if_spppsubr.c revision 257176
1/* 2 * Synchronous PPP/Cisco/Frame Relay link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 */ 5/*- 6 * Copyright (C) 1994-2000 Cronyx Engineering. 7 * Author: Serge Vakulenko, <vak@cronyx.ru> 8 * 9 * Heavily revamped to conform to RFC 1661. 10 * Copyright (C) 1997, 2001 Joerg Wunsch. 11 * 12 * This software is distributed with NO WARRANTIES, not even the implied 13 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 14 * 15 * Authors grant any other persons or organisations permission to use 16 * or modify this software as long as this message is kept with the software, 17 * all derivative works or modified versions. 18 * 19 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 20 * 21 * $FreeBSD: head/sys/net/if_spppsubr.c 257176 2013-10-26 17:58:36Z glebius $ 22 */ 23 24#include <sys/param.h> 25 26#include "opt_inet.h" 27#include "opt_inet6.h" 28#include "opt_ipx.h" 29 30#include <sys/systm.h> 31#include <sys/kernel.h> 32#include <sys/module.h> 33#include <sys/sockio.h> 34#include <sys/socket.h> 35#include <sys/syslog.h> 36#include <sys/random.h> 37#include <sys/malloc.h> 38#include <sys/mbuf.h> 39 40#include <sys/md5.h> 41 42#include <net/if.h> 43#include <net/if_var.h> 44#include <net/netisr.h> 45#include <net/if_types.h> 46#include <net/route.h> 47#include <net/vnet.h> 48#include <netinet/in.h> 49#include <netinet/in_systm.h> 50#include <netinet/ip.h> 51#include <net/slcompress.h> 52 53#include <machine/stdarg.h> 54 55#include <netinet/in_var.h> 56 57#ifdef INET 58#include <netinet/ip.h> 59#include <netinet/tcp.h> 60#endif 61 62#ifdef INET6 63#include <netinet6/scope6_var.h> 64#endif 65 66#include <netinet/if_ether.h> 67 68#ifdef IPX 69#include <netipx/ipx.h> 70#include <netipx/ipx_if.h> 71#endif 72 73#include <net/if_sppp.h> 74 75#define IOCTL_CMD_T u_long 76#define MAXALIVECNT 3 /* max. alive packets */ 77 78/* 79 * Interface flags that can be set in an ifconfig command. 80 * 81 * Setting link0 will make the link passive, i.e. it will be marked 82 * as being administrative openable, but won't be opened to begin 83 * with. Incoming calls will be answered, or subsequent calls with 84 * -link1 will cause the administrative open of the LCP layer. 85 * 86 * Setting link1 will cause the link to auto-dial only as packets 87 * arrive to be sent. 88 * 89 * Setting IFF_DEBUG will syslog the option negotiation and state 90 * transitions at level kern.debug. Note: all logs consistently look 91 * like 92 * 93 * <if-name><unit>: <proto-name> <additional info...> 94 * 95 * with <if-name><unit> being something like "bppp0", and <proto-name> 96 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 97 */ 98 99#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 100#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 101#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 102 103#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 104#define PPP_UI 0x03 /* Unnumbered Information */ 105#define PPP_IP 0x0021 /* Internet Protocol */ 106#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 107#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 108#define PPP_IPX 0x002b /* Novell IPX Protocol */ 109#define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */ 110#define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */ 111#define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 112#define PPP_LCP 0xc021 /* Link Control Protocol */ 113#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 114#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 115#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 116#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 117 118#define CONF_REQ 1 /* PPP configure request */ 119#define CONF_ACK 2 /* PPP configure acknowledge */ 120#define CONF_NAK 3 /* PPP configure negative ack */ 121#define CONF_REJ 4 /* PPP configure reject */ 122#define TERM_REQ 5 /* PPP terminate request */ 123#define TERM_ACK 6 /* PPP terminate acknowledge */ 124#define CODE_REJ 7 /* PPP code reject */ 125#define PROTO_REJ 8 /* PPP protocol reject */ 126#define ECHO_REQ 9 /* PPP echo request */ 127#define ECHO_REPLY 10 /* PPP echo reply */ 128#define DISC_REQ 11 /* PPP discard request */ 129 130#define LCP_OPT_MRU 1 /* maximum receive unit */ 131#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 132#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 133#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 134#define LCP_OPT_MAGIC 5 /* magic number */ 135#define LCP_OPT_RESERVED 6 /* reserved */ 136#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 137#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 138 139#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 140#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 141#define IPCP_OPT_ADDRESS 3 /* local IP address */ 142 143#define IPV6CP_OPT_IFID 1 /* interface identifier */ 144#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 145 146#define IPCP_COMP_VJ 0x2d /* Code for VJ compression */ 147 148#define PAP_REQ 1 /* PAP name/password request */ 149#define PAP_ACK 2 /* PAP acknowledge */ 150#define PAP_NAK 3 /* PAP fail */ 151 152#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 153#define CHAP_RESPONSE 2 /* CHAP challenge response */ 154#define CHAP_SUCCESS 3 /* CHAP response ok */ 155#define CHAP_FAILURE 4 /* CHAP response failed */ 156 157#define CHAP_MD5 5 /* hash algorithm - MD5 */ 158 159#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 160#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 161#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 162#define CISCO_ADDR_REQ 0 /* Cisco address request */ 163#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 164#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 165 166/* states are named and numbered according to RFC 1661 */ 167#define STATE_INITIAL 0 168#define STATE_STARTING 1 169#define STATE_CLOSED 2 170#define STATE_STOPPED 3 171#define STATE_CLOSING 4 172#define STATE_STOPPING 5 173#define STATE_REQ_SENT 6 174#define STATE_ACK_RCVD 7 175#define STATE_ACK_SENT 8 176#define STATE_OPENED 9 177 178static MALLOC_DEFINE(M_SPPP, "sppp", "synchronous PPP interface internals"); 179 180struct ppp_header { 181 u_char address; 182 u_char control; 183 u_short protocol; 184} __packed; 185#define PPP_HEADER_LEN sizeof (struct ppp_header) 186 187struct lcp_header { 188 u_char type; 189 u_char ident; 190 u_short len; 191} __packed; 192#define LCP_HEADER_LEN sizeof (struct lcp_header) 193 194struct cisco_packet { 195 u_long type; 196 u_long par1; 197 u_long par2; 198 u_short rel; 199 u_short time0; 200 u_short time1; 201} __packed; 202#define CISCO_PACKET_LEN sizeof (struct cisco_packet) 203 204/* 205 * We follow the spelling and capitalization of RFC 1661 here, to make 206 * it easier comparing with the standard. Please refer to this RFC in 207 * case you can't make sense out of these abbreviation; it will also 208 * explain the semantics related to the various events and actions. 209 */ 210struct cp { 211 u_short proto; /* PPP control protocol number */ 212 u_char protoidx; /* index into state table in struct sppp */ 213 u_char flags; 214#define CP_LCP 0x01 /* this is the LCP */ 215#define CP_AUTH 0x02 /* this is an authentication protocol */ 216#define CP_NCP 0x04 /* this is a NCP */ 217#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 218 const char *name; /* name of this control protocol */ 219 /* event handlers */ 220 void (*Up)(struct sppp *sp); 221 void (*Down)(struct sppp *sp); 222 void (*Open)(struct sppp *sp); 223 void (*Close)(struct sppp *sp); 224 void (*TO)(void *sp); 225 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 226 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 227 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 228 /* actions */ 229 void (*tlu)(struct sppp *sp); 230 void (*tld)(struct sppp *sp); 231 void (*tls)(struct sppp *sp); 232 void (*tlf)(struct sppp *sp); 233 void (*scr)(struct sppp *sp); 234}; 235 236#define SPP_FMT "%s: " 237#define SPP_ARGS(ifp) (ifp)->if_xname 238 239#define SPPP_LOCK(sp) mtx_lock (&(sp)->mtx) 240#define SPPP_UNLOCK(sp) mtx_unlock (&(sp)->mtx) 241#define SPPP_LOCK_ASSERT(sp) mtx_assert (&(sp)->mtx, MA_OWNED) 242#define SPPP_LOCK_OWNED(sp) mtx_owned (&(sp)->mtx) 243 244#ifdef INET 245/* 246 * The following disgusting hack gets around the problem that IP TOS 247 * can't be set yet. We want to put "interactive" traffic on a high 248 * priority queue. To decide if traffic is interactive, we check that 249 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 250 * 251 * XXX is this really still necessary? - joerg - 252 */ 253static const u_short interactive_ports[8] = { 254 0, 513, 0, 0, 255 0, 21, 0, 23, 256}; 257#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 258#endif 259 260/* almost every function needs these */ 261#define STDDCL \ 262 struct ifnet *ifp = SP2IFP(sp); \ 263 int debug = ifp->if_flags & IFF_DEBUG 264 265static int sppp_output(struct ifnet *ifp, struct mbuf *m, 266 const struct sockaddr *dst, struct route *ro); 267 268static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 269static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 270 271static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 272 struct mbuf *m); 273static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 274 u_char ident, u_short len, void *data); 275/* static void sppp_cp_timeout(void *arg); */ 276static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 277 int newstate); 278static void sppp_auth_send(const struct cp *cp, 279 struct sppp *sp, unsigned int type, unsigned int id, 280 ...); 281 282static void sppp_up_event(const struct cp *cp, struct sppp *sp); 283static void sppp_down_event(const struct cp *cp, struct sppp *sp); 284static void sppp_open_event(const struct cp *cp, struct sppp *sp); 285static void sppp_close_event(const struct cp *cp, struct sppp *sp); 286static void sppp_to_event(const struct cp *cp, struct sppp *sp); 287 288static void sppp_null(struct sppp *sp); 289 290static void sppp_pp_up(struct sppp *sp); 291static void sppp_pp_down(struct sppp *sp); 292 293static void sppp_lcp_init(struct sppp *sp); 294static void sppp_lcp_up(struct sppp *sp); 295static void sppp_lcp_down(struct sppp *sp); 296static void sppp_lcp_open(struct sppp *sp); 297static void sppp_lcp_close(struct sppp *sp); 298static void sppp_lcp_TO(void *sp); 299static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 300static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 301static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 302static void sppp_lcp_tlu(struct sppp *sp); 303static void sppp_lcp_tld(struct sppp *sp); 304static void sppp_lcp_tls(struct sppp *sp); 305static void sppp_lcp_tlf(struct sppp *sp); 306static void sppp_lcp_scr(struct sppp *sp); 307static void sppp_lcp_check_and_close(struct sppp *sp); 308static int sppp_ncp_check(struct sppp *sp); 309 310static void sppp_ipcp_init(struct sppp *sp); 311static void sppp_ipcp_up(struct sppp *sp); 312static void sppp_ipcp_down(struct sppp *sp); 313static void sppp_ipcp_open(struct sppp *sp); 314static void sppp_ipcp_close(struct sppp *sp); 315static void sppp_ipcp_TO(void *sp); 316static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 317static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 318static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 319static void sppp_ipcp_tlu(struct sppp *sp); 320static void sppp_ipcp_tld(struct sppp *sp); 321static void sppp_ipcp_tls(struct sppp *sp); 322static void sppp_ipcp_tlf(struct sppp *sp); 323static void sppp_ipcp_scr(struct sppp *sp); 324 325static void sppp_ipv6cp_init(struct sppp *sp); 326static void sppp_ipv6cp_up(struct sppp *sp); 327static void sppp_ipv6cp_down(struct sppp *sp); 328static void sppp_ipv6cp_open(struct sppp *sp); 329static void sppp_ipv6cp_close(struct sppp *sp); 330static void sppp_ipv6cp_TO(void *sp); 331static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 332static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 333static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 334static void sppp_ipv6cp_tlu(struct sppp *sp); 335static void sppp_ipv6cp_tld(struct sppp *sp); 336static void sppp_ipv6cp_tls(struct sppp *sp); 337static void sppp_ipv6cp_tlf(struct sppp *sp); 338static void sppp_ipv6cp_scr(struct sppp *sp); 339 340static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 341static void sppp_pap_init(struct sppp *sp); 342static void sppp_pap_open(struct sppp *sp); 343static void sppp_pap_close(struct sppp *sp); 344static void sppp_pap_TO(void *sp); 345static void sppp_pap_my_TO(void *sp); 346static void sppp_pap_tlu(struct sppp *sp); 347static void sppp_pap_tld(struct sppp *sp); 348static void sppp_pap_scr(struct sppp *sp); 349 350static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 351static void sppp_chap_init(struct sppp *sp); 352static void sppp_chap_open(struct sppp *sp); 353static void sppp_chap_close(struct sppp *sp); 354static void sppp_chap_TO(void *sp); 355static void sppp_chap_tlu(struct sppp *sp); 356static void sppp_chap_tld(struct sppp *sp); 357static void sppp_chap_scr(struct sppp *sp); 358 359static const char *sppp_auth_type_name(u_short proto, u_char type); 360static const char *sppp_cp_type_name(u_char type); 361#ifdef INET 362static const char *sppp_dotted_quad(u_long addr); 363static const char *sppp_ipcp_opt_name(u_char opt); 364#endif 365#ifdef INET6 366static const char *sppp_ipv6cp_opt_name(u_char opt); 367#endif 368static const char *sppp_lcp_opt_name(u_char opt); 369static const char *sppp_phase_name(enum ppp_phase phase); 370static const char *sppp_proto_name(u_short proto); 371static const char *sppp_state_name(int state); 372static int sppp_params(struct sppp *sp, u_long cmd, void *data); 373static int sppp_strnlen(u_char *p, int max); 374static void sppp_keepalive(void *dummy); 375static void sppp_phase_network(struct sppp *sp); 376static void sppp_print_bytes(const u_char *p, u_short len); 377static void sppp_print_string(const char *p, u_short len); 378static void sppp_qflush(struct ifqueue *ifq); 379#ifdef INET 380static void sppp_set_ip_addr(struct sppp *sp, u_long src); 381#endif 382#ifdef INET6 383static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 384 struct in6_addr *dst, struct in6_addr *srcmask); 385#ifdef IPV6CP_MYIFID_DYN 386static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 387static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 388#endif 389static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 390#endif 391 392/* if_start () wrapper */ 393static void sppp_ifstart (struct ifnet *ifp); 394 395/* our control protocol descriptors */ 396static const struct cp lcp = { 397 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 398 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 399 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 400 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 401 sppp_lcp_scr 402}; 403 404static const struct cp ipcp = { 405 PPP_IPCP, IDX_IPCP, 406#ifdef INET /* don't run IPCP if there's no IPv4 support */ 407 CP_NCP, 408#else 409 0, 410#endif 411 "ipcp", 412 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 413 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 414 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 415 sppp_ipcp_scr 416}; 417 418static const struct cp ipv6cp = { 419 PPP_IPV6CP, IDX_IPV6CP, 420#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 421 CP_NCP, 422#else 423 0, 424#endif 425 "ipv6cp", 426 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 427 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 428 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 429 sppp_ipv6cp_scr 430}; 431 432static const struct cp pap = { 433 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 434 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 435 sppp_pap_TO, 0, 0, 0, 436 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 437 sppp_pap_scr 438}; 439 440static const struct cp chap = { 441 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 442 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 443 sppp_chap_TO, 0, 0, 0, 444 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 445 sppp_chap_scr 446}; 447 448static const struct cp *cps[IDX_COUNT] = { 449 &lcp, /* IDX_LCP */ 450 &ipcp, /* IDX_IPCP */ 451 &ipv6cp, /* IDX_IPV6CP */ 452 &pap, /* IDX_PAP */ 453 &chap, /* IDX_CHAP */ 454}; 455 456static void* 457sppp_alloc(u_char type, struct ifnet *ifp) 458{ 459 struct sppp *sp; 460 461 sp = malloc(sizeof(struct sppp), M_SPPP, M_WAITOK | M_ZERO); 462 sp->pp_ifp = ifp; 463 464 return (sp); 465} 466 467static void 468sppp_free(void *com, u_char type) 469{ 470 471 free(com, M_SPPP); 472} 473 474static int 475sppp_modevent(module_t mod, int type, void *unused) 476{ 477 switch (type) { 478 case MOD_LOAD: 479 /* 480 * XXX: should probably be IFT_SPPP, but it's fairly 481 * harmless to allocate struct sppp's for non-sppp 482 * interfaces. 483 */ 484 485 if_register_com_alloc(IFT_PPP, sppp_alloc, sppp_free); 486 break; 487 case MOD_UNLOAD: 488 /* if_deregister_com_alloc(IFT_PPP); */ 489 return EACCES; 490 default: 491 return EOPNOTSUPP; 492 } 493 return 0; 494} 495static moduledata_t spppmod = { 496 "sppp", 497 sppp_modevent, 498 0 499}; 500MODULE_VERSION(sppp, 1); 501DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 502 503/* 504 * Exported functions, comprising our interface to the lower layer. 505 */ 506 507/* 508 * Process the received packet. 