;
11819Sjulian#endif
4910Swollman	default:
4910Swollman		m_freem (m);
25944Sjoerg		++ifp->if_oerrors;
4910Swollman		splx (s);
4910Swollman		return (EAFNOSUPPORT);
4910Swollman	}
4910Swollman
4910Swollman	/*
4910Swollman	 * Queue message on interface, and start output if interface
88577Sjoerg	 * not yet active.
4910Swollman	 */
69152Sjlemon	if (! IF_HANDOFF_ADJ(ifq, m, ifp, 3)) {
25944Sjoerg		++ifp->if_oerrors;
25955Sjoerg		return (rv? rv: ENOBUFS);
4910Swollman	}
88577Sjoerg	/*
88577Sjoerg	 * Unlike in sppp_input(), we can always bump the timestamp
88577Sjoerg	 * here since sppp_output() is only called on behalf of
88577Sjoerg	 * network-layer traffic; control-layer traffic is handled
88577Sjoerg	 * by sppp_cp_send().
88577Sjoerg	 */
88577Sjoerg	sp->pp_last_sent = time_second;
4910Swollman	return (0);
4910Swollman}
4910Swollman
25706Sjoergvoid
25706Sjoergsppp_attach(struct ifnet *ifp)
4910Swollman{
4910Swollman	struct sppp *sp = (struct sppp*) ifp;
4910Swollman
4910Swollman	/* Initialize keepalive handler. */
4910Swollman	if (! spppq)
42064Sphk		TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch);
4910Swollman
4910Swollman	/* Insert new entry into the keepalive list. */
4910Swollman	sp->pp_next = spppq;
4910Swollman	spppq = sp;
4910Swollman
42064Sphk	sp->pp_if.if_mtu = PP_MTU;
42064Sphk	sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST;
4910Swollman	sp->pp_if.if_type = IFT_PPP;
4910Swollman	sp->pp_if.if_output = sppp_output;
42104Sphk#if 0
42064Sphk	sp->pp_flags = PP_KEEPALIVE;
42104Sphk#endif
70199Sjhay 	sp->pp_if.if_snd.ifq_maxlen = 32;
70199Sjhay 	sp->pp_fastq.ifq_maxlen = 32;
70199Sjhay 	sp->pp_cpq.ifq_maxlen = 20;
4910Swollman	sp->pp_loopcnt = 0;
4910Swollman	sp->pp_alivecnt = 0;
78064Sume	bzero(&sp->pp_seq[0], sizeof(sp->pp_seq));
78064Sume	bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq));
25944Sjoerg	sp->pp_phase = PHASE_DEAD;
25944Sjoerg	sp->pp_up = lcp.Up;
25944Sjoerg	sp->pp_down = lcp.Down;
69152Sjlemon	mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", MTX_DEF);
69152Sjlemon	mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", MTX_DEF);
88599Sjoerg	sp->pp_last_recv = sp->pp_last_sent = time_second;
88534Sjoerg	sp->enable_vj = 1;
88599Sjoerg	sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAIT);
88599Sjoerg	sl_compress_init(sp->pp_comp, -1);
25944Sjoerg	sppp_lcp_init(sp);
25944Sjoerg	sppp_ipcp_init(sp);
78064Sume	sppp_ipv6cp_init(sp);
30300Sjoerg	sppp_pap_init(sp);
30300Sjoerg	sppp_chap_init(sp);
4910Swollman}
4910Swollman
30300Sjoergvoid
25706Sjoergsppp_detach(struct ifnet *ifp)
4910Swollman{
4910Swollman	struct sppp **q, *p, *sp = (struct sppp*) ifp;
25944Sjoerg	int i;
4910Swollman
4910Swollman	/* Remove the entry from the keepalive list. */
4910Swollman	for (q = &spppq; (p = *q); q = &p->pp_next)
4910Swollman		if (p == sp) {
4910Swollman			*q = p->pp_next;
4910Swollman			break;
4910Swollman		}
4910Swollman
4910Swollman	/* Stop keepalive handler. */
4910Swollman	if (! spppq)
40008Sjoerg		UNTIMEOUT(sppp_keepalive, 0, keepalive_ch);
25944Sjoerg
25944Sjoerg	for (i = 0; i < IDX_COUNT; i++)
40008Sjoerg		UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]);
40008Sjoerg	UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
69152Sjlemon	mtx_destroy(&sp->pp_cpq.ifq_mtx);
69152Sjlemon	mtx_destroy(&sp->pp_fastq.ifq_mtx);
4910Swollman}
4910Swollman
4910Swollman/*
4910Swollman * Flush the interface output queue.
4910Swollman */
25706Sjoergvoid
25706Sjoergsppp_flush(struct ifnet *ifp)
4910Swollman{
4910Swollman	struct sppp *sp = (struct sppp*) ifp;
4910Swollman
25944Sjoerg	sppp_qflush (&sp->pp_if.if_snd);
25944Sjoerg	sppp_qflush (&sp->pp_fastq);
26018Sjoerg	sppp_qflush (&sp->pp_cpq);
4910Swollman}
4910Swollman
4910Swollman/*
11189Sjkh * Check if the output queue is empty.
11189Sjkh */
12820Sphkint
25706Sjoergsppp_isempty(struct ifnet *ifp)
11189Sjkh{
11189Sjkh	struct sppp *sp = (struct sppp*) ifp;
25944Sjoerg	int empty, s;
11189Sjkh
25944Sjoerg	s = splimp();
26018Sjoerg	empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head &&
26018Sjoerg		!sp->pp_if.if_snd.ifq_head;
25944Sjoerg	splx(s);
11189Sjkh	return (empty);
11189Sjkh}
11189Sjkh
11189Sjkh/*
4910Swollman * Get next packet to send.
4910Swollman */
25706Sjoergstruct mbuf *
25706Sjoergsppp_dequeue(struct ifnet *ifp)
4910Swollman{
4910Swollman	struct sppp *sp = (struct sppp*) ifp;
4910Swollman	struct mbuf *m;
25944Sjoerg	int s;
4910Swollman
25944Sjoerg	s = splimp();
26018Sjoerg	/*
30300Sjoerg	 * Process only the control protocol queue until we have at
30300Sjoerg	 * least one NCP open.
26018Sjoerg	 *
26018Sjoerg	 * Do always serve all three queues in Cisco mode.
26018Sjoerg	 */
26018Sjoerg	IF_DEQUEUE(&sp->pp_cpq, m);
26018Sjoerg	if (m == NULL &&
45152Sphk	    (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO)) {
26018Sjoerg		IF_DEQUEUE(&sp->pp_fastq, m);
26018Sjoerg		if (m == NULL)
26018Sjoerg			IF_DEQUEUE (&sp->pp_if.if_snd, m);
26018Sjoerg	}
26018Sjoerg	splx(s);
26018Sjoerg	return m;
4910Swollman}
4910Swollman
4910Swollman/*
30300Sjoerg * Pick the next packet, do not remove it from the queue.
30300Sjoerg */
30300Sjoergstruct mbuf *
30300Sjoergsppp_pick(struct ifnet *ifp)
30300Sjoerg{
30300Sjoerg	struct sppp *sp = (struct sppp*)ifp;
30300Sjoerg	struct mbuf *m;
30300Sjoerg	int s;
30300Sjoerg
30300Sjoerg	s= splimp ();
30300Sjoerg
30300Sjoerg	m = sp->pp_cpq.ifq_head;
30300Sjoerg	if (m == NULL &&
45152Sphk	    (sp->pp_phase == PHASE_NETWORK || sp->pp_mode == IFF_CISCO))
30300Sjoerg		if ((m = sp->pp_fastq.ifq_head) == NULL)
30300Sjoerg			m = sp->pp_if.if_snd.ifq_head;
30300Sjoerg	splx (s);
30300Sjoerg	return (m);
30300Sjoerg}
30300Sjoerg
30300Sjoerg/*
25944Sjoerg * Process an ioctl request.  Called on low priority level.
4910Swollman */
25944Sjoergint
42104Sphksppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data)
4910Swollman{
25944Sjoerg	struct ifreq *ifr = (struct ifreq*) data;
25944Sjoerg	struct sppp *sp = (struct sppp*) ifp;
30300Sjoerg	int s, rv, going_up, going_down, newmode;
4910Swollman
25944Sjoerg	s = splimp();
30300Sjoerg	rv = 0;
25944Sjoerg	switch (cmd) {
25944Sjoerg	case SIOCAIFADDR:
25944Sjoerg	case SIOCSIFDSTADDR:
25944Sjoerg		break;
4910Swollman
25944Sjoerg	case SIOCSIFADDR:
88503Sjoerg		/* set the interface "up" when assigning an IP address */
88503Sjoerg		ifp->if_flags |= IFF_UP;
25944Sjoerg		/* fall through... */
11189Sjkh
25944Sjoerg	case SIOCSIFFLAGS:
25944Sjoerg		going_up = ifp->if_flags & IFF_UP &&
25944Sjoerg			(ifp->if_flags & IFF_RUNNING) == 0;
25944Sjoerg		going_down = (ifp->if_flags & IFF_UP) == 0 &&
25944Sjoerg			ifp->if_flags & IFF_RUNNING;
45152Sphk
45152Sphk		newmode = ifp->if_flags & IFF_PASSIVE;
45152Sphk		if (!newmode)
45152Sphk			newmode = ifp->if_flags & IFF_AUTO;
45152Sphk		if (!newmode)
45152Sphk			newmode = ifp->if_flags & IFF_CISCO;
45152Sphk		ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO);
45152Sphk		ifp->if_flags |= newmode;
45152Sphk
45152Sphk		if (newmode != sp->pp_mode) {
45152Sphk			going_down = 1;
45152Sphk			if (!going_up)
45152Sphk				going_up = ifp->if_flags & IFF_RUNNING;
4910Swollman		}
4910Swollman
45152Sphk		if (going_down) {
70199Sjhay			if (sp->pp_mode != IFF_CISCO)
45152Sphk				lcp.Close(sp);
45152Sphk			else if (sp->pp_tlf)
45152Sphk				(sp->pp_tlf)(sp);
26018Sjoerg			sppp_flush(ifp);
25944Sjoerg			ifp->if_flags &= ~IFF_RUNNING;
45152Sphk			sp->pp_mode = newmode;
26018Sjoerg		}
4910Swollman
45152Sphk		if (going_up) {
70199Sjhay			if (sp->pp_mode != IFF_CISCO)
45152Sphk				lcp.Close(sp);
45152Sphk			sp->pp_mode = newmode;
45152Sphk			if (sp->pp_mode == 0) {
45152Sphk				ifp->if_flags |= IFF_RUNNING;
45152Sphk				lcp.Open(sp);
45152Sphk			}
45152Sphk			if (sp->pp_mode == IFF_CISCO) {
45152Sphk				if (sp->pp_tls)
45152Sphk					(sp->pp_tls)(sp);
45152Sphk				ifp->if_flags |= IFF_RUNNING;
45152Sphk			}
45152Sphk		}
45152Sphk
4910Swollman		break;
11189Sjkh
25944Sjoerg#ifdef SIOCSIFMTU
25944Sjoerg#ifndef ifr_mtu
25944Sjoerg#define ifr_mtu ifr_metric
25944Sjoerg#endif
25944Sjoerg	case SIOCSIFMTU:
25944Sjoerg		if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru)
25944Sjoerg			return (EINVAL);
25944Sjoerg		ifp->if_mtu = ifr->ifr_mtu;
4910Swollman		break;
25944Sjoerg#endif
25944Sjoerg#ifdef SLIOCSETMTU
25944Sjoerg	case SLIOCSETMTU:
25944Sjoerg		if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru)
25944Sjoerg			return (EINVAL);
25944Sjoerg		ifp->if_mtu = *(short*)data;
4910Swollman		break;
25944Sjoerg#endif
25944Sjoerg#ifdef SIOCGIFMTU
25944Sjoerg	case SIOCGIFMTU:
25944Sjoerg		ifr->ifr_mtu = ifp->if_mtu;
11189Sjkh		break;
25944Sjoerg#endif
25944Sjoerg#ifdef SLIOCGETMTU
25944Sjoerg	case SLIOCGETMTU:
25944Sjoerg		*(short*)data = ifp->if_mtu;
4910Swollman		break;
25944Sjoerg#endif
25944Sjoerg	case SIOCADDMULTI:
25944Sjoerg	case SIOCDELMULTI:
4910Swollman		break;
11189Sjkh
30300Sjoerg	case SIOCGIFGENERIC:
30300Sjoerg	case SIOCSIFGENERIC:
30300Sjoerg		rv = sppp_params(sp, cmd, data);
30300Sjoerg		break;
30300Sjoerg
25944Sjoerg	default:
30300Sjoerg		rv = ENOTTY;
4910Swollman	}
25944Sjoerg	splx(s);
30300Sjoerg	return rv;
4910Swollman}
4910Swollman
70199Sjhay/*
25944Sjoerg * Cisco framing implementation.
25944Sjoerg */
25944Sjoerg
4910Swollman/*
4910Swollman * Handle incoming Cisco keepalive protocol packets.
4910Swollman */
30300Sjoergstatic void
25706Sjoergsppp_cisco_input(struct sppp *sp, struct mbuf *m)
4910Swollman{
25944Sjoerg	STDDCL;
4910Swollman	struct cisco_packet *h;
30300Sjoerg	u_long me, mymask;
4910Swollman
27929Sitojun	if (m->m_pkthdr.len < CISCO_PACKET_LEN) {
25706Sjoerg		if (debug)
25706Sjoerg			log(LOG_DEBUG,
40008Sjoerg			    SPP_FMT "cisco invalid packet length: %d bytes\n",
40008Sjoerg			    SPP_ARGS(ifp), m->m_pkthdr.len);
4910Swollman		return;
4910Swollman	}
4910Swollman	h = mtod (m, struct cisco_packet*);
25706Sjoerg	if (debug)
25706Sjoerg		log(LOG_DEBUG,
40008Sjoerg		    SPP_FMT "cisco input: %d bytes "
25706Sjoerg		    "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n",
40008Sjoerg		    SPP_ARGS(ifp), m->m_pkthdr.len,
40008Sjoerg		    (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel,
40008Sjoerg		    (u_int)h->time0, (u_int)h->time1);
4910Swollman	switch (ntohl (h->type)) {
4910Swollman	default:
25706Sjoerg		if (debug)
69211Sphk			log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n",
40008Sjoerg			       SPP_ARGS(ifp), (u_long)ntohl (h->type));
4910Swollman		break;
4910Swollman	case CISCO_ADDR_REPLY:
4910Swollman		/* Reply on address request, ignore */
4910Swollman		break;
4910Swollman	case CISCO_KEEPALIVE_REQ:
4910Swollman		sp->pp_alivecnt = 0;
78064Sume		sp->pp_rseq[IDX_LCP] = ntohl (h->par1);
78064Sume		if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) {
4910Swollman			/* Local and remote sequence numbers are equal.
4910Swollman			 * Probably, the line is in loopback mode. */
11189Sjkh			if (sp->pp_loopcnt >= MAXALIVECNT) {
40008Sjoerg				printf (SPP_FMT "loopback\n",
40008Sjoerg					SPP_ARGS(ifp));
11189Sjkh				sp->pp_loopcnt = 0;
11189Sjkh				if (ifp->if_flags & IFF_UP) {
11189Sjkh					if_down (ifp);
26018Sjoerg					sppp_qflush (&sp->pp_cpq);
11189Sjkh				}
11189Sjkh			}
4910Swollman			++sp->pp_loopcnt;
4910Swollman
4910Swollman			/* Generate new local sequence number */
42065Sphk#if defined(__FreeBSD__) && __FreeBSD__ >= 3
78064Sume			sp->pp_seq[IDX_LCP] = random();
40008Sjoerg#else
78064Sume			sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec;
40008Sjoerg#endif
11189Sjkh			break;
11189Sjkh		}
30300Sjoerg		sp->pp_loopcnt = 0;
11189Sjkh		if (! (ifp->if_flags & IFF_UP) &&
11189Sjkh		    (ifp->if_flags & IFF_RUNNING)) {
30300Sjoerg			if_up(ifp);
40008Sjoerg			printf (SPP_FMT "up\n", SPP_ARGS(ifp));
11189Sjkh		}
4910Swollman		break;
4910Swollman	case CISCO_ADDR_REQ:
30300Sjoerg		sppp_get_ip_addrs(sp, &me, 0, &mymask);
30300Sjoerg		if (me != 0L)
30300Sjoerg			sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask);
4910Swollman		break;
4910Swollman	}
4910Swollman}
4910Swollman
4910Swollman/*
25944Sjoerg * Send Cisco keepalive packet.
4910Swollman */
12820Sphkstatic void
25944Sjoergsppp_cisco_send(struct sppp *sp, int type, long par1, long par2)
25944Sjoerg{
25944Sjoerg	STDDCL;
25944Sjoerg	struct ppp_header *h;
25944Sjoerg	struct cisco_packet *ch;
25944Sjoerg	struct mbuf *m;
42065Sphk#if defined(__FreeBSD__) && __FreeBSD__ >= 3
35029Sphk	struct timeval tv;
40008Sjoerg#else
40008Sjoerg	u_long t = (time.tv_sec - boottime.tv_sec) * 1000;
40008Sjoerg#endif
25944Sjoerg
42065Sphk#if defined(__FreeBSD__) && __FreeBSD__ >= 3
36119Sphk	getmicrouptime(&tv);
40008Sjoerg#endif
70199Sjhay
25944Sjoerg	MGETHDR (m, M_DONTWAIT, MT_DATA);
25944Sjoerg	if (! m)
25944Sjoerg		return;
25944Sjoerg	m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN;
25944Sjoerg	m->m_pkthdr.rcvif = 0;
25944Sjoerg
25944Sjoerg	h = mtod (m, struct ppp_header*);
25944Sjoerg	h->address = CISCO_MULTICAST;
25944Sjoerg	h->control = 0;
25944Sjoerg	h->protocol = htons (CISCO_KEEPALIVE);
25944Sjoerg
25944Sjoerg	ch = (struct cisco_packet*) (h + 1);
25944Sjoerg	ch->type = htonl (type);
25944Sjoerg	ch->par1 = htonl (par1);
25944Sjoerg	ch->par2 = htonl (par2);
25944Sjoerg	ch->rel = -1;
40008Sjoerg
42065Sphk#if defined(__FreeBSD__) && __FreeBSD__ >= 3
35029Sphk	ch->time0 = htons ((u_short) (tv.tv_sec >> 16));
35029Sphk	ch->time1 = htons ((u_short) tv.tv_sec);
40008Sjoerg#else
40008Sjoerg	ch->time0 = htons ((u_short) (t >> 16));
40008Sjoerg	ch->time1 = htons ((u_short) t);
40008Sjoerg#endif
25944Sjoerg
25944Sjoerg	if (debug)
25944Sjoerg		log(LOG_DEBUG,
40008Sjoerg		    SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n",
40008Sjoerg			SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1,
40008Sjoerg			(u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1);
25944Sjoerg
69152Sjlemon	if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3))
69152Sjlemon		ifp->if_oerrors++;
25944Sjoerg}
25944Sjoerg
70199Sjhay/*
25944Sjoerg * PPP protocol implementation.
25944Sjoerg */
25944Sjoerg
25944Sjoerg/*
25944Sjoerg * Send PPP control protocol packet.
25944Sjoerg */
25944Sjoergstatic void
25706Sjoergsppp_cp_send(struct sppp *sp, u_short proto, u_char type,
25706Sjoerg	     u_char ident, u_short len, void *data)
4910Swollman{
25944Sjoerg	STDDCL;
4910Swollman	struct ppp_header *h;
4910Swollman	struct lcp_header *lh;
4910Swollman	struct mbuf *m;
4910Swollman
4910Swollman	if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN)
4910Swollman		len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN;
4910Swollman	MGETHDR (m, M_DONTWAIT, MT_DATA);
4910Swollman	if (! m)
4910Swollman		return;
4910Swollman	m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len;
4910Swollman	m->m_pkthdr.rcvif = 0;
4910Swollman
4910Swollman	h = mtod (m, struct ppp_header*);
4910Swollman	h->address = PPP_ALLSTATIONS;        /* broadcast address */
4910Swollman	h->control = PPP_UI;                 /* Unnumbered Info */
4910Swollman	h->protocol = htons (proto);         /* Link Control Protocol */
4910Swollman
4910Swollman	lh = (struct lcp_header*) (h + 1);
4910Swollman	lh->type = type;
4910Swollman	lh->ident = ident;
4910Swollman	lh->len = htons (LCP_HEADER_LEN + len);
4910Swollman	if (len)
4910Swollman		bcopy (data, lh+1, len);
4910Swollman
25706Sjoerg	if (debug) {
40008Sjoerg		log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d",
40008Sjoerg		    SPP_ARGS(ifp),
25944Sjoerg		    sppp_proto_name(proto),
25944Sjoerg		    sppp_cp_type_name (lh->type), lh->ident,
25944Sjoerg		    ntohs (lh->len));
44145Sphk		sppp_print_bytes ((u_char*) (lh+1), len);
69211Sphk		log(-1, ">\n");
4910Swollman	}
69152Sjlemon	if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3))
69152Sjlemon		ifp->if_oerrors++;
4910Swollman}
4910Swollman
4910Swollman/*
25944Sjoerg * Handle incoming PPP control protocol packets.
4910Swollman */
12820Sphkstatic void
25944Sjoergsppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m)
4910Swollman{
25944Sjoerg	STDDCL;
25944Sjoerg	struct lcp_header *h;
25944Sjoerg	int len = m->m_pkthdr.len;
25944Sjoerg	int rv;
25944Sjoerg	u_char *p;
4910Swollman
25944Sjoerg	if (len < 4) {
25944Sjoerg		if (debug)
25944Sjoerg			log(LOG_DEBUG,
40008Sjoerg			    SPP_FMT "%s invalid packet length: %d bytes\n",
40008Sjoerg			    SPP_ARGS(ifp), cp->name, len);
4910Swollman		return;
25944Sjoerg	}
25944Sjoerg	h = mtod (m, struct lcp_header*);
25944Sjoerg	if (debug) {
25944Sjoerg		log(LOG_DEBUG,
40008Sjoerg		    SPP_FMT "%s input(%s): <%s id=0x%x len=%d",
40008Sjoerg		    SPP_ARGS(ifp), cp->name,
25944Sjoerg		    sppp_state_name(sp->state[cp->protoidx]),
25944Sjoerg		    sppp_cp_type_name (h->type), h->ident, ntohs (h->len));
44145Sphk		sppp_print_bytes ((u_char*) (h+1), len-4);
69211Sphk		log(-1, ">\n");
25944Sjoerg	}
25944Sjoerg	if (len > ntohs (h->len))
25944Sjoerg		len = ntohs (h->len);
30300Sjoerg	p = (u_char *)(h + 1);
25944Sjoerg	switch (h->type) {
25944Sjoerg	case CONF_REQ:
25944Sjoerg		if (len < 4) {
25944Sjoerg			if (debug)
69211Sphk				log(-1, SPP_FMT "%s invalid conf-req length %d\n",
40008Sjoerg				       SPP_ARGS(ifp), cp->name,
25944Sjoerg				       len);
25944Sjoerg			++ifp->if_ierrors;
25944Sjoerg			break;
25944Sjoerg		}
30300Sjoerg		/* handle states where RCR doesn't get a SCA/SCN */
30300Sjoerg		switch (sp->state[cp->protoidx]) {
30300Sjoerg		case STATE_CLOSING:
30300Sjoerg		case STATE_STOPPING:
30300Sjoerg			return;
30300Sjoerg		case STATE_CLOSED:
30300Sjoerg			sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident,
30300Sjoerg				     0, 0);
30300Sjoerg			return;
30300Sjoerg		}
25944Sjoerg		rv = (cp->RCR)(sp, h, len);
25944Sjoerg		switch (sp->state[cp->protoidx]) {
25944Sjoerg		case STATE_OPENED:
25944Sjoerg			(cp->tld)(sp);
25944Sjoerg			(cp->scr)(sp);
25944Sjoerg			/* fall through... */
25944Sjoerg		case STATE_ACK_SENT:
25944Sjoerg		case STATE_REQ_SENT:
70199Sjhay			/*
70199Sjhay			 * sppp_cp_change_state() have the side effect of
70199Sjhay			 * restarting the timeouts. We want to avoid that
70199Sjhay			 * if the state don't change, otherwise we won't
70199Sjhay			 * ever timeout and resend a configuration request
70199Sjhay			 * that got lost.
70199Sjhay			 */
70199Sjhay			if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT:
70199Sjhay			    STATE_REQ_SENT))
70199Sjhay				break;
25944Sjoerg			sppp_cp_change_state(cp, sp, rv?
25944Sjoerg					     STATE_ACK_SENT: STATE_REQ_SENT);
25944Sjoerg			break;
25944Sjoerg		case STATE_STOPPED:
25944Sjoerg			sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
25944Sjoerg			(cp->scr)(sp);
25944Sjoerg			sppp_cp_change_state(cp, sp, rv?
