if_spppsubr.c revision 160377
1/* 2 * Synchronous PPP/Cisco/Frame Relay link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 */ 5/*- 6 * Copyright (C) 1994-2000 Cronyx Engineering. 7 * Author: Serge Vakulenko, <vak@cronyx.ru> 8 * 9 * Heavily revamped to conform to RFC 1661. 10 * Copyright (C) 1997, 2001 Joerg Wunsch. 11 * 12 * This software is distributed with NO WARRANTIES, not even the implied 13 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 14 * 15 * Authors grant any other persons or organisations permission to use 16 * or modify this software as long as this message is kept with the software, 17 * all derivative works or modified versions. 18 * 19 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 20 * 21 * $FreeBSD: head/sys/net/if_spppsubr.c 160377 2006-07-15 02:49:35Z brooks $ 22 */ 23 24#include <sys/param.h> 25 26#if defined(__FreeBSD__) && __FreeBSD__ >= 3 27#include "opt_inet.h" 28#include "opt_inet6.h" 29#include "opt_ipx.h" 30#endif 31 32#ifdef NetBSD1_3 33# if NetBSD1_3 > 6 34# include "opt_inet.h" 35# include "opt_inet6.h" 36# include "opt_iso.h" 37# endif 38#endif 39 40#include <sys/systm.h> 41#include <sys/kernel.h> 42#include <sys/module.h> 43#include <sys/sockio.h> 44#include <sys/socket.h> 45#include <sys/syslog.h> 46#if defined(__FreeBSD__) && __FreeBSD__ >= 3 47#include <sys/random.h> 48#endif 49#include <sys/malloc.h> 50#include <sys/mbuf.h> 51 52#if defined (__OpenBSD__) 53#include <sys/md5k.h> 54#else 55#include <sys/md5.h> 56#endif 57 58#include <net/if.h> 59#include <net/netisr.h> 60#include <net/if_types.h> 61#include <net/route.h> 62#include <netinet/in.h> 63#include <netinet/in_systm.h> 64#include <netinet/ip.h> 65#include <net/slcompress.h> 66 67#if defined (__NetBSD__) || defined (__OpenBSD__) 68#include <machine/cpu.h> /* XXX for softnet */ 69#endif 70 71#include <machine/stdarg.h> 72 73#include <netinet/in_var.h> 74 75#ifdef INET 76#include <netinet/ip.h> 77#include <netinet/tcp.h> 78#endif 79 80#ifdef INET6 81#include <netinet6/scope6_var.h> 82#endif 83 84#if defined (__FreeBSD__) || defined (__OpenBSD__) 85# include <netinet/if_ether.h> 86#else 87# include <net/ethertypes.h> 88#endif 89 90#ifdef IPX 91#include <netipx/ipx.h> 92#include <netipx/ipx_if.h> 93#endif 94 95#include <net/if_sppp.h> 96 97#if defined(__FreeBSD__) && __FreeBSD__ >= 3 98# define IOCTL_CMD_T u_long 99#else 100# define IOCTL_CMD_T int 101#endif 102 103#define MAXALIVECNT 3 /* max. alive packets */ 104 105/* 106 * Interface flags that can be set in an ifconfig command. 107 * 108 * Setting link0 will make the link passive, i.e. it will be marked 109 * as being administrative openable, but won't be opened to begin 110 * with. Incoming calls will be answered, or subsequent calls with 111 * -link1 will cause the administrative open of the LCP layer. 112 * 113 * Setting link1 will cause the link to auto-dial only as packets 114 * arrive to be sent. 115 * 116 * Setting IFF_DEBUG will syslog the option negotiation and state 117 * transitions at level kern.debug. Note: all logs consistently look 118 * like 119 * 120 * <if-name><unit>: <proto-name> <additional info...> 121 * 122 * with <if-name><unit> being something like "bppp0", and <proto-name> 123 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 124 */ 125 126#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 127#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 128#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 129 130#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 131#define PPP_UI 0x03 /* Unnumbered Information */ 132#define PPP_IP 0x0021 /* Internet Protocol */ 133#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 134#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 135#define PPP_IPX 0x002b /* Novell IPX Protocol */ 136#define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */ 137#define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */ 138#define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 139#define PPP_LCP 0xc021 /* Link Control Protocol */ 140#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 141#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 142#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 143#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 144 145#define CONF_REQ 1 /* PPP configure request */ 146#define CONF_ACK 2 /* PPP configure acknowledge */ 147#define CONF_NAK 3 /* PPP configure negative ack */ 148#define CONF_REJ 4 /* PPP configure reject */ 149#define TERM_REQ 5 /* PPP terminate request */ 150#define TERM_ACK 6 /* PPP terminate acknowledge */ 151#define CODE_REJ 7 /* PPP code reject */ 152#define PROTO_REJ 8 /* PPP protocol reject */ 153#define ECHO_REQ 9 /* PPP echo request */ 154#define ECHO_REPLY 10 /* PPP echo reply */ 155#define DISC_REQ 11 /* PPP discard request */ 156 157#define LCP_OPT_MRU 1 /* maximum receive unit */ 158#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 159#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 160#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 161#define LCP_OPT_MAGIC 5 /* magic number */ 162#define LCP_OPT_RESERVED 6 /* reserved */ 163#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 164#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 165 166#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 167#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 168#define IPCP_OPT_ADDRESS 3 /* local IP address */ 169 170#define IPV6CP_OPT_IFID 1 /* interface identifier */ 171#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 172 173#define IPCP_COMP_VJ 0x2d /* Code for VJ compression */ 174 175#define PAP_REQ 1 /* PAP name/password request */ 176#define PAP_ACK 2 /* PAP acknowledge */ 177#define PAP_NAK 3 /* PAP fail */ 178 179#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 180#define CHAP_RESPONSE 2 /* CHAP challenge response */ 181#define CHAP_SUCCESS 3 /* CHAP response ok */ 182#define CHAP_FAILURE 4 /* CHAP response failed */ 183 184#define CHAP_MD5 5 /* hash algorithm - MD5 */ 185 186#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 187#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 188#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 189#define CISCO_ADDR_REQ 0 /* Cisco address request */ 190#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 191#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 192 193/* states are named and numbered according to RFC 1661 */ 194#define STATE_INITIAL 0 195#define STATE_STARTING 1 196#define STATE_CLOSED 2 197#define STATE_STOPPED 3 198#define STATE_CLOSING 4 199#define STATE_STOPPING 5 200#define STATE_REQ_SENT 6 201#define STATE_ACK_RCVD 7 202#define STATE_ACK_SENT 8 203#define STATE_OPENED 9 204 205MALLOC_DEFINE(M_SPPP, "sppp", "synchronous PPP interface internals"); 206 207struct ppp_header { 208 u_char address; 209 u_char control; 210 u_short protocol; 211} __packed; 212#define PPP_HEADER_LEN sizeof (struct ppp_header) 213 214struct lcp_header { 215 u_char type; 216 u_char ident; 217 u_short len; 218} __packed; 219#define LCP_HEADER_LEN sizeof (struct lcp_header) 220 221struct cisco_packet { 222 u_long type; 223 u_long par1; 224 u_long par2; 225 u_short rel; 226 u_short time0; 227 u_short time1; 228} __packed; 229#define CISCO_PACKET_LEN sizeof (struct cisco_packet) 230 231/* 232 * We follow the spelling and capitalization of RFC 1661 here, to make 233 * it easier comparing with the standard. Please refer to this RFC in 234 * case you can't make sense out of these abbreviation; it will also 235 * explain the semantics related to the various events and actions. 236 */ 237struct cp { 238 u_short proto; /* PPP control protocol number */ 239 u_char protoidx; /* index into state table in struct sppp */ 240 u_char flags; 241#define CP_LCP 0x01 /* this is the LCP */ 242#define CP_AUTH 0x02 /* this is an authentication protocol */ 243#define CP_NCP 0x04 /* this is a NCP */ 244#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 245 const char *name; /* name of this control protocol */ 246 /* event handlers */ 247 void (*Up)(struct sppp *sp); 248 void (*Down)(struct sppp *sp); 249 void (*Open)(struct sppp *sp); 250 void (*Close)(struct sppp *sp); 251 void (*TO)(void *sp); 252 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 253 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 254 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 255 /* actions */ 256 void (*tlu)(struct sppp *sp); 257 void (*tld)(struct sppp *sp); 258 void (*tls)(struct sppp *sp); 259 void (*tlf)(struct sppp *sp); 260 void (*scr)(struct sppp *sp); 261}; 262 263#if defined(__FreeBSD__) && __FreeBSD__ >= 3 && __FreeBSD_version < 501113 264#define SPP_FMT "%s%d: " 265#define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 266#else 267#define SPP_FMT "%s: " 268#define SPP_ARGS(ifp) (ifp)->if_xname 269#endif 270 271#define SPPP_LOCK(sp) \ 272 do { \ 273 if (!(SP2IFP(sp)->if_flags & IFF_NEEDSGIANT)) \ 274 mtx_lock (&(sp)->mtx); \ 275 } while (0) 276#define SPPP_UNLOCK(sp) \ 277 do { \ 278 if (!(SP2IFP(sp)->if_flags & IFF_NEEDSGIANT)) \ 279 mtx_unlock (&(sp)->mtx); \ 280 } while (0) 281 282#define SPPP_LOCK_ASSERT(sp) \ 283 do { \ 284 if (!(SP2IFP(sp)->if_flags & IFF_NEEDSGIANT)) \ 285 mtx_assert (&(sp)->mtx, MA_OWNED); \ 286 } while (0) 287#define SPPP_LOCK_OWNED(sp) \ 288 (!(SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) && \ 289 mtx_owned (&sp->mtx)) 290 291#ifdef INET 292/* 293 * The following disgusting hack gets around the problem that IP TOS 294 * can't be set yet. We want to put "interactive" traffic on a high 295 * priority queue. To decide if traffic is interactive, we check that 296 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 297 * 298 * XXX is this really still necessary? - joerg - 299 */ 300static const u_short interactive_ports[8] = { 301 0, 513, 0, 0, 302 0, 21, 0, 23, 303}; 304#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 305#endif 306 307/* almost every function needs these */ 308#define STDDCL \ 309 struct ifnet *ifp = SP2IFP(sp); \ 310 int debug = ifp->if_flags & IFF_DEBUG 311 312static int sppp_output(struct ifnet *ifp, struct mbuf *m, 313 struct sockaddr *dst, struct rtentry *rt); 314 315static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 316static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 317 318static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 319 struct mbuf *m); 320static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 321 u_char ident, u_short len, void *data); 322/* static void sppp_cp_timeout(void *arg); */ 323static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 324 int newstate); 325static void sppp_auth_send(const struct cp *cp, 326 struct sppp *sp, unsigned int type, unsigned int id, 327 ...); 328 329static void sppp_up_event(const struct cp *cp, struct sppp *sp); 330static void sppp_down_event(const struct cp *cp, struct sppp *sp); 331static void sppp_open_event(const struct cp *cp, struct sppp *sp); 332static void sppp_close_event(const struct cp *cp, struct sppp *sp); 333static void sppp_to_event(const struct cp *cp, struct sppp *sp); 334 335static void sppp_null(struct sppp *sp); 336 337static void sppp_pp_up(struct sppp *sp); 338static void sppp_pp_down(struct sppp *sp); 339 340static void sppp_lcp_init(struct sppp *sp); 341static void sppp_lcp_up(struct sppp *sp); 342static void sppp_lcp_down(struct sppp *sp); 343static void sppp_lcp_open(struct sppp *sp); 344static void sppp_lcp_close(struct sppp *sp); 345static void sppp_lcp_TO(void *sp); 346static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 347static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 348static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 349static void sppp_lcp_tlu(struct sppp *sp); 350static void sppp_lcp_tld(struct sppp *sp); 351static void sppp_lcp_tls(struct sppp *sp); 352static void sppp_lcp_tlf(struct sppp *sp); 353static void sppp_lcp_scr(struct sppp *sp); 354static void sppp_lcp_check_and_close(struct sppp *sp); 355static int sppp_ncp_check(struct sppp *sp); 356 357static void sppp_ipcp_init(struct sppp *sp); 358static void sppp_ipcp_up(struct sppp *sp); 359static void sppp_ipcp_down(struct sppp *sp); 360static void sppp_ipcp_open(struct sppp *sp); 361static void sppp_ipcp_close(struct sppp *sp); 362static void sppp_ipcp_TO(void *sp); 363static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 364static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 365static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 366static void sppp_ipcp_tlu(struct sppp *sp); 367static void sppp_ipcp_tld(struct sppp *sp); 368static void sppp_ipcp_tls(struct sppp *sp); 369static void sppp_ipcp_tlf(struct sppp *sp); 370static void sppp_ipcp_scr(struct sppp *sp); 371 372static void sppp_ipv6cp_init(struct sppp *sp); 373static void sppp_ipv6cp_up(struct sppp *sp); 374static void sppp_ipv6cp_down(struct sppp *sp); 375static void sppp_ipv6cp_open(struct sppp *sp); 376static void sppp_ipv6cp_close(struct sppp *sp); 377static void sppp_ipv6cp_TO(void *sp); 378static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 379static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 380static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 381static void sppp_ipv6cp_tlu(struct sppp *sp); 382static void sppp_ipv6cp_tld(struct sppp *sp); 383static void sppp_ipv6cp_tls(struct sppp *sp); 384static void sppp_ipv6cp_tlf(struct sppp *sp); 385static void sppp_ipv6cp_scr(struct sppp *sp); 386 387static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 388static void sppp_pap_init(struct sppp *sp); 389static void sppp_pap_open(struct sppp *sp); 390static void sppp_pap_close(struct sppp *sp); 391static void sppp_pap_TO(void *sp); 392static void sppp_pap_my_TO(void *sp); 393static void sppp_pap_tlu(struct sppp *sp); 394static void sppp_pap_tld(struct sppp *sp); 395static void sppp_pap_scr(struct sppp *sp); 396 397static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 398static void sppp_chap_init(struct sppp *sp); 399static void sppp_chap_open(struct sppp *sp); 400static void sppp_chap_close(struct sppp *sp); 401static void sppp_chap_TO(void *sp); 402static void sppp_chap_tlu(struct sppp *sp); 403static void sppp_chap_tld(struct sppp *sp); 404static void sppp_chap_scr(struct sppp *sp); 405 406static const char *sppp_auth_type_name(u_short proto, u_char type); 407static const char *sppp_cp_type_name(u_char type); 408static const char *sppp_dotted_quad(u_long addr); 409static const char *sppp_ipcp_opt_name(u_char opt); 410#ifdef INET6 411static const char *sppp_ipv6cp_opt_name(u_char opt); 412#endif 413static const char *sppp_lcp_opt_name(u_char opt); 414static const char *sppp_phase_name(enum ppp_phase phase); 415static const char *sppp_proto_name(u_short proto); 416static const char *sppp_state_name(int state); 417static int sppp_params(struct sppp *sp, u_long cmd, void *data); 418static int sppp_strnlen(u_char *p, int max); 419static void sppp_keepalive(void *dummy); 420static void sppp_phase_network(struct sppp *sp); 421static void sppp_print_bytes(const u_char *p, u_short len); 422static void sppp_print_string(const char *p, u_short len); 423static void sppp_qflush(struct ifqueue *ifq); 424static void sppp_set_ip_addr(struct sppp *sp, u_long src); 425#ifdef INET6 426static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 427 struct in6_addr *dst, struct in6_addr *srcmask); 428#ifdef IPV6CP_MYIFID_DYN 429static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 430static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 431#endif 432static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 433#endif 434 435/* if_start () wrapper */ 436static void sppp_ifstart (struct ifnet *ifp); 437 438/* our control protocol descriptors */ 439static const struct cp lcp = { 440 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 441 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 442 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 443 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 444 sppp_lcp_scr 445}; 446 447static const struct cp ipcp = { 448 PPP_IPCP, IDX_IPCP, 449#ifdef INET /* don't run IPCP if there's no IPv4 support */ 450 CP_NCP, 451#else 452 0, 453#endif 454 "ipcp", 455 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 456 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 457 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 458 sppp_ipcp_scr 459}; 460 461static const struct cp ipv6cp = { 462 PPP_IPV6CP, IDX_IPV6CP, 463#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 464 CP_NCP, 465#else 466 0, 467#endif 468 "ipv6cp", 469 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 470 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 471 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 472 sppp_ipv6cp_scr 473}; 474 475static const struct cp pap = { 476 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 477 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 478 sppp_pap_TO, 0, 0, 0, 479 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 480 sppp_pap_scr 481}; 482 483static const struct cp chap = { 484 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 485 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 486 sppp_chap_TO, 0, 0, 0, 487 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 488 sppp_chap_scr 489}; 490 491static const struct cp *cps[IDX_COUNT] = { 492 &lcp, /* IDX_LCP */ 493 &ipcp, /* IDX_IPCP */ 494 &ipv6cp, /* IDX_IPV6CP */ 495 &pap, /* IDX_PAP */ 496 &chap, /* IDX_CHAP */ 497}; 498 499static void* 500sppp_alloc(u_char type, struct ifnet *ifp) 501{ 502 struct sppp *sp; 503 504 sp = malloc(sizeof(struct sppp), M_SPPP, M_WAITOK | M_ZERO); 505 sp->pp_ifp = ifp; 506 507 return (sp); 508} 509 510static void 511sppp_free(void *com, u_char type) 512{ 513 514 free(com, M_SPPP); 515} 516 517static int 518sppp_modevent(module_t mod, int type, void *unused) 519{ 520 switch (type) { 521 case MOD_LOAD: 522 /* 523 * XXX: should probably be IFT_SPPP, but it's fairly 524 * harmless to allocate struct sppp's for non-sppp 525 * interfaces. 526 */ 527 528 if_register_com_alloc(IFT_PPP, sppp_alloc, sppp_free); 529 break; 530 case MOD_UNLOAD: 531 /* if_deregister_com_alloc(IFT_PPP); */ 532 return EACCES; 533 default: 534 return EOPNOTSUPP; 535 } 536 return 0; 537} 538static moduledata_t spppmod = { 539 "sppp", 540 sppp_modevent, 541 0 542}; 543MODULE_VERSION(sppp, 1); 544DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 545 546/* 547 * Exported functions, comprising our interface to the lower layer. 548 */ 549 550/* 551 * Process the received packet. 