509 */ 510void 511sppp_input(struct ifnet *ifp, struct mbuf *m) 512{ 513 struct ppp_header *h; 514 int isr = -1; 515 struct sppp *sp = IFP2SP(ifp); 516 int debug, do_account = 0; 517#ifdef INET 518 int hlen, vjlen; 519 u_char *iphdr; 520#endif 521 522 SPPP_LOCK(sp); 523 debug = ifp->if_flags & IFF_DEBUG; 524 525 if (ifp->if_flags & IFF_UP) 526 /* Count received bytes, add FCS and one flag */ 527 ifp->if_ibytes += m->m_pkthdr.len + 3; 528 529 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 530 /* Too small packet, drop it. */ 531 if (debug) 532 log(LOG_DEBUG, 533 SPP_FMT "input packet is too small, %d bytes\n", 534 SPP_ARGS(ifp), m->m_pkthdr.len); 535 drop: 536 m_freem (m); 537 SPPP_UNLOCK(sp); 538 drop2: 539 ++ifp->if_ierrors; 540 ++ifp->if_iqdrops; 541 return; 542 } 543 544 if (sp->pp_mode == PP_FR) { 545 sppp_fr_input (sp, m); 546 SPPP_UNLOCK(sp); 547 return; 548 } 549 550 /* Get PPP header. */ 551 h = mtod (m, struct ppp_header*); 552 m_adj (m, PPP_HEADER_LEN); 553 554 switch (h->address) { 555 case PPP_ALLSTATIONS: 556 if (h->control != PPP_UI) 557 goto invalid; 558 if (sp->pp_mode == IFF_CISCO) { 559 if (debug) 560 log(LOG_DEBUG, 561 SPP_FMT "PPP packet in Cisco mode " 562 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 563 SPP_ARGS(ifp), 564 h->address, h->control, ntohs(h->protocol)); 565 goto drop; 566 } 567 switch (ntohs (h->protocol)) { 568 default: 569 if (debug) 570 log(LOG_DEBUG, 571 SPP_FMT "rejecting protocol " 572 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 573 SPP_ARGS(ifp), 574 h->address, h->control, ntohs(h->protocol)); 575 if (sp->state[IDX_LCP] == STATE_OPENED) 576 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 577 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 578 &h->protocol); 579 ++ifp->if_noproto; 580 goto drop; 581 case PPP_LCP: 582 sppp_cp_input(&lcp, sp, m); 583 m_freem (m); 584 SPPP_UNLOCK(sp); 585 return; 586 case PPP_PAP: 587 if (sp->pp_phase >= PHASE_AUTHENTICATE) 588 sppp_pap_input(sp, m); 589 m_freem (m); 590 SPPP_UNLOCK(sp); 591 return; 592 case PPP_CHAP: 593 if (sp->pp_phase >= PHASE_AUTHENTICATE) 594 sppp_chap_input(sp, m); 595 m_freem (m); 596 SPPP_UNLOCK(sp); 597 return; 598#ifdef INET 599 case PPP_IPCP: 600 if (sp->pp_phase == PHASE_NETWORK) 601 sppp_cp_input(&ipcp, sp, m); 602 m_freem (m); 603 SPPP_UNLOCK(sp); 604 return; 605 case PPP_IP: 606 if (sp->state[IDX_IPCP] == STATE_OPENED) { 607 isr = NETISR_IP; 608 } 609 do_account++; 610 break; 611 case PPP_VJ_COMP: 612 if (sp->state[IDX_IPCP] == STATE_OPENED) { 613 if ((vjlen = 614 sl_uncompress_tcp_core(mtod(m, u_char *), 615 m->m_len, m->m_len, 616 TYPE_COMPRESSED_TCP, 617 sp->pp_comp, 618 &iphdr, &hlen)) <= 0) { 619 if (debug) 620 log(LOG_INFO, 621 SPP_FMT "VJ uncompress failed on compressed packet\n", 622 SPP_ARGS(ifp)); 623 goto drop; 624 } 625 626 /* 627 * Trim the VJ header off the packet, and prepend 628 * the uncompressed IP header (which will usually 629 * end up in two chained mbufs since there's not 630 * enough leading space in the existing mbuf). 631 */ 632 m_adj(m, vjlen); 633 M_PREPEND(m, hlen, M_NOWAIT); 634 if (m == NULL) { 635 SPPP_UNLOCK(sp); 636 goto drop2; 637 } 638 bcopy(iphdr, mtod(m, u_char *), hlen); 639 isr = NETISR_IP; 640 } 641 do_account++; 642 break; 643 case PPP_VJ_UCOMP: 644 if (sp->state[IDX_IPCP] == STATE_OPENED) { 645 if (sl_uncompress_tcp_core(mtod(m, u_char *), 646 m->m_len, m->m_len, 647 TYPE_UNCOMPRESSED_TCP, 648 sp->pp_comp, 649 &iphdr, &hlen) != 0) { 650 if (debug) 651 log(LOG_INFO, 652 SPP_FMT "VJ uncompress failed on uncompressed packet\n", 653 SPP_ARGS(ifp)); 654 goto drop; 655 } 656 isr = NETISR_IP; 657 } 658 do_account++; 659 break; 660#endif 661#ifdef INET6 662 case PPP_IPV6CP: 663 if (sp->pp_phase == PHASE_NETWORK) 664 sppp_cp_input(&ipv6cp, sp, m); 665 m_freem (m); 666 SPPP_UNLOCK(sp); 667 return; 668 669 case PPP_IPV6: 670 if (sp->state[IDX_IPV6CP] == STATE_OPENED) 671 isr = NETISR_IPV6; 672 do_account++; 673 break; 674#endif 675#ifdef IPX 676 case PPP_IPX: 677 /* IPX IPXCP not implemented yet */ 678 if (sp->pp_phase == PHASE_NETWORK) 679 isr = NETISR_IPX; 680 do_account++; 681 break; 682#endif 683 } 684 break; 685 case CISCO_MULTICAST: 686 case CISCO_UNICAST: 687 /* Don't check the control field here (RFC 1547). */ 688 if (sp->pp_mode != IFF_CISCO) { 689 if (debug) 690 log(LOG_DEBUG, 691 SPP_FMT "Cisco packet in PPP mode " 692 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 693 SPP_ARGS(ifp), 694 h->address, h->control, ntohs(h->protocol)); 695 goto drop; 696 } 697 switch (ntohs (h->protocol)) { 698 default: 699 ++ifp->if_noproto; 700 goto invalid; 701 case CISCO_KEEPALIVE: 702 sppp_cisco_input (sp, m); 703 m_freem (m); 704 SPPP_UNLOCK(sp); 705 return; 706#ifdef INET 707 case ETHERTYPE_IP: 708 isr = NETISR_IP; 709 do_account++; 710 break; 711#endif 712#ifdef INET6 713 case ETHERTYPE_IPV6: 714 isr = NETISR_IPV6; 715 do_account++; 716 break; 717#endif 718#ifdef IPX 719 case ETHERTYPE_IPX: 720 isr = NETISR_IPX; 721 do_account++; 722 break; 723#endif 724 } 725 break; 726 default: /* Invalid PPP packet. */ 727 invalid: 728 if (debug) 729 log(LOG_DEBUG, 730 SPP_FMT "invalid input packet " 731 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 732 SPP_ARGS(ifp), 733 h->address, h->control, ntohs(h->protocol)); 734 goto drop; 735 } 736 737 if (! (ifp->if_flags & IFF_UP) || isr == -1) 738 goto drop; 739 740 SPPP_UNLOCK(sp); 741 M_SETFIB(m, ifp->if_fib); 742 /* Check queue. */ 743 if (netisr_queue(isr, m)) { /* (0) on success. */ 744 if (debug) 745 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 746 SPP_ARGS(ifp)); 747 goto drop2; 748 } 749 750 if (do_account) 751 /* 752 * Do only account for network packets, not for control 753 * packets. This is used by some subsystems to detect 754 * idle lines. 755 */ 756 sp->pp_last_recv = time_uptime; 757} 758 759static void 760sppp_ifstart_sched(void *dummy) 761{ 762 struct sppp *sp = dummy; 763 764 sp->if_start(SP2IFP(sp)); 765} 766 767/* if_start () wrapper function. We use it to schedule real if_start () for 768 * execution. We can't call it directly 769 */ 770static void 771sppp_ifstart(struct ifnet *ifp) 772{ 773 struct sppp *sp = IFP2SP(ifp); 774 775 if (SPPP_LOCK_OWNED(sp)) { 776 if (callout_pending(&sp->ifstart_callout)) 777 return; 778 callout_reset(&sp->ifstart_callout, 1, sppp_ifstart_sched, 779 (void *)sp); 780 } else { 781 sp->if_start(ifp); 782 } 783} 784 785/* 786 * Enqueue transmit packet. 787 */ 788static int 789sppp_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, 790 struct route *ro) 791{ 792 struct sppp *sp = IFP2SP(ifp); 793 struct ppp_header *h; 794 struct ifqueue *ifq = NULL; 795 int error, rv = 0; 796#ifdef INET 797 int ipproto = PPP_IP; 798#endif 799 int debug = ifp->if_flags & IFF_DEBUG; 800 801 SPPP_LOCK(sp); 802 803 if (!(ifp->if_flags & IFF_UP) || 804 (!(ifp->if_flags & IFF_AUTO) && 805 !(ifp->if_drv_flags & IFF_DRV_RUNNING))) { 806#ifdef INET6 807 drop: 808#endif 809 m_freem (m); 810 SPPP_UNLOCK(sp); 811 return (ENETDOWN); 812 } 813 814 if ((ifp->if_flags & IFF_AUTO) && 815 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 816#ifdef INET6 817 /* 818 * XXX 819 * 820 * Hack to prevent the initialization-time generated 821 * IPv6 multicast packet to erroneously cause a 822 * dialout event in case IPv6 has been 823 * administratively disabled on that interface. 824 */ 825 if (dst->sa_family == AF_INET6 && 826 !(sp->confflags & CONF_ENABLE_IPV6)) 827 goto drop; 828#endif 829 /* 830 * Interface is not yet running, but auto-dial. Need 831 * to start LCP for it. 832 */ 833 ifp->if_drv_flags |= IFF_DRV_RUNNING; 834 lcp.Open(sp); 835 } 836 837#ifdef INET 838 if (dst->sa_family == AF_INET) { 839 /* XXX Check mbuf length here? */ 840 struct ip *ip = mtod (m, struct ip*); 841 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 842 843 /* 844 * When using dynamic local IP address assignment by using 845 * 0.0.0.0 as a local address, the first TCP session will 846 * not connect because the local TCP checksum is computed 847 * using 0.0.0.0 which will later become our real IP address 848 * so the TCP checksum computed at the remote end will 849 * become invalid. So we 850 * - don't let packets with src ip addr 0 thru 851 * - we flag TCP packets with src ip 0 as an error 852 */ 853 854 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 855 { 856 m_freem(m); 857 SPPP_UNLOCK(sp); 858 if(ip->ip_p == IPPROTO_TCP) 859 return(EADDRNOTAVAIL); 860 else 861 return(0); 862 } 863 864 /* 865 * Put low delay, telnet, rlogin and ftp control packets 866 * in front of the queue or let ALTQ take care. 867 */ 868 if (ALTQ_IS_ENABLED(&ifp->if_snd)) 869 ; 870 else if (_IF_QFULL(&sp->pp_fastq)) 871 ; 872 else if (ip->ip_tos & IPTOS_LOWDELAY) 873 ifq = &sp->pp_fastq; 874 else if (m->m_len < sizeof *ip + sizeof *tcp) 875 ; 876 else if (ip->ip_p != IPPROTO_TCP) 877 ; 878 else if (INTERACTIVE (ntohs (tcp->th_sport))) 879 ifq = &sp->pp_fastq; 880 else if (INTERACTIVE (ntohs (tcp->th_dport))) 881 ifq = &sp->pp_fastq; 882 883 /* 884 * Do IP Header compression 885 */ 886 if (sp->pp_mode != IFF_CISCO && sp->pp_mode != PP_FR && 887 (sp->ipcp.flags & IPCP_VJ) && ip->ip_p == IPPROTO_TCP) 888 switch (sl_compress_tcp(m, ip, sp->pp_comp, 889 sp->ipcp.compress_cid)) { 890 case TYPE_COMPRESSED_TCP: 891 ipproto = PPP_VJ_COMP; 892 break; 893 case TYPE_UNCOMPRESSED_TCP: 894 ipproto = PPP_VJ_UCOMP; 895 break; 896 case TYPE_IP: 897 ipproto = PPP_IP; 898 break; 899 default: 900 m_freem(m); 901 SPPP_UNLOCK(sp); 902 return (EINVAL); 903 } 904 } 905#endif 906 907#ifdef INET6 908 if (dst->sa_family == AF_INET6) { 909 /* XXX do something tricky here? */ 910 } 911#endif 912 913 if (sp->pp_mode == PP_FR) { 914 /* Add frame relay header. */ 915 m = sppp_fr_header (sp, m, dst->sa_family); 916 if (! m) 917 goto nobufs; 918 goto out; 919 } 920 921 /* 922 * Prepend general data packet PPP header. For now, IP only. 923 */ 924 M_PREPEND (m, PPP_HEADER_LEN, M_NOWAIT); 925 if (! m) { 926nobufs: if (debug) 927 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 928 SPP_ARGS(ifp)); 929 ++ifp->if_oerrors; 930 SPPP_UNLOCK(sp); 931 return (ENOBUFS); 932 } 933 /* 934 * May want to check size of packet 935 * (albeit due to the implementation it's always enough) 936 */ 937 h = mtod (m, struct ppp_header*); 938 if (sp->pp_mode == IFF_CISCO) { 939 h->address = CISCO_UNICAST; /* unicast address */ 940 h->control = 0; 941 } else { 942 h->address = PPP_ALLSTATIONS; /* broadcast address */ 943 h->control = PPP_UI; /* Unnumbered Info */ 944 } 945 946 switch (dst->sa_family) { 947#ifdef INET 948 case AF_INET: /* Internet Protocol */ 949 if (sp->pp_mode == IFF_CISCO) 950 h->protocol = htons (ETHERTYPE_IP); 951 else { 952 /* 953 * Don't choke with an ENETDOWN early. It's 954 * possible that we just started dialing out, 955 * so don't drop the packet immediately. If 956 * we notice that we run out of buffer space 957 * below, we will however remember that we are 958 * not ready to carry IP packets, and return 959 * ENETDOWN, as opposed to ENOBUFS. 960 */ 961 h->protocol = htons(ipproto); 962 if (sp->state[IDX_IPCP] != STATE_OPENED) 963 rv = ENETDOWN; 964 } 965 break; 966#endif 967#ifdef INET6 968 case AF_INET6: /* Internet Protocol */ 969 if (sp->pp_mode == IFF_CISCO) 970 h->protocol = htons (ETHERTYPE_IPV6); 971 else { 972 /* 973 * Don't choke with an ENETDOWN early. It's 974 * possible that we just started dialing out, 975 * so don't drop the packet immediately. If 976 * we notice that we run out of buffer space 977 * below, we will however remember that we are 978 * not ready to carry IP packets, and return 979 * ENETDOWN, as opposed to ENOBUFS. 980 */ 981 h->protocol = htons(PPP_IPV6); 982 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 983 rv = ENETDOWN; 984 } 985 break; 986#endif 987#ifdef IPX 988 case AF_IPX: /* Novell IPX Protocol */ 989 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 990 ETHERTYPE_IPX : PPP_IPX); 991 break; 992#endif 993 default: 994 m_freem (m); 995 ++ifp->if_oerrors; 996 SPPP_UNLOCK(sp); 997 return (EAFNOSUPPORT); 998 } 999 1000 /* 1001 * Queue message on interface, and start output if interface 1002 * not yet active. 1003 */ 1004out: 1005 if (ifq != NULL) 1006 error = !(IF_HANDOFF_ADJ(ifq, m, ifp, 3)); 1007 else 1008 IFQ_HANDOFF_ADJ(ifp, m, 3, error); 1009 if (error) { 1010 ++ifp->if_oerrors; 1011 SPPP_UNLOCK(sp); 1012 return (rv? rv: ENOBUFS); 1013 } 1014 SPPP_UNLOCK(sp); 1015 /* 1016 * Unlike in sppp_input(), we can always bump the timestamp 1017 * here since sppp_output() is only called on behalf of 1018 * network-layer traffic; control-layer traffic is handled 1019 * by sppp_cp_send(). 1020 */ 1021 sp->pp_last_sent = time_uptime; 1022 return (0); 1023} 1024 1025void 1026sppp_attach(struct ifnet *ifp) 1027{ 1028 struct sppp *sp = IFP2SP(ifp); 1029 1030 /* Initialize mtx lock */ 1031 mtx_init(&sp->mtx, "sppp", MTX_NETWORK_LOCK, MTX_DEF | MTX_RECURSE); 1032 1033 /* Initialize keepalive handler. */ 1034 callout_init(&sp->keepalive_callout, CALLOUT_MPSAFE); 1035 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 1036 (void *)sp); 1037 1038 ifp->if_mtu = PP_MTU; 1039 ifp->if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 1040 ifp->if_output = sppp_output; 1041#if 0 1042 sp->pp_flags = PP_KEEPALIVE; 1043#endif 1044 ifp->if_snd.ifq_maxlen = 32; 1045 sp->pp_fastq.ifq_maxlen = 32; 1046 sp->pp_cpq.ifq_maxlen = 20; 1047 sp->pp_loopcnt = 0; 1048 sp->pp_alivecnt = 0; 1049 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 1050 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 1051 sp->pp_phase = PHASE_DEAD; 1052 sp->pp_up = sppp_pp_up; 1053 sp->pp_down = sppp_pp_down; 1054 if(!mtx_initialized(&sp->pp_cpq.ifq_mtx)) 1055 mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", NULL, MTX_DEF); 1056 if(!mtx_initialized(&sp->pp_fastq.ifq_mtx)) 1057 mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", NULL, MTX_DEF); 1058 sp->pp_last_recv = sp->pp_last_sent = time_uptime; 1059 sp->confflags = 0; 1060#ifdef INET 1061 sp->confflags |= CONF_ENABLE_VJ; 1062#endif 1063#ifdef INET6 1064 sp->confflags |= CONF_ENABLE_IPV6; 1065#endif 1066 callout_init(&sp->ifstart_callout, CALLOUT_MPSAFE); 1067 sp->if_start = ifp->if_start; 1068 ifp->if_start = sppp_ifstart; 1069 sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAITOK); 1070 sl_compress_init(sp->pp_comp, -1); 1071 sppp_lcp_init(sp); 1072 sppp_ipcp_init(sp); 1073 sppp_ipv6cp_init(sp); 1074 sppp_pap_init(sp); 1075 sppp_chap_init(sp); 1076} 1077 1078void 1079sppp_detach(struct ifnet *ifp) 1080{ 1081 struct sppp *sp = IFP2SP(ifp); 1082 int i; 1083 1084 KASSERT(mtx_initialized(&sp->mtx), ("sppp mutex is not initialized")); 1085 1086 /* Stop keepalive handler. */ 1087 if (!callout_drain(&sp->keepalive_callout)) 1088 callout_stop(&sp->keepalive_callout); 1089 1090 for (i = 0; i < IDX_COUNT; i++) { 1091 if (!callout_drain(&sp->ch[i])) 1092 callout_stop(&sp->ch[i]); 1093 } 1094 if (!callout_drain(&sp->pap_my_to_ch)) 1095 callout_stop(&sp->pap_my_to_ch); 1096 mtx_destroy(&sp->pp_cpq.ifq_mtx); 1097 mtx_destroy(&sp->pp_fastq.ifq_mtx); 1098 mtx_destroy(&sp->mtx); 1099} 1100 1101/* 1102 * Flush the interface output queue. 1103 */ 1104static void 1105sppp_flush_unlocked(struct ifnet *ifp) 1106{ 1107 struct sppp *sp = IFP2SP(ifp); 1108 1109 sppp_qflush ((struct ifqueue *)&SP2IFP(sp)->if_snd); 1110 sppp_qflush (&sp->pp_fastq); 1111 sppp_qflush (&sp->pp_cpq); 1112} 1113 1114void 1115sppp_flush(struct ifnet *ifp) 1116{ 1117 struct sppp *sp = IFP2SP(ifp); 1118 1119 SPPP_LOCK(sp); 1120 sppp_flush_unlocked (ifp); 1121 SPPP_UNLOCK(sp); 1122} 1123 1124/* 1125 * Check if the output queue is empty. 1126 */ 1127int 1128sppp_isempty(struct ifnet *ifp) 1129{ 1130 struct sppp *sp = IFP2SP(ifp); 1131 int empty; 1132 1133 SPPP_LOCK(sp); 1134 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 1135 !SP2IFP(sp)->if_snd.ifq_head; 1136 SPPP_UNLOCK(sp); 1137 return (empty); 1138} 1139 1140/* 1141 * Get next packet to send. 1142 */ 1143struct mbuf * 1144sppp_dequeue(struct ifnet *ifp) 1145{ 1146 struct sppp *sp = IFP2SP(ifp); 1147 struct mbuf *m; 1148 1149 SPPP_LOCK(sp); 1150 /* 1151 * Process only the control protocol queue until we have at 1152 * least one NCP open. 1153 * 1154 * Do always serve all three queues in Cisco mode. 1155 */ 1156 IF_DEQUEUE(&sp->pp_cpq, m); 1157 if (m == NULL && 1158 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO || 1159 sp->pp_mode == PP_FR)) { 1160 IF_DEQUEUE(&sp->pp_fastq, m); 1161 if (m == NULL) 1162 IF_DEQUEUE (&SP2IFP(sp)->if_snd, m); 1163 } 1164 SPPP_UNLOCK(sp); 1165 return m; 1166} 1167 1168/* 1169 * Pick the next packet, do not remove it from the queue. 1170 */ 1171struct mbuf * 1172sppp_pick(struct ifnet *ifp) 1173{ 1174 struct sppp *sp = IFP2SP(ifp); 1175 struct mbuf *m; 1176 1177 SPPP_LOCK(sp); 1178 1179 m = sp->pp_cpq.ifq_head; 1180 if (m == NULL && 1181 (sp->pp_phase == PHASE_NETWORK || 1182 sp->pp_mode == IFF_CISCO || 1183 sp->pp_mode == PP_FR)) 1184 if ((m = sp->pp_fastq.ifq_head) == NULL) 1185 m = SP2IFP(sp)->if_snd.ifq_head; 1186 SPPP_UNLOCK(sp); 1187 return (m); 1188} 1189 1190/* 1191 * Process an ioctl request. Called on low priority level. 1192 */ 1193int 1194sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1195{ 1196 struct ifreq *ifr = (struct ifreq*) data; 1197 struct sppp *sp = IFP2SP(ifp); 1198 int rv, going_up, going_down, newmode; 1199 1200 SPPP_LOCK(sp); 1201 rv = 0; 1202 switch (cmd) { 1203 case SIOCAIFADDR: 1204 break; 1205 1206 case SIOCSIFADDR: 1207 /* set the interface "up" when assigning an IP address */ 1208 ifp->if_flags |= IFF_UP; 1209 /* FALLTHROUGH */ 1210 1211 case SIOCSIFFLAGS: 1212 going_up = ifp->if_flags & IFF_UP && 1213 (ifp->if_drv_flags & IFF_DRV_RUNNING) == 0; 1214 going_down = (ifp->if_flags & IFF_UP) == 0 && 1215 ifp->if_drv_flags & IFF_DRV_RUNNING; 1216 1217 newmode = ifp->if_flags & IFF_PASSIVE; 1218 if (!newmode) 1219 newmode = ifp->if_flags & IFF_AUTO; 1220 if (!newmode) 1221 newmode = ifp->if_flags & IFF_CISCO; 1222 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1223 ifp->if_flags |= newmode; 1224 1225 if (!newmode) 1226 newmode = sp->pp_flags & PP_FR; 1227 1228 if (newmode != sp->pp_mode) { 1229 going_down = 1; 1230 if (!going_up) 1231 going_up = ifp->if_drv_flags & IFF_DRV_RUNNING; 1232 } 1233 1234 if (going_down) { 1235 if (sp->pp_mode != IFF_CISCO && 1236 sp->pp_mode != PP_FR) 1237 lcp.Close(sp); 1238 else if (sp->pp_tlf) 1239 (sp->pp_tlf)(sp); 1240 sppp_flush_unlocked(ifp); 1241 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1242 sp->pp_mode = newmode; 1243 } 1244 1245 if (going_up) { 1246 if (sp->pp_mode != IFF_CISCO && 1247 sp->pp_mode != PP_FR) 1248 lcp.Close(sp); 1249 sp->pp_mode = newmode; 1250 if (sp->pp_mode == 0) { 1251 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1252 lcp.Open(sp); 1253 } 1254 if ((sp->pp_mode == IFF_CISCO) || 1255 (sp->pp_mode == PP_FR)) { 1256 if (sp->pp_tls) 1257 (sp->pp_tls)(sp); 1258 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1259 } 1260 } 1261 1262 break; 1263 1264#ifdef SIOCSIFMTU 1265#ifndef ifr_mtu 1266#define ifr_mtu ifr_metric 1267#endif 1268 case SIOCSIFMTU: 1269 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1270 return (EINVAL); 1271 ifp->if_mtu = ifr->ifr_mtu; 1272 break; 1273#endif 1274#ifdef SLIOCSETMTU 1275 case SLIOCSETMTU: 1276 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1277 return (EINVAL); 1278 ifp->if_mtu = *(short*)data; 1279 break; 1280#endif 1281#ifdef SIOCGIFMTU 1282 case SIOCGIFMTU: 1283 ifr->ifr_mtu = ifp->if_mtu; 1284 break; 1285#endif 1286#ifdef SLIOCGETMTU 1287 case SLIOCGETMTU: 1288 *(short*)data = ifp->if_mtu; 1289 break; 1290#endif 1291 case SIOCADDMULTI: 1292 case SIOCDELMULTI: 1293 break; 1294 1295 case SIOCGIFGENERIC: 1296 case SIOCSIFGENERIC: 1297 rv = sppp_params(sp, cmd, data); 1298 break; 1299 1300 default: 1301 rv = ENOTTY; 1302 } 1303 SPPP_UNLOCK(sp); 1304 return rv; 1305} 1306 1307/* 1308 * Cisco framing implementation. 