25944Sjoerg					     STATE_ACK_SENT: STATE_REQ_SENT);
25944Sjoerg			break;
25944Sjoerg		case STATE_ACK_RCVD:
25944Sjoerg			if (rv) {
25944Sjoerg				sppp_cp_change_state(cp, sp, STATE_OPENED);
25944Sjoerg				if (debug)
40008Sjoerg					log(LOG_DEBUG, SPP_FMT "%s tlu\n",
40008Sjoerg					    SPP_ARGS(ifp),
26077Sjoerg					    cp->name);
25944Sjoerg				(cp->tlu)(sp);
25944Sjoerg			} else
25944Sjoerg				sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
25944Sjoerg			break;
25944Sjoerg		default:
40008Sjoerg			printf(SPP_FMT "%s illegal %s in state %s\n",
40008Sjoerg			       SPP_ARGS(ifp), cp->name,
25944Sjoerg			       sppp_cp_type_name(h->type),
25944Sjoerg			       sppp_state_name(sp->state[cp->protoidx]));
25944Sjoerg			++ifp->if_ierrors;
25944Sjoerg		}
25944Sjoerg		break;
25944Sjoerg	case CONF_ACK:
25944Sjoerg		if (h->ident != sp->confid[cp->protoidx]) {
25944Sjoerg			if (debug)
69211Sphk				log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n",
40008Sjoerg				       SPP_ARGS(ifp), cp->name,
25944Sjoerg				       h->ident, sp->confid[cp->protoidx]);
25944Sjoerg			++ifp->if_ierrors;
25944Sjoerg			break;
25944Sjoerg		}
25944Sjoerg		switch (sp->state[cp->protoidx]) {
25944Sjoerg		case STATE_CLOSED:
25944Sjoerg		case STATE_STOPPED:
25944Sjoerg			sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
25944Sjoerg			break;
25944Sjoerg		case STATE_CLOSING:
25944Sjoerg		case STATE_STOPPING:
25944Sjoerg			break;
25944Sjoerg		case STATE_REQ_SENT:
25944Sjoerg			sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
25944Sjoerg			sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
25944Sjoerg			break;
25944Sjoerg		case STATE_OPENED:
25944Sjoerg			(cp->tld)(sp);
25944Sjoerg			/* fall through */
25944Sjoerg		case STATE_ACK_RCVD:
25944Sjoerg			(cp->scr)(sp);
25944Sjoerg			sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
25944Sjoerg			break;
25944Sjoerg		case STATE_ACK_SENT:
25944Sjoerg			sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
25944Sjoerg			sppp_cp_change_state(cp, sp, STATE_OPENED);
25944Sjoerg			if (debug)
40008Sjoerg				log(LOG_DEBUG, SPP_FMT "%s tlu\n",
40008Sjoerg				       SPP_ARGS(ifp), cp->name);
25944Sjoerg			(cp->tlu)(sp);
25944Sjoerg			break;
25944Sjoerg		default:
40008Sjoerg			printf(SPP_FMT "%s illegal %s in state %s\n",
40008Sjoerg			       SPP_ARGS(ifp), cp->name,
25944Sjoerg			       sppp_cp_type_name(h->type),
25944Sjoerg			       sppp_state_name(sp->state[cp->protoidx]));
25944Sjoerg			++ifp->if_ierrors;
25944Sjoerg		}
25944Sjoerg		break;
25944Sjoerg	case CONF_NAK:
25944Sjoerg	case CONF_REJ:
25944Sjoerg		if (h->ident != sp->confid[cp->protoidx]) {
25944Sjoerg			if (debug)
69211Sphk				log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n",
40008Sjoerg				       SPP_ARGS(ifp), cp->name,
25944Sjoerg				       h->ident, sp->confid[cp->protoidx]);
25944Sjoerg			++ifp->if_ierrors;
25944Sjoerg			break;
25944Sjoerg		}
25944Sjoerg		if (h->type == CONF_NAK)
25944Sjoerg			(cp->RCN_nak)(sp, h, len);
25944Sjoerg		else /* CONF_REJ */
25944Sjoerg			(cp->RCN_rej)(sp, h, len);
4910Swollman
25944Sjoerg		switch (sp->state[cp->protoidx]) {
25944Sjoerg		case STATE_CLOSED:
25944Sjoerg		case STATE_STOPPED:
25944Sjoerg			sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
25944Sjoerg			break;
25944Sjoerg		case STATE_REQ_SENT:
25944Sjoerg		case STATE_ACK_SENT:
25944Sjoerg			sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
70199Sjhay			/*
70199Sjhay			 * Slow things down a bit if we think we might be
70199Sjhay			 * in loopback. Depend on the timeout to send the
70199Sjhay			 * next configuration request.
70199Sjhay			 */
70199Sjhay			if (sp->pp_loopcnt)
70199Sjhay				break;
25944Sjoerg			(cp->scr)(sp);
25944Sjoerg			break;
25944Sjoerg		case STATE_OPENED:
25944Sjoerg			(cp->tld)(sp);
25944Sjoerg			/* fall through */
25944Sjoerg		case STATE_ACK_RCVD:
52633Sjoerg			sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
25944Sjoerg			(cp->scr)(sp);
25944Sjoerg			break;
25944Sjoerg		case STATE_CLOSING:
25944Sjoerg		case STATE_STOPPING:
25944Sjoerg			break;
25944Sjoerg		default:
40008Sjoerg			printf(SPP_FMT "%s illegal %s in state %s\n",
40008Sjoerg			       SPP_ARGS(ifp), cp->name,
25944Sjoerg			       sppp_cp_type_name(h->type),
25944Sjoerg			       sppp_state_name(sp->state[cp->protoidx]));
25944Sjoerg			++ifp->if_ierrors;
25944Sjoerg		}
25944Sjoerg		break;
4910Swollman
25944Sjoerg	case TERM_REQ:
25944Sjoerg		switch (sp->state[cp->protoidx]) {
25944Sjoerg		case STATE_ACK_RCVD:
25944Sjoerg		case STATE_ACK_SENT:
25944Sjoerg			sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
25944Sjoerg			/* fall through */
25944Sjoerg		case STATE_CLOSED:
25944Sjoerg		case STATE_STOPPED:
25944Sjoerg		case STATE_CLOSING:
25944Sjoerg		case STATE_STOPPING:
25944Sjoerg		case STATE_REQ_SENT:
25944Sjoerg		  sta:
25944Sjoerg			/* Send Terminate-Ack packet. */
25944Sjoerg			if (debug)
40008Sjoerg				log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n",
40008Sjoerg				    SPP_ARGS(ifp), cp->name);
25944Sjoerg			sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
25944Sjoerg			break;
25944Sjoerg		case STATE_OPENED:
25944Sjoerg			(cp->tld)(sp);
25944Sjoerg			sp->rst_counter[cp->protoidx] = 0;
25944Sjoerg			sppp_cp_change_state(cp, sp, STATE_STOPPING);
25944Sjoerg			goto sta;
25944Sjoerg			break;
25944Sjoerg		default:
40008Sjoerg			printf(SPP_FMT "%s illegal %s in state %s\n",
40008Sjoerg			       SPP_ARGS(ifp), cp->name,
25944Sjoerg			       sppp_cp_type_name(h->type),
25944Sjoerg			       sppp_state_name(sp->state[cp->protoidx]));
25944Sjoerg			++ifp->if_ierrors;
25944Sjoerg		}
25944Sjoerg		break;
25944Sjoerg	case TERM_ACK:
25944Sjoerg		switch (sp->state[cp->protoidx]) {
25944Sjoerg		case STATE_CLOSED:
25944Sjoerg		case STATE_STOPPED:
25944Sjoerg		case STATE_REQ_SENT:
25944Sjoerg		case STATE_ACK_SENT:
25944Sjoerg			break;
25944Sjoerg		case STATE_CLOSING:
41881Sphk			sppp_cp_change_state(cp, sp, STATE_CLOSED);
25944Sjoerg			(cp->tlf)(sp);
25944Sjoerg			break;
25944Sjoerg		case STATE_STOPPING:
41881Sphk			sppp_cp_change_state(cp, sp, STATE_STOPPED);
25944Sjoerg			(cp->tlf)(sp);
25944Sjoerg			break;
25944Sjoerg		case STATE_ACK_RCVD:
25944Sjoerg			sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
25944Sjoerg			break;
25944Sjoerg		case STATE_OPENED:
25944Sjoerg			(cp->tld)(sp);
25944Sjoerg			(cp->scr)(sp);
25944Sjoerg			sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
25944Sjoerg			break;
25944Sjoerg		default:
40008Sjoerg			printf(SPP_FMT "%s illegal %s in state %s\n",
40008Sjoerg			       SPP_ARGS(ifp), cp->name,
25944Sjoerg			       sppp_cp_type_name(h->type),
25944Sjoerg			       sppp_state_name(sp->state[cp->protoidx]));
25944Sjoerg			++ifp->if_ierrors;
25944Sjoerg		}
25944Sjoerg		break;
25944Sjoerg	case CODE_REJ:
25944Sjoerg		/* XXX catastrophic rejects (RXJ-) aren't handled yet. */
30300Sjoerg		log(LOG_INFO,
40008Sjoerg		    SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, "
30300Sjoerg		    "danger will robinson\n",
40008Sjoerg		    SPP_ARGS(ifp), cp->name,
30300Sjoerg		    sppp_cp_type_name(h->type), ntohs(*((u_short *)p)));
25944Sjoerg		switch (sp->state[cp->protoidx]) {
25944Sjoerg		case STATE_CLOSED:
25944Sjoerg		case STATE_STOPPED:
25944Sjoerg		case STATE_REQ_SENT:
25944Sjoerg		case STATE_ACK_SENT:
25944Sjoerg		case STATE_CLOSING:
25944Sjoerg		case STATE_STOPPING:
25944Sjoerg		case STATE_OPENED:
25944Sjoerg			break;
25944Sjoerg		case STATE_ACK_RCVD:
25944Sjoerg			sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
25944Sjoerg			break;
25944Sjoerg		default:
40008Sjoerg			printf(SPP_FMT "%s illegal %s in state %s\n",
40008Sjoerg			       SPP_ARGS(ifp), cp->name,
25944Sjoerg			       sppp_cp_type_name(h->type),
25944Sjoerg			       sppp_state_name(sp->state[cp->protoidx]));
25944Sjoerg			++ifp->if_ierrors;
25944Sjoerg		}
25944Sjoerg		break;
80715Sume	case PROTO_REJ:
80715Sume	    {
80715Sume		int catastrophic;
80715Sume		const struct cp *upper;
80715Sume		int i;
80715Sume		u_int16_t proto;
80715Sume
80715Sume		catastrophic = 0;
80715Sume		upper = NULL;
80715Sume		proto = ntohs(*((u_int16_t *)p));
80715Sume		for (i = 0; i < IDX_COUNT; i++) {
80715Sume			if (cps[i]->proto == proto) {
80715Sume				upper = cps[i];
80715Sume				break;
80715Sume			}
80715Sume		}
80715Sume		if (upper == NULL)
80715Sume			catastrophic++;
80715Sume
88508Sjoerg		if (catastrophic || debug)
88508Sjoerg			log(catastrophic? LOG_INFO: LOG_DEBUG,
88508Sjoerg			    SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n",
88508Sjoerg			    SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+',
88508Sjoerg			    sppp_cp_type_name(h->type), proto,
88508Sjoerg			    upper ? upper->name : "unknown",
88508Sjoerg			    upper ? sppp_state_name(sp->state[upper->protoidx]) : "?");
80715Sume
80715Sume		/*
80715Sume		 * if we got RXJ+ against conf-req, the peer does not implement
80715Sume		 * this particular protocol type.  terminate the protocol.
80715Sume		 */
80715Sume		if (upper && !catastrophic) {
80715Sume			if (sp->state[upper->protoidx] == STATE_REQ_SENT) {
80715Sume				upper->Close(sp);
80715Sume				break;
80715Sume			}
80715Sume		}
80715Sume
80715Sume		/* XXX catastrophic rejects (RXJ-) aren't handled yet. */
80715Sume		switch (sp->state[cp->protoidx]) {
80715Sume		case STATE_CLOSED:
80715Sume		case STATE_STOPPED:
80715Sume		case STATE_REQ_SENT:
80715Sume		case STATE_ACK_SENT:
80715Sume		case STATE_CLOSING:
80715Sume		case STATE_STOPPING:
80715Sume		case STATE_OPENED:
80715Sume			break;
80715Sume		case STATE_ACK_RCVD:
80715Sume			sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
80715Sume			break;
80715Sume		default:
80715Sume			printf(SPP_FMT "%s illegal %s in state %s\n",
80715Sume			       SPP_ARGS(ifp), cp->name,
80715Sume			       sppp_cp_type_name(h->type),
80715Sume			       sppp_state_name(sp->state[cp->protoidx]));
80715Sume			++ifp->if_ierrors;
80715Sume		}
80715Sume		break;
80715Sume	    }
25944Sjoerg	case DISC_REQ:
25944Sjoerg		if (cp->proto != PPP_LCP)
25944Sjoerg			goto illegal;
25944Sjoerg		/* Discard the packet. */
25944Sjoerg		break;
25944Sjoerg	case ECHO_REQ:
25944Sjoerg		if (cp->proto != PPP_LCP)
25944Sjoerg			goto illegal;
25944Sjoerg		if (sp->state[cp->protoidx] != STATE_OPENED) {
25944Sjoerg			if (debug)
69211Sphk				log(-1, SPP_FMT "lcp echo req but lcp closed\n",
40008Sjoerg				       SPP_ARGS(ifp));
25944Sjoerg			++ifp->if_ierrors;
25944Sjoerg			break;
25944Sjoerg		}
25944Sjoerg		if (len < 8) {
25944Sjoerg			if (debug)
69211Sphk				log(-1, SPP_FMT "invalid lcp echo request "
25944Sjoerg				       "packet length: %d bytes\n",
40008Sjoerg				       SPP_ARGS(ifp), len);
25944Sjoerg			break;
25944Sjoerg		}
44145Sphk		if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) &&
44145Sphk		    ntohl (*(long*)(h+1)) == sp->lcp.magic) {
25944Sjoerg			/* Line loopback mode detected. */
40008Sjoerg			printf(SPP_FMT "loopback\n", SPP_ARGS(ifp));
70199Sjhay			sp->pp_loopcnt = MAXALIVECNT * 5;
25944Sjoerg			if_down (ifp);
26018Sjoerg			sppp_qflush (&sp->pp_cpq);
4910Swollman
25944Sjoerg			/* Shut down the PPP link. */
25944Sjoerg			/* XXX */
25944Sjoerg			lcp.Down(sp);
25944Sjoerg			lcp.Up(sp);
25944Sjoerg			break;
25944Sjoerg		}
25944Sjoerg		*(long*)(h+1) = htonl (sp->lcp.magic);
25944Sjoerg		if (debug)
69211Sphk			log(-1, SPP_FMT "got lcp echo req, sending echo rep\n",
40008Sjoerg			       SPP_ARGS(ifp));
25944Sjoerg		sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1);
25944Sjoerg		break;
25944Sjoerg	case ECHO_REPLY:
25944Sjoerg		if (cp->proto != PPP_LCP)
25944Sjoerg			goto illegal;
25944Sjoerg		if (h->ident != sp->lcp.echoid) {
25944Sjoerg			++ifp->if_ierrors;
25944Sjoerg			break;
25944Sjoerg		}
25944Sjoerg		if (len < 8) {
25944Sjoerg			if (debug)
69211Sphk				log(-1, SPP_FMT "lcp invalid echo reply "
25944Sjoerg				       "packet length: %d bytes\n",
40008Sjoerg				       SPP_ARGS(ifp), len);
25944Sjoerg			break;
25944Sjoerg		}
25944Sjoerg		if (debug)
69211Sphk			log(-1, SPP_FMT "lcp got echo rep\n",
40008Sjoerg			       SPP_ARGS(ifp));
44145Sphk		if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) ||
44145Sphk		    ntohl (*(long*)(h+1)) != sp->lcp.magic)
25944Sjoerg			sp->pp_alivecnt = 0;
25944Sjoerg		break;
25944Sjoerg	default:
25944Sjoerg		/* Unknown packet type -- send Code-Reject packet. */
25944Sjoerg	  illegal:
25944Sjoerg		if (debug)
69211Sphk			log(-1, SPP_FMT "%s send code-rej for 0x%x\n",
40008Sjoerg			       SPP_ARGS(ifp), cp->name, h->type);
78064Sume		sppp_cp_send(sp, cp->proto, CODE_REJ,
78064Sume			     ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h);
25944Sjoerg		++ifp->if_ierrors;
25944Sjoerg	}
4910Swollman}
4910Swollman
25944Sjoerg
4910Swollman/*
25944Sjoerg * The generic part of all Up/Down/Open/Close/TO event handlers.
25944Sjoerg * Basically, the state transition handling in the automaton.
4910Swollman */
25944Sjoergstatic void
25944Sjoergsppp_up_event(const struct cp *cp, struct sppp *sp)
4910Swollman{
25944Sjoerg	STDDCL;
4910Swollman
25944Sjoerg	if (debug)
40008Sjoerg		log(LOG_DEBUG, SPP_FMT "%s up(%s)\n",
40008Sjoerg		    SPP_ARGS(ifp), cp->name,
25944Sjoerg		    sppp_state_name(sp->state[cp->protoidx]));
25944Sjoerg
25944Sjoerg	switch (sp->state[cp->protoidx]) {
25944Sjoerg	case STATE_INITIAL:
25944Sjoerg		sppp_cp_change_state(cp, sp, STATE_CLOSED);
25944Sjoerg		break;
25944Sjoerg	case STATE_STARTING:
25944Sjoerg		sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
25944Sjoerg		(cp->scr)(sp);
25944Sjoerg		sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
25944Sjoerg		break;
4910Swollman	default:
40008Sjoerg		printf(SPP_FMT "%s illegal up in state %s\n",
40008Sjoerg		       SPP_ARGS(ifp), cp->name,
25944Sjoerg		       sppp_state_name(sp->state[cp->protoidx]));
25944Sjoerg	}
25944Sjoerg}
4910Swollman
25944Sjoergstatic void
25944Sjoergsppp_down_event(const struct cp *cp, struct sppp *sp)
25944Sjoerg{
25944Sjoerg	STDDCL;
25944Sjoerg
25944Sjoerg	if (debug)
40008Sjoerg		log(LOG_DEBUG, SPP_FMT "%s down(%s)\n",
40008Sjoerg		    SPP_ARGS(ifp), cp->name,
25944Sjoerg		    sppp_state_name(sp->state[cp->protoidx]));
25944Sjoerg
25944Sjoerg	switch (sp->state[cp->protoidx]) {
25944Sjoerg	case STATE_CLOSED:
25944Sjoerg	case STATE_CLOSING:
25944Sjoerg		sppp_cp_change_state(cp, sp, STATE_INITIAL);
4910Swollman		break;
25944Sjoerg	case STATE_STOPPED:
41881Sphk		sppp_cp_change_state(cp, sp, STATE_STARTING);
25944Sjoerg		(cp->tls)(sp);
41881Sphk		break;
25944Sjoerg	case STATE_STOPPING:
25944Sjoerg	case STATE_REQ_SENT:
25944Sjoerg	case STATE_ACK_RCVD:
25944Sjoerg	case STATE_ACK_SENT:
25944Sjoerg		sppp_cp_change_state(cp, sp, STATE_STARTING);
25944Sjoerg		break;
25944Sjoerg	case STATE_OPENED:
25944Sjoerg		(cp->tld)(sp);
25944Sjoerg		sppp_cp_change_state(cp, sp, STATE_STARTING);
25944Sjoerg		break;
25944Sjoerg	default:
40008Sjoerg		printf(SPP_FMT "%s illegal down in state %s\n",
40008Sjoerg		       SPP_ARGS(ifp), cp->name,
25944Sjoerg		       sppp_state_name(sp->state[cp->protoidx]));
25944Sjoerg	}
25944Sjoerg}
4910Swollman
11189Sjkh
25944Sjoergstatic void
25944Sjoergsppp_open_event(const struct cp *cp, struct sppp *sp)
25944Sjoerg{
25944Sjoerg	STDDCL;
25944Sjoerg
25944Sjoerg	if (debug)
40008Sjoerg		log(LOG_DEBUG, SPP_FMT "%s open(%s)\n",
40008Sjoerg		    SPP_ARGS(ifp), cp->name,
25944Sjoerg		    sppp_state_name(sp->state[cp->protoidx]));
25944Sjoerg
25944Sjoerg	switch (sp->state[cp->protoidx]) {
25944Sjoerg	case STATE_INITIAL:
41881Sphk		sppp_cp_change_state(cp, sp, STATE_STARTING);
25944Sjoerg		(cp->tls)(sp);
4910Swollman		break;
25944Sjoerg	case STATE_STARTING:
25944Sjoerg		break;
25944Sjoerg	case STATE_CLOSED:
25944Sjoerg		sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
25944Sjoerg		(cp->scr)(sp);
25944Sjoerg		sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
25944Sjoerg		break;
25944Sjoerg	case STATE_STOPPED:
74703Sjoerg		/*
74703Sjoerg		 * Try escaping stopped state.  This seems to bite
74703Sjoerg		 * people occasionally, in particular for IPCP,
74703Sjoerg		 * presumably following previous IPCP negotiation
74703Sjoerg		 * aborts.  Somehow, we must have missed a Down event
74703Sjoerg		 * which would have caused a transition into starting
74703Sjoerg		 * state, so as a bandaid we force the Down event now.
74703Sjoerg		 * This effectively implements (something like the)
74703Sjoerg		 * `restart' option mentioned in the state transition
74703Sjoerg		 * table of RFC 1661.
74703Sjoerg		 */
74703Sjoerg		sppp_cp_change_state(cp, sp, STATE_STARTING);
74703Sjoerg		(cp->tls)(sp);
74703Sjoerg		break;
25944Sjoerg	case STATE_STOPPING:
25944Sjoerg	case STATE_REQ_SENT:
25944Sjoerg	case STATE_ACK_RCVD:
25944Sjoerg	case STATE_ACK_SENT:
25944Sjoerg	case STATE_OPENED:
25944Sjoerg		break;
25944Sjoerg	case STATE_CLOSING:
25944Sjoerg		sppp_cp_change_state(cp, sp, STATE_STOPPING);
25944Sjoerg		break;
25944Sjoerg	}
25944Sjoerg}
4910Swollman
25944Sjoerg
25944Sjoergstatic void
25944Sjoergsppp_close_event(const struct cp *cp, struct sppp *sp)
25944Sjoerg{
25944Sjoerg	STDDCL;
25944Sjoerg
25944Sjoerg	if (debug)
40008Sjoerg		log(LOG_DEBUG, SPP_FMT "%s close(%s)\n",
40008Sjoerg		    SPP_ARGS(ifp), cp->name,
25944Sjoerg		    sppp_state_name(sp->state[cp->protoidx]));
25944Sjoerg
25944Sjoerg	switch (sp->state[cp->protoidx]) {
25944Sjoerg	case STATE_INITIAL:
25944Sjoerg	case STATE_CLOSED:
25944Sjoerg	case STATE_CLOSING:
4910Swollman		break;
25944Sjoerg	case STATE_STARTING:
41881Sphk		sppp_cp_change_state(cp, sp, STATE_INITIAL);
25944Sjoerg		(cp->tlf)(sp);
4910Swollman		break;
25944Sjoerg	case STATE_STOPPED:
25944Sjoerg		sppp_cp_change_state(cp, sp, STATE_CLOSED);
4910Swollman		break;
25944Sjoerg	case STATE_STOPPING:
25944Sjoerg		sppp_cp_change_state(cp, sp, STATE_CLOSING);
4910Swollman		break;
25944Sjoerg	case STATE_OPENED:
25944Sjoerg		(cp->tld)(sp);
25944Sjoerg		/* fall through */
25944Sjoerg	case STATE_REQ_SENT:
25944Sjoerg	case STATE_ACK_RCVD:
25944Sjoerg	case STATE_ACK_SENT:
25944Sjoerg		sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate;
78064Sume		sppp_cp_send(sp, cp->proto, TERM_REQ,
78064Sume			     ++sp->pp_seq[cp->protoidx], 0, 0);
25944Sjoerg		sppp_cp_change_state(cp, sp, STATE_CLOSING);
4910Swollman		break;
4910Swollman	}
4910Swollman}
4910Swollman
25944Sjoergstatic void
25944Sjoergsppp_to_event(const struct cp *cp, struct sppp *sp)
25944Sjoerg{
25944Sjoerg	STDDCL;
25944Sjoerg	int s;
25944Sjoerg
25944Sjoerg	s = splimp();
25944Sjoerg	if (debug)
40008Sjoerg		log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n",
40008Sjoerg		    SPP_ARGS(ifp), cp->name,
25944Sjoerg		    sppp_state_name(sp->state[cp->protoidx]),
25944Sjoerg		    sp->rst_counter[cp->protoidx]);
25944Sjoerg
25944Sjoerg	if (--sp->rst_counter[cp->protoidx] < 0)
25944Sjoerg		/* TO- event */
25944Sjoerg		switch (sp->state[cp->protoidx]) {
25944Sjoerg		case STATE_CLOSING:
41881Sphk			sppp_cp_change_state(cp, sp, STATE_CLOSED);
25944Sjoerg			(cp->tlf)(sp);
25944Sjoerg			break;
25944Sjoerg		case STATE_STOPPING:
41881Sphk			sppp_cp_change_state(cp, sp, STATE_STOPPED);
25944Sjoerg			(cp->tlf)(sp);
25944Sjoerg			break;
25944Sjoerg		case STATE_REQ_SENT:
25944Sjoerg		case STATE_ACK_RCVD:
25944Sjoerg		case STATE_ACK_SENT:
41881Sphk			sppp_cp_change_state(cp, sp, STATE_STOPPED);
25944Sjoerg			(cp->tlf)(sp);
25944Sjoerg			break;
25944Sjoerg		}
25944Sjoerg	else
25944Sjoerg		/* TO+ event */
25944Sjoerg		switch (sp->state[cp->protoidx]) {
25944Sjoerg		case STATE_CLOSING:
25944Sjoerg		case STATE_STOPPING:
78064Sume			sppp_cp_send(sp, cp->proto, TERM_REQ,
78064Sume				     ++sp->pp_seq[cp->protoidx], 0, 0);
70199Sjhay			TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout,
42064Sphk			    sp->ch[cp->protoidx]);
25944Sjoerg			break;
25944Sjoerg		case STATE_REQ_SENT:
25944Sjoerg		case STATE_ACK_RCVD:
25944Sjoerg			(cp->scr)(sp);
25944Sjoerg			/* sppp_cp_change_state() will restart the timer */
25944Sjoerg			sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
25944Sjoerg			break;
25944Sjoerg		case STATE_ACK_SENT:
25944Sjoerg			(cp->scr)(sp);
42064Sphk			TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout,
42064Sphk			    sp->ch[cp->protoidx]);
25944Sjoerg			break;
25944Sjoerg		}
25944Sjoerg
25944Sjoerg	splx(s);
25944Sjoerg}
25944Sjoerg
11189Sjkh/*
25944Sjoerg * Change the state of a control protocol in the state automaton.
