if_spppsubr.c revision 34961
1/* 2 * Synchronous PPP/Cisco link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 * 5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6 * Author: Serge Vakulenko, <vak@cronyx.ru> 7 * 8 * Heavily revamped to conform to RFC 1661. 9 * Copyright (C) 1997, Joerg Wunsch. 10 * 11 * This software is distributed with NO WARRANTIES, not even the implied 12 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13 * 14 * Authors grant any other persons or organisations permission to use 15 * or modify this software as long as this message is kept with the software, 16 * all derivative works or modified versions. 17 * 18 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 19 * 20 * $Id: if_spppsubr.c,v 1.34 1998/03/01 06:01:33 bde Exp $ 21 */ 22 23#include "opt_inet.h" 24#include "opt_ipx.h" 25 26#include <sys/param.h> 27#include <sys/systm.h> 28#include <sys/kernel.h> 29#include <sys/sockio.h> 30#include <sys/socket.h> 31#include <sys/syslog.h> 32#include <machine/random.h> 33#include <sys/malloc.h> 34#include <sys/mbuf.h> 35#include <sys/md5.h> 36 37#include <net/if.h> 38#include <net/netisr.h> 39#include <net/if_types.h> 40 41#include <machine/stdarg.h> 42 43#ifdef INET 44#include <netinet/in.h> 45#include <netinet/in_systm.h> 46#include <netinet/in_var.h> 47#include <netinet/ip.h> 48#include <netinet/tcp.h> 49#include <netinet/if_ether.h> 50#else 51#error Huh? sppp without INET? 52#endif 53 54#ifdef IPX 55#include <netipx/ipx.h> 56#include <netipx/ipx_if.h> 57#endif 58 59#ifdef NS 60#include <netns/ns.h> 61#include <netns/ns_if.h> 62#endif 63 64#ifdef ISO 65#include <netiso/argo_debug.h> 66#include <netiso/iso.h> 67#include <netiso/iso_var.h> 68#include <netiso/iso_snpac.h> 69#endif 70 71#include <net/if_sppp.h> 72 73#define MAXALIVECNT 3 /* max. alive packets */ 74 75/* 76 * Interface flags that can be set in an ifconfig command. 77 * 78 * Setting link0 will make the link passive, i.e. it will be marked 79 * as being administrative openable, but won't be opened to begin 80 * with. Incoming calls will be answered, or subsequent calls with 81 * -link1 will cause the administrative open of the LCP layer. 82 * 83 * Setting link1 will cause the link to auto-dial only as packets 84 * arrive to be sent. 85 * 86 * Setting IFF_DEBUG will syslog the option negotiation and state 87 * transitions at level kern.debug. Note: all logs consistently look 88 * like 89 * 90 * <if-name><unit>: <proto-name> <additional info...> 91 * 92 * with <if-name><unit> being something like "bppp0", and <proto-name> 93 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 94 */ 95 96#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 97#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 98 99#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 100#define PPP_UI 0x03 /* Unnumbered Information */ 101#define PPP_IP 0x0021 /* Internet Protocol */ 102#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 103#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 104#define PPP_IPX 0x002b /* Novell IPX Protocol */ 105#define PPP_LCP 0xc021 /* Link Control Protocol */ 106#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 107#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 108#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 109 110#define CONF_REQ 1 /* PPP configure request */ 111#define CONF_ACK 2 /* PPP configure acknowledge */ 112#define CONF_NAK 3 /* PPP configure negative ack */ 113#define CONF_REJ 4 /* PPP configure reject */ 114#define TERM_REQ 5 /* PPP terminate request */ 115#define TERM_ACK 6 /* PPP terminate acknowledge */ 116#define CODE_REJ 7 /* PPP code reject */ 117#define PROTO_REJ 8 /* PPP protocol reject */ 118#define ECHO_REQ 9 /* PPP echo request */ 119#define ECHO_REPLY 10 /* PPP echo reply */ 120#define DISC_REQ 11 /* PPP discard request */ 121 122#define LCP_OPT_MRU 1 /* maximum receive unit */ 123#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 124#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 125#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 126#define LCP_OPT_MAGIC 5 /* magic number */ 127#define LCP_OPT_RESERVED 6 /* reserved */ 128#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 129#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 130 131#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 132#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 133#define IPCP_OPT_ADDRESS 3 /* local IP address */ 134 135#define PAP_REQ 1 /* PAP name/password request */ 136#define PAP_ACK 2 /* PAP acknowledge */ 137#define PAP_NAK 3 /* PAP fail */ 138 139#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 140#define CHAP_RESPONSE 2 /* CHAP challenge response */ 141#define CHAP_SUCCESS 3 /* CHAP response ok */ 142#define CHAP_FAILURE 4 /* CHAP response failed */ 143 144#define CHAP_MD5 5 /* hash algorithm - MD5 */ 145 146#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 147#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 148#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 149#define CISCO_ADDR_REQ 0 /* Cisco address request */ 150#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 151#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 152 153/* states are named and numbered according to RFC 1661 */ 154#define STATE_INITIAL 0 155#define STATE_STARTING 1 156#define STATE_CLOSED 2 157#define STATE_STOPPED 3 158#define STATE_CLOSING 4 159#define STATE_STOPPING 5 160#define STATE_REQ_SENT 6 161#define STATE_ACK_RCVD 7 162#define STATE_ACK_SENT 8 163#define STATE_OPENED 9 164 165struct ppp_header { 166 u_char address; 167 u_char control; 168 u_short protocol; 169}; 170#define PPP_HEADER_LEN sizeof (struct ppp_header) 171 172struct lcp_header { 173 u_char type; 174 u_char ident; 175 u_short len; 176}; 177#define LCP_HEADER_LEN sizeof (struct lcp_header) 178 179struct cisco_packet { 180 u_long type; 181 u_long par1; 182 u_long par2; 183 u_short rel; 184 u_short time0; 185 u_short time1; 186}; 187#define CISCO_PACKET_LEN 18 188 189/* 190 * We follow the spelling and capitalization of RFC 1661 here, to make 191 * it easier comparing with the standard. Please refer to this RFC in 192 * case you can't make sense out of these abbreviation; it will also 193 * explain the semantics related to the various events and actions. 194 */ 195struct cp { 196 u_short proto; /* PPP control protocol number */ 197 u_char protoidx; /* index into state table in struct sppp */ 198 u_char flags; 199#define CP_LCP 0x01 /* this is the LCP */ 200#define CP_AUTH 0x02 /* this is an authentication protocol */ 201#define CP_NCP 0x04 /* this is a NCP */ 202#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 203 const char *name; /* name of this control protocol */ 204 /* event handlers */ 205 void (*Up)(struct sppp *sp); 206 void (*Down)(struct sppp *sp); 207 void (*Open)(struct sppp *sp); 208 void (*Close)(struct sppp *sp); 209 void (*TO)(void *sp); 210 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 211 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 212 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 213 /* actions */ 214 void (*tlu)(struct sppp *sp); 215 void (*tld)(struct sppp *sp); 216 void (*tls)(struct sppp *sp); 217 void (*tlf)(struct sppp *sp); 218 void (*scr)(struct sppp *sp); 219}; 220 221static struct sppp *spppq; 222static struct callout_handle keepalive_ch; 223 224/* 225 * The following disgusting hack gets around the problem that IP TOS 226 * can't be set yet. We want to put "interactive" traffic on a high 227 * priority queue. To decide if traffic is interactive, we check that 228 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 229 * 230 * XXX is this really still necessary? - joerg - 231 */ 232static u_short interactive_ports[8] = { 233 0, 513, 0, 0, 234 0, 21, 0, 23, 235}; 236#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 237 238/* almost every function needs these */ 239#define STDDCL \ 240 struct ifnet *ifp = &sp->pp_if; \ 241 int debug = ifp->if_flags & IFF_DEBUG 242 243static int sppp_output(struct ifnet *ifp, struct mbuf *m, 244 struct sockaddr *dst, struct rtentry *rt); 245 246static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 247static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 248 249static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 250 struct mbuf *m); 251static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 252 u_char ident, u_short len, void *data); 253static void sppp_cp_timeout(void *arg); 254static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 255 int newstate); 256static void sppp_auth_send(const struct cp *cp, 257 struct sppp *sp, u_char type, u_char id, 258 ...); 259 260static void sppp_up_event(const struct cp *cp, struct sppp *sp); 261static void sppp_down_event(const struct cp *cp, struct sppp *sp); 262static void sppp_open_event(const struct cp *cp, struct sppp *sp); 263static void sppp_close_event(const struct cp *cp, struct sppp *sp); 264static void sppp_to_event(const struct cp *cp, struct sppp *sp); 265 266static void sppp_null(struct sppp *sp); 267 268static void sppp_lcp_init(struct sppp *sp); 269static void sppp_lcp_up(struct sppp *sp); 270static void sppp_lcp_down(struct sppp *sp); 271static void sppp_lcp_open(struct sppp *sp); 272static void sppp_lcp_close(struct sppp *sp); 273static void sppp_lcp_TO(void *sp); 274static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 275static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 276static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 277static void sppp_lcp_tlu(struct sppp *sp); 278static void sppp_lcp_tld(struct sppp *sp); 279static void sppp_lcp_tls(struct sppp *sp); 280static void sppp_lcp_tlf(struct sppp *sp); 281static void sppp_lcp_scr(struct sppp *sp); 282static void sppp_lcp_check_and_close(struct sppp *sp); 283static int sppp_ncp_check(struct sppp *sp); 284 285static void sppp_ipcp_init(struct sppp *sp); 286static void sppp_ipcp_up(struct sppp *sp); 287static void sppp_ipcp_down(struct sppp *sp); 288static void sppp_ipcp_open(struct sppp *sp); 289static void sppp_ipcp_close(struct sppp *sp); 290static void sppp_ipcp_TO(void *sp); 