1309 */ 1310 1311/* 1312 * Handle incoming Cisco keepalive protocol packets. 1313 */ 1314static void 1315sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1316{ 1317 STDDCL; 1318 struct cisco_packet *h; 1319 u_long me, mymask; 1320 1321 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1322 if (debug) 1323 log(LOG_DEBUG, 1324 SPP_FMT "cisco invalid packet length: %d bytes\n", 1325 SPP_ARGS(ifp), m->m_pkthdr.len); 1326 return; 1327 } 1328 h = mtod (m, struct cisco_packet*); 1329 if (debug) 1330 log(LOG_DEBUG, 1331 SPP_FMT "cisco input: %d bytes " 1332 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1333 SPP_ARGS(ifp), m->m_pkthdr.len, 1334 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1335 (u_int)h->time0, (u_int)h->time1); 1336 switch (ntohl (h->type)) { 1337 default: 1338 if (debug) 1339 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1340 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1341 break; 1342 case CISCO_ADDR_REPLY: 1343 /* Reply on address request, ignore */ 1344 break; 1345 case CISCO_KEEPALIVE_REQ: 1346 sp->pp_alivecnt = 0; 1347 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1348 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1349 /* Local and remote sequence numbers are equal. 1350 * Probably, the line is in loopback mode. */ 1351 if (sp->pp_loopcnt >= MAXALIVECNT) { 1352 printf (SPP_FMT "loopback\n", 1353 SPP_ARGS(ifp)); 1354 sp->pp_loopcnt = 0; 1355 if (ifp->if_flags & IFF_UP) { 1356 if_down (ifp); 1357 sppp_qflush (&sp->pp_cpq); 1358 } 1359 } 1360 ++sp->pp_loopcnt; 1361 1362 /* Generate new local sequence number */ 1363 sp->pp_seq[IDX_LCP] = random(); 1364 break; 1365 } 1366 sp->pp_loopcnt = 0; 1367 if (! (ifp->if_flags & IFF_UP) && 1368 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 1369 if_up(ifp); 1370 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1371 } 1372 break; 1373 case CISCO_ADDR_REQ: 1374 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1375 if (me != 0L) 1376 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1377 break; 1378 } 1379} 1380 1381/* 1382 * Send Cisco keepalive packet. 1383 */ 1384static void 1385sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1386{ 1387 STDDCL; 1388 struct ppp_header *h; 1389 struct cisco_packet *ch; 1390 struct mbuf *m; 1391 struct timeval tv; 1392 1393 getmicrouptime(&tv); 1394 1395 MGETHDR (m, M_NOWAIT, MT_DATA); 1396 if (! m) 1397 return; 1398 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1399 m->m_pkthdr.rcvif = 0; 1400 1401 h = mtod (m, struct ppp_header*); 1402 h->address = CISCO_MULTICAST; 1403 h->control = 0; 1404 h->protocol = htons (CISCO_KEEPALIVE); 1405 1406 ch = (struct cisco_packet*) (h + 1); 1407 ch->type = htonl (type); 1408 ch->par1 = htonl (par1); 1409 ch->par2 = htonl (par2); 1410 ch->rel = -1; 1411 1412 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1413 ch->time1 = htons ((u_short) tv.tv_sec); 1414 1415 if (debug) 1416 log(LOG_DEBUG, 1417 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1418 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1419 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1420 1421 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1422 ifp->if_oerrors++; 1423} 1424 1425/* 1426 * PPP protocol implementation. 1427 */ 1428 1429/* 1430 * Send PPP control protocol packet. 1431 */ 1432static void 1433sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1434 u_char ident, u_short len, void *data) 1435{ 1436 STDDCL; 1437 struct ppp_header *h; 1438 struct lcp_header *lh; 1439 struct mbuf *m; 1440 1441 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1442 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1443 MGETHDR (m, M_NOWAIT, MT_DATA); 1444 if (! m) 1445 return; 1446 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1447 m->m_pkthdr.rcvif = 0; 1448 1449 h = mtod (m, struct ppp_header*); 1450 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1451 h->control = PPP_UI; /* Unnumbered Info */ 1452 h->protocol = htons (proto); /* Link Control Protocol */ 1453 1454 lh = (struct lcp_header*) (h + 1); 1455 lh->type = type; 1456 lh->ident = ident; 1457 lh->len = htons (LCP_HEADER_LEN + len); 1458 if (len) 1459 bcopy (data, lh+1, len); 1460 1461 if (debug) { 1462 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1463 SPP_ARGS(ifp), 1464 sppp_proto_name(proto), 1465 sppp_cp_type_name (lh->type), lh->ident, 1466 ntohs (lh->len)); 1467 sppp_print_bytes ((u_char*) (lh+1), len); 1468 log(-1, ">\n"); 1469 } 1470 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1471 ifp->if_oerrors++; 1472} 1473 1474/* 1475 * Handle incoming PPP control protocol packets. 1476 */ 1477static void 1478sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1479{ 1480 STDDCL; 1481 struct lcp_header *h; 1482 int len = m->m_pkthdr.len; 1483 int rv; 1484 u_char *p; 1485 1486 if (len < 4) { 1487 if (debug) 1488 log(LOG_DEBUG, 1489 SPP_FMT "%s invalid packet length: %d bytes\n", 1490 SPP_ARGS(ifp), cp->name, len); 1491 return; 1492 } 1493 h = mtod (m, struct lcp_header*); 1494 if (debug) { 1495 log(LOG_DEBUG, 1496 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1497 SPP_ARGS(ifp), cp->name, 1498 sppp_state_name(sp->state[cp->protoidx]), 1499 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1500 sppp_print_bytes ((u_char*) (h+1), len-4); 1501 log(-1, ">\n"); 1502 } 1503 if (len > ntohs (h->len)) 1504 len = ntohs (h->len); 1505 p = (u_char *)(h + 1); 1506 switch (h->type) { 1507 case CONF_REQ: 1508 if (len < 4) { 1509 if (debug) 1510 log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1511 SPP_ARGS(ifp), cp->name, 1512 len); 1513 ++ifp->if_ierrors; 1514 break; 1515 } 1516 /* handle states where RCR doesn't get a SCA/SCN */ 1517 switch (sp->state[cp->protoidx]) { 1518 case STATE_CLOSING: 1519 case STATE_STOPPING: 1520 return; 1521 case STATE_CLOSED: 1522 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1523 0, 0); 1524 return; 1525 } 1526 rv = (cp->RCR)(sp, h, len); 1527 switch (sp->state[cp->protoidx]) { 1528 case STATE_OPENED: 1529 (cp->tld)(sp); 1530 (cp->scr)(sp); 1531 /* FALLTHROUGH */ 1532 case STATE_ACK_SENT: 1533 case STATE_REQ_SENT: 1534 /* 1535 * sppp_cp_change_state() have the side effect of 1536 * restarting the timeouts. We want to avoid that 1537 * if the state don't change, otherwise we won't 1538 * ever timeout and resend a configuration request 1539 * that got lost. 1540 */ 1541 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1542 STATE_REQ_SENT)) 1543 break; 1544 sppp_cp_change_state(cp, sp, rv? 1545 STATE_ACK_SENT: STATE_REQ_SENT); 1546 break; 1547 case STATE_STOPPED: 1548 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1549 (cp->scr)(sp); 1550 sppp_cp_change_state(cp, sp, rv? 1551 STATE_ACK_SENT: STATE_REQ_SENT); 1552 break; 1553 case STATE_ACK_RCVD: 1554 if (rv) { 1555 sppp_cp_change_state(cp, sp, STATE_OPENED); 1556 if (debug) 1557 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1558 SPP_ARGS(ifp), 1559 cp->name); 1560 (cp->tlu)(sp); 1561 } else 1562 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1563 break; 1564 default: 1565 printf(SPP_FMT "%s illegal %s in state %s\n", 1566 SPP_ARGS(ifp), cp->name, 1567 sppp_cp_type_name(h->type), 1568 sppp_state_name(sp->state[cp->protoidx])); 1569 ++ifp->if_ierrors; 1570 } 1571 break; 1572 case CONF_ACK: 1573 if (h->ident != sp->confid[cp->protoidx]) { 1574 if (debug) 1575 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1576 SPP_ARGS(ifp), cp->name, 1577 h->ident, sp->confid[cp->protoidx]); 1578 ++ifp->if_ierrors; 1579 break; 1580 } 1581 switch (sp->state[cp->protoidx]) { 1582 case STATE_CLOSED: 1583 case STATE_STOPPED: 1584 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1585 break; 1586 case STATE_CLOSING: 1587 case STATE_STOPPING: 1588 break; 1589 case STATE_REQ_SENT: 1590 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1591 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1592 break; 1593 case STATE_OPENED: 1594 (cp->tld)(sp); 1595 /* FALLTHROUGH */ 1596 case STATE_ACK_RCVD: 1597 (cp->scr)(sp); 1598 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1599 break; 1600 case STATE_ACK_SENT: 1601 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1602 sppp_cp_change_state(cp, sp, STATE_OPENED); 1603 if (debug) 1604 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1605 SPP_ARGS(ifp), cp->name); 1606 (cp->tlu)(sp); 1607 break; 1608 default: 1609 printf(SPP_FMT "%s illegal %s in state %s\n", 1610 SPP_ARGS(ifp), cp->name, 1611 sppp_cp_type_name(h->type), 1612 sppp_state_name(sp->state[cp->protoidx])); 1613 ++ifp->if_ierrors; 1614 } 1615 break; 1616 case CONF_NAK: 1617 case CONF_REJ: 1618 if (h->ident != sp->confid[cp->protoidx]) { 1619 if (debug) 1620 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1621 SPP_ARGS(ifp), cp->name, 1622 h->ident, sp->confid[cp->protoidx]); 1623 ++ifp->if_ierrors; 1624 break; 1625 } 1626 if (h->type == CONF_NAK) 1627 (cp->RCN_nak)(sp, h, len); 1628 else /* CONF_REJ */ 1629 (cp->RCN_rej)(sp, h, len); 1630 1631 switch (sp->state[cp->protoidx]) { 1632 case STATE_CLOSED: 1633 case STATE_STOPPED: 1634 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1635 break; 1636 case STATE_REQ_SENT: 1637 case STATE_ACK_SENT: 1638 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1639 /* 1640 * Slow things down a bit if we think we might be 1641 * in loopback. Depend on the timeout to send the 1642 * next configuration request. 1643 */ 1644 if (sp->pp_loopcnt) 1645 break; 1646 (cp->scr)(sp); 1647 break; 1648 case STATE_OPENED: 1649 (cp->tld)(sp); 1650 /* FALLTHROUGH */ 1651 case STATE_ACK_RCVD: 1652 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1653 (cp->scr)(sp); 1654 break; 1655 case STATE_CLOSING: 1656 case STATE_STOPPING: 1657 break; 1658 default: 1659 printf(SPP_FMT "%s illegal %s in state %s\n", 1660 SPP_ARGS(ifp), cp->name, 1661 sppp_cp_type_name(h->type), 1662 sppp_state_name(sp->state[cp->protoidx])); 1663 ++ifp->if_ierrors; 1664 } 1665 break; 1666 1667 case TERM_REQ: 1668 switch (sp->state[cp->protoidx]) { 1669 case STATE_ACK_RCVD: 1670 case STATE_ACK_SENT: 1671 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1672 /* FALLTHROUGH */ 1673 case STATE_CLOSED: 1674 case STATE_STOPPED: 1675 case STATE_CLOSING: 1676 case STATE_STOPPING: 1677 case STATE_REQ_SENT: 1678 sta: 1679 /* Send Terminate-Ack packet. */ 1680 if (debug) 1681 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1682 SPP_ARGS(ifp), cp->name); 1683 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1684 break; 1685 case STATE_OPENED: 1686 (cp->tld)(sp); 1687 sp->rst_counter[cp->protoidx] = 0; 1688 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1689 goto sta; 1690 break; 1691 default: 1692 printf(SPP_FMT "%s illegal %s in state %s\n", 1693 SPP_ARGS(ifp), cp->name, 1694 sppp_cp_type_name(h->type), 1695 sppp_state_name(sp->state[cp->protoidx])); 1696 ++ifp->if_ierrors; 1697 } 1698 break; 1699 case TERM_ACK: 1700 switch (sp->state[cp->protoidx]) { 1701 case STATE_CLOSED: 1702 case STATE_STOPPED: 1703 case STATE_REQ_SENT: 1704 case STATE_ACK_SENT: 1705 break; 1706 case STATE_CLOSING: 1707 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1708 (cp->tlf)(sp); 1709 break; 1710 case STATE_STOPPING: 1711 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1712 (cp->tlf)(sp); 1713 break; 1714 case STATE_ACK_RCVD: 1715 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1716 break; 1717 case STATE_OPENED: 1718 (cp->tld)(sp); 1719 (cp->scr)(sp); 1720 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1721 break; 1722 default: 1723 printf(SPP_FMT "%s illegal %s in state %s\n", 1724 SPP_ARGS(ifp), cp->name, 1725 sppp_cp_type_name(h->type), 1726 sppp_state_name(sp->state[cp->protoidx])); 1727 ++ifp->if_ierrors; 1728 } 1729 break; 1730 case CODE_REJ: 1731 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1732 log(LOG_INFO, 1733 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1734 "danger will robinson\n", 1735 SPP_ARGS(ifp), cp->name, 1736 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1737 switch (sp->state[cp->protoidx]) { 1738 case STATE_CLOSED: 1739 case STATE_STOPPED: 1740 case STATE_REQ_SENT: 1741 case STATE_ACK_SENT: 1742 case STATE_CLOSING: 1743 case STATE_STOPPING: 1744 case STATE_OPENED: 1745 break; 1746 case STATE_ACK_RCVD: 1747 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1748 break; 1749 default: 1750 printf(SPP_FMT "%s illegal %s in state %s\n", 1751 SPP_ARGS(ifp), cp->name, 1752 sppp_cp_type_name(h->type), 1753 sppp_state_name(sp->state[cp->protoidx])); 1754 ++ifp->if_ierrors; 1755 } 1756 break; 1757 case PROTO_REJ: 1758 { 1759 int catastrophic; 1760 const struct cp *upper; 1761 int i; 1762 u_int16_t proto; 1763 1764 catastrophic = 0; 1765 upper = NULL; 1766 proto = ntohs(*((u_int16_t *)p)); 1767 for (i = 0; i < IDX_COUNT; i++) { 1768 if (cps[i]->proto == proto) { 1769 upper = cps[i]; 1770 break; 1771 } 1772 } 1773 if (upper == NULL) 1774 catastrophic++; 1775 1776 if (catastrophic || debug) 1777 log(catastrophic? LOG_INFO: LOG_DEBUG, 1778 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1779 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1780 sppp_cp_type_name(h->type), proto, 1781 upper ? upper->name : "unknown", 1782 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1783 1784 /* 1785 * if we got RXJ+ against conf-req, the peer does not implement 1786 * this particular protocol type. terminate the protocol. 1787 */ 1788 if (upper && !catastrophic) { 1789 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1790 upper->Close(sp); 1791 break; 1792 } 1793 } 1794 1795 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1796 switch (sp->state[cp->protoidx]) { 1797 case STATE_CLOSED: 1798 case STATE_STOPPED: 1799 case STATE_REQ_SENT: 1800 case STATE_ACK_SENT: 1801 case STATE_CLOSING: 1802 case STATE_STOPPING: 1803 case STATE_OPENED: 1804 break; 1805 case STATE_ACK_RCVD: 1806 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1807 break; 1808 default: 1809 printf(SPP_FMT "%s illegal %s in state %s\n", 1810 SPP_ARGS(ifp), cp->name, 1811 sppp_cp_type_name(h->type), 1812 sppp_state_name(sp->state[cp->protoidx])); 1813 ++ifp->if_ierrors; 1814 } 1815 break; 1816 } 1817 case DISC_REQ: 1818 if (cp->proto != PPP_LCP) 1819 goto illegal; 1820 /* Discard the packet. */ 1821 break; 1822 case ECHO_REQ: 1823 if (cp->proto != PPP_LCP) 1824 goto illegal; 1825 if (sp->state[cp->protoidx] != STATE_OPENED) { 1826 if (debug) 1827 log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1828 SPP_ARGS(ifp)); 1829 ++ifp->if_ierrors; 1830 break; 1831 } 1832 if (len < 8) { 1833 if (debug) 1834 log(-1, SPP_FMT "invalid lcp echo request " 1835 "packet length: %d bytes\n", 1836 SPP_ARGS(ifp), len); 1837 break; 1838 } 1839 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1840 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1841 /* Line loopback mode detected. */ 1842 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1843 sp->pp_loopcnt = MAXALIVECNT * 5; 1844 if_down (ifp); 1845 sppp_qflush (&sp->pp_cpq); 1846 1847 /* Shut down the PPP link. */ 1848 /* XXX */ 1849 lcp.Down(sp); 1850 lcp.Up(sp); 1851 break; 1852 } 1853 *(long*)(h+1) = htonl (sp->lcp.magic); 1854 if (debug) 1855 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1856 SPP_ARGS(ifp)); 1857 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1858 break; 1859 case ECHO_REPLY: 1860 if (cp->proto != PPP_LCP) 1861 goto illegal; 1862 if (h->ident != sp->lcp.echoid) { 1863 ++ifp->if_ierrors; 1864 break; 1865 } 1866 if (len < 8) { 1867 if (debug) 1868 log(-1, SPP_FMT "lcp invalid echo reply " 1869 "packet length: %d bytes\n", 1870 SPP_ARGS(ifp), len); 1871 break; 1872 } 1873 if (debug) 1874 log(-1, SPP_FMT "lcp got echo rep\n", 1875 SPP_ARGS(ifp)); 1876 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1877 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1878 sp->pp_alivecnt = 0; 1879 break; 1880 default: 1881 /* Unknown packet type -- send Code-Reject packet. */ 1882 illegal: 1883 if (debug) 1884 log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1885 SPP_ARGS(ifp), cp->name, h->type); 1886 sppp_cp_send(sp, cp->proto, CODE_REJ, 1887 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1888 ++ifp->if_ierrors; 1889 } 1890} 1891 1892 1893/* 1894 * The generic part of all Up/Down/Open/Close/TO event handlers. 1895 * Basically, the state transition handling in the automaton. 1896 */ 1897static void 1898sppp_up_event(const struct cp *cp, struct sppp *sp) 1899{ 1900 STDDCL; 1901 1902 if (debug) 1903 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1904 SPP_ARGS(ifp), cp->name, 1905 sppp_state_name(sp->state[cp->protoidx])); 1906 1907 switch (sp->state[cp->protoidx]) { 1908 case STATE_INITIAL: 1909 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1910 break; 1911 case STATE_STARTING: 1912 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1913 (cp->scr)(sp); 1914 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1915 break; 1916 default: 1917 printf(SPP_FMT "%s illegal up in state %s\n", 1918 SPP_ARGS(ifp), cp->name, 1919 sppp_state_name(sp->state[cp->protoidx])); 1920 } 1921} 1922 1923static void 1924sppp_down_event(const struct cp *cp, struct sppp *sp) 1925{ 1926 STDDCL; 1927 1928 if (debug) 1929 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1930 SPP_ARGS(ifp), cp->name, 1931 sppp_state_name(sp->state[cp->protoidx])); 1932 1933 switch (sp->state[cp->protoidx]) { 1934 case STATE_CLOSED: 1935 case STATE_CLOSING: 1936 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1937 break; 1938 case STATE_STOPPED: 1939 sppp_cp_change_state(cp, sp, STATE_STARTING); 1940 (cp->tls)(sp); 1941 break; 1942 case STATE_STOPPING: 1943 case STATE_REQ_SENT: 1944 case STATE_ACK_RCVD: 1945 case STATE_ACK_SENT: 1946 sppp_cp_change_state(cp, sp, STATE_STARTING); 1947 break; 1948 case STATE_OPENED: 1949 (cp->tld)(sp); 1950 sppp_cp_change_state(cp, sp, STATE_STARTING); 1951 break; 1952 default: 1953 printf(SPP_FMT "%s illegal down in state %s\n", 1954 SPP_ARGS(ifp), cp->name, 1955 sppp_state_name(sp->state[cp->protoidx])); 1956 } 1957} 1958 1959 1960static void 1961sppp_open_event(const struct cp *cp, struct sppp *sp) 1962{ 1963 STDDCL; 1964 1965 if (debug) 1966 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1967 SPP_ARGS(ifp), cp->name, 1968 sppp_state_name(sp->state[cp->protoidx])); 1969 1970 switch (sp->state[cp->protoidx]) { 1971 case STATE_INITIAL: 1972 sppp_cp_change_state(cp, sp, STATE_STARTING); 1973 (cp->tls)(sp); 1974 break; 1975 case STATE_STARTING: 1976 break; 1977 case STATE_CLOSED: 1978 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1979 (cp->scr)(sp); 1980 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1981 break; 1982 case STATE_STOPPED: 1983 /* 1984 * Try escaping stopped state. This seems to bite 1985 * people occasionally, in particular for IPCP, 1986 * presumably following previous IPCP negotiation 1987 * aborts. Somehow, we must have missed a Down event 1988 * which would have caused a transition into starting 1989 * state, so as a bandaid we force the Down event now. 1990 * This effectively implements (something like the) 1991 * `restart' option mentioned in the state transition 1992 * table of RFC 1661. 