25944Sjoerg * Takes care of starting/stopping the restart timer.
11189Sjkh */
25944Sjoergvoid
25944Sjoergsppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate)
25944Sjoerg{
25944Sjoerg	sp->state[cp->protoidx] = newstate;
25944Sjoerg
40008Sjoerg	UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]);
25944Sjoerg	switch (newstate) {
25944Sjoerg	case STATE_INITIAL:
25944Sjoerg	case STATE_STARTING:
25944Sjoerg	case STATE_CLOSED:
25944Sjoerg	case STATE_STOPPED:
25944Sjoerg	case STATE_OPENED:
25944Sjoerg		break;
25944Sjoerg	case STATE_CLOSING:
25944Sjoerg	case STATE_STOPPING:
25944Sjoerg	case STATE_REQ_SENT:
25944Sjoerg	case STATE_ACK_RCVD:
25944Sjoerg	case STATE_ACK_SENT:
70199Sjhay		TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout,
42064Sphk		    sp->ch[cp->protoidx]);
25944Sjoerg		break;
25944Sjoerg	}
25944Sjoerg}
70199Sjhay
70199Sjhay/*
25944Sjoerg *--------------------------------------------------------------------------*
25944Sjoerg *                                                                          *
25944Sjoerg *                         The LCP implementation.                          *
25944Sjoerg *                                                                          *
25944Sjoerg *--------------------------------------------------------------------------*
25944Sjoerg */
25944Sjoergstatic void
25944Sjoergsppp_lcp_init(struct sppp *sp)
25944Sjoerg{
25944Sjoerg	sp->lcp.opts = (1 << LCP_OPT_MAGIC);
25944Sjoerg	sp->lcp.magic = 0;
25944Sjoerg	sp->state[IDX_LCP] = STATE_INITIAL;
25944Sjoerg	sp->fail_counter[IDX_LCP] = 0;
78064Sume	sp->pp_seq[IDX_LCP] = 0;
78064Sume	sp->pp_rseq[IDX_LCP] = 0;
25944Sjoerg	sp->lcp.protos = 0;
25944Sjoerg	sp->lcp.mru = sp->lcp.their_mru = PP_MTU;
30300Sjoerg
44145Sphk	/* Note that these values are  relevant for all control protocols */
44145Sphk	sp->lcp.timeout = 3 * hz;
25944Sjoerg	sp->lcp.max_terminate = 2;
25944Sjoerg	sp->lcp.max_configure = 10;
25944Sjoerg	sp->lcp.max_failure = 10;
42065Sphk#if defined(__FreeBSD__) && __FreeBSD__ >= 3
30300Sjoerg	callout_handle_init(&sp->ch[IDX_LCP]);
40008Sjoerg#endif
25944Sjoerg}
25944Sjoerg
25944Sjoergstatic void
25944Sjoergsppp_lcp_up(struct sppp *sp)
25944Sjoerg{
25944Sjoerg	STDDCL;
25944Sjoerg
70199Sjhay	sp->pp_alivecnt = 0;
70199Sjhay	sp->lcp.opts = (1 << LCP_OPT_MAGIC);
70199Sjhay	sp->lcp.magic = 0;
70199Sjhay	sp->lcp.protos = 0;
70199Sjhay	sp->lcp.mru = sp->lcp.their_mru = PP_MTU;
25944Sjoerg	/*
75321Sjoerg	 * If we are authenticator, negotiate LCP_AUTH
75321Sjoerg	 */
75321Sjoerg	if (sp->hisauth.proto != 0)
75321Sjoerg		sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO);
75321Sjoerg	else
75321Sjoerg		sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
75321Sjoerg	sp->pp_flags &= ~PP_NEEDAUTH;
75321Sjoerg	/*
30300Sjoerg	 * If this interface is passive or dial-on-demand, and we are
30300Sjoerg	 * still in Initial state, it means we've got an incoming
30300Sjoerg	 * call.  Activate the interface.
25944Sjoerg	 */
25944Sjoerg	if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) {
25944Sjoerg		if (debug)
25944Sjoerg			log(LOG_DEBUG,
40008Sjoerg			    SPP_FMT "Up event", SPP_ARGS(ifp));
25944Sjoerg		ifp->if_flags |= IFF_RUNNING;
30300Sjoerg		if (sp->state[IDX_LCP] == STATE_INITIAL) {
30300Sjoerg			if (debug)
69211Sphk				log(-1, "(incoming call)\n");
30300Sjoerg			sp->pp_flags |= PP_CALLIN;
30300Sjoerg			lcp.Open(sp);
30300Sjoerg		} else if (debug)
69211Sphk			log(-1, "\n");
25944Sjoerg	}
25944Sjoerg
25944Sjoerg	sppp_up_event(&lcp, sp);
25944Sjoerg}
25944Sjoerg
25944Sjoergstatic void
25944Sjoergsppp_lcp_down(struct sppp *sp)
25944Sjoerg{
25944Sjoerg	STDDCL;
25944Sjoerg
25944Sjoerg	sppp_down_event(&lcp, sp);
25944Sjoerg
25944Sjoerg	/*
25944Sjoerg	 * If this is neither a dial-on-demand nor a passive
25944Sjoerg	 * interface, simulate an ``ifconfig down'' action, so the
25944Sjoerg	 * administrator can force a redial by another ``ifconfig
25944Sjoerg	 * up''.  XXX For leased line operation, should we immediately
25944Sjoerg	 * try to reopen the connection here?
25944Sjoerg	 */
25944Sjoerg	if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) {
25944Sjoerg		log(LOG_INFO,
42066Sphk		    SPP_FMT "Down event, taking interface down.\n",
40008Sjoerg		    SPP_ARGS(ifp));
25944Sjoerg		if_down(ifp);
25944Sjoerg	} else {
25944Sjoerg		if (debug)
25944Sjoerg			log(LOG_DEBUG,
40008Sjoerg			    SPP_FMT "Down event (carrier loss)\n",
40008Sjoerg			    SPP_ARGS(ifp));
70199Sjhay		sp->pp_flags &= ~PP_CALLIN;
70199Sjhay		if (sp->state[IDX_LCP] != STATE_INITIAL)
70199Sjhay			lcp.Close(sp);
70199Sjhay		ifp->if_flags &= ~IFF_RUNNING;
25944Sjoerg	}
25944Sjoerg}
25944Sjoerg
25944Sjoergstatic void
25944Sjoergsppp_lcp_open(struct sppp *sp)
25944Sjoerg{
25944Sjoerg	sppp_open_event(&lcp, sp);
25944Sjoerg}
25944Sjoerg
25944Sjoergstatic void
25944Sjoergsppp_lcp_close(struct sppp *sp)
25944Sjoerg{
25944Sjoerg	sppp_close_event(&lcp, sp);
25944Sjoerg}
25944Sjoerg
25944Sjoergstatic void
25944Sjoergsppp_lcp_TO(void *cookie)
25944Sjoerg{
25944Sjoerg	sppp_to_event(&lcp, (struct sppp *)cookie);
25944Sjoerg}
25944Sjoerg
25944Sjoerg/*
25944Sjoerg * Analyze a configure request.  Return true if it was agreeable, and
25944Sjoerg * caused action sca, false if it has been rejected or nak'ed, and
25944Sjoerg * caused action scn.  (The return value is used to make the state
25944Sjoerg * transition decision in the state automaton.)
25944Sjoerg */
12820Sphkstatic int
25944Sjoergsppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
4910Swollman{
25944Sjoerg	STDDCL;
11189Sjkh	u_char *buf, *r, *p;
25944Sjoerg	int origlen, rlen;
25944Sjoerg	u_long nmagic;
30300Sjoerg	u_short authproto;
4910Swollman
11189Sjkh	len -= 4;
25944Sjoerg	origlen = len;
11189Sjkh	buf = r = malloc (len, M_TEMP, M_NOWAIT);
11189Sjkh	if (! buf)
11189Sjkh		return (0);
4910Swollman
25706Sjoerg	if (debug)
40008Sjoerg		log(LOG_DEBUG, SPP_FMT "lcp parse opts: ",
40008Sjoerg		    SPP_ARGS(ifp));
25706Sjoerg
25944Sjoerg	/* pass 1: check for things that need to be rejected */
11189Sjkh	p = (void*) (h+1);
11189Sjkh	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
25944Sjoerg		if (debug)
69211Sphk			log(-1, " %s ", sppp_lcp_opt_name(*p));
11189Sjkh		switch (*p) {
11189Sjkh		case LCP_OPT_MAGIC:
25944Sjoerg			/* Magic number. */
70199Sjhay			if (len >= 6 && p[1] == 6)
70199Sjhay				continue;
70199Sjhay			if (debug)
70199Sjhay				log(-1, "[invalid] ");
70199Sjhay			break;
25944Sjoerg		case LCP_OPT_ASYNC_MAP:
25944Sjoerg			/* Async control character map. */
70199Sjhay			if (len >= 6 && p[1] == 6)
25944Sjoerg				continue;
25944Sjoerg			if (debug)
69211Sphk				log(-1, "[invalid] ");
25944Sjoerg			break;
25944Sjoerg		case LCP_OPT_MRU:
25944Sjoerg			/* Maximum receive unit. */
25944Sjoerg			if (len >= 4 && p[1] == 4)
25944Sjoerg				continue;
25944Sjoerg			if (debug)
69211Sphk				log(-1, "[invalid] ");
25944Sjoerg			break;
30300Sjoerg		case LCP_OPT_AUTH_PROTO:
30300Sjoerg			if (len < 4) {
30300Sjoerg				if (debug)
69211Sphk					log(-1, "[invalid] ");
30300Sjoerg				break;
30300Sjoerg			}
30300Sjoerg			authproto = (p[2] << 8) + p[3];
30300Sjoerg			if (authproto == PPP_CHAP && p[1] != 5) {
30300Sjoerg				if (debug)
69211Sphk					log(-1, "[invalid chap len] ");
30300Sjoerg				break;
30300Sjoerg			}
30300Sjoerg			if (sp->myauth.proto == 0) {
30300Sjoerg				/* we are not configured to do auth */
30300Sjoerg				if (debug)
69211Sphk					log(-1, "[not configured] ");
30300Sjoerg				break;
30300Sjoerg			}
30300Sjoerg			/*
30300Sjoerg			 * Remote want us to authenticate, remember this,
30300Sjoerg			 * so we stay in PHASE_AUTHENTICATE after LCP got
30300Sjoerg			 * up.
30300Sjoerg			 */
30300Sjoerg			sp->pp_flags |= PP_NEEDAUTH;
30300Sjoerg			continue;
25944Sjoerg		default:
25944Sjoerg			/* Others not supported. */
25944Sjoerg			if (debug)
69211Sphk				log(-1, "[rej] ");
25944Sjoerg			break;
25944Sjoerg		}
25944Sjoerg		/* Add the option to rejected list. */
25944Sjoerg		bcopy (p, r, p[1]);
25944Sjoerg		r += p[1];
25944Sjoerg		rlen += p[1];
25944Sjoerg	}
25944Sjoerg	if (rlen) {
25944Sjoerg		if (debug)
69211Sphk			log(-1, " send conf-rej\n");
25944Sjoerg		sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
25944Sjoerg		return 0;
25944Sjoerg	} else if (debug)
69211Sphk		log(-1, "\n");
25944Sjoerg
25944Sjoerg	/*
25944Sjoerg	 * pass 2: check for option values that are unacceptable and
25944Sjoerg	 * thus require to be nak'ed.
25944Sjoerg	 */
25944Sjoerg	if (debug)
40008Sjoerg		log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ",
40008Sjoerg		    SPP_ARGS(ifp));
25944Sjoerg
25944Sjoerg	p = (void*) (h+1);
25944Sjoerg	len = origlen;
25944Sjoerg	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
25944Sjoerg		if (debug)
69211Sphk			log(-1, " %s ", sppp_lcp_opt_name(*p));
25944Sjoerg		switch (*p) {
25944Sjoerg		case LCP_OPT_MAGIC:
11189Sjkh			/* Magic number -- extract. */
25944Sjoerg			nmagic = (u_long)p[2] << 24 |
25944Sjoerg				(u_long)p[3] << 16 | p[4] << 8 | p[5];
25944Sjoerg			if (nmagic != sp->lcp.magic) {
70199Sjhay				sp->pp_loopcnt = 0;
25706Sjoerg				if (debug)
69211Sphk					log(-1, "0x%lx ", nmagic);
11189Sjkh				continue;
11189Sjkh			}
70199Sjhay			if (debug && sp->pp_loopcnt < MAXALIVECNT*5)
69211Sphk				log(-1, "[glitch] ");
25944Sjoerg			++sp->pp_loopcnt;
25944Sjoerg			/*
25944Sjoerg			 * We negate our magic here, and NAK it.  If
25944Sjoerg			 * we see it later in an NAK packet, we
25944Sjoerg			 * suggest a new one.
25944Sjoerg			 */
25944Sjoerg			nmagic = ~sp->lcp.magic;
25944Sjoerg			/* Gonna NAK it. */
25944Sjoerg			p[2] = nmagic >> 24;
25944Sjoerg			p[3] = nmagic >> 16;
25944Sjoerg			p[4] = nmagic >> 8;
25944Sjoerg			p[5] = nmagic;
11189Sjkh			break;
25944Sjoerg
11189Sjkh		case LCP_OPT_ASYNC_MAP:
88506Sjoerg			/*
88506Sjoerg			 * Async control character map -- just ignore it.
88506Sjoerg			 *
88506Sjoerg			 * Quote from RFC 1662, chapter 6:
88506Sjoerg			 * To enable this functionality, synchronous PPP
88506Sjoerg			 * implementations MUST always respond to the
88506Sjoerg			 * Async-Control-Character-Map Configuration
88506Sjoerg			 * Option with the LCP Configure-Ack.  However,
88506Sjoerg			 * acceptance of the Configuration Option does
88506Sjoerg			 * not imply that the synchronous implementation
88506Sjoerg			 * will do any ACCM mapping.  Instead, all such
88506Sjoerg			 * octet mapping will be performed by the
88506Sjoerg			 * asynchronous-to-synchronous converter.
88506Sjoerg			 */
88506Sjoerg			continue;
25944Sjoerg
11189Sjkh		case LCP_OPT_MRU:
25944Sjoerg			/*
25944Sjoerg			 * Maximum receive unit.  Always agreeable,
25944Sjoerg			 * but ignored by now.
25944Sjoerg			 */
25944Sjoerg			sp->lcp.their_mru = p[2] * 256 + p[3];
25706Sjoerg			if (debug)
69211Sphk				log(-1, "%lu ", sp->lcp.their_mru);
11189Sjkh			continue;
30300Sjoerg
30300Sjoerg		case LCP_OPT_AUTH_PROTO:
30300Sjoerg			authproto = (p[2] << 8) + p[3];
30300Sjoerg			if (sp->myauth.proto != authproto) {
30300Sjoerg				/* not agreed, nak */
30300Sjoerg				if (debug)
69211Sphk					log(-1, "[mine %s != his %s] ",
30300Sjoerg					       sppp_proto_name(sp->hisauth.proto),
30300Sjoerg					       sppp_proto_name(authproto));
30300Sjoerg				p[2] = sp->myauth.proto >> 8;
30300Sjoerg				p[3] = sp->myauth.proto;
30300Sjoerg				break;
30300Sjoerg			}
30300Sjoerg			if (authproto == PPP_CHAP && p[4] != CHAP_MD5) {
30300Sjoerg				if (debug)
69211Sphk					log(-1, "[chap not MD5] ");
39981Sjoerg				p[4] = CHAP_MD5;
30300Sjoerg				break;
30300Sjoerg			}
30300Sjoerg			continue;
11189Sjkh		}
25944Sjoerg		/* Add the option to nak'ed list. */
25706Sjoerg		bcopy (p, r, p[1]);
25706Sjoerg		r += p[1];
11189Sjkh		rlen += p[1];
12436Speter	}
25706Sjoerg	if (rlen) {
70199Sjhay		/*
70199Sjhay		 * Local and remote magics equal -- loopback?
70199Sjhay		 */
70199Sjhay		if (sp->pp_loopcnt >= MAXALIVECNT*5) {
70199Sjhay			if (sp->pp_loopcnt == MAXALIVECNT*5)
70199Sjhay				printf (SPP_FMT "loopback\n",
70199Sjhay					SPP_ARGS(ifp));
70199Sjhay			if (ifp->if_flags & IFF_UP) {
70199Sjhay				if_down(ifp);
70199Sjhay				sppp_qflush(&sp->pp_cpq);
70199Sjhay				/* XXX ? */
70199Sjhay				lcp.Down(sp);
70199Sjhay				lcp.Up(sp);
70199Sjhay			}
70199Sjhay		} else if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) {
28036Sjoerg			if (debug)
69211Sphk				log(-1, " max_failure (%d) exceeded, "
28036Sjoerg				       "send conf-rej\n",
28036Sjoerg				       sp->lcp.max_failure);
28036Sjoerg			sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
28036Sjoerg		} else {
28036Sjoerg			if (debug)
69211Sphk				log(-1, " send conf-nak\n");
28036Sjoerg			sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf);
28036Sjoerg		}
25944Sjoerg	} else {
25944Sjoerg		if (debug)
69211Sphk			log(-1, " send conf-ack\n");
28036Sjoerg		sp->fail_counter[IDX_LCP] = 0;
25944Sjoerg		sp->pp_loopcnt = 0;
25944Sjoerg		sppp_cp_send (sp, PPP_LCP, CONF_ACK,
25944Sjoerg			      h->ident, origlen, h+1);
25944Sjoerg	}
25944Sjoerg
11189Sjkh	free (buf, M_TEMP);
11189Sjkh	return (rlen == 0);
4910Swollman}
4910Swollman
25944Sjoerg/*
25944Sjoerg * Analyze the LCP Configure-Reject option list, and adjust our
25944Sjoerg * negotiation.
25944Sjoerg */
12820Sphkstatic void
25944Sjoergsppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
4910Swollman{
25944Sjoerg	STDDCL;
25944Sjoerg	u_char *buf, *p;
4910Swollman
25944Sjoerg	len -= 4;
25944Sjoerg	buf = malloc (len, M_TEMP, M_NOWAIT);
25944Sjoerg	if (!buf)
4910Swollman		return;
25944Sjoerg
25944Sjoerg	if (debug)
40008Sjoerg		log(LOG_DEBUG, SPP_FMT "lcp rej opts: ",
40008Sjoerg		    SPP_ARGS(ifp));
25944Sjoerg
25944Sjoerg	p = (void*) (h+1);
25944Sjoerg	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
25944Sjoerg		if (debug)
69211Sphk			log(-1, " %s ", sppp_lcp_opt_name(*p));
25944Sjoerg		switch (*p) {
25944Sjoerg		case LCP_OPT_MAGIC:
25944Sjoerg			/* Magic number -- can't use it, use 0 */
25944Sjoerg			sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC);
25944Sjoerg			sp->lcp.magic = 0;
25944Sjoerg			break;
25944Sjoerg		case LCP_OPT_MRU:
25944Sjoerg			/*
25944Sjoerg			 * Should not be rejected anyway, since we only
25944Sjoerg			 * negotiate a MRU if explicitly requested by
25944Sjoerg			 * peer.
25944Sjoerg			 */
25944Sjoerg			sp->lcp.opts &= ~(1 << LCP_OPT_MRU);
25944Sjoerg			break;
30300Sjoerg		case LCP_OPT_AUTH_PROTO:
30300Sjoerg			/*
30300Sjoerg			 * Peer doesn't want to authenticate himself,
30300Sjoerg			 * deny unless this is a dialout call, and
30300Sjoerg			 * AUTHFLAG_NOCALLOUT is set.
30300Sjoerg			 */
30300Sjoerg			if ((sp->pp_flags & PP_CALLIN) == 0 &&
30300Sjoerg			    (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) {
30300Sjoerg				if (debug)
69211Sphk					log(-1, "[don't insist on auth "
30300Sjoerg					       "for callout]");
30300Sjoerg				sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
30300Sjoerg				break;
30300Sjoerg			}
30300Sjoerg			if (debug)
69211Sphk				log(-1, "[access denied]\n");
30300Sjoerg			lcp.Close(sp);
30300Sjoerg			break;
25944Sjoerg		}
4910Swollman	}
25944Sjoerg	if (debug)
69211Sphk		log(-1, "\n");
25944Sjoerg	free (buf, M_TEMP);
25944Sjoerg	return;
25944Sjoerg}
25944Sjoerg
25944Sjoerg/*
25944Sjoerg * Analyze the LCP Configure-NAK option list, and adjust our
25944Sjoerg * negotiation.
25944Sjoerg */
25944Sjoergstatic void
25944Sjoergsppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
25944Sjoerg{
25944Sjoerg	STDDCL;
25944Sjoerg	u_char *buf, *p;
25944Sjoerg	u_long magic;
25944Sjoerg
25944Sjoerg	len -= 4;
25944Sjoerg	buf = malloc (len, M_TEMP, M_NOWAIT);
25944Sjoerg	if (!buf)
25944Sjoerg		return;
25944Sjoerg
25944Sjoerg	if (debug)
40008Sjoerg		log(LOG_DEBUG, SPP_FMT "lcp nak opts: ",
40008Sjoerg		    SPP_ARGS(ifp));
25944Sjoerg
25944Sjoerg	p = (void*) (h+1);
25944Sjoerg	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
25706Sjoerg		if (debug)
69211Sphk			log(-1, " %s ", sppp_lcp_opt_name(*p));
25944Sjoerg		switch (*p) {
25944Sjoerg		case LCP_OPT_MAGIC:
25944Sjoerg			/* Magic number -- renegotiate */
25944Sjoerg			if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) &&
25944Sjoerg			    len >= 6 && p[1] == 6) {
25944Sjoerg				magic = (u_long)p[2] << 24 |
25944Sjoerg					(u_long)p[3] << 16 | p[4] << 8 | p[5];
25944Sjoerg				/*
25944Sjoerg				 * If the remote magic is our negated one,
25944Sjoerg				 * this looks like a loopback problem.
25944Sjoerg				 * Suggest a new magic to make sure.
25944Sjoerg				 */
25944Sjoerg				if (magic == ~sp->lcp.magic) {
25944Sjoerg					if (debug)
69211Sphk						log(-1, "magic glitch ");
42065Sphk#if defined(__FreeBSD__) && __FreeBSD__ >= 3
35064Sphk					sp->lcp.magic = random();
40008Sjoerg#else
40008Sjoerg					sp->lcp.magic = time.tv_sec + time.tv_usec;
40008Sjoerg#endif
25944Sjoerg				} else {
25944Sjoerg					sp->lcp.magic = magic;
25944Sjoerg					if (debug)
69211Sphk						log(-1, "%lu ", magic);
25944Sjoerg				}
25944Sjoerg			}
25944Sjoerg			break;
25944Sjoerg		case LCP_OPT_MRU:
25944Sjoerg			/*
25944Sjoerg			 * Peer wants to advise us to negotiate an MRU.
25944Sjoerg			 * Agree on it if it's reasonable, or use
25944Sjoerg			 * default otherwise.
25944Sjoerg			 */
25944Sjoerg			if (len >= 4 && p[1] == 4) {
25944Sjoerg				u_int mru = p[2] * 256 + p[3];
25944Sjoerg				if (debug)
69211Sphk					log(-1, "%d ", mru);
25944Sjoerg				if (mru < PP_MTU || mru > PP_MAX_MRU)
25944Sjoerg					mru = PP_MTU;
25944Sjoerg				sp->lcp.mru = mru;
25944Sjoerg				sp->lcp.opts |= (1 << LCP_OPT_MRU);
25944Sjoerg			}
25944Sjoerg			break;
30300Sjoerg		case LCP_OPT_AUTH_PROTO:
30300Sjoerg			/*
30300Sjoerg			 * Peer doesn't like our authentication method,
30300Sjoerg			 * deny.