552 */ 553void 554sppp_input(struct ifnet *ifp, struct mbuf *m) 555{ 556 struct ppp_header *h; 557 int isr = -1; 558 struct sppp *sp = IFP2SP(ifp); 559 u_char *iphdr; 560 int hlen, vjlen, do_account = 0; 561 int debug; 562 563 SPPP_LOCK(sp); 564 debug = ifp->if_flags & IFF_DEBUG; 565 566 if (ifp->if_flags & IFF_UP) 567 /* Count received bytes, add FCS and one flag */ 568 ifp->if_ibytes += m->m_pkthdr.len + 3; 569 570 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 571 /* Too small packet, drop it. */ 572 if (debug) 573 log(LOG_DEBUG, 574 SPP_FMT "input packet is too small, %d bytes\n", 575 SPP_ARGS(ifp), m->m_pkthdr.len); 576 drop: 577 m_freem (m); 578 SPPP_UNLOCK(sp); 579 drop2: 580 ++ifp->if_ierrors; 581 ++ifp->if_iqdrops; 582 return; 583 } 584 585 if (sp->pp_mode == PP_FR) { 586 sppp_fr_input (sp, m); 587 SPPP_UNLOCK(sp); 588 return; 589 } 590 591 /* Get PPP header. */ 592 h = mtod (m, struct ppp_header*); 593 m_adj (m, PPP_HEADER_LEN); 594 595 switch (h->address) { 596 case PPP_ALLSTATIONS: 597 if (h->control != PPP_UI) 598 goto invalid; 599 if (sp->pp_mode == IFF_CISCO) { 600 if (debug) 601 log(LOG_DEBUG, 602 SPP_FMT "PPP packet in Cisco mode " 603 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 604 SPP_ARGS(ifp), 605 h->address, h->control, ntohs(h->protocol)); 606 goto drop; 607 } 608 switch (ntohs (h->protocol)) { 609 default: 610 if (debug) 611 log(LOG_DEBUG, 612 SPP_FMT "rejecting protocol " 613 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 614 SPP_ARGS(ifp), 615 h->address, h->control, ntohs(h->protocol)); 616 if (sp->state[IDX_LCP] == STATE_OPENED) 617 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 618 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 619 &h->protocol); 620 ++ifp->if_noproto; 621 goto drop; 622 case PPP_LCP: 623 sppp_cp_input(&lcp, sp, m); 624 m_freem (m); 625 SPPP_UNLOCK(sp); 626 return; 627 case PPP_PAP: 628 if (sp->pp_phase >= PHASE_AUTHENTICATE) 629 sppp_pap_input(sp, m); 630 m_freem (m); 631 SPPP_UNLOCK(sp); 632 return; 633 case PPP_CHAP: 634 if (sp->pp_phase >= PHASE_AUTHENTICATE) 635 sppp_chap_input(sp, m); 636 m_freem (m); 637 SPPP_UNLOCK(sp); 638 return; 639#ifdef INET 640 case PPP_IPCP: 641 if (sp->pp_phase == PHASE_NETWORK) 642 sppp_cp_input(&ipcp, sp, m); 643 m_freem (m); 644 SPPP_UNLOCK(sp); 645 return; 646 case PPP_IP: 647 if (sp->state[IDX_IPCP] == STATE_OPENED) { 648 isr = NETISR_IP; 649 } 650 do_account++; 651 break; 652 case PPP_VJ_COMP: 653 if (sp->state[IDX_IPCP] == STATE_OPENED) { 654 if ((vjlen = 655 sl_uncompress_tcp_core(mtod(m, u_char *), 656 m->m_len, m->m_len, 657 TYPE_COMPRESSED_TCP, 658 sp->pp_comp, 659 &iphdr, &hlen)) <= 0) { 660 if (debug) 661 log(LOG_INFO, 662 SPP_FMT "VJ uncompress failed on compressed packet\n", 663 SPP_ARGS(ifp)); 664 goto drop; 665 } 666 667 /* 668 * Trim the VJ header off the packet, and prepend 669 * the uncompressed IP header (which will usually 670 * end up in two chained mbufs since there's not 671 * enough leading space in the existing mbuf). 672 */ 673 m_adj(m, vjlen); 674 M_PREPEND(m, hlen, M_DONTWAIT); 675 if (m == NULL) { 676 SPPP_UNLOCK(sp); 677 goto drop2; 678 } 679 bcopy(iphdr, mtod(m, u_char *), hlen); 680 isr = NETISR_IP; 681 } 682 do_account++; 683 break; 684 case PPP_VJ_UCOMP: 685 if (sp->state[IDX_IPCP] == STATE_OPENED) { 686 if (sl_uncompress_tcp_core(mtod(m, u_char *), 687 m->m_len, m->m_len, 688 TYPE_UNCOMPRESSED_TCP, 689 sp->pp_comp, 690 &iphdr, &hlen) != 0) { 691 if (debug) 692 log(LOG_INFO, 693 SPP_FMT "VJ uncompress failed on uncompressed packet\n", 694 SPP_ARGS(ifp)); 695 goto drop; 696 } 697 isr = NETISR_IP; 698 } 699 do_account++; 700 break; 701#endif 702#ifdef INET6 703 case PPP_IPV6CP: 704 if (sp->pp_phase == PHASE_NETWORK) 705 sppp_cp_input(&ipv6cp, sp, m); 706 m_freem (m); 707 SPPP_UNLOCK(sp); 708 return; 709 710 case PPP_IPV6: 711 if (sp->state[IDX_IPV6CP] == STATE_OPENED) 712 isr = NETISR_IPV6; 713 do_account++; 714 break; 715#endif 716#ifdef IPX 717 case PPP_IPX: 718 /* IPX IPXCP not implemented yet */ 719 if (sp->pp_phase == PHASE_NETWORK) 720 isr = NETISR_IPX; 721 do_account++; 722 break; 723#endif 724 } 725 break; 726 case CISCO_MULTICAST: 727 case CISCO_UNICAST: 728 /* Don't check the control field here (RFC 1547). */ 729 if (sp->pp_mode != IFF_CISCO) { 730 if (debug) 731 log(LOG_DEBUG, 732 SPP_FMT "Cisco packet in PPP mode " 733 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 734 SPP_ARGS(ifp), 735 h->address, h->control, ntohs(h->protocol)); 736 goto drop; 737 } 738 switch (ntohs (h->protocol)) { 739 default: 740 ++ifp->if_noproto; 741 goto invalid; 742 case CISCO_KEEPALIVE: 743 sppp_cisco_input (sp, m); 744 m_freem (m); 745 SPPP_UNLOCK(sp); 746 return; 747#ifdef INET 748 case ETHERTYPE_IP: 749 isr = NETISR_IP; 750 do_account++; 751 break; 752#endif 753#ifdef INET6 754 case ETHERTYPE_IPV6: 755 isr = NETISR_IPV6; 756 do_account++; 757 break; 758#endif 759#ifdef IPX 760 case ETHERTYPE_IPX: 761 isr = NETISR_IPX; 762 do_account++; 763 break; 764#endif 765 } 766 break; 767 default: /* Invalid PPP packet. */ 768 invalid: 769 if (debug) 770 log(LOG_DEBUG, 771 SPP_FMT "invalid input packet " 772 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 773 SPP_ARGS(ifp), 774 h->address, h->control, ntohs(h->protocol)); 775 goto drop; 776 } 777 778 if (! (ifp->if_flags & IFF_UP) || isr == -1) 779 goto drop; 780 781 SPPP_UNLOCK(sp); 782 /* Check queue. */ 783 if (netisr_queue(isr, m)) { /* (0) on success. */ 784 if (debug) 785 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 786 SPP_ARGS(ifp)); 787 goto drop2; 788 } 789 790 if (do_account) 791 /* 792 * Do only account for network packets, not for control 793 * packets. This is used by some subsystems to detect 794 * idle lines. 795 */ 796 sp->pp_last_recv = time_uptime; 797} 798 799static void 800sppp_ifstart_sched(void *dummy) 801{ 802 struct sppp *sp = dummy; 803 804 sp->if_start(SP2IFP(sp)); 805} 806 807/* if_start () wrapper function. We use it to schedule real if_start () for 808 * execution. We can't call it directly 809 */ 810static void 811sppp_ifstart(struct ifnet *ifp) 812{ 813 struct sppp *sp = IFP2SP(ifp); 814 815 if (SPPP_LOCK_OWNED(sp)) { 816 if (callout_pending(&sp->ifstart_callout)) 817 return; 818 callout_reset(&sp->ifstart_callout, 1, sppp_ifstart_sched, 819 (void *)sp); 820 } else { 821 sp->if_start(ifp); 822 } 823} 824 825/* 826 * Enqueue transmit packet. 827 */ 828static int 829sppp_output(struct ifnet *ifp, struct mbuf *m, 830 struct sockaddr *dst, struct rtentry *rt) 831{ 832 struct sppp *sp = IFP2SP(ifp); 833 struct ppp_header *h; 834 struct ifqueue *ifq = NULL; 835 int s, error, rv = 0; 836 int ipproto = PPP_IP; 837 int debug = ifp->if_flags & IFF_DEBUG; 838 839 s = splimp(); 840 SPPP_LOCK(sp); 841 842 if (!(ifp->if_flags & IFF_UP) || 843 (!(ifp->if_flags & IFF_AUTO) && 844 !(ifp->if_drv_flags & IFF_DRV_RUNNING))) { 845#ifdef INET6 846 drop: 847#endif 848 m_freem (m); 849 SPPP_UNLOCK(sp); 850 splx (s); 851 return (ENETDOWN); 852 } 853 854 if ((ifp->if_flags & IFF_AUTO) && 855 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 856#ifdef INET6 857 /* 858 * XXX 859 * 860 * Hack to prevent the initialization-time generated 861 * IPv6 multicast packet to erroneously cause a 862 * dialout event in case IPv6 has been 863 * administratively disabled on that interface. 864 */ 865 if (dst->sa_family == AF_INET6 && 866 !(sp->confflags & CONF_ENABLE_IPV6)) 867 goto drop; 868#endif 869 /* 870 * Interface is not yet running, but auto-dial. Need 871 * to start LCP for it. 872 */ 873 ifp->if_drv_flags |= IFF_DRV_RUNNING; 874 splx(s); 875 lcp.Open(sp); 876 s = splimp(); 877 } 878 879#ifdef INET 880 if (dst->sa_family == AF_INET) { 881 /* XXX Check mbuf length here? */ 882 struct ip *ip = mtod (m, struct ip*); 883 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 884 885 /* 886 * When using dynamic local IP address assignment by using 887 * 0.0.0.0 as a local address, the first TCP session will 888 * not connect because the local TCP checksum is computed 889 * using 0.0.0.0 which will later become our real IP address 890 * so the TCP checksum computed at the remote end will 891 * become invalid. So we 892 * - don't let packets with src ip addr 0 thru 893 * - we flag TCP packets with src ip 0 as an error 894 */ 895 896 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 897 { 898 m_freem(m); 899 SPPP_UNLOCK(sp); 900 splx(s); 901 if(ip->ip_p == IPPROTO_TCP) 902 return(EADDRNOTAVAIL); 903 else 904 return(0); 905 } 906 907 /* 908 * Put low delay, telnet, rlogin and ftp control packets 909 * in front of the queue or let ALTQ take care. 910 */ 911 if (ALTQ_IS_ENABLED(&ifp->if_snd)) 912 ; 913 else if (_IF_QFULL(&sp->pp_fastq)) 914 ; 915 else if (ip->ip_tos & IPTOS_LOWDELAY) 916 ifq = &sp->pp_fastq; 917 else if (m->m_len < sizeof *ip + sizeof *tcp) 918 ; 919 else if (ip->ip_p != IPPROTO_TCP) 920 ; 921 else if (INTERACTIVE (ntohs (tcp->th_sport))) 922 ifq = &sp->pp_fastq; 923 else if (INTERACTIVE (ntohs (tcp->th_dport))) 924 ifq = &sp->pp_fastq; 925 926 /* 927 * Do IP Header compression 928 */ 929 if (sp->pp_mode != IFF_CISCO && sp->pp_mode != PP_FR && 930 (sp->ipcp.flags & IPCP_VJ) && ip->ip_p == IPPROTO_TCP) 931 switch (sl_compress_tcp(m, ip, sp->pp_comp, 932 sp->ipcp.compress_cid)) { 933 case TYPE_COMPRESSED_TCP: 934 ipproto = PPP_VJ_COMP; 935 break; 936 case TYPE_UNCOMPRESSED_TCP: 937 ipproto = PPP_VJ_UCOMP; 938 break; 939 case TYPE_IP: 940 ipproto = PPP_IP; 941 break; 942 default: 943 m_freem(m); 944 SPPP_UNLOCK(sp); 945 splx(s); 946 return (EINVAL); 947 } 948 } 949#endif 950 951#ifdef INET6 952 if (dst->sa_family == AF_INET6) { 953 /* XXX do something tricky here? */ 954 } 955#endif 956 957 if (sp->pp_mode == PP_FR) { 958 /* Add frame relay header. */ 959 m = sppp_fr_header (sp, m, dst->sa_family); 960 if (! m) 961 goto nobufs; 962 goto out; 963 } 964 965 /* 966 * Prepend general data packet PPP header. For now, IP only. 967 */ 968 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 969 if (! m) { 970nobufs: if (debug) 971 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 972 SPP_ARGS(ifp)); 973 ++ifp->if_oerrors; 974 SPPP_UNLOCK(sp); 975 splx (s); 976 return (ENOBUFS); 977 } 978 /* 979 * May want to check size of packet 980 * (albeit due to the implementation it's always enough) 981 */ 982 h = mtod (m, struct ppp_header*); 983 if (sp->pp_mode == IFF_CISCO) { 984 h->address = CISCO_UNICAST; /* unicast address */ 985 h->control = 0; 986 } else { 987 h->address = PPP_ALLSTATIONS; /* broadcast address */ 988 h->control = PPP_UI; /* Unnumbered Info */ 989 } 990 991 switch (dst->sa_family) { 992#ifdef INET 993 case AF_INET: /* Internet Protocol */ 994 if (sp->pp_mode == IFF_CISCO) 995 h->protocol = htons (ETHERTYPE_IP); 996 else { 997 /* 998 * Don't choke with an ENETDOWN early. It's 999 * possible that we just started dialing out, 1000 * so don't drop the packet immediately. If 1001 * we notice that we run out of buffer space 1002 * below, we will however remember that we are 1003 * not ready to carry IP packets, and return 1004 * ENETDOWN, as opposed to ENOBUFS. 1005 */ 1006 h->protocol = htons(ipproto); 1007 if (sp->state[IDX_IPCP] != STATE_OPENED) 1008 rv = ENETDOWN; 1009 } 1010 break; 1011#endif 1012#ifdef INET6 1013 case AF_INET6: /* Internet Protocol */ 1014 if (sp->pp_mode == IFF_CISCO) 1015 h->protocol = htons (ETHERTYPE_IPV6); 1016 else { 1017 /* 1018 * Don't choke with an ENETDOWN early. It's 1019 * possible that we just started dialing out, 1020 * so don't drop the packet immediately. If 1021 * we notice that we run out of buffer space 1022 * below, we will however remember that we are 1023 * not ready to carry IP packets, and return 1024 * ENETDOWN, as opposed to ENOBUFS. 1025 */ 1026 h->protocol = htons(PPP_IPV6); 1027 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 1028 rv = ENETDOWN; 1029 } 1030 break; 1031#endif 1032#ifdef IPX 1033 case AF_IPX: /* Novell IPX Protocol */ 1034 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 1035 ETHERTYPE_IPX : PPP_IPX); 1036 break; 1037#endif 1038 default: 1039 m_freem (m); 1040 ++ifp->if_oerrors; 1041 SPPP_UNLOCK(sp); 1042 splx (s); 1043 return (EAFNOSUPPORT); 1044 } 1045 1046 /* 1047 * Queue message on interface, and start output if interface 1048 * not yet active. 1049 */ 1050out: 1051 if (ifq != NULL) 1052 error = !(IF_HANDOFF_ADJ(ifq, m, ifp, 3)); 1053 else 1054 IFQ_HANDOFF_ADJ(ifp, m, 3, error); 1055 if (error) { 1056 ++ifp->if_oerrors; 1057 SPPP_UNLOCK(sp); 1058 splx (s); 1059 return (rv? rv: ENOBUFS); 1060 } 1061 SPPP_UNLOCK(sp); 1062 splx (s); 1063 /* 1064 * Unlike in sppp_input(), we can always bump the timestamp 1065 * here since sppp_output() is only called on behalf of 1066 * network-layer traffic; control-layer traffic is handled 1067 * by sppp_cp_send(). 1068 */ 1069 sp->pp_last_sent = time_uptime; 1070 return (0); 1071} 1072 1073void 1074sppp_attach(struct ifnet *ifp) 1075{ 1076 struct sppp *sp = IFP2SP(ifp); 1077 1078 /* Initialize mtx lock */ 1079 mtx_init(&sp->mtx, "sppp", MTX_NETWORK_LOCK, MTX_DEF | MTX_RECURSE); 1080 1081 /* Initialize keepalive handler. */ 1082 callout_init(&sp->keepalive_callout, 1083 (ifp->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 1084 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 1085 (void *)sp); 1086 1087 ifp->if_mtu = PP_MTU; 1088 ifp->if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 1089 ifp->if_output = sppp_output; 1090#if 0 1091 sp->pp_flags = PP_KEEPALIVE; 1092#endif 1093 ifp->if_snd.ifq_maxlen = 32; 1094 sp->pp_fastq.ifq_maxlen = 32; 1095 sp->pp_cpq.ifq_maxlen = 20; 1096 sp->pp_loopcnt = 0; 1097 sp->pp_alivecnt = 0; 1098 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 1099 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 1100 sp->pp_phase = PHASE_DEAD; 1101 sp->pp_up = sppp_pp_up; 1102 sp->pp_down = sppp_pp_down; 1103 if(!mtx_initialized(&sp->pp_cpq.ifq_mtx)) 1104 mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", NULL, MTX_DEF); 1105 if(!mtx_initialized(&sp->pp_fastq.ifq_mtx)) 1106 mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", NULL, MTX_DEF); 1107 sp->pp_last_recv = sp->pp_last_sent = time_uptime; 1108 sp->confflags = 0; 1109#ifdef INET 1110 sp->confflags |= CONF_ENABLE_VJ; 1111#endif 1112#ifdef INET6 1113 sp->confflags |= CONF_ENABLE_IPV6; 1114#endif 1115 callout_init(&sp->ifstart_callout, 1116 (ifp->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 1117 sp->if_start = ifp->if_start; 1118 ifp->if_start = sppp_ifstart; 1119 sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAITOK); 1120 sl_compress_init(sp->pp_comp, -1); 1121 sppp_lcp_init(sp); 1122 sppp_ipcp_init(sp); 1123 sppp_ipv6cp_init(sp); 1124 sppp_pap_init(sp); 1125 sppp_chap_init(sp); 1126} 1127 1128void 1129sppp_detach(struct ifnet *ifp) 1130{ 1131 struct sppp *sp = IFP2SP(ifp); 1132 int i; 1133 1134 KASSERT(mtx_initialized(&sp->mtx), ("sppp mutex is not initialized")); 1135 1136 /* Stop keepalive handler. */ 1137 if (!callout_drain(&sp->keepalive_callout)) 1138 callout_stop(&sp->keepalive_callout); 1139 1140 for (i = 0; i < IDX_COUNT; i++) { 1141 if (!callout_drain(&sp->ch[i])) 1142 callout_stop(&sp->ch[i]); 1143 } 1144 if (!callout_drain(&sp->pap_my_to_ch)) 1145 callout_stop(&sp->pap_my_to_ch); 1146 mtx_destroy(&sp->pp_cpq.ifq_mtx); 1147 mtx_destroy(&sp->pp_fastq.ifq_mtx); 1148 mtx_destroy(&sp->mtx); 1149} 1150 1151/* 1152 * Flush the interface output queue. 1153 */ 1154static void 1155sppp_flush_unlocked(struct ifnet *ifp) 1156{ 1157 struct sppp *sp = IFP2SP(ifp); 1158 1159 sppp_qflush ((struct ifqueue *)&SP2IFP(sp)->if_snd); 1160 sppp_qflush (&sp->pp_fastq); 1161 sppp_qflush (&sp->pp_cpq); 1162} 1163 1164void 1165sppp_flush(struct ifnet *ifp) 1166{ 1167 struct sppp *sp = IFP2SP(ifp); 1168 1169 SPPP_LOCK(sp); 1170 sppp_flush_unlocked (ifp); 1171 SPPP_UNLOCK(sp); 1172} 1173 1174/* 1175 * Check if the output queue is empty. 1176 */ 1177int 1178sppp_isempty(struct ifnet *ifp) 1179{ 1180 struct sppp *sp = IFP2SP(ifp); 1181 int empty, s; 1182 1183 s = splimp(); 1184 SPPP_LOCK(sp); 1185 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 1186 !SP2IFP(sp)->if_snd.ifq_head; 1187 SPPP_UNLOCK(sp); 1188 splx(s); 1189 return (empty); 1190} 1191 1192/* 1193 * Get next packet to send. 1194 */ 1195struct mbuf * 1196sppp_dequeue(struct ifnet *ifp) 1197{ 1198 struct sppp *sp = IFP2SP(ifp); 1199 struct mbuf *m; 1200 int s; 1201 1202 s = splimp(); 1203 SPPP_LOCK(sp); 1204 /* 1205 * Process only the control protocol queue until we have at 1206 * least one NCP open. 1207 * 1208 * Do always serve all three queues in Cisco mode. 1209 */ 1210 IF_DEQUEUE(&sp->pp_cpq, m); 1211 if (m == NULL && 1212 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO || 1213 sp->pp_mode == PP_FR)) { 1214 IF_DEQUEUE(&sp->pp_fastq, m); 1215 if (m == NULL) 1216 IF_DEQUEUE (&SP2IFP(sp)->if_snd, m); 1217 } 1218 SPPP_UNLOCK(sp); 1219 splx(s); 1220 return m; 1221} 1222 1223/* 1224 * Pick the next packet, do not remove it from the queue. 1225 */ 1226struct mbuf * 1227sppp_pick(struct ifnet *ifp) 1228{ 1229 struct sppp *sp = IFP2SP(ifp); 1230 struct mbuf *m; 1231 int s; 1232 1233 s = splimp (); 1234 SPPP_LOCK(sp); 1235 1236 m = sp->pp_cpq.ifq_head; 1237 if (m == NULL && 1238 (sp->pp_phase == PHASE_NETWORK || 1239 sp->pp_mode == IFF_CISCO || 1240 sp->pp_mode == PP_FR)) 1241 if ((m = sp->pp_fastq.ifq_head) == NULL) 1242 m = SP2IFP(sp)->if_snd.ifq_head; 1243 SPPP_UNLOCK(sp); 1244 splx (s); 1245 return (m); 1246} 1247 1248/* 1249 * Process an ioctl request. Called on low priority level. 1250 */ 1251int 1252sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1253{ 1254 struct ifreq *ifr = (struct ifreq*) data; 1255 struct sppp *sp = IFP2SP(ifp); 1256 int s, rv, going_up, going_down, newmode; 1257 1258 s = splimp(); 1259 SPPP_LOCK(sp); 1260 rv = 0; 1261 switch (cmd) { 1262 case SIOCAIFADDR: 1263 case SIOCSIFDSTADDR: 1264 break; 1265 1266 case SIOCSIFADDR: 1267 /* set the interface "up" when assigning an IP address */ 1268 ifp->if_flags |= IFF_UP; 1269 /* FALLTHROUGH */ 1270 1271 case SIOCSIFFLAGS: 1272 going_up = ifp->if_flags & IFF_UP && 1273 (ifp->if_drv_flags & IFF_DRV_RUNNING) == 0; 1274 going_down = (ifp->if_flags & IFF_UP) == 0 && 1275 ifp->if_drv_flags & IFF_DRV_RUNNING; 1276 1277 newmode = ifp->if_flags & IFF_PASSIVE; 1278 if (!newmode) 1279 newmode = ifp->if_flags & IFF_AUTO; 1280 if (!newmode) 1281 newmode = ifp->if_flags & IFF_CISCO; 1282 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1283 ifp->if_flags |= newmode; 1284 1285 if (!newmode) 1286 newmode = sp->pp_flags & PP_FR; 1287 1288 if (newmode != sp->pp_mode) { 1289 going_down = 1; 1290 if (!going_up) 1291 going_up = ifp->if_drv_flags & IFF_DRV_RUNNING; 1292 } 1293 1294 if (going_down) { 1295 if (sp->pp_mode != IFF_CISCO && 1296 sp->pp_mode != PP_FR) 1297 lcp.Close(sp); 1298 else if (sp->pp_tlf) 1299 (sp->pp_tlf)(sp); 1300 sppp_flush_unlocked(ifp); 1301 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1302 sp->pp_mode = newmode; 1303 } 1304 1305 if (going_up) { 1306 if (sp->pp_mode != IFF_CISCO && 1307 sp->pp_mode != PP_FR) 1308 lcp.Close(sp); 1309 sp->pp_mode = newmode; 1310 if (sp->pp_mode == 0) { 1311 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1312 lcp.Open(sp); 1313 } 1314 if ((sp->pp_mode == IFF_CISCO) || 1315 (sp->pp_mode == PP_FR)) { 1316 if (sp->pp_tls) 1317 (sp->pp_tls)(sp); 1318 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1319 } 1320 } 1321 1322 break; 1323 1324#ifdef SIOCSIFMTU 1325#ifndef ifr_mtu 1326#define ifr_mtu ifr_metric 1327#endif 1328 case SIOCSIFMTU: 1329 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1330 return (EINVAL); 1331 ifp->if_mtu = ifr->ifr_mtu; 1332 break; 1333#endif 1334#ifdef SLIOCSETMTU 1335 case SLIOCSETMTU: 1336 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1337 return (EINVAL); 1338 ifp->if_mtu = *(short*)data; 1339 break; 1340#endif 1341#ifdef SIOCGIFMTU 1342 case SIOCGIFMTU: 1343 ifr->ifr_mtu = ifp->if_mtu; 1344 break; 1345#endif 1346#ifdef SLIOCGETMTU 1347 case SLIOCGETMTU: 1348 *(short*)data = ifp->if_mtu; 1349 break; 1350#endif 1351 case SIOCADDMULTI: 1352 case SIOCDELMULTI: 1353 break; 1354 1355 case SIOCGIFGENERIC: 1356 case SIOCSIFGENERIC: 1357 rv = sppp_params(sp, cmd, data); 1358 break; 1359 1360 default: 1361 rv = ENOTTY; 1362 } 1363 SPPP_UNLOCK(sp); 1364 splx(s); 1365 return rv; 1366} 1367 1368/* 1369 * Cisco framing implementation. 