1993 */ 1994 sppp_cp_change_state(cp, sp, STATE_STARTING); 1995 (cp->tls)(sp); 1996 break; 1997 case STATE_STOPPING: 1998 case STATE_REQ_SENT: 1999 case STATE_ACK_RCVD: 2000 case STATE_ACK_SENT: 2001 case STATE_OPENED: 2002 break; 2003 case STATE_CLOSING: 2004 sppp_cp_change_state(cp, sp, STATE_STOPPING); 2005 break; 2006 } 2007} 2008 2009 2010static void 2011sppp_close_event(const struct cp *cp, struct sppp *sp) 2012{ 2013 STDDCL; 2014 2015 if (debug) 2016 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 2017 SPP_ARGS(ifp), cp->name, 2018 sppp_state_name(sp->state[cp->protoidx])); 2019 2020 switch (sp->state[cp->protoidx]) { 2021 case STATE_INITIAL: 2022 case STATE_CLOSED: 2023 case STATE_CLOSING: 2024 break; 2025 case STATE_STARTING: 2026 sppp_cp_change_state(cp, sp, STATE_INITIAL); 2027 (cp->tlf)(sp); 2028 break; 2029 case STATE_STOPPED: 2030 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2031 break; 2032 case STATE_STOPPING: 2033 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2034 break; 2035 case STATE_OPENED: 2036 (cp->tld)(sp); 2037 /* FALLTHROUGH */ 2038 case STATE_REQ_SENT: 2039 case STATE_ACK_RCVD: 2040 case STATE_ACK_SENT: 2041 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 2042 sppp_cp_send(sp, cp->proto, TERM_REQ, 2043 ++sp->pp_seq[cp->protoidx], 0, 0); 2044 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2045 break; 2046 } 2047} 2048 2049static void 2050sppp_to_event(const struct cp *cp, struct sppp *sp) 2051{ 2052 STDDCL; 2053 2054 SPPP_LOCK(sp); 2055 if (debug) 2056 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 2057 SPP_ARGS(ifp), cp->name, 2058 sppp_state_name(sp->state[cp->protoidx]), 2059 sp->rst_counter[cp->protoidx]); 2060 2061 if (--sp->rst_counter[cp->protoidx] < 0) 2062 /* TO- event */ 2063 switch (sp->state[cp->protoidx]) { 2064 case STATE_CLOSING: 2065 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2066 (cp->tlf)(sp); 2067 break; 2068 case STATE_STOPPING: 2069 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2070 (cp->tlf)(sp); 2071 break; 2072 case STATE_REQ_SENT: 2073 case STATE_ACK_RCVD: 2074 case STATE_ACK_SENT: 2075 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2076 (cp->tlf)(sp); 2077 break; 2078 } 2079 else 2080 /* TO+ event */ 2081 switch (sp->state[cp->protoidx]) { 2082 case STATE_CLOSING: 2083 case STATE_STOPPING: 2084 sppp_cp_send(sp, cp->proto, TERM_REQ, 2085 ++sp->pp_seq[cp->protoidx], 0, 0); 2086 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2087 cp->TO, (void *)sp); 2088 break; 2089 case STATE_REQ_SENT: 2090 case STATE_ACK_RCVD: 2091 (cp->scr)(sp); 2092 /* sppp_cp_change_state() will restart the timer */ 2093 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2094 break; 2095 case STATE_ACK_SENT: 2096 (cp->scr)(sp); 2097 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2098 cp->TO, (void *)sp); 2099 break; 2100 } 2101 2102 SPPP_UNLOCK(sp); 2103} 2104 2105/* 2106 * Change the state of a control protocol in the state automaton. 2107 * Takes care of starting/stopping the restart timer. 2108 */ 2109static void 2110sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2111{ 2112 sp->state[cp->protoidx] = newstate; 2113 2114 callout_stop (&sp->ch[cp->protoidx]); 2115 2116 switch (newstate) { 2117 case STATE_INITIAL: 2118 case STATE_STARTING: 2119 case STATE_CLOSED: 2120 case STATE_STOPPED: 2121 case STATE_OPENED: 2122 break; 2123 case STATE_CLOSING: 2124 case STATE_STOPPING: 2125 case STATE_REQ_SENT: 2126 case STATE_ACK_RCVD: 2127 case STATE_ACK_SENT: 2128 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2129 cp->TO, (void *)sp); 2130 break; 2131 } 2132} 2133 2134/* 2135 *--------------------------------------------------------------------------* 2136 * * 2137 * The LCP implementation. * 2138 * * 2139 *--------------------------------------------------------------------------* 2140 */ 2141static void 2142sppp_pp_up(struct sppp *sp) 2143{ 2144 SPPP_LOCK(sp); 2145 lcp.Up(sp); 2146 SPPP_UNLOCK(sp); 2147} 2148 2149static void 2150sppp_pp_down(struct sppp *sp) 2151{ 2152 SPPP_LOCK(sp); 2153 lcp.Down(sp); 2154 SPPP_UNLOCK(sp); 2155} 2156 2157static void 2158sppp_lcp_init(struct sppp *sp) 2159{ 2160 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2161 sp->lcp.magic = 0; 2162 sp->state[IDX_LCP] = STATE_INITIAL; 2163 sp->fail_counter[IDX_LCP] = 0; 2164 sp->pp_seq[IDX_LCP] = 0; 2165 sp->pp_rseq[IDX_LCP] = 0; 2166 sp->lcp.protos = 0; 2167 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2168 2169 /* Note that these values are relevant for all control protocols */ 2170 sp->lcp.timeout = 3 * hz; 2171 sp->lcp.max_terminate = 2; 2172 sp->lcp.max_configure = 10; 2173 sp->lcp.max_failure = 10; 2174 callout_init(&sp->ch[IDX_LCP], CALLOUT_MPSAFE); 2175} 2176 2177static void 2178sppp_lcp_up(struct sppp *sp) 2179{ 2180 STDDCL; 2181 2182 sp->pp_alivecnt = 0; 2183 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2184 sp->lcp.magic = 0; 2185 sp->lcp.protos = 0; 2186 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2187 /* 2188 * If we are authenticator, negotiate LCP_AUTH 2189 */ 2190 if (sp->hisauth.proto != 0) 2191 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2192 else 2193 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2194 sp->pp_flags &= ~PP_NEEDAUTH; 2195 /* 2196 * If this interface is passive or dial-on-demand, and we are 2197 * still in Initial state, it means we've got an incoming 2198 * call. Activate the interface. 2199 */ 2200 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2201 if (debug) 2202 log(LOG_DEBUG, 2203 SPP_FMT "Up event", SPP_ARGS(ifp)); 2204 ifp->if_drv_flags |= IFF_DRV_RUNNING; 2205 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2206 if (debug) 2207 log(-1, "(incoming call)\n"); 2208 sp->pp_flags |= PP_CALLIN; 2209 lcp.Open(sp); 2210 } else if (debug) 2211 log(-1, "\n"); 2212 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2213 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2214 ifp->if_drv_flags |= IFF_DRV_RUNNING; 2215 lcp.Open(sp); 2216 } 2217 2218 sppp_up_event(&lcp, sp); 2219} 2220 2221static void 2222sppp_lcp_down(struct sppp *sp) 2223{ 2224 STDDCL; 2225 2226 sppp_down_event(&lcp, sp); 2227 2228 /* 2229 * If this is neither a dial-on-demand nor a passive 2230 * interface, simulate an ``ifconfig down'' action, so the 2231 * administrator can force a redial by another ``ifconfig 2232 * up''. XXX For leased line operation, should we immediately 2233 * try to reopen the connection here? 2234 */ 2235 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2236 log(LOG_INFO, 2237 SPP_FMT "Down event, taking interface down.\n", 2238 SPP_ARGS(ifp)); 2239 if_down(ifp); 2240 } else { 2241 if (debug) 2242 log(LOG_DEBUG, 2243 SPP_FMT "Down event (carrier loss)\n", 2244 SPP_ARGS(ifp)); 2245 sp->pp_flags &= ~PP_CALLIN; 2246 if (sp->state[IDX_LCP] != STATE_INITIAL) 2247 lcp.Close(sp); 2248 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 2249 } 2250} 2251 2252static void 2253sppp_lcp_open(struct sppp *sp) 2254{ 2255 sppp_open_event(&lcp, sp); 2256} 2257 2258static void 2259sppp_lcp_close(struct sppp *sp) 2260{ 2261 sppp_close_event(&lcp, sp); 2262} 2263 2264static void 2265sppp_lcp_TO(void *cookie) 2266{ 2267 sppp_to_event(&lcp, (struct sppp *)cookie); 2268} 2269 2270/* 2271 * Analyze a configure request. Return true if it was agreeable, and 2272 * caused action sca, false if it has been rejected or nak'ed, and 2273 * caused action scn. (The return value is used to make the state 2274 * transition decision in the state automaton.) 2275 */ 2276static int 2277sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2278{ 2279 STDDCL; 2280 u_char *buf, *r, *p; 2281 int origlen, rlen; 2282 u_long nmagic; 2283 u_short authproto; 2284 2285 len -= 4; 2286 origlen = len; 2287 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2288 if (! buf) 2289 return (0); 2290 2291 if (debug) 2292 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2293 SPP_ARGS(ifp)); 2294 2295 /* pass 1: check for things that need to be rejected */ 2296 p = (void*) (h+1); 2297 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2298 len-=p[1], p+=p[1]) { 2299 if (debug) 2300 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2301 switch (*p) { 2302 case LCP_OPT_MAGIC: 2303 /* Magic number. */ 2304 if (len >= 6 && p[1] == 6) 2305 continue; 2306 if (debug) 2307 log(-1, "[invalid] "); 2308 break; 2309 case LCP_OPT_ASYNC_MAP: 2310 /* Async control character map. */ 2311 if (len >= 6 && p[1] == 6) 2312 continue; 2313 if (debug) 2314 log(-1, "[invalid] "); 2315 break; 2316 case LCP_OPT_MRU: 2317 /* Maximum receive unit. */ 2318 if (len >= 4 && p[1] == 4) 2319 continue; 2320 if (debug) 2321 log(-1, "[invalid] "); 2322 break; 2323 case LCP_OPT_AUTH_PROTO: 2324 if (len < 4) { 2325 if (debug) 2326 log(-1, "[invalid] "); 2327 break; 2328 } 2329 authproto = (p[2] << 8) + p[3]; 2330 if (authproto == PPP_CHAP && p[1] != 5) { 2331 if (debug) 2332 log(-1, "[invalid chap len] "); 2333 break; 2334 } 2335 if (sp->myauth.proto == 0) { 2336 /* we are not configured to do auth */ 2337 if (debug) 2338 log(-1, "[not configured] "); 2339 break; 2340 } 2341 /* 2342 * Remote want us to authenticate, remember this, 2343 * so we stay in PHASE_AUTHENTICATE after LCP got 2344 * up. 2345 */ 2346 sp->pp_flags |= PP_NEEDAUTH; 2347 continue; 2348 default: 2349 /* Others not supported. */ 2350 if (debug) 2351 log(-1, "[rej] "); 2352 break; 2353 } 2354 /* Add the option to rejected list. */ 2355 bcopy (p, r, p[1]); 2356 r += p[1]; 2357 rlen += p[1]; 2358 } 2359 if (rlen) { 2360 if (debug) 2361 log(-1, " send conf-rej\n"); 2362 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2363 return 0; 2364 } else if (debug) 2365 log(-1, "\n"); 2366 2367 /* 2368 * pass 2: check for option values that are unacceptable and 2369 * thus require to be nak'ed. 2370 */ 2371 if (debug) 2372 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2373 SPP_ARGS(ifp)); 2374 2375 p = (void*) (h+1); 2376 len = origlen; 2377 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2378 len-=p[1], p+=p[1]) { 2379 if (debug) 2380 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2381 switch (*p) { 2382 case LCP_OPT_MAGIC: 2383 /* Magic number -- extract. */ 2384 nmagic = (u_long)p[2] << 24 | 2385 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2386 if (nmagic != sp->lcp.magic) { 2387 sp->pp_loopcnt = 0; 2388 if (debug) 2389 log(-1, "0x%lx ", nmagic); 2390 continue; 2391 } 2392 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2393 log(-1, "[glitch] "); 2394 ++sp->pp_loopcnt; 2395 /* 2396 * We negate our magic here, and NAK it. If 2397 * we see it later in an NAK packet, we 2398 * suggest a new one. 2399 */ 2400 nmagic = ~sp->lcp.magic; 2401 /* Gonna NAK it. */ 2402 p[2] = nmagic >> 24; 2403 p[3] = nmagic >> 16; 2404 p[4] = nmagic >> 8; 2405 p[5] = nmagic; 2406 break; 2407 2408 case LCP_OPT_ASYNC_MAP: 2409 /* 2410 * Async control character map -- just ignore it. 2411 * 2412 * Quote from RFC 1662, chapter 6: 2413 * To enable this functionality, synchronous PPP 2414 * implementations MUST always respond to the 2415 * Async-Control-Character-Map Configuration 2416 * Option with the LCP Configure-Ack. However, 2417 * acceptance of the Configuration Option does 2418 * not imply that the synchronous implementation 2419 * will do any ACCM mapping. Instead, all such 2420 * octet mapping will be performed by the 2421 * asynchronous-to-synchronous converter. 2422 */ 2423 continue; 2424 2425 case LCP_OPT_MRU: 2426 /* 2427 * Maximum receive unit. Always agreeable, 2428 * but ignored by now. 2429 */ 2430 sp->lcp.their_mru = p[2] * 256 + p[3]; 2431 if (debug) 2432 log(-1, "%lu ", sp->lcp.their_mru); 2433 continue; 2434 2435 case LCP_OPT_AUTH_PROTO: 2436 authproto = (p[2] << 8) + p[3]; 2437 if (sp->myauth.proto != authproto) { 2438 /* not agreed, nak */ 2439 if (debug) 2440 log(-1, "[mine %s != his %s] ", 2441 sppp_proto_name(sp->hisauth.proto), 2442 sppp_proto_name(authproto)); 2443 p[2] = sp->myauth.proto >> 8; 2444 p[3] = sp->myauth.proto; 2445 break; 2446 } 2447 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2448 if (debug) 2449 log(-1, "[chap not MD5] "); 2450 p[4] = CHAP_MD5; 2451 break; 2452 } 2453 continue; 2454 } 2455 /* Add the option to nak'ed list. */ 2456 bcopy (p, r, p[1]); 2457 r += p[1]; 2458 rlen += p[1]; 2459 } 2460 if (rlen) { 2461 /* 2462 * Local and remote magics equal -- loopback? 2463 */ 2464 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2465 if (sp->pp_loopcnt == MAXALIVECNT*5) 2466 printf (SPP_FMT "loopback\n", 2467 SPP_ARGS(ifp)); 2468 if (ifp->if_flags & IFF_UP) { 2469 if_down(ifp); 2470 sppp_qflush(&sp->pp_cpq); 2471 /* XXX ? */ 2472 lcp.Down(sp); 2473 lcp.Up(sp); 2474 } 2475 } else if (!sp->pp_loopcnt && 2476 ++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2477 if (debug) 2478 log(-1, " max_failure (%d) exceeded, " 2479 "send conf-rej\n", 2480 sp->lcp.max_failure); 2481 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2482 } else { 2483 if (debug) 2484 log(-1, " send conf-nak\n"); 2485 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2486 } 2487 } else { 2488 if (debug) 2489 log(-1, " send conf-ack\n"); 2490 sp->fail_counter[IDX_LCP] = 0; 2491 sp->pp_loopcnt = 0; 2492 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2493 h->ident, origlen, h+1); 2494 } 2495 2496 free (buf, M_TEMP); 2497 return (rlen == 0); 2498} 2499 2500/* 2501 * Analyze the LCP Configure-Reject option list, and adjust our 2502 * negotiation. 2503 */ 2504static void 2505sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2506{ 2507 STDDCL; 2508 u_char *buf, *p; 2509 2510 len -= 4; 2511 buf = malloc (len, M_TEMP, M_NOWAIT); 2512 if (!buf) 2513 return; 2514 2515 if (debug) 2516 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2517 SPP_ARGS(ifp)); 2518 2519 p = (void*) (h+1); 2520 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 2521 len -= p[1], p += p[1]) { 2522 if (debug) 2523 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2524 switch (*p) { 2525 case LCP_OPT_MAGIC: 2526 /* Magic number -- can't use it, use 0 */ 2527 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2528 sp->lcp.magic = 0; 2529 break; 2530 case LCP_OPT_MRU: 2531 /* 2532 * Should not be rejected anyway, since we only 2533 * negotiate a MRU if explicitly requested by 2534 * peer. 2535 */ 2536 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2537 break; 2538 case LCP_OPT_AUTH_PROTO: 2539 /* 2540 * Peer doesn't want to authenticate himself, 2541 * deny unless this is a dialout call, and 2542 * AUTHFLAG_NOCALLOUT is set. 2543 */ 2544 if ((sp->pp_flags & PP_CALLIN) == 0 && 2545 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2546 if (debug) 2547 log(-1, "[don't insist on auth " 2548 "for callout]"); 2549 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2550 break; 2551 } 2552 if (debug) 2553 log(-1, "[access denied]\n"); 2554 lcp.Close(sp); 2555 break; 2556 } 2557 } 2558 if (debug) 2559 log(-1, "\n"); 2560 free (buf, M_TEMP); 2561 return; 2562} 2563 2564/* 2565 * Analyze the LCP Configure-NAK option list, and adjust our 2566 * negotiation. 2567 */ 2568static void 2569sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2570{ 2571 STDDCL; 2572 u_char *buf, *p; 2573 u_long magic; 2574 2575 len -= 4; 2576 buf = malloc (len, M_TEMP, M_NOWAIT); 2577 if (!buf) 2578 return; 2579 2580 if (debug) 2581 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2582 SPP_ARGS(ifp)); 2583 2584 p = (void*) (h+1); 2585 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 2586 len -= p[1], p += p[1]) { 2587 if (debug) 2588 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2589 switch (*p) { 2590 case LCP_OPT_MAGIC: 2591 /* Magic number -- renegotiate */ 2592 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2593 len >= 6 && p[1] == 6) { 2594 magic = (u_long)p[2] << 24 | 2595 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2596 /* 2597 * If the remote magic is our negated one, 2598 * this looks like a loopback problem. 2599 * Suggest a new magic to make sure. 2600 */ 2601 if (magic == ~sp->lcp.magic) { 2602 if (debug) 2603 log(-1, "magic glitch "); 2604 sp->lcp.magic = random(); 2605 } else { 2606 sp->lcp.magic = magic; 2607 if (debug) 2608 log(-1, "%lu ", magic); 2609 } 2610 } 2611 break; 2612 case LCP_OPT_MRU: 2613 /* 2614 * Peer wants to advise us to negotiate an MRU. 2615 * Agree on it if it's reasonable, or use 2616 * default otherwise. 2617 */ 2618 if (len >= 4 && p[1] == 4) { 2619 u_int mru = p[2] * 256 + p[3]; 2620 if (debug) 2621 log(-1, "%d ", mru); 2622 if (mru < PP_MTU || mru > PP_MAX_MRU) 2623 mru = PP_MTU; 2624 sp->lcp.mru = mru; 2625 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2626 } 2627 break; 2628 case LCP_OPT_AUTH_PROTO: 2629 /* 2630 * Peer doesn't like our authentication method, 2631 * deny. 2632 */ 2633 if (debug) 2634 log(-1, "[access denied]\n"); 2635 lcp.Close(sp); 2636 break; 2637 } 2638 } 2639 if (debug) 2640 log(-1, "\n"); 2641 free (buf, M_TEMP); 2642 return; 2643} 2644 2645static void 2646sppp_lcp_tlu(struct sppp *sp) 2647{ 2648 STDDCL; 2649 int i; 2650 u_long mask; 2651 2652 /* XXX ? */ 2653 if (! (ifp->if_flags & IFF_UP) && 2654 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 2655 /* Coming out of loopback mode. */ 2656 if_up(ifp); 2657 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2658 } 2659 2660 for (i = 0; i < IDX_COUNT; i++) 2661 if ((cps[i])->flags & CP_QUAL) 2662 (cps[i])->Open(sp); 2663 2664 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2665 (sp->pp_flags & PP_NEEDAUTH) != 0) 2666 sp->pp_phase = PHASE_AUTHENTICATE; 2667 else 2668 sp->pp_phase = PHASE_NETWORK; 2669 2670 if (debug) 2671 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2672 sppp_phase_name(sp->pp_phase)); 2673 2674 /* 2675 * Open all authentication protocols. This is even required 2676 * if we already proceeded to network phase, since it might be 2677 * that remote wants us to authenticate, so we might have to 2678 * send a PAP request. Undesired authentication protocols 2679 * don't do anything when they get an Open event. 