30300Sjoerg			 */
30300Sjoerg			if (debug)
69211Sphk				log(-1, "[access denied]\n");
30300Sjoerg			lcp.Close(sp);
30300Sjoerg			break;
4910Swollman		}
25944Sjoerg	}
25944Sjoerg	if (debug)
69211Sphk		log(-1, "\n");
25944Sjoerg	free (buf, M_TEMP);
25944Sjoerg	return;
25944Sjoerg}
11189Sjkh
25944Sjoergstatic void
25944Sjoergsppp_lcp_tlu(struct sppp *sp)
25944Sjoerg{
42066Sphk	STDDCL;
25944Sjoerg	int i;
25944Sjoerg	u_long mask;
25944Sjoerg
25944Sjoerg	/* XXX ? */
25944Sjoerg	if (! (ifp->if_flags & IFF_UP) &&
25944Sjoerg	    (ifp->if_flags & IFF_RUNNING)) {
25944Sjoerg		/* Coming out of loopback mode. */
25944Sjoerg		if_up(ifp);
40008Sjoerg		printf (SPP_FMT "up\n", SPP_ARGS(ifp));
25944Sjoerg	}
25944Sjoerg
25944Sjoerg	for (i = 0; i < IDX_COUNT; i++)
25944Sjoerg		if ((cps[i])->flags & CP_QUAL)
25944Sjoerg			(cps[i])->Open(sp);
25944Sjoerg
30300Sjoerg	if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 ||
30300Sjoerg	    (sp->pp_flags & PP_NEEDAUTH) != 0)
25944Sjoerg		sp->pp_phase = PHASE_AUTHENTICATE;
25944Sjoerg	else
25944Sjoerg		sp->pp_phase = PHASE_NETWORK;
25944Sjoerg
42066Sphk	if (debug)
42066Sphk		log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
42066Sphk		    sppp_phase_name(sp->pp_phase));
25944Sjoerg
30300Sjoerg	/*
30300Sjoerg	 * Open all authentication protocols.  This is even required
30300Sjoerg	 * if we already proceeded to network phase, since it might be
30300Sjoerg	 * that remote wants us to authenticate, so we might have to
30300Sjoerg	 * send a PAP request.  Undesired authentication protocols
30300Sjoerg	 * don't do anything when they get an Open event.
30300Sjoerg	 */
30300Sjoerg	for (i = 0; i < IDX_COUNT; i++)
30300Sjoerg		if ((cps[i])->flags & CP_AUTH)
30300Sjoerg			(cps[i])->Open(sp);
30300Sjoerg
30300Sjoerg	if (sp->pp_phase == PHASE_NETWORK) {
25944Sjoerg		/* Notify all NCPs. */
25944Sjoerg		for (i = 0; i < IDX_COUNT; i++)
25944Sjoerg			if ((cps[i])->flags & CP_NCP)
25944Sjoerg				(cps[i])->Open(sp);
25944Sjoerg	}
25944Sjoerg
25944Sjoerg	/* Send Up events to all started protos. */
25944Sjoerg	for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
25944Sjoerg		if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0)
25944Sjoerg			(cps[i])->Up(sp);
25944Sjoerg
42104Sphk	/* notify low-level driver of state change */
42104Sphk	if (sp->pp_chg)
42104Sphk		sp->pp_chg(sp, (int)sp->pp_phase);
42104Sphk
25944Sjoerg	if (sp->pp_phase == PHASE_NETWORK)
25944Sjoerg		/* if no NCP is starting, close down */
30300Sjoerg		sppp_lcp_check_and_close(sp);
25944Sjoerg}
25944Sjoerg
25944Sjoergstatic void
25944Sjoergsppp_lcp_tld(struct sppp *sp)
25944Sjoerg{
42066Sphk	STDDCL;
25944Sjoerg	int i;
25944Sjoerg	u_long mask;
25944Sjoerg
25944Sjoerg	sp->pp_phase = PHASE_TERMINATE;
25944Sjoerg
42066Sphk	if (debug)
42066Sphk		log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
42066Sphk		    sppp_phase_name(sp->pp_phase));
25944Sjoerg
25944Sjoerg	/*
25944Sjoerg	 * Take upper layers down.  We send the Down event first and
25944Sjoerg	 * the Close second to prevent the upper layers from sending
25944Sjoerg	 * ``a flurry of terminate-request packets'', as the RFC
25944Sjoerg	 * describes it.
25944Sjoerg	 */
25944Sjoerg	for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
25944Sjoerg		if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) {
25944Sjoerg			(cps[i])->Down(sp);
25944Sjoerg			(cps[i])->Close(sp);
25944Sjoerg		}
25944Sjoerg}
25944Sjoerg
25944Sjoergstatic void
25944Sjoergsppp_lcp_tls(struct sppp *sp)
25944Sjoerg{
42066Sphk	STDDCL;
25944Sjoerg
25944Sjoerg	sp->pp_phase = PHASE_ESTABLISH;
25944Sjoerg
42066Sphk	if (debug)
42066Sphk		log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
42066Sphk		    sppp_phase_name(sp->pp_phase));
25944Sjoerg
25944Sjoerg	/* Notify lower layer if desired. */
25944Sjoerg	if (sp->pp_tls)
25944Sjoerg		(sp->pp_tls)(sp);
41881Sphk	else
41881Sphk		(sp->pp_up)(sp);
25944Sjoerg}
25944Sjoerg
25944Sjoergstatic void
25944Sjoergsppp_lcp_tlf(struct sppp *sp)
25944Sjoerg{
42066Sphk	STDDCL;
25944Sjoerg
25944Sjoerg	sp->pp_phase = PHASE_DEAD;
42066Sphk	if (debug)
42066Sphk		log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
42066Sphk		    sppp_phase_name(sp->pp_phase));
25944Sjoerg
25944Sjoerg	/* Notify lower layer if desired. */
25944Sjoerg	if (sp->pp_tlf)
25944Sjoerg		(sp->pp_tlf)(sp);
41881Sphk	else
41881Sphk		(sp->pp_down)(sp);
25944Sjoerg}
25944Sjoerg
25944Sjoergstatic void
25944Sjoergsppp_lcp_scr(struct sppp *sp)
25944Sjoerg{
30300Sjoerg	char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */];
25944Sjoerg	int i = 0;
30300Sjoerg	u_short authproto;
25944Sjoerg
25944Sjoerg	if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) {
25944Sjoerg		if (! sp->lcp.magic)
42065Sphk#if defined(__FreeBSD__) && __FreeBSD__ >= 3
35064Sphk			sp->lcp.magic = random();
40008Sjoerg#else
40008Sjoerg			sp->lcp.magic = time.tv_sec + time.tv_usec;
40008Sjoerg#endif
25944Sjoerg		opt[i++] = LCP_OPT_MAGIC;
25944Sjoerg		opt[i++] = 6;
25944Sjoerg		opt[i++] = sp->lcp.magic >> 24;
25944Sjoerg		opt[i++] = sp->lcp.magic >> 16;
25944Sjoerg		opt[i++] = sp->lcp.magic >> 8;
25944Sjoerg		opt[i++] = sp->lcp.magic;
25944Sjoerg	}
25944Sjoerg
25944Sjoerg	if (sp->lcp.opts & (1 << LCP_OPT_MRU)) {
25944Sjoerg		opt[i++] = LCP_OPT_MRU;
25944Sjoerg		opt[i++] = 4;
25944Sjoerg		opt[i++] = sp->lcp.mru >> 8;
25944Sjoerg		opt[i++] = sp->lcp.mru;
25944Sjoerg	}
25944Sjoerg
30300Sjoerg	if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) {
30300Sjoerg		authproto = sp->hisauth.proto;
30300Sjoerg		opt[i++] = LCP_OPT_AUTH_PROTO;
30300Sjoerg		opt[i++] = authproto == PPP_CHAP? 5: 4;
30300Sjoerg		opt[i++] = authproto >> 8;
30300Sjoerg		opt[i++] = authproto;
30300Sjoerg		if (authproto == PPP_CHAP)
30300Sjoerg			opt[i++] = CHAP_MD5;
30300Sjoerg	}
30300Sjoerg
78064Sume	sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP];
25944Sjoerg	sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt);
25944Sjoerg}
25944Sjoerg
25944Sjoerg/*
30300Sjoerg * Check the open NCPs, return true if at least one NCP is open.
30300Sjoerg */
30300Sjoergstatic int
30300Sjoergsppp_ncp_check(struct sppp *sp)
30300Sjoerg{
30300Sjoerg	int i, mask;
30300Sjoerg
30300Sjoerg	for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
30300Sjoerg		if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP)
30300Sjoerg			return 1;
30300Sjoerg	return 0;
30300Sjoerg}
30300Sjoerg
30300Sjoerg/*
25944Sjoerg * Re-check the open NCPs and see if we should terminate the link.
25944Sjoerg * Called by the NCPs during their tlf action handling.
25944Sjoerg */
25944Sjoergstatic void
30300Sjoergsppp_lcp_check_and_close(struct sppp *sp)
25944Sjoerg{
25944Sjoerg
30300Sjoerg	if (sp->pp_phase < PHASE_NETWORK)
30300Sjoerg		/* don't bother, we are already going down */
30300Sjoerg		return;
30300Sjoerg
30300Sjoerg	if (sppp_ncp_check(sp))
30300Sjoerg		return;
30300Sjoerg
25944Sjoerg	lcp.Close(sp);
25944Sjoerg}
70199Sjhay
70199Sjhay/*
25944Sjoerg *--------------------------------------------------------------------------*
25944Sjoerg *                                                                          *
25944Sjoerg *                        The IPCP implementation.                          *
25944Sjoerg *                                                                          *
25944Sjoerg *--------------------------------------------------------------------------*
25944Sjoerg */
25944Sjoerg
25944Sjoergstatic void
25944Sjoergsppp_ipcp_init(struct sppp *sp)
25944Sjoerg{
25944Sjoerg	sp->ipcp.opts = 0;
25944Sjoerg	sp->ipcp.flags = 0;
25944Sjoerg	sp->state[IDX_IPCP] = STATE_INITIAL;
25944Sjoerg	sp->fail_counter[IDX_IPCP] = 0;
78064Sume	sp->pp_seq[IDX_IPCP] = 0;
78064Sume	sp->pp_rseq[IDX_IPCP] = 0;
42065Sphk#if defined(__FreeBSD__) && __FreeBSD__ >= 3
29681Sgibbs	callout_handle_init(&sp->ch[IDX_IPCP]);
40008Sjoerg#endif
25944Sjoerg}
25944Sjoerg
25944Sjoergstatic void
25944Sjoergsppp_ipcp_up(struct sppp *sp)
25944Sjoerg{
25944Sjoerg	sppp_up_event(&ipcp, sp);
25944Sjoerg}
25944Sjoerg
25944Sjoergstatic void
25944Sjoergsppp_ipcp_down(struct sppp *sp)
25944Sjoerg{
25944Sjoerg	sppp_down_event(&ipcp, sp);
25944Sjoerg}
25944Sjoerg
25944Sjoergstatic void
25944Sjoergsppp_ipcp_open(struct sppp *sp)
25944Sjoerg{
25944Sjoerg	STDDCL;
25944Sjoerg	u_long myaddr, hisaddr;
25944Sjoerg
88534Sjoerg	sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN |
88534Sjoerg			    IPCP_MYADDR_DYN | IPCP_VJ);
42104Sphk
30300Sjoerg	sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0);
25944Sjoerg	/*
25944Sjoerg	 * If we don't have his address, this probably means our
25944Sjoerg	 * interface doesn't want to talk IP at all.  (This could
25944Sjoerg	 * be the case if somebody wants to speak only IPX, for
25944Sjoerg	 * example.)  Don't open IPCP in this case.
25944Sjoerg	 */
25944Sjoerg	if (hisaddr == 0L) {
25944Sjoerg		/* XXX this message should go away */
25944Sjoerg		if (debug)
40008Sjoerg			log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n",
40008Sjoerg			    SPP_ARGS(ifp));
25944Sjoerg		return;
25944Sjoerg	}
25944Sjoerg	if (myaddr == 0L) {
25944Sjoerg		/*
25944Sjoerg		 * I don't have an assigned address, so i need to
25944Sjoerg		 * negotiate my address.
25944Sjoerg		 */
25944Sjoerg		sp->ipcp.flags |= IPCP_MYADDR_DYN;
25944Sjoerg		sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
42104Sphk	} else
42104Sphk		sp->ipcp.flags |= IPCP_MYADDR_SEEN;
88534Sjoerg	if (sp->enable_vj) {
88534Sjoerg		sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION);
88534Sjoerg		sp->ipcp.max_state = MAX_STATES - 1;
88534Sjoerg		sp->ipcp.compress_cid = 1;
88534Sjoerg	}
25944Sjoerg	sppp_open_event(&ipcp, sp);
25944Sjoerg}
25944Sjoerg
25944Sjoergstatic void
25944Sjoergsppp_ipcp_close(struct sppp *sp)
25944Sjoerg{
25944Sjoerg	sppp_close_event(&ipcp, sp);
25944Sjoerg	if (sp->ipcp.flags & IPCP_MYADDR_DYN)
25944Sjoerg		/*
25944Sjoerg		 * My address was dynamic, clear it again.
25944Sjoerg		 */
25944Sjoerg		sppp_set_ip_addr(sp, 0L);
25944Sjoerg}
25944Sjoerg
25944Sjoergstatic void
25944Sjoergsppp_ipcp_TO(void *cookie)
25944Sjoerg{
25944Sjoerg	sppp_to_event(&ipcp, (struct sppp *)cookie);
25944Sjoerg}
25944Sjoerg
25944Sjoerg/*
25944Sjoerg * Analyze a configure request.  Return true if it was agreeable, and
25944Sjoerg * caused action sca, false if it has been rejected or nak'ed, and
25944Sjoerg * caused action scn.  (The return value is used to make the state
25944Sjoerg * transition decision in the state automaton.)
25944Sjoerg */
25944Sjoergstatic int
25944Sjoergsppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
25944Sjoerg{
25944Sjoerg	u_char *buf, *r, *p;
25944Sjoerg	struct ifnet *ifp = &sp->pp_if;
25944Sjoerg	int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
25944Sjoerg	u_long hisaddr, desiredaddr;
42104Sphk	int gotmyaddr = 0;
88534Sjoerg	int desiredcomp;
25944Sjoerg
25944Sjoerg	len -= 4;
25944Sjoerg	origlen = len;
25944Sjoerg	/*
25944Sjoerg	 * Make sure to allocate a buf that can at least hold a
25944Sjoerg	 * conf-nak with an `address' option.  We might need it below.
25944Sjoerg	 */
25944Sjoerg	buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT);
25944Sjoerg	if (! buf)
25944Sjoerg		return (0);
25944Sjoerg
25944Sjoerg	/* pass 1: see if we can recognize them */
25944Sjoerg	if (debug)
40008Sjoerg		log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ",
40008Sjoerg		    SPP_ARGS(ifp));
25944Sjoerg	p = (void*) (h+1);
25944Sjoerg	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
25944Sjoerg		if (debug)
69211Sphk			log(-1, " %s ", sppp_ipcp_opt_name(*p));
25944Sjoerg		switch (*p) {
88534Sjoerg		case IPCP_OPT_COMPRESSION:
88534Sjoerg			if (!sp->enable_vj) {
88534Sjoerg				/* VJ compression administratively disabled */
88534Sjoerg				if (debug)
88534Sjoerg					log(-1, "[locally disabled] ");
88534Sjoerg				break;
88534Sjoerg			}
88534Sjoerg			/*
88534Sjoerg			 * In theory, we should only conf-rej an
88534Sjoerg			 * option that is shorter than RFC 1618
88534Sjoerg			 * requires (i.e. < 4), and should conf-nak
88534Sjoerg			 * anything else that is not VJ.  However,
88534Sjoerg			 * since our algorithm always uses the
88534Sjoerg			 * original option to NAK it with new values,
88534Sjoerg			 * things would become more complicated.  In
88534Sjoerg			 * pratice, the only commonly implemented IP
88534Sjoerg			 * compression option is VJ anyway, so the
88534Sjoerg			 * difference is negligible.
88534Sjoerg			 */
88534Sjoerg			if (len >= 6 && p[1] == 6) {
88534Sjoerg				/*
88534Sjoerg				 * correctly formed compression option
88534Sjoerg				 * that could be VJ compression
88534Sjoerg				 */
88534Sjoerg				continue;
88534Sjoerg			}
88534Sjoerg			if (debug)
88534Sjoerg				log(-1,
88534Sjoerg				    "optlen %d [invalid/unsupported] ",
88534Sjoerg				    p[1]);
88534Sjoerg			break;
25944Sjoerg		case IPCP_OPT_ADDRESS:
25944Sjoerg			if (len >= 6 && p[1] == 6) {
25944Sjoerg				/* correctly formed address option */
25944Sjoerg				continue;
25944Sjoerg			}
25706Sjoerg			if (debug)
69211Sphk				log(-1, "[invalid] ");
11189Sjkh			break;
25944Sjoerg		default:
25944Sjoerg			/* Others not supported. */
25944Sjoerg			if (debug)
69211Sphk				log(-1, "[rej] ");
4910Swollman			break;
4910Swollman		}
25944Sjoerg		/* Add the option to rejected list. */
25944Sjoerg		bcopy (p, r, p[1]);
25944Sjoerg		r += p[1];
25944Sjoerg		rlen += p[1];
25944Sjoerg	}
25944Sjoerg	if (rlen) {
25944Sjoerg		if (debug)
69211Sphk			log(-1, " send conf-rej\n");
25944Sjoerg		sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf);
25944Sjoerg		return 0;
25944Sjoerg	} else if (debug)
69211Sphk		log(-1, "\n");
25944Sjoerg
25944Sjoerg	/* pass 2: parse option values */
30300Sjoerg	sppp_get_ip_addrs(sp, 0, &hisaddr, 0);
25944Sjoerg	if (debug)
40008Sjoerg		log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ",
40008Sjoerg		       SPP_ARGS(ifp));
25944Sjoerg	p = (void*) (h+1);
25944Sjoerg	len = origlen;
25944Sjoerg	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
25944Sjoerg		if (debug)
69211Sphk			log(-1, " %s ", sppp_ipcp_opt_name(*p));
25944Sjoerg		switch (*p) {
88534Sjoerg		case IPCP_OPT_COMPRESSION:
88534Sjoerg			desiredcomp = p[2] << 8 | p[3];
88534Sjoerg			/* We only support VJ */
88534Sjoerg			if (desiredcomp == IPCP_COMP_VJ) {
88534Sjoerg				if (debug)
88534Sjoerg					log(-1, "VJ [ack] ");
88534Sjoerg				sp->ipcp.flags |= IPCP_VJ;
88599Sjoerg				sl_compress_init(sp->pp_comp, p[4]);
88534Sjoerg				sp->ipcp.max_state = p[4];
88534Sjoerg				sp->ipcp.compress_cid = p[5];
88534Sjoerg				continue;
88534Sjoerg			}
88534Sjoerg			if (debug)
88534Sjoerg				log(-1,
88534Sjoerg				    "compproto %#04x [not supported] ",
88534Sjoerg				    desiredcomp);
88534Sjoerg			p[2] = IPCP_COMP_VJ >> 8;
88534Sjoerg			p[3] = IPCP_COMP_VJ;
88534Sjoerg			p[4] = sp->ipcp.max_state;
88534Sjoerg			p[5] = sp->ipcp.compress_cid;
88534Sjoerg			break;
25944Sjoerg		case IPCP_OPT_ADDRESS:
42104Sphk			/* This is the address he wants in his end */
25944Sjoerg			desiredaddr = p[2] << 24 | p[3] << 16 |
25944Sjoerg				p[4] << 8 | p[5];
33928Sphk			if (desiredaddr == hisaddr ||
42104Sphk			    (hisaddr == 1 && desiredaddr != 0)) {
25944Sjoerg				/*
25944Sjoerg				 * Peer's address is same as our value,
70199Sjhay				 * or we have set it to 0.0.0.1 to
33928Sphk				 * indicate that we do not really care,
25944Sjoerg				 * this is agreeable.  Gonna conf-ack
25944Sjoerg				 * it.
25944Sjoerg				 */
25944Sjoerg				if (debug)
69211Sphk					log(-1, "%s [ack] ",
42104Sphk						sppp_dotted_quad(hisaddr));
25944Sjoerg				/* record that we've seen it already */
25944Sjoerg				sp->ipcp.flags |= IPCP_HISADDR_SEEN;
25944Sjoerg				continue;
25944Sjoerg			}
25944Sjoerg			/*
25944Sjoerg			 * The address wasn't agreeable.  This is either
25944Sjoerg			 * he sent us 0.0.0.0, asking to assign him an
25944Sjoerg			 * address, or he send us another address not
25944Sjoerg			 * matching our value.  Either case, we gonna
25944Sjoerg			 * conf-nak it with our value.
42104Sphk			 * XXX: we should "rej" if hisaddr == 0
25944Sjoerg			 */
25944Sjoerg			if (debug) {
25944Sjoerg				if (desiredaddr == 0)
69211Sphk					log(-1, "[addr requested] ");
25944Sjoerg				else
69211Sphk					log(-1, "%s [not agreed] ",
42104Sphk						sppp_dotted_quad(desiredaddr));
25944Sjoerg
25944Sjoerg			}
44235Sphk			p[2] = hisaddr >> 24;
44235Sphk			p[3] = hisaddr >> 16;
44235Sphk			p[4] = hisaddr >> 8;
44235Sphk			p[5] = hisaddr;
11189Sjkh			break;
25706Sjoerg		}
25944Sjoerg		/* Add the option to nak'ed list. */
25944Sjoerg		bcopy (p, r, p[1]);
25944Sjoerg		r += p[1];
25944Sjoerg		rlen += p[1];
25944Sjoerg	}
25944Sjoerg
25944Sjoerg	/*
25944Sjoerg	 * If we are about to conf-ack the request, but haven't seen
25944Sjoerg	 * his address so far, gonna conf-nak it instead, with the
25944Sjoerg	 * `address' option present and our idea of his address being
25944Sjoerg	 * filled in there, to request negotiation of both addresses.
25944Sjoerg	 *
25944Sjoerg	 * XXX This can result in an endless req - nak loop if peer
25944Sjoerg	 * doesn't want to send us his address.  Q: What should we do
25944Sjoerg	 * about it?  XXX  A: implement the max-failure counter.
25944Sjoerg	 */
42104Sphk	if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) {
25944Sjoerg		buf[0] = IPCP_OPT_ADDRESS;
25944Sjoerg		buf[1] = 6;
25944Sjoerg		buf[2] = hisaddr >> 24;
25944Sjoerg		buf[3] = hisaddr >> 16;
25944Sjoerg		buf[4] = hisaddr >> 8;
25944Sjoerg		buf[5] = hisaddr;
25944Sjoerg		rlen = 6;
25706Sjoerg		if (debug)
69211Sphk			log(-1, "still need hisaddr ");
25944Sjoerg	}
25944Sjoerg
25944Sjoerg	if (rlen) {
25706Sjoerg		if (debug)
69211Sphk			log(-1, " send conf-nak\n");
25944Sjoerg		sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf);
25944Sjoerg	} else {
25706Sjoerg		if (debug)
69211Sphk			log(-1, " send conf-ack\n");
25944Sjoerg		sppp_cp_send (sp, PPP_IPCP, CONF_ACK,
25944Sjoerg			      h->ident, origlen, h+1);
25944Sjoerg	}
25944Sjoerg
25944Sjoerg	free (buf, M_TEMP);
25944Sjoerg	return (rlen == 0);
25944Sjoerg}
25944Sjoerg
25944Sjoerg/*
25944Sjoerg * Analyze the IPCP Configure-Reject option list, and adjust our
25944Sjoerg * negotiation.
25944Sjoerg */
25944Sjoergstatic void
25944Sjoergsppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
25944Sjoerg{
25944Sjoerg	u_char *buf, *p;
25944Sjoerg	struct ifnet *ifp = &sp->pp_if;
25944Sjoerg	int debug = ifp->if_flags & IFF_DEBUG;
25944Sjoerg
25944Sjoerg	len -= 4;
25944Sjoerg	buf = malloc (len, M_TEMP, M_NOWAIT);
25944Sjoerg	if (!buf)
25944Sjoerg		return;
25944Sjoerg
25944Sjoerg	if (debug)
40008Sjoerg		log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ",
40008Sjoerg		    SPP_ARGS(ifp));
25944Sjoerg
25944Sjoerg	p = (void*) (h+1);
25944Sjoerg	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
25706Sjoerg		if (debug)
69211Sphk			log(-1, " %s ", sppp_ipcp_opt_name(*p));
25944Sjoerg		switch (*p) {
88534Sjoerg		case IPCP_OPT_COMPRESSION:
88534Sjoerg			sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION);
88534Sjoerg			break;
25944Sjoerg		case IPCP_OPT_ADDRESS:
25944Sjoerg			/*
25944Sjoerg			 * Peer doesn't grok address option.  This is
25944Sjoerg			 * bad.  XXX  Should we better give up here?