291static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 292static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 293static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 294static void sppp_ipcp_tlu(struct sppp *sp); 295static void sppp_ipcp_tld(struct sppp *sp); 296static void sppp_ipcp_tls(struct sppp *sp); 297static void sppp_ipcp_tlf(struct sppp *sp); 298static void sppp_ipcp_scr(struct sppp *sp); 299 300static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 301static void sppp_pap_init(struct sppp *sp); 302static void sppp_pap_open(struct sppp *sp); 303static void sppp_pap_close(struct sppp *sp); 304static void sppp_pap_TO(void *sp); 305static void sppp_pap_my_TO(void *sp); 306static void sppp_pap_tlu(struct sppp *sp); 307static void sppp_pap_tld(struct sppp *sp); 308static void sppp_pap_scr(struct sppp *sp); 309 310static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 311static void sppp_chap_init(struct sppp *sp); 312static void sppp_chap_open(struct sppp *sp); 313static void sppp_chap_close(struct sppp *sp); 314static void sppp_chap_TO(void *sp); 315static void sppp_chap_tlu(struct sppp *sp); 316static void sppp_chap_tld(struct sppp *sp); 317static void sppp_chap_scr(struct sppp *sp); 318 319static const char *sppp_auth_type_name(u_short proto, u_char type); 320static const char *sppp_cp_type_name(u_char type); 321static const char *sppp_dotted_quad(u_long addr); 322static const char *sppp_ipcp_opt_name(u_char opt); 323static const char *sppp_lcp_opt_name(u_char opt); 324static const char *sppp_phase_name(enum ppp_phase phase); 325static const char *sppp_proto_name(u_short proto); 326static const char *sppp_state_name(int state); 327static int sppp_params(struct sppp *sp, int cmd, void *data); 328static int sppp_strnlen(u_char *p, int max); 329static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 330 u_long *srcmask); 331static void sppp_keepalive(void *dummy); 332static void sppp_phase_network(struct sppp *sp); 333static void sppp_print_bytes(const u_char *p, u_short len); 334static void sppp_print_string(const char *p, u_short len); 335static void sppp_qflush(struct ifqueue *ifq); 336static void sppp_set_ip_addr(struct sppp *sp, u_long src); 337 338/* our control protocol descriptors */ 339static const struct cp lcp = { 340 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 341 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 342 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 343 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 344 sppp_lcp_scr 345}; 346 347static const struct cp ipcp = { 348 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp", 349 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 350 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 351 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 352 sppp_ipcp_scr 353}; 354 355static const struct cp pap = { 356 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 357 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 358 sppp_pap_TO, 0, 0, 0, 359 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 360 sppp_pap_scr 361}; 362 363static const struct cp chap = { 364 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 365 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 366 sppp_chap_TO, 0, 0, 0, 367 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 368 sppp_chap_scr 369}; 370 371static const struct cp *cps[IDX_COUNT] = { 372 &lcp, /* IDX_LCP */ 373 &ipcp, /* IDX_IPCP */ 374 &pap, /* IDX_PAP */ 375 &chap, /* IDX_CHAP */ 376}; 377 378 379/* 380 * Exported functions, comprising our interface to the lower layer. 381 */ 382 383/* 384 * Process the received packet. 385 */ 386void 387sppp_input(struct ifnet *ifp, struct mbuf *m) 388{ 389 struct ppp_header *h; 390 struct ifqueue *inq = 0; 391 int s; 392 struct sppp *sp = (struct sppp *)ifp; 393 int debug = ifp->if_flags & IFF_DEBUG; 394 395 if (ifp->if_flags & IFF_UP) 396 /* Count received bytes, add FCS and one flag */ 397 ifp->if_ibytes += m->m_pkthdr.len + 3; 398 399 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 400 /* Too small packet, drop it. */ 401 if (debug) 402 log(LOG_DEBUG, 403 "%s%d: input packet is too small, %d bytes\n", 404 ifp->if_name, ifp->if_unit, m->m_pkthdr.len); 405 drop: 406 ++ifp->if_ierrors; 407 ++ifp->if_iqdrops; 408 m_freem (m); 409 return; 410 } 411 412 /* Get PPP header. */ 413 h = mtod (m, struct ppp_header*); 414 m_adj (m, PPP_HEADER_LEN); 415 416 switch (h->address) { 417 case PPP_ALLSTATIONS: 418 if (h->control != PPP_UI) 419 goto invalid; 420 if (sp->pp_flags & PP_CISCO) { 421 if (debug) 422 log(LOG_DEBUG, 423 "%s%d: PPP packet in Cisco mode " 424 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 425 ifp->if_name, ifp->if_unit, 426 h->address, h->control, ntohs(h->protocol)); 427 goto drop; 428 } 429 switch (ntohs (h->protocol)) { 430 default: 431 if (sp->state[IDX_LCP] == STATE_OPENED) 432 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 433 ++sp->pp_seq, m->m_pkthdr.len + 2, 434 &h->protocol); 435 if (debug) 436 log(LOG_DEBUG, 437 "%s%d: invalid input protocol " 438 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 439 ifp->if_name, ifp->if_unit, 440 h->address, h->control, ntohs(h->protocol)); 441 ++ifp->if_noproto; 442 goto drop; 443 case PPP_LCP: 444 sppp_cp_input(&lcp, sp, m); 445 m_freem (m); 446 return; 447 case PPP_PAP: 448 if (sp->pp_phase >= PHASE_AUTHENTICATE) 449 sppp_pap_input(sp, m); 450 m_freem (m); 451 return; 452 case PPP_CHAP: 453 if (sp->pp_phase >= PHASE_AUTHENTICATE) 454 sppp_chap_input(sp, m); 455 m_freem (m); 456 return; 457#ifdef INET 458 case PPP_IPCP: 459 if (sp->pp_phase == PHASE_NETWORK) 460 sppp_cp_input(&ipcp, sp, m); 461 m_freem (m); 462 return; 463 case PPP_IP: 464 if (sp->state[IDX_IPCP] == STATE_OPENED) { 465 schednetisr (NETISR_IP); 466 inq = &ipintrq; 467 } 468 break; 469#endif 470#ifdef IPX 471 case PPP_IPX: 472 /* IPX IPXCP not implemented yet */ 473 if (sp->pp_phase == PHASE_NETWORK) { 474 schednetisr (NETISR_IPX); 475 inq = &ipxintrq; 476 } 477 break; 478#endif 479#ifdef NS 480 case PPP_XNS: 481 /* XNS IDPCP not implemented yet */ 482 if (sp->pp_phase == PHASE_NETWORK) { 483 schednetisr (NETISR_NS); 484 inq = &nsintrq; 485 } 486 break; 487#endif 488#ifdef ISO 489 case PPP_ISO: 490 /* OSI NLCP not implemented yet */ 491 if (sp->pp_phase == PHASE_NETWORK) { 492 schednetisr (NETISR_ISO); 493 inq = &clnlintrq; 494 } 495 break; 496#endif 497 } 498 break; 499 case CISCO_MULTICAST: 500 case CISCO_UNICAST: 501 /* Don't check the control field here (RFC 1547). */ 502 if (! (sp->pp_flags & PP_CISCO)) { 503 if (debug) 504 log(LOG_DEBUG, 505 "%s%d: Cisco packet in PPP mode " 506 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 507 ifp->if_name, ifp->if_unit, 508 h->address, h->control, ntohs(h->protocol)); 509 goto drop; 510 } 511 switch (ntohs (h->protocol)) { 512 default: 513 ++ifp->if_noproto; 514 goto invalid; 515 case CISCO_KEEPALIVE: 516 sppp_cisco_input ((struct sppp*) ifp, m); 517 m_freem (m); 518 return; 519#ifdef INET 520 case ETHERTYPE_IP: 521 schednetisr (NETISR_IP); 522 inq = &ipintrq; 523 break; 524#endif 525#ifdef IPX 526 case ETHERTYPE_IPX: 527 schednetisr (NETISR_IPX); 528 inq = &ipxintrq; 529 break; 530#endif 531#ifdef NS 532 case ETHERTYPE_NS: 533 schednetisr (NETISR_NS); 534 inq = &nsintrq; 535 break; 536#endif 537 } 538 break; 539 default: /* Invalid PPP packet. */ 540 invalid: 541 if (debug) 542 log(LOG_DEBUG, 543 "%s%d: invalid input packet " 544 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 545 ifp->if_name, ifp->if_unit, 546 h->address, h->control, ntohs(h->protocol)); 547 goto drop; 548 } 549 550 if (! (ifp->if_flags & IFF_UP) || ! inq) 551 goto drop; 552 553 /* Check queue. */ 554 s = splimp(); 555 if (IF_QFULL (inq)) { 556 /* Queue overflow. */ 557 IF_DROP(inq); 558 splx(s); 559 if (debug) 560 log(LOG_DEBUG, "%s%d: protocol queue overflow\n", 561 ifp->if_name, ifp->if_unit); 562 goto drop; 563 } 564 IF_ENQUEUE(inq, m); 565 splx(s); 566} 567 568/* 569 * Enqueue transmit packet. 570 */ 571static int 572sppp_output(struct ifnet *ifp, struct mbuf *m, 573 struct sockaddr *dst, struct rtentry *rt) 574{ 575 struct sppp *sp = (struct sppp*) ifp; 576 struct ppp_header *h; 577 struct ifqueue *ifq; 578 int s, rv = 0; 579 580 s = splimp(); 581 582 if ((ifp->if_flags & IFF_UP) == 0 || 583 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 584 m_freem (m); 585 splx (s); 586 return (ENETDOWN); 587 } 588 589 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 590 /* 591 * Interface is not yet running, but auto-dial. Need 592 * to start LCP for it. 593 */ 594 ifp->if_flags |= IFF_RUNNING; 595 splx(s); 596 lcp.Open(sp); 597 s = splimp(); 598 } 599 600 ifq = &ifp->if_snd; 601#ifdef INET 602 /* 603 * Put low delay, telnet, rlogin and ftp control packets 604 * in front of the queue. 605 */ 606 if (dst->sa_family == AF_INET) { 607 struct ip *ip = mtod (m, struct ip*); 608 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 609 610 if (! IF_QFULL (&sp->pp_fastq) && 611 ((ip->ip_tos & IPTOS_LOWDELAY) || 612 ip->ip_p == IPPROTO_TCP && 613 m->m_len >= sizeof (struct ip) + sizeof (struct tcphdr) && 614 (INTERACTIVE (ntohs (tcp->th_sport)) || 615 INTERACTIVE (ntohs (tcp->th_dport))))) 616 ifq = &sp->pp_fastq; 617 } 618#endif 619 620 /* 621 * Prepend general data packet PPP header. For now, IP only. 622 */ 623 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 624 if (! m) { 625 if (ifp->if_flags & IFF_DEBUG) 626 log(LOG_DEBUG, "%s%d: no memory for transmit header\n", 627 ifp->if_name, ifp->if_unit); 628 ++ifp->if_oerrors; 629 splx (s); 630 return (ENOBUFS); 631 } 632 h = mtod (m, struct ppp_header*); 633 if (sp->pp_flags & PP_CISCO) { 634 h->address = CISCO_UNICAST; /* unicast address */ 635 h->control = 0; 636 } else { 637 h->address = PPP_ALLSTATIONS; /* broadcast address */ 638 h->control = PPP_UI; /* Unnumbered Info */ 639 } 640 641 switch (dst->sa_family) { 642#ifdef INET 643 case AF_INET: /* Internet Protocol */ 644 if (sp->pp_flags & PP_CISCO) 645 h->protocol = htons (ETHERTYPE_IP); 646 else { 647 /* 648 * Don't choke with an ENETDOWN early. It's 649 * possible that we just started dialing out, 650 * so don't drop the packet immediately. If 651 * we notice that we run out of buffer space 652 * below, we will however remember that we are 653 * not ready to carry IP packets, and return 654 * ENETDOWN, as opposed to ENOBUFS. 