2680 */ 2681 for (i = 0; i < IDX_COUNT; i++) 2682 if ((cps[i])->flags & CP_AUTH) 2683 (cps[i])->Open(sp); 2684 2685 if (sp->pp_phase == PHASE_NETWORK) { 2686 /* Notify all NCPs. */ 2687 for (i = 0; i < IDX_COUNT; i++) 2688 if (((cps[i])->flags & CP_NCP) && 2689 /* 2690 * XXX 2691 * Hack to administratively disable IPv6 if 2692 * not desired. Perhaps we should have another 2693 * flag for this, but right now, we can make 2694 * all struct cp's read/only. 2695 */ 2696 (cps[i] != &ipv6cp || 2697 (sp->confflags & CONF_ENABLE_IPV6))) 2698 (cps[i])->Open(sp); 2699 } 2700 2701 /* Send Up events to all started protos. */ 2702 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2703 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2704 (cps[i])->Up(sp); 2705 2706 /* notify low-level driver of state change */ 2707 if (sp->pp_chg) 2708 sp->pp_chg(sp, (int)sp->pp_phase); 2709 2710 if (sp->pp_phase == PHASE_NETWORK) 2711 /* if no NCP is starting, close down */ 2712 sppp_lcp_check_and_close(sp); 2713} 2714 2715static void 2716sppp_lcp_tld(struct sppp *sp) 2717{ 2718 STDDCL; 2719 int i; 2720 u_long mask; 2721 2722 sp->pp_phase = PHASE_TERMINATE; 2723 2724 if (debug) 2725 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2726 sppp_phase_name(sp->pp_phase)); 2727 2728 /* 2729 * Take upper layers down. We send the Down event first and 2730 * the Close second to prevent the upper layers from sending 2731 * ``a flurry of terminate-request packets'', as the RFC 2732 * describes it. 2733 */ 2734 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2735 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2736 (cps[i])->Down(sp); 2737 (cps[i])->Close(sp); 2738 } 2739} 2740 2741static void 2742sppp_lcp_tls(struct sppp *sp) 2743{ 2744 STDDCL; 2745 2746 sp->pp_phase = PHASE_ESTABLISH; 2747 2748 if (debug) 2749 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2750 sppp_phase_name(sp->pp_phase)); 2751 2752 /* Notify lower layer if desired. */ 2753 if (sp->pp_tls) 2754 (sp->pp_tls)(sp); 2755 else 2756 (sp->pp_up)(sp); 2757} 2758 2759static void 2760sppp_lcp_tlf(struct sppp *sp) 2761{ 2762 STDDCL; 2763 2764 sp->pp_phase = PHASE_DEAD; 2765 if (debug) 2766 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2767 sppp_phase_name(sp->pp_phase)); 2768 2769 /* Notify lower layer if desired. */ 2770 if (sp->pp_tlf) 2771 (sp->pp_tlf)(sp); 2772 else 2773 (sp->pp_down)(sp); 2774} 2775 2776static void 2777sppp_lcp_scr(struct sppp *sp) 2778{ 2779 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2780 int i = 0; 2781 u_short authproto; 2782 2783 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2784 if (! sp->lcp.magic) 2785 sp->lcp.magic = random(); 2786 opt[i++] = LCP_OPT_MAGIC; 2787 opt[i++] = 6; 2788 opt[i++] = sp->lcp.magic >> 24; 2789 opt[i++] = sp->lcp.magic >> 16; 2790 opt[i++] = sp->lcp.magic >> 8; 2791 opt[i++] = sp->lcp.magic; 2792 } 2793 2794 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2795 opt[i++] = LCP_OPT_MRU; 2796 opt[i++] = 4; 2797 opt[i++] = sp->lcp.mru >> 8; 2798 opt[i++] = sp->lcp.mru; 2799 } 2800 2801 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2802 authproto = sp->hisauth.proto; 2803 opt[i++] = LCP_OPT_AUTH_PROTO; 2804 opt[i++] = authproto == PPP_CHAP? 5: 4; 2805 opt[i++] = authproto >> 8; 2806 opt[i++] = authproto; 2807 if (authproto == PPP_CHAP) 2808 opt[i++] = CHAP_MD5; 2809 } 2810 2811 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2812 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2813} 2814 2815/* 2816 * Check the open NCPs, return true if at least one NCP is open. 2817 */ 2818static int 2819sppp_ncp_check(struct sppp *sp) 2820{ 2821 int i, mask; 2822 2823 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2824 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2825 return 1; 2826 return 0; 2827} 2828 2829/* 2830 * Re-check the open NCPs and see if we should terminate the link. 2831 * Called by the NCPs during their tlf action handling. 2832 */ 2833static void 2834sppp_lcp_check_and_close(struct sppp *sp) 2835{ 2836 2837 if (sp->pp_phase < PHASE_NETWORK) 2838 /* don't bother, we are already going down */ 2839 return; 2840 2841 if (sppp_ncp_check(sp)) 2842 return; 2843 2844 lcp.Close(sp); 2845} 2846 2847/* 2848 *--------------------------------------------------------------------------* 2849 * * 2850 * The IPCP implementation. * 2851 * * 2852 *--------------------------------------------------------------------------* 2853 */ 2854 2855#ifdef INET 2856static void 2857sppp_ipcp_init(struct sppp *sp) 2858{ 2859 sp->ipcp.opts = 0; 2860 sp->ipcp.flags = 0; 2861 sp->state[IDX_IPCP] = STATE_INITIAL; 2862 sp->fail_counter[IDX_IPCP] = 0; 2863 sp->pp_seq[IDX_IPCP] = 0; 2864 sp->pp_rseq[IDX_IPCP] = 0; 2865 callout_init(&sp->ch[IDX_IPCP], CALLOUT_MPSAFE); 2866} 2867 2868static void 2869sppp_ipcp_up(struct sppp *sp) 2870{ 2871 sppp_up_event(&ipcp, sp); 2872} 2873 2874static void 2875sppp_ipcp_down(struct sppp *sp) 2876{ 2877 sppp_down_event(&ipcp, sp); 2878} 2879 2880static void 2881sppp_ipcp_open(struct sppp *sp) 2882{ 2883 STDDCL; 2884 u_long myaddr, hisaddr; 2885 2886 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN | 2887 IPCP_MYADDR_DYN | IPCP_VJ); 2888 sp->ipcp.opts = 0; 2889 2890 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2891 /* 2892 * If we don't have his address, this probably means our 2893 * interface doesn't want to talk IP at all. (This could 2894 * be the case if somebody wants to speak only IPX, for 2895 * example.) Don't open IPCP in this case. 2896 */ 2897 if (hisaddr == 0L) { 2898 /* XXX this message should go away */ 2899 if (debug) 2900 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2901 SPP_ARGS(ifp)); 2902 return; 2903 } 2904 if (myaddr == 0L) { 2905 /* 2906 * I don't have an assigned address, so i need to 2907 * negotiate my address. 2908 */ 2909 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2910 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2911 } else 2912 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2913 if (sp->confflags & CONF_ENABLE_VJ) { 2914 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION); 2915 sp->ipcp.max_state = MAX_STATES - 1; 2916 sp->ipcp.compress_cid = 1; 2917 } 2918 sppp_open_event(&ipcp, sp); 2919} 2920 2921static void 2922sppp_ipcp_close(struct sppp *sp) 2923{ 2924 sppp_close_event(&ipcp, sp); 2925 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2926 /* 2927 * My address was dynamic, clear it again. 2928 */ 2929 sppp_set_ip_addr(sp, 0L); 2930} 2931 2932static void 2933sppp_ipcp_TO(void *cookie) 2934{ 2935 sppp_to_event(&ipcp, (struct sppp *)cookie); 2936} 2937 2938/* 2939 * Analyze a configure request. Return true if it was agreeable, and 2940 * caused action sca, false if it has been rejected or nak'ed, and 2941 * caused action scn. (The return value is used to make the state 2942 * transition decision in the state automaton.) 2943 */ 2944static int 2945sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2946{ 2947 u_char *buf, *r, *p; 2948 struct ifnet *ifp = SP2IFP(sp); 2949 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2950 u_long hisaddr, desiredaddr; 2951 int gotmyaddr = 0; 2952 int desiredcomp; 2953 2954 len -= 4; 2955 origlen = len; 2956 /* 2957 * Make sure to allocate a buf that can at least hold a 2958 * conf-nak with an `address' option. We might need it below. 2959 */ 2960 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2961 if (! buf) 2962 return (0); 2963 2964 /* pass 1: see if we can recognize them */ 2965 if (debug) 2966 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2967 SPP_ARGS(ifp)); 2968 p = (void*) (h+1); 2969 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2970 len-=p[1], p+=p[1]) { 2971 if (debug) 2972 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2973 switch (*p) { 2974 case IPCP_OPT_COMPRESSION: 2975 if (!(sp->confflags & CONF_ENABLE_VJ)) { 2976 /* VJ compression administratively disabled */ 2977 if (debug) 2978 log(-1, "[locally disabled] "); 2979 break; 2980 } 2981 /* 2982 * In theory, we should only conf-rej an 2983 * option that is shorter than RFC 1618 2984 * requires (i.e. < 4), and should conf-nak 2985 * anything else that is not VJ. However, 2986 * since our algorithm always uses the 2987 * original option to NAK it with new values, 2988 * things would become more complicated. In 2989 * pratice, the only commonly implemented IP 2990 * compression option is VJ anyway, so the 2991 * difference is negligible. 2992 */ 2993 if (len >= 6 && p[1] == 6) { 2994 /* 2995 * correctly formed compression option 2996 * that could be VJ compression 2997 */ 2998 continue; 2999 } 3000 if (debug) 3001 log(-1, 3002 "optlen %d [invalid/unsupported] ", 3003 p[1]); 3004 break; 3005 case IPCP_OPT_ADDRESS: 3006 if (len >= 6 && p[1] == 6) { 3007 /* correctly formed address option */ 3008 continue; 3009 } 3010 if (debug) 3011 log(-1, "[invalid] "); 3012 break; 3013 default: 3014 /* Others not supported. */ 3015 if (debug) 3016 log(-1, "[rej] "); 3017 break; 3018 } 3019 /* Add the option to rejected list. */ 3020 bcopy (p, r, p[1]); 3021 r += p[1]; 3022 rlen += p[1]; 3023 } 3024 if (rlen) { 3025 if (debug) 3026 log(-1, " send conf-rej\n"); 3027 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 3028 return 0; 3029 } else if (debug) 3030 log(-1, "\n"); 3031 3032 /* pass 2: parse option values */ 3033 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 3034 if (debug) 3035 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 3036 SPP_ARGS(ifp)); 3037 p = (void*) (h+1); 3038 len = origlen; 3039 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3040 len-=p[1], p+=p[1]) { 3041 if (debug) 3042 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3043 switch (*p) { 3044 case IPCP_OPT_COMPRESSION: 3045 desiredcomp = p[2] << 8 | p[3]; 3046 /* We only support VJ */ 3047 if (desiredcomp == IPCP_COMP_VJ) { 3048 if (debug) 3049 log(-1, "VJ [ack] "); 3050 sp->ipcp.flags |= IPCP_VJ; 3051 sl_compress_init(sp->pp_comp, p[4]); 3052 sp->ipcp.max_state = p[4]; 3053 sp->ipcp.compress_cid = p[5]; 3054 continue; 3055 } 3056 if (debug) 3057 log(-1, 3058 "compproto %#04x [not supported] ", 3059 desiredcomp); 3060 p[2] = IPCP_COMP_VJ >> 8; 3061 p[3] = IPCP_COMP_VJ; 3062 p[4] = sp->ipcp.max_state; 3063 p[5] = sp->ipcp.compress_cid; 3064 break; 3065 case IPCP_OPT_ADDRESS: 3066 /* This is the address he wants in his end */ 3067 desiredaddr = p[2] << 24 | p[3] << 16 | 3068 p[4] << 8 | p[5]; 3069 if (desiredaddr == hisaddr || 3070 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) { 3071 /* 3072 * Peer's address is same as our value, 3073 * or we have set it to 0.0.0.* to 3074 * indicate that we do not really care, 3075 * this is agreeable. Gonna conf-ack 3076 * it. 3077 */ 3078 if (debug) 3079 log(-1, "%s [ack] ", 3080 sppp_dotted_quad(hisaddr)); 3081 /* record that we've seen it already */ 3082 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3083 continue; 3084 } 3085 /* 3086 * The address wasn't agreeable. This is either 3087 * he sent us 0.0.0.0, asking to assign him an 3088 * address, or he send us another address not 3089 * matching our value. Either case, we gonna 3090 * conf-nak it with our value. 3091 * XXX: we should "rej" if hisaddr == 0 3092 */ 3093 if (debug) { 3094 if (desiredaddr == 0) 3095 log(-1, "[addr requested] "); 3096 else 3097 log(-1, "%s [not agreed] ", 3098 sppp_dotted_quad(desiredaddr)); 3099 3100 } 3101 p[2] = hisaddr >> 24; 3102 p[3] = hisaddr >> 16; 3103 p[4] = hisaddr >> 8; 3104 p[5] = hisaddr; 3105 break; 3106 } 3107 /* Add the option to nak'ed list. */ 3108 bcopy (p, r, p[1]); 3109 r += p[1]; 3110 rlen += p[1]; 3111 } 3112 3113 /* 3114 * If we are about to conf-ack the request, but haven't seen 3115 * his address so far, gonna conf-nak it instead, with the 3116 * `address' option present and our idea of his address being 3117 * filled in there, to request negotiation of both addresses. 3118 * 3119 * XXX This can result in an endless req - nak loop if peer 3120 * doesn't want to send us his address. Q: What should we do 3121 * about it? XXX A: implement the max-failure counter. 3122 */ 3123 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 3124 buf[0] = IPCP_OPT_ADDRESS; 3125 buf[1] = 6; 3126 buf[2] = hisaddr >> 24; 3127 buf[3] = hisaddr >> 16; 3128 buf[4] = hisaddr >> 8; 3129 buf[5] = hisaddr; 3130 rlen = 6; 3131 if (debug) 3132 log(-1, "still need hisaddr "); 3133 } 3134 3135 if (rlen) { 3136 if (debug) 3137 log(-1, " send conf-nak\n"); 3138 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3139 } else { 3140 if (debug) 3141 log(-1, " send conf-ack\n"); 3142 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 3143 h->ident, origlen, h+1); 3144 } 3145 3146 free (buf, M_TEMP); 3147 return (rlen == 0); 3148} 3149 3150/* 3151 * Analyze the IPCP Configure-Reject option list, and adjust our 3152 * negotiation. 3153 */ 3154static void 3155sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3156{ 3157 u_char *buf, *p; 3158 struct ifnet *ifp = SP2IFP(sp); 3159 int debug = ifp->if_flags & IFF_DEBUG; 3160 3161 len -= 4; 3162 buf = malloc (len, M_TEMP, M_NOWAIT); 3163 if (!buf) 3164 return; 3165 3166 if (debug) 3167 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 3168 SPP_ARGS(ifp)); 3169 3170 p = (void*) (h+1); 3171 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3172 len -= p[1], p += p[1]) { 3173 if (debug) 3174 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3175 switch (*p) { 3176 case IPCP_OPT_COMPRESSION: 3177 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION); 3178 break; 3179 case IPCP_OPT_ADDRESS: 3180 /* 3181 * Peer doesn't grok address option. This is 3182 * bad. XXX Should we better give up here? 3183 * XXX We could try old "addresses" option... 3184 */ 3185 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3186 break; 3187 } 3188 } 3189 if (debug) 3190 log(-1, "\n"); 3191 free (buf, M_TEMP); 3192 return; 3193} 3194 3195/* 3196 * Analyze the IPCP Configure-NAK option list, and adjust our 3197 * negotiation. 3198 */ 3199static void 3200sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3201{ 3202 u_char *buf, *p; 3203 struct ifnet *ifp = SP2IFP(sp); 3204 int debug = ifp->if_flags & IFF_DEBUG; 3205 int desiredcomp; 3206 u_long wantaddr; 3207 3208 len -= 4; 3209 buf = malloc (len, M_TEMP, M_NOWAIT); 3210 if (!buf) 3211 return; 3212 3213 if (debug) 3214 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 3215 SPP_ARGS(ifp)); 3216 3217 p = (void*) (h+1); 3218 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3219 len -= p[1], p += p[1]) { 3220 if (debug) 3221 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3222 switch (*p) { 3223 case IPCP_OPT_COMPRESSION: 3224 if (len >= 6 && p[1] == 6) { 3225 desiredcomp = p[2] << 8 | p[3]; 3226 if (debug) 3227 log(-1, "[wantcomp %#04x] ", 3228 desiredcomp); 3229 if (desiredcomp == IPCP_COMP_VJ) { 3230 sl_compress_init(sp->pp_comp, p[4]); 3231 sp->ipcp.max_state = p[4]; 3232 sp->ipcp.compress_cid = p[5]; 3233 if (debug) 3234 log(-1, "[agree] "); 3235 } else 3236 sp->ipcp.opts &= 3237 ~(1 << IPCP_OPT_COMPRESSION); 3238 } 3239 break; 3240 case IPCP_OPT_ADDRESS: 3241 /* 3242 * Peer doesn't like our local IP address. See 3243 * if we can do something for him. We'll drop 3244 * him our address then. 3245 */ 3246 if (len >= 6 && p[1] == 6) { 3247 wantaddr = p[2] << 24 | p[3] << 16 | 3248 p[4] << 8 | p[5]; 3249 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3250 if (debug) 3251 log(-1, "[wantaddr %s] ", 3252 sppp_dotted_quad(wantaddr)); 3253 /* 3254 * When doing dynamic address assignment, 3255 * we accept his offer. Otherwise, we 3256 * ignore it and thus continue to negotiate 3257 * our already existing value. 3258 * XXX: Bogus, if he said no once, he'll 3259 * just say no again, might as well die. 3260 */ 3261 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3262 sppp_set_ip_addr(sp, wantaddr); 3263 if (debug) 3264 log(-1, "[agree] "); 3265 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3266 } 3267 } 3268 break; 3269 } 3270 } 3271 if (debug) 3272 log(-1, "\n"); 3273 free (buf, M_TEMP); 3274 return; 3275} 3276 3277static void 3278sppp_ipcp_tlu(struct sppp *sp) 3279{ 3280 /* we are up - notify isdn daemon */ 3281 if (sp->pp_con) 3282 sp->pp_con(sp); 3283} 3284 3285static void 3286sppp_ipcp_tld(struct sppp *sp) 3287{ 3288} 3289 3290static void 3291sppp_ipcp_tls(struct sppp *sp) 3292{ 3293 /* indicate to LCP that it must stay alive */ 3294 sp->lcp.protos |= (1 << IDX_IPCP); 3295} 3296 3297static void 3298sppp_ipcp_tlf(struct sppp *sp) 3299{ 3300 /* we no longer need LCP */ 3301 sp->lcp.protos &= ~(1 << IDX_IPCP); 3302 sppp_lcp_check_and_close(sp); 3303} 3304 3305static void 3306sppp_ipcp_scr(struct sppp *sp) 3307{ 3308 char opt[6 /* compression */ + 6 /* address */]; 3309 u_long ouraddr; 3310 int i = 0; 3311 3312 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3313 opt[i++] = IPCP_OPT_COMPRESSION; 3314 opt[i++] = 6; 3315 opt[i++] = IPCP_COMP_VJ >> 8; 3316 opt[i++] = IPCP_COMP_VJ; 3317 opt[i++] = sp->ipcp.max_state; 3318 opt[i++] = sp->ipcp.compress_cid; 3319 } 3320 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3321 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3322 opt[i++] = IPCP_OPT_ADDRESS; 3323 opt[i++] = 6; 3324 opt[i++] = ouraddr >> 24; 3325 opt[i++] = ouraddr >> 16; 3326 opt[i++] = ouraddr >> 8; 3327 opt[i++] = ouraddr; 3328 } 3329 3330 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3331 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3332} 3333#else /* !INET */ 3334static void 3335sppp_ipcp_init(struct sppp *sp) 3336{ 3337} 3338 3339static void 3340sppp_ipcp_up(struct sppp *sp) 3341{ 3342} 3343 3344static void 3345sppp_ipcp_down(struct sppp *sp) 3346{ 3347} 3348 3349static void 3350sppp_ipcp_open(struct sppp *sp) 3351{ 3352} 3353 3354static void 3355sppp_ipcp_close(struct sppp *sp) 3356{ 3357} 3358 3359static void 3360sppp_ipcp_TO(void *cookie) 3361{ 3362} 3363 3364static int 3365sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3366{ 3367 return (0); 3368} 3369 3370static void 3371sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3372{ 3373} 3374 3375static void 3376sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3377{ 3378} 3379 3380static void 3381sppp_ipcp_tlu(struct sppp *sp) 3382{ 3383} 3384 3385static void 3386sppp_ipcp_tld(struct sppp *sp) 3387{ 3388} 3389 3390static void 3391sppp_ipcp_tls(struct sppp *sp) 3392{ 3393} 3394 3395static void 3396sppp_ipcp_tlf(struct sppp *sp) 3397{ 3398} 3399 3400static void 3401sppp_ipcp_scr(struct sppp *sp) 3402{ 3403} 3404#endif 3405 3406/* 3407 *--------------------------------------------------------------------------* 3408 * * 3409 * The IPv6CP implementation. * 3410 * * 3411 *--------------------------------------------------------------------------* 3412 */ 3413 3414#ifdef INET6 3415static void 3416sppp_ipv6cp_init(struct sppp *sp) 3417{ 3418 sp->ipv6cp.opts = 0; 3419 sp->ipv6cp.flags = 0; 3420 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3421 sp->fail_counter[IDX_IPV6CP] = 0; 3422 sp->pp_seq[IDX_IPV6CP] = 0; 3423 sp->pp_rseq[IDX_IPV6CP] = 0; 3424 callout_init(&sp->ch[IDX_IPV6CP], CALLOUT_MPSAFE); 3425} 3426 3427static void 3428sppp_ipv6cp_up(struct sppp *sp) 3429{ 3430 sppp_up_event(&ipv6cp, sp); 3431} 3432 3433static void 3434sppp_ipv6cp_down(struct sppp *sp) 3435{ 3436 sppp_down_event(&ipv6cp, sp); 3437} 3438 3439static void 3440sppp_ipv6cp_open(struct sppp *sp) 3441{ 3442 STDDCL; 3443 struct in6_addr myaddr, hisaddr; 3444 3445#ifdef IPV6CP_MYIFID_DYN 3446 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3447#else 3448 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3449#endif 3450 3451 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3452 /* 3453 * If we don't have our address, this probably means our 3454 * interface doesn't want to talk IPv6 at all. (This could 3455 * be the case if somebody wants to speak only IPX, for 3456 * example.) Don't open IPv6CP in this case. 3457 */ 3458 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3459 /* XXX this message should go away */ 3460 if (debug) 3461 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3462 SPP_ARGS(ifp)); 3463 return; 3464 } 3465 3466 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3467 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3468 sppp_open_event(&ipv6cp, sp); 3469} 3470 3471static void 3472sppp_ipv6cp_close(struct sppp *sp) 3473{ 3474 sppp_close_event(&ipv6cp, sp); 3475} 3476 3477static void 3478sppp_ipv6cp_TO(void *cookie) 3479{ 3480 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3481} 3482 3483/* 3484 * Analyze a configure request. Return true if it was agreeable, and 3485 * caused action sca, false if it has been rejected or nak'ed, and 3486 * caused action scn. (The return value is used to make the state 3487 * transition decision in the state automaton.) 