42104Sphk			 * XXX We could try old "addresses" option...
25944Sjoerg			 */
25944Sjoerg			sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS);
25944Sjoerg			break;
25944Sjoerg		}
4910Swollman	}
25944Sjoerg	if (debug)
69211Sphk		log(-1, "\n");
25944Sjoerg	free (buf, M_TEMP);
25944Sjoerg	return;
4910Swollman}
4910Swollman
25944Sjoerg/*
25944Sjoerg * Analyze the IPCP Configure-NAK option list, and adjust our
25944Sjoerg * negotiation.
25944Sjoerg */
12820Sphkstatic void
25944Sjoergsppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
4910Swollman{
25944Sjoerg	u_char *buf, *p;
25944Sjoerg	struct ifnet *ifp = &sp->pp_if;
25944Sjoerg	int debug = ifp->if_flags & IFF_DEBUG;
88534Sjoerg	int desiredcomp;
25944Sjoerg	u_long wantaddr;
4910Swollman
25944Sjoerg	len -= 4;
25944Sjoerg	buf = malloc (len, M_TEMP, M_NOWAIT);
25944Sjoerg	if (!buf)
25944Sjoerg		return;
25944Sjoerg
25944Sjoerg	if (debug)
40008Sjoerg		log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ",
40008Sjoerg		    SPP_ARGS(ifp));
25944Sjoerg
25944Sjoerg	p = (void*) (h+1);
25944Sjoerg	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
25944Sjoerg		if (debug)
69211Sphk			log(-1, " %s ", sppp_ipcp_opt_name(*p));
25944Sjoerg		switch (*p) {
88534Sjoerg		case IPCP_OPT_COMPRESSION:
88534Sjoerg			if (len >= 6 && p[1] == 6) {
88534Sjoerg				desiredcomp = p[2] << 8 | p[3];
88534Sjoerg				if (debug)
88534Sjoerg					log(-1, "[wantcomp %#04x] ",
88534Sjoerg						desiredcomp);
88534Sjoerg				if (desiredcomp == IPCP_COMP_VJ) {
88599Sjoerg					sl_compress_init(sp->pp_comp, p[4]);
88534Sjoerg					sp->ipcp.max_state = p[4];
88534Sjoerg					sp->ipcp.compress_cid = p[5];
88534Sjoerg					if (debug)
88534Sjoerg						log(-1, "[agree] ");
88534Sjoerg				} else
88534Sjoerg					sp->ipcp.opts &=
88534Sjoerg						~(1 << IPCP_OPT_COMPRESSION);
88534Sjoerg			}
88534Sjoerg			break;
25944Sjoerg		case IPCP_OPT_ADDRESS:
25944Sjoerg			/*
25944Sjoerg			 * Peer doesn't like our local IP address.  See
25944Sjoerg			 * if we can do something for him.  We'll drop
25944Sjoerg			 * him our address then.
25944Sjoerg			 */
25944Sjoerg			if (len >= 6 && p[1] == 6) {
25944Sjoerg				wantaddr = p[2] << 24 | p[3] << 16 |
25944Sjoerg					p[4] << 8 | p[5];
25944Sjoerg				sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
25944Sjoerg				if (debug)
69211Sphk					log(-1, "[wantaddr %s] ",
30300Sjoerg					       sppp_dotted_quad(wantaddr));
25944Sjoerg				/*
25944Sjoerg				 * When doing dynamic address assignment,
25944Sjoerg				 * we accept his offer.  Otherwise, we
25944Sjoerg				 * ignore it and thus continue to negotiate
25944Sjoerg				 * our already existing value.
42104Sphk			 	 * XXX: Bogus, if he said no once, he'll
42104Sphk				 * just say no again, might as well die.
25944Sjoerg				 */
25944Sjoerg				if (sp->ipcp.flags & IPCP_MYADDR_DYN) {
25944Sjoerg					sppp_set_ip_addr(sp, wantaddr);
25944Sjoerg					if (debug)
69211Sphk						log(-1, "[agree] ");
42104Sphk					sp->ipcp.flags |= IPCP_MYADDR_SEEN;
25944Sjoerg				}
25944Sjoerg			}
25944Sjoerg			break;
25944Sjoerg		}
25944Sjoerg	}
25944Sjoerg	if (debug)
69211Sphk		log(-1, "\n");
25944Sjoerg	free (buf, M_TEMP);
25944Sjoerg	return;
4910Swollman}
4910Swollman
12820Sphkstatic void
25944Sjoergsppp_ipcp_tlu(struct sppp *sp)
4910Swollman{
42104Sphk	/* we are up - notify isdn daemon */
42104Sphk	if (sp->pp_con)
42104Sphk		sp->pp_con(sp);
4910Swollman}
4910Swollman
25944Sjoergstatic void
25944Sjoergsppp_ipcp_tld(struct sppp *sp)
25944Sjoerg{
25944Sjoerg}
25944Sjoerg
25944Sjoergstatic void
25944Sjoergsppp_ipcp_tls(struct sppp *sp)
25944Sjoerg{
25944Sjoerg	/* indicate to LCP that it must stay alive */
25944Sjoerg	sp->lcp.protos |= (1 << IDX_IPCP);
25944Sjoerg}
25944Sjoerg
25944Sjoergstatic void
25944Sjoergsppp_ipcp_tlf(struct sppp *sp)
25944Sjoerg{
25944Sjoerg	/* we no longer need LCP */
25944Sjoerg	sp->lcp.protos &= ~(1 << IDX_IPCP);
30300Sjoerg	sppp_lcp_check_and_close(sp);
25944Sjoerg}
25944Sjoerg
25944Sjoergstatic void
25944Sjoergsppp_ipcp_scr(struct sppp *sp)
25944Sjoerg{
25944Sjoerg	char opt[6 /* compression */ + 6 /* address */];
25944Sjoerg	u_long ouraddr;
25944Sjoerg	int i = 0;
25944Sjoerg
88534Sjoerg	if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) {
88534Sjoerg		opt[i++] = IPCP_OPT_COMPRESSION;
88534Sjoerg		opt[i++] = 6;
88534Sjoerg		opt[i++] = IPCP_COMP_VJ >> 8;
88534Sjoerg		opt[i++] = IPCP_COMP_VJ;
88534Sjoerg		opt[i++] = sp->ipcp.max_state;
88534Sjoerg		opt[i++] = sp->ipcp.compress_cid;
88534Sjoerg	}
25944Sjoerg	if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) {
30300Sjoerg		sppp_get_ip_addrs(sp, &ouraddr, 0, 0);
25944Sjoerg		opt[i++] = IPCP_OPT_ADDRESS;
25944Sjoerg		opt[i++] = 6;
25944Sjoerg		opt[i++] = ouraddr >> 24;
25944Sjoerg		opt[i++] = ouraddr >> 16;
25944Sjoerg		opt[i++] = ouraddr >> 8;
25944Sjoerg		opt[i++] = ouraddr;
25944Sjoerg	}
25944Sjoerg
78064Sume	sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP];
25944Sjoerg	sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt);
25944Sjoerg}
25944Sjoerg
70199Sjhay/*
30300Sjoerg *--------------------------------------------------------------------------*
30300Sjoerg *                                                                          *
78064Sume *                      The IPv6CP implementation.                          *
78064Sume *                                                                          *
78064Sume *--------------------------------------------------------------------------*
78064Sume */
78064Sume
78064Sume#ifdef INET6
78064Sumestatic void
78064Sumesppp_ipv6cp_init(struct sppp *sp)
78064Sume{
78064Sume	sp->ipv6cp.opts = 0;
78064Sume	sp->ipv6cp.flags = 0;
78064Sume	sp->state[IDX_IPV6CP] = STATE_INITIAL;
78064Sume	sp->fail_counter[IDX_IPV6CP] = 0;
78064Sume	sp->pp_seq[IDX_IPV6CP] = 0;
78064Sume	sp->pp_rseq[IDX_IPV6CP] = 0;
78064Sume#if defined(__NetBSD__)
78064Sume	callout_init(&sp->ch[IDX_IPV6CP]);
78064Sume#endif
78064Sume#if defined(__FreeBSD__) && __FreeBSD__ >= 3
78064Sume	callout_handle_init(&sp->ch[IDX_IPV6CP]);
78064Sume#endif
78064Sume}
78064Sume
78064Sumestatic void
78064Sumesppp_ipv6cp_up(struct sppp *sp)
78064Sume{
78064Sume	sppp_up_event(&ipv6cp, sp);
78064Sume}
78064Sume
78064Sumestatic void
78064Sumesppp_ipv6cp_down(struct sppp *sp)
78064Sume{
78064Sume	sppp_down_event(&ipv6cp, sp);
78064Sume}
78064Sume
78064Sumestatic void
78064Sumesppp_ipv6cp_open(struct sppp *sp)
78064Sume{
78064Sume	STDDCL;
78064Sume	struct in6_addr myaddr, hisaddr;
78064Sume
78064Sume#ifdef IPV6CP_MYIFID_DYN
78064Sume	sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN);
78064Sume#else
78064Sume	sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN;
78064Sume#endif
78064Sume
78064Sume	sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0);
78064Sume	/*
78064Sume	 * If we don't have our address, this probably means our
78064Sume	 * interface doesn't want to talk IPv6 at all.  (This could
78064Sume	 * be the case if somebody wants to speak only IPX, for
78064Sume	 * example.)  Don't open IPv6CP in this case.
78064Sume	 */
78064Sume	if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) {
78064Sume		/* XXX this message should go away */
78064Sume		if (debug)
78064Sume			log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n",
78064Sume			    SPP_ARGS(ifp));
78064Sume		return;
78064Sume	}
78064Sume
78064Sume	sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN;
78064Sume	sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID);
78064Sume	sppp_open_event(&ipv6cp, sp);
78064Sume}
78064Sume
78064Sumestatic void
78064Sumesppp_ipv6cp_close(struct sppp *sp)
78064Sume{
78064Sume	sppp_close_event(&ipv6cp, sp);
78064Sume}
78064Sume
78064Sumestatic void
78064Sumesppp_ipv6cp_TO(void *cookie)
78064Sume{
78064Sume	sppp_to_event(&ipv6cp, (struct sppp *)cookie);
78064Sume}
78064Sume
78064Sume/*
78064Sume * Analyze a configure request.  Return true if it was agreeable, and
78064Sume * caused action sca, false if it has been rejected or nak'ed, and
78064Sume * caused action scn.  (The return value is used to make the state
78064Sume * transition decision in the state automaton.)
78064Sume */
78064Sumestatic int
78064Sumesppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len)
78064Sume{
78064Sume	u_char *buf, *r, *p;
78064Sume	struct ifnet *ifp = &sp->pp_if;
78064Sume	int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
78064Sume	struct in6_addr myaddr, desiredaddr, suggestaddr;
78064Sume	int ifidcount;
78064Sume	int type;
78064Sume	int collision, nohisaddr;
78064Sume
78064Sume	len -= 4;
78064Sume	origlen = len;
78064Sume	/*
78064Sume	 * Make sure to allocate a buf that can at least hold a
78064Sume	 * conf-nak with an `address' option.  We might need it below.
78064Sume	 */
78064Sume	buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT);
78064Sume	if (! buf)
78064Sume		return (0);
78064Sume
78064Sume	/* pass 1: see if we can recognize them */
78064Sume	if (debug)
78064Sume		log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:",
78064Sume		    SPP_ARGS(ifp));
78064Sume	p = (void*) (h+1);
78064Sume	ifidcount = 0;
78064Sume	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
78064Sume		if (debug)
78176Sume			log(-1, " %s", sppp_ipv6cp_opt_name(*p));
78064Sume		switch (*p) {
78064Sume		case IPV6CP_OPT_IFID:
78064Sume			if (len >= 10 && p[1] == 10 && ifidcount == 0) {
78064Sume				/* correctly formed address option */
78064Sume				ifidcount++;
78064Sume				continue;
78064Sume			}
78064Sume			if (debug)
78176Sume				log(-1, " [invalid]");
78064Sume			break;
78064Sume#ifdef notyet
78064Sume		case IPV6CP_OPT_COMPRESSION:
78064Sume			if (len >= 4 && p[1] >= 4) {
78064Sume				/* correctly formed compress option */
78064Sume				continue;
78064Sume			}
78064Sume			if (debug)
78176Sume				log(-1, " [invalid]");
78064Sume			break;
78064Sume#endif
78064Sume		default:
78064Sume			/* Others not supported. */
78064Sume			if (debug)
78176Sume				log(-1, " [rej]");
78064Sume			break;
78064Sume		}
78064Sume		/* Add the option to rejected list. */
78064Sume		bcopy (p, r, p[1]);
78064Sume		r += p[1];
78064Sume		rlen += p[1];
78064Sume	}
78064Sume	if (rlen) {
78064Sume		if (debug)
78176Sume			log(-1, " send conf-rej\n");
78064Sume		sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf);
78064Sume		goto end;
78064Sume	} else if (debug)
78176Sume		log(-1, "\n");
78064Sume
78064Sume	/* pass 2: parse option values */
78064Sume	sppp_get_ip6_addrs(sp, &myaddr, 0, 0);
78064Sume	if (debug)
78064Sume		log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ",
78064Sume		    SPP_ARGS(ifp));
78064Sume	p = (void*) (h+1);
78064Sume	len = origlen;
78064Sume	type = CONF_ACK;
78064Sume	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
78064Sume		if (debug)
78176Sume			log(-1, " %s", sppp_ipv6cp_opt_name(*p));
78064Sume		switch (*p) {
78064Sume#ifdef notyet
78064Sume		case IPV6CP_OPT_COMPRESSION:
78064Sume			continue;
78064Sume#endif
78064Sume		case IPV6CP_OPT_IFID:
78064Sume			bzero(&desiredaddr, sizeof(desiredaddr));
78064Sume			bcopy(&p[2], &desiredaddr.s6_addr[8], 8);
78064Sume			collision = (bcmp(&desiredaddr.s6_addr[8],
78064Sume					  &myaddr.s6_addr[8], 8) == 0);
78064Sume			nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr);
78064Sume
78064Sume			desiredaddr.s6_addr16[0] = htons(0xfe80);
78064Sume			desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index);
78064Sume
78064Sume			if (!collision && !nohisaddr) {
78064Sume				/* no collision, hisaddr known - Conf-Ack */
78064Sume				type = CONF_ACK;
78064Sume
78064Sume				if (debug) {
78176Sume					log(-1, " %s [%s]",
78064Sume					       ip6_sprintf(&desiredaddr),
78064Sume					       sppp_cp_type_name(type));
78064Sume				}
78064Sume				continue;
78064Sume			}
78064Sume
78064Sume			bzero(&suggestaddr, sizeof(&suggestaddr));
78064Sume			if (collision && nohisaddr) {
78064Sume				/* collision, hisaddr unknown - Conf-Rej */
78064Sume				type = CONF_REJ;
78064Sume				bzero(&p[2], 8);
78064Sume			} else {
78064Sume				/*
78064Sume				 * - no collision, hisaddr unknown, or
78064Sume				 * - collision, hisaddr known
78064Sume				 * Conf-Nak, suggest hisaddr
78064Sume				 */
78064Sume				type = CONF_NAK;
78064Sume				sppp_suggest_ip6_addr(sp, &suggestaddr);
78064Sume				bcopy(&suggestaddr.s6_addr[8], &p[2], 8);
78064Sume			}
78064Sume			if (debug)
78176Sume				log(-1, " %s [%s]", ip6_sprintf(&desiredaddr),
78064Sume				       sppp_cp_type_name(type));
78064Sume			break;
78064Sume		}
78064Sume		/* Add the option to nak'ed list. */
78064Sume		bcopy (p, r, p[1]);
78064Sume		r += p[1];
78064Sume		rlen += p[1];
78064Sume	}
78064Sume
78064Sume	if (rlen == 0 && type == CONF_ACK) {
78064Sume		if (debug)
78176Sume			log(-1, " send %s\n", sppp_cp_type_name(type));
78064Sume		sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1);
78064Sume	} else {
78064Sume#ifdef DIAGNOSTIC
78064Sume		if (type == CONF_ACK)
78064Sume			panic("IPv6CP RCR: CONF_ACK with non-zero rlen");
78064Sume#endif
78064Sume
78064Sume		if (debug) {
78176Sume			log(-1, " send %s suggest %s\n",
78064Sume			       sppp_cp_type_name(type), ip6_sprintf(&suggestaddr));
78064Sume		}
78064Sume		sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf);
78064Sume	}
78064Sume
78064Sume end:
78064Sume	free (buf, M_TEMP);
78064Sume	return (rlen == 0);
78064Sume}
78064Sume
78064Sume/*
78064Sume * Analyze the IPv6CP Configure-Reject option list, and adjust our
78064Sume * negotiation.
78064Sume */
78064Sumestatic void
78064Sumesppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
78064Sume{
78064Sume	u_char *buf, *p;
78064Sume	struct ifnet *ifp = &sp->pp_if;
78064Sume	int debug = ifp->if_flags & IFF_DEBUG;
78064Sume
78064Sume	len -= 4;
78064Sume	buf = malloc (len, M_TEMP, M_NOWAIT);
78064Sume	if (!buf)
78064Sume		return;
78064Sume
78064Sume	if (debug)
78064Sume		log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:",
78064Sume		    SPP_ARGS(ifp));
78064Sume
78064Sume	p = (void*) (h+1);
78064Sume	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
78064Sume		if (debug)
78176Sume			log(-1, " %s", sppp_ipv6cp_opt_name(*p));
78064Sume		switch (*p) {
78064Sume		case IPV6CP_OPT_IFID:
78064Sume			/*
78064Sume			 * Peer doesn't grok address option.  This is
78064Sume			 * bad.  XXX  Should we better give up here?
78064Sume			 */
78064Sume			sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID);
78064Sume			break;
78064Sume#ifdef notyet
78064Sume		case IPV6CP_OPT_COMPRESS:
78064Sume			sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS);
78064Sume			break;
78064Sume#endif
78064Sume		}
78064Sume	}
78064Sume	if (debug)
78176Sume		log(-1, "\n");
78064Sume	free (buf, M_TEMP);
78064Sume	return;
78064Sume}
78064Sume
78064Sume/*
78064Sume * Analyze the IPv6CP Configure-NAK option list, and adjust our
78064Sume * negotiation.
78064Sume */
78064Sumestatic void
78064Sumesppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
78064Sume{
78064Sume	u_char *buf, *p;
78064Sume	struct ifnet *ifp = &sp->pp_if;
78064Sume	int debug = ifp->if_flags & IFF_DEBUG;
78064Sume	struct in6_addr suggestaddr;
78064Sume
78064Sume	len -= 4;
78064Sume	buf = malloc (len, M_TEMP, M_NOWAIT);
78064Sume	if (!buf)
78064Sume		return;
78064Sume
78064Sume	if (debug)
78064Sume		log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:",
78064Sume		    SPP_ARGS(ifp));
78064Sume
78064Sume	p = (void*) (h+1);
78064Sume	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
78064Sume		if (debug)
78176Sume			log(-1, " %s", sppp_ipv6cp_opt_name(*p));
78064Sume		switch (*p) {
78064Sume		case IPV6CP_OPT_IFID:
78064Sume			/*
78064Sume			 * Peer doesn't like our local ifid.  See
78064Sume			 * if we can do something for him.  We'll drop
78064Sume			 * him our address then.
78064Sume			 */
78064Sume			if (len < 10 || p[1] != 10)
78064Sume				break;
78064Sume			bzero(&suggestaddr, sizeof(suggestaddr));
78064Sume			suggestaddr.s6_addr16[0] = htons(0xfe80);
78064Sume			suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index);
78064Sume			bcopy(&p[2], &suggestaddr.s6_addr[8], 8);
78064Sume
78064Sume			sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID);
78064Sume			if (debug)
78176Sume				log(-1, " [suggestaddr %s]",
78064Sume				       ip6_sprintf(&suggestaddr));
78064Sume#ifdef IPV6CP_MYIFID_DYN
78064Sume			/*
78064Sume			 * When doing dynamic address assignment,
78064Sume			 * we accept his offer.
78064Sume			 */
78064Sume			if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) {
78064Sume				struct in6_addr lastsuggest;
78064Sume				/*
78064Sume				 * If <suggested myaddr from peer> equals to
78064Sume				 * <hisaddr we have suggested last time>,
78064Sume				 * we have a collision.  generate new random
78064Sume				 * ifid.
78064Sume				 */
78064Sume				sppp_suggest_ip6_addr(&lastsuggest);
78064Sume				if (IN6_ARE_ADDR_EQUAL(&suggestaddr,
78064Sume						       lastsuggest)) {
78064Sume					if (debug)
78176Sume						log(-1, " [random]");
78064Sume					sppp_gen_ip6_addr(sp, &suggestaddr);
78064Sume				}
78064Sume				sppp_set_ip6_addr(sp, &suggestaddr, 0);
78064Sume				if (debug)
78176Sume					log(-1, " [agree]");
78064Sume				sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN;
78064Sume			}
78064Sume#else
78064Sume			/*
78064Sume			 * Since we do not do dynamic address assignment,
78064Sume			 * we ignore it and thus continue to negotiate
78064Sume			 * our already existing value.  This can possibly
78064Sume			 * go into infinite request-reject loop.
78064Sume			 *
78064Sume			 * This is not likely because we normally use
78064Sume			 * ifid based on MAC-address.
78064Sume			 * If you have no ethernet card on the node, too bad.
78064Sume			 * XXX should we use fail_counter?
78064Sume			 */
78064Sume#endif
78064Sume			break;
78064Sume#ifdef notyet
78064Sume		case IPV6CP_OPT_COMPRESS:
78064Sume			/*
78064Sume			 * Peer wants different compression parameters.
78064Sume			 */
78064Sume			break;
78064Sume#endif
78064Sume		}
78064Sume	}
78064Sume	if (debug)
78176Sume		log(-1, "\n");
78064Sume	free (buf, M_TEMP);
78064Sume	return;
78064Sume}
78064Sumestatic void
78064Sumesppp_ipv6cp_tlu(struct sppp *sp)
78064Sume{
78064Sume	/* we are up - notify isdn daemon */
78064Sume	if (sp->pp_con)
78064Sume		sp->pp_con(sp);
78064Sume}
78064Sume
78064Sumestatic void
78064Sumesppp_ipv6cp_tld(struct sppp *sp)
78064Sume{
78064Sume}
78064Sume
78064Sumestatic void
78064Sumesppp_ipv6cp_tls(struct sppp *sp)
78064Sume{
78064Sume	/* indicate to LCP that it must stay alive */
78064Sume	sp->lcp.protos |= (1 << IDX_IPV6CP);
78064Sume}
78064Sume
78064Sumestatic void
78064Sumesppp_ipv6cp_tlf(struct sppp *sp)
78064Sume{
78064Sume
78064Sume#if 0	/* need #if 0 to close IPv6CP properly */
78064Sume	/* we no longer need LCP */
78064Sume	sp->lcp.protos &= ~(1 << IDX_IPV6CP);
78064Sume	sppp_lcp_check_and_close(sp);
78064Sume#endif
78064Sume}
78064Sume
78064Sumestatic void
78064Sumesppp_ipv6cp_scr(struct sppp *sp)
78064Sume{
78064Sume	char opt[10 /* ifid */ + 4 /* compression, minimum */];
78064Sume	struct in6_addr ouraddr;
78064Sume	int i = 0;
78064Sume
78064Sume	if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) {
78064Sume		sppp_get_ip6_addrs(sp, &ouraddr, 0, 0);
78064Sume		opt[i++] = IPV6CP_OPT_IFID;
78064Sume		opt[i++] = 10;
78064Sume		bcopy(&ouraddr.s6_addr[8], &opt[i], 8);
78064Sume		i += 8;
78064Sume	}
78064Sume
78064Sume#ifdef notyet
78064Sume	if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) {
78064Sume		opt[i++] = IPV6CP_OPT_COMPRESSION;
78064Sume		opt[i++] = 4;
78064Sume		opt[i++] = 0;   /* TBD */
78064Sume		opt[i++] = 0;   /* TBD */
78064Sume		/* variable length data may follow */
78064Sume	}
78064Sume#endif
78064Sume
78064Sume	sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP];
78064Sume	sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt);
78064Sume}
78064Sume#else /*INET6*/
78064Sumestatic void sppp_ipv6cp_init(struct sppp *sp)
78064Sume{
78064Sume}
78064Sume
78064Sumestatic void sppp_ipv6cp_up(struct sppp *sp)
78064Sume{
78064Sume}
78064Sume
78064Sumestatic void sppp_ipv6cp_down(struct sppp *sp)
78064Sume{
78064Sume}
78064Sume
78064Sume
78064Sumestatic void sppp_ipv6cp_open(struct sppp *sp)
78064Sume{
78064Sume}
78064Sume
78064Sumestatic void sppp_ipv6cp_close(struct sppp *sp)
78064Sume{
78064Sume}
78064Sume
78064Sumestatic void sppp_ipv6cp_TO(void *sp)
78064Sume{
78064Sume}
78064Sume
78064Sumestatic int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len)
78064Sume{
78064Sume	return 0;
78064Sume}
78064Sume
78064Sumestatic void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
78064Sume{
78064Sume}
78064Sume
78064Sumestatic void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
78064Sume{
78064Sume}
78064Sume
78064Sumestatic void sppp_ipv6cp_tlu(struct sppp *sp)
78064Sume{
78064Sume}
78064Sume
78064Sumestatic void sppp_ipv6cp_tld(struct sppp *sp)
78064Sume{
78064Sume}
78064Sume
78064Sumestatic void sppp_ipv6cp_tls(struct sppp *sp)
78064Sume{
78064Sume}
78064Sume
78064Sumestatic void sppp_ipv6cp_tlf(struct sppp *sp)
78064Sume{
78064Sume}
78064Sume
78064Sumestatic void sppp_ipv6cp_scr(struct sppp *sp)
78064Sume{
78064Sume}
78064Sume#endif /*INET6*/
78064Sume
78064Sume/*
78064Sume *--------------------------------------------------------------------------*
78064Sume *                                                                          *
30300Sjoerg *                        The CHAP implementation.                          *
30300Sjoerg *                                                                          *
30300Sjoerg *--------------------------------------------------------------------------*
30300Sjoerg */
30300Sjoerg
30300Sjoerg/*
30300Sjoerg * The authentication protocols don't employ a full-fledged state machine as
30300Sjoerg * the control protocols do, since they do have Open and Close events, but
30300Sjoerg * not Up and Down, nor are they explicitly terminated.  Also, use of the
30300Sjoerg * authentication protocols may be different in both directions (this makes
30300Sjoerg * sense, think of a machine that never accepts incoming calls but only
30300Sjoerg * calls out, it doesn't require the called party to authenticate itself).