655 */ 656 h->protocol = htons(PPP_IP); 657 if (sp->state[IDX_IPCP] != STATE_OPENED) 658 rv = ENETDOWN; 659 } 660 break; 661#endif 662#ifdef NS 663 case AF_NS: /* Xerox NS Protocol */ 664 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 665 ETHERTYPE_NS : PPP_XNS); 666 break; 667#endif 668#ifdef IPX 669 case AF_IPX: /* Novell IPX Protocol */ 670 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 671 ETHERTYPE_IPX : PPP_IPX); 672 break; 673#endif 674#ifdef ISO 675 case AF_ISO: /* ISO OSI Protocol */ 676 if (sp->pp_flags & PP_CISCO) 677 goto nosupport; 678 h->protocol = htons (PPP_ISO); 679 break; 680nosupport: 681#endif 682 default: 683 m_freem (m); 684 ++ifp->if_oerrors; 685 splx (s); 686 return (EAFNOSUPPORT); 687 } 688 689 /* 690 * Queue message on interface, and start output if interface 691 * not yet active. 692 */ 693 if (IF_QFULL (ifq)) { 694 IF_DROP (&ifp->if_snd); 695 m_freem (m); 696 ++ifp->if_oerrors; 697 splx (s); 698 return (rv? rv: ENOBUFS); 699 } 700 IF_ENQUEUE (ifq, m); 701 if (! (ifp->if_flags & IFF_OACTIVE)) 702 (*ifp->if_start) (ifp); 703 704 /* 705 * Count output packets and bytes. 706 * The packet length includes header, FCS and 1 flag, 707 * according to RFC 1333. 708 */ 709 ifp->if_obytes += m->m_pkthdr.len + 3; 710 splx (s); 711 return (0); 712} 713 714void 715sppp_attach(struct ifnet *ifp) 716{ 717 struct sppp *sp = (struct sppp*) ifp; 718 719 /* Initialize keepalive handler. */ 720 if (! spppq) 721 keepalive_ch = timeout(sppp_keepalive, 0, hz * 10); 722 723 /* Insert new entry into the keepalive list. */ 724 sp->pp_next = spppq; 725 spppq = sp; 726 727 sp->pp_if.if_type = IFT_PPP; 728 sp->pp_if.if_output = sppp_output; 729 sp->pp_fastq.ifq_maxlen = 32; 730 sp->pp_cpq.ifq_maxlen = 20; 731 sp->pp_loopcnt = 0; 732 sp->pp_alivecnt = 0; 733 sp->pp_seq = 0; 734 sp->pp_rseq = 0; 735 sp->pp_phase = PHASE_DEAD; 736 sp->pp_up = lcp.Up; 737 sp->pp_down = lcp.Down; 738 739 sppp_lcp_init(sp); 740 sppp_ipcp_init(sp); 741 sppp_pap_init(sp); 742 sppp_chap_init(sp); 743} 744 745void 746sppp_detach(struct ifnet *ifp) 747{ 748 struct sppp **q, *p, *sp = (struct sppp*) ifp; 749 int i; 750 751 /* Remove the entry from the keepalive list. */ 752 for (q = &spppq; (p = *q); q = &p->pp_next) 753 if (p == sp) { 754 *q = p->pp_next; 755 break; 756 } 757 758 /* Stop keepalive handler. */ 759 if (! spppq) 760 untimeout(sppp_keepalive, 0, keepalive_ch); 761 762 for (i = 0; i < IDX_COUNT; i++) 763 untimeout((cps[i])->TO, (void *)sp, sp->ch[i]); 764 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 765} 766 767/* 768 * Flush the interface output queue. 769 */ 770void 771sppp_flush(struct ifnet *ifp) 772{ 773 struct sppp *sp = (struct sppp*) ifp; 774 775 sppp_qflush (&sp->pp_if.if_snd); 776 sppp_qflush (&sp->pp_fastq); 777 sppp_qflush (&sp->pp_cpq); 778} 779 780/* 781 * Check if the output queue is empty. 782 */ 783int 784sppp_isempty(struct ifnet *ifp) 785{ 786 struct sppp *sp = (struct sppp*) ifp; 787 int empty, s; 788 789 s = splimp(); 790 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 791 !sp->pp_if.if_snd.ifq_head; 792 splx(s); 793 return (empty); 794} 795 796/* 797 * Get next packet to send. 798 */ 799struct mbuf * 800sppp_dequeue(struct ifnet *ifp) 801{ 802 struct sppp *sp = (struct sppp*) ifp; 803 struct mbuf *m; 804 int s; 805 806 s = splimp(); 807 /* 808 * Process only the control protocol queue until we have at 809 * least one NCP open. 810 * 811 * Do always serve all three queues in Cisco mode. 812 */ 813 IF_DEQUEUE(&sp->pp_cpq, m); 814 if (m == NULL && 815 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) { 816 IF_DEQUEUE(&sp->pp_fastq, m); 817 if (m == NULL) 818 IF_DEQUEUE (&sp->pp_if.if_snd, m); 819 } 820 splx(s); 821 return m; 822} 823 824/* 825 * Pick the next packet, do not remove it from the queue. 826 */ 827struct mbuf * 828sppp_pick(struct ifnet *ifp) 829{ 830 struct sppp *sp = (struct sppp*)ifp; 831 struct mbuf *m; 832 int s; 833 834 s= splimp (); 835 836 m = sp->pp_cpq.ifq_head; 837 if (m == NULL && 838 (sp->pp_phase == PHASE_NETWORK || 839 (sp->pp_flags & PP_CISCO) != 0)) 840 if ((m = sp->pp_fastq.ifq_head) == NULL) 841 m = sp->pp_if.if_snd.ifq_head; 842 splx (s); 843 return (m); 844} 845 846/* 847 * Process an ioctl request. Called on low priority level. 848 */ 849int 850sppp_ioctl(struct ifnet *ifp, int cmd, void *data) 851{ 852 struct ifreq *ifr = (struct ifreq*) data; 853 struct sppp *sp = (struct sppp*) ifp; 854 int s, rv, going_up, going_down, newmode; 855 856 s = splimp(); 857 rv = 0; 858 switch (cmd) { 859 case SIOCAIFADDR: 860 case SIOCSIFDSTADDR: 861 break; 862 863 case SIOCSIFADDR: 864 if_up(ifp); 865 /* fall through... */ 866 867 case SIOCSIFFLAGS: 868 going_up = ifp->if_flags & IFF_UP && 869 (ifp->if_flags & IFF_RUNNING) == 0; 870 going_down = (ifp->if_flags & IFF_UP) == 0 && 871 ifp->if_flags & IFF_RUNNING; 872 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 873 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 874 /* sanity */ 875 newmode = IFF_PASSIVE; 876 ifp->if_flags &= ~IFF_AUTO; 877 } 878 879 if (going_up || going_down) 880 lcp.Close(sp); 881 if (going_up && newmode == 0) { 882 /* neither auto-dial nor passive */ 883 ifp->if_flags |= IFF_RUNNING; 884 if (!(sp->pp_flags & PP_CISCO)) 885 lcp.Open(sp); 886 } else if (going_down) { 887 sppp_flush(ifp); 888 ifp->if_flags &= ~IFF_RUNNING; 889 } 890 891 break; 892 893#ifdef SIOCSIFMTU 894#ifndef ifr_mtu 895#define ifr_mtu ifr_metric 896#endif 897 case SIOCSIFMTU: 898 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 899 return (EINVAL); 900 ifp->if_mtu = ifr->ifr_mtu; 901 break; 902#endif 903#ifdef SLIOCSETMTU 904 case SLIOCSETMTU: 905 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 906 return (EINVAL); 907 ifp->if_mtu = *(short*)data; 908 break; 909#endif 910#ifdef SIOCGIFMTU 911 case SIOCGIFMTU: 912 ifr->ifr_mtu = ifp->if_mtu; 913 break; 914#endif 915#ifdef SLIOCGETMTU 916 case SLIOCGETMTU: 917 *(short*)data = ifp->if_mtu; 918 break; 919#endif 920 case SIOCADDMULTI: 921 case SIOCDELMULTI: 922 break; 923 924 case SIOCGIFGENERIC: 925 case SIOCSIFGENERIC: 926 rv = sppp_params(sp, cmd, data); 927 break; 928 929 default: 930 rv = ENOTTY; 931 } 932 splx(s); 933 return rv; 934} 935 936 937/* 938 * Cisco framing implementation. 939 */ 940 941/* 942 * Handle incoming Cisco keepalive protocol packets. 943 */ 944static void 945sppp_cisco_input(struct sppp *sp, struct mbuf *m) 946{ 947 STDDCL; 948 struct cisco_packet *h; 949 u_long me, mymask; 950 951 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 952 if (debug) 953 log(LOG_DEBUG, 954 "%s%d: cisco invalid packet length: %d bytes\n", 955 ifp->if_name, ifp->if_unit, m->m_pkthdr.len); 956 return; 957 } 958 h = mtod (m, struct cisco_packet*); 959 if (debug) 960 log(LOG_DEBUG, 961 "%s%d: cisco input: %d bytes " 962 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 963 ifp->if_name, ifp->if_unit, m->m_pkthdr.len, 964 ntohl (h->type), h->par1, h->par2, h->rel, 965 h->time0, h->time1); 966 switch (ntohl (h->type)) { 967 default: 968 if (debug) 969 addlog("%s%d: cisco unknown packet type: 0x%lx\n", 970 ifp->if_name, ifp->if_unit, ntohl (h->type)); 971 break; 972 case CISCO_ADDR_REPLY: 973 /* Reply on address request, ignore */ 974 break; 975 case CISCO_KEEPALIVE_REQ: 976 sp->pp_alivecnt = 0; 977 sp->pp_rseq = ntohl (h->par1); 978 if (sp->pp_seq == sp->pp_rseq) { 979 /* Local and remote sequence numbers are equal. 980 * Probably, the line is in loopback mode. */ 981 if (sp->pp_loopcnt >= MAXALIVECNT) { 982 printf ("%s%d: loopback\n", 983 ifp->if_name, ifp->if_unit); 984 sp->pp_loopcnt = 0; 985 if (ifp->if_flags & IFF_UP) { 986 if_down (ifp); 987 sppp_qflush (&sp->pp_cpq); 988 } 989 } 990 ++sp->pp_loopcnt; 991 992 /* Generate new local sequence number */ 993 read_random((char*)&sp->pp_seq, sizeof sp->pp_seq); 994 break; 995 } 996 sp->pp_loopcnt = 0; 997 if (! (ifp->if_flags & IFF_UP) && 998 (ifp->if_flags & IFF_RUNNING)) { 999 if_up(ifp); 1000 printf ("%s%d: up\n", ifp->if_name, ifp->if_unit); 1001 } 1002 break; 1003 case CISCO_ADDR_REQ: 1004 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1005 if (me != 0L) 1006 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1007 break; 1008 } 1009} 1010 1011/* 1012 * Send Cisco keepalive packet. 1013 */ 1014static void 1015sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1016{ 1017 STDDCL; 1018 struct ppp_header *h; 1019 struct cisco_packet *ch; 1020 struct mbuf *m; 1021 u_long t = (time_second - boottime.tv_sec) * 1000; 1022 1023 MGETHDR (m, M_DONTWAIT, MT_DATA); 1024 if (! m) 1025 return; 1026 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1027 m->m_pkthdr.rcvif = 0; 1028 1029 h = mtod (m, struct ppp_header*); 1030 h->address = CISCO_MULTICAST; 1031 h->control = 0; 1032 h->protocol = htons (CISCO_KEEPALIVE); 1033 1034 ch = (struct cisco_packet*) (h + 1); 1035 ch->type = htonl (type); 1036 ch->par1 = htonl (par1); 1037 ch->par2 = htonl (par2); 1038 ch->rel = -1; 1039 ch->time0 = htons ((u_short) (t >> 16)); 1040 ch->time1 = htons ((u_short) t); 1041 1042 if (debug) 1043 log(LOG_DEBUG, 1044 "%s%d: cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1045 ifp->if_name, ifp->if_unit, ntohl (ch->type), ch->par1, 1046 ch->par2, ch->rel, ch->time0, ch->time1); 1047 1048 if (IF_QFULL (&sp->pp_cpq)) { 1049 IF_DROP (&sp->pp_fastq); 1050 IF_DROP (&ifp->if_snd); 1051 m_freem (m); 1052 } else 1053 IF_ENQUEUE (&sp->pp_cpq, m); 1054 if (! (ifp->if_flags & IFF_OACTIVE)) 1055 (*ifp->if_start) (ifp); 1056 ifp->if_obytes += m->m_pkthdr.len + 3; 1057} 1058 1059/* 1060 * PPP protocol implementation. 1061 */ 1062 1063/* 1064 * Send PPP control protocol packet. 