1370 */ 1371 1372/* 1373 * Handle incoming Cisco keepalive protocol packets. 1374 */ 1375static void 1376sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1377{ 1378 STDDCL; 1379 struct cisco_packet *h; 1380 u_long me, mymask; 1381 1382 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1383 if (debug) 1384 log(LOG_DEBUG, 1385 SPP_FMT "cisco invalid packet length: %d bytes\n", 1386 SPP_ARGS(ifp), m->m_pkthdr.len); 1387 return; 1388 } 1389 h = mtod (m, struct cisco_packet*); 1390 if (debug) 1391 log(LOG_DEBUG, 1392 SPP_FMT "cisco input: %d bytes " 1393 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1394 SPP_ARGS(ifp), m->m_pkthdr.len, 1395 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1396 (u_int)h->time0, (u_int)h->time1); 1397 switch (ntohl (h->type)) { 1398 default: 1399 if (debug) 1400 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1401 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1402 break; 1403 case CISCO_ADDR_REPLY: 1404 /* Reply on address request, ignore */ 1405 break; 1406 case CISCO_KEEPALIVE_REQ: 1407 sp->pp_alivecnt = 0; 1408 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1409 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1410 /* Local and remote sequence numbers are equal. 1411 * Probably, the line is in loopback mode. */ 1412 if (sp->pp_loopcnt >= MAXALIVECNT) { 1413 printf (SPP_FMT "loopback\n", 1414 SPP_ARGS(ifp)); 1415 sp->pp_loopcnt = 0; 1416 if (ifp->if_flags & IFF_UP) { 1417 if_down (ifp); 1418 sppp_qflush (&sp->pp_cpq); 1419 } 1420 } 1421 ++sp->pp_loopcnt; 1422 1423 /* Generate new local sequence number */ 1424#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1425 sp->pp_seq[IDX_LCP] = random(); 1426#else 1427 sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec; 1428#endif 1429 break; 1430 } 1431 sp->pp_loopcnt = 0; 1432 if (! (ifp->if_flags & IFF_UP) && 1433 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 1434 if_up(ifp); 1435 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1436 } 1437 break; 1438 case CISCO_ADDR_REQ: 1439 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1440 if (me != 0L) 1441 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1442 break; 1443 } 1444} 1445 1446/* 1447 * Send Cisco keepalive packet. 1448 */ 1449static void 1450sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1451{ 1452 STDDCL; 1453 struct ppp_header *h; 1454 struct cisco_packet *ch; 1455 struct mbuf *m; 1456 struct timeval tv; 1457 1458 getmicrouptime(&tv); 1459 1460 MGETHDR (m, M_DONTWAIT, MT_DATA); 1461 if (! m) 1462 return; 1463 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1464 m->m_pkthdr.rcvif = 0; 1465 1466 h = mtod (m, struct ppp_header*); 1467 h->address = CISCO_MULTICAST; 1468 h->control = 0; 1469 h->protocol = htons (CISCO_KEEPALIVE); 1470 1471 ch = (struct cisco_packet*) (h + 1); 1472 ch->type = htonl (type); 1473 ch->par1 = htonl (par1); 1474 ch->par2 = htonl (par2); 1475 ch->rel = -1; 1476 1477 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1478 ch->time1 = htons ((u_short) tv.tv_sec); 1479 1480 if (debug) 1481 log(LOG_DEBUG, 1482 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1483 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1484 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1485 1486 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1487 ifp->if_oerrors++; 1488} 1489 1490/* 1491 * PPP protocol implementation. 1492 */ 1493 1494/* 1495 * Send PPP control protocol packet. 1496 */ 1497static void 1498sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1499 u_char ident, u_short len, void *data) 1500{ 1501 STDDCL; 1502 struct ppp_header *h; 1503 struct lcp_header *lh; 1504 struct mbuf *m; 1505 1506 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1507 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1508 MGETHDR (m, M_DONTWAIT, MT_DATA); 1509 if (! m) 1510 return; 1511 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1512 m->m_pkthdr.rcvif = 0; 1513 1514 h = mtod (m, struct ppp_header*); 1515 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1516 h->control = PPP_UI; /* Unnumbered Info */ 1517 h->protocol = htons (proto); /* Link Control Protocol */ 1518 1519 lh = (struct lcp_header*) (h + 1); 1520 lh->type = type; 1521 lh->ident = ident; 1522 lh->len = htons (LCP_HEADER_LEN + len); 1523 if (len) 1524 bcopy (data, lh+1, len); 1525 1526 if (debug) { 1527 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1528 SPP_ARGS(ifp), 1529 sppp_proto_name(proto), 1530 sppp_cp_type_name (lh->type), lh->ident, 1531 ntohs (lh->len)); 1532 sppp_print_bytes ((u_char*) (lh+1), len); 1533 log(-1, ">\n"); 1534 } 1535 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1536 ifp->if_oerrors++; 1537} 1538 1539/* 1540 * Handle incoming PPP control protocol packets. 1541 */ 1542static void 1543sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1544{ 1545 STDDCL; 1546 struct lcp_header *h; 1547 int len = m->m_pkthdr.len; 1548 int rv; 1549 u_char *p; 1550 1551 if (len < 4) { 1552 if (debug) 1553 log(LOG_DEBUG, 1554 SPP_FMT "%s invalid packet length: %d bytes\n", 1555 SPP_ARGS(ifp), cp->name, len); 1556 return; 1557 } 1558 h = mtod (m, struct lcp_header*); 1559 if (debug) { 1560 log(LOG_DEBUG, 1561 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1562 SPP_ARGS(ifp), cp->name, 1563 sppp_state_name(sp->state[cp->protoidx]), 1564 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1565 sppp_print_bytes ((u_char*) (h+1), len-4); 1566 log(-1, ">\n"); 1567 } 1568 if (len > ntohs (h->len)) 1569 len = ntohs (h->len); 1570 p = (u_char *)(h + 1); 1571 switch (h->type) { 1572 case CONF_REQ: 1573 if (len < 4) { 1574 if (debug) 1575 log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1576 SPP_ARGS(ifp), cp->name, 1577 len); 1578 ++ifp->if_ierrors; 1579 break; 1580 } 1581 /* handle states where RCR doesn't get a SCA/SCN */ 1582 switch (sp->state[cp->protoidx]) { 1583 case STATE_CLOSING: 1584 case STATE_STOPPING: 1585 return; 1586 case STATE_CLOSED: 1587 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1588 0, 0); 1589 return; 1590 } 1591 rv = (cp->RCR)(sp, h, len); 1592 switch (sp->state[cp->protoidx]) { 1593 case STATE_OPENED: 1594 (cp->tld)(sp); 1595 (cp->scr)(sp); 1596 /* FALLTHROUGH */ 1597 case STATE_ACK_SENT: 1598 case STATE_REQ_SENT: 1599 /* 1600 * sppp_cp_change_state() have the side effect of 1601 * restarting the timeouts. We want to avoid that 1602 * if the state don't change, otherwise we won't 1603 * ever timeout and resend a configuration request 1604 * that got lost. 1605 */ 1606 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1607 STATE_REQ_SENT)) 1608 break; 1609 sppp_cp_change_state(cp, sp, rv? 1610 STATE_ACK_SENT: STATE_REQ_SENT); 1611 break; 1612 case STATE_STOPPED: 1613 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1614 (cp->scr)(sp); 1615 sppp_cp_change_state(cp, sp, rv? 1616 STATE_ACK_SENT: STATE_REQ_SENT); 1617 break; 1618 case STATE_ACK_RCVD: 1619 if (rv) { 1620 sppp_cp_change_state(cp, sp, STATE_OPENED); 1621 if (debug) 1622 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1623 SPP_ARGS(ifp), 1624 cp->name); 1625 (cp->tlu)(sp); 1626 } else 1627 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1628 break; 1629 default: 1630 printf(SPP_FMT "%s illegal %s in state %s\n", 1631 SPP_ARGS(ifp), cp->name, 1632 sppp_cp_type_name(h->type), 1633 sppp_state_name(sp->state[cp->protoidx])); 1634 ++ifp->if_ierrors; 1635 } 1636 break; 1637 case CONF_ACK: 1638 if (h->ident != sp->confid[cp->protoidx]) { 1639 if (debug) 1640 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1641 SPP_ARGS(ifp), cp->name, 1642 h->ident, sp->confid[cp->protoidx]); 1643 ++ifp->if_ierrors; 1644 break; 1645 } 1646 switch (sp->state[cp->protoidx]) { 1647 case STATE_CLOSED: 1648 case STATE_STOPPED: 1649 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1650 break; 1651 case STATE_CLOSING: 1652 case STATE_STOPPING: 1653 break; 1654 case STATE_REQ_SENT: 1655 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1656 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1657 break; 1658 case STATE_OPENED: 1659 (cp->tld)(sp); 1660 /* FALLTHROUGH */ 1661 case STATE_ACK_RCVD: 1662 (cp->scr)(sp); 1663 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1664 break; 1665 case STATE_ACK_SENT: 1666 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1667 sppp_cp_change_state(cp, sp, STATE_OPENED); 1668 if (debug) 1669 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1670 SPP_ARGS(ifp), cp->name); 1671 (cp->tlu)(sp); 1672 break; 1673 default: 1674 printf(SPP_FMT "%s illegal %s in state %s\n", 1675 SPP_ARGS(ifp), cp->name, 1676 sppp_cp_type_name(h->type), 1677 sppp_state_name(sp->state[cp->protoidx])); 1678 ++ifp->if_ierrors; 1679 } 1680 break; 1681 case CONF_NAK: 1682 case CONF_REJ: 1683 if (h->ident != sp->confid[cp->protoidx]) { 1684 if (debug) 1685 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1686 SPP_ARGS(ifp), cp->name, 1687 h->ident, sp->confid[cp->protoidx]); 1688 ++ifp->if_ierrors; 1689 break; 1690 } 1691 if (h->type == CONF_NAK) 1692 (cp->RCN_nak)(sp, h, len); 1693 else /* CONF_REJ */ 1694 (cp->RCN_rej)(sp, h, len); 1695 1696 switch (sp->state[cp->protoidx]) { 1697 case STATE_CLOSED: 1698 case STATE_STOPPED: 1699 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1700 break; 1701 case STATE_REQ_SENT: 1702 case STATE_ACK_SENT: 1703 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1704 /* 1705 * Slow things down a bit if we think we might be 1706 * in loopback. Depend on the timeout to send the 1707 * next configuration request. 1708 */ 1709 if (sp->pp_loopcnt) 1710 break; 1711 (cp->scr)(sp); 1712 break; 1713 case STATE_OPENED: 1714 (cp->tld)(sp); 1715 /* FALLTHROUGH */ 1716 case STATE_ACK_RCVD: 1717 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1718 (cp->scr)(sp); 1719 break; 1720 case STATE_CLOSING: 1721 case STATE_STOPPING: 1722 break; 1723 default: 1724 printf(SPP_FMT "%s illegal %s in state %s\n", 1725 SPP_ARGS(ifp), cp->name, 1726 sppp_cp_type_name(h->type), 1727 sppp_state_name(sp->state[cp->protoidx])); 1728 ++ifp->if_ierrors; 1729 } 1730 break; 1731 1732 case TERM_REQ: 1733 switch (sp->state[cp->protoidx]) { 1734 case STATE_ACK_RCVD: 1735 case STATE_ACK_SENT: 1736 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1737 /* FALLTHROUGH */ 1738 case STATE_CLOSED: 1739 case STATE_STOPPED: 1740 case STATE_CLOSING: 1741 case STATE_STOPPING: 1742 case STATE_REQ_SENT: 1743 sta: 1744 /* Send Terminate-Ack packet. */ 1745 if (debug) 1746 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1747 SPP_ARGS(ifp), cp->name); 1748 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1749 break; 1750 case STATE_OPENED: 1751 (cp->tld)(sp); 1752 sp->rst_counter[cp->protoidx] = 0; 1753 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1754 goto sta; 1755 break; 1756 default: 1757 printf(SPP_FMT "%s illegal %s in state %s\n", 1758 SPP_ARGS(ifp), cp->name, 1759 sppp_cp_type_name(h->type), 1760 sppp_state_name(sp->state[cp->protoidx])); 1761 ++ifp->if_ierrors; 1762 } 1763 break; 1764 case TERM_ACK: 1765 switch (sp->state[cp->protoidx]) { 1766 case STATE_CLOSED: 1767 case STATE_STOPPED: 1768 case STATE_REQ_SENT: 1769 case STATE_ACK_SENT: 1770 break; 1771 case STATE_CLOSING: 1772 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1773 (cp->tlf)(sp); 1774 break; 1775 case STATE_STOPPING: 1776 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1777 (cp->tlf)(sp); 1778 break; 1779 case STATE_ACK_RCVD: 1780 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1781 break; 1782 case STATE_OPENED: 1783 (cp->tld)(sp); 1784 (cp->scr)(sp); 1785 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1786 break; 1787 default: 1788 printf(SPP_FMT "%s illegal %s in state %s\n", 1789 SPP_ARGS(ifp), cp->name, 1790 sppp_cp_type_name(h->type), 1791 sppp_state_name(sp->state[cp->protoidx])); 1792 ++ifp->if_ierrors; 1793 } 1794 break; 1795 case CODE_REJ: 1796 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1797 log(LOG_INFO, 1798 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1799 "danger will robinson\n", 1800 SPP_ARGS(ifp), cp->name, 1801 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1802 switch (sp->state[cp->protoidx]) { 1803 case STATE_CLOSED: 1804 case STATE_STOPPED: 1805 case STATE_REQ_SENT: 1806 case STATE_ACK_SENT: 1807 case STATE_CLOSING: 1808 case STATE_STOPPING: 1809 case STATE_OPENED: 1810 break; 1811 case STATE_ACK_RCVD: 1812 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1813 break; 1814 default: 1815 printf(SPP_FMT "%s illegal %s in state %s\n", 1816 SPP_ARGS(ifp), cp->name, 1817 sppp_cp_type_name(h->type), 1818 sppp_state_name(sp->state[cp->protoidx])); 1819 ++ifp->if_ierrors; 1820 } 1821 break; 1822 case PROTO_REJ: 1823 { 1824 int catastrophic; 1825 const struct cp *upper; 1826 int i; 1827 u_int16_t proto; 1828 1829 catastrophic = 0; 1830 upper = NULL; 1831 proto = ntohs(*((u_int16_t *)p)); 1832 for (i = 0; i < IDX_COUNT; i++) { 1833 if (cps[i]->proto == proto) { 1834 upper = cps[i]; 1835 break; 1836 } 1837 } 1838 if (upper == NULL) 1839 catastrophic++; 1840 1841 if (catastrophic || debug) 1842 log(catastrophic? LOG_INFO: LOG_DEBUG, 1843 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1844 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1845 sppp_cp_type_name(h->type), proto, 1846 upper ? upper->name : "unknown", 1847 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1848 1849 /* 1850 * if we got RXJ+ against conf-req, the peer does not implement 1851 * this particular protocol type. terminate the protocol. 1852 */ 1853 if (upper && !catastrophic) { 1854 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1855 upper->Close(sp); 1856 break; 1857 } 1858 } 1859 1860 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1861 switch (sp->state[cp->protoidx]) { 1862 case STATE_CLOSED: 1863 case STATE_STOPPED: 1864 case STATE_REQ_SENT: 1865 case STATE_ACK_SENT: 1866 case STATE_CLOSING: 1867 case STATE_STOPPING: 1868 case STATE_OPENED: 1869 break; 1870 case STATE_ACK_RCVD: 1871 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1872 break; 1873 default: 1874 printf(SPP_FMT "%s illegal %s in state %s\n", 1875 SPP_ARGS(ifp), cp->name, 1876 sppp_cp_type_name(h->type), 1877 sppp_state_name(sp->state[cp->protoidx])); 1878 ++ifp->if_ierrors; 1879 } 1880 break; 1881 } 1882 case DISC_REQ: 1883 if (cp->proto != PPP_LCP) 1884 goto illegal; 1885 /* Discard the packet. */ 1886 break; 1887 case ECHO_REQ: 1888 if (cp->proto != PPP_LCP) 1889 goto illegal; 1890 if (sp->state[cp->protoidx] != STATE_OPENED) { 1891 if (debug) 1892 log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1893 SPP_ARGS(ifp)); 1894 ++ifp->if_ierrors; 1895 break; 1896 } 1897 if (len < 8) { 1898 if (debug) 1899 log(-1, SPP_FMT "invalid lcp echo request " 1900 "packet length: %d bytes\n", 1901 SPP_ARGS(ifp), len); 1902 break; 1903 } 1904 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1905 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1906 /* Line loopback mode detected. */ 1907 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1908 sp->pp_loopcnt = MAXALIVECNT * 5; 1909 if_down (ifp); 1910 sppp_qflush (&sp->pp_cpq); 1911 1912 /* Shut down the PPP link. */ 1913 /* XXX */ 1914 lcp.Down(sp); 1915 lcp.Up(sp); 1916 break; 1917 } 1918 *(long*)(h+1) = htonl (sp->lcp.magic); 1919 if (debug) 1920 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1921 SPP_ARGS(ifp)); 1922 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1923 break; 1924 case ECHO_REPLY: 1925 if (cp->proto != PPP_LCP) 1926 goto illegal; 1927 if (h->ident != sp->lcp.echoid) { 1928 ++ifp->if_ierrors; 1929 break; 1930 } 1931 if (len < 8) { 1932 if (debug) 1933 log(-1, SPP_FMT "lcp invalid echo reply " 1934 "packet length: %d bytes\n", 1935 SPP_ARGS(ifp), len); 1936 break; 1937 } 1938 if (debug) 1939 log(-1, SPP_FMT "lcp got echo rep\n", 1940 SPP_ARGS(ifp)); 1941 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1942 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1943 sp->pp_alivecnt = 0; 1944 break; 1945 default: 1946 /* Unknown packet type -- send Code-Reject packet. */ 1947 illegal: 1948 if (debug) 1949 log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1950 SPP_ARGS(ifp), cp->name, h->type); 1951 sppp_cp_send(sp, cp->proto, CODE_REJ, 1952 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1953 ++ifp->if_ierrors; 1954 } 1955} 1956 1957 1958/* 1959 * The generic part of all Up/Down/Open/Close/TO event handlers. 1960 * Basically, the state transition handling in the automaton. 