30300Sjoerg *
30300Sjoerg * Our state machine for the local authentication protocol (we are requesting
30300Sjoerg * the peer to authenticate) looks like:
30300Sjoerg *
30300Sjoerg *						    RCA-
30300Sjoerg *	      +--------------------------------------------+
30300Sjoerg *	      V					    scn,tld|
30300Sjoerg *	  +--------+			       Close   +---------+ RCA+
30300Sjoerg *	  |	   |<----------------------------------|	 |------+
30300Sjoerg *   +--->| Closed |				TO*    | Opened	 | sca	|
30300Sjoerg *   |	  |	   |-----+		       +-------|	 |<-----+
30300Sjoerg *   |	  +--------+ irc |		       |       +---------+
30300Sjoerg *   |	    ^		 |		       |	   ^
30300Sjoerg *   |	    |		 |		       |	   |
30300Sjoerg *   |	    |		 |		       |	   |
30300Sjoerg *   |	 TO-|		 |		       |	   |
30300Sjoerg *   |	    |tld  TO+	 V		       |	   |
30300Sjoerg *   |	    |	+------->+		       |	   |
30300Sjoerg *   |	    |	|	 |		       |	   |
30300Sjoerg *   |	  +--------+	 V		       |	   |
30300Sjoerg *   |	  |	   |<----+<--------------------+	   |
30300Sjoerg *   |	  | Req-   | scr				   |
30300Sjoerg *   |	  | Sent   |					   |
30300Sjoerg *   |	  |	   |					   |
30300Sjoerg *   |	  +--------+					   |
30300Sjoerg *   | RCA- |	| RCA+					   |
30300Sjoerg *   +------+	+------------------------------------------+
30300Sjoerg *   scn,tld	  sca,irc,ict,tlu
30300Sjoerg *
30300Sjoerg *
30300Sjoerg *   with:
30300Sjoerg *
30300Sjoerg *	Open:	LCP reached authentication phase
30300Sjoerg *	Close:	LCP reached terminate phase
30300Sjoerg *
30300Sjoerg *	RCA+:	received reply (pap-req, chap-response), acceptable
30300Sjoerg *	RCN:	received reply (pap-req, chap-response), not acceptable
30300Sjoerg *	TO+:	timeout with restart counter >= 0
30300Sjoerg *	TO-:	timeout with restart counter < 0
30300Sjoerg *	TO*:	reschedule timeout for CHAP
30300Sjoerg *
30300Sjoerg *	scr:	send request packet (none for PAP, chap-challenge)
30300Sjoerg *	sca:	send ack packet (pap-ack, chap-success)
30300Sjoerg *	scn:	send nak packet (pap-nak, chap-failure)
30300Sjoerg *	ict:	initialize re-challenge timer (CHAP only)
30300Sjoerg *
30300Sjoerg *	tlu:	this-layer-up, LCP reaches network phase
30300Sjoerg *	tld:	this-layer-down, LCP enters terminate phase
30300Sjoerg *
30300Sjoerg * Note that in CHAP mode, after sending a new challenge, while the state
30300Sjoerg * automaton falls back into Req-Sent state, it doesn't signal a tld
30300Sjoerg * event to LCP, so LCP remains in network phase.  Only after not getting
30300Sjoerg * any response (or after getting an unacceptable response), CHAP closes,
30300Sjoerg * causing LCP to enter terminate phase.
30300Sjoerg *
30300Sjoerg * With PAP, there is no initial request that can be sent.  The peer is
30300Sjoerg * expected to send one based on the successful negotiation of PAP as
30300Sjoerg * the authentication protocol during the LCP option negotiation.
30300Sjoerg *
30300Sjoerg * Incoming authentication protocol requests (remote requests
30300Sjoerg * authentication, we are peer) don't employ a state machine at all,
30300Sjoerg * they are simply answered.  Some peers [Ascend P50 firmware rev
30300Sjoerg * 4.50] react allergically when sending IPCP requests while they are
30300Sjoerg * still in authentication phase (thereby violating the standard that
30300Sjoerg * demands that these NCP packets are to be discarded), so we keep
30300Sjoerg * track of the peer demanding us to authenticate, and only proceed to
30300Sjoerg * phase network once we've seen a positive acknowledge for the
30300Sjoerg * authentication.
30300Sjoerg */
30300Sjoerg
30300Sjoerg/*
30300Sjoerg * Handle incoming CHAP packets.
30300Sjoerg */
30300Sjoergvoid
30300Sjoergsppp_chap_input(struct sppp *sp, struct mbuf *m)
30300Sjoerg{
30300Sjoerg	STDDCL;
30300Sjoerg	struct lcp_header *h;
30300Sjoerg	int len, x;
30300Sjoerg	u_char *value, *name, digest[AUTHKEYLEN], dsize;
30300Sjoerg	int value_len, name_len;
30300Sjoerg	MD5_CTX ctx;
30300Sjoerg
30300Sjoerg	len = m->m_pkthdr.len;
30300Sjoerg	if (len < 4) {
30300Sjoerg		if (debug)
30300Sjoerg			log(LOG_DEBUG,
40008Sjoerg			    SPP_FMT "chap invalid packet length: %d bytes\n",
40008Sjoerg			    SPP_ARGS(ifp), len);
30300Sjoerg		return;
30300Sjoerg	}
30300Sjoerg	h = mtod (m, struct lcp_header*);
30300Sjoerg	if (len > ntohs (h->len))
30300Sjoerg		len = ntohs (h->len);
30300Sjoerg
30300Sjoerg	switch (h->type) {
30300Sjoerg	/* challenge, failure and success are his authproto */
30300Sjoerg	case CHAP_CHALLENGE:
30300Sjoerg		value = 1 + (u_char*)(h+1);
30300Sjoerg		value_len = value[-1];
30300Sjoerg		name = value + value_len;
30300Sjoerg		name_len = len - value_len - 5;
30300Sjoerg		if (name_len < 0) {
30300Sjoerg			if (debug) {
30300Sjoerg				log(LOG_DEBUG,
40008Sjoerg				    SPP_FMT "chap corrupted challenge "
30300Sjoerg				    "<%s id=0x%x len=%d",
40008Sjoerg				    SPP_ARGS(ifp),
30300Sjoerg				    sppp_auth_type_name(PPP_CHAP, h->type),
30300Sjoerg				    h->ident, ntohs(h->len));
44145Sphk				sppp_print_bytes((u_char*) (h+1), len-4);
69211Sphk				log(-1, ">\n");
30300Sjoerg			}
30300Sjoerg			break;
30300Sjoerg		}
70199Sjhay
30300Sjoerg		if (debug) {
30300Sjoerg			log(LOG_DEBUG,
40008Sjoerg			    SPP_FMT "chap input <%s id=0x%x len=%d name=",
40008Sjoerg			    SPP_ARGS(ifp),
30300Sjoerg			    sppp_auth_type_name(PPP_CHAP, h->type), h->ident,
30300Sjoerg			    ntohs(h->len));
30300Sjoerg			sppp_print_string((char*) name, name_len);
69211Sphk			log(-1, " value-size=%d value=", value_len);
30300Sjoerg			sppp_print_bytes(value, value_len);
69211Sphk			log(-1, ">\n");
30300Sjoerg		}
30300Sjoerg
30300Sjoerg		/* Compute reply value. */
30300Sjoerg		MD5Init(&ctx);
30300Sjoerg		MD5Update(&ctx, &h->ident, 1);
30300Sjoerg		MD5Update(&ctx, sp->myauth.secret,
30300Sjoerg			  sppp_strnlen(sp->myauth.secret, AUTHKEYLEN));
30300Sjoerg		MD5Update(&ctx, value, value_len);
30300Sjoerg		MD5Final(digest, &ctx);
30300Sjoerg		dsize = sizeof digest;
30300Sjoerg
30300Sjoerg		sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident,
30300Sjoerg			       sizeof dsize, (const char *)&dsize,
30300Sjoerg			       sizeof digest, digest,
40008Sjoerg			       (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN),
30300Sjoerg			       sp->myauth.name,
30300Sjoerg			       0);
30300Sjoerg		break;
30300Sjoerg
30300Sjoerg	case CHAP_SUCCESS:
30300Sjoerg		if (debug) {
40008Sjoerg			log(LOG_DEBUG, SPP_FMT "chap success",
40008Sjoerg			    SPP_ARGS(ifp));
30300Sjoerg			if (len > 4) {
69211Sphk				log(-1, ": ");
30300Sjoerg				sppp_print_string((char*)(h + 1), len - 4);
30300Sjoerg			}
69211Sphk			log(-1, "\n");
30300Sjoerg		}
30300Sjoerg		x = splimp();
30300Sjoerg		sp->pp_flags &= ~PP_NEEDAUTH;
30300Sjoerg		if (sp->myauth.proto == PPP_CHAP &&
32169Sgj		    (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
30300Sjoerg		    (sp->lcp.protos & (1 << IDX_CHAP)) == 0) {
30300Sjoerg			/*
30300Sjoerg			 * We are authenticator for CHAP but didn't
30300Sjoerg			 * complete yet.  Leave it to tlu to proceed
30300Sjoerg			 * to network phase.
30300Sjoerg			 */
30300Sjoerg			splx(x);
30300Sjoerg			break;
30300Sjoerg		}
30300Sjoerg		splx(x);
30300Sjoerg		sppp_phase_network(sp);
30300Sjoerg		break;
30300Sjoerg
30300Sjoerg	case CHAP_FAILURE:
30300Sjoerg		if (debug) {
40008Sjoerg			log(LOG_INFO, SPP_FMT "chap failure",
40008Sjoerg			    SPP_ARGS(ifp));
30300Sjoerg			if (len > 4) {
69211Sphk				log(-1, ": ");
30300Sjoerg				sppp_print_string((char*)(h + 1), len - 4);
30300Sjoerg			}
69211Sphk			log(-1, "\n");
30300Sjoerg		} else
40008Sjoerg			log(LOG_INFO, SPP_FMT "chap failure\n",
40008Sjoerg			    SPP_ARGS(ifp));
30300Sjoerg		/* await LCP shutdown by authenticator */
30300Sjoerg		break;
30300Sjoerg
30300Sjoerg	/* response is my authproto */
30300Sjoerg	case CHAP_RESPONSE:
30300Sjoerg		value = 1 + (u_char*)(h+1);
30300Sjoerg		value_len = value[-1];
30300Sjoerg		name = value + value_len;
30300Sjoerg		name_len = len - value_len - 5;
30300Sjoerg		if (name_len < 0) {
30300Sjoerg			if (debug) {
30300Sjoerg				log(LOG_DEBUG,
40008Sjoerg				    SPP_FMT "chap corrupted response "
30300Sjoerg				    "<%s id=0x%x len=%d",
40008Sjoerg				    SPP_ARGS(ifp),
30300Sjoerg				    sppp_auth_type_name(PPP_CHAP, h->type),
30300Sjoerg				    h->ident, ntohs(h->len));
44145Sphk				sppp_print_bytes((u_char*)(h+1), len-4);
69211Sphk				log(-1, ">\n");
30300Sjoerg			}
30300Sjoerg			break;
30300Sjoerg		}
30300Sjoerg		if (h->ident != sp->confid[IDX_CHAP]) {
30300Sjoerg			if (debug)
30300Sjoerg				log(LOG_DEBUG,
40008Sjoerg				    SPP_FMT "chap dropping response for old ID "
30300Sjoerg				    "(got %d, expected %d)\n",
40008Sjoerg				    SPP_ARGS(ifp),
30300Sjoerg				    h->ident, sp->confid[IDX_CHAP]);
30300Sjoerg			break;
30300Sjoerg		}
30300Sjoerg		if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)
30300Sjoerg		    || bcmp(name, sp->hisauth.name, name_len) != 0) {
40008Sjoerg			log(LOG_INFO, SPP_FMT "chap response, his name ",
40008Sjoerg			    SPP_ARGS(ifp));
30300Sjoerg			sppp_print_string(name, name_len);
69211Sphk			log(-1, " != expected ");
30300Sjoerg			sppp_print_string(sp->hisauth.name,
30300Sjoerg					  sppp_strnlen(sp->hisauth.name, AUTHNAMELEN));
69211Sphk			log(-1, "\n");
70199Sjhay		}
30300Sjoerg		if (debug) {
40008Sjoerg			log(LOG_DEBUG, SPP_FMT "chap input(%s) "
30300Sjoerg			    "<%s id=0x%x len=%d name=",
40008Sjoerg			    SPP_ARGS(ifp),
30300Sjoerg			    sppp_state_name(sp->state[IDX_CHAP]),
30300Sjoerg			    sppp_auth_type_name(PPP_CHAP, h->type),
30300Sjoerg			    h->ident, ntohs (h->len));
30300Sjoerg			sppp_print_string((char*)name, name_len);
69211Sphk			log(-1, " value-size=%d value=", value_len);
30300Sjoerg			sppp_print_bytes(value, value_len);
69211Sphk			log(-1, ">\n");
30300Sjoerg		}
30300Sjoerg		if (value_len != AUTHKEYLEN) {
30300Sjoerg			if (debug)
30300Sjoerg				log(LOG_DEBUG,
40008Sjoerg				    SPP_FMT "chap bad hash value length: "
30300Sjoerg				    "%d bytes, should be %d\n",
40008Sjoerg				    SPP_ARGS(ifp), value_len,
30300Sjoerg				    AUTHKEYLEN);
30300Sjoerg			break;
30300Sjoerg		}
30300Sjoerg
30300Sjoerg		MD5Init(&ctx);
30300Sjoerg		MD5Update(&ctx, &h->ident, 1);
30300Sjoerg		MD5Update(&ctx, sp->hisauth.secret,
30300Sjoerg			  sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN));
30300Sjoerg		MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN);
30300Sjoerg		MD5Final(digest, &ctx);
30300Sjoerg
30300Sjoerg#define FAILMSG "Failed..."
30300Sjoerg#define SUCCMSG "Welcome!"
30300Sjoerg
30300Sjoerg		if (value_len != sizeof digest ||
30300Sjoerg		    bcmp(digest, value, value_len) != 0) {
30300Sjoerg			/* action scn, tld */
30300Sjoerg			sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident,
30300Sjoerg				       sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
30300Sjoerg				       0);
30300Sjoerg			chap.tld(sp);
30300Sjoerg			break;
30300Sjoerg		}
30300Sjoerg		/* action sca, perhaps tlu */
30300Sjoerg		if (sp->state[IDX_CHAP] == STATE_REQ_SENT ||
30300Sjoerg		    sp->state[IDX_CHAP] == STATE_OPENED)
30300Sjoerg			sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident,
30300Sjoerg				       sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
30300Sjoerg				       0);
30300Sjoerg		if (sp->state[IDX_CHAP] == STATE_REQ_SENT) {
30300Sjoerg			sppp_cp_change_state(&chap, sp, STATE_OPENED);
30300Sjoerg			chap.tlu(sp);
30300Sjoerg		}
30300Sjoerg		break;
30300Sjoerg
30300Sjoerg	default:
30300Sjoerg		/* Unknown CHAP packet type -- ignore. */
30300Sjoerg		if (debug) {
40008Sjoerg			log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) "
30300Sjoerg			    "<0x%x id=0x%xh len=%d",
40008Sjoerg			    SPP_ARGS(ifp),
30300Sjoerg			    sppp_state_name(sp->state[IDX_CHAP]),
30300Sjoerg			    h->type, h->ident, ntohs(h->len));
44145Sphk			sppp_print_bytes((u_char*)(h+1), len-4);
69211Sphk			log(-1, ">\n");
30300Sjoerg		}
30300Sjoerg		break;
30300Sjoerg
30300Sjoerg	}
30300Sjoerg}
30300Sjoerg
30300Sjoergstatic void
30300Sjoergsppp_chap_init(struct sppp *sp)
30300Sjoerg{
30300Sjoerg	/* Chap doesn't have STATE_INITIAL at all. */
30300Sjoerg	sp->state[IDX_CHAP] = STATE_CLOSED;
30300Sjoerg	sp->fail_counter[IDX_CHAP] = 0;
78064Sume	sp->pp_seq[IDX_CHAP] = 0;
78064Sume	sp->pp_rseq[IDX_CHAP] = 0;
42065Sphk#if defined(__FreeBSD__) && __FreeBSD__ >= 3
30300Sjoerg	callout_handle_init(&sp->ch[IDX_CHAP]);
40008Sjoerg#endif
30300Sjoerg}
30300Sjoerg
30300Sjoergstatic void
30300Sjoergsppp_chap_open(struct sppp *sp)
30300Sjoerg{
30300Sjoerg	if (sp->myauth.proto == PPP_CHAP &&
30300Sjoerg	    (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
30300Sjoerg		/* we are authenticator for CHAP, start it */
30300Sjoerg		chap.scr(sp);
30300Sjoerg		sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
30300Sjoerg		sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
30300Sjoerg	}
30300Sjoerg	/* nothing to be done if we are peer, await a challenge */
30300Sjoerg}
30300Sjoerg
30300Sjoergstatic void
30300Sjoergsppp_chap_close(struct sppp *sp)
30300Sjoerg{
30300Sjoerg	if (sp->state[IDX_CHAP] != STATE_CLOSED)
30300Sjoerg		sppp_cp_change_state(&chap, sp, STATE_CLOSED);
30300Sjoerg}
30300Sjoerg
30300Sjoergstatic void
30300Sjoergsppp_chap_TO(void *cookie)
30300Sjoerg{
30300Sjoerg	struct sppp *sp = (struct sppp *)cookie;
30300Sjoerg	STDDCL;
30300Sjoerg	int s;
30300Sjoerg
30300Sjoerg	s = splimp();
30300Sjoerg	if (debug)
40008Sjoerg		log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n",
40008Sjoerg		    SPP_ARGS(ifp),
30300Sjoerg		    sppp_state_name(sp->state[IDX_CHAP]),
30300Sjoerg		    sp->rst_counter[IDX_CHAP]);
30300Sjoerg
30300Sjoerg	if (--sp->rst_counter[IDX_CHAP] < 0)
30300Sjoerg		/* TO- event */
30300Sjoerg		switch (sp->state[IDX_CHAP]) {
30300Sjoerg		case STATE_REQ_SENT:
30300Sjoerg			chap.tld(sp);
30300Sjoerg			sppp_cp_change_state(&chap, sp, STATE_CLOSED);
30300Sjoerg			break;
30300Sjoerg		}
30300Sjoerg	else
30300Sjoerg		/* TO+ (or TO*) event */
30300Sjoerg		switch (sp->state[IDX_CHAP]) {
30300Sjoerg		case STATE_OPENED:
30300Sjoerg			/* TO* event */
30300Sjoerg			sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
30300Sjoerg			/* fall through */
30300Sjoerg		case STATE_REQ_SENT:
30300Sjoerg			chap.scr(sp);
30300Sjoerg			/* sppp_cp_change_state() will restart the timer */
30300Sjoerg			sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
30300Sjoerg			break;
30300Sjoerg		}
30300Sjoerg
30300Sjoerg	splx(s);
30300Sjoerg}
30300Sjoerg
30300Sjoergstatic void
30300Sjoergsppp_chap_tlu(struct sppp *sp)
30300Sjoerg{
30300Sjoerg	STDDCL;
30300Sjoerg	int i, x;
30300Sjoerg
40010Sjoerg	i = 0;
30300Sjoerg	sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
30300Sjoerg
30300Sjoerg	/*
30300Sjoerg	 * Some broken CHAP implementations (Conware CoNet, firmware
30300Sjoerg	 * 4.0.?) don't want to re-authenticate their CHAP once the
30300Sjoerg	 * initial challenge-response exchange has taken place.
30300Sjoerg	 * Provide for an option to avoid rechallenges.
30300Sjoerg	 */
30300Sjoerg	if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) {
30300Sjoerg		/*
30300Sjoerg		 * Compute the re-challenge timeout.  This will yield
30300Sjoerg		 * a number between 300 and 810 seconds.
30300Sjoerg		 */
30300Sjoerg		i = 300 + ((unsigned)(random() & 0xff00) >> 7);
42064Sphk		TIMEOUT(chap.TO, (void *)sp, i * hz, sp->ch[IDX_CHAP]);
30300Sjoerg	}
30300Sjoerg
30300Sjoerg	if (debug) {
30300Sjoerg		log(LOG_DEBUG,
40008Sjoerg		    SPP_FMT "chap %s, ",
40008Sjoerg		    SPP_ARGS(ifp),
30300Sjoerg		    sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu");
30300Sjoerg		if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0)
69211Sphk			log(-1, "next re-challenge in %d seconds\n", i);
30300Sjoerg		else
69211Sphk			log(-1, "re-challenging supressed\n");
30300Sjoerg	}
30300Sjoerg
30300Sjoerg	x = splimp();
30300Sjoerg	/* indicate to LCP that we need to be closed down */
30300Sjoerg	sp->lcp.protos |= (1 << IDX_CHAP);
30300Sjoerg
30300Sjoerg	if (sp->pp_flags & PP_NEEDAUTH) {
30300Sjoerg		/*
30300Sjoerg		 * Remote is authenticator, but his auth proto didn't
30300Sjoerg		 * complete yet.  Defer the transition to network
30300Sjoerg		 * phase.
30300Sjoerg		 */
30300Sjoerg		splx(x);
30300Sjoerg		return;
30300Sjoerg	}
30300Sjoerg	splx(x);
30300Sjoerg
30300Sjoerg	/*
30300Sjoerg	 * If we are already in phase network, we are done here.  This
30300Sjoerg	 * is the case if this is a dummy tlu event after a re-challenge.
30300Sjoerg	 */
30300Sjoerg	if (sp->pp_phase != PHASE_NETWORK)
30300Sjoerg		sppp_phase_network(sp);
30300Sjoerg}
30300Sjoerg
30300Sjoergstatic void
30300Sjoergsppp_chap_tld(struct sppp *sp)
30300Sjoerg{
30300Sjoerg	STDDCL;
30300Sjoerg
30300Sjoerg	if (debug)
40008Sjoerg		log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp));
40008Sjoerg	UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]);
30300Sjoerg	sp->lcp.protos &= ~(1 << IDX_CHAP);
30300Sjoerg
30300Sjoerg	lcp.Close(sp);
30300Sjoerg}
30300Sjoerg
30300Sjoergstatic void
30300Sjoergsppp_chap_scr(struct sppp *sp)
30300Sjoerg{
30300Sjoerg	u_long *ch, seed;
30300Sjoerg	u_char clen;
30300Sjoerg
30300Sjoerg	/* Compute random challenge. */
30300Sjoerg	ch = (u_long *)sp->myauth.challenge;
42065Sphk#if defined(__FreeBSD__) && __FreeBSD__ >= 3
35064Sphk	read_random(&seed, sizeof seed);
40008Sjoerg#else
42104Sphk	{
42104Sphk	struct timeval tv;
40008Sjoerg	microtime(&tv);
40008Sjoerg	seed = tv.tv_sec ^ tv.tv_usec;
42104Sphk	}
40008Sjoerg#endif
30300Sjoerg	ch[0] = seed ^ random();
30300Sjoerg	ch[1] = seed ^ random();
30300Sjoerg	ch[2] = seed ^ random();
30300Sjoerg	ch[3] = seed ^ random();
30300Sjoerg	clen = AUTHKEYLEN;
30300Sjoerg
78064Sume	sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP];
30300Sjoerg
30300Sjoerg	sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP],
30300Sjoerg		       sizeof clen, (const char *)&clen,
40008Sjoerg		       (size_t)AUTHKEYLEN, sp->myauth.challenge,
40008Sjoerg		       (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN),
30300Sjoerg		       sp->myauth.name,
30300Sjoerg		       0);
30300Sjoerg}
70199Sjhay
70199Sjhay/*
30300Sjoerg *--------------------------------------------------------------------------*
30300Sjoerg *                                                                          *
30300Sjoerg *                        The PAP implementation.                           *
30300Sjoerg *                                                                          *
30300Sjoerg *--------------------------------------------------------------------------*
30300Sjoerg */
30300Sjoerg/*
30300Sjoerg * For PAP, we need to keep a little state also if we are the peer, not the
30300Sjoerg * authenticator.  This is since we don't get a request to authenticate, but
30300Sjoerg * have to repeatedly authenticate ourself until we got a response (or the
30300Sjoerg * retry counter is expired).