1065 */ 1066static void 1067sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1068 u_char ident, u_short len, void *data) 1069{ 1070 STDDCL; 1071 struct ppp_header *h; 1072 struct lcp_header *lh; 1073 struct mbuf *m; 1074 1075 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1076 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1077 MGETHDR (m, M_DONTWAIT, MT_DATA); 1078 if (! m) 1079 return; 1080 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1081 m->m_pkthdr.rcvif = 0; 1082 1083 h = mtod (m, struct ppp_header*); 1084 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1085 h->control = PPP_UI; /* Unnumbered Info */ 1086 h->protocol = htons (proto); /* Link Control Protocol */ 1087 1088 lh = (struct lcp_header*) (h + 1); 1089 lh->type = type; 1090 lh->ident = ident; 1091 lh->len = htons (LCP_HEADER_LEN + len); 1092 if (len) 1093 bcopy (data, lh+1, len); 1094 1095 if (debug) { 1096 log(LOG_DEBUG, "%s%d: %s output <%s id=0x%x len=%d", 1097 ifp->if_name, ifp->if_unit, 1098 sppp_proto_name(proto), 1099 sppp_cp_type_name (lh->type), lh->ident, 1100 ntohs (lh->len)); 1101 if (len) 1102 sppp_print_bytes ((u_char*) (lh+1), len); 1103 addlog(">\n"); 1104 } 1105 if (IF_QFULL (&sp->pp_cpq)) { 1106 IF_DROP (&sp->pp_fastq); 1107 IF_DROP (&ifp->if_snd); 1108 m_freem (m); 1109 ++ifp->if_oerrors; 1110 } else 1111 IF_ENQUEUE (&sp->pp_cpq, m); 1112 if (! (ifp->if_flags & IFF_OACTIVE)) 1113 (*ifp->if_start) (ifp); 1114 ifp->if_obytes += m->m_pkthdr.len + 3; 1115} 1116 1117/* 1118 * Handle incoming PPP control protocol packets. 1119 */ 1120static void 1121sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1122{ 1123 STDDCL; 1124 struct lcp_header *h; 1125 int len = m->m_pkthdr.len; 1126 int rv; 1127 u_char *p; 1128 1129 if (len < 4) { 1130 if (debug) 1131 log(LOG_DEBUG, 1132 "%s%d: %s invalid packet length: %d bytes\n", 1133 ifp->if_name, ifp->if_unit, cp->name, len); 1134 return; 1135 } 1136 h = mtod (m, struct lcp_header*); 1137 if (debug) { 1138 log(LOG_DEBUG, 1139 "%s%d: %s input(%s): <%s id=0x%x len=%d", 1140 ifp->if_name, ifp->if_unit, cp->name, 1141 sppp_state_name(sp->state[cp->protoidx]), 1142 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1143 if (len > 4) 1144 sppp_print_bytes ((u_char*) (h+1), len-4); 1145 addlog(">\n"); 1146 } 1147 if (len > ntohs (h->len)) 1148 len = ntohs (h->len); 1149 p = (u_char *)(h + 1); 1150 switch (h->type) { 1151 case CONF_REQ: 1152 if (len < 4) { 1153 if (debug) 1154 addlog("%s%d: %s invalid conf-req length %d\n", 1155 ifp->if_name, ifp->if_unit, cp->name, 1156 len); 1157 ++ifp->if_ierrors; 1158 break; 1159 } 1160 /* handle states where RCR doesn't get a SCA/SCN */ 1161 switch (sp->state[cp->protoidx]) { 1162 case STATE_CLOSING: 1163 case STATE_STOPPING: 1164 return; 1165 case STATE_CLOSED: 1166 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1167 0, 0); 1168 return; 1169 } 1170 rv = (cp->RCR)(sp, h, len); 1171 switch (sp->state[cp->protoidx]) { 1172 case STATE_OPENED: 1173 (cp->tld)(sp); 1174 (cp->scr)(sp); 1175 /* fall through... */ 1176 case STATE_ACK_SENT: 1177 case STATE_REQ_SENT: 1178 sppp_cp_change_state(cp, sp, rv? 1179 STATE_ACK_SENT: STATE_REQ_SENT); 1180 break; 1181 case STATE_STOPPED: 1182 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1183 (cp->scr)(sp); 1184 sppp_cp_change_state(cp, sp, rv? 1185 STATE_ACK_SENT: STATE_REQ_SENT); 1186 break; 1187 case STATE_ACK_RCVD: 1188 if (rv) { 1189 sppp_cp_change_state(cp, sp, STATE_OPENED); 1190 if (debug) 1191 log(LOG_DEBUG, "%s%d: %s tlu\n", 1192 ifp->if_name, ifp->if_unit, 1193 cp->name); 1194 (cp->tlu)(sp); 1195 } else 1196 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1197 break; 1198 default: 1199 printf("%s%d: %s illegal %s in state %s\n", 1200 ifp->if_name, ifp->if_unit, cp->name, 1201 sppp_cp_type_name(h->type), 1202 sppp_state_name(sp->state[cp->protoidx])); 1203 ++ifp->if_ierrors; 1204 } 1205 break; 1206 case CONF_ACK: 1207 if (h->ident != sp->confid[cp->protoidx]) { 1208 if (debug) 1209 addlog("%s%d: %s id mismatch 0x%x != 0x%x\n", 1210 ifp->if_name, ifp->if_unit, cp->name, 1211 h->ident, sp->confid[cp->protoidx]); 1212 ++ifp->if_ierrors; 1213 break; 1214 } 1215 switch (sp->state[cp->protoidx]) { 1216 case STATE_CLOSED: 1217 case STATE_STOPPED: 1218 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1219 break; 1220 case STATE_CLOSING: 1221 case STATE_STOPPING: 1222 break; 1223 case STATE_REQ_SENT: 1224 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1225 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1226 break; 1227 case STATE_OPENED: 1228 (cp->tld)(sp); 1229 /* fall through */ 1230 case STATE_ACK_RCVD: 1231 (cp->scr)(sp); 1232 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1233 break; 1234 case STATE_ACK_SENT: 1235 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1236 sppp_cp_change_state(cp, sp, STATE_OPENED); 1237 if (debug) 1238 log(LOG_DEBUG, "%s%d: %s tlu\n", 1239 ifp->if_name, ifp->if_unit, cp->name); 1240 (cp->tlu)(sp); 1241 break; 1242 default: 1243 printf("%s%d: %s illegal %s in state %s\n", 1244 ifp->if_name, ifp->if_unit, cp->name, 1245 sppp_cp_type_name(h->type), 1246 sppp_state_name(sp->state[cp->protoidx])); 1247 ++ifp->if_ierrors; 1248 } 1249 break; 1250 case CONF_NAK: 1251 case CONF_REJ: 1252 if (h->ident != sp->confid[cp->protoidx]) { 1253 if (debug) 1254 addlog("%s%d: %s id mismatch 0x%x != 0x%x\n", 1255 ifp->if_name, ifp->if_unit, cp->name, 1256 h->ident, sp->confid[cp->protoidx]); 1257 ++ifp->if_ierrors; 1258 break; 1259 } 1260 if (h->type == CONF_NAK) 1261 (cp->RCN_nak)(sp, h, len); 1262 else /* CONF_REJ */ 1263 (cp->RCN_rej)(sp, h, len); 1264 1265 switch (sp->state[cp->protoidx]) { 1266 case STATE_CLOSED: 1267 case STATE_STOPPED: 1268 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1269 break; 1270 case STATE_REQ_SENT: 1271 case STATE_ACK_SENT: 1272 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1273 (cp->scr)(sp); 1274 break; 1275 case STATE_OPENED: 1276 (cp->tld)(sp); 1277 /* fall through */ 1278 case STATE_ACK_RCVD: 1279 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1280 (cp->scr)(sp); 1281 break; 1282 case STATE_CLOSING: 1283 case STATE_STOPPING: 1284 break; 1285 default: 1286 printf("%s%d: %s illegal %s in state %s\n", 1287 ifp->if_name, ifp->if_unit, cp->name, 1288 sppp_cp_type_name(h->type), 1289 sppp_state_name(sp->state[cp->protoidx])); 1290 ++ifp->if_ierrors; 1291 } 1292 break; 1293 1294 case TERM_REQ: 1295 switch (sp->state[cp->protoidx]) { 1296 case STATE_ACK_RCVD: 1297 case STATE_ACK_SENT: 1298 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1299 /* fall through */ 1300 case STATE_CLOSED: 1301 case STATE_STOPPED: 1302 case STATE_CLOSING: 1303 case STATE_STOPPING: 1304 case STATE_REQ_SENT: 1305 sta: 1306 /* Send Terminate-Ack packet. */ 1307 if (debug) 1308 log(LOG_DEBUG, "%s%d: %s send terminate-ack\n", 1309 ifp->if_name, ifp->if_unit, cp->name); 1310 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1311 break; 1312 case STATE_OPENED: 1313 (cp->tld)(sp); 1314 sp->rst_counter[cp->protoidx] = 0; 1315 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1316 goto sta; 1317 break; 1318 default: 1319 printf("%s%d: %s illegal %s in state %s\n", 1320 ifp->if_name, ifp->if_unit, cp->name, 1321 sppp_cp_type_name(h->type), 1322 sppp_state_name(sp->state[cp->protoidx])); 1323 ++ifp->if_ierrors; 1324 } 1325 break; 1326 case TERM_ACK: 1327 switch (sp->state[cp->protoidx]) { 1328 case STATE_CLOSED: 1329 case STATE_STOPPED: 1330 case STATE_REQ_SENT: 1331 case STATE_ACK_SENT: 1332 break; 1333 case STATE_CLOSING: 1334 (cp->tlf)(sp); 1335 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1336 break; 1337 case STATE_STOPPING: 1338 (cp->tlf)(sp); 1339 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1340 break; 1341 case STATE_ACK_RCVD: 1342 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1343 break; 1344 case STATE_OPENED: 1345 (cp->tld)(sp); 1346 (cp->scr)(sp); 1347 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1348 break; 1349 default: 1350 printf("%s%d: %s illegal %s in state %s\n", 1351 ifp->if_name, ifp->if_unit, cp->name, 1352 sppp_cp_type_name(h->type), 1353 sppp_state_name(sp->state[cp->protoidx])); 1354 ++ifp->if_ierrors; 1355 } 1356 break; 1357 case CODE_REJ: 1358 case PROTO_REJ: 1359 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1360 log(LOG_INFO, 1361 "%s%d: %s: ignoring RXJ (%s) for proto 0x%x, " 1362 "danger will robinson\n", 1363 ifp->if_name, ifp->if_unit, cp->name, 1364 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1365 switch (sp->state[cp->protoidx]) { 1366 case STATE_CLOSED: 1367 case STATE_STOPPED: 1368 case STATE_REQ_SENT: 1369 case STATE_ACK_SENT: 1370 case STATE_CLOSING: 1371 case STATE_STOPPING: 1372 case STATE_OPENED: 1373 break; 1374 case STATE_ACK_RCVD: 1375 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1376 break; 1377 default: 1378 printf("%s%d: %s illegal %s in state %s\n", 1379 ifp->if_name, ifp->if_unit, cp->name, 1380 sppp_cp_type_name(h->type), 1381 sppp_state_name(sp->state[cp->protoidx])); 1382 ++ifp->if_ierrors; 1383 } 1384 break; 1385 case DISC_REQ: 1386 if (cp->proto != PPP_LCP) 1387 goto illegal; 1388 /* Discard the packet. */ 1389 break; 1390 case ECHO_REQ: 1391 if (cp->proto != PPP_LCP) 1392 goto illegal; 1393 if (sp->state[cp->protoidx] != STATE_OPENED) { 1394 if (debug) 1395 addlog("%s%d: lcp echo req but lcp closed\n", 1396 ifp->if_name, ifp->if_unit); 1397 ++ifp->if_ierrors; 1398 break; 1399 } 1400 if (len < 8) { 1401 if (debug) 1402 addlog("%s%d: invalid lcp echo request " 1403 "packet length: %d bytes\n", 1404 ifp->if_name, ifp->if_unit, len); 1405 break; 1406 } 1407 if (ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1408 /* Line loopback mode detected. */ 1409 printf("%s%d: loopback\n", ifp->if_name, ifp->if_unit); 1410 if_down (ifp); 1411 sppp_qflush (&sp->pp_cpq); 1412 1413 /* Shut down the PPP link. */ 1414 /* XXX */ 1415 lcp.Down(sp); 1416 lcp.Up(sp); 1417 break; 1418 } 1419 *(long*)(h+1) = htonl (sp->lcp.magic); 1420 if (debug) 1421 addlog("%s%d: got lcp echo req, sending echo rep\n", 1422 ifp->if_name, ifp->if_unit); 1423 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1424 break; 1425 case ECHO_REPLY: 1426 if (cp->proto != PPP_LCP) 1427 goto illegal; 1428 if (h->ident != sp->lcp.echoid) { 1429 ++ifp->if_ierrors; 1430 break; 1431 } 1432 if (len < 8) { 1433 if (debug) 1434 addlog("%s%d: lcp invalid echo reply " 1435 "packet length: %d bytes\n", 1436 ifp->if_name, ifp->if_unit, len); 1437 break; 1438 } 1439 if (debug) 1440 addlog("%s%d: lcp got echo rep\n", 1441 ifp->if_name, ifp->if_unit); 1442 if (ntohl (*(long*)(h+1)) != sp->lcp.magic) 1443 sp->pp_alivecnt = 0; 1444 break; 1445 default: 1446 /* Unknown packet type -- send Code-Reject packet. */ 1447 illegal: 1448 if (debug) 1449 addlog("%s%d: %c send code-rej for 0x%x\n", 1450 ifp->if_name, ifp->if_unit, cp->name, h->type); 1451 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq, 1452 m->m_pkthdr.len, h); 1453 ++ifp->if_ierrors; 1454 } 1455} 1456 1457 1458/* 1459 * The generic part of all Up/Down/Open/Close/TO event handlers. 