1961 */ 1962static void 1963sppp_up_event(const struct cp *cp, struct sppp *sp) 1964{ 1965 STDDCL; 1966 1967 if (debug) 1968 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1969 SPP_ARGS(ifp), cp->name, 1970 sppp_state_name(sp->state[cp->protoidx])); 1971 1972 switch (sp->state[cp->protoidx]) { 1973 case STATE_INITIAL: 1974 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1975 break; 1976 case STATE_STARTING: 1977 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1978 (cp->scr)(sp); 1979 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1980 break; 1981 default: 1982 printf(SPP_FMT "%s illegal up in state %s\n", 1983 SPP_ARGS(ifp), cp->name, 1984 sppp_state_name(sp->state[cp->protoidx])); 1985 } 1986} 1987 1988static void 1989sppp_down_event(const struct cp *cp, struct sppp *sp) 1990{ 1991 STDDCL; 1992 1993 if (debug) 1994 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1995 SPP_ARGS(ifp), cp->name, 1996 sppp_state_name(sp->state[cp->protoidx])); 1997 1998 switch (sp->state[cp->protoidx]) { 1999 case STATE_CLOSED: 2000 case STATE_CLOSING: 2001 sppp_cp_change_state(cp, sp, STATE_INITIAL); 2002 break; 2003 case STATE_STOPPED: 2004 sppp_cp_change_state(cp, sp, STATE_STARTING); 2005 (cp->tls)(sp); 2006 break; 2007 case STATE_STOPPING: 2008 case STATE_REQ_SENT: 2009 case STATE_ACK_RCVD: 2010 case STATE_ACK_SENT: 2011 sppp_cp_change_state(cp, sp, STATE_STARTING); 2012 break; 2013 case STATE_OPENED: 2014 (cp->tld)(sp); 2015 sppp_cp_change_state(cp, sp, STATE_STARTING); 2016 break; 2017 default: 2018 printf(SPP_FMT "%s illegal down in state %s\n", 2019 SPP_ARGS(ifp), cp->name, 2020 sppp_state_name(sp->state[cp->protoidx])); 2021 } 2022} 2023 2024 2025static void 2026sppp_open_event(const struct cp *cp, struct sppp *sp) 2027{ 2028 STDDCL; 2029 2030 if (debug) 2031 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 2032 SPP_ARGS(ifp), cp->name, 2033 sppp_state_name(sp->state[cp->protoidx])); 2034 2035 switch (sp->state[cp->protoidx]) { 2036 case STATE_INITIAL: 2037 sppp_cp_change_state(cp, sp, STATE_STARTING); 2038 (cp->tls)(sp); 2039 break; 2040 case STATE_STARTING: 2041 break; 2042 case STATE_CLOSED: 2043 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 2044 (cp->scr)(sp); 2045 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2046 break; 2047 case STATE_STOPPED: 2048 /* 2049 * Try escaping stopped state. This seems to bite 2050 * people occasionally, in particular for IPCP, 2051 * presumably following previous IPCP negotiation 2052 * aborts. Somehow, we must have missed a Down event 2053 * which would have caused a transition into starting 2054 * state, so as a bandaid we force the Down event now. 2055 * This effectively implements (something like the) 2056 * `restart' option mentioned in the state transition 2057 * table of RFC 1661. 2058 */ 2059 sppp_cp_change_state(cp, sp, STATE_STARTING); 2060 (cp->tls)(sp); 2061 break; 2062 case STATE_STOPPING: 2063 case STATE_REQ_SENT: 2064 case STATE_ACK_RCVD: 2065 case STATE_ACK_SENT: 2066 case STATE_OPENED: 2067 break; 2068 case STATE_CLOSING: 2069 sppp_cp_change_state(cp, sp, STATE_STOPPING); 2070 break; 2071 } 2072} 2073 2074 2075static void 2076sppp_close_event(const struct cp *cp, struct sppp *sp) 2077{ 2078 STDDCL; 2079 2080 if (debug) 2081 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 2082 SPP_ARGS(ifp), cp->name, 2083 sppp_state_name(sp->state[cp->protoidx])); 2084 2085 switch (sp->state[cp->protoidx]) { 2086 case STATE_INITIAL: 2087 case STATE_CLOSED: 2088 case STATE_CLOSING: 2089 break; 2090 case STATE_STARTING: 2091 sppp_cp_change_state(cp, sp, STATE_INITIAL); 2092 (cp->tlf)(sp); 2093 break; 2094 case STATE_STOPPED: 2095 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2096 break; 2097 case STATE_STOPPING: 2098 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2099 break; 2100 case STATE_OPENED: 2101 (cp->tld)(sp); 2102 /* FALLTHROUGH */ 2103 case STATE_REQ_SENT: 2104 case STATE_ACK_RCVD: 2105 case STATE_ACK_SENT: 2106 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 2107 sppp_cp_send(sp, cp->proto, TERM_REQ, 2108 ++sp->pp_seq[cp->protoidx], 0, 0); 2109 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2110 break; 2111 } 2112} 2113 2114static void 2115sppp_to_event(const struct cp *cp, struct sppp *sp) 2116{ 2117 STDDCL; 2118 int s; 2119 2120 s = splimp(); 2121 SPPP_LOCK(sp); 2122 if (debug) 2123 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 2124 SPP_ARGS(ifp), cp->name, 2125 sppp_state_name(sp->state[cp->protoidx]), 2126 sp->rst_counter[cp->protoidx]); 2127 2128 if (--sp->rst_counter[cp->protoidx] < 0) 2129 /* TO- event */ 2130 switch (sp->state[cp->protoidx]) { 2131 case STATE_CLOSING: 2132 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2133 (cp->tlf)(sp); 2134 break; 2135 case STATE_STOPPING: 2136 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2137 (cp->tlf)(sp); 2138 break; 2139 case STATE_REQ_SENT: 2140 case STATE_ACK_RCVD: 2141 case STATE_ACK_SENT: 2142 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2143 (cp->tlf)(sp); 2144 break; 2145 } 2146 else 2147 /* TO+ event */ 2148 switch (sp->state[cp->protoidx]) { 2149 case STATE_CLOSING: 2150 case STATE_STOPPING: 2151 sppp_cp_send(sp, cp->proto, TERM_REQ, 2152 ++sp->pp_seq[cp->protoidx], 0, 0); 2153 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2154 cp->TO, (void *)sp); 2155 break; 2156 case STATE_REQ_SENT: 2157 case STATE_ACK_RCVD: 2158 (cp->scr)(sp); 2159 /* sppp_cp_change_state() will restart the timer */ 2160 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2161 break; 2162 case STATE_ACK_SENT: 2163 (cp->scr)(sp); 2164 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2165 cp->TO, (void *)sp); 2166 break; 2167 } 2168 2169 SPPP_UNLOCK(sp); 2170 splx(s); 2171} 2172 2173/* 2174 * Change the state of a control protocol in the state automaton. 2175 * Takes care of starting/stopping the restart timer. 2176 */ 2177static void 2178sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2179{ 2180 sp->state[cp->protoidx] = newstate; 2181 2182 callout_stop (&sp->ch[cp->protoidx]); 2183 2184 switch (newstate) { 2185 case STATE_INITIAL: 2186 case STATE_STARTING: 2187 case STATE_CLOSED: 2188 case STATE_STOPPED: 2189 case STATE_OPENED: 2190 break; 2191 case STATE_CLOSING: 2192 case STATE_STOPPING: 2193 case STATE_REQ_SENT: 2194 case STATE_ACK_RCVD: 2195 case STATE_ACK_SENT: 2196 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2197 cp->TO, (void *)sp); 2198 break; 2199 } 2200} 2201 2202/* 2203 *--------------------------------------------------------------------------* 2204 * * 2205 * The LCP implementation. * 2206 * * 2207 *--------------------------------------------------------------------------* 2208 */ 2209static void 2210sppp_pp_up(struct sppp *sp) 2211{ 2212 SPPP_LOCK(sp); 2213 lcp.Up(sp); 2214 SPPP_UNLOCK(sp); 2215} 2216 2217static void 2218sppp_pp_down(struct sppp *sp) 2219{ 2220 SPPP_LOCK(sp); 2221 lcp.Down(sp); 2222 SPPP_UNLOCK(sp); 2223} 2224 2225static void 2226sppp_lcp_init(struct sppp *sp) 2227{ 2228 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2229 sp->lcp.magic = 0; 2230 sp->state[IDX_LCP] = STATE_INITIAL; 2231 sp->fail_counter[IDX_LCP] = 0; 2232 sp->pp_seq[IDX_LCP] = 0; 2233 sp->pp_rseq[IDX_LCP] = 0; 2234 sp->lcp.protos = 0; 2235 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2236 2237 /* Note that these values are relevant for all control protocols */ 2238 sp->lcp.timeout = 3 * hz; 2239 sp->lcp.max_terminate = 2; 2240 sp->lcp.max_configure = 10; 2241 sp->lcp.max_failure = 10; 2242 callout_init(&sp->ch[IDX_LCP], 2243 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 2244} 2245 2246static void 2247sppp_lcp_up(struct sppp *sp) 2248{ 2249 STDDCL; 2250 2251 sp->pp_alivecnt = 0; 2252 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2253 sp->lcp.magic = 0; 2254 sp->lcp.protos = 0; 2255 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2256 /* 2257 * If we are authenticator, negotiate LCP_AUTH 2258 */ 2259 if (sp->hisauth.proto != 0) 2260 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2261 else 2262 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2263 sp->pp_flags &= ~PP_NEEDAUTH; 2264 /* 2265 * If this interface is passive or dial-on-demand, and we are 2266 * still in Initial state, it means we've got an incoming 2267 * call. Activate the interface. 2268 */ 2269 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2270 if (debug) 2271 log(LOG_DEBUG, 2272 SPP_FMT "Up event", SPP_ARGS(ifp)); 2273 ifp->if_drv_flags |= IFF_DRV_RUNNING; 2274 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2275 if (debug) 2276 log(-1, "(incoming call)\n"); 2277 sp->pp_flags |= PP_CALLIN; 2278 lcp.Open(sp); 2279 } else if (debug) 2280 log(-1, "\n"); 2281 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2282 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2283 ifp->if_drv_flags |= IFF_DRV_RUNNING; 2284 lcp.Open(sp); 2285 } 2286 2287 sppp_up_event(&lcp, sp); 2288} 2289 2290static void 2291sppp_lcp_down(struct sppp *sp) 2292{ 2293 STDDCL; 2294 2295 sppp_down_event(&lcp, sp); 2296 2297 /* 2298 * If this is neither a dial-on-demand nor a passive 2299 * interface, simulate an ``ifconfig down'' action, so the 2300 * administrator can force a redial by another ``ifconfig 2301 * up''. XXX For leased line operation, should we immediately 2302 * try to reopen the connection here? 2303 */ 2304 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2305 log(LOG_INFO, 2306 SPP_FMT "Down event, taking interface down.\n", 2307 SPP_ARGS(ifp)); 2308 if_down(ifp); 2309 } else { 2310 if (debug) 2311 log(LOG_DEBUG, 2312 SPP_FMT "Down event (carrier loss)\n", 2313 SPP_ARGS(ifp)); 2314 sp->pp_flags &= ~PP_CALLIN; 2315 if (sp->state[IDX_LCP] != STATE_INITIAL) 2316 lcp.Close(sp); 2317 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 2318 } 2319} 2320 2321static void 2322sppp_lcp_open(struct sppp *sp) 2323{ 2324 sppp_open_event(&lcp, sp); 2325} 2326 2327static void 2328sppp_lcp_close(struct sppp *sp) 2329{ 2330 sppp_close_event(&lcp, sp); 2331} 2332 2333static void 2334sppp_lcp_TO(void *cookie) 2335{ 2336 sppp_to_event(&lcp, (struct sppp *)cookie); 2337} 2338 2339/* 2340 * Analyze a configure request. Return true if it was agreeable, and 2341 * caused action sca, false if it has been rejected or nak'ed, and 2342 * caused action scn. (The return value is used to make the state 2343 * transition decision in the state automaton.) 2344 */ 2345static int 2346sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2347{ 2348 STDDCL; 2349 u_char *buf, *r, *p; 2350 int origlen, rlen; 2351 u_long nmagic; 2352 u_short authproto; 2353 2354 len -= 4; 2355 origlen = len; 2356 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2357 if (! buf) 2358 return (0); 2359 2360 if (debug) 2361 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2362 SPP_ARGS(ifp)); 2363 2364 /* pass 1: check for things that need to be rejected */ 2365 p = (void*) (h+1); 2366 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2367 if (debug) 2368 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2369 switch (*p) { 2370 case LCP_OPT_MAGIC: 2371 /* Magic number. */ 2372 if (len >= 6 && p[1] == 6) 2373 continue; 2374 if (debug) 2375 log(-1, "[invalid] "); 2376 break; 2377 case LCP_OPT_ASYNC_MAP: 2378 /* Async control character map. */ 2379 if (len >= 6 && p[1] == 6) 2380 continue; 2381 if (debug) 2382 log(-1, "[invalid] "); 2383 break; 2384 case LCP_OPT_MRU: 2385 /* Maximum receive unit. */ 2386 if (len >= 4 && p[1] == 4) 2387 continue; 2388 if (debug) 2389 log(-1, "[invalid] "); 2390 break; 2391 case LCP_OPT_AUTH_PROTO: 2392 if (len < 4) { 2393 if (debug) 2394 log(-1, "[invalid] "); 2395 break; 2396 } 2397 authproto = (p[2] << 8) + p[3]; 2398 if (authproto == PPP_CHAP && p[1] != 5) { 2399 if (debug) 2400 log(-1, "[invalid chap len] "); 2401 break; 2402 } 2403 if (sp->myauth.proto == 0) { 2404 /* we are not configured to do auth */ 2405 if (debug) 2406 log(-1, "[not configured] "); 2407 break; 2408 } 2409 /* 2410 * Remote want us to authenticate, remember this, 2411 * so we stay in PHASE_AUTHENTICATE after LCP got 2412 * up. 2413 */ 2414 sp->pp_flags |= PP_NEEDAUTH; 2415 continue; 2416 default: 2417 /* Others not supported. */ 2418 if (debug) 2419 log(-1, "[rej] "); 2420 break; 2421 } 2422 /* Add the option to rejected list. */ 2423 bcopy (p, r, p[1]); 2424 r += p[1]; 2425 rlen += p[1]; 2426 } 2427 if (rlen) { 2428 if (debug) 2429 log(-1, " send conf-rej\n"); 2430 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2431 return 0; 2432 } else if (debug) 2433 log(-1, "\n"); 2434 2435 /* 2436 * pass 2: check for option values that are unacceptable and 2437 * thus require to be nak'ed. 2438 */ 2439 if (debug) 2440 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2441 SPP_ARGS(ifp)); 2442 2443 p = (void*) (h+1); 2444 len = origlen; 2445 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2446 if (debug) 2447 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2448 switch (*p) { 2449 case LCP_OPT_MAGIC: 2450 /* Magic number -- extract. */ 2451 nmagic = (u_long)p[2] << 24 | 2452 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2453 if (nmagic != sp->lcp.magic) { 2454 sp->pp_loopcnt = 0; 2455 if (debug) 2456 log(-1, "0x%lx ", nmagic); 2457 continue; 2458 } 2459 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2460 log(-1, "[glitch] "); 2461 ++sp->pp_loopcnt; 2462 /* 2463 * We negate our magic here, and NAK it. If 2464 * we see it later in an NAK packet, we 2465 * suggest a new one. 2466 */ 2467 nmagic = ~sp->lcp.magic; 2468 /* Gonna NAK it. */ 2469 p[2] = nmagic >> 24; 2470 p[3] = nmagic >> 16; 2471 p[4] = nmagic >> 8; 2472 p[5] = nmagic; 2473 break; 2474 2475 case LCP_OPT_ASYNC_MAP: 2476 /* 2477 * Async control character map -- just ignore it. 2478 * 2479 * Quote from RFC 1662, chapter 6: 2480 * To enable this functionality, synchronous PPP 2481 * implementations MUST always respond to the 2482 * Async-Control-Character-Map Configuration 2483 * Option with the LCP Configure-Ack. However, 2484 * acceptance of the Configuration Option does 2485 * not imply that the synchronous implementation 2486 * will do any ACCM mapping. Instead, all such 2487 * octet mapping will be performed by the 2488 * asynchronous-to-synchronous converter. 2489 */ 2490 continue; 2491 2492 case LCP_OPT_MRU: 2493 /* 2494 * Maximum receive unit. Always agreeable, 2495 * but ignored by now. 2496 */ 2497 sp->lcp.their_mru = p[2] * 256 + p[3]; 2498 if (debug) 2499 log(-1, "%lu ", sp->lcp.their_mru); 2500 continue; 2501 2502 case LCP_OPT_AUTH_PROTO: 2503 authproto = (p[2] << 8) + p[3]; 2504 if (sp->myauth.proto != authproto) { 2505 /* not agreed, nak */ 2506 if (debug) 2507 log(-1, "[mine %s != his %s] ", 2508 sppp_proto_name(sp->hisauth.proto), 2509 sppp_proto_name(authproto)); 2510 p[2] = sp->myauth.proto >> 8; 2511 p[3] = sp->myauth.proto; 2512 break; 2513 } 2514 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2515 if (debug) 2516 log(-1, "[chap not MD5] "); 2517 p[4] = CHAP_MD5; 2518 break; 2519 } 2520 continue; 2521 } 2522 /* Add the option to nak'ed list. */ 2523 bcopy (p, r, p[1]); 2524 r += p[1]; 2525 rlen += p[1]; 2526 } 2527 if (rlen) { 2528 /* 2529 * Local and remote magics equal -- loopback? 2530 */ 2531 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2532 if (sp->pp_loopcnt == MAXALIVECNT*5) 2533 printf (SPP_FMT "loopback\n", 2534 SPP_ARGS(ifp)); 2535 if (ifp->if_flags & IFF_UP) { 2536 if_down(ifp); 2537 sppp_qflush(&sp->pp_cpq); 2538 /* XXX ? */ 2539 lcp.Down(sp); 2540 lcp.Up(sp); 2541 } 2542 } else if (!sp->pp_loopcnt && 2543 ++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2544 if (debug) 2545 log(-1, " max_failure (%d) exceeded, " 2546 "send conf-rej\n", 2547 sp->lcp.max_failure); 2548 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2549 } else { 2550 if (debug) 2551 log(-1, " send conf-nak\n"); 2552 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2553 } 2554 } else { 2555 if (debug) 2556 log(-1, " send conf-ack\n"); 2557 sp->fail_counter[IDX_LCP] = 0; 2558 sp->pp_loopcnt = 0; 2559 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2560 h->ident, origlen, h+1); 2561 } 2562 2563 free (buf, M_TEMP); 2564 return (rlen == 0); 2565} 2566 2567/* 2568 * Analyze the LCP Configure-Reject option list, and adjust our 2569 * negotiation. 2570 */ 2571static void 2572sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2573{ 2574 STDDCL; 2575 u_char *buf, *p; 2576 2577 len -= 4; 2578 buf = malloc (len, M_TEMP, M_NOWAIT); 2579 if (!buf) 2580 return; 2581 2582 if (debug) 2583 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2584 SPP_ARGS(ifp)); 2585 2586 p = (void*) (h+1); 2587 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2588 if (debug) 2589 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2590 switch (*p) { 2591 case LCP_OPT_MAGIC: 2592 /* Magic number -- can't use it, use 0 */ 2593 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2594 sp->lcp.magic = 0; 2595 break; 2596 case LCP_OPT_MRU: 2597 /* 2598 * Should not be rejected anyway, since we only 2599 * negotiate a MRU if explicitly requested by 2600 * peer. 2601 */ 2602 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2603 break; 2604 case LCP_OPT_AUTH_PROTO: 2605 /* 2606 * Peer doesn't want to authenticate himself, 2607 * deny unless this is a dialout call, and 2608 * AUTHFLAG_NOCALLOUT is set. 2609 */ 2610 if ((sp->pp_flags & PP_CALLIN) == 0 && 2611 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2612 if (debug) 2613 log(-1, "[don't insist on auth " 2614 "for callout]"); 2615 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2616 break; 2617 } 2618 if (debug) 2619 log(-1, "[access denied]\n"); 2620 lcp.Close(sp); 2621 break; 2622 } 2623 } 2624 if (debug) 2625 log(-1, "\n"); 2626 free (buf, M_TEMP); 2627 return; 2628} 2629 2630/* 2631 * Analyze the LCP Configure-NAK option list, and adjust our 2632 * negotiation. 2633 */ 2634static void 2635sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2636{ 2637 STDDCL; 2638 u_char *buf, *p; 2639 u_long magic; 2640 2641 len -= 4; 2642 buf = malloc (len, M_TEMP, M_NOWAIT); 2643 if (!buf) 2644 return; 2645 2646 if (debug) 2647 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2648 SPP_ARGS(ifp)); 2649 2650 p = (void*) (h+1); 2651 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2652 if (debug) 2653 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2654 switch (*p) { 2655 case LCP_OPT_MAGIC: 2656 /* Magic number -- renegotiate */ 2657 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2658 len >= 6 && p[1] == 6) { 2659 magic = (u_long)p[2] << 24 | 2660 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2661 /* 2662 * If the remote magic is our negated one, 2663 * this looks like a loopback problem. 2664 * Suggest a new magic to make sure. 2665 */ 2666 if (magic == ~sp->lcp.magic) { 2667 if (debug) 2668 log(-1, "magic glitch "); 2669#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2670 sp->lcp.magic = random(); 2671#else 2672 sp->lcp.magic = time.tv_sec + time.tv_usec; 2673#endif 2674 } else { 2675 sp->lcp.magic = magic; 2676 if (debug) 2677 log(-1, "%lu ", magic); 2678 } 2679 } 2680 break; 2681 case LCP_OPT_MRU: 2682 /* 2683 * Peer wants to advise us to negotiate an MRU. 2684 * Agree on it if it's reasonable, or use 2685 * default otherwise. 2686 */ 2687 if (len >= 4 && p[1] == 4) { 2688 u_int mru = p[2] * 256 + p[3]; 2689 if (debug) 2690 log(-1, "%d ", mru); 2691 if (mru < PP_MTU || mru > PP_MAX_MRU) 2692 mru = PP_MTU; 2693 sp->lcp.mru = mru; 2694 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2695 } 2696 break; 2697 case LCP_OPT_AUTH_PROTO: 2698 /* 2699 * Peer doesn't like our authentication method, 2700 * deny. 2701 */ 2702 if (debug) 2703 log(-1, "[access denied]\n"); 2704 lcp.Close(sp); 2705 break; 2706 } 2707 } 2708 if (debug) 2709 log(-1, "\n"); 2710 free (buf, M_TEMP); 2711 return; 2712} 2713 2714static void 2715sppp_lcp_tlu(struct sppp *sp) 2716{ 2717 STDDCL; 2718 int i; 2719 u_long mask; 2720 2721 /* XXX ? */ 2722 if (! (ifp->if_flags & IFF_UP) && 2723 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 2724 /* Coming out of loopback mode. */ 2725 if_up(ifp); 2726 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2727 } 2728 2729 for (i = 0; i < IDX_COUNT; i++) 2730 if ((cps[i])->flags & CP_QUAL) 2731 (cps[i])->Open(sp); 2732 2733 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2734 (sp->pp_flags & PP_NEEDAUTH) != 0) 2735 sp->pp_phase = PHASE_AUTHENTICATE; 2736 else 2737 sp->pp_phase = PHASE_NETWORK; 2738 2739 if (debug) 2740 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2741 sppp_phase_name(sp->pp_phase)); 2742 2743 /* 2744 * Open all authentication protocols. This is even required 2745 * if we already proceeded to network phase, since it might be 2746 * that remote wants us to authenticate, so we might have to 2747 * send a PAP request. Undesired authentication protocols 2748 * don't do anything when they get an Open event. 