30300Sjoerg */
30300Sjoerg
30300Sjoerg/*
30300Sjoerg * Handle incoming PAP packets.  */
30300Sjoergstatic void
30300Sjoergsppp_pap_input(struct sppp *sp, struct mbuf *m)
30300Sjoerg{
30300Sjoerg	STDDCL;
30300Sjoerg	struct lcp_header *h;
30300Sjoerg	int len, x;
30300Sjoerg	u_char *name, *passwd, mlen;
30300Sjoerg	int name_len, passwd_len;
30300Sjoerg
30300Sjoerg	len = m->m_pkthdr.len;
30300Sjoerg	if (len < 5) {
30300Sjoerg		if (debug)
30300Sjoerg			log(LOG_DEBUG,
40008Sjoerg			    SPP_FMT "pap invalid packet length: %d bytes\n",
40008Sjoerg			    SPP_ARGS(ifp), len);
30300Sjoerg		return;
30300Sjoerg	}
30300Sjoerg	h = mtod (m, struct lcp_header*);
30300Sjoerg	if (len > ntohs (h->len))
30300Sjoerg		len = ntohs (h->len);
30300Sjoerg	switch (h->type) {
30300Sjoerg	/* PAP request is my authproto */
30300Sjoerg	case PAP_REQ:
30300Sjoerg		name = 1 + (u_char*)(h+1);
30300Sjoerg		name_len = name[-1];
30300Sjoerg		passwd = name + name_len + 1;
30300Sjoerg		if (name_len > len - 6 ||
30300Sjoerg		    (passwd_len = passwd[-1]) > len - 6 - name_len) {
30300Sjoerg			if (debug) {
40008Sjoerg				log(LOG_DEBUG, SPP_FMT "pap corrupted input "
30300Sjoerg				    "<%s id=0x%x len=%d",
40008Sjoerg				    SPP_ARGS(ifp),
30300Sjoerg				    sppp_auth_type_name(PPP_PAP, h->type),
30300Sjoerg				    h->ident, ntohs(h->len));
44145Sphk				sppp_print_bytes((u_char*)(h+1), len-4);
69211Sphk				log(-1, ">\n");
30300Sjoerg			}
30300Sjoerg			break;
30300Sjoerg		}
30300Sjoerg		if (debug) {
40008Sjoerg			log(LOG_DEBUG, SPP_FMT "pap input(%s) "
30300Sjoerg			    "<%s id=0x%x len=%d name=",
40008Sjoerg			    SPP_ARGS(ifp),
30300Sjoerg			    sppp_state_name(sp->state[IDX_PAP]),
30300Sjoerg			    sppp_auth_type_name(PPP_PAP, h->type),
30300Sjoerg			    h->ident, ntohs(h->len));
30300Sjoerg			sppp_print_string((char*)name, name_len);
69211Sphk			log(-1, " passwd=");
30300Sjoerg			sppp_print_string((char*)passwd, passwd_len);
69211Sphk			log(-1, ">\n");
30300Sjoerg		}
74774Sjoerg		if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) ||
74774Sjoerg		    passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) ||
30300Sjoerg		    bcmp(name, sp->hisauth.name, name_len) != 0 ||
30300Sjoerg		    bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) {
30300Sjoerg			/* action scn, tld */
30300Sjoerg			mlen = sizeof(FAILMSG) - 1;
30300Sjoerg			sppp_auth_send(&pap, sp, PAP_NAK, h->ident,
30300Sjoerg				       sizeof mlen, (const char *)&mlen,
30300Sjoerg				       sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
30300Sjoerg				       0);
30300Sjoerg			pap.tld(sp);
30300Sjoerg			break;
30300Sjoerg		}
30300Sjoerg		/* action sca, perhaps tlu */
30300Sjoerg		if (sp->state[IDX_PAP] == STATE_REQ_SENT ||
30300Sjoerg		    sp->state[IDX_PAP] == STATE_OPENED) {
30300Sjoerg			mlen = sizeof(SUCCMSG) - 1;
30300Sjoerg			sppp_auth_send(&pap, sp, PAP_ACK, h->ident,
30300Sjoerg				       sizeof mlen, (const char *)&mlen,
30300Sjoerg				       sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
30300Sjoerg				       0);
30300Sjoerg		}
30300Sjoerg		if (sp->state[IDX_PAP] == STATE_REQ_SENT) {
30300Sjoerg			sppp_cp_change_state(&pap, sp, STATE_OPENED);
30300Sjoerg			pap.tlu(sp);
30300Sjoerg		}
30300Sjoerg		break;
30300Sjoerg
30300Sjoerg	/* ack and nak are his authproto */
30300Sjoerg	case PAP_ACK:
40008Sjoerg		UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
30300Sjoerg		if (debug) {
40008Sjoerg			log(LOG_DEBUG, SPP_FMT "pap success",
40008Sjoerg			    SPP_ARGS(ifp));
30300Sjoerg			name_len = *((char *)h);
30300Sjoerg			if (len > 5 && name_len) {
69211Sphk				log(-1, ": ");
30300Sjoerg				sppp_print_string((char*)(h+1), name_len);
30300Sjoerg			}
69211Sphk			log(-1, "\n");
30300Sjoerg		}
30300Sjoerg		x = splimp();
30300Sjoerg		sp->pp_flags &= ~PP_NEEDAUTH;
30300Sjoerg		if (sp->myauth.proto == PPP_PAP &&
32169Sgj		    (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
30300Sjoerg		    (sp->lcp.protos & (1 << IDX_PAP)) == 0) {
30300Sjoerg			/*
30300Sjoerg			 * We are authenticator for PAP but didn't
30300Sjoerg			 * complete yet.  Leave it to tlu to proceed
30300Sjoerg			 * to network phase.
30300Sjoerg			 */
30300Sjoerg			splx(x);
30300Sjoerg			break;
30300Sjoerg		}
30300Sjoerg		splx(x);
30300Sjoerg		sppp_phase_network(sp);
30300Sjoerg		break;
30300Sjoerg
30300Sjoerg	case PAP_NAK:
40008Sjoerg		UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
30300Sjoerg		if (debug) {
40008Sjoerg			log(LOG_INFO, SPP_FMT "pap failure",
40008Sjoerg			    SPP_ARGS(ifp));
30300Sjoerg			name_len = *((char *)h);
30300Sjoerg			if (len > 5 && name_len) {
69211Sphk				log(-1, ": ");
30300Sjoerg				sppp_print_string((char*)(h+1), name_len);
30300Sjoerg			}
69211Sphk			log(-1, "\n");
30300Sjoerg		} else
40008Sjoerg			log(LOG_INFO, SPP_FMT "pap failure\n",
40008Sjoerg			    SPP_ARGS(ifp));
30300Sjoerg		/* await LCP shutdown by authenticator */
30300Sjoerg		break;
30300Sjoerg
30300Sjoerg	default:
30300Sjoerg		/* Unknown PAP packet type -- ignore. */
30300Sjoerg		if (debug) {
40008Sjoerg			log(LOG_DEBUG, SPP_FMT "pap corrupted input "
30300Sjoerg			    "<0x%x id=0x%x len=%d",
40008Sjoerg			    SPP_ARGS(ifp),
30300Sjoerg			    h->type, h->ident, ntohs(h->len));
44145Sphk			sppp_print_bytes((u_char*)(h+1), len-4);
69211Sphk			log(-1, ">\n");
30300Sjoerg		}
30300Sjoerg		break;
30300Sjoerg
30300Sjoerg	}
30300Sjoerg}
30300Sjoerg
30300Sjoergstatic void
30300Sjoergsppp_pap_init(struct sppp *sp)
30300Sjoerg{
30300Sjoerg	/* PAP doesn't have STATE_INITIAL at all. */
30300Sjoerg	sp->state[IDX_PAP] = STATE_CLOSED;
30300Sjoerg	sp->fail_counter[IDX_PAP] = 0;
78064Sume	sp->pp_seq[IDX_PAP] = 0;
78064Sume	sp->pp_rseq[IDX_PAP] = 0;
42065Sphk#if defined(__FreeBSD__) && __FreeBSD__ >= 3
30300Sjoerg	callout_handle_init(&sp->ch[IDX_PAP]);
30300Sjoerg	callout_handle_init(&sp->pap_my_to_ch);
40008Sjoerg#endif
30300Sjoerg}
30300Sjoerg
30300Sjoergstatic void
30300Sjoergsppp_pap_open(struct sppp *sp)
30300Sjoerg{
30300Sjoerg	if (sp->hisauth.proto == PPP_PAP &&
30300Sjoerg	    (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
30300Sjoerg		/* we are authenticator for PAP, start our timer */
30300Sjoerg		sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
30300Sjoerg		sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
30300Sjoerg	}
30300Sjoerg	if (sp->myauth.proto == PPP_PAP) {
30300Sjoerg		/* we are peer, send a request, and start a timer */
30300Sjoerg		pap.scr(sp);
42064Sphk		TIMEOUT(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout,
42064Sphk		    sp->pap_my_to_ch);
30300Sjoerg	}
30300Sjoerg}
30300Sjoerg
30300Sjoergstatic void
30300Sjoergsppp_pap_close(struct sppp *sp)
30300Sjoerg{
30300Sjoerg	if (sp->state[IDX_PAP] != STATE_CLOSED)
30300Sjoerg		sppp_cp_change_state(&pap, sp, STATE_CLOSED);
30300Sjoerg}
30300Sjoerg
30300Sjoerg/*
30300Sjoerg * That's the timeout routine if we are authenticator.  Since the
30300Sjoerg * authenticator is basically passive in PAP, we can't do much here.
30300Sjoerg */
30300Sjoergstatic void
30300Sjoergsppp_pap_TO(void *cookie)
30300Sjoerg{
30300Sjoerg	struct sppp *sp = (struct sppp *)cookie;
30300Sjoerg	STDDCL;
30300Sjoerg	int s;
30300Sjoerg
30300Sjoerg	s = splimp();
30300Sjoerg	if (debug)
40008Sjoerg		log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n",
40008Sjoerg		    SPP_ARGS(ifp),
30300Sjoerg		    sppp_state_name(sp->state[IDX_PAP]),
30300Sjoerg		    sp->rst_counter[IDX_PAP]);
30300Sjoerg
30300Sjoerg	if (--sp->rst_counter[IDX_PAP] < 0)
30300Sjoerg		/* TO- event */
30300Sjoerg		switch (sp->state[IDX_PAP]) {
30300Sjoerg		case STATE_REQ_SENT:
30300Sjoerg			pap.tld(sp);
30300Sjoerg			sppp_cp_change_state(&pap, sp, STATE_CLOSED);
30300Sjoerg			break;
30300Sjoerg		}
30300Sjoerg	else
30300Sjoerg		/* TO+ event, not very much we could do */
30300Sjoerg		switch (sp->state[IDX_PAP]) {
30300Sjoerg		case STATE_REQ_SENT:
30300Sjoerg			/* sppp_cp_change_state() will restart the timer */
30300Sjoerg			sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
30300Sjoerg			break;
30300Sjoerg		}
30300Sjoerg
30300Sjoerg	splx(s);
30300Sjoerg}
30300Sjoerg
30300Sjoerg/*
30300Sjoerg * That's the timeout handler if we are peer.  Since the peer is active,
30300Sjoerg * we need to retransmit our PAP request since it is apparently lost.
30300Sjoerg * XXX We should impose a max counter.
30300Sjoerg */
30300Sjoergstatic void
30300Sjoergsppp_pap_my_TO(void *cookie)
30300Sjoerg{
30300Sjoerg	struct sppp *sp = (struct sppp *)cookie;
30300Sjoerg	STDDCL;
30300Sjoerg
30300Sjoerg	if (debug)
40008Sjoerg		log(LOG_DEBUG, SPP_FMT "pap peer TO\n",
40008Sjoerg		    SPP_ARGS(ifp));
30300Sjoerg
30300Sjoerg	pap.scr(sp);
30300Sjoerg}
30300Sjoerg
30300Sjoergstatic void
30300Sjoergsppp_pap_tlu(struct sppp *sp)
30300Sjoerg{
30300Sjoerg	STDDCL;
30300Sjoerg	int x;
30300Sjoerg
30300Sjoerg	sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
30300Sjoerg
30300Sjoerg	if (debug)
40008Sjoerg		log(LOG_DEBUG, SPP_FMT "%s tlu\n",
40008Sjoerg		    SPP_ARGS(ifp), pap.name);
30300Sjoerg
30300Sjoerg	x = splimp();
30300Sjoerg	/* indicate to LCP that we need to be closed down */
30300Sjoerg	sp->lcp.protos |= (1 << IDX_PAP);
30300Sjoerg
30300Sjoerg	if (sp->pp_flags & PP_NEEDAUTH) {
30300Sjoerg		/*
30300Sjoerg		 * Remote is authenticator, but his auth proto didn't
30300Sjoerg		 * complete yet.  Defer the transition to network
30300Sjoerg		 * phase.
30300Sjoerg		 */
30300Sjoerg		splx(x);
30300Sjoerg		return;
30300Sjoerg	}
30300Sjoerg	splx(x);
30300Sjoerg	sppp_phase_network(sp);
30300Sjoerg}
30300Sjoerg
30300Sjoergstatic void
30300Sjoergsppp_pap_tld(struct sppp *sp)
30300Sjoerg{
30300Sjoerg	STDDCL;
30300Sjoerg
30300Sjoerg	if (debug)
40008Sjoerg		log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp));
40008Sjoerg	UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]);
40008Sjoerg	UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
30300Sjoerg	sp->lcp.protos &= ~(1 << IDX_PAP);
30300Sjoerg
30300Sjoerg	lcp.Close(sp);
30300Sjoerg}
30300Sjoerg
30300Sjoergstatic void
30300Sjoergsppp_pap_scr(struct sppp *sp)
30300Sjoerg{
30300Sjoerg	u_char idlen, pwdlen;
30300Sjoerg
78064Sume	sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP];
30300Sjoerg	pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN);
30300Sjoerg	idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN);
30300Sjoerg
30300Sjoerg	sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP],
30300Sjoerg		       sizeof idlen, (const char *)&idlen,
40008Sjoerg		       (size_t)idlen, sp->myauth.name,
30300Sjoerg		       sizeof pwdlen, (const char *)&pwdlen,
40008Sjoerg		       (size_t)pwdlen, sp->myauth.secret,
30300Sjoerg		       0);
30300Sjoerg}
70199Sjhay
70199Sjhay/*
25944Sjoerg * Random miscellaneous functions.
25944Sjoerg */
25944Sjoerg
4910Swollman/*
30300Sjoerg * Send a PAP or CHAP proto packet.
30300Sjoerg *
30300Sjoerg * Varadic function, each of the elements for the ellipsis is of type
40008Sjoerg * ``size_t mlen, const u_char *msg''.  Processing will stop iff
30300Sjoerg * mlen == 0.
42104Sphk * NOTE: never declare variadic functions with types subject to type
42104Sphk * promotion (i.e. u_char). This is asking for big trouble depending
42104Sphk * on the architecture you are on...
30300Sjoerg */
30300Sjoerg
30300Sjoergstatic void
42104Sphksppp_auth_send(const struct cp *cp, struct sppp *sp,
42104Sphk               unsigned int type, unsigned int id,
30300Sjoerg	       ...)
30300Sjoerg{
30300Sjoerg	STDDCL;
30300Sjoerg	struct ppp_header *h;
30300Sjoerg	struct lcp_header *lh;
30300Sjoerg	struct mbuf *m;
30300Sjoerg	u_char *p;
30300Sjoerg	int len;
42104Sphk	unsigned int mlen;
30300Sjoerg	const char *msg;
30300Sjoerg	va_list ap;
30300Sjoerg
30300Sjoerg	MGETHDR (m, M_DONTWAIT, MT_DATA);
30300Sjoerg	if (! m)
30300Sjoerg		return;
30300Sjoerg	m->m_pkthdr.rcvif = 0;
30300Sjoerg
30300Sjoerg	h = mtod (m, struct ppp_header*);
30300Sjoerg	h->address = PPP_ALLSTATIONS;		/* broadcast address */
30300Sjoerg	h->control = PPP_UI;			/* Unnumbered Info */
30300Sjoerg	h->protocol = htons(cp->proto);
30300Sjoerg
30300Sjoerg	lh = (struct lcp_header*)(h + 1);
30300Sjoerg	lh->type = type;
30300Sjoerg	lh->ident = id;
30300Sjoerg	p = (u_char*) (lh+1);
30300Sjoerg
30300Sjoerg	va_start(ap, id);
30300Sjoerg	len = 0;
30300Sjoerg
42104Sphk	while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) {
30300Sjoerg		msg = va_arg(ap, const char *);
30300Sjoerg		len += mlen;
30300Sjoerg		if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) {
30300Sjoerg			va_end(ap);
30300Sjoerg			m_freem(m);
30300Sjoerg			return;
30300Sjoerg		}
30300Sjoerg
30300Sjoerg		bcopy(msg, p, mlen);
30300Sjoerg		p += mlen;
30300Sjoerg	}
30300Sjoerg	va_end(ap);
30300Sjoerg
30300Sjoerg	m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len;
30300Sjoerg	lh->len = htons (LCP_HEADER_LEN + len);
30300Sjoerg
30300Sjoerg	if (debug) {
40008Sjoerg		log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d",
40008Sjoerg		    SPP_ARGS(ifp), cp->name,
30300Sjoerg		    sppp_auth_type_name(cp->proto, lh->type),
30300Sjoerg		    lh->ident, ntohs(lh->len));
44145Sphk		sppp_print_bytes((u_char*) (lh+1), len);
69211Sphk		log(-1, ">\n");
30300Sjoerg	}
69152Sjlemon	if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3))
69152Sjlemon		ifp->if_oerrors++;
30300Sjoerg}
30300Sjoerg
30300Sjoerg/*
25944Sjoerg * Flush interface queue.
4910Swollman */
12820Sphkstatic void
25944Sjoergsppp_qflush(struct ifqueue *ifq)
4910Swollman{
25944Sjoerg	struct mbuf *m, *n;
4910Swollman
25944Sjoerg	n = ifq->ifq_head;
25944Sjoerg	while ((m = n)) {
25944Sjoerg		n = m->m_act;
25944Sjoerg		m_freem (m);
11189Sjkh	}
25944Sjoerg	ifq->ifq_head = 0;
25944Sjoerg	ifq->ifq_tail = 0;
25944Sjoerg	ifq->ifq_len = 0;
25944Sjoerg}
25944Sjoerg
25944Sjoerg/*
25944Sjoerg * Send keepalive packets, every 10 seconds.
25944Sjoerg */
25944Sjoergstatic void
25944Sjoergsppp_keepalive(void *dummy)
25944Sjoerg{
25944Sjoerg	struct sppp *sp;
25944Sjoerg	int s;
25944Sjoerg
25944Sjoerg	s = splimp();
25944Sjoerg	for (sp=spppq; sp; sp=sp->pp_next) {
25944Sjoerg		struct ifnet *ifp = &sp->pp_if;
25944Sjoerg
25944Sjoerg		/* Keepalive mode disabled or channel down? */
25944Sjoerg		if (! (sp->pp_flags & PP_KEEPALIVE) ||
25944Sjoerg		    ! (ifp->if_flags & IFF_RUNNING))
25944Sjoerg			continue;
25944Sjoerg
25944Sjoerg		/* No keepalive in PPP mode if LCP not opened yet. */
45152Sphk		if (sp->pp_mode != IFF_CISCO &&
25944Sjoerg		    sp->pp_phase < PHASE_AUTHENTICATE)
25944Sjoerg			continue;
25944Sjoerg
25944Sjoerg		if (sp->pp_alivecnt == MAXALIVECNT) {
25944Sjoerg			/* No keepalive packets got.  Stop the interface. */
40008Sjoerg			printf (SPP_FMT "down\n", SPP_ARGS(ifp));
25944Sjoerg			if_down (ifp);
26018Sjoerg			sppp_qflush (&sp->pp_cpq);
45152Sphk			if (sp->pp_mode != IFF_CISCO) {
25944Sjoerg				/* XXX */
25944Sjoerg				/* Shut down the PPP link. */
25944Sjoerg				lcp.Down(sp);
25944Sjoerg				/* Initiate negotiation. XXX */
25944Sjoerg				lcp.Up(sp);
25944Sjoerg			}
4910Swollman		}
25944Sjoerg		if (sp->pp_alivecnt <= MAXALIVECNT)
25944Sjoerg			++sp->pp_alivecnt;
45152Sphk		if (sp->pp_mode == IFF_CISCO)
78064Sume			sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ,
78064Sume				 ++sp->pp_seq[IDX_LCP],	sp->pp_rseq[IDX_LCP]);
25944Sjoerg		else if (sp->pp_phase >= PHASE_AUTHENTICATE) {
25944Sjoerg			long nmagic = htonl (sp->lcp.magic);
78064Sume			sp->lcp.echoid = ++sp->pp_seq[IDX_LCP];
25944Sjoerg			sppp_cp_send (sp, PPP_LCP, ECHO_REQ,
25944Sjoerg				sp->lcp.echoid, 4, &nmagic);
25944Sjoerg		}
4910Swollman	}
25944Sjoerg	splx(s);
42064Sphk	TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch);
4910Swollman}
4910Swollman
25944Sjoerg/*
25944Sjoerg * Get both IP addresses.
25944Sjoerg */
25944Sjoergstatic void
30300Sjoergsppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask)
25944Sjoerg{
25944Sjoerg	struct ifnet *ifp = &sp->pp_if;
25944Sjoerg	struct ifaddr *ifa;
30300Sjoerg	struct sockaddr_in *si, *sm;
25944Sjoerg	u_long ssrc, ddst;
25944Sjoerg
40010Sjoerg	sm = NULL;
25944Sjoerg	ssrc = ddst = 0L;
25944Sjoerg	/*
25944Sjoerg	 * Pick the first AF_INET address from the list,
25944Sjoerg	 * aliases don't make any sense on a p2p link anyway.
25944Sjoerg	 */
42065Sphk	si = 0;
42065Sphk#if defined(__FreeBSD__) && __FreeBSD__ >= 3
42065Sphk	TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link)
42104Sphk#elif defined(__NetBSD__) || defined (__OpenBSD__)
71959Sphk	for (ifa = TAILQ_FIRST(&ifp->if_addrlist);
40008Sjoerg	     ifa;
71959Sphk	     ifa = TAILQ_NEXT(ifa, ifa_list))
42104Sphk#else
42104Sphk	for (ifa = ifp->if_addrlist;
42104Sphk	     ifa;
42104Sphk	     ifa = ifa->ifa_next)
40008Sjoerg#endif
25944Sjoerg		if (ifa->ifa_addr->sa_family == AF_INET) {
25944Sjoerg			si = (struct sockaddr_in *)ifa->ifa_addr;
30300Sjoerg			sm = (struct sockaddr_in *)ifa->ifa_netmask;
25944Sjoerg			if (si)
25944Sjoerg				break;
25944Sjoerg		}
25944Sjoerg	if (ifa) {
30300Sjoerg		if (si && si->sin_addr.s_addr) {
25944Sjoerg			ssrc = si->sin_addr.s_addr;
30300Sjoerg			if (srcmask)
30300Sjoerg				*srcmask = ntohl(sm->sin_addr.s_addr);
30300Sjoerg		}
25944Sjoerg
25944Sjoerg		si = (struct sockaddr_in *)ifa->ifa_dstaddr;
25944Sjoerg		if (si && si->sin_addr.s_addr)
25944Sjoerg			ddst = si->sin_addr.s_addr;
25944Sjoerg	}
25944Sjoerg
25944Sjoerg	if (dst) *dst = ntohl(ddst);
25944Sjoerg	if (src) *src = ntohl(ssrc);
25944Sjoerg}
25944Sjoerg
25944Sjoerg/*
25944Sjoerg * Set my IP address.  Must be called at splimp.
25944Sjoerg */
25944Sjoergstatic void
25944Sjoergsppp_set_ip_addr(struct sppp *sp, u_long src)
25944Sjoerg{
42104Sphk	STDDCL;
25944Sjoerg	struct ifaddr *ifa;
25944Sjoerg	struct sockaddr_in *si;
84318Sjlemon	struct in_ifaddr *ia;
25944Sjoerg
25944Sjoerg	/*
25944Sjoerg	 * Pick the first AF_INET address from the list,
25944Sjoerg	 * aliases don't make any sense on a p2p link anyway.