3488 */ 3489static int 3490sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3491{ 3492 u_char *buf, *r, *p; 3493 struct ifnet *ifp = SP2IFP(sp); 3494 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3495 struct in6_addr myaddr, desiredaddr, suggestaddr; 3496 int ifidcount; 3497 int type; 3498 int collision, nohisaddr; 3499 char ip6buf[INET6_ADDRSTRLEN]; 3500 3501 len -= 4; 3502 origlen = len; 3503 /* 3504 * Make sure to allocate a buf that can at least hold a 3505 * conf-nak with an `address' option. We might need it below. 3506 */ 3507 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3508 if (! buf) 3509 return (0); 3510 3511 /* pass 1: see if we can recognize them */ 3512 if (debug) 3513 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3514 SPP_ARGS(ifp)); 3515 p = (void*) (h+1); 3516 ifidcount = 0; 3517 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3518 len-=p[1], p+=p[1]) { 3519 if (debug) 3520 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3521 switch (*p) { 3522 case IPV6CP_OPT_IFID: 3523 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3524 /* correctly formed address option */ 3525 ifidcount++; 3526 continue; 3527 } 3528 if (debug) 3529 log(-1, " [invalid]"); 3530 break; 3531#ifdef notyet 3532 case IPV6CP_OPT_COMPRESSION: 3533 if (len >= 4 && p[1] >= 4) { 3534 /* correctly formed compress option */ 3535 continue; 3536 } 3537 if (debug) 3538 log(-1, " [invalid]"); 3539 break; 3540#endif 3541 default: 3542 /* Others not supported. */ 3543 if (debug) 3544 log(-1, " [rej]"); 3545 break; 3546 } 3547 /* Add the option to rejected list. */ 3548 bcopy (p, r, p[1]); 3549 r += p[1]; 3550 rlen += p[1]; 3551 } 3552 if (rlen) { 3553 if (debug) 3554 log(-1, " send conf-rej\n"); 3555 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3556 goto end; 3557 } else if (debug) 3558 log(-1, "\n"); 3559 3560 /* pass 2: parse option values */ 3561 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3562 if (debug) 3563 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3564 SPP_ARGS(ifp)); 3565 p = (void*) (h+1); 3566 len = origlen; 3567 type = CONF_ACK; 3568 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3569 len-=p[1], p+=p[1]) { 3570 if (debug) 3571 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3572 switch (*p) { 3573#ifdef notyet 3574 case IPV6CP_OPT_COMPRESSION: 3575 continue; 3576#endif 3577 case IPV6CP_OPT_IFID: 3578 bzero(&desiredaddr, sizeof(desiredaddr)); 3579 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3580 collision = (bcmp(&desiredaddr.s6_addr[8], 3581 &myaddr.s6_addr[8], 8) == 0); 3582 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3583 3584 desiredaddr.s6_addr16[0] = htons(0xfe80); 3585 (void)in6_setscope(&desiredaddr, SP2IFP(sp), NULL); 3586 3587 if (!collision && !nohisaddr) { 3588 /* no collision, hisaddr known - Conf-Ack */ 3589 type = CONF_ACK; 3590 3591 if (debug) { 3592 log(-1, " %s [%s]", 3593 ip6_sprintf(ip6buf, &desiredaddr), 3594 sppp_cp_type_name(type)); 3595 } 3596 continue; 3597 } 3598 3599 bzero(&suggestaddr, sizeof(suggestaddr)); 3600 if (collision && nohisaddr) { 3601 /* collision, hisaddr unknown - Conf-Rej */ 3602 type = CONF_REJ; 3603 bzero(&p[2], 8); 3604 } else { 3605 /* 3606 * - no collision, hisaddr unknown, or 3607 * - collision, hisaddr known 3608 * Conf-Nak, suggest hisaddr 3609 */ 3610 type = CONF_NAK; 3611 sppp_suggest_ip6_addr(sp, &suggestaddr); 3612 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3613 } 3614 if (debug) 3615 log(-1, " %s [%s]", 3616 ip6_sprintf(ip6buf, &desiredaddr), 3617 sppp_cp_type_name(type)); 3618 break; 3619 } 3620 /* Add the option to nak'ed list. */ 3621 bcopy (p, r, p[1]); 3622 r += p[1]; 3623 rlen += p[1]; 3624 } 3625 3626 if (rlen == 0 && type == CONF_ACK) { 3627 if (debug) 3628 log(-1, " send %s\n", sppp_cp_type_name(type)); 3629 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3630 } else { 3631#ifdef DIAGNOSTIC 3632 if (type == CONF_ACK) 3633 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3634#endif 3635 3636 if (debug) { 3637 log(-1, " send %s suggest %s\n", 3638 sppp_cp_type_name(type), 3639 ip6_sprintf(ip6buf, &suggestaddr)); 3640 } 3641 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3642 } 3643 3644 end: 3645 free (buf, M_TEMP); 3646 return (rlen == 0); 3647} 3648 3649/* 3650 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3651 * negotiation. 3652 */ 3653static void 3654sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3655{ 3656 u_char *buf, *p; 3657 struct ifnet *ifp = SP2IFP(sp); 3658 int debug = ifp->if_flags & IFF_DEBUG; 3659 3660 len -= 4; 3661 buf = malloc (len, M_TEMP, M_NOWAIT); 3662 if (!buf) 3663 return; 3664 3665 if (debug) 3666 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3667 SPP_ARGS(ifp)); 3668 3669 p = (void*) (h+1); 3670 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3671 len -= p[1], p += p[1]) { 3672 if (debug) 3673 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3674 switch (*p) { 3675 case IPV6CP_OPT_IFID: 3676 /* 3677 * Peer doesn't grok address option. This is 3678 * bad. XXX Should we better give up here? 3679 */ 3680 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3681 break; 3682#ifdef notyet 3683 case IPV6CP_OPT_COMPRESS: 3684 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3685 break; 3686#endif 3687 } 3688 } 3689 if (debug) 3690 log(-1, "\n"); 3691 free (buf, M_TEMP); 3692 return; 3693} 3694 3695/* 3696 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3697 * negotiation. 3698 */ 3699static void 3700sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3701{ 3702 u_char *buf, *p; 3703 struct ifnet *ifp = SP2IFP(sp); 3704 int debug = ifp->if_flags & IFF_DEBUG; 3705 struct in6_addr suggestaddr; 3706 char ip6buf[INET6_ADDRSTRLEN]; 3707 3708 len -= 4; 3709 buf = malloc (len, M_TEMP, M_NOWAIT); 3710 if (!buf) 3711 return; 3712 3713 if (debug) 3714 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3715 SPP_ARGS(ifp)); 3716 3717 p = (void*) (h+1); 3718 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3719 len -= p[1], p += p[1]) { 3720 if (debug) 3721 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3722 switch (*p) { 3723 case IPV6CP_OPT_IFID: 3724 /* 3725 * Peer doesn't like our local ifid. See 3726 * if we can do something for him. We'll drop 3727 * him our address then. 3728 */ 3729 if (len < 10 || p[1] != 10) 3730 break; 3731 bzero(&suggestaddr, sizeof(suggestaddr)); 3732 suggestaddr.s6_addr16[0] = htons(0xfe80); 3733 (void)in6_setscope(&suggestaddr, SP2IFP(sp), NULL); 3734 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3735 3736 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3737 if (debug) 3738 log(-1, " [suggestaddr %s]", 3739 ip6_sprintf(ip6buf, &suggestaddr)); 3740#ifdef IPV6CP_MYIFID_DYN 3741 /* 3742 * When doing dynamic address assignment, 3743 * we accept his offer. 3744 */ 3745 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3746 struct in6_addr lastsuggest; 3747 /* 3748 * If <suggested myaddr from peer> equals to 3749 * <hisaddr we have suggested last time>, 3750 * we have a collision. generate new random 3751 * ifid. 3752 */ 3753 sppp_suggest_ip6_addr(&lastsuggest); 3754 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3755 lastsuggest)) { 3756 if (debug) 3757 log(-1, " [random]"); 3758 sppp_gen_ip6_addr(sp, &suggestaddr); 3759 } 3760 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3761 if (debug) 3762 log(-1, " [agree]"); 3763 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3764 } 3765#else 3766 /* 3767 * Since we do not do dynamic address assignment, 3768 * we ignore it and thus continue to negotiate 3769 * our already existing value. This can possibly 3770 * go into infinite request-reject loop. 3771 * 3772 * This is not likely because we normally use 3773 * ifid based on MAC-address. 3774 * If you have no ethernet card on the node, too bad. 3775 * XXX should we use fail_counter? 3776 */ 3777#endif 3778 break; 3779#ifdef notyet 3780 case IPV6CP_OPT_COMPRESS: 3781 /* 3782 * Peer wants different compression parameters. 3783 */ 3784 break; 3785#endif 3786 } 3787 } 3788 if (debug) 3789 log(-1, "\n"); 3790 free (buf, M_TEMP); 3791 return; 3792} 3793static void 3794sppp_ipv6cp_tlu(struct sppp *sp) 3795{ 3796 /* we are up - notify isdn daemon */ 3797 if (sp->pp_con) 3798 sp->pp_con(sp); 3799} 3800 3801static void 3802sppp_ipv6cp_tld(struct sppp *sp) 3803{ 3804} 3805 3806static void 3807sppp_ipv6cp_tls(struct sppp *sp) 3808{ 3809 /* indicate to LCP that it must stay alive */ 3810 sp->lcp.protos |= (1 << IDX_IPV6CP); 3811} 3812 3813static void 3814sppp_ipv6cp_tlf(struct sppp *sp) 3815{ 3816 3817#if 0 /* need #if 0 to close IPv6CP properly */ 3818 /* we no longer need LCP */ 3819 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3820 sppp_lcp_check_and_close(sp); 3821#endif 3822} 3823 3824static void 3825sppp_ipv6cp_scr(struct sppp *sp) 3826{ 3827 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3828 struct in6_addr ouraddr; 3829 int i = 0; 3830 3831 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3832 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3833 opt[i++] = IPV6CP_OPT_IFID; 3834 opt[i++] = 10; 3835 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3836 i += 8; 3837 } 3838 3839#ifdef notyet 3840 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3841 opt[i++] = IPV6CP_OPT_COMPRESSION; 3842 opt[i++] = 4; 3843 opt[i++] = 0; /* TBD */ 3844 opt[i++] = 0; /* TBD */ 3845 /* variable length data may follow */ 3846 } 3847#endif 3848 3849 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3850 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3851} 3852#else /*INET6*/ 3853static void sppp_ipv6cp_init(struct sppp *sp) 3854{ 3855} 3856 3857static void sppp_ipv6cp_up(struct sppp *sp) 3858{ 3859} 3860 3861static void sppp_ipv6cp_down(struct sppp *sp) 3862{ 3863} 3864 3865 3866static void sppp_ipv6cp_open(struct sppp *sp) 3867{ 3868} 3869 3870static void sppp_ipv6cp_close(struct sppp *sp) 3871{ 3872} 3873 3874static void sppp_ipv6cp_TO(void *sp) 3875{ 3876} 3877 3878static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3879{ 3880 return 0; 3881} 3882 3883static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3884{ 3885} 3886 3887static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3888{ 3889} 3890 3891static void sppp_ipv6cp_tlu(struct sppp *sp) 3892{ 3893} 3894 3895static void sppp_ipv6cp_tld(struct sppp *sp) 3896{ 3897} 3898 3899static void sppp_ipv6cp_tls(struct sppp *sp) 3900{ 3901} 3902 3903static void sppp_ipv6cp_tlf(struct sppp *sp) 3904{ 3905} 3906 3907static void sppp_ipv6cp_scr(struct sppp *sp) 3908{ 3909} 3910#endif /*INET6*/ 3911 3912/* 3913 *--------------------------------------------------------------------------* 3914 * * 3915 * The CHAP implementation. * 3916 * * 3917 *--------------------------------------------------------------------------* 3918 */ 3919 3920/* 3921 * The authentication protocols don't employ a full-fledged state machine as 3922 * the control protocols do, since they do have Open and Close events, but 3923 * not Up and Down, nor are they explicitly terminated. Also, use of the 3924 * authentication protocols may be different in both directions (this makes 3925 * sense, think of a machine that never accepts incoming calls but only 3926 * calls out, it doesn't require the called party to authenticate itself). 3927 * 3928 * Our state machine for the local authentication protocol (we are requesting 3929 * the peer to authenticate) looks like: 3930 * 3931 * RCA- 3932 * +--------------------------------------------+ 3933 * V scn,tld| 3934 * +--------+ Close +---------+ RCA+ 3935 * | |<----------------------------------| |------+ 3936 * +--->| Closed | TO* | Opened | sca | 3937 * | | |-----+ +-------| |<-----+ 3938 * | +--------+ irc | | +---------+ 3939 * | ^ | | ^ 3940 * | | | | | 3941 * | | | | | 3942 * | TO-| | | | 3943 * | |tld TO+ V | | 3944 * | | +------->+ | | 3945 * | | | | | | 3946 * | +--------+ V | | 3947 * | | |<----+<--------------------+ | 3948 * | | Req- | scr | 3949 * | | Sent | | 3950 * | | | | 3951 * | +--------+ | 3952 * | RCA- | | RCA+ | 3953 * +------+ +------------------------------------------+ 3954 * scn,tld sca,irc,ict,tlu 3955 * 3956 * 3957 * with: 3958 * 3959 * Open: LCP reached authentication phase 3960 * Close: LCP reached terminate phase 3961 * 3962 * RCA+: received reply (pap-req, chap-response), acceptable 3963 * RCN: received reply (pap-req, chap-response), not acceptable 3964 * TO+: timeout with restart counter >= 0 3965 * TO-: timeout with restart counter < 0 3966 * TO*: reschedule timeout for CHAP 3967 * 3968 * scr: send request packet (none for PAP, chap-challenge) 3969 * sca: send ack packet (pap-ack, chap-success) 3970 * scn: send nak packet (pap-nak, chap-failure) 3971 * ict: initialize re-challenge timer (CHAP only) 3972 * 3973 * tlu: this-layer-up, LCP reaches network phase 3974 * tld: this-layer-down, LCP enters terminate phase 3975 * 3976 * Note that in CHAP mode, after sending a new challenge, while the state 3977 * automaton falls back into Req-Sent state, it doesn't signal a tld 3978 * event to LCP, so LCP remains in network phase. Only after not getting 3979 * any response (or after getting an unacceptable response), CHAP closes, 3980 * causing LCP to enter terminate phase. 3981 * 3982 * With PAP, there is no initial request that can be sent. The peer is 3983 * expected to send one based on the successful negotiation of PAP as 3984 * the authentication protocol during the LCP option negotiation. 3985 * 3986 * Incoming authentication protocol requests (remote requests 3987 * authentication, we are peer) don't employ a state machine at all, 3988 * they are simply answered. Some peers [Ascend P50 firmware rev 3989 * 4.50] react allergically when sending IPCP requests while they are 3990 * still in authentication phase (thereby violating the standard that 3991 * demands that these NCP packets are to be discarded), so we keep 3992 * track of the peer demanding us to authenticate, and only proceed to 3993 * phase network once we've seen a positive acknowledge for the 3994 * authentication. 3995 */ 3996 3997/* 3998 * Handle incoming CHAP packets. 3999 */ 4000static void 4001sppp_chap_input(struct sppp *sp, struct mbuf *m) 4002{ 4003 STDDCL; 4004 struct lcp_header *h; 4005 int len; 4006 u_char *value, *name, digest[AUTHKEYLEN], dsize; 4007 int value_len, name_len; 4008 MD5_CTX ctx; 4009 4010 len = m->m_pkthdr.len; 4011 if (len < 4) { 4012 if (debug) 4013 log(LOG_DEBUG, 4014 SPP_FMT "chap invalid packet length: %d bytes\n", 4015 SPP_ARGS(ifp), len); 4016 return; 4017 } 4018 h = mtod (m, struct lcp_header*); 4019 if (len > ntohs (h->len)) 4020 len = ntohs (h->len); 4021 4022 switch (h->type) { 4023 /* challenge, failure and success are his authproto */ 4024 case CHAP_CHALLENGE: 4025 value = 1 + (u_char*)(h+1); 4026 value_len = value[-1]; 4027 name = value + value_len; 4028 name_len = len - value_len - 5; 4029 if (name_len < 0) { 4030 if (debug) { 4031 log(LOG_DEBUG, 4032 SPP_FMT "chap corrupted challenge " 4033 "<%s id=0x%x len=%d", 4034 SPP_ARGS(ifp), 4035 sppp_auth_type_name(PPP_CHAP, h->type), 4036 h->ident, ntohs(h->len)); 4037 sppp_print_bytes((u_char*) (h+1), len-4); 4038 log(-1, ">\n"); 4039 } 4040 break; 4041 } 4042 4043 if (debug) { 4044 log(LOG_DEBUG, 4045 SPP_FMT "chap input <%s id=0x%x len=%d name=", 4046 SPP_ARGS(ifp), 4047 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 4048 ntohs(h->len)); 4049 sppp_print_string((char*) name, name_len); 4050 log(-1, " value-size=%d value=", value_len); 4051 sppp_print_bytes(value, value_len); 4052 log(-1, ">\n"); 4053 } 4054 4055 /* Compute reply value. */ 4056 MD5Init(&ctx); 4057 MD5Update(&ctx, &h->ident, 1); 4058 MD5Update(&ctx, sp->myauth.secret, 4059 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 4060 MD5Update(&ctx, value, value_len); 4061 MD5Final(digest, &ctx); 4062 dsize = sizeof digest; 4063 4064 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 4065 sizeof dsize, (const char *)&dsize, 4066 sizeof digest, digest, 4067 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4068 sp->myauth.name, 4069 0); 4070 break; 4071 4072 case CHAP_SUCCESS: 4073 if (debug) { 4074 log(LOG_DEBUG, SPP_FMT "chap success", 4075 SPP_ARGS(ifp)); 4076 if (len > 4) { 4077 log(-1, ": "); 4078 sppp_print_string((char*)(h + 1), len - 4); 4079 } 4080 log(-1, "\n"); 4081 } 4082 SPPP_LOCK(sp); 4083 sp->pp_flags &= ~PP_NEEDAUTH; 4084 if (sp->myauth.proto == PPP_CHAP && 4085 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4086 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 4087 /* 4088 * We are authenticator for CHAP but didn't 4089 * complete yet. Leave it to tlu to proceed 4090 * to network phase. 