2749 */ 2750 for (i = 0; i < IDX_COUNT; i++) 2751 if ((cps[i])->flags & CP_AUTH) 2752 (cps[i])->Open(sp); 2753 2754 if (sp->pp_phase == PHASE_NETWORK) { 2755 /* Notify all NCPs. */ 2756 for (i = 0; i < IDX_COUNT; i++) 2757 if (((cps[i])->flags & CP_NCP) && 2758 /* 2759 * XXX 2760 * Hack to administratively disable IPv6 if 2761 * not desired. Perhaps we should have another 2762 * flag for this, but right now, we can make 2763 * all struct cp's read/only. 2764 */ 2765 (cps[i] != &ipv6cp || 2766 (sp->confflags & CONF_ENABLE_IPV6))) 2767 (cps[i])->Open(sp); 2768 } 2769 2770 /* Send Up events to all started protos. */ 2771 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2772 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2773 (cps[i])->Up(sp); 2774 2775 /* notify low-level driver of state change */ 2776 if (sp->pp_chg) 2777 sp->pp_chg(sp, (int)sp->pp_phase); 2778 2779 if (sp->pp_phase == PHASE_NETWORK) 2780 /* if no NCP is starting, close down */ 2781 sppp_lcp_check_and_close(sp); 2782} 2783 2784static void 2785sppp_lcp_tld(struct sppp *sp) 2786{ 2787 STDDCL; 2788 int i; 2789 u_long mask; 2790 2791 sp->pp_phase = PHASE_TERMINATE; 2792 2793 if (debug) 2794 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2795 sppp_phase_name(sp->pp_phase)); 2796 2797 /* 2798 * Take upper layers down. We send the Down event first and 2799 * the Close second to prevent the upper layers from sending 2800 * ``a flurry of terminate-request packets'', as the RFC 2801 * describes it. 2802 */ 2803 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2804 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2805 (cps[i])->Down(sp); 2806 (cps[i])->Close(sp); 2807 } 2808} 2809 2810static void 2811sppp_lcp_tls(struct sppp *sp) 2812{ 2813 STDDCL; 2814 2815 sp->pp_phase = PHASE_ESTABLISH; 2816 2817 if (debug) 2818 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2819 sppp_phase_name(sp->pp_phase)); 2820 2821 /* Notify lower layer if desired. */ 2822 if (sp->pp_tls) 2823 (sp->pp_tls)(sp); 2824 else 2825 (sp->pp_up)(sp); 2826} 2827 2828static void 2829sppp_lcp_tlf(struct sppp *sp) 2830{ 2831 STDDCL; 2832 2833 sp->pp_phase = PHASE_DEAD; 2834 if (debug) 2835 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2836 sppp_phase_name(sp->pp_phase)); 2837 2838 /* Notify lower layer if desired. */ 2839 if (sp->pp_tlf) 2840 (sp->pp_tlf)(sp); 2841 else 2842 (sp->pp_down)(sp); 2843} 2844 2845static void 2846sppp_lcp_scr(struct sppp *sp) 2847{ 2848 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2849 int i = 0; 2850 u_short authproto; 2851 2852 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2853 if (! sp->lcp.magic) 2854#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2855 sp->lcp.magic = random(); 2856#else 2857 sp->lcp.magic = time.tv_sec + time.tv_usec; 2858#endif 2859 opt[i++] = LCP_OPT_MAGIC; 2860 opt[i++] = 6; 2861 opt[i++] = sp->lcp.magic >> 24; 2862 opt[i++] = sp->lcp.magic >> 16; 2863 opt[i++] = sp->lcp.magic >> 8; 2864 opt[i++] = sp->lcp.magic; 2865 } 2866 2867 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2868 opt[i++] = LCP_OPT_MRU; 2869 opt[i++] = 4; 2870 opt[i++] = sp->lcp.mru >> 8; 2871 opt[i++] = sp->lcp.mru; 2872 } 2873 2874 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2875 authproto = sp->hisauth.proto; 2876 opt[i++] = LCP_OPT_AUTH_PROTO; 2877 opt[i++] = authproto == PPP_CHAP? 5: 4; 2878 opt[i++] = authproto >> 8; 2879 opt[i++] = authproto; 2880 if (authproto == PPP_CHAP) 2881 opt[i++] = CHAP_MD5; 2882 } 2883 2884 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2885 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2886} 2887 2888/* 2889 * Check the open NCPs, return true if at least one NCP is open. 2890 */ 2891static int 2892sppp_ncp_check(struct sppp *sp) 2893{ 2894 int i, mask; 2895 2896 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2897 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2898 return 1; 2899 return 0; 2900} 2901 2902/* 2903 * Re-check the open NCPs and see if we should terminate the link. 2904 * Called by the NCPs during their tlf action handling. 2905 */ 2906static void 2907sppp_lcp_check_and_close(struct sppp *sp) 2908{ 2909 2910 if (sp->pp_phase < PHASE_NETWORK) 2911 /* don't bother, we are already going down */ 2912 return; 2913 2914 if (sppp_ncp_check(sp)) 2915 return; 2916 2917 lcp.Close(sp); 2918} 2919 2920/* 2921 *--------------------------------------------------------------------------* 2922 * * 2923 * The IPCP implementation. * 2924 * * 2925 *--------------------------------------------------------------------------* 2926 */ 2927 2928static void 2929sppp_ipcp_init(struct sppp *sp) 2930{ 2931 sp->ipcp.opts = 0; 2932 sp->ipcp.flags = 0; 2933 sp->state[IDX_IPCP] = STATE_INITIAL; 2934 sp->fail_counter[IDX_IPCP] = 0; 2935 sp->pp_seq[IDX_IPCP] = 0; 2936 sp->pp_rseq[IDX_IPCP] = 0; 2937 callout_init(&sp->ch[IDX_IPCP], 2938 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 2939} 2940 2941static void 2942sppp_ipcp_up(struct sppp *sp) 2943{ 2944 sppp_up_event(&ipcp, sp); 2945} 2946 2947static void 2948sppp_ipcp_down(struct sppp *sp) 2949{ 2950 sppp_down_event(&ipcp, sp); 2951} 2952 2953static void 2954sppp_ipcp_open(struct sppp *sp) 2955{ 2956 STDDCL; 2957 u_long myaddr, hisaddr; 2958 2959 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN | 2960 IPCP_MYADDR_DYN | IPCP_VJ); 2961 sp->ipcp.opts = 0; 2962 2963 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2964 /* 2965 * If we don't have his address, this probably means our 2966 * interface doesn't want to talk IP at all. (This could 2967 * be the case if somebody wants to speak only IPX, for 2968 * example.) Don't open IPCP in this case. 2969 */ 2970 if (hisaddr == 0L) { 2971 /* XXX this message should go away */ 2972 if (debug) 2973 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2974 SPP_ARGS(ifp)); 2975 return; 2976 } 2977 if (myaddr == 0L) { 2978 /* 2979 * I don't have an assigned address, so i need to 2980 * negotiate my address. 2981 */ 2982 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2983 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2984 } else 2985 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2986 if (sp->confflags & CONF_ENABLE_VJ) { 2987 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION); 2988 sp->ipcp.max_state = MAX_STATES - 1; 2989 sp->ipcp.compress_cid = 1; 2990 } 2991 sppp_open_event(&ipcp, sp); 2992} 2993 2994static void 2995sppp_ipcp_close(struct sppp *sp) 2996{ 2997 sppp_close_event(&ipcp, sp); 2998 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2999 /* 3000 * My address was dynamic, clear it again. 3001 */ 3002 sppp_set_ip_addr(sp, 0L); 3003} 3004 3005static void 3006sppp_ipcp_TO(void *cookie) 3007{ 3008 sppp_to_event(&ipcp, (struct sppp *)cookie); 3009} 3010 3011/* 3012 * Analyze a configure request. Return true if it was agreeable, and 3013 * caused action sca, false if it has been rejected or nak'ed, and 3014 * caused action scn. (The return value is used to make the state 3015 * transition decision in the state automaton.) 3016 */ 3017static int 3018sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3019{ 3020 u_char *buf, *r, *p; 3021 struct ifnet *ifp = SP2IFP(sp); 3022 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3023 u_long hisaddr, desiredaddr; 3024 int gotmyaddr = 0; 3025 int desiredcomp; 3026 3027 len -= 4; 3028 origlen = len; 3029 /* 3030 * Make sure to allocate a buf that can at least hold a 3031 * conf-nak with an `address' option. We might need it below. 3032 */ 3033 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3034 if (! buf) 3035 return (0); 3036 3037 /* pass 1: see if we can recognize them */ 3038 if (debug) 3039 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 3040 SPP_ARGS(ifp)); 3041 p = (void*) (h+1); 3042 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3043 if (debug) 3044 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3045 switch (*p) { 3046 case IPCP_OPT_COMPRESSION: 3047 if (!(sp->confflags & CONF_ENABLE_VJ)) { 3048 /* VJ compression administratively disabled */ 3049 if (debug) 3050 log(-1, "[locally disabled] "); 3051 break; 3052 } 3053 /* 3054 * In theory, we should only conf-rej an 3055 * option that is shorter than RFC 1618 3056 * requires (i.e. < 4), and should conf-nak 3057 * anything else that is not VJ. However, 3058 * since our algorithm always uses the 3059 * original option to NAK it with new values, 3060 * things would become more complicated. In 3061 * pratice, the only commonly implemented IP 3062 * compression option is VJ anyway, so the 3063 * difference is negligible. 3064 */ 3065 if (len >= 6 && p[1] == 6) { 3066 /* 3067 * correctly formed compression option 3068 * that could be VJ compression 3069 */ 3070 continue; 3071 } 3072 if (debug) 3073 log(-1, 3074 "optlen %d [invalid/unsupported] ", 3075 p[1]); 3076 break; 3077 case IPCP_OPT_ADDRESS: 3078 if (len >= 6 && p[1] == 6) { 3079 /* correctly formed address option */ 3080 continue; 3081 } 3082 if (debug) 3083 log(-1, "[invalid] "); 3084 break; 3085 default: 3086 /* Others not supported. */ 3087 if (debug) 3088 log(-1, "[rej] "); 3089 break; 3090 } 3091 /* Add the option to rejected list. */ 3092 bcopy (p, r, p[1]); 3093 r += p[1]; 3094 rlen += p[1]; 3095 } 3096 if (rlen) { 3097 if (debug) 3098 log(-1, " send conf-rej\n"); 3099 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 3100 return 0; 3101 } else if (debug) 3102 log(-1, "\n"); 3103 3104 /* pass 2: parse option values */ 3105 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 3106 if (debug) 3107 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 3108 SPP_ARGS(ifp)); 3109 p = (void*) (h+1); 3110 len = origlen; 3111 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3112 if (debug) 3113 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3114 switch (*p) { 3115 case IPCP_OPT_COMPRESSION: 3116 desiredcomp = p[2] << 8 | p[3]; 3117 /* We only support VJ */ 3118 if (desiredcomp == IPCP_COMP_VJ) { 3119 if (debug) 3120 log(-1, "VJ [ack] "); 3121 sp->ipcp.flags |= IPCP_VJ; 3122 sl_compress_init(sp->pp_comp, p[4]); 3123 sp->ipcp.max_state = p[4]; 3124 sp->ipcp.compress_cid = p[5]; 3125 continue; 3126 } 3127 if (debug) 3128 log(-1, 3129 "compproto %#04x [not supported] ", 3130 desiredcomp); 3131 p[2] = IPCP_COMP_VJ >> 8; 3132 p[3] = IPCP_COMP_VJ; 3133 p[4] = sp->ipcp.max_state; 3134 p[5] = sp->ipcp.compress_cid; 3135 break; 3136 case IPCP_OPT_ADDRESS: 3137 /* This is the address he wants in his end */ 3138 desiredaddr = p[2] << 24 | p[3] << 16 | 3139 p[4] << 8 | p[5]; 3140 if (desiredaddr == hisaddr || 3141 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) { 3142 /* 3143 * Peer's address is same as our value, 3144 * or we have set it to 0.0.0.* to 3145 * indicate that we do not really care, 3146 * this is agreeable. Gonna conf-ack 3147 * it. 3148 */ 3149 if (debug) 3150 log(-1, "%s [ack] ", 3151 sppp_dotted_quad(hisaddr)); 3152 /* record that we've seen it already */ 3153 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3154 continue; 3155 } 3156 /* 3157 * The address wasn't agreeable. This is either 3158 * he sent us 0.0.0.0, asking to assign him an 3159 * address, or he send us another address not 3160 * matching our value. Either case, we gonna 3161 * conf-nak it with our value. 3162 * XXX: we should "rej" if hisaddr == 0 3163 */ 3164 if (debug) { 3165 if (desiredaddr == 0) 3166 log(-1, "[addr requested] "); 3167 else 3168 log(-1, "%s [not agreed] ", 3169 sppp_dotted_quad(desiredaddr)); 3170 3171 } 3172 p[2] = hisaddr >> 24; 3173 p[3] = hisaddr >> 16; 3174 p[4] = hisaddr >> 8; 3175 p[5] = hisaddr; 3176 break; 3177 } 3178 /* Add the option to nak'ed list. */ 3179 bcopy (p, r, p[1]); 3180 r += p[1]; 3181 rlen += p[1]; 3182 } 3183 3184 /* 3185 * If we are about to conf-ack the request, but haven't seen 3186 * his address so far, gonna conf-nak it instead, with the 3187 * `address' option present and our idea of his address being 3188 * filled in there, to request negotiation of both addresses. 3189 * 3190 * XXX This can result in an endless req - nak loop if peer 3191 * doesn't want to send us his address. Q: What should we do 3192 * about it? XXX A: implement the max-failure counter. 3193 */ 3194 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 3195 buf[0] = IPCP_OPT_ADDRESS; 3196 buf[1] = 6; 3197 buf[2] = hisaddr >> 24; 3198 buf[3] = hisaddr >> 16; 3199 buf[4] = hisaddr >> 8; 3200 buf[5] = hisaddr; 3201 rlen = 6; 3202 if (debug) 3203 log(-1, "still need hisaddr "); 3204 } 3205 3206 if (rlen) { 3207 if (debug) 3208 log(-1, " send conf-nak\n"); 3209 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3210 } else { 3211 if (debug) 3212 log(-1, " send conf-ack\n"); 3213 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 3214 h->ident, origlen, h+1); 3215 } 3216 3217 free (buf, M_TEMP); 3218 return (rlen == 0); 3219} 3220 3221/* 3222 * Analyze the IPCP Configure-Reject option list, and adjust our 3223 * negotiation. 3224 */ 3225static void 3226sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3227{ 3228 u_char *buf, *p; 3229 struct ifnet *ifp = SP2IFP(sp); 3230 int debug = ifp->if_flags & IFF_DEBUG; 3231 3232 len -= 4; 3233 buf = malloc (len, M_TEMP, M_NOWAIT); 3234 if (!buf) 3235 return; 3236 3237 if (debug) 3238 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 3239 SPP_ARGS(ifp)); 3240 3241 p = (void*) (h+1); 3242 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3243 if (debug) 3244 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3245 switch (*p) { 3246 case IPCP_OPT_COMPRESSION: 3247 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION); 3248 break; 3249 case IPCP_OPT_ADDRESS: 3250 /* 3251 * Peer doesn't grok address option. This is 3252 * bad. XXX Should we better give up here? 3253 * XXX We could try old "addresses" option... 3254 */ 3255 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3256 break; 3257 } 3258 } 3259 if (debug) 3260 log(-1, "\n"); 3261 free (buf, M_TEMP); 3262 return; 3263} 3264 3265/* 3266 * Analyze the IPCP Configure-NAK option list, and adjust our 3267 * negotiation. 3268 */ 3269static void 3270sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3271{ 3272 u_char *buf, *p; 3273 struct ifnet *ifp = SP2IFP(sp); 3274 int debug = ifp->if_flags & IFF_DEBUG; 3275 int desiredcomp; 3276 u_long wantaddr; 3277 3278 len -= 4; 3279 buf = malloc (len, M_TEMP, M_NOWAIT); 3280 if (!buf) 3281 return; 3282 3283 if (debug) 3284 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 3285 SPP_ARGS(ifp)); 3286 3287 p = (void*) (h+1); 3288 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3289 if (debug) 3290 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3291 switch (*p) { 3292 case IPCP_OPT_COMPRESSION: 3293 if (len >= 6 && p[1] == 6) { 3294 desiredcomp = p[2] << 8 | p[3]; 3295 if (debug) 3296 log(-1, "[wantcomp %#04x] ", 3297 desiredcomp); 3298 if (desiredcomp == IPCP_COMP_VJ) { 3299 sl_compress_init(sp->pp_comp, p[4]); 3300 sp->ipcp.max_state = p[4]; 3301 sp->ipcp.compress_cid = p[5]; 3302 if (debug) 3303 log(-1, "[agree] "); 3304 } else 3305 sp->ipcp.opts &= 3306 ~(1 << IPCP_OPT_COMPRESSION); 3307 } 3308 break; 3309 case IPCP_OPT_ADDRESS: 3310 /* 3311 * Peer doesn't like our local IP address. See 3312 * if we can do something for him. We'll drop 3313 * him our address then. 3314 */ 3315 if (len >= 6 && p[1] == 6) { 3316 wantaddr = p[2] << 24 | p[3] << 16 | 3317 p[4] << 8 | p[5]; 3318 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3319 if (debug) 3320 log(-1, "[wantaddr %s] ", 3321 sppp_dotted_quad(wantaddr)); 3322 /* 3323 * When doing dynamic address assignment, 3324 * we accept his offer. Otherwise, we 3325 * ignore it and thus continue to negotiate 3326 * our already existing value. 3327 * XXX: Bogus, if he said no once, he'll 3328 * just say no again, might as well die. 3329 */ 3330 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3331 sppp_set_ip_addr(sp, wantaddr); 3332 if (debug) 3333 log(-1, "[agree] "); 3334 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3335 } 3336 } 3337 break; 3338 } 3339 } 3340 if (debug) 3341 log(-1, "\n"); 3342 free (buf, M_TEMP); 3343 return; 3344} 3345 3346static void 3347sppp_ipcp_tlu(struct sppp *sp) 3348{ 3349 /* we are up - notify isdn daemon */ 3350 if (sp->pp_con) 3351 sp->pp_con(sp); 3352} 3353 3354static void 3355sppp_ipcp_tld(struct sppp *sp) 3356{ 3357} 3358 3359static void 3360sppp_ipcp_tls(struct sppp *sp) 3361{ 3362 /* indicate to LCP that it must stay alive */ 3363 sp->lcp.protos |= (1 << IDX_IPCP); 3364} 3365 3366static void 3367sppp_ipcp_tlf(struct sppp *sp) 3368{ 3369 /* we no longer need LCP */ 3370 sp->lcp.protos &= ~(1 << IDX_IPCP); 3371 sppp_lcp_check_and_close(sp); 3372} 3373 3374static void 3375sppp_ipcp_scr(struct sppp *sp) 3376{ 3377 char opt[6 /* compression */ + 6 /* address */]; 3378 u_long ouraddr; 3379 int i = 0; 3380 3381 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3382 opt[i++] = IPCP_OPT_COMPRESSION; 3383 opt[i++] = 6; 3384 opt[i++] = IPCP_COMP_VJ >> 8; 3385 opt[i++] = IPCP_COMP_VJ; 3386 opt[i++] = sp->ipcp.max_state; 3387 opt[i++] = sp->ipcp.compress_cid; 3388 } 3389 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3390 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3391 opt[i++] = IPCP_OPT_ADDRESS; 3392 opt[i++] = 6; 3393 opt[i++] = ouraddr >> 24; 3394 opt[i++] = ouraddr >> 16; 3395 opt[i++] = ouraddr >> 8; 3396 opt[i++] = ouraddr; 3397 } 3398 3399 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3400 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3401} 3402 3403/* 3404 *--------------------------------------------------------------------------* 3405 * * 3406 * The IPv6CP implementation. * 3407 * * 3408 *--------------------------------------------------------------------------* 3409 */ 3410 3411#ifdef INET6 3412static void 3413sppp_ipv6cp_init(struct sppp *sp) 3414{ 3415 sp->ipv6cp.opts = 0; 3416 sp->ipv6cp.flags = 0; 3417 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3418 sp->fail_counter[IDX_IPV6CP] = 0; 3419 sp->pp_seq[IDX_IPV6CP] = 0; 3420 sp->pp_rseq[IDX_IPV6CP] = 0; 3421 callout_init(&sp->ch[IDX_IPV6CP], 3422 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 3423} 3424 3425static void 3426sppp_ipv6cp_up(struct sppp *sp) 3427{ 3428 sppp_up_event(&ipv6cp, sp); 3429} 3430 3431static void 3432sppp_ipv6cp_down(struct sppp *sp) 3433{ 3434 sppp_down_event(&ipv6cp, sp); 3435} 3436 3437static void 3438sppp_ipv6cp_open(struct sppp *sp) 3439{ 3440 STDDCL; 3441 struct in6_addr myaddr, hisaddr; 3442 3443#ifdef IPV6CP_MYIFID_DYN 3444 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3445#else 3446 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3447#endif 3448 3449 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3450 /* 3451 * If we don't have our address, this probably means our 3452 * interface doesn't want to talk IPv6 at all. (This could 3453 * be the case if somebody wants to speak only IPX, for 3454 * example.) Don't open IPv6CP in this case. 3455 */ 3456 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3457 /* XXX this message should go away */ 3458 if (debug) 3459 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3460 SPP_ARGS(ifp)); 3461 return; 3462 } 3463 3464 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3465 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3466 sppp_open_event(&ipv6cp, sp); 3467} 3468 3469static void 3470sppp_ipv6cp_close(struct sppp *sp) 3471{ 3472 sppp_close_event(&ipv6cp, sp); 3473} 3474 3475static void 3476sppp_ipv6cp_TO(void *cookie) 3477{ 3478 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3479} 3480 3481/* 3482 * Analyze a configure request. Return true if it was agreeable, and 3483 * caused action sca, false if it has been rejected or nak'ed, and 3484 * caused action scn. (The return value is used to make the state 3485 * transition decision in the state automaton.) 