1460 * Basically, the state transition handling in the automaton. 1461 */ 1462static void 1463sppp_up_event(const struct cp *cp, struct sppp *sp) 1464{ 1465 STDDCL; 1466 1467 if (debug) 1468 log(LOG_DEBUG, "%s%d: %s up(%s)\n", 1469 ifp->if_name, ifp->if_unit, cp->name, 1470 sppp_state_name(sp->state[cp->protoidx])); 1471 1472 switch (sp->state[cp->protoidx]) { 1473 case STATE_INITIAL: 1474 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1475 break; 1476 case STATE_STARTING: 1477 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1478 (cp->scr)(sp); 1479 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1480 break; 1481 default: 1482 printf("%s%d: %s illegal up in state %s\n", 1483 ifp->if_name, ifp->if_unit, cp->name, 1484 sppp_state_name(sp->state[cp->protoidx])); 1485 } 1486} 1487 1488static void 1489sppp_down_event(const struct cp *cp, struct sppp *sp) 1490{ 1491 STDDCL; 1492 1493 if (debug) 1494 log(LOG_DEBUG, "%s%d: %s down(%s)\n", 1495 ifp->if_name, ifp->if_unit, cp->name, 1496 sppp_state_name(sp->state[cp->protoidx])); 1497 1498 switch (sp->state[cp->protoidx]) { 1499 case STATE_CLOSED: 1500 case STATE_CLOSING: 1501 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1502 break; 1503 case STATE_STOPPED: 1504 (cp->tls)(sp); 1505 /* fall through */ 1506 case STATE_STOPPING: 1507 case STATE_REQ_SENT: 1508 case STATE_ACK_RCVD: 1509 case STATE_ACK_SENT: 1510 sppp_cp_change_state(cp, sp, STATE_STARTING); 1511 break; 1512 case STATE_OPENED: 1513 (cp->tld)(sp); 1514 sppp_cp_change_state(cp, sp, STATE_STARTING); 1515 break; 1516 default: 1517 printf("%s%d: %s illegal down in state %s\n", 1518 ifp->if_name, ifp->if_unit, cp->name, 1519 sppp_state_name(sp->state[cp->protoidx])); 1520 } 1521} 1522 1523 1524static void 1525sppp_open_event(const struct cp *cp, struct sppp *sp) 1526{ 1527 STDDCL; 1528 1529 if (debug) 1530 log(LOG_DEBUG, "%s%d: %s open(%s)\n", 1531 ifp->if_name, ifp->if_unit, cp->name, 1532 sppp_state_name(sp->state[cp->protoidx])); 1533 1534 switch (sp->state[cp->protoidx]) { 1535 case STATE_INITIAL: 1536 (cp->tls)(sp); 1537 sppp_cp_change_state(cp, sp, STATE_STARTING); 1538 break; 1539 case STATE_STARTING: 1540 break; 1541 case STATE_CLOSED: 1542 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1543 (cp->scr)(sp); 1544 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1545 break; 1546 case STATE_STOPPED: 1547 case STATE_STOPPING: 1548 case STATE_REQ_SENT: 1549 case STATE_ACK_RCVD: 1550 case STATE_ACK_SENT: 1551 case STATE_OPENED: 1552 break; 1553 case STATE_CLOSING: 1554 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1555 break; 1556 } 1557} 1558 1559 1560static void 1561sppp_close_event(const struct cp *cp, struct sppp *sp) 1562{ 1563 STDDCL; 1564 1565 if (debug) 1566 log(LOG_DEBUG, "%s%d: %s close(%s)\n", 1567 ifp->if_name, ifp->if_unit, cp->name, 1568 sppp_state_name(sp->state[cp->protoidx])); 1569 1570 switch (sp->state[cp->protoidx]) { 1571 case STATE_INITIAL: 1572 case STATE_CLOSED: 1573 case STATE_CLOSING: 1574 break; 1575 case STATE_STARTING: 1576 (cp->tlf)(sp); 1577 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1578 break; 1579 case STATE_STOPPED: 1580 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1581 break; 1582 case STATE_STOPPING: 1583 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1584 break; 1585 case STATE_OPENED: 1586 (cp->tld)(sp); 1587 /* fall through */ 1588 case STATE_REQ_SENT: 1589 case STATE_ACK_RCVD: 1590 case STATE_ACK_SENT: 1591 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1592 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1593 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1594 break; 1595 } 1596} 1597 1598static void 1599sppp_to_event(const struct cp *cp, struct sppp *sp) 1600{ 1601 STDDCL; 1602 int s; 1603 1604 s = splimp(); 1605 if (debug) 1606 log(LOG_DEBUG, "%s%d: %s TO(%s) rst_counter = %d\n", 1607 ifp->if_name, ifp->if_unit, cp->name, 1608 sppp_state_name(sp->state[cp->protoidx]), 1609 sp->rst_counter[cp->protoidx]); 1610 1611 if (--sp->rst_counter[cp->protoidx] < 0) 1612 /* TO- event */ 1613 switch (sp->state[cp->protoidx]) { 1614 case STATE_CLOSING: 1615 (cp->tlf)(sp); 1616 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1617 break; 1618 case STATE_STOPPING: 1619 (cp->tlf)(sp); 1620 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1621 break; 1622 case STATE_REQ_SENT: 1623 case STATE_ACK_RCVD: 1624 case STATE_ACK_SENT: 1625 (cp->tlf)(sp); 1626 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1627 break; 1628 } 1629 else 1630 /* TO+ event */ 1631 switch (sp->state[cp->protoidx]) { 1632 case STATE_CLOSING: 1633 case STATE_STOPPING: 1634 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 1635 0, 0); 1636 sp->ch[cp->protoidx] = timeout(cp->TO, (void *)sp, 1637 sp->lcp.timeout); 1638 break; 1639 case STATE_REQ_SENT: 1640 case STATE_ACK_RCVD: 1641 (cp->scr)(sp); 1642 /* sppp_cp_change_state() will restart the timer */ 1643 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1644 break; 1645 case STATE_ACK_SENT: 1646 (cp->scr)(sp); 1647 sp->ch[cp->protoidx] = timeout(cp->TO, (void *)sp, 1648 sp->lcp.timeout); 1649 break; 1650 } 1651 1652 splx(s); 1653} 1654 1655/* 1656 * Change the state of a control protocol in the state automaton. 1657 * Takes care of starting/stopping the restart timer. 1658 */ 1659void 1660sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1661{ 1662 sp->state[cp->protoidx] = newstate; 1663 1664 untimeout(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 1665 switch (newstate) { 1666 case STATE_INITIAL: 1667 case STATE_STARTING: 1668 case STATE_CLOSED: 1669 case STATE_STOPPED: 1670 case STATE_OPENED: 1671 break; 1672 case STATE_CLOSING: 1673 case STATE_STOPPING: 1674 case STATE_REQ_SENT: 1675 case STATE_ACK_RCVD: 1676 case STATE_ACK_SENT: 1677 sp->ch[cp->protoidx] = timeout(cp->TO, (void *)sp, 1678 sp->lcp.timeout); 1679 break; 1680 } 1681} 1682/* 1683 *--------------------------------------------------------------------------* 1684 * * 1685 * The LCP implementation. * 1686 * * 1687 *--------------------------------------------------------------------------* 1688 */ 1689static void 1690sppp_lcp_init(struct sppp *sp) 1691{ 1692 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1693 sp->lcp.magic = 0; 1694 sp->state[IDX_LCP] = STATE_INITIAL; 1695 sp->fail_counter[IDX_LCP] = 0; 1696 sp->lcp.protos = 0; 1697 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 1698 1699 /* 1700 * Initialize counters and timeout values. Note that we don't 1701 * use the 3 seconds suggested in RFC 1661 since we are likely 1702 * running on a fast link. XXX We should probably implement 1703 * the exponential backoff option. Note that these values are 1704 * relevant for all control protocols, not just LCP only. 1705 */ 1706 sp->lcp.timeout = 1 * hz; 1707 sp->lcp.max_terminate = 2; 1708 sp->lcp.max_configure = 10; 1709 sp->lcp.max_failure = 10; 1710 callout_handle_init(&sp->ch[IDX_LCP]); 1711} 1712 1713static void 1714sppp_lcp_up(struct sppp *sp) 1715{ 1716 STDDCL; 1717 1718 /* 1719 * If this interface is passive or dial-on-demand, and we are 1720 * still in Initial state, it means we've got an incoming 1721 * call. Activate the interface. 1722 */ 1723 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 1724 if (debug) 1725 log(LOG_DEBUG, 1726 "%s%d: Up event", ifp->if_name, ifp->if_unit); 1727 ifp->if_flags |= IFF_RUNNING; 1728 if (sp->state[IDX_LCP] == STATE_INITIAL) { 1729 if (debug) 1730 addlog("(incoming call)\n"); 1731 sp->pp_flags |= PP_CALLIN; 1732 lcp.Open(sp); 1733 } else if (debug) 1734 addlog("\n"); 1735 } 1736 1737 sppp_up_event(&lcp, sp); 1738} 1739 1740static void 1741sppp_lcp_down(struct sppp *sp) 1742{ 1743 STDDCL; 1744 1745 sppp_down_event(&lcp, sp); 1746 1747 /* 1748 * If this is neither a dial-on-demand nor a passive 1749 * interface, simulate an ``ifconfig down'' action, so the 1750 * administrator can force a redial by another ``ifconfig 1751 * up''. XXX For leased line operation, should we immediately 1752 * try to reopen the connection here? 1753 */ 1754 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 1755 log(LOG_INFO, 1756 "%s%d: Down event (carrier loss), taking interface down.\n", 1757 ifp->if_name, ifp->if_unit); 1758 if_down(ifp); 1759 } else { 1760 if (debug) 1761 log(LOG_DEBUG, 1762 "%s%d: Down event (carrier loss)\n", 1763 ifp->if_name, ifp->if_unit); 1764 } 1765 sp->pp_flags &= ~PP_CALLIN; 1766 if (sp->state[IDX_LCP] != STATE_INITIAL) 1767 lcp.Close(sp); 1768 ifp->if_flags &= ~IFF_RUNNING; 1769} 1770 1771static void 1772sppp_lcp_open(struct sppp *sp) 1773{ 1774 /* 1775 * If we are authenticator, negotiate LCP_AUTH 1776 */ 1777 if (sp->hisauth.proto != 0) 1778 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 1779 else 1780 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1781 sp->pp_flags &= ~PP_NEEDAUTH; 1782 sppp_open_event(&lcp, sp); 1783} 1784 1785static void 1786sppp_lcp_close(struct sppp *sp) 1787{ 1788 sppp_close_event(&lcp, sp); 1789} 1790 1791static void 1792sppp_lcp_TO(void *cookie) 1793{ 1794 sppp_to_event(&lcp, (struct sppp *)cookie); 1795} 1796 1797/* 1798 * Analyze a configure request. Return true if it was agreeable, and 1799 * caused action sca, false if it has been rejected or nak'ed, and 1800 * caused action scn. (The return value is used to make the state 1801 * transition decision in the state automaton.) 