25944Sjoerg	 */
42065Sphk	si = 0;
42065Sphk#if defined(__FreeBSD__) && __FreeBSD__ >= 3
42065Sphk	TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link)
42104Sphk#elif defined(__NetBSD__) || defined (__OpenBSD__)
71959Sphk	for (ifa = TAILQ_FIRST(&ifp->if_addrlist);
40008Sjoerg	     ifa;
71959Sphk	     ifa = TAILQ_NEXT(ifa, ifa_list))
42104Sphk#else
42104Sphk	for (ifa = ifp->if_addrlist;
42104Sphk	     ifa;
42104Sphk	     ifa = ifa->ifa_next)
40008Sjoerg#endif
40008Sjoerg	{
40008Sjoerg		if (ifa->ifa_addr->sa_family == AF_INET)
40008Sjoerg		{
25944Sjoerg			si = (struct sockaddr_in *)ifa->ifa_addr;
25944Sjoerg			if (si)
25944Sjoerg				break;
25944Sjoerg		}
40008Sjoerg	}
40008Sjoerg
25944Sjoerg	if (ifa && si)
42104Sphk	{
42104Sphk		int error;
42104Sphk#if __NetBSD_Version__ >= 103080000
42104Sphk		struct sockaddr_in new_sin = *si;
42104Sphk
42104Sphk		new_sin.sin_addr.s_addr = htonl(src);
42104Sphk		error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1);
42104Sphk		if(debug && error)
42104Sphk		{
42104Sphk			log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit "
42104Sphk			" failed, error=%d\n", SPP_ARGS(ifp), error);
42104Sphk		}
42104Sphk#else
42104Sphk		/* delete old route */
42104Sphk		error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST);
42104Sphk		if(debug && error)
42104Sphk		{
42104Sphk			log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n",
42104Sphk		    		SPP_ARGS(ifp), error);
42104Sphk		}
42104Sphk
42104Sphk		/* set new address */
25944Sjoerg		si->sin_addr.s_addr = htonl(src);
84318Sjlemon		ia = ifatoia(ifa);
84318Sjlemon		LIST_REMOVE(ia, ia_hash);
84318Sjlemon		LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash);
25944Sjoerg
42104Sphk		/* add new route */
70199Sjhay		error = rtinit(ifa, (int)RTM_ADD, RTF_HOST);
42104Sphk		if (debug && error)
42104Sphk		{
42104Sphk			log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d",
42104Sphk		    		SPP_ARGS(ifp), error);
42104Sphk		}
42104Sphk#endif
42104Sphk	}
88599Sjoerg}
78064Sume
78064Sume#ifdef INET6
78064Sume/*
78064Sume * Get both IPv6 addresses.
78064Sume */
78064Sumestatic void
78064Sumesppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst,
78064Sume		   struct in6_addr *srcmask)
78064Sume{
78064Sume	struct ifnet *ifp = &sp->pp_if;
78064Sume	struct ifaddr *ifa;
78064Sume	struct sockaddr_in6 *si, *sm;
78064Sume	struct in6_addr ssrc, ddst;
78064Sume
78064Sume	sm = NULL;
78064Sume	bzero(&ssrc, sizeof(ssrc));
78064Sume	bzero(&ddst, sizeof(ddst));
78064Sume	/*
78064Sume	 * Pick the first link-local AF_INET6 address from the list,
78064Sume	 * aliases don't make any sense on a p2p link anyway.
78064Sume	 */
78064Sume#if defined(__FreeBSD__) && __FreeBSD__ >= 3
78064Sume	for (ifa = ifp->if_addrhead.tqh_first, si = 0;
78064Sume	     ifa;
78064Sume	     ifa = ifa->ifa_link.tqe_next)
78064Sume#elif defined(__NetBSD__) || defined (__OpenBSD__)
78064Sume	for (ifa = ifp->if_addrlist.tqh_first, si = 0;
78064Sume	     ifa;
78064Sume	     ifa = ifa->ifa_list.tqe_next)
78064Sume#else
78064Sume	for (ifa = ifp->if_addrlist, si = 0;
78064Sume	     ifa;
78064Sume	     ifa = ifa->ifa_next)
78064Sume#endif
78064Sume		if (ifa->ifa_addr->sa_family == AF_INET6) {
78064Sume			si = (struct sockaddr_in6 *)ifa->ifa_addr;
78064Sume			sm = (struct sockaddr_in6 *)ifa->ifa_netmask;
78064Sume			if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr))
78064Sume				break;
78064Sume		}
78064Sume	if (ifa) {
78064Sume		if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) {
78064Sume			bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc));
78064Sume			if (srcmask) {
78064Sume				bcopy(&sm->sin6_addr, srcmask,
78064Sume				      sizeof(*srcmask));
78064Sume			}
78064Sume		}
78064Sume
78064Sume		si = (struct sockaddr_in6 *)ifa->ifa_dstaddr;
78064Sume		if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr))
78064Sume			bcopy(&si->sin6_addr, &ddst, sizeof(ddst));
78064Sume	}
78064Sume
78064Sume	if (dst)
78064Sume		bcopy(&ddst, dst, sizeof(*dst));
78064Sume	if (src)
78064Sume		bcopy(&ssrc, src, sizeof(*src));
70199Sjhay}
42104Sphk
78064Sume#ifdef IPV6CP_MYIFID_DYN
78064Sume/*
78064Sume * Generate random ifid.
78064Sume */
78064Sumestatic void
78064Sumesppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr)
78064Sume{
78064Sume	/* TBD */
78064Sume}
78064Sume
78064Sume/*
78064Sume * Set my IPv6 address.  Must be called at splimp.
78064Sume */
78064Sumestatic void
78064Sumesppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src)
78064Sume{
78064Sume	STDDCL;
78064Sume	struct ifaddr *ifa;
78064Sume	struct sockaddr_in6 *sin6;
78064Sume
78064Sume	/*
78064Sume	 * Pick the first link-local AF_INET6 address from the list,
78064Sume	 * aliases don't make any sense on a p2p link anyway.
78064Sume	 */
78064Sume
78064Sume	sin6 = NULL;
78064Sume#if defined(__FreeBSD__) && __FreeBSD__ >= 3
78064Sume	for (ifa = ifp->if_addrhead.tqh_first;
78064Sume	     ifa;
78064Sume	     ifa = ifa->ifa_link.tqe_next)
78064Sume#elif defined(__NetBSD__) || defined (__OpenBSD__)
78064Sume	for (ifa = ifp->if_addrlist.tqh_first;
78064Sume	     ifa;
78064Sume	     ifa = ifa->ifa_list.tqe_next)
78064Sume#else
78064Sume	for (ifa = ifp->if_addrlist; ifa; ifa = ifa->ifa_next)
78064Sume#endif
78064Sume	{
78064Sume		if (ifa->ifa_addr->sa_family == AF_INET6)
78064Sume		{
78064Sume			sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
78064Sume			if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))
78064Sume				break;
78064Sume		}
78064Sume	}
78064Sume
78064Sume	if (ifa && sin6)
78064Sume	{
78064Sume		int error;
78064Sume		struct sockaddr_in6 new_sin6 = *sin6;
78064Sume
78064Sume		bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr));
78064Sume		error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1);
78064Sume		if (debug && error)
78064Sume		{
78064Sume			log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit "
78064Sume			    " failed, error=%d\n", SPP_ARGS(ifp), error);
78064Sume		}
78064Sume	}
78064Sume}
78064Sume#endif
78064Sume
78064Sume/*
78064Sume * Suggest a candidate address to be used by peer.
78064Sume */
78064Sumestatic void
78064Sumesppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest)
78064Sume{
78064Sume	struct in6_addr myaddr;
78064Sume	struct timeval tv;
78064Sume
78064Sume	sppp_get_ip6_addrs(sp, &myaddr, 0, 0);
78064Sume
78064Sume	myaddr.s6_addr[8] &= ~0x02;	/* u bit to "local" */
78064Sume	microtime(&tv);
78064Sume	if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) {
78064Sume		myaddr.s6_addr[14] ^= 0xff;
78064Sume		myaddr.s6_addr[15] ^= 0xff;
78064Sume	} else {
78064Sume		myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff);
78064Sume		myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff);
78064Sume	}
78064Sume	if (suggest)
78064Sume		bcopy(&myaddr, suggest, sizeof(myaddr));
78064Sume}
78064Sume#endif /*INET6*/
78064Sume
30300Sjoergstatic int
38343Sbdesppp_params(struct sppp *sp, u_long cmd, void *data)
30300Sjoerg{
38343Sbde	u_long subcmd;
30300Sjoerg	struct ifreq *ifr = (struct ifreq *)data;
88600Sjoerg	struct spppreq *spr;
88600Sjoerg	int rv = 0;
30300Sjoerg
88600Sjoerg	if ((spr = malloc(sizeof(struct spppreq), M_TEMP, M_NOWAIT)) == 0)
88600Sjoerg		return (EAGAIN);
30300Sjoerg	/*
30300Sjoerg	 * ifr->ifr_data is supposed to point to a struct spppreq.
30300Sjoerg	 * Check the cmd word first before attempting to fetch all the
30300Sjoerg	 * data.
30300Sjoerg	 */
88600Sjoerg	if ((subcmd = fuword(ifr->ifr_data)) == -1) {
88600Sjoerg		rv = EFAULT;
88600Sjoerg		goto quit;
88600Sjoerg	}
30300Sjoerg
88600Sjoerg	if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(struct spppreq)) != 0) {
88600Sjoerg		rv = EFAULT;
88600Sjoerg		goto quit;
88600Sjoerg	}
30300Sjoerg
30300Sjoerg	switch (subcmd) {
30300Sjoerg	case SPPPIOGDEFS:
88600Sjoerg		if (cmd != SIOCGIFGENERIC) {
88600Sjoerg			rv = EINVAL;
88600Sjoerg			break;
88600Sjoerg		}
30300Sjoerg		/*
30300Sjoerg		 * We copy over the entire current state, but clean
30300Sjoerg		 * out some of the stuff we don't wanna pass up.
30300Sjoerg		 * Remember, SIOCGIFGENERIC is unprotected, and can be
30300Sjoerg		 * called by any user.  No need to ever get PAP or
30300Sjoerg		 * CHAP secrets back to userland anyway.
30300Sjoerg		 */
88600Sjoerg		spr->defs.pp_phase = sp->pp_phase;
88600Sjoerg		spr->defs.enable_vj = sp->enable_vj;
88600Sjoerg		spr->defs.lcp = sp->lcp;
88600Sjoerg		spr->defs.ipcp = sp->ipcp;
88600Sjoerg		spr->defs.ipv6cp = sp->ipv6cp;
88600Sjoerg		spr->defs.myauth = sp->myauth;
88600Sjoerg		spr->defs.hisauth = sp->hisauth;
88600Sjoerg		bzero(spr->defs.myauth.secret, AUTHKEYLEN);
88600Sjoerg		bzero(spr->defs.myauth.challenge, AUTHKEYLEN);
88600Sjoerg		bzero(spr->defs.hisauth.secret, AUTHKEYLEN);
88600Sjoerg		bzero(spr->defs.hisauth.challenge, AUTHKEYLEN);
88550Sjoerg		/*
88550Sjoerg		 * Fixup the LCP timeout value to milliseconds so
88550Sjoerg		 * spppcontrol doesn't need to bother about the value
88550Sjoerg		 * of "hz".  We do the reverse calculation below when
88550Sjoerg		 * setting it.
88550Sjoerg		 */
88600Sjoerg		spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz;
88600Sjoerg		rv = copyout(spr, (caddr_t)ifr->ifr_data,
88600Sjoerg			     sizeof(struct spppreq));
88600Sjoerg		break;
30300Sjoerg
30300Sjoerg	case SPPPIOSDEFS:
88600Sjoerg		if (cmd != SIOCSIFGENERIC) {
88600Sjoerg			rv = EINVAL;
88600Sjoerg			break;
88600Sjoerg		}
30300Sjoerg		/*
88550Sjoerg		 * We have a very specific idea of which fields we
88550Sjoerg		 * allow being passed back from userland, so to not
88550Sjoerg		 * clobber our current state.  For one, we only allow
88550Sjoerg		 * setting anything if LCP is in dead or establish
88550Sjoerg		 * phase.  Once the authentication negotiations
88550Sjoerg		 * started, the authentication settings must not be
88550Sjoerg		 * changed again.  (The administrator can force an
30300Sjoerg		 * ifconfig down in order to get LCP back into dead
30300Sjoerg		 * phase.)
30300Sjoerg		 *
30300Sjoerg		 * Also, we only allow for authentication parameters to be
30300Sjoerg		 * specified.
30300Sjoerg		 *
30300Sjoerg		 * XXX Should allow to set or clear pp_flags.
30300Sjoerg		 *
30300Sjoerg		 * Finally, if the respective authentication protocol to
30300Sjoerg		 * be used is set differently than 0, but the secret is
30300Sjoerg		 * passed as all zeros, we don't trash the existing secret.
30300Sjoerg		 * This allows an administrator to change the system name
30300Sjoerg		 * only without clobbering the secret (which he didn't get
30300Sjoerg		 * back in a previous SPPPIOGDEFS call).  However, the
30300Sjoerg		 * secrets are cleared if the authentication protocol is
88550Sjoerg		 * reset to 0.  */
88550Sjoerg		if (sp->pp_phase != PHASE_DEAD &&
88600Sjoerg		    sp->pp_phase != PHASE_ESTABLISH) {
88600Sjoerg			rv = EBUSY;
88600Sjoerg			break;
88600Sjoerg		}
30300Sjoerg
88600Sjoerg		if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP &&
88600Sjoerg		     spr->defs.myauth.proto != PPP_CHAP) ||
88600Sjoerg		    (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP &&
88600Sjoerg		     spr->defs.hisauth.proto != PPP_CHAP)) {
88600Sjoerg			rv = EINVAL;
88600Sjoerg			break;
88600Sjoerg		}
30300Sjoerg
88600Sjoerg		if (spr->defs.myauth.proto == 0)
30300Sjoerg			/* resetting myauth */
30300Sjoerg			bzero(&sp->myauth, sizeof sp->myauth);
30300Sjoerg		else {
30300Sjoerg			/* setting/changing myauth */
88600Sjoerg			sp->myauth.proto = spr->defs.myauth.proto;
88600Sjoerg			bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN);
88600Sjoerg			if (spr->defs.myauth.secret[0] != '\0')
88600Sjoerg				bcopy(spr->defs.myauth.secret, sp->myauth.secret,
30300Sjoerg				      AUTHKEYLEN);
30300Sjoerg		}
88600Sjoerg		if (spr->defs.hisauth.proto == 0)
30300Sjoerg			/* resetting hisauth */
30300Sjoerg			bzero(&sp->hisauth, sizeof sp->hisauth);
30300Sjoerg		else {
30300Sjoerg			/* setting/changing hisauth */
88600Sjoerg			sp->hisauth.proto = spr->defs.hisauth.proto;
88600Sjoerg			sp->hisauth.flags = spr->defs.hisauth.flags;
88600Sjoerg			bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN);
88600Sjoerg			if (spr->defs.hisauth.secret[0] != '\0')
88600Sjoerg				bcopy(spr->defs.hisauth.secret, sp->hisauth.secret,
30300Sjoerg				      AUTHKEYLEN);
30300Sjoerg		}
88550Sjoerg		/* set LCP restart timer timeout */
88600Sjoerg		if (spr->defs.lcp.timeout != 0)
88600Sjoerg			sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000;
88534Sjoerg		/* set VJ enable flag */
88600Sjoerg		sp->enable_vj = spr->defs.enable_vj;
30300Sjoerg		break;
30300Sjoerg
30300Sjoerg	default:
88600Sjoerg		rv = EINVAL;
30300Sjoerg	}
30300Sjoerg
88600Sjoerg quit:
88600Sjoerg	free(spr, M_TEMP);
88600Sjoerg
88600Sjoerg	return (rv);
30300Sjoerg}
30300Sjoerg
30300Sjoergstatic void
30300Sjoergsppp_phase_network(struct sppp *sp)
30300Sjoerg{
42066Sphk	STDDCL;
30300Sjoerg	int i;
30300Sjoerg	u_long mask;
30300Sjoerg
30300Sjoerg	sp->pp_phase = PHASE_NETWORK;
30300Sjoerg
42066Sphk	if (debug)
42066Sphk		log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
42066Sphk		    sppp_phase_name(sp->pp_phase));
30300Sjoerg
30300Sjoerg	/* Notify NCPs now. */
30300Sjoerg	for (i = 0; i < IDX_COUNT; i++)
30300Sjoerg		if ((cps[i])->flags & CP_NCP)
30300Sjoerg			(cps[i])->Open(sp);
30300Sjoerg
30300Sjoerg	/* Send Up events to all NCPs. */
30300Sjoerg	for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
30300Sjoerg		if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP))
30300Sjoerg			(cps[i])->Up(sp);
30300Sjoerg
30300Sjoerg	/* if no NCP is starting, all this was in vain, close down */
30300Sjoerg	sppp_lcp_check_and_close(sp);
30300Sjoerg}
30300Sjoerg
70199Sjhay
25706Sjoergstatic const char *
25944Sjoergsppp_cp_type_name(u_char type)
4910Swollman{
30300Sjoerg	static char buf[12];
4910Swollman	switch (type) {
30300Sjoerg	case CONF_REQ:   return "conf-req";
30300Sjoerg	case CONF_ACK:   return "conf-ack";
30300Sjoerg	case CONF_NAK:   return "conf-nak";
30300Sjoerg	case CONF_REJ:   return "conf-rej";
30300Sjoerg	case TERM_REQ:   return "term-req";
30300Sjoerg	case TERM_ACK:   return "term-ack";
30300Sjoerg	case CODE_REJ:   return "code-rej";
30300Sjoerg	case PROTO_REJ:  return "proto-rej";
30300Sjoerg	case ECHO_REQ:   return "echo-req";
30300Sjoerg	case ECHO_REPLY: return "echo-reply";
30300Sjoerg	case DISC_REQ:   return "discard-req";
4910Swollman	}
44145Sphk	snprintf (buf, sizeof(buf), "cp/0x%x", type);
30300Sjoerg	return buf;
4910Swollman}
4910Swollman
25706Sjoergstatic const char *
30300Sjoergsppp_auth_type_name(u_short proto, u_char type)
30300Sjoerg{
30300Sjoerg	static char buf[12];
30300Sjoerg	switch (proto) {
30300Sjoerg	case PPP_CHAP:
30300Sjoerg		switch (type) {
30300Sjoerg		case CHAP_CHALLENGE:	return "challenge";
30300Sjoerg		case CHAP_RESPONSE:	return "response";
30300Sjoerg		case CHAP_SUCCESS:	return "success";
30300Sjoerg		case CHAP_FAILURE:	return "failure";
30300Sjoerg		}
30300Sjoerg	case PPP_PAP:
30300Sjoerg		switch (type) {
30300Sjoerg		case PAP_REQ:		return "req";
30300Sjoerg		case PAP_ACK:		return "ack";
30300Sjoerg		case PAP_NAK:		return "nak";
30300Sjoerg		}
30300Sjoerg	}
44145Sphk	snprintf (buf, sizeof(buf), "auth/0x%x", type);
30300Sjoerg	return buf;
30300Sjoerg}
30300Sjoerg
30300Sjoergstatic const char *
25944Sjoergsppp_lcp_opt_name(u_char opt)
4910Swollman{
30300Sjoerg	static char buf[12];
25944Sjoerg	switch (opt) {
30300Sjoerg	case LCP_OPT_MRU:		return "mru";
30300Sjoerg	case LCP_OPT_ASYNC_MAP:		return "async-map";
30300Sjoerg	case LCP_OPT_AUTH_PROTO:	return "auth-proto";
30300Sjoerg	case LCP_OPT_QUAL_PROTO:	return "qual-proto";
30300Sjoerg	case LCP_OPT_MAGIC:		return "magic";
30300Sjoerg	case LCP_OPT_PROTO_COMP:	return "proto-comp";
30300Sjoerg	case LCP_OPT_ADDR_COMP:		return "addr-comp";
4910Swollman	}
44145Sphk	snprintf (buf, sizeof(buf), "lcp/0x%x", opt);
30300Sjoerg	return buf;
4910Swollman}
4910Swollman
25944Sjoergstatic const char *
25944Sjoergsppp_ipcp_opt_name(u_char opt)
25944Sjoerg{
30300Sjoerg	static char buf[12];
25944Sjoerg	switch (opt) {
30300Sjoerg	case IPCP_OPT_ADDRESSES:	return "addresses";
30300Sjoerg	case IPCP_OPT_COMPRESSION:	return "compression";
30300Sjoerg	case IPCP_OPT_ADDRESS:		return "address";
25944Sjoerg	}
44145Sphk	snprintf (buf, sizeof(buf), "ipcp/0x%x", opt);
30300Sjoerg	return buf;
25944Sjoerg}
25944Sjoerg
78064Sume#ifdef INET6
25944Sjoergstatic const char *
78064Sumesppp_ipv6cp_opt_name(u_char opt)
78064Sume{
78064Sume	static char buf[12];
78064Sume	switch (opt) {
78064Sume	case IPV6CP_OPT_IFID:		return "ifid";
78064Sume	case IPV6CP_OPT_COMPRESSION:	return "compression";
78064Sume	}
78064Sume	sprintf (buf, "0x%x", opt);
78064Sume	return buf;
78064Sume}
78064Sume#endif
78064Sume
78064Sumestatic const char *
25944Sjoergsppp_state_name(int state)
25944Sjoerg{
25944Sjoerg	switch (state) {
25944Sjoerg	case STATE_INITIAL:	return "initial";
25944Sjoerg	case STATE_STARTING:	return "starting";
25944Sjoerg	case STATE_CLOSED:	return "closed";
25944Sjoerg	case STATE_STOPPED:	return "stopped";
25944Sjoerg	case STATE_CLOSING:	return "closing";
25944Sjoerg	case STATE_STOPPING:	return "stopping";
25944Sjoerg	case STATE_REQ_SENT:	return "req-sent";
25944Sjoerg	case STATE_ACK_RCVD:	return "ack-rcvd";
25944Sjoerg	case STATE_ACK_SENT:	return "ack-sent";
25944Sjoerg	case STATE_OPENED:	return "opened";
25944Sjoerg	}
25944Sjoerg	return "illegal";
25944Sjoerg}
25944Sjoerg
25944Sjoergstatic const char *
25944Sjoergsppp_phase_name(enum ppp_phase phase)
25944Sjoerg{
25944Sjoerg	switch (phase) {
25944Sjoerg	case PHASE_DEAD:	return "dead";
25944Sjoerg	case PHASE_ESTABLISH:	return "establish";
25944Sjoerg	case PHASE_TERMINATE:	return "terminate";
25944Sjoerg	case PHASE_AUTHENTICATE: return "authenticate";
25944Sjoerg	case PHASE_NETWORK:	return "network";
25944Sjoerg	}
25944Sjoerg	return "illegal";
25944Sjoerg}
25944Sjoerg
25944Sjoergstatic const char *
25944Sjoergsppp_proto_name(u_short proto)
25944Sjoerg{
25944Sjoerg	static char buf[12];
25944Sjoerg	switch (proto) {
25944Sjoerg	case PPP_LCP:	return "lcp";
25944Sjoerg	case PPP_IPCP:	return "ipcp";
30300Sjoerg	case PPP_PAP:	return "pap";
30300Sjoerg	case PPP_CHAP:	return "chap";
78064Sume	case PPP_IPV6CP: return "ipv6cp";
25944Sjoerg	}
44145Sphk	snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto);
25944Sjoerg	return buf;
25944Sjoerg}
25944Sjoerg
12820Sphkstatic void
30300Sjoergsppp_print_bytes(const u_char *p, u_short len)
4910Swollman{
44145Sphk	if (len)
69211Sphk		log(-1, " %*D", len, p, "-");
4910Swollman}
25944Sjoerg
30300Sjoergstatic void
30300Sjoergsppp_print_string(const char *p, u_short len)
30300Sjoerg{
30300Sjoerg	u_char c;
30300Sjoerg
30300Sjoerg	while (len-- > 0) {
30300Sjoerg		c = *p++;
30300Sjoerg		/*
30300Sjoerg		 * Print only ASCII chars directly.  RFC 1994 recommends
30300Sjoerg		 * using only them, but we don't rely on it.  */
30300Sjoerg		if (c < ' ' || c > '~')
69211Sphk			log(-1, "\\x%x", c);
30300Sjoerg		else
69211Sphk			log(-1, "%c", c);
30300Sjoerg	}
30300Sjoerg}
30300Sjoerg
30300Sjoergstatic const char *
30300Sjoergsppp_dotted_quad(u_long addr)
30300Sjoerg{
30300Sjoerg	static char s[16];
30300Sjoerg	sprintf(s, "%d.%d.%d.%d",
40008Sjoerg		(int)((addr >> 24) & 0xff),
40008Sjoerg		(int)((addr >> 16) & 0xff),
40008Sjoerg		(int)((addr >> 8) & 0xff),
38372Sbde		(int)(addr & 0xff));
30300Sjoerg	return s;
30300Sjoerg}
30300Sjoerg
30300Sjoergstatic int
30300Sjoergsppp_strnlen(u_char *p, int max)
30300Sjoerg{
30300Sjoerg	int len;
30300Sjoerg
30300Sjoerg	for (len = 0; len < max && *p; ++p)
30300Sjoerg		++len;
30300Sjoerg	return len;
30300Sjoerg}
30300Sjoerg
30300Sjoerg/* a dummy, used to drop uninteresting events */
30300Sjoergstatic void
30300Sjoergsppp_null(struct sppp *unused)
30300Sjoerg{
30300Sjoerg	/* do just nothing */
30300Sjoerg}