3486 */ 3487static int 3488sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3489{ 3490 u_char *buf, *r, *p; 3491 struct ifnet *ifp = SP2IFP(sp); 3492 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3493 struct in6_addr myaddr, desiredaddr, suggestaddr; 3494 int ifidcount; 3495 int type; 3496 int collision, nohisaddr; 3497 3498 len -= 4; 3499 origlen = len; 3500 /* 3501 * Make sure to allocate a buf that can at least hold a 3502 * conf-nak with an `address' option. We might need it below. 3503 */ 3504 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3505 if (! buf) 3506 return (0); 3507 3508 /* pass 1: see if we can recognize them */ 3509 if (debug) 3510 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3511 SPP_ARGS(ifp)); 3512 p = (void*) (h+1); 3513 ifidcount = 0; 3514 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3515 if (debug) 3516 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3517 switch (*p) { 3518 case IPV6CP_OPT_IFID: 3519 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3520 /* correctly formed address option */ 3521 ifidcount++; 3522 continue; 3523 } 3524 if (debug) 3525 log(-1, " [invalid]"); 3526 break; 3527#ifdef notyet 3528 case IPV6CP_OPT_COMPRESSION: 3529 if (len >= 4 && p[1] >= 4) { 3530 /* correctly formed compress option */ 3531 continue; 3532 } 3533 if (debug) 3534 log(-1, " [invalid]"); 3535 break; 3536#endif 3537 default: 3538 /* Others not supported. */ 3539 if (debug) 3540 log(-1, " [rej]"); 3541 break; 3542 } 3543 /* Add the option to rejected list. */ 3544 bcopy (p, r, p[1]); 3545 r += p[1]; 3546 rlen += p[1]; 3547 } 3548 if (rlen) { 3549 if (debug) 3550 log(-1, " send conf-rej\n"); 3551 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3552 goto end; 3553 } else if (debug) 3554 log(-1, "\n"); 3555 3556 /* pass 2: parse option values */ 3557 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3558 if (debug) 3559 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3560 SPP_ARGS(ifp)); 3561 p = (void*) (h+1); 3562 len = origlen; 3563 type = CONF_ACK; 3564 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3565 if (debug) 3566 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3567 switch (*p) { 3568#ifdef notyet 3569 case IPV6CP_OPT_COMPRESSION: 3570 continue; 3571#endif 3572 case IPV6CP_OPT_IFID: 3573 bzero(&desiredaddr, sizeof(desiredaddr)); 3574 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3575 collision = (bcmp(&desiredaddr.s6_addr[8], 3576 &myaddr.s6_addr[8], 8) == 0); 3577 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3578 3579 desiredaddr.s6_addr16[0] = htons(0xfe80); 3580 (void)in6_setscope(&desiredaddr, SP2IFP(sp), NULL); 3581 3582 if (!collision && !nohisaddr) { 3583 /* no collision, hisaddr known - Conf-Ack */ 3584 type = CONF_ACK; 3585 3586 if (debug) { 3587 log(-1, " %s [%s]", 3588 ip6_sprintf(&desiredaddr), 3589 sppp_cp_type_name(type)); 3590 } 3591 continue; 3592 } 3593 3594 bzero(&suggestaddr, sizeof(&suggestaddr)); 3595 if (collision && nohisaddr) { 3596 /* collision, hisaddr unknown - Conf-Rej */ 3597 type = CONF_REJ; 3598 bzero(&p[2], 8); 3599 } else { 3600 /* 3601 * - no collision, hisaddr unknown, or 3602 * - collision, hisaddr known 3603 * Conf-Nak, suggest hisaddr 3604 */ 3605 type = CONF_NAK; 3606 sppp_suggest_ip6_addr(sp, &suggestaddr); 3607 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3608 } 3609 if (debug) 3610 log(-1, " %s [%s]", ip6_sprintf(&desiredaddr), 3611 sppp_cp_type_name(type)); 3612 break; 3613 } 3614 /* Add the option to nak'ed list. */ 3615 bcopy (p, r, p[1]); 3616 r += p[1]; 3617 rlen += p[1]; 3618 } 3619 3620 if (rlen == 0 && type == CONF_ACK) { 3621 if (debug) 3622 log(-1, " send %s\n", sppp_cp_type_name(type)); 3623 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3624 } else { 3625#ifdef DIAGNOSTIC 3626 if (type == CONF_ACK) 3627 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3628#endif 3629 3630 if (debug) { 3631 log(-1, " send %s suggest %s\n", 3632 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3633 } 3634 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3635 } 3636 3637 end: 3638 free (buf, M_TEMP); 3639 return (rlen == 0); 3640} 3641 3642/* 3643 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3644 * negotiation. 3645 */ 3646static void 3647sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3648{ 3649 u_char *buf, *p; 3650 struct ifnet *ifp = SP2IFP(sp); 3651 int debug = ifp->if_flags & IFF_DEBUG; 3652 3653 len -= 4; 3654 buf = malloc (len, M_TEMP, M_NOWAIT); 3655 if (!buf) 3656 return; 3657 3658 if (debug) 3659 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3660 SPP_ARGS(ifp)); 3661 3662 p = (void*) (h+1); 3663 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3664 if (debug) 3665 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3666 switch (*p) { 3667 case IPV6CP_OPT_IFID: 3668 /* 3669 * Peer doesn't grok address option. This is 3670 * bad. XXX Should we better give up here? 3671 */ 3672 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3673 break; 3674#ifdef notyet 3675 case IPV6CP_OPT_COMPRESS: 3676 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3677 break; 3678#endif 3679 } 3680 } 3681 if (debug) 3682 log(-1, "\n"); 3683 free (buf, M_TEMP); 3684 return; 3685} 3686 3687/* 3688 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3689 * negotiation. 3690 */ 3691static void 3692sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3693{ 3694 u_char *buf, *p; 3695 struct ifnet *ifp = SP2IFP(sp); 3696 int debug = ifp->if_flags & IFF_DEBUG; 3697 struct in6_addr suggestaddr; 3698 3699 len -= 4; 3700 buf = malloc (len, M_TEMP, M_NOWAIT); 3701 if (!buf) 3702 return; 3703 3704 if (debug) 3705 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3706 SPP_ARGS(ifp)); 3707 3708 p = (void*) (h+1); 3709 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3710 if (debug) 3711 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3712 switch (*p) { 3713 case IPV6CP_OPT_IFID: 3714 /* 3715 * Peer doesn't like our local ifid. See 3716 * if we can do something for him. We'll drop 3717 * him our address then. 3718 */ 3719 if (len < 10 || p[1] != 10) 3720 break; 3721 bzero(&suggestaddr, sizeof(suggestaddr)); 3722 suggestaddr.s6_addr16[0] = htons(0xfe80); 3723 (void)in6_setscope(&suggestaddr, SP2IFP(sp), NULL); 3724 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3725 3726 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3727 if (debug) 3728 log(-1, " [suggestaddr %s]", 3729 ip6_sprintf(&suggestaddr)); 3730#ifdef IPV6CP_MYIFID_DYN 3731 /* 3732 * When doing dynamic address assignment, 3733 * we accept his offer. 3734 */ 3735 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3736 struct in6_addr lastsuggest; 3737 /* 3738 * If <suggested myaddr from peer> equals to 3739 * <hisaddr we have suggested last time>, 3740 * we have a collision. generate new random 3741 * ifid. 3742 */ 3743 sppp_suggest_ip6_addr(&lastsuggest); 3744 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3745 lastsuggest)) { 3746 if (debug) 3747 log(-1, " [random]"); 3748 sppp_gen_ip6_addr(sp, &suggestaddr); 3749 } 3750 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3751 if (debug) 3752 log(-1, " [agree]"); 3753 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3754 } 3755#else 3756 /* 3757 * Since we do not do dynamic address assignment, 3758 * we ignore it and thus continue to negotiate 3759 * our already existing value. This can possibly 3760 * go into infinite request-reject loop. 3761 * 3762 * This is not likely because we normally use 3763 * ifid based on MAC-address. 3764 * If you have no ethernet card on the node, too bad. 3765 * XXX should we use fail_counter? 3766 */ 3767#endif 3768 break; 3769#ifdef notyet 3770 case IPV6CP_OPT_COMPRESS: 3771 /* 3772 * Peer wants different compression parameters. 3773 */ 3774 break; 3775#endif 3776 } 3777 } 3778 if (debug) 3779 log(-1, "\n"); 3780 free (buf, M_TEMP); 3781 return; 3782} 3783static void 3784sppp_ipv6cp_tlu(struct sppp *sp) 3785{ 3786 /* we are up - notify isdn daemon */ 3787 if (sp->pp_con) 3788 sp->pp_con(sp); 3789} 3790 3791static void 3792sppp_ipv6cp_tld(struct sppp *sp) 3793{ 3794} 3795 3796static void 3797sppp_ipv6cp_tls(struct sppp *sp) 3798{ 3799 /* indicate to LCP that it must stay alive */ 3800 sp->lcp.protos |= (1 << IDX_IPV6CP); 3801} 3802 3803static void 3804sppp_ipv6cp_tlf(struct sppp *sp) 3805{ 3806 3807#if 0 /* need #if 0 to close IPv6CP properly */ 3808 /* we no longer need LCP */ 3809 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3810 sppp_lcp_check_and_close(sp); 3811#endif 3812} 3813 3814static void 3815sppp_ipv6cp_scr(struct sppp *sp) 3816{ 3817 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3818 struct in6_addr ouraddr; 3819 int i = 0; 3820 3821 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3822 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3823 opt[i++] = IPV6CP_OPT_IFID; 3824 opt[i++] = 10; 3825 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3826 i += 8; 3827 } 3828 3829#ifdef notyet 3830 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3831 opt[i++] = IPV6CP_OPT_COMPRESSION; 3832 opt[i++] = 4; 3833 opt[i++] = 0; /* TBD */ 3834 opt[i++] = 0; /* TBD */ 3835 /* variable length data may follow */ 3836 } 3837#endif 3838 3839 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3840 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3841} 3842#else /*INET6*/ 3843static void sppp_ipv6cp_init(struct sppp *sp) 3844{ 3845} 3846 3847static void sppp_ipv6cp_up(struct sppp *sp) 3848{ 3849} 3850 3851static void sppp_ipv6cp_down(struct sppp *sp) 3852{ 3853} 3854 3855 3856static void sppp_ipv6cp_open(struct sppp *sp) 3857{ 3858} 3859 3860static void sppp_ipv6cp_close(struct sppp *sp) 3861{ 3862} 3863 3864static void sppp_ipv6cp_TO(void *sp) 3865{ 3866} 3867 3868static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3869{ 3870 return 0; 3871} 3872 3873static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3874{ 3875} 3876 3877static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3878{ 3879} 3880 3881static void sppp_ipv6cp_tlu(struct sppp *sp) 3882{ 3883} 3884 3885static void sppp_ipv6cp_tld(struct sppp *sp) 3886{ 3887} 3888 3889static void sppp_ipv6cp_tls(struct sppp *sp) 3890{ 3891} 3892 3893static void sppp_ipv6cp_tlf(struct sppp *sp) 3894{ 3895} 3896 3897static void sppp_ipv6cp_scr(struct sppp *sp) 3898{ 3899} 3900#endif /*INET6*/ 3901 3902/* 3903 *--------------------------------------------------------------------------* 3904 * * 3905 * The CHAP implementation. * 3906 * * 3907 *--------------------------------------------------------------------------* 3908 */ 3909 3910/* 3911 * The authentication protocols don't employ a full-fledged state machine as 3912 * the control protocols do, since they do have Open and Close events, but 3913 * not Up and Down, nor are they explicitly terminated. Also, use of the 3914 * authentication protocols may be different in both directions (this makes 3915 * sense, think of a machine that never accepts incoming calls but only 3916 * calls out, it doesn't require the called party to authenticate itself). 3917 * 3918 * Our state machine for the local authentication protocol (we are requesting 3919 * the peer to authenticate) looks like: 3920 * 3921 * RCA- 3922 * +--------------------------------------------+ 3923 * V scn,tld| 3924 * +--------+ Close +---------+ RCA+ 3925 * | |<----------------------------------| |------+ 3926 * +--->| Closed | TO* | Opened | sca | 3927 * | | |-----+ +-------| |<-----+ 3928 * | +--------+ irc | | +---------+ 3929 * | ^ | | ^ 3930 * | | | | | 3931 * | | | | | 3932 * | TO-| | | | 3933 * | |tld TO+ V | | 3934 * | | +------->+ | | 3935 * | | | | | | 3936 * | +--------+ V | | 3937 * | | |<----+<--------------------+ | 3938 * | | Req- | scr | 3939 * | | Sent | | 3940 * | | | | 3941 * | +--------+ | 3942 * | RCA- | | RCA+ | 3943 * +------+ +------------------------------------------+ 3944 * scn,tld sca,irc,ict,tlu 3945 * 3946 * 3947 * with: 3948 * 3949 * Open: LCP reached authentication phase 3950 * Close: LCP reached terminate phase 3951 * 3952 * RCA+: received reply (pap-req, chap-response), acceptable 3953 * RCN: received reply (pap-req, chap-response), not acceptable 3954 * TO+: timeout with restart counter >= 0 3955 * TO-: timeout with restart counter < 0 3956 * TO*: reschedule timeout for CHAP 3957 * 3958 * scr: send request packet (none for PAP, chap-challenge) 3959 * sca: send ack packet (pap-ack, chap-success) 3960 * scn: send nak packet (pap-nak, chap-failure) 3961 * ict: initialize re-challenge timer (CHAP only) 3962 * 3963 * tlu: this-layer-up, LCP reaches network phase 3964 * tld: this-layer-down, LCP enters terminate phase 3965 * 3966 * Note that in CHAP mode, after sending a new challenge, while the state 3967 * automaton falls back into Req-Sent state, it doesn't signal a tld 3968 * event to LCP, so LCP remains in network phase. Only after not getting 3969 * any response (or after getting an unacceptable response), CHAP closes, 3970 * causing LCP to enter terminate phase. 3971 * 3972 * With PAP, there is no initial request that can be sent. The peer is 3973 * expected to send one based on the successful negotiation of PAP as 3974 * the authentication protocol during the LCP option negotiation. 3975 * 3976 * Incoming authentication protocol requests (remote requests 3977 * authentication, we are peer) don't employ a state machine at all, 3978 * they are simply answered. Some peers [Ascend P50 firmware rev 3979 * 4.50] react allergically when sending IPCP requests while they are 3980 * still in authentication phase (thereby violating the standard that 3981 * demands that these NCP packets are to be discarded), so we keep 3982 * track of the peer demanding us to authenticate, and only proceed to 3983 * phase network once we've seen a positive acknowledge for the 3984 * authentication. 3985 */ 3986 3987/* 3988 * Handle incoming CHAP packets. 3989 */ 3990static void 3991sppp_chap_input(struct sppp *sp, struct mbuf *m) 3992{ 3993 STDDCL; 3994 struct lcp_header *h; 3995 int len, x; 3996 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3997 int value_len, name_len; 3998 MD5_CTX ctx; 3999 4000 len = m->m_pkthdr.len; 4001 if (len < 4) { 4002 if (debug) 4003 log(LOG_DEBUG, 4004 SPP_FMT "chap invalid packet length: %d bytes\n", 4005 SPP_ARGS(ifp), len); 4006 return; 4007 } 4008 h = mtod (m, struct lcp_header*); 4009 if (len > ntohs (h->len)) 4010 len = ntohs (h->len); 4011 4012 switch (h->type) { 4013 /* challenge, failure and success are his authproto */ 4014 case CHAP_CHALLENGE: 4015 value = 1 + (u_char*)(h+1); 4016 value_len = value[-1]; 4017 name = value + value_len; 4018 name_len = len - value_len - 5; 4019 if (name_len < 0) { 4020 if (debug) { 4021 log(LOG_DEBUG, 4022 SPP_FMT "chap corrupted challenge " 4023 "<%s id=0x%x len=%d", 4024 SPP_ARGS(ifp), 4025 sppp_auth_type_name(PPP_CHAP, h->type), 4026 h->ident, ntohs(h->len)); 4027 sppp_print_bytes((u_char*) (h+1), len-4); 4028 log(-1, ">\n"); 4029 } 4030 break; 4031 } 4032 4033 if (debug) { 4034 log(LOG_DEBUG, 4035 SPP_FMT "chap input <%s id=0x%x len=%d name=", 4036 SPP_ARGS(ifp), 4037 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 4038 ntohs(h->len)); 4039 sppp_print_string((char*) name, name_len); 4040 log(-1, " value-size=%d value=", value_len); 4041 sppp_print_bytes(value, value_len); 4042 log(-1, ">\n"); 4043 } 4044 4045 /* Compute reply value. */ 4046 MD5Init(&ctx); 4047 MD5Update(&ctx, &h->ident, 1); 4048 MD5Update(&ctx, sp->myauth.secret, 4049 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 4050 MD5Update(&ctx, value, value_len); 4051 MD5Final(digest, &ctx); 4052 dsize = sizeof digest; 4053 4054 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 4055 sizeof dsize, (const char *)&dsize, 4056 sizeof digest, digest, 4057 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4058 sp->myauth.name, 4059 0); 4060 break; 4061 4062 case CHAP_SUCCESS: 4063 if (debug) { 4064 log(LOG_DEBUG, SPP_FMT "chap success", 4065 SPP_ARGS(ifp)); 4066 if (len > 4) { 4067 log(-1, ": "); 4068 sppp_print_string((char*)(h + 1), len - 4); 4069 } 4070 log(-1, "\n"); 4071 } 4072 x = splimp(); 4073 SPPP_LOCK(sp); 4074 sp->pp_flags &= ~PP_NEEDAUTH; 4075 if (sp->myauth.proto == PPP_CHAP && 4076 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4077 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 4078 /* 4079 * We are authenticator for CHAP but didn't 4080 * complete yet. Leave it to tlu to proceed 4081 * to network phase. 