1802 */ 1803static int 1804sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 1805{ 1806 STDDCL; 1807 u_char *buf, *r, *p; 1808 int origlen, rlen; 1809 u_long nmagic; 1810 u_short authproto; 1811 1812 len -= 4; 1813 origlen = len; 1814 buf = r = malloc (len, M_TEMP, M_NOWAIT); 1815 if (! buf) 1816 return (0); 1817 1818 if (debug) 1819 log(LOG_DEBUG, "%s%d: lcp parse opts: ", 1820 ifp->if_name, ifp->if_unit); 1821 1822 /* pass 1: check for things that need to be rejected */ 1823 p = (void*) (h+1); 1824 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 1825 if (debug) 1826 addlog(" %s ", sppp_lcp_opt_name(*p)); 1827 switch (*p) { 1828 case LCP_OPT_MAGIC: 1829 /* Magic number. */ 1830 /* fall through, both are same length */ 1831 case LCP_OPT_ASYNC_MAP: 1832 /* Async control character map. */ 1833 if (len >= 6 || p[1] == 6) 1834 continue; 1835 if (debug) 1836 addlog("[invalid] "); 1837 break; 1838 case LCP_OPT_MRU: 1839 /* Maximum receive unit. */ 1840 if (len >= 4 && p[1] == 4) 1841 continue; 1842 if (debug) 1843 addlog("[invalid] "); 1844 break; 1845 case LCP_OPT_AUTH_PROTO: 1846 if (len < 4) { 1847 if (debug) 1848 addlog("[invalid] "); 1849 break; 1850 } 1851 authproto = (p[2] << 8) + p[3]; 1852 if (authproto == PPP_CHAP && p[1] != 5) { 1853 if (debug) 1854 addlog("[invalid chap len] "); 1855 break; 1856 } 1857 if (sp->myauth.proto == 0) { 1858 /* we are not configured to do auth */ 1859 if (debug) 1860 addlog("[not configured] "); 1861 break; 1862 } 1863 /* 1864 * Remote want us to authenticate, remember this, 1865 * so we stay in PHASE_AUTHENTICATE after LCP got 1866 * up. 1867 */ 1868 sp->pp_flags |= PP_NEEDAUTH; 1869 continue; 1870 default: 1871 /* Others not supported. */ 1872 if (debug) 1873 addlog("[rej] "); 1874 break; 1875 } 1876 /* Add the option to rejected list. */ 1877 bcopy (p, r, p[1]); 1878 r += p[1]; 1879 rlen += p[1]; 1880 } 1881 if (rlen) { 1882 if (debug) 1883 addlog(" send conf-rej\n"); 1884 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 1885 return 0; 1886 } else if (debug) 1887 addlog("\n"); 1888 1889 /* 1890 * pass 2: check for option values that are unacceptable and 1891 * thus require to be nak'ed. 1892 */ 1893 if (debug) 1894 log(LOG_DEBUG, "%s%d: lcp parse opt values: ", 1895 ifp->if_name, ifp->if_unit); 1896 1897 p = (void*) (h+1); 1898 len = origlen; 1899 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 1900 if (debug) 1901 addlog(" %s ", sppp_lcp_opt_name(*p)); 1902 switch (*p) { 1903 case LCP_OPT_MAGIC: 1904 /* Magic number -- extract. */ 1905 nmagic = (u_long)p[2] << 24 | 1906 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 1907 if (nmagic != sp->lcp.magic) { 1908 if (debug) 1909 addlog("0x%x ", nmagic); 1910 continue; 1911 } 1912 /* 1913 * Local and remote magics equal -- loopback? 1914 */ 1915 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 1916 printf ("%s%d: loopback\n", 1917 ifp->if_name, ifp->if_unit); 1918 sp->pp_loopcnt = 0; 1919 if (ifp->if_flags & IFF_UP) { 1920 if_down(ifp); 1921 sppp_qflush(&sp->pp_cpq); 1922 /* XXX ? */ 1923 lcp.Down(sp); 1924 lcp.Up(sp); 1925 } 1926 } else if (debug) 1927 addlog("[glitch] "); 1928 ++sp->pp_loopcnt; 1929 /* 1930 * We negate our magic here, and NAK it. If 1931 * we see it later in an NAK packet, we 1932 * suggest a new one. 1933 */ 1934 nmagic = ~sp->lcp.magic; 1935 /* Gonna NAK it. */ 1936 p[2] = nmagic >> 24; 1937 p[3] = nmagic >> 16; 1938 p[4] = nmagic >> 8; 1939 p[5] = nmagic; 1940 break; 1941 1942 case LCP_OPT_ASYNC_MAP: 1943 /* Async control character map -- check to be zero. */ 1944 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 1945 if (debug) 1946 addlog("[empty] "); 1947 continue; 1948 } 1949 if (debug) 1950 addlog("[non-empty] "); 1951 /* suggest a zero one */ 1952 p[2] = p[3] = p[4] = p[5] = 0; 1953 break; 1954 1955 case LCP_OPT_MRU: 1956 /* 1957 * Maximum receive unit. Always agreeable, 1958 * but ignored by now. 1959 */ 1960 sp->lcp.their_mru = p[2] * 256 + p[3]; 1961 if (debug) 1962 addlog("%d ", sp->lcp.their_mru); 1963 continue; 1964 1965 case LCP_OPT_AUTH_PROTO: 1966 authproto = (p[2] << 8) + p[3]; 1967 if (sp->myauth.proto != authproto) { 1968 /* not agreed, nak */ 1969 if (debug) 1970 addlog("[mine %s != his %s] ", 1971 sppp_proto_name(sp->hisauth.proto), 1972 sppp_proto_name(authproto)); 1973 p[2] = sp->myauth.proto >> 8; 1974 p[3] = sp->myauth.proto; 1975 break; 1976 } 1977 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 1978 if (debug) 1979 addlog("[chap not MD5] "); 1980 p[4] == CHAP_MD5; 1981 break; 1982 } 1983 continue; 1984 } 1985 /* Add the option to nak'ed list. */ 1986 bcopy (p, r, p[1]); 1987 r += p[1]; 1988 rlen += p[1]; 1989 } 1990 if (rlen) { 1991 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 1992 if (debug) 1993 addlog(" max_failure (%d) exceeded, " 1994 "send conf-rej\n", 1995 sp->lcp.max_failure); 1996 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 1997 } else { 1998 if (debug) 1999 addlog(" send conf-nak\n"); 2000 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2001 } 2002 return 0; 2003 } else { 2004 if (debug) 2005 addlog(" send conf-ack\n"); 2006 sp->fail_counter[IDX_LCP] = 0; 2007 sp->pp_loopcnt = 0; 2008 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2009 h->ident, origlen, h+1); 2010 } 2011 2012 free (buf, M_TEMP); 2013 return (rlen == 0); 2014} 2015 2016/* 2017 * Analyze the LCP Configure-Reject option list, and adjust our 2018 * negotiation. 2019 */ 2020static void 2021sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2022{ 2023 STDDCL; 2024 u_char *buf, *p; 2025 2026 len -= 4; 2027 buf = malloc (len, M_TEMP, M_NOWAIT); 2028 if (!buf) 2029 return; 2030 2031 if (debug) 2032 log(LOG_DEBUG, "%s%d: lcp rej opts: ", 2033 ifp->if_name, ifp->if_unit); 2034 2035 p = (void*) (h+1); 2036 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2037 if (debug) 2038 addlog(" %s ", sppp_lcp_opt_name(*p)); 2039 switch (*p) { 2040 case LCP_OPT_MAGIC: 2041 /* Magic number -- can't use it, use 0 */ 2042 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2043 sp->lcp.magic = 0; 2044 break; 2045 case LCP_OPT_MRU: 2046 /* 2047 * Should not be rejected anyway, since we only 2048 * negotiate a MRU if explicitly requested by 2049 * peer. 2050 */ 2051 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2052 break; 2053 case LCP_OPT_AUTH_PROTO: 2054 /* 2055 * Peer doesn't want to authenticate himself, 2056 * deny unless this is a dialout call, and 2057 * AUTHFLAG_NOCALLOUT is set. 2058 */ 2059 if ((sp->pp_flags & PP_CALLIN) == 0 && 2060 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2061 if (debug) 2062 addlog("[don't insist on auth " 2063 "for callout]"); 2064 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2065 break; 2066 } 2067 if (debug) 2068 addlog("[access denied]\n"); 2069 lcp.Close(sp); 2070 break; 2071 } 2072 } 2073 if (debug) 2074 addlog("\n"); 2075 free (buf, M_TEMP); 2076 return; 2077} 2078 2079/* 2080 * Analyze the LCP Configure-NAK option list, and adjust our 2081 * negotiation. 2082 */ 2083static void 2084sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2085{ 2086 STDDCL; 2087 u_char *buf, *p; 2088 u_long magic; 2089 2090 len -= 4; 2091 buf = malloc (len, M_TEMP, M_NOWAIT); 2092 if (!buf) 2093 return; 2094 2095 if (debug) 2096 log(LOG_DEBUG, "%s%d: lcp nak opts: ", 2097 ifp->if_name, ifp->if_unit); 2098 2099 p = (void*) (h+1); 2100 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2101 if (debug) 2102 addlog(" %s ", sppp_lcp_opt_name(*p)); 2103 switch (*p) { 2104 case LCP_OPT_MAGIC: 2105 /* Magic number -- renegotiate */ 2106 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2107 len >= 6 && p[1] == 6) { 2108 magic = (u_long)p[2] << 24 | 2109 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2110 /* 2111 * If the remote magic is our negated one, 2112 * this looks like a loopback problem. 2113 * Suggest a new magic to make sure. 2114 */ 2115 if (magic == ~sp->lcp.magic) { 2116 if (debug) 2117 addlog("magic glitch "); 2118 read_random((char*)&sp->lcp.magic, sizeof sp->lcp.magic); 2119 } else { 2120 sp->lcp.magic = magic; 2121 if (debug) 2122 addlog("%d "); 2123 } 2124 } 2125 break; 2126 case LCP_OPT_MRU: 2127 /* 2128 * Peer wants to advise us to negotiate an MRU. 2129 * Agree on it if it's reasonable, or use 2130 * default otherwise. 2131 */ 2132 if (len >= 4 && p[1] == 4) { 2133 u_int mru = p[2] * 256 + p[3]; 2134 if (debug) 2135 addlog("%d ", mru); 2136 if (mru < PP_MTU || mru > PP_MAX_MRU) 2137 mru = PP_MTU; 2138 sp->lcp.mru = mru; 2139 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2140 } 2141 break; 2142 case LCP_OPT_AUTH_PROTO: 2143 /* 2144 * Peer doesn't like our authentication method, 2145 * deny. 2146 */ 2147 if (debug) 2148 addlog("[access denied]\n"); 2149 lcp.Close(sp); 2150 break; 2151 } 2152 } 2153 if (debug) 2154 addlog("\n"); 2155 free (buf, M_TEMP); 2156 return; 2157} 2158 2159static void 2160sppp_lcp_tlu(struct sppp *sp) 2161{ 2162 STDDCL; 2163 int i; 2164 u_long mask; 2165 2166 /* XXX ? */ 2167 if (! (ifp->if_flags & IFF_UP) && 2168 (ifp->if_flags & IFF_RUNNING)) { 2169 /* Coming out of loopback mode. */ 2170 if_up(ifp); 2171 printf ("%s%d: up\n", ifp->if_name, ifp->if_unit); 2172 } 2173 2174 for (i = 0; i < IDX_COUNT; i++) 2175 if ((cps[i])->flags & CP_QUAL) 2176 (cps[i])->Open(sp); 2177 2178 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2179 (sp->pp_flags & PP_NEEDAUTH) != 0) 2180 sp->pp_phase = PHASE_AUTHENTICATE; 2181 else 2182 sp->pp_phase = PHASE_NETWORK; 2183 2184 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit, 2185 sppp_phase_name(sp->pp_phase)); 2186 2187 /* 2188 * Open all authentication protocols. This is even required 2189 * if we already proceeded to network phase, since it might be 2190 * that remote wants us to authenticate, so we might have to 2191 * send a PAP request. Undesired authentication protocols 2192 * don't do anything when they get an Open event. 