4091 */ 4092 SPPP_UNLOCK(sp); 4093 break; 4094 } 4095 SPPP_UNLOCK(sp); 4096 sppp_phase_network(sp); 4097 break; 4098 4099 case CHAP_FAILURE: 4100 if (debug) { 4101 log(LOG_INFO, SPP_FMT "chap failure", 4102 SPP_ARGS(ifp)); 4103 if (len > 4) { 4104 log(-1, ": "); 4105 sppp_print_string((char*)(h + 1), len - 4); 4106 } 4107 log(-1, "\n"); 4108 } else 4109 log(LOG_INFO, SPP_FMT "chap failure\n", 4110 SPP_ARGS(ifp)); 4111 /* await LCP shutdown by authenticator */ 4112 break; 4113 4114 /* response is my authproto */ 4115 case CHAP_RESPONSE: 4116 value = 1 + (u_char*)(h+1); 4117 value_len = value[-1]; 4118 name = value + value_len; 4119 name_len = len - value_len - 5; 4120 if (name_len < 0) { 4121 if (debug) { 4122 log(LOG_DEBUG, 4123 SPP_FMT "chap corrupted response " 4124 "<%s id=0x%x len=%d", 4125 SPP_ARGS(ifp), 4126 sppp_auth_type_name(PPP_CHAP, h->type), 4127 h->ident, ntohs(h->len)); 4128 sppp_print_bytes((u_char*)(h+1), len-4); 4129 log(-1, ">\n"); 4130 } 4131 break; 4132 } 4133 if (h->ident != sp->confid[IDX_CHAP]) { 4134 if (debug) 4135 log(LOG_DEBUG, 4136 SPP_FMT "chap dropping response for old ID " 4137 "(got %d, expected %d)\n", 4138 SPP_ARGS(ifp), 4139 h->ident, sp->confid[IDX_CHAP]); 4140 break; 4141 } 4142 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 4143 || bcmp(name, sp->hisauth.name, name_len) != 0) { 4144 log(LOG_INFO, SPP_FMT "chap response, his name ", 4145 SPP_ARGS(ifp)); 4146 sppp_print_string(name, name_len); 4147 log(-1, " != expected "); 4148 sppp_print_string(sp->hisauth.name, 4149 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 4150 log(-1, "\n"); 4151 } 4152 if (debug) { 4153 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 4154 "<%s id=0x%x len=%d name=", 4155 SPP_ARGS(ifp), 4156 sppp_state_name(sp->state[IDX_CHAP]), 4157 sppp_auth_type_name(PPP_CHAP, h->type), 4158 h->ident, ntohs (h->len)); 4159 sppp_print_string((char*)name, name_len); 4160 log(-1, " value-size=%d value=", value_len); 4161 sppp_print_bytes(value, value_len); 4162 log(-1, ">\n"); 4163 } 4164 if (value_len != AUTHKEYLEN) { 4165 if (debug) 4166 log(LOG_DEBUG, 4167 SPP_FMT "chap bad hash value length: " 4168 "%d bytes, should be %d\n", 4169 SPP_ARGS(ifp), value_len, 4170 AUTHKEYLEN); 4171 break; 4172 } 4173 4174 MD5Init(&ctx); 4175 MD5Update(&ctx, &h->ident, 1); 4176 MD5Update(&ctx, sp->hisauth.secret, 4177 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 4178 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 4179 MD5Final(digest, &ctx); 4180 4181#define FAILMSG "Failed..." 4182#define SUCCMSG "Welcome!" 4183 4184 if (value_len != sizeof digest || 4185 bcmp(digest, value, value_len) != 0) { 4186 /* action scn, tld */ 4187 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4188 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4189 0); 4190 chap.tld(sp); 4191 break; 4192 } 4193 /* action sca, perhaps tlu */ 4194 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4195 sp->state[IDX_CHAP] == STATE_OPENED) 4196 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4197 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4198 0); 4199 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4200 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4201 chap.tlu(sp); 4202 } 4203 break; 4204 4205 default: 4206 /* Unknown CHAP packet type -- ignore. */ 4207 if (debug) { 4208 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4209 "<0x%x id=0x%xh len=%d", 4210 SPP_ARGS(ifp), 4211 sppp_state_name(sp->state[IDX_CHAP]), 4212 h->type, h->ident, ntohs(h->len)); 4213 sppp_print_bytes((u_char*)(h+1), len-4); 4214 log(-1, ">\n"); 4215 } 4216 break; 4217 4218 } 4219} 4220 4221static void 4222sppp_chap_init(struct sppp *sp) 4223{ 4224 /* Chap doesn't have STATE_INITIAL at all. */ 4225 sp->state[IDX_CHAP] = STATE_CLOSED; 4226 sp->fail_counter[IDX_CHAP] = 0; 4227 sp->pp_seq[IDX_CHAP] = 0; 4228 sp->pp_rseq[IDX_CHAP] = 0; 4229 callout_init(&sp->ch[IDX_CHAP], CALLOUT_MPSAFE); 4230} 4231 4232static void 4233sppp_chap_open(struct sppp *sp) 4234{ 4235 if (sp->myauth.proto == PPP_CHAP && 4236 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4237 /* we are authenticator for CHAP, start it */ 4238 chap.scr(sp); 4239 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4240 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4241 } 4242 /* nothing to be done if we are peer, await a challenge */ 4243} 4244 4245static void 4246sppp_chap_close(struct sppp *sp) 4247{ 4248 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4249 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4250} 4251 4252static void 4253sppp_chap_TO(void *cookie) 4254{ 4255 struct sppp *sp = (struct sppp *)cookie; 4256 STDDCL; 4257 4258 SPPP_LOCK(sp); 4259 if (debug) 4260 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4261 SPP_ARGS(ifp), 4262 sppp_state_name(sp->state[IDX_CHAP]), 4263 sp->rst_counter[IDX_CHAP]); 4264 4265 if (--sp->rst_counter[IDX_CHAP] < 0) 4266 /* TO- event */ 4267 switch (sp->state[IDX_CHAP]) { 4268 case STATE_REQ_SENT: 4269 chap.tld(sp); 4270 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4271 break; 4272 } 4273 else 4274 /* TO+ (or TO*) event */ 4275 switch (sp->state[IDX_CHAP]) { 4276 case STATE_OPENED: 4277 /* TO* event */ 4278 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4279 /* FALLTHROUGH */ 4280 case STATE_REQ_SENT: 4281 chap.scr(sp); 4282 /* sppp_cp_change_state() will restart the timer */ 4283 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4284 break; 4285 } 4286 4287 SPPP_UNLOCK(sp); 4288} 4289 4290static void 4291sppp_chap_tlu(struct sppp *sp) 4292{ 4293 STDDCL; 4294 int i; 4295 4296 i = 0; 4297 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4298 4299 /* 4300 * Some broken CHAP implementations (Conware CoNet, firmware 4301 * 4.0.?) don't want to re-authenticate their CHAP once the 4302 * initial challenge-response exchange has taken place. 4303 * Provide for an option to avoid rechallenges. 4304 */ 4305 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4306 /* 4307 * Compute the re-challenge timeout. This will yield 4308 * a number between 300 and 810 seconds. 4309 */ 4310 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4311 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, (void *)sp); 4312 } 4313 4314 if (debug) { 4315 log(LOG_DEBUG, 4316 SPP_FMT "chap %s, ", 4317 SPP_ARGS(ifp), 4318 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4319 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4320 log(-1, "next re-challenge in %d seconds\n", i); 4321 else 4322 log(-1, "re-challenging supressed\n"); 4323 } 4324 4325 SPPP_LOCK(sp); 4326 /* indicate to LCP that we need to be closed down */ 4327 sp->lcp.protos |= (1 << IDX_CHAP); 4328 4329 if (sp->pp_flags & PP_NEEDAUTH) { 4330 /* 4331 * Remote is authenticator, but his auth proto didn't 4332 * complete yet. Defer the transition to network 4333 * phase. 4334 */ 4335 SPPP_UNLOCK(sp); 4336 return; 4337 } 4338 SPPP_UNLOCK(sp); 4339 4340 /* 4341 * If we are already in phase network, we are done here. This 4342 * is the case if this is a dummy tlu event after a re-challenge. 4343 */ 4344 if (sp->pp_phase != PHASE_NETWORK) 4345 sppp_phase_network(sp); 4346} 4347 4348static void 4349sppp_chap_tld(struct sppp *sp) 4350{ 4351 STDDCL; 4352 4353 if (debug) 4354 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4355 callout_stop(&sp->ch[IDX_CHAP]); 4356 sp->lcp.protos &= ~(1 << IDX_CHAP); 4357 4358 lcp.Close(sp); 4359} 4360 4361static void 4362sppp_chap_scr(struct sppp *sp) 4363{ 4364 u_long *ch, seed; 4365 u_char clen; 4366 4367 /* Compute random challenge. */ 4368 ch = (u_long *)sp->myauth.challenge; 4369 read_random(&seed, sizeof seed); 4370 ch[0] = seed ^ random(); 4371 ch[1] = seed ^ random(); 4372 ch[2] = seed ^ random(); 4373 ch[3] = seed ^ random(); 4374 clen = AUTHKEYLEN; 4375 4376 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4377 4378 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4379 sizeof clen, (const char *)&clen, 4380 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4381 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4382 sp->myauth.name, 4383 0); 4384} 4385 4386/* 4387 *--------------------------------------------------------------------------* 4388 * * 4389 * The PAP implementation. * 4390 * * 4391 *--------------------------------------------------------------------------* 4392 */ 4393/* 4394 * For PAP, we need to keep a little state also if we are the peer, not the 4395 * authenticator. This is since we don't get a request to authenticate, but 4396 * have to repeatedly authenticate ourself until we got a response (or the 4397 * retry counter is expired). 4398 */ 4399 4400/* 4401 * Handle incoming PAP packets. */ 4402static void 4403sppp_pap_input(struct sppp *sp, struct mbuf *m) 4404{ 4405 STDDCL; 4406 struct lcp_header *h; 4407 int len; 4408 u_char *name, *passwd, mlen; 4409 int name_len, passwd_len; 4410 4411 len = m->m_pkthdr.len; 4412 if (len < 5) { 4413 if (debug) 4414 log(LOG_DEBUG, 4415 SPP_FMT "pap invalid packet length: %d bytes\n", 4416 SPP_ARGS(ifp), len); 4417 return; 4418 } 4419 h = mtod (m, struct lcp_header*); 4420 if (len > ntohs (h->len)) 4421 len = ntohs (h->len); 4422 switch (h->type) { 4423 /* PAP request is my authproto */ 4424 case PAP_REQ: 4425 name = 1 + (u_char*)(h+1); 4426 name_len = name[-1]; 4427 passwd = name + name_len + 1; 4428 if (name_len > len - 6 || 4429 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4430 if (debug) { 4431 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4432 "<%s id=0x%x len=%d", 4433 SPP_ARGS(ifp), 4434 sppp_auth_type_name(PPP_PAP, h->type), 4435 h->ident, ntohs(h->len)); 4436 sppp_print_bytes((u_char*)(h+1), len-4); 4437 log(-1, ">\n"); 4438 } 4439 break; 4440 } 4441 if (debug) { 4442 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4443 "<%s id=0x%x len=%d name=", 4444 SPP_ARGS(ifp), 4445 sppp_state_name(sp->state[IDX_PAP]), 4446 sppp_auth_type_name(PPP_PAP, h->type), 4447 h->ident, ntohs(h->len)); 4448 sppp_print_string((char*)name, name_len); 4449 log(-1, " passwd="); 4450 sppp_print_string((char*)passwd, passwd_len); 4451 log(-1, ">\n"); 4452 } 4453 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4454 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4455 bcmp(name, sp->hisauth.name, name_len) != 0 || 4456 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4457 /* action scn, tld */ 4458 mlen = sizeof(FAILMSG) - 1; 4459 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4460 sizeof mlen, (const char *)&mlen, 4461 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4462 0); 4463 pap.tld(sp); 4464 break; 4465 } 4466 /* action sca, perhaps tlu */ 4467 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4468 sp->state[IDX_PAP] == STATE_OPENED) { 4469 mlen = sizeof(SUCCMSG) - 1; 4470 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4471 sizeof mlen, (const char *)&mlen, 4472 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4473 0); 4474 } 4475 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4476 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4477 pap.tlu(sp); 4478 } 4479 break; 4480 4481 /* ack and nak are his authproto */ 4482 case PAP_ACK: 4483 callout_stop(&sp->pap_my_to_ch); 4484 if (debug) { 4485 log(LOG_DEBUG, SPP_FMT "pap success", 4486 SPP_ARGS(ifp)); 4487 name_len = *((char *)h); 4488 if (len > 5 && name_len) { 4489 log(-1, ": "); 4490 sppp_print_string((char*)(h+1), name_len); 4491 } 4492 log(-1, "\n"); 4493 } 4494 SPPP_LOCK(sp); 4495 sp->pp_flags &= ~PP_NEEDAUTH; 4496 if (sp->myauth.proto == PPP_PAP && 4497 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4498 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4499 /* 4500 * We are authenticator for PAP but didn't 4501 * complete yet. Leave it to tlu to proceed 4502 * to network phase. 4503 */ 4504 SPPP_UNLOCK(sp); 4505 break; 4506 } 4507 SPPP_UNLOCK(sp); 4508 sppp_phase_network(sp); 4509 break; 4510 4511 case PAP_NAK: 4512 callout_stop (&sp->pap_my_to_ch); 4513 if (debug) { 4514 log(LOG_INFO, SPP_FMT "pap failure", 4515 SPP_ARGS(ifp)); 4516 name_len = *((char *)h); 4517 if (len > 5 && name_len) { 4518 log(-1, ": "); 4519 sppp_print_string((char*)(h+1), name_len); 4520 } 4521 log(-1, "\n"); 4522 } else 4523 log(LOG_INFO, SPP_FMT "pap failure\n", 4524 SPP_ARGS(ifp)); 4525 /* await LCP shutdown by authenticator */ 4526 break; 4527 4528 default: 4529 /* Unknown PAP packet type -- ignore. */ 4530 if (debug) { 4531 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4532 "<0x%x id=0x%x len=%d", 4533 SPP_ARGS(ifp), 4534 h->type, h->ident, ntohs(h->len)); 4535 sppp_print_bytes((u_char*)(h+1), len-4); 4536 log(-1, ">\n"); 4537 } 4538 break; 4539 4540 } 4541} 4542 4543static void 4544sppp_pap_init(struct sppp *sp) 4545{ 4546 /* PAP doesn't have STATE_INITIAL at all. */ 4547 sp->state[IDX_PAP] = STATE_CLOSED; 4548 sp->fail_counter[IDX_PAP] = 0; 4549 sp->pp_seq[IDX_PAP] = 0; 4550 sp->pp_rseq[IDX_PAP] = 0; 4551 callout_init(&sp->ch[IDX_PAP], CALLOUT_MPSAFE); 4552 callout_init(&sp->pap_my_to_ch, CALLOUT_MPSAFE); 4553} 4554 4555static void 4556sppp_pap_open(struct sppp *sp) 4557{ 4558 if (sp->hisauth.proto == PPP_PAP && 4559 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4560 /* we are authenticator for PAP, start our timer */ 4561 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4562 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4563 } 4564 if (sp->myauth.proto == PPP_PAP) { 4565 /* we are peer, send a request, and start a timer */ 4566 pap.scr(sp); 4567 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 4568 sppp_pap_my_TO, (void *)sp); 4569 } 4570} 4571 4572static void 4573sppp_pap_close(struct sppp *sp) 4574{ 4575 if (sp->state[IDX_PAP] != STATE_CLOSED) 4576 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4577} 4578 4579/* 4580 * That's the timeout routine if we are authenticator. Since the 4581 * authenticator is basically passive in PAP, we can't do much here. 4582 */ 4583static void 4584sppp_pap_TO(void *cookie) 4585{ 4586 struct sppp *sp = (struct sppp *)cookie; 4587 STDDCL; 4588 4589 SPPP_LOCK(sp); 4590 if (debug) 4591 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4592 SPP_ARGS(ifp), 4593 sppp_state_name(sp->state[IDX_PAP]), 4594 sp->rst_counter[IDX_PAP]); 4595 4596 if (--sp->rst_counter[IDX_PAP] < 0) 4597 /* TO- event */ 4598 switch (sp->state[IDX_PAP]) { 4599 case STATE_REQ_SENT: 4600 pap.tld(sp); 4601 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4602 break; 4603 } 4604 else 4605 /* TO+ event, not very much we could do */ 4606 switch (sp->state[IDX_PAP]) { 4607 case STATE_REQ_SENT: 4608 /* sppp_cp_change_state() will restart the timer */ 4609 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4610 break; 4611 } 4612 4613 SPPP_UNLOCK(sp); 4614} 4615 4616/* 4617 * That's the timeout handler if we are peer. Since the peer is active, 4618 * we need to retransmit our PAP request since it is apparently lost. 4619 * XXX We should impose a max counter. 4620 */ 4621static void 4622sppp_pap_my_TO(void *cookie) 4623{ 4624 struct sppp *sp = (struct sppp *)cookie; 4625 STDDCL; 4626 4627 if (debug) 4628 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4629 SPP_ARGS(ifp)); 4630 4631 SPPP_LOCK(sp); 4632 pap.scr(sp); 4633 SPPP_UNLOCK(sp); 4634} 4635 4636static void 4637sppp_pap_tlu(struct sppp *sp) 4638{ 4639 STDDCL; 4640 4641 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4642 4643 if (debug) 4644 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4645 SPP_ARGS(ifp), pap.name); 4646 4647 SPPP_LOCK(sp); 4648 /* indicate to LCP that we need to be closed down */ 4649 sp->lcp.protos |= (1 << IDX_PAP); 4650 4651 if (sp->pp_flags & PP_NEEDAUTH) { 4652 /* 4653 * Remote is authenticator, but his auth proto didn't 4654 * complete yet. Defer the transition to network 4655 * phase. 4656 */ 4657 SPPP_UNLOCK(sp); 4658 return; 4659 } 4660 SPPP_UNLOCK(sp); 4661 sppp_phase_network(sp); 4662} 4663 4664static void 4665sppp_pap_tld(struct sppp *sp) 4666{ 4667 STDDCL; 4668 4669 if (debug) 4670 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4671 callout_stop (&sp->ch[IDX_PAP]); 4672 callout_stop (&sp->pap_my_to_ch); 4673 sp->lcp.protos &= ~(1 << IDX_PAP); 4674 4675 lcp.Close(sp); 4676} 4677 4678static void 4679sppp_pap_scr(struct sppp *sp) 4680{ 4681 u_char idlen, pwdlen; 4682 4683 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4684 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4685 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4686 4687 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4688 sizeof idlen, (const char *)&idlen, 4689 (size_t)idlen, sp->myauth.name, 4690 sizeof pwdlen, (const char *)&pwdlen, 4691 (size_t)pwdlen, sp->myauth.secret, 4692 0); 4693} 4694 4695/* 4696 * Random miscellaneous functions. 4697 */ 4698 4699/* 4700 * Send a PAP or CHAP proto packet. 4701 * 4702 * Varadic function, each of the elements for the ellipsis is of type 4703 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4704 * mlen == 0. 4705 * NOTE: never declare variadic functions with types subject to type 4706 * promotion (i.e. u_char). This is asking for big trouble depending 4707 * on the architecture you are on... 4708 */ 4709 4710static void 4711sppp_auth_send(const struct cp *cp, struct sppp *sp, 4712 unsigned int type, unsigned int id, 4713 ...) 4714{ 4715 STDDCL; 4716 struct ppp_header *h; 4717 struct lcp_header *lh; 4718 struct mbuf *m; 4719 u_char *p; 4720 int len; 4721 unsigned int mlen; 4722 const char *msg; 4723 va_list ap; 4724 4725 MGETHDR (m, M_NOWAIT, MT_DATA); 4726 if (! m) 4727 return; 4728 m->m_pkthdr.rcvif = 0; 4729 4730 h = mtod (m, struct ppp_header*); 4731 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4732 h->control = PPP_UI; /* Unnumbered Info */ 4733 h->protocol = htons(cp->proto); 4734 4735 lh = (struct lcp_header*)(h + 1); 4736 lh->type = type; 4737 lh->ident = id; 4738 p = (u_char*) (lh+1); 4739 4740 va_start(ap, id); 4741 len = 0; 4742 4743 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4744 msg = va_arg(ap, const char *); 4745 len += mlen; 4746 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4747 va_end(ap); 4748 m_freem(m); 4749 return; 4750 } 4751 4752 bcopy(msg, p, mlen); 4753 p += mlen; 4754 } 4755 va_end(ap); 4756 4757 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4758 lh->len = htons (LCP_HEADER_LEN + len); 4759 4760 if (debug) { 4761 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4762 SPP_ARGS(ifp), cp->name, 4763 sppp_auth_type_name(cp->proto, lh->type), 4764 lh->ident, ntohs(lh->len)); 4765 sppp_print_bytes((u_char*) (lh+1), len); 4766 log(-1, ">\n"); 4767 } 4768 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 4769 ifp->if_oerrors++; 4770} 4771 4772/* 4773 * Flush interface queue. 