4082 */ 4083 SPPP_UNLOCK(sp); 4084 splx(x); 4085 break; 4086 } 4087 SPPP_UNLOCK(sp); 4088 splx(x); 4089 sppp_phase_network(sp); 4090 break; 4091 4092 case CHAP_FAILURE: 4093 if (debug) { 4094 log(LOG_INFO, SPP_FMT "chap failure", 4095 SPP_ARGS(ifp)); 4096 if (len > 4) { 4097 log(-1, ": "); 4098 sppp_print_string((char*)(h + 1), len - 4); 4099 } 4100 log(-1, "\n"); 4101 } else 4102 log(LOG_INFO, SPP_FMT "chap failure\n", 4103 SPP_ARGS(ifp)); 4104 /* await LCP shutdown by authenticator */ 4105 break; 4106 4107 /* response is my authproto */ 4108 case CHAP_RESPONSE: 4109 value = 1 + (u_char*)(h+1); 4110 value_len = value[-1]; 4111 name = value + value_len; 4112 name_len = len - value_len - 5; 4113 if (name_len < 0) { 4114 if (debug) { 4115 log(LOG_DEBUG, 4116 SPP_FMT "chap corrupted response " 4117 "<%s id=0x%x len=%d", 4118 SPP_ARGS(ifp), 4119 sppp_auth_type_name(PPP_CHAP, h->type), 4120 h->ident, ntohs(h->len)); 4121 sppp_print_bytes((u_char*)(h+1), len-4); 4122 log(-1, ">\n"); 4123 } 4124 break; 4125 } 4126 if (h->ident != sp->confid[IDX_CHAP]) { 4127 if (debug) 4128 log(LOG_DEBUG, 4129 SPP_FMT "chap dropping response for old ID " 4130 "(got %d, expected %d)\n", 4131 SPP_ARGS(ifp), 4132 h->ident, sp->confid[IDX_CHAP]); 4133 break; 4134 } 4135 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 4136 || bcmp(name, sp->hisauth.name, name_len) != 0) { 4137 log(LOG_INFO, SPP_FMT "chap response, his name ", 4138 SPP_ARGS(ifp)); 4139 sppp_print_string(name, name_len); 4140 log(-1, " != expected "); 4141 sppp_print_string(sp->hisauth.name, 4142 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 4143 log(-1, "\n"); 4144 } 4145 if (debug) { 4146 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 4147 "<%s id=0x%x len=%d name=", 4148 SPP_ARGS(ifp), 4149 sppp_state_name(sp->state[IDX_CHAP]), 4150 sppp_auth_type_name(PPP_CHAP, h->type), 4151 h->ident, ntohs (h->len)); 4152 sppp_print_string((char*)name, name_len); 4153 log(-1, " value-size=%d value=", value_len); 4154 sppp_print_bytes(value, value_len); 4155 log(-1, ">\n"); 4156 } 4157 if (value_len != AUTHKEYLEN) { 4158 if (debug) 4159 log(LOG_DEBUG, 4160 SPP_FMT "chap bad hash value length: " 4161 "%d bytes, should be %d\n", 4162 SPP_ARGS(ifp), value_len, 4163 AUTHKEYLEN); 4164 break; 4165 } 4166 4167 MD5Init(&ctx); 4168 MD5Update(&ctx, &h->ident, 1); 4169 MD5Update(&ctx, sp->hisauth.secret, 4170 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 4171 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 4172 MD5Final(digest, &ctx); 4173 4174#define FAILMSG "Failed..." 4175#define SUCCMSG "Welcome!" 4176 4177 if (value_len != sizeof digest || 4178 bcmp(digest, value, value_len) != 0) { 4179 /* action scn, tld */ 4180 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4181 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4182 0); 4183 chap.tld(sp); 4184 break; 4185 } 4186 /* action sca, perhaps tlu */ 4187 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4188 sp->state[IDX_CHAP] == STATE_OPENED) 4189 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4190 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4191 0); 4192 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4193 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4194 chap.tlu(sp); 4195 } 4196 break; 4197 4198 default: 4199 /* Unknown CHAP packet type -- ignore. */ 4200 if (debug) { 4201 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4202 "<0x%x id=0x%xh len=%d", 4203 SPP_ARGS(ifp), 4204 sppp_state_name(sp->state[IDX_CHAP]), 4205 h->type, h->ident, ntohs(h->len)); 4206 sppp_print_bytes((u_char*)(h+1), len-4); 4207 log(-1, ">\n"); 4208 } 4209 break; 4210 4211 } 4212} 4213 4214static void 4215sppp_chap_init(struct sppp *sp) 4216{ 4217 /* Chap doesn't have STATE_INITIAL at all. */ 4218 sp->state[IDX_CHAP] = STATE_CLOSED; 4219 sp->fail_counter[IDX_CHAP] = 0; 4220 sp->pp_seq[IDX_CHAP] = 0; 4221 sp->pp_rseq[IDX_CHAP] = 0; 4222 callout_init(&sp->ch[IDX_CHAP], 4223 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 4224} 4225 4226static void 4227sppp_chap_open(struct sppp *sp) 4228{ 4229 if (sp->myauth.proto == PPP_CHAP && 4230 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4231 /* we are authenticator for CHAP, start it */ 4232 chap.scr(sp); 4233 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4234 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4235 } 4236 /* nothing to be done if we are peer, await a challenge */ 4237} 4238 4239static void 4240sppp_chap_close(struct sppp *sp) 4241{ 4242 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4243 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4244} 4245 4246static void 4247sppp_chap_TO(void *cookie) 4248{ 4249 struct sppp *sp = (struct sppp *)cookie; 4250 STDDCL; 4251 int s; 4252 4253 s = splimp(); 4254 SPPP_LOCK(sp); 4255 if (debug) 4256 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4257 SPP_ARGS(ifp), 4258 sppp_state_name(sp->state[IDX_CHAP]), 4259 sp->rst_counter[IDX_CHAP]); 4260 4261 if (--sp->rst_counter[IDX_CHAP] < 0) 4262 /* TO- event */ 4263 switch (sp->state[IDX_CHAP]) { 4264 case STATE_REQ_SENT: 4265 chap.tld(sp); 4266 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4267 break; 4268 } 4269 else 4270 /* TO+ (or TO*) event */ 4271 switch (sp->state[IDX_CHAP]) { 4272 case STATE_OPENED: 4273 /* TO* event */ 4274 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4275 /* FALLTHROUGH */ 4276 case STATE_REQ_SENT: 4277 chap.scr(sp); 4278 /* sppp_cp_change_state() will restart the timer */ 4279 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4280 break; 4281 } 4282 4283 SPPP_UNLOCK(sp); 4284 splx(s); 4285} 4286 4287static void 4288sppp_chap_tlu(struct sppp *sp) 4289{ 4290 STDDCL; 4291 int i, x; 4292 4293 i = 0; 4294 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4295 4296 /* 4297 * Some broken CHAP implementations (Conware CoNet, firmware 4298 * 4.0.?) don't want to re-authenticate their CHAP once the 4299 * initial challenge-response exchange has taken place. 4300 * Provide for an option to avoid rechallenges. 4301 */ 4302 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4303 /* 4304 * Compute the re-challenge timeout. This will yield 4305 * a number between 300 and 810 seconds. 4306 */ 4307 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4308 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, (void *)sp); 4309 } 4310 4311 if (debug) { 4312 log(LOG_DEBUG, 4313 SPP_FMT "chap %s, ", 4314 SPP_ARGS(ifp), 4315 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4316 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4317 log(-1, "next re-challenge in %d seconds\n", i); 4318 else 4319 log(-1, "re-challenging supressed\n"); 4320 } 4321 4322 x = splimp(); 4323 SPPP_LOCK(sp); 4324 /* indicate to LCP that we need to be closed down */ 4325 sp->lcp.protos |= (1 << IDX_CHAP); 4326 4327 if (sp->pp_flags & PP_NEEDAUTH) { 4328 /* 4329 * Remote is authenticator, but his auth proto didn't 4330 * complete yet. Defer the transition to network 4331 * phase. 4332 */ 4333 SPPP_UNLOCK(sp); 4334 splx(x); 4335 return; 4336 } 4337 SPPP_UNLOCK(sp); 4338 splx(x); 4339 4340 /* 4341 * If we are already in phase network, we are done here. This 4342 * is the case if this is a dummy tlu event after a re-challenge. 4343 */ 4344 if (sp->pp_phase != PHASE_NETWORK) 4345 sppp_phase_network(sp); 4346} 4347 4348static void 4349sppp_chap_tld(struct sppp *sp) 4350{ 4351 STDDCL; 4352 4353 if (debug) 4354 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4355 callout_stop(&sp->ch[IDX_CHAP]); 4356 sp->lcp.protos &= ~(1 << IDX_CHAP); 4357 4358 lcp.Close(sp); 4359} 4360 4361static void 4362sppp_chap_scr(struct sppp *sp) 4363{ 4364 u_long *ch, seed; 4365 u_char clen; 4366 4367 /* Compute random challenge. */ 4368 ch = (u_long *)sp->myauth.challenge; 4369#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4370 read_random(&seed, sizeof seed); 4371#else 4372 { 4373 struct timeval tv; 4374 microtime(&tv); 4375 seed = tv.tv_sec ^ tv.tv_usec; 4376 } 4377#endif 4378 ch[0] = seed ^ random(); 4379 ch[1] = seed ^ random(); 4380 ch[2] = seed ^ random(); 4381 ch[3] = seed ^ random(); 4382 clen = AUTHKEYLEN; 4383 4384 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4385 4386 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4387 sizeof clen, (const char *)&clen, 4388 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4389 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4390 sp->myauth.name, 4391 0); 4392} 4393 4394/* 4395 *--------------------------------------------------------------------------* 4396 * * 4397 * The PAP implementation. * 4398 * * 4399 *--------------------------------------------------------------------------* 4400 */ 4401/* 4402 * For PAP, we need to keep a little state also if we are the peer, not the 4403 * authenticator. This is since we don't get a request to authenticate, but 4404 * have to repeatedly authenticate ourself until we got a response (or the 4405 * retry counter is expired). 4406 */ 4407 4408/* 4409 * Handle incoming PAP packets. */ 4410static void 4411sppp_pap_input(struct sppp *sp, struct mbuf *m) 4412{ 4413 STDDCL; 4414 struct lcp_header *h; 4415 int len, x; 4416 u_char *name, *passwd, mlen; 4417 int name_len, passwd_len; 4418 4419 len = m->m_pkthdr.len; 4420 if (len < 5) { 4421 if (debug) 4422 log(LOG_DEBUG, 4423 SPP_FMT "pap invalid packet length: %d bytes\n", 4424 SPP_ARGS(ifp), len); 4425 return; 4426 } 4427 h = mtod (m, struct lcp_header*); 4428 if (len > ntohs (h->len)) 4429 len = ntohs (h->len); 4430 switch (h->type) { 4431 /* PAP request is my authproto */ 4432 case PAP_REQ: 4433 name = 1 + (u_char*)(h+1); 4434 name_len = name[-1]; 4435 passwd = name + name_len + 1; 4436 if (name_len > len - 6 || 4437 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4438 if (debug) { 4439 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4440 "<%s id=0x%x len=%d", 4441 SPP_ARGS(ifp), 4442 sppp_auth_type_name(PPP_PAP, h->type), 4443 h->ident, ntohs(h->len)); 4444 sppp_print_bytes((u_char*)(h+1), len-4); 4445 log(-1, ">\n"); 4446 } 4447 break; 4448 } 4449 if (debug) { 4450 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4451 "<%s id=0x%x len=%d name=", 4452 SPP_ARGS(ifp), 4453 sppp_state_name(sp->state[IDX_PAP]), 4454 sppp_auth_type_name(PPP_PAP, h->type), 4455 h->ident, ntohs(h->len)); 4456 sppp_print_string((char*)name, name_len); 4457 log(-1, " passwd="); 4458 sppp_print_string((char*)passwd, passwd_len); 4459 log(-1, ">\n"); 4460 } 4461 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4462 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4463 bcmp(name, sp->hisauth.name, name_len) != 0 || 4464 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4465 /* action scn, tld */ 4466 mlen = sizeof(FAILMSG) - 1; 4467 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4468 sizeof mlen, (const char *)&mlen, 4469 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4470 0); 4471 pap.tld(sp); 4472 break; 4473 } 4474 /* action sca, perhaps tlu */ 4475 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4476 sp->state[IDX_PAP] == STATE_OPENED) { 4477 mlen = sizeof(SUCCMSG) - 1; 4478 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4479 sizeof mlen, (const char *)&mlen, 4480 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4481 0); 4482 } 4483 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4484 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4485 pap.tlu(sp); 4486 } 4487 break; 4488 4489 /* ack and nak are his authproto */ 4490 case PAP_ACK: 4491 callout_stop(&sp->pap_my_to_ch); 4492 if (debug) { 4493 log(LOG_DEBUG, SPP_FMT "pap success", 4494 SPP_ARGS(ifp)); 4495 name_len = *((char *)h); 4496 if (len > 5 && name_len) { 4497 log(-1, ": "); 4498 sppp_print_string((char*)(h+1), name_len); 4499 } 4500 log(-1, "\n"); 4501 } 4502 x = splimp(); 4503 SPPP_LOCK(sp); 4504 sp->pp_flags &= ~PP_NEEDAUTH; 4505 if (sp->myauth.proto == PPP_PAP && 4506 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4507 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4508 /* 4509 * We are authenticator for PAP but didn't 4510 * complete yet. Leave it to tlu to proceed 4511 * to network phase. 4512 */ 4513 SPPP_UNLOCK(sp); 4514 splx(x); 4515 break; 4516 } 4517 SPPP_UNLOCK(sp); 4518 splx(x); 4519 sppp_phase_network(sp); 4520 break; 4521 4522 case PAP_NAK: 4523 callout_stop (&sp->pap_my_to_ch); 4524 if (debug) { 4525 log(LOG_INFO, SPP_FMT "pap failure", 4526 SPP_ARGS(ifp)); 4527 name_len = *((char *)h); 4528 if (len > 5 && name_len) { 4529 log(-1, ": "); 4530 sppp_print_string((char*)(h+1), name_len); 4531 } 4532 log(-1, "\n"); 4533 } else 4534 log(LOG_INFO, SPP_FMT "pap failure\n", 4535 SPP_ARGS(ifp)); 4536 /* await LCP shutdown by authenticator */ 4537 break; 4538 4539 default: 4540 /* Unknown PAP packet type -- ignore. */ 4541 if (debug) { 4542 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4543 "<0x%x id=0x%x len=%d", 4544 SPP_ARGS(ifp), 4545 h->type, h->ident, ntohs(h->len)); 4546 sppp_print_bytes((u_char*)(h+1), len-4); 4547 log(-1, ">\n"); 4548 } 4549 break; 4550 4551 } 4552} 4553 4554static void 4555sppp_pap_init(struct sppp *sp) 4556{ 4557 /* PAP doesn't have STATE_INITIAL at all. */ 4558 sp->state[IDX_PAP] = STATE_CLOSED; 4559 sp->fail_counter[IDX_PAP] = 0; 4560 sp->pp_seq[IDX_PAP] = 0; 4561 sp->pp_rseq[IDX_PAP] = 0; 4562 callout_init(&sp->ch[IDX_PAP], 4563 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 4564 callout_init(&sp->pap_my_to_ch, 4565 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE); 4566} 4567 4568static void 4569sppp_pap_open(struct sppp *sp) 4570{ 4571 if (sp->hisauth.proto == PPP_PAP && 4572 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4573 /* we are authenticator for PAP, start our timer */ 4574 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4575 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4576 } 4577 if (sp->myauth.proto == PPP_PAP) { 4578 /* we are peer, send a request, and start a timer */ 4579 pap.scr(sp); 4580 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 4581 sppp_pap_my_TO, (void *)sp); 4582 } 4583} 4584 4585static void 4586sppp_pap_close(struct sppp *sp) 4587{ 4588 if (sp->state[IDX_PAP] != STATE_CLOSED) 4589 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4590} 4591 4592/* 4593 * That's the timeout routine if we are authenticator. Since the 4594 * authenticator is basically passive in PAP, we can't do much here. 4595 */ 4596static void 4597sppp_pap_TO(void *cookie) 4598{ 4599 struct sppp *sp = (struct sppp *)cookie; 4600 STDDCL; 4601 int s; 4602 4603 s = splimp(); 4604 SPPP_LOCK(sp); 4605 if (debug) 4606 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4607 SPP_ARGS(ifp), 4608 sppp_state_name(sp->state[IDX_PAP]), 4609 sp->rst_counter[IDX_PAP]); 4610 4611 if (--sp->rst_counter[IDX_PAP] < 0) 4612 /* TO- event */ 4613 switch (sp->state[IDX_PAP]) { 4614 case STATE_REQ_SENT: 4615 pap.tld(sp); 4616 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4617 break; 4618 } 4619 else 4620 /* TO+ event, not very much we could do */ 4621 switch (sp->state[IDX_PAP]) { 4622 case STATE_REQ_SENT: 4623 /* sppp_cp_change_state() will restart the timer */ 4624 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4625 break; 4626 } 4627 4628 SPPP_UNLOCK(sp); 4629 splx(s); 4630} 4631 4632/* 4633 * That's the timeout handler if we are peer. Since the peer is active, 4634 * we need to retransmit our PAP request since it is apparently lost. 4635 * XXX We should impose a max counter. 4636 */ 4637static void 4638sppp_pap_my_TO(void *cookie) 4639{ 4640 struct sppp *sp = (struct sppp *)cookie; 4641 STDDCL; 4642 4643 if (debug) 4644 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4645 SPP_ARGS(ifp)); 4646 4647 SPPP_LOCK(sp); 4648 pap.scr(sp); 4649 SPPP_UNLOCK(sp); 4650} 4651 4652static void 4653sppp_pap_tlu(struct sppp *sp) 4654{ 4655 STDDCL; 4656 int x; 4657 4658 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4659 4660 if (debug) 4661 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4662 SPP_ARGS(ifp), pap.name); 4663 4664 x = splimp(); 4665 SPPP_LOCK(sp); 4666 /* indicate to LCP that we need to be closed down */ 4667 sp->lcp.protos |= (1 << IDX_PAP); 4668 4669 if (sp->pp_flags & PP_NEEDAUTH) { 4670 /* 4671 * Remote is authenticator, but his auth proto didn't 4672 * complete yet. Defer the transition to network 4673 * phase. 4674 */ 4675 SPPP_UNLOCK(sp); 4676 splx(x); 4677 return; 4678 } 4679 SPPP_UNLOCK(sp); 4680 splx(x); 4681 sppp_phase_network(sp); 4682} 4683 4684static void 4685sppp_pap_tld(struct sppp *sp) 4686{ 4687 STDDCL; 4688 4689 if (debug) 4690 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4691 callout_stop (&sp->ch[IDX_PAP]); 4692 callout_stop (&sp->pap_my_to_ch); 4693 sp->lcp.protos &= ~(1 << IDX_PAP); 4694 4695 lcp.Close(sp); 4696} 4697 4698static void 4699sppp_pap_scr(struct sppp *sp) 4700{ 4701 u_char idlen, pwdlen; 4702 4703 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4704 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4705 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4706 4707 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4708 sizeof idlen, (const char *)&idlen, 4709 (size_t)idlen, sp->myauth.name, 4710 sizeof pwdlen, (const char *)&pwdlen, 4711 (size_t)pwdlen, sp->myauth.secret, 4712 0); 4713} 4714 4715/* 4716 * Random miscellaneous functions. 4717 */ 4718 4719/* 4720 * Send a PAP or CHAP proto packet. 4721 * 4722 * Varadic function, each of the elements for the ellipsis is of type 4723 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4724 * mlen == 0. 4725 * NOTE: never declare variadic functions with types subject to type 4726 * promotion (i.e. u_char). This is asking for big trouble depending 4727 * on the architecture you are on... 4728 */ 4729 4730static void 4731sppp_auth_send(const struct cp *cp, struct sppp *sp, 4732 unsigned int type, unsigned int id, 4733 ...) 4734{ 4735 STDDCL; 4736 struct ppp_header *h; 4737 struct lcp_header *lh; 4738 struct mbuf *m; 4739 u_char *p; 4740 int len; 4741 unsigned int mlen; 4742 const char *msg; 4743 va_list ap; 4744 4745 MGETHDR (m, M_DONTWAIT, MT_DATA); 4746 if (! m) 4747 return; 4748 m->m_pkthdr.rcvif = 0; 4749 4750 h = mtod (m, struct ppp_header*); 4751 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4752 h->control = PPP_UI; /* Unnumbered Info */ 4753 h->protocol = htons(cp->proto); 4754 4755 lh = (struct lcp_header*)(h + 1); 4756 lh->type = type; 4757 lh->ident = id; 4758 p = (u_char*) (lh+1); 4759 4760 va_start(ap, id); 4761 len = 0; 4762 4763 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4764 msg = va_arg(ap, const char *); 4765 len += mlen; 4766 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4767 va_end(ap); 4768 m_freem(m); 4769 return; 4770 } 4771 4772 bcopy(msg, p, mlen); 4773 p += mlen; 4774 } 4775 va_end(ap); 4776 4777 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4778 lh->len = htons (LCP_HEADER_LEN + len); 4779 4780 if (debug) { 4781 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4782 SPP_ARGS(ifp), cp->name, 4783 sppp_auth_type_name(cp->proto, lh->type), 4784 lh->ident, ntohs(lh->len)); 4785 sppp_print_bytes((u_char*) (lh+1), len); 4786 log(-1, ">\n"); 4787 } 4788 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 4789 ifp->if_oerrors++; 4790} 4791 4792/* 4793 * Flush interface queue. 4794 */ 4795static void 4796sppp_qflush(struct ifqueue *ifq) 4797{ 4798 struct mbuf *m, *n; 4799 4800 n = ifq->ifq_head; 4801 while ((m = n)) { 4802 n = m->m_act; 4803 m_freem (m); 4804 } 4805 ifq->ifq_head = 0; 4806 ifq->ifq_tail = 0; 4807 ifq->ifq_len = 0; 4808} 4809 4810/* 4811 * Send keepalive packets, every 10 seconds. 