2193 */ 2194 for (i = 0; i < IDX_COUNT; i++) 2195 if ((cps[i])->flags & CP_AUTH) 2196 (cps[i])->Open(sp); 2197 2198 if (sp->pp_phase == PHASE_NETWORK) { 2199 /* Notify all NCPs. */ 2200 for (i = 0; i < IDX_COUNT; i++) 2201 if ((cps[i])->flags & CP_NCP) 2202 (cps[i])->Open(sp); 2203 } 2204 2205 /* Send Up events to all started protos. */ 2206 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2207 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2208 (cps[i])->Up(sp); 2209 2210 if (sp->pp_phase == PHASE_NETWORK) 2211 /* if no NCP is starting, close down */ 2212 sppp_lcp_check_and_close(sp); 2213} 2214 2215static void 2216sppp_lcp_tld(struct sppp *sp) 2217{ 2218 STDDCL; 2219 int i; 2220 u_long mask; 2221 2222 sp->pp_phase = PHASE_TERMINATE; 2223 2224 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit, 2225 sppp_phase_name(sp->pp_phase)); 2226 2227 /* 2228 * Take upper layers down. We send the Down event first and 2229 * the Close second to prevent the upper layers from sending 2230 * ``a flurry of terminate-request packets'', as the RFC 2231 * describes it. 2232 */ 2233 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2234 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2235 (cps[i])->Down(sp); 2236 (cps[i])->Close(sp); 2237 } 2238} 2239 2240static void 2241sppp_lcp_tls(struct sppp *sp) 2242{ 2243 STDDCL; 2244 2245 sp->pp_phase = PHASE_ESTABLISH; 2246 2247 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit, 2248 sppp_phase_name(sp->pp_phase)); 2249 2250 /* Notify lower layer if desired. */ 2251 if (sp->pp_tls) 2252 (sp->pp_tls)(sp); 2253} 2254 2255static void 2256sppp_lcp_tlf(struct sppp *sp) 2257{ 2258 STDDCL; 2259 2260 sp->pp_phase = PHASE_DEAD; 2261 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit, 2262 sppp_phase_name(sp->pp_phase)); 2263 2264 /* Notify lower layer if desired. */ 2265 if (sp->pp_tlf) 2266 (sp->pp_tlf)(sp); 2267} 2268 2269static void 2270sppp_lcp_scr(struct sppp *sp) 2271{ 2272 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2273 int i = 0; 2274 u_short authproto; 2275 2276 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2277 if (! sp->lcp.magic) 2278 read_random((char*)&sp->lcp.magic, sizeof sp->lcp.magic); 2279 opt[i++] = LCP_OPT_MAGIC; 2280 opt[i++] = 6; 2281 opt[i++] = sp->lcp.magic >> 24; 2282 opt[i++] = sp->lcp.magic >> 16; 2283 opt[i++] = sp->lcp.magic >> 8; 2284 opt[i++] = sp->lcp.magic; 2285 } 2286 2287 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2288 opt[i++] = LCP_OPT_MRU; 2289 opt[i++] = 4; 2290 opt[i++] = sp->lcp.mru >> 8; 2291 opt[i++] = sp->lcp.mru; 2292 } 2293 2294 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2295 authproto = sp->hisauth.proto; 2296 opt[i++] = LCP_OPT_AUTH_PROTO; 2297 opt[i++] = authproto == PPP_CHAP? 5: 4; 2298 opt[i++] = authproto >> 8; 2299 opt[i++] = authproto; 2300 if (authproto == PPP_CHAP) 2301 opt[i++] = CHAP_MD5; 2302 } 2303 2304 sp->confid[IDX_LCP] = ++sp->pp_seq; 2305 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2306} 2307 2308/* 2309 * Check the open NCPs, return true if at least one NCP is open. 2310 */ 2311static int 2312sppp_ncp_check(struct sppp *sp) 2313{ 2314 int i, mask; 2315 2316 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2317 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2318 return 1; 2319 return 0; 2320} 2321 2322/* 2323 * Re-check the open NCPs and see if we should terminate the link. 2324 * Called by the NCPs during their tlf action handling. 2325 */ 2326static void 2327sppp_lcp_check_and_close(struct sppp *sp) 2328{ 2329 2330 if (sp->pp_phase < PHASE_NETWORK) 2331 /* don't bother, we are already going down */ 2332 return; 2333 2334 if (sppp_ncp_check(sp)) 2335 return; 2336 2337 lcp.Close(sp); 2338} 2339/* 2340 *--------------------------------------------------------------------------* 2341 * * 2342 * The IPCP implementation. * 2343 * * 2344 *--------------------------------------------------------------------------* 2345 */ 2346 2347static void 2348sppp_ipcp_init(struct sppp *sp) 2349{ 2350 sp->ipcp.opts = 0; 2351 sp->ipcp.flags = 0; 2352 sp->state[IDX_IPCP] = STATE_INITIAL; 2353 sp->fail_counter[IDX_IPCP] = 0; 2354 callout_handle_init(&sp->ch[IDX_IPCP]); 2355} 2356 2357static void 2358sppp_ipcp_up(struct sppp *sp) 2359{ 2360 sppp_up_event(&ipcp, sp); 2361} 2362 2363static void 2364sppp_ipcp_down(struct sppp *sp) 2365{ 2366 sppp_down_event(&ipcp, sp); 2367} 2368 2369static void 2370sppp_ipcp_open(struct sppp *sp) 2371{ 2372 STDDCL; 2373 u_long myaddr, hisaddr; 2374 2375 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2376 /* 2377 * If we don't have his address, this probably means our 2378 * interface doesn't want to talk IP at all. (This could 2379 * be the case if somebody wants to speak only IPX, for 2380 * example.) Don't open IPCP in this case. 2381 */ 2382 if (hisaddr == 0L) { 2383 /* XXX this message should go away */ 2384 if (debug) 2385 log(LOG_DEBUG, "%s%d: ipcp_open(): no IP interface\n", 2386 ifp->if_name, ifp->if_unit); 2387 return; 2388 } 2389 2390 if (myaddr == 0L) { 2391 /* 2392 * I don't have an assigned address, so i need to 2393 * negotiate my address. 2394 */ 2395 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2396 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2397 } 2398 sppp_open_event(&ipcp, sp); 2399} 2400 2401static void 2402sppp_ipcp_close(struct sppp *sp) 2403{ 2404 sppp_close_event(&ipcp, sp); 2405 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2406 /* 2407 * My address was dynamic, clear it again. 2408 */ 2409 sppp_set_ip_addr(sp, 0L); 2410} 2411 2412static void 2413sppp_ipcp_TO(void *cookie) 2414{ 2415 sppp_to_event(&ipcp, (struct sppp *)cookie); 2416} 2417 2418/* 2419 * Analyze a configure request. Return true if it was agreeable, and 2420 * caused action sca, false if it has been rejected or nak'ed, and 2421 * caused action scn. (The return value is used to make the state 2422 * transition decision in the state automaton.) 2423 */ 2424static int 2425sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2426{ 2427 u_char *buf, *r, *p; 2428 struct ifnet *ifp = &sp->pp_if; 2429 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2430 u_long hisaddr, desiredaddr; 2431 2432 len -= 4; 2433 origlen = len; 2434 /* 2435 * Make sure to allocate a buf that can at least hold a 2436 * conf-nak with an `address' option. We might need it below. 2437 */ 2438 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2439 if (! buf) 2440 return (0); 2441 2442 /* pass 1: see if we can recognize them */ 2443 if (debug) 2444 log(LOG_DEBUG, "%s%d: ipcp parse opts: ", 2445 ifp->if_name, ifp->if_unit); 2446 p = (void*) (h+1); 2447 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2448 if (debug) 2449 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2450 switch (*p) { 2451#ifdef notyet 2452 case IPCP_OPT_COMPRESSION: 2453 if (len >= 6 && p[1] >= 6) { 2454 /* correctly formed compress option */ 2455 continue; 2456 } 2457 if (debug) 2458 addlog("[invalid] "); 2459 break; 2460#endif 2461 case IPCP_OPT_ADDRESS: 2462 if (len >= 6 && p[1] == 6) { 2463 /* correctly formed address option */ 2464 continue; 2465 } 2466 if (debug) 2467 addlog("[invalid] "); 2468 break; 2469 default: 2470 /* Others not supported. */ 2471 if (debug) 2472 addlog("[rej] "); 2473 break; 2474 } 2475 /* Add the option to rejected list. */ 2476 bcopy (p, r, p[1]); 2477 r += p[1]; 2478 rlen += p[1]; 2479 } 2480 if (rlen) { 2481 if (debug) 2482 addlog(" send conf-rej\n"); 2483 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2484 return 0; 2485 } else if (debug) 2486 addlog("\n"); 2487 2488 /* pass 2: parse option values */ 2489 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2490 if (debug) 2491 log(LOG_DEBUG, "%s%d: ipcp parse opt values: ", 2492 ifp->if_name, ifp->if_unit); 2493 p = (void*) (h+1); 2494 len = origlen; 2495 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2496 if (debug) 2497 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2498 switch (*p) { 2499#ifdef notyet 2500 case IPCP_OPT_COMPRESSION: 2501 continue; 2502#endif 2503 case IPCP_OPT_ADDRESS: 2504 desiredaddr = p[2] << 24 | p[3] << 16 | 2505 p[4] << 8 | p[5]; 2506 if (desiredaddr == hisaddr || 2507 hisaddr == 1 && desiredaddr != 0) { 2508 /* 2509 * Peer's address is same as our value, 2510 * or we have set it to 0.0.0.1 to 2511 * indicate that we do not really care, 2512 * this is agreeable. Gonna conf-ack 2513 * it. 2514 */ 2515 if (debug) 2516 addlog("%s [ack] ", 2517 sppp_dotted_quad(desiredaddr)); 2518 /* record that we've seen it already */ 2519 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2520 continue; 2521 } 2522 /* 2523 * The address wasn't agreeable. This is either 2524 * he sent us 0.0.0.0, asking to assign him an 2525 * address, or he send us another address not 2526 * matching our value. Either case, we gonna 2527 * conf-nak it with our value. 2528 */ 2529 if (debug) { 2530 if (desiredaddr == 0) 2531 addlog("[addr requested] "); 2532 else 2533 addlog("%s [not agreed] ", 2534 sppp_dotted_quad(desiredaddr)); 2535 2536 p[2] = hisaddr >> 24; 2537 p[3] = hisaddr >> 16; 2538 p[4] = hisaddr >> 8; 2539 p[5] = hisaddr; 2540 } 2541 break; 2542 } 2543 /* Add the option to nak'ed list. */ 2544 bcopy (p, r, p[1]); 2545 r += p[1]; 2546 rlen += p[1]; 2547 } 2548 2549 /* 2550 * If we are about to conf-ack the request, but haven't seen 2551 * his address so far, gonna conf-nak it instead, with the 2552 * `address' option present and our idea of his address being 2553 * filled in there, to request negotiation of both addresses. 2554 * 2555 * XXX This can result in an endless req - nak loop if peer 2556 * doesn't want to send us his address. Q: What should we do 2557 * about it? XXX A: implement the max-failure counter. 2558 */ 2559 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) { 2560 buf[0] = IPCP_OPT_ADDRESS; 2561 buf[1] = 6; 2562 buf[2] = hisaddr >> 24; 2563 buf[3] = hisaddr >> 16; 2564 buf[4] = hisaddr >> 8; 2565 buf[5] = hisaddr; 2566 rlen = 6; 2567 if (debug) 2568 addlog("still need hisaddr "); 2569 } 2570 2571 if (rlen) { 2572 if (debug) 2573 addlog(" send conf-nak\n"); 2574 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2575 } else { 2576 if (debug) 2577 addlog(" send conf-ack\n"); 2578 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2579 h->ident, origlen, h+1); 2580 } 2581 2582 free (buf, M_TEMP); 2583 return (rlen == 0); 2584} 2585 2586/* 2587 * Analyze the IPCP Configure-Reject option list, and adjust our 2588 * negotiation. 