4774 */ 4775static void 4776sppp_qflush(struct ifqueue *ifq) 4777{ 4778 struct mbuf *m, *n; 4779 4780 n = ifq->ifq_head; 4781 while ((m = n)) { 4782 n = m->m_act; 4783 m_freem (m); 4784 } 4785 ifq->ifq_head = 0; 4786 ifq->ifq_tail = 0; 4787 ifq->ifq_len = 0; 4788} 4789 4790/* 4791 * Send keepalive packets, every 10 seconds. 4792 */ 4793static void 4794sppp_keepalive(void *dummy) 4795{ 4796 struct sppp *sp = (struct sppp*)dummy; 4797 struct ifnet *ifp = SP2IFP(sp); 4798 4799 SPPP_LOCK(sp); 4800 /* Keepalive mode disabled or channel down? */ 4801 if (! (sp->pp_flags & PP_KEEPALIVE) || 4802 ! (ifp->if_drv_flags & IFF_DRV_RUNNING)) 4803 goto out; 4804 4805 if (sp->pp_mode == PP_FR) { 4806 sppp_fr_keepalive (sp); 4807 goto out; 4808 } 4809 4810 /* No keepalive in PPP mode if LCP not opened yet. */ 4811 if (sp->pp_mode != IFF_CISCO && 4812 sp->pp_phase < PHASE_AUTHENTICATE) 4813 goto out; 4814 4815 if (sp->pp_alivecnt == MAXALIVECNT) { 4816 /* No keepalive packets got. Stop the interface. */ 4817 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4818 if_down (ifp); 4819 sppp_qflush (&sp->pp_cpq); 4820 if (sp->pp_mode != IFF_CISCO) { 4821 /* XXX */ 4822 /* Shut down the PPP link. */ 4823 lcp.Down(sp); 4824 /* Initiate negotiation. XXX */ 4825 lcp.Up(sp); 4826 } 4827 } 4828 if (sp->pp_alivecnt <= MAXALIVECNT) 4829 ++sp->pp_alivecnt; 4830 if (sp->pp_mode == IFF_CISCO) 4831 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4832 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4833 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4834 long nmagic = htonl (sp->lcp.magic); 4835 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4836 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4837 sp->lcp.echoid, 4, &nmagic); 4838 } 4839out: 4840 SPPP_UNLOCK(sp); 4841 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 4842 (void *)sp); 4843} 4844 4845/* 4846 * Get both IP addresses. 4847 */ 4848void 4849sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4850{ 4851 struct ifnet *ifp = SP2IFP(sp); 4852 struct ifaddr *ifa; 4853 struct sockaddr_in *si, *sm; 4854 u_long ssrc, ddst; 4855 4856 sm = NULL; 4857 ssrc = ddst = 0L; 4858 /* 4859 * Pick the first AF_INET address from the list, 4860 * aliases don't make any sense on a p2p link anyway. 4861 */ 4862 si = 0; 4863 if_addr_rlock(ifp); 4864 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4865 if (ifa->ifa_addr->sa_family == AF_INET) { 4866 si = (struct sockaddr_in *)ifa->ifa_addr; 4867 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4868 if (si) 4869 break; 4870 } 4871 if (ifa) { 4872 if (si && si->sin_addr.s_addr) { 4873 ssrc = si->sin_addr.s_addr; 4874 if (srcmask) 4875 *srcmask = ntohl(sm->sin_addr.s_addr); 4876 } 4877 4878 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4879 if (si && si->sin_addr.s_addr) 4880 ddst = si->sin_addr.s_addr; 4881 } 4882 if_addr_runlock(ifp); 4883 4884 if (dst) *dst = ntohl(ddst); 4885 if (src) *src = ntohl(ssrc); 4886} 4887 4888#ifdef INET 4889/* 4890 * Set my IP address. 4891 */ 4892static void 4893sppp_set_ip_addr(struct sppp *sp, u_long src) 4894{ 4895 STDDCL; 4896 struct ifaddr *ifa; 4897 struct sockaddr_in *si; 4898 struct in_ifaddr *ia; 4899 4900 /* 4901 * Pick the first AF_INET address from the list, 4902 * aliases don't make any sense on a p2p link anyway. 4903 */ 4904 si = 0; 4905 if_addr_rlock(ifp); 4906 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 4907 if (ifa->ifa_addr->sa_family == AF_INET) { 4908 si = (struct sockaddr_in *)ifa->ifa_addr; 4909 if (si != NULL) { 4910 ifa_ref(ifa); 4911 break; 4912 } 4913 } 4914 } 4915 if_addr_runlock(ifp); 4916 4917 if (ifa != NULL) { 4918 int error; 4919 4920 /* delete old route */ 4921 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4922 if (debug && error) { 4923 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4924 SPP_ARGS(ifp), error); 4925 } 4926 4927 /* set new address */ 4928 si->sin_addr.s_addr = htonl(src); 4929 ia = ifatoia(ifa); 4930 IN_IFADDR_WLOCK(); 4931 LIST_REMOVE(ia, ia_hash); 4932 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4933 IN_IFADDR_WUNLOCK(); 4934 4935 /* add new route */ 4936 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4937 if (debug && error) { 4938 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4939 SPP_ARGS(ifp), error); 4940 } 4941 ifa_free(ifa); 4942 } 4943} 4944#endif 4945 4946#ifdef INET6 4947/* 4948 * Get both IPv6 addresses. 4949 */ 4950static void 4951sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4952 struct in6_addr *srcmask) 4953{ 4954 struct ifnet *ifp = SP2IFP(sp); 4955 struct ifaddr *ifa; 4956 struct sockaddr_in6 *si, *sm; 4957 struct in6_addr ssrc, ddst; 4958 4959 sm = NULL; 4960 bzero(&ssrc, sizeof(ssrc)); 4961 bzero(&ddst, sizeof(ddst)); 4962 /* 4963 * Pick the first link-local AF_INET6 address from the list, 4964 * aliases don't make any sense on a p2p link anyway. 4965 */ 4966 si = NULL; 4967 if_addr_rlock(ifp); 4968 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4969 if (ifa->ifa_addr->sa_family == AF_INET6) { 4970 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4971 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4972 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4973 break; 4974 } 4975 if (ifa) { 4976 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4977 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4978 if (srcmask) { 4979 bcopy(&sm->sin6_addr, srcmask, 4980 sizeof(*srcmask)); 4981 } 4982 } 4983 4984 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4985 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4986 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4987 } 4988 4989 if (dst) 4990 bcopy(&ddst, dst, sizeof(*dst)); 4991 if (src) 4992 bcopy(&ssrc, src, sizeof(*src)); 4993 if_addr_runlock(ifp); 4994} 4995 4996#ifdef IPV6CP_MYIFID_DYN 4997/* 4998 * Generate random ifid. 4999 */ 5000static void 5001sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 5002{ 5003 /* TBD */ 5004} 5005 5006/* 5007 * Set my IPv6 address. 5008 */ 5009static void 5010sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 5011{ 5012 STDDCL; 5013 struct ifaddr *ifa; 5014 struct sockaddr_in6 *sin6; 5015 5016 /* 5017 * Pick the first link-local AF_INET6 address from the list, 5018 * aliases don't make any sense on a p2p link anyway. 5019 */ 5020 5021 sin6 = NULL; 5022 if_addr_rlock(ifp); 5023 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 5024 if (ifa->ifa_addr->sa_family == AF_INET6) { 5025 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 5026 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 5027 ifa_ref(ifa); 5028 break; 5029 } 5030 } 5031 } 5032 if_addr_runlock(ifp); 5033 5034 if (ifa != NULL) { 5035 int error; 5036 struct sockaddr_in6 new_sin6 = *sin6; 5037 5038 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 5039 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 5040 if (debug && error) { 5041 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 5042 " failed, error=%d\n", SPP_ARGS(ifp), error); 5043 } 5044 ifa_free(ifa); 5045 } 5046} 5047#endif 5048 5049/* 5050 * Suggest a candidate address to be used by peer. 5051 */ 5052static void 5053sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5054{ 5055 struct in6_addr myaddr; 5056 struct timeval tv; 5057 5058 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5059 5060 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5061 microtime(&tv); 5062 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5063 myaddr.s6_addr[14] ^= 0xff; 5064 myaddr.s6_addr[15] ^= 0xff; 5065 } else { 5066 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5067 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5068 } 5069 if (suggest) 5070 bcopy(&myaddr, suggest, sizeof(myaddr)); 5071} 5072#endif /*INET6*/ 5073 5074static int 5075sppp_params(struct sppp *sp, u_long cmd, void *data) 5076{ 5077 u_long subcmd; 5078 struct ifreq *ifr = (struct ifreq *)data; 5079 struct spppreq *spr; 5080 int rv = 0; 5081 5082 if ((spr = malloc(sizeof(struct spppreq), M_TEMP, M_NOWAIT)) == 0) 5083 return (EAGAIN); 5084 /* 5085 * ifr->ifr_data is supposed to point to a struct spppreq. 5086 * Check the cmd word first before attempting to fetch all the 5087 * data. 5088 */ 5089 if ((subcmd = fuword(ifr->ifr_data)) == -1) { 5090 rv = EFAULT; 5091 goto quit; 5092 } 5093 5094 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(struct spppreq)) != 0) { 5095 rv = EFAULT; 5096 goto quit; 5097 } 5098 5099 switch (subcmd) { 5100 case (u_long)SPPPIOGDEFS: 5101 if (cmd != SIOCGIFGENERIC) { 5102 rv = EINVAL; 5103 break; 5104 } 5105 /* 5106 * We copy over the entire current state, but clean 5107 * out some of the stuff we don't wanna pass up. 5108 * Remember, SIOCGIFGENERIC is unprotected, and can be 5109 * called by any user. No need to ever get PAP or 5110 * CHAP secrets back to userland anyway. 5111 */ 5112 spr->defs.pp_phase = sp->pp_phase; 5113 spr->defs.enable_vj = (sp->confflags & CONF_ENABLE_VJ) != 0; 5114 spr->defs.enable_ipv6 = (sp->confflags & CONF_ENABLE_IPV6) != 0; 5115 spr->defs.lcp = sp->lcp; 5116 spr->defs.ipcp = sp->ipcp; 5117 spr->defs.ipv6cp = sp->ipv6cp; 5118 spr->defs.myauth = sp->myauth; 5119 spr->defs.hisauth = sp->hisauth; 5120 bzero(spr->defs.myauth.secret, AUTHKEYLEN); 5121 bzero(spr->defs.myauth.challenge, AUTHKEYLEN); 5122 bzero(spr->defs.hisauth.secret, AUTHKEYLEN); 5123 bzero(spr->defs.hisauth.challenge, AUTHKEYLEN); 5124 /* 5125 * Fixup the LCP timeout value to milliseconds so 5126 * spppcontrol doesn't need to bother about the value 5127 * of "hz". We do the reverse calculation below when 5128 * setting it. 5129 */ 5130 spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz; 5131 rv = copyout(spr, (caddr_t)ifr->ifr_data, 5132 sizeof(struct spppreq)); 5133 break; 5134 5135 case (u_long)SPPPIOSDEFS: 5136 if (cmd != SIOCSIFGENERIC) { 5137 rv = EINVAL; 5138 break; 5139 } 5140 /* 5141 * We have a very specific idea of which fields we 5142 * allow being passed back from userland, so to not 5143 * clobber our current state. For one, we only allow 5144 * setting anything if LCP is in dead or establish 5145 * phase. Once the authentication negotiations 5146 * started, the authentication settings must not be 5147 * changed again. (The administrator can force an 5148 * ifconfig down in order to get LCP back into dead 5149 * phase.) 5150 * 5151 * Also, we only allow for authentication parameters to be 5152 * specified. 5153 * 5154 * XXX Should allow to set or clear pp_flags. 5155 * 5156 * Finally, if the respective authentication protocol to 5157 * be used is set differently than 0, but the secret is 5158 * passed as all zeros, we don't trash the existing secret. 5159 * This allows an administrator to change the system name 5160 * only without clobbering the secret (which he didn't get 5161 * back in a previous SPPPIOGDEFS call). However, the 5162 * secrets are cleared if the authentication protocol is 5163 * reset to 0. */ 5164 if (sp->pp_phase != PHASE_DEAD && 5165 sp->pp_phase != PHASE_ESTABLISH) { 5166 rv = EBUSY; 5167 break; 5168 } 5169 5170 if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP && 5171 spr->defs.myauth.proto != PPP_CHAP) || 5172 (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP && 5173 spr->defs.hisauth.proto != PPP_CHAP)) { 5174 rv = EINVAL; 5175 break; 5176 } 5177 5178 if (spr->defs.myauth.proto == 0) 5179 /* resetting myauth */ 5180 bzero(&sp->myauth, sizeof sp->myauth); 5181 else { 5182 /* setting/changing myauth */ 5183 sp->myauth.proto = spr->defs.myauth.proto; 5184 bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 5185 if (spr->defs.myauth.secret[0] != '\0') 5186 bcopy(spr->defs.myauth.secret, sp->myauth.secret, 5187 AUTHKEYLEN); 5188 } 5189 if (spr->defs.hisauth.proto == 0) 5190 /* resetting hisauth */ 5191 bzero(&sp->hisauth, sizeof sp->hisauth); 5192 else { 5193 /* setting/changing hisauth */ 5194 sp->hisauth.proto = spr->defs.hisauth.proto; 5195 sp->hisauth.flags = spr->defs.hisauth.flags; 5196 bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5197 if (spr->defs.hisauth.secret[0] != '\0') 5198 bcopy(spr->defs.hisauth.secret, sp->hisauth.secret, 5199 AUTHKEYLEN); 5200 } 5201 /* set LCP restart timer timeout */ 5202 if (spr->defs.lcp.timeout != 0) 5203 sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000; 5204 /* set VJ enable and IPv6 disable flags */ 5205#ifdef INET 5206 if (spr->defs.enable_vj) 5207 sp->confflags |= CONF_ENABLE_VJ; 5208 else 5209 sp->confflags &= ~CONF_ENABLE_VJ; 5210#endif 5211#ifdef INET6 5212 if (spr->defs.enable_ipv6) 5213 sp->confflags |= CONF_ENABLE_IPV6; 5214 else 5215 sp->confflags &= ~CONF_ENABLE_IPV6; 5216#endif 5217 break; 5218 5219 default: 5220 rv = EINVAL; 5221 } 5222 5223 quit: 5224 free(spr, M_TEMP); 5225 5226 return (rv); 5227} 5228 5229static void 5230sppp_phase_network(struct sppp *sp) 5231{ 5232 STDDCL; 5233 int i; 5234 u_long mask; 5235 5236 sp->pp_phase = PHASE_NETWORK; 5237 5238 if (debug) 5239 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5240 sppp_phase_name(sp->pp_phase)); 5241 5242 /* Notify NCPs now. */ 5243 for (i = 0; i < IDX_COUNT; i++) 5244 if ((cps[i])->flags & CP_NCP) 5245 (cps[i])->Open(sp); 5246 5247 /* Send Up events to all NCPs. */ 5248 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5249 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5250 (cps[i])->Up(sp); 5251 5252 /* if no NCP is starting, all this was in vain, close down */ 5253 sppp_lcp_check_and_close(sp); 5254} 5255 5256 5257static const char * 5258sppp_cp_type_name(u_char type) 5259{ 5260 static char buf[12]; 5261 switch (type) { 5262 case CONF_REQ: return "conf-req"; 5263 case CONF_ACK: return "conf-ack"; 5264 case CONF_NAK: return "conf-nak"; 5265 case CONF_REJ: return "conf-rej"; 5266 case TERM_REQ: return "term-req"; 5267 case TERM_ACK: return "term-ack"; 5268 case CODE_REJ: return "code-rej"; 5269 case PROTO_REJ: return "proto-rej"; 5270 case ECHO_REQ: return "echo-req"; 5271 case ECHO_REPLY: return "echo-reply"; 5272 case DISC_REQ: return "discard-req"; 5273 } 5274 snprintf (buf, sizeof(buf), "cp/0x%x", type); 5275 return buf; 5276} 5277 5278static const char * 5279sppp_auth_type_name(u_short proto, u_char type) 5280{ 5281 static char buf[12]; 5282 switch (proto) { 5283 case PPP_CHAP: 5284 switch (type) { 5285 case CHAP_CHALLENGE: return "challenge"; 5286 case CHAP_RESPONSE: return "response"; 5287 case CHAP_SUCCESS: return "success"; 5288 case CHAP_FAILURE: return "failure"; 5289 } 5290 case PPP_PAP: 5291 switch (type) { 5292 case PAP_REQ: return "req"; 5293 case PAP_ACK: return "ack"; 5294 case PAP_NAK: return "nak"; 5295 } 5296 } 5297 snprintf (buf, sizeof(buf), "auth/0x%x", type); 5298 return buf; 5299} 5300 5301static const char * 5302sppp_lcp_opt_name(u_char opt) 5303{ 5304 static char buf[12]; 5305 switch (opt) { 5306 case LCP_OPT_MRU: return "mru"; 5307 case LCP_OPT_ASYNC_MAP: return "async-map"; 5308 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5309 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5310 case LCP_OPT_MAGIC: return "magic"; 5311 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5312 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5313 } 5314 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 5315 return buf; 5316} 5317 5318#ifdef INET 5319static const char * 5320sppp_ipcp_opt_name(u_char opt) 5321{ 5322 static char buf[12]; 5323 switch (opt) { 5324 case IPCP_OPT_ADDRESSES: return "addresses"; 5325 case IPCP_OPT_COMPRESSION: return "compression"; 5326 case IPCP_OPT_ADDRESS: return "address"; 5327 } 5328 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 5329 return buf; 5330} 5331#endif 5332 5333#ifdef INET6 5334static const char * 5335sppp_ipv6cp_opt_name(u_char opt) 5336{ 5337 static char buf[12]; 5338 switch (opt) { 5339 case IPV6CP_OPT_IFID: return "ifid"; 5340 case IPV6CP_OPT_COMPRESSION: return "compression"; 5341 } 5342 sprintf (buf, "0x%x", opt); 5343 return buf; 5344} 5345#endif 5346 5347static const char * 5348sppp_state_name(int state) 5349{ 5350 switch (state) { 5351 case STATE_INITIAL: return "initial"; 5352 case STATE_STARTING: return "starting"; 5353 case STATE_CLOSED: return "closed"; 5354 case STATE_STOPPED: return "stopped"; 5355 case STATE_CLOSING: return "closing"; 5356 case STATE_STOPPING: return "stopping"; 5357 case STATE_REQ_SENT: return "req-sent"; 5358 case STATE_ACK_RCVD: return "ack-rcvd"; 5359 case STATE_ACK_SENT: return "ack-sent"; 5360 case STATE_OPENED: return "opened"; 5361 } 5362 return "illegal"; 5363} 5364 5365static const char * 5366sppp_phase_name(enum ppp_phase phase) 5367{ 5368 switch (phase) { 5369 case PHASE_DEAD: return "dead"; 5370 case PHASE_ESTABLISH: return "establish"; 5371 case PHASE_TERMINATE: return "terminate"; 5372 case PHASE_AUTHENTICATE: return "authenticate"; 5373 case PHASE_NETWORK: return "network"; 5374 } 5375 return "illegal"; 5376} 5377 5378static const char * 5379sppp_proto_name(u_short proto) 5380{ 5381 static char buf[12]; 5382 switch (proto) { 5383 case PPP_LCP: return "lcp"; 5384 case PPP_IPCP: return "ipcp"; 5385 case PPP_PAP: return "pap"; 5386 case PPP_CHAP: return "chap"; 5387 case PPP_IPV6CP: return "ipv6cp"; 5388 } 5389 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5390 return buf; 5391} 5392 5393static void 5394sppp_print_bytes(const u_char *p, u_short len) 5395{ 5396 if (len) 5397 log(-1, " %*D", len, p, "-"); 5398} 5399 5400static void 5401sppp_print_string(const char *p, u_short len) 5402{ 5403 u_char c; 5404 5405 while (len-- > 0) { 5406 c = *p++; 5407 /* 5408 * Print only ASCII chars directly. RFC 1994 recommends 5409 * using only them, but we don't rely on it. */ 5410 if (c < ' ' || c > '~') 5411 log(-1, "\\x%x", c); 5412 else 5413 log(-1, "%c", c); 5414 } 5415} 5416 5417#ifdef INET 5418static const char * 5419sppp_dotted_quad(u_long addr) 5420{ 5421 static char s[16]; 5422 sprintf(s, "%d.%d.%d.%d", 5423 (int)((addr >> 24) & 0xff), 5424 (int)((addr >> 16) & 0xff), 5425 (int)((addr >> 8) & 0xff), 5426 (int)(addr & 0xff)); 5427 return s; 5428} 5429#endif 5430 5431static int 5432sppp_strnlen(u_char *p, int max) 5433{ 5434 int len; 5435 5436 for (len = 0; len < max && *p; ++p) 5437 ++len; 5438 return len; 5439} 5440 5441/* a dummy, used to drop uninteresting events */ 5442static void 5443sppp_null(struct sppp *unused) 5444{ 5445 /* do just nothing */ 5446} 5447