4812 */ 4813static void 4814sppp_keepalive(void *dummy) 4815{ 4816 struct sppp *sp = (struct sppp*)dummy; 4817 struct ifnet *ifp = SP2IFP(sp); 4818 int s; 4819 4820 s = splimp(); 4821 SPPP_LOCK(sp); 4822 /* Keepalive mode disabled or channel down? */ 4823 if (! (sp->pp_flags & PP_KEEPALIVE) || 4824 ! (ifp->if_drv_flags & IFF_DRV_RUNNING)) 4825 goto out; 4826 4827 if (sp->pp_mode == PP_FR) { 4828 sppp_fr_keepalive (sp); 4829 goto out; 4830 } 4831 4832 /* No keepalive in PPP mode if LCP not opened yet. */ 4833 if (sp->pp_mode != IFF_CISCO && 4834 sp->pp_phase < PHASE_AUTHENTICATE) 4835 goto out; 4836 4837 if (sp->pp_alivecnt == MAXALIVECNT) { 4838 /* No keepalive packets got. Stop the interface. */ 4839 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4840 if_down (ifp); 4841 sppp_qflush (&sp->pp_cpq); 4842 if (sp->pp_mode != IFF_CISCO) { 4843 /* XXX */ 4844 /* Shut down the PPP link. */ 4845 lcp.Down(sp); 4846 /* Initiate negotiation. XXX */ 4847 lcp.Up(sp); 4848 } 4849 } 4850 if (sp->pp_alivecnt <= MAXALIVECNT) 4851 ++sp->pp_alivecnt; 4852 if (sp->pp_mode == IFF_CISCO) 4853 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4854 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4855 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4856 long nmagic = htonl (sp->lcp.magic); 4857 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4858 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4859 sp->lcp.echoid, 4, &nmagic); 4860 } 4861out: 4862 SPPP_UNLOCK(sp); 4863 splx(s); 4864 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 4865 (void *)sp); 4866} 4867 4868/* 4869 * Get both IP addresses. 4870 */ 4871void 4872sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4873{ 4874 struct ifnet *ifp = SP2IFP(sp); 4875 struct ifaddr *ifa; 4876 struct sockaddr_in *si, *sm; 4877 u_long ssrc, ddst; 4878 4879 sm = NULL; 4880 ssrc = ddst = 0L; 4881 /* 4882 * Pick the first AF_INET address from the list, 4883 * aliases don't make any sense on a p2p link anyway. 4884 */ 4885 si = 0; 4886#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4887 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4888#elif defined(__NetBSD__) || defined (__OpenBSD__) 4889 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4890 ifa; 4891 ifa = TAILQ_NEXT(ifa, ifa_list)) 4892#else 4893 for (ifa = ifp->if_addrlist; 4894 ifa; 4895 ifa = ifa->ifa_next) 4896#endif 4897 if (ifa->ifa_addr->sa_family == AF_INET) { 4898 si = (struct sockaddr_in *)ifa->ifa_addr; 4899 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4900 if (si) 4901 break; 4902 } 4903 if (ifa) { 4904 if (si && si->sin_addr.s_addr) { 4905 ssrc = si->sin_addr.s_addr; 4906 if (srcmask) 4907 *srcmask = ntohl(sm->sin_addr.s_addr); 4908 } 4909 4910 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4911 if (si && si->sin_addr.s_addr) 4912 ddst = si->sin_addr.s_addr; 4913 } 4914 4915 if (dst) *dst = ntohl(ddst); 4916 if (src) *src = ntohl(ssrc); 4917} 4918 4919/* 4920 * Set my IP address. Must be called at splimp. 4921 */ 4922static void 4923sppp_set_ip_addr(struct sppp *sp, u_long src) 4924{ 4925 STDDCL; 4926 struct ifaddr *ifa; 4927 struct sockaddr_in *si; 4928 struct in_ifaddr *ia; 4929 4930 /* 4931 * Pick the first AF_INET address from the list, 4932 * aliases don't make any sense on a p2p link anyway. 4933 */ 4934 si = 0; 4935#if defined(__FreeBSD__) && __FreeBSD__ >= 3 4936 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4937#elif defined(__NetBSD__) || defined (__OpenBSD__) 4938 for (ifa = TAILQ_FIRST(&ifp->if_addrlist); 4939 ifa; 4940 ifa = TAILQ_NEXT(ifa, ifa_list)) 4941#else 4942 for (ifa = ifp->if_addrlist; 4943 ifa; 4944 ifa = ifa->ifa_next) 4945#endif 4946 { 4947 if (ifa->ifa_addr->sa_family == AF_INET) 4948 { 4949 si = (struct sockaddr_in *)ifa->ifa_addr; 4950 if (si) 4951 break; 4952 } 4953 } 4954 4955 if (ifa && si) 4956 { 4957 int error; 4958#if defined(__NetBSD__) && __NetBSD_Version__ >= 103080000 4959 struct sockaddr_in new_sin = *si; 4960 4961 new_sin.sin_addr.s_addr = htonl(src); 4962 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4963 if(debug && error) 4964 { 4965 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4966 " failed, error=%d\n", SPP_ARGS(ifp), error); 4967 } 4968#else 4969 /* delete old route */ 4970 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4971 if(debug && error) 4972 { 4973 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4974 SPP_ARGS(ifp), error); 4975 } 4976 4977 /* set new address */ 4978 si->sin_addr.s_addr = htonl(src); 4979 ia = ifatoia(ifa); 4980 LIST_REMOVE(ia, ia_hash); 4981 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4982 4983 /* add new route */ 4984 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4985 if (debug && error) 4986 { 4987 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4988 SPP_ARGS(ifp), error); 4989 } 4990#endif 4991 } 4992} 4993 4994#ifdef INET6 4995/* 4996 * Get both IPv6 addresses. 4997 */ 4998static void 4999sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 5000 struct in6_addr *srcmask) 5001{ 5002 struct ifnet *ifp = SP2IFP(sp); 5003 struct ifaddr *ifa; 5004 struct sockaddr_in6 *si, *sm; 5005 struct in6_addr ssrc, ddst; 5006 5007 sm = NULL; 5008 bzero(&ssrc, sizeof(ssrc)); 5009 bzero(&ddst, sizeof(ddst)); 5010 /* 5011 * Pick the first link-local AF_INET6 address from the list, 5012 * aliases don't make any sense on a p2p link anyway. 5013 */ 5014 si = 0; 5015#if defined(__FreeBSD__) && __FreeBSD__ >= 3 5016 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 5017#elif defined(__NetBSD__) || defined (__OpenBSD__) 5018 for (ifa = ifp->if_addrlist.tqh_first; 5019 ifa; 5020 ifa = ifa->ifa_list.tqe_next) 5021#else 5022 for (ifa = ifp->if_addrlist; 5023 ifa; 5024 ifa = ifa->ifa_next) 5025#endif 5026 if (ifa->ifa_addr->sa_family == AF_INET6) { 5027 si = (struct sockaddr_in6 *)ifa->ifa_addr; 5028 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 5029 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 5030 break; 5031 } 5032 if (ifa) { 5033 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 5034 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 5035 if (srcmask) { 5036 bcopy(&sm->sin6_addr, srcmask, 5037 sizeof(*srcmask)); 5038 } 5039 } 5040 5041 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 5042 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 5043 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 5044 } 5045 5046 if (dst) 5047 bcopy(&ddst, dst, sizeof(*dst)); 5048 if (src) 5049 bcopy(&ssrc, src, sizeof(*src)); 5050} 5051 5052#ifdef IPV6CP_MYIFID_DYN 5053/* 5054 * Generate random ifid. 5055 */ 5056static void 5057sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 5058{ 5059 /* TBD */ 5060} 5061 5062/* 5063 * Set my IPv6 address. Must be called at splimp. 5064 */ 5065static void 5066sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 5067{ 5068 STDDCL; 5069 struct ifaddr *ifa; 5070 struct sockaddr_in6 *sin6; 5071 5072 /* 5073 * Pick the first link-local AF_INET6 address from the list, 5074 * aliases don't make any sense on a p2p link anyway. 5075 */ 5076 5077 sin6 = NULL; 5078#if defined(__FreeBSD__) && __FreeBSD__ >= 3 5079 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 5080#elif defined(__NetBSD__) || defined (__OpenBSD__) 5081 for (ifa = ifp->if_addrlist.tqh_first; 5082 ifa; 5083 ifa = ifa->ifa_list.tqe_next) 5084#else 5085 for (ifa = ifp->if_addrlist; ifa; ifa = ifa->ifa_next) 5086#endif 5087 { 5088 if (ifa->ifa_addr->sa_family == AF_INET6) 5089 { 5090 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 5091 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 5092 break; 5093 } 5094 } 5095 5096 if (ifa && sin6) 5097 { 5098 int error; 5099 struct sockaddr_in6 new_sin6 = *sin6; 5100 5101 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 5102 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 5103 if (debug && error) 5104 { 5105 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 5106 " failed, error=%d\n", SPP_ARGS(ifp), error); 5107 } 5108 } 5109} 5110#endif 5111 5112/* 5113 * Suggest a candidate address to be used by peer. 5114 */ 5115static void 5116sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5117{ 5118 struct in6_addr myaddr; 5119 struct timeval tv; 5120 5121 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5122 5123 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5124 microtime(&tv); 5125 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5126 myaddr.s6_addr[14] ^= 0xff; 5127 myaddr.s6_addr[15] ^= 0xff; 5128 } else { 5129 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5130 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5131 } 5132 if (suggest) 5133 bcopy(&myaddr, suggest, sizeof(myaddr)); 5134} 5135#endif /*INET6*/ 5136 5137static int 5138sppp_params(struct sppp *sp, u_long cmd, void *data) 5139{ 5140 u_long subcmd; 5141 struct ifreq *ifr = (struct ifreq *)data; 5142 struct spppreq *spr; 5143 int rv = 0; 5144 5145 if ((spr = malloc(sizeof(struct spppreq), M_TEMP, M_NOWAIT)) == 0) 5146 return (EAGAIN); 5147 /* 5148 * ifr->ifr_data is supposed to point to a struct spppreq. 5149 * Check the cmd word first before attempting to fetch all the 5150 * data. 5151 */ 5152 if ((subcmd = fuword(ifr->ifr_data)) == -1) { 5153 rv = EFAULT; 5154 goto quit; 5155 } 5156 5157 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(struct spppreq)) != 0) { 5158 rv = EFAULT; 5159 goto quit; 5160 } 5161 5162 switch (subcmd) { 5163 case (int)SPPPIOGDEFS: 5164 if (cmd != SIOCGIFGENERIC) { 5165 rv = EINVAL; 5166 break; 5167 } 5168 /* 5169 * We copy over the entire current state, but clean 5170 * out some of the stuff we don't wanna pass up. 5171 * Remember, SIOCGIFGENERIC is unprotected, and can be 5172 * called by any user. No need to ever get PAP or 5173 * CHAP secrets back to userland anyway. 5174 */ 5175 spr->defs.pp_phase = sp->pp_phase; 5176 spr->defs.enable_vj = (sp->confflags & CONF_ENABLE_VJ) != 0; 5177 spr->defs.enable_ipv6 = (sp->confflags & CONF_ENABLE_IPV6) != 0; 5178 spr->defs.lcp = sp->lcp; 5179 spr->defs.ipcp = sp->ipcp; 5180 spr->defs.ipv6cp = sp->ipv6cp; 5181 spr->defs.myauth = sp->myauth; 5182 spr->defs.hisauth = sp->hisauth; 5183 bzero(spr->defs.myauth.secret, AUTHKEYLEN); 5184 bzero(spr->defs.myauth.challenge, AUTHKEYLEN); 5185 bzero(spr->defs.hisauth.secret, AUTHKEYLEN); 5186 bzero(spr->defs.hisauth.challenge, AUTHKEYLEN); 5187 /* 5188 * Fixup the LCP timeout value to milliseconds so 5189 * spppcontrol doesn't need to bother about the value 5190 * of "hz". We do the reverse calculation below when 5191 * setting it. 5192 */ 5193 spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz; 5194 rv = copyout(spr, (caddr_t)ifr->ifr_data, 5195 sizeof(struct spppreq)); 5196 break; 5197 5198 case (int)SPPPIOSDEFS: 5199 if (cmd != SIOCSIFGENERIC) { 5200 rv = EINVAL; 5201 break; 5202 } 5203 /* 5204 * We have a very specific idea of which fields we 5205 * allow being passed back from userland, so to not 5206 * clobber our current state. For one, we only allow 5207 * setting anything if LCP is in dead or establish 5208 * phase. Once the authentication negotiations 5209 * started, the authentication settings must not be 5210 * changed again. (The administrator can force an 5211 * ifconfig down in order to get LCP back into dead 5212 * phase.) 5213 * 5214 * Also, we only allow for authentication parameters to be 5215 * specified. 5216 * 5217 * XXX Should allow to set or clear pp_flags. 5218 * 5219 * Finally, if the respective authentication protocol to 5220 * be used is set differently than 0, but the secret is 5221 * passed as all zeros, we don't trash the existing secret. 5222 * This allows an administrator to change the system name 5223 * only without clobbering the secret (which he didn't get 5224 * back in a previous SPPPIOGDEFS call). However, the 5225 * secrets are cleared if the authentication protocol is 5226 * reset to 0. */ 5227 if (sp->pp_phase != PHASE_DEAD && 5228 sp->pp_phase != PHASE_ESTABLISH) { 5229 rv = EBUSY; 5230 break; 5231 } 5232 5233 if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP && 5234 spr->defs.myauth.proto != PPP_CHAP) || 5235 (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP && 5236 spr->defs.hisauth.proto != PPP_CHAP)) { 5237 rv = EINVAL; 5238 break; 5239 } 5240 5241 if (spr->defs.myauth.proto == 0) 5242 /* resetting myauth */ 5243 bzero(&sp->myauth, sizeof sp->myauth); 5244 else { 5245 /* setting/changing myauth */ 5246 sp->myauth.proto = spr->defs.myauth.proto; 5247 bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 5248 if (spr->defs.myauth.secret[0] != '\0') 5249 bcopy(spr->defs.myauth.secret, sp->myauth.secret, 5250 AUTHKEYLEN); 5251 } 5252 if (spr->defs.hisauth.proto == 0) 5253 /* resetting hisauth */ 5254 bzero(&sp->hisauth, sizeof sp->hisauth); 5255 else { 5256 /* setting/changing hisauth */ 5257 sp->hisauth.proto = spr->defs.hisauth.proto; 5258 sp->hisauth.flags = spr->defs.hisauth.flags; 5259 bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5260 if (spr->defs.hisauth.secret[0] != '\0') 5261 bcopy(spr->defs.hisauth.secret, sp->hisauth.secret, 5262 AUTHKEYLEN); 5263 } 5264 /* set LCP restart timer timeout */ 5265 if (spr->defs.lcp.timeout != 0) 5266 sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000; 5267 /* set VJ enable and IPv6 disable flags */ 5268#ifdef INET 5269 if (spr->defs.enable_vj) 5270 sp->confflags |= CONF_ENABLE_VJ; 5271 else 5272 sp->confflags &= ~CONF_ENABLE_VJ; 5273#endif 5274#ifdef INET6 5275 if (spr->defs.enable_ipv6) 5276 sp->confflags |= CONF_ENABLE_IPV6; 5277 else 5278 sp->confflags &= ~CONF_ENABLE_IPV6; 5279#endif 5280 break; 5281 5282 default: 5283 rv = EINVAL; 5284 } 5285 5286 quit: 5287 free(spr, M_TEMP); 5288 5289 return (rv); 5290} 5291 5292static void 5293sppp_phase_network(struct sppp *sp) 5294{ 5295 STDDCL; 5296 int i; 5297 u_long mask; 5298 5299 sp->pp_phase = PHASE_NETWORK; 5300 5301 if (debug) 5302 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5303 sppp_phase_name(sp->pp_phase)); 5304 5305 /* Notify NCPs now. */ 5306 for (i = 0; i < IDX_COUNT; i++) 5307 if ((cps[i])->flags & CP_NCP) 5308 (cps[i])->Open(sp); 5309 5310 /* Send Up events to all NCPs. */ 5311 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5312 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5313 (cps[i])->Up(sp); 5314 5315 /* if no NCP is starting, all this was in vain, close down */ 5316 sppp_lcp_check_and_close(sp); 5317} 5318 5319 5320static const char * 5321sppp_cp_type_name(u_char type) 5322{ 5323 static char buf[12]; 5324 switch (type) { 5325 case CONF_REQ: return "conf-req"; 5326 case CONF_ACK: return "conf-ack"; 5327 case CONF_NAK: return "conf-nak"; 5328 case CONF_REJ: return "conf-rej"; 5329 case TERM_REQ: return "term-req"; 5330 case TERM_ACK: return "term-ack"; 5331 case CODE_REJ: return "code-rej"; 5332 case PROTO_REJ: return "proto-rej"; 5333 case ECHO_REQ: return "echo-req"; 5334 case ECHO_REPLY: return "echo-reply"; 5335 case DISC_REQ: return "discard-req"; 5336 } 5337 snprintf (buf, sizeof(buf), "cp/0x%x", type); 5338 return buf; 5339} 5340 5341static const char * 5342sppp_auth_type_name(u_short proto, u_char type) 5343{ 5344 static char buf[12]; 5345 switch (proto) { 5346 case PPP_CHAP: 5347 switch (type) { 5348 case CHAP_CHALLENGE: return "challenge"; 5349 case CHAP_RESPONSE: return "response"; 5350 case CHAP_SUCCESS: return "success"; 5351 case CHAP_FAILURE: return "failure"; 5352 } 5353 case PPP_PAP: 5354 switch (type) { 5355 case PAP_REQ: return "req"; 5356 case PAP_ACK: return "ack"; 5357 case PAP_NAK: return "nak"; 5358 } 5359 } 5360 snprintf (buf, sizeof(buf), "auth/0x%x", type); 5361 return buf; 5362} 5363 5364static const char * 5365sppp_lcp_opt_name(u_char opt) 5366{ 5367 static char buf[12]; 5368 switch (opt) { 5369 case LCP_OPT_MRU: return "mru"; 5370 case LCP_OPT_ASYNC_MAP: return "async-map"; 5371 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5372 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5373 case LCP_OPT_MAGIC: return "magic"; 5374 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5375 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5376 } 5377 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 5378 return buf; 5379} 5380 5381static const char * 5382sppp_ipcp_opt_name(u_char opt) 5383{ 5384 static char buf[12]; 5385 switch (opt) { 5386 case IPCP_OPT_ADDRESSES: return "addresses"; 5387 case IPCP_OPT_COMPRESSION: return "compression"; 5388 case IPCP_OPT_ADDRESS: return "address"; 5389 } 5390 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 5391 return buf; 5392} 5393 5394#ifdef INET6 5395static const char * 5396sppp_ipv6cp_opt_name(u_char opt) 5397{ 5398 static char buf[12]; 5399 switch (opt) { 5400 case IPV6CP_OPT_IFID: return "ifid"; 5401 case IPV6CP_OPT_COMPRESSION: return "compression"; 5402 } 5403 sprintf (buf, "0x%x", opt); 5404 return buf; 5405} 5406#endif 5407 5408static const char * 5409sppp_state_name(int state) 5410{ 5411 switch (state) { 5412 case STATE_INITIAL: return "initial"; 5413 case STATE_STARTING: return "starting"; 5414 case STATE_CLOSED: return "closed"; 5415 case STATE_STOPPED: return "stopped"; 5416 case STATE_CLOSING: return "closing"; 5417 case STATE_STOPPING: return "stopping"; 5418 case STATE_REQ_SENT: return "req-sent"; 5419 case STATE_ACK_RCVD: return "ack-rcvd"; 5420 case STATE_ACK_SENT: return "ack-sent"; 5421 case STATE_OPENED: return "opened"; 5422 } 5423 return "illegal"; 5424} 5425 5426static const char * 5427sppp_phase_name(enum ppp_phase phase) 5428{ 5429 switch (phase) { 5430 case PHASE_DEAD: return "dead"; 5431 case PHASE_ESTABLISH: return "establish"; 5432 case PHASE_TERMINATE: return "terminate"; 5433 case PHASE_AUTHENTICATE: return "authenticate"; 5434 case PHASE_NETWORK: return "network"; 5435 } 5436 return "illegal"; 5437} 5438 5439static const char * 5440sppp_proto_name(u_short proto) 5441{ 5442 static char buf[12]; 5443 switch (proto) { 5444 case PPP_LCP: return "lcp"; 5445 case PPP_IPCP: return "ipcp"; 5446 case PPP_PAP: return "pap"; 5447 case PPP_CHAP: return "chap"; 5448 case PPP_IPV6CP: return "ipv6cp"; 5449 } 5450 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5451 return buf; 5452} 5453 5454static void 5455sppp_print_bytes(const u_char *p, u_short len) 5456{ 5457 if (len) 5458 log(-1, " %*D", len, p, "-"); 5459} 5460 5461static void 5462sppp_print_string(const char *p, u_short len) 5463{ 5464 u_char c; 5465 5466 while (len-- > 0) { 5467 c = *p++; 5468 /* 5469 * Print only ASCII chars directly. RFC 1994 recommends 5470 * using only them, but we don't rely on it. */ 5471 if (c < ' ' || c > '~') 5472 log(-1, "\\x%x", c); 5473 else 5474 log(-1, "%c", c); 5475 } 5476} 5477 5478static const char * 5479sppp_dotted_quad(u_long addr) 5480{ 5481 static char s[16]; 5482 sprintf(s, "%d.%d.%d.%d", 5483 (int)((addr >> 24) & 0xff), 5484 (int)((addr >> 16) & 0xff), 5485 (int)((addr >> 8) & 0xff), 5486 (int)(addr & 0xff)); 5487 return s; 5488} 5489 5490static int 5491sppp_strnlen(u_char *p, int max) 5492{ 5493 int len; 5494 5495 for (len = 0; len < max && *p; ++p) 5496 ++len; 5497 return len; 5498} 5499 5500/* a dummy, used to drop uninteresting events */ 5501static void 5502sppp_null(struct sppp *unused) 5503{ 5504 /* do just nothing */ 5505} 5506