2589 */ 2590static void 2591sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2592{ 2593 u_char *buf, *p; 2594 struct ifnet *ifp = &sp->pp_if; 2595 int debug = ifp->if_flags & IFF_DEBUG; 2596 2597 len -= 4; 2598 buf = malloc (len, M_TEMP, M_NOWAIT); 2599 if (!buf) 2600 return; 2601 2602 if (debug) 2603 log(LOG_DEBUG, "%s%d: ipcp rej opts: ", 2604 ifp->if_name, ifp->if_unit); 2605 2606 p = (void*) (h+1); 2607 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2608 if (debug) 2609 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2610 switch (*p) { 2611 case IPCP_OPT_ADDRESS: 2612 /* 2613 * Peer doesn't grok address option. This is 2614 * bad. XXX Should we better give up here? 2615 */ 2616 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 2617 break; 2618#ifdef notyet 2619 case IPCP_OPT_COMPRESS: 2620 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 2621 break; 2622#endif 2623 } 2624 } 2625 if (debug) 2626 addlog("\n"); 2627 free (buf, M_TEMP); 2628 return; 2629} 2630 2631/* 2632 * Analyze the IPCP Configure-NAK option list, and adjust our 2633 * negotiation. 2634 */ 2635static void 2636sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2637{ 2638 u_char *buf, *p; 2639 struct ifnet *ifp = &sp->pp_if; 2640 int debug = ifp->if_flags & IFF_DEBUG; 2641 u_long wantaddr; 2642 2643 len -= 4; 2644 buf = malloc (len, M_TEMP, M_NOWAIT); 2645 if (!buf) 2646 return; 2647 2648 if (debug) 2649 log(LOG_DEBUG, "%s%d: ipcp nak opts: ", 2650 ifp->if_name, ifp->if_unit); 2651 2652 p = (void*) (h+1); 2653 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2654 if (debug) 2655 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2656 switch (*p) { 2657 case IPCP_OPT_ADDRESS: 2658 /* 2659 * Peer doesn't like our local IP address. See 2660 * if we can do something for him. We'll drop 2661 * him our address then. 2662 */ 2663 if (len >= 6 && p[1] == 6) { 2664 wantaddr = p[2] << 24 | p[3] << 16 | 2665 p[4] << 8 | p[5]; 2666 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2667 if (debug) 2668 addlog("[wantaddr %s] ", 2669 sppp_dotted_quad(wantaddr)); 2670 /* 2671 * When doing dynamic address assignment, 2672 * we accept his offer. Otherwise, we 2673 * ignore it and thus continue to negotiate 2674 * our already existing value. 2675 */ 2676 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 2677 sppp_set_ip_addr(sp, wantaddr); 2678 if (debug) 2679 addlog("[agree] "); 2680 } 2681 } 2682 break; 2683#ifdef notyet 2684 case IPCP_OPT_COMPRESS: 2685 /* 2686 * Peer wants different compression parameters. 2687 */ 2688 break; 2689#endif 2690 } 2691 } 2692 if (debug) 2693 addlog("\n"); 2694 free (buf, M_TEMP); 2695 return; 2696} 2697 2698static void 2699sppp_ipcp_tlu(struct sppp *sp) 2700{ 2701} 2702 2703static void 2704sppp_ipcp_tld(struct sppp *sp) 2705{ 2706} 2707 2708static void 2709sppp_ipcp_tls(struct sppp *sp) 2710{ 2711 /* indicate to LCP that it must stay alive */ 2712 sp->lcp.protos |= (1 << IDX_IPCP); 2713} 2714 2715static void 2716sppp_ipcp_tlf(struct sppp *sp) 2717{ 2718 /* we no longer need LCP */ 2719 sp->lcp.protos &= ~(1 << IDX_IPCP); 2720 sppp_lcp_check_and_close(sp); 2721} 2722 2723static void 2724sppp_ipcp_scr(struct sppp *sp) 2725{ 2726 char opt[6 /* compression */ + 6 /* address */]; 2727 u_long ouraddr; 2728 int i = 0; 2729 2730#ifdef notyet 2731 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 2732 opt[i++] = IPCP_OPT_COMPRESSION; 2733 opt[i++] = 6; 2734 opt[i++] = 0; /* VJ header compression */ 2735 opt[i++] = 0x2d; /* VJ header compression */ 2736 opt[i++] = max_slot_id; 2737 opt[i++] = comp_slot_id; 2738 } 2739#endif 2740 2741 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 2742 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 2743 opt[i++] = IPCP_OPT_ADDRESS; 2744 opt[i++] = 6; 2745 opt[i++] = ouraddr >> 24; 2746 opt[i++] = ouraddr >> 16; 2747 opt[i++] = ouraddr >> 8; 2748 opt[i++] = ouraddr; 2749 } 2750 2751 sp->confid[IDX_IPCP] = ++sp->pp_seq; 2752 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 2753} 2754 2755 2756/* 2757 *--------------------------------------------------------------------------* 2758 * * 2759 * The CHAP implementation. * 2760 * * 2761 *--------------------------------------------------------------------------* 2762 */ 2763 2764/* 2765 * The authentication protocols don't employ a full-fledged state machine as 2766 * the control protocols do, since they do have Open and Close events, but 2767 * not Up and Down, nor are they explicitly terminated. Also, use of the 2768 * authentication protocols may be different in both directions (this makes 2769 * sense, think of a machine that never accepts incoming calls but only 2770 * calls out, it doesn't require the called party to authenticate itself). 2771 * 2772 * Our state machine for the local authentication protocol (we are requesting 2773 * the peer to authenticate) looks like: 2774 * 2775 * RCA- 2776 * +--------------------------------------------+ 2777 * V scn,tld| 2778 * +--------+ Close +---------+ RCA+ 2779 * | |<----------------------------------| |------+ 2780 * +--->| Closed | TO* | Opened | sca | 2781 * | | |-----+ +-------| |<-----+ 2782 * | +--------+ irc | | +---------+ 2783 * | ^ | | ^ 2784 * | | | | | 2785 * | | | | | 2786 * | TO-| | | | 2787 * | |tld TO+ V | | 2788 * | | +------->+ | | 2789 * | | | | | | 2790 * | +--------+ V | | 2791 * | | |<----+<--------------------+ | 2792 * | | Req- | scr | 2793 * | | Sent | | 2794 * | | | | 2795 * | +--------+ | 2796 * | RCA- | | RCA+ | 2797 * +------+ +------------------------------------------+ 2798 * scn,tld sca,irc,ict,tlu 2799 * 2800 * 2801 * with: 2802 * 2803 * Open: LCP reached authentication phase 2804 * Close: LCP reached terminate phase 2805 * 2806 * RCA+: received reply (pap-req, chap-response), acceptable 2807 * RCN: received reply (pap-req, chap-response), not acceptable 2808 * TO+: timeout with restart counter >= 0 2809 * TO-: timeout with restart counter < 0 2810 * TO*: reschedule timeout for CHAP 2811 * 2812 * scr: send request packet (none for PAP, chap-challenge) 2813 * sca: send ack packet (pap-ack, chap-success) 2814 * scn: send nak packet (pap-nak, chap-failure) 2815 * ict: initialize re-challenge timer (CHAP only) 2816 * 2817 * tlu: this-layer-up, LCP reaches network phase 2818 * tld: this-layer-down, LCP enters terminate phase 2819 * 2820 * Note that in CHAP mode, after sending a new challenge, while the state 2821 * automaton falls back into Req-Sent state, it doesn't signal a tld 2822 * event to LCP, so LCP remains in network phase. Only after not getting 2823 * any response (or after getting an unacceptable response), CHAP closes, 2824 * causing LCP to enter terminate phase. 2825 * 2826 * With PAP, there is no initial request that can be sent. The peer is 2827 * expected to send one based on the successful negotiation of PAP as 2828 * the authentication protocol during the LCP option negotiation. 2829 * 2830 * Incoming authentication protocol requests (remote requests 2831 * authentication, we are peer) don't employ a state machine at all, 2832 * they are simply answered. Some peers [Ascend P50 firmware rev 2833 * 4.50] react allergically when sending IPCP requests while they are 2834 * still in authentication phase (thereby violating the standard that 2835 * demands that these NCP packets are to be discarded), so we keep 2836 * track of the peer demanding us to authenticate, and only proceed to 2837 * phase network once we've seen a positive acknowledge for the 2838 * authentication. 2839 */ 2840 2841/* 2842 * Handle incoming CHAP packets. 2843 */ 2844void 2845sppp_chap_input(struct sppp *sp, struct mbuf *m) 2846{ 2847 STDDCL; 2848 struct lcp_header *h; 2849 int len, x; 2850 u_char *value, *name, digest[AUTHKEYLEN], dsize; 2851 int value_len, name_len; 2852 MD5_CTX ctx; 2853 2854 len = m->m_pkthdr.len; 2855 if (len < 4) { 2856 if (debug) 2857 log(LOG_DEBUG, 2858 "%s%d: chap invalid packet length: %d bytes\n", 2859 ifp->if_name, ifp->if_unit, len); 2860 return; 2861 } 2862 h = mtod (m, struct lcp_header*); 2863 if (len > ntohs (h->len)) 2864 len = ntohs (h->len); 2865 2866 switch (h->type) { 2867 /* challenge, failure and success are his authproto */ 2868 case CHAP_CHALLENGE: 2869 value = 1 + (u_char*)(h+1); 2870 value_len = value[-1]; 2871 name = value + value_len; 2872 name_len = len - value_len - 5; 2873 if (name_len < 0) { 2874 if (debug) { 2875 log(LOG_DEBUG, 2876 "%s%d: chap corrupted challenge " 2877 "<%s id=0x%x len=%d", 2878 ifp->if_name, ifp->if_unit, 2879 sppp_auth_type_name(PPP_CHAP, h->type), 2880 h->ident, ntohs(h->len)); 2881 if (len > 4) 2882 sppp_print_bytes((u_char*) (h+1), len-4); 2883 addlog(">\n"); 2884 } 2885 break; 2886 } 2887 2888 if (debug) { 2889 log(LOG_DEBUG, 2890 "%s%d: chap input <%s id=0x%x len=%d name=", 2891 ifp->if_name, ifp->if_unit, 2892 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 2893 ntohs(h->len)); 2894 sppp_print_string((char*) name, name_len); 2895 addlog(" value-size=%d value=", value_len); 2896 sppp_print_bytes(value, value_len); 2897 addlog(">\n"); 2898 } 2899 2900 /* Compute reply value. */ 2901 MD5Init(&ctx); 2902 MD5Update(&ctx, &h->ident, 1); 2903 MD5Update(&ctx, sp->myauth.secret, 2904 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 2905 MD5Update(&ctx, value, value_len); 2906 MD5Final(digest, &ctx); 2907 dsize = sizeof digest; 2908 2909 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 2910 sizeof dsize, (const char *)&dsize, 2911 sizeof digest, digest, 2912 sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 2913 sp->myauth.name, 2914 0); 2915 break; 2916 2917 case CHAP_SUCCESS: 2918 if (debug) { 2919 log(LOG_DEBUG, "%s%d: chap success", 2920 ifp->if_name, ifp->if_unit); 2921 if (len > 4) { 2922 addlog(": "); 2923 sppp_print_string((char*)(h + 1), len - 4); 2924 } 2925 addlog("\n"); 2926 } 2927 x = splimp(); 2928 sp->pp_flags &= ~PP_NEEDAUTH; 2929 if (sp->myauth.proto == PPP_CHAP && 2930 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 2931 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 2932 /* 2933 * We are authenticator for CHAP but didn't 2934 * complete yet. Leave it to tlu to proceed 2935 * to network phase. 2936 */ 2937 splx(x); 2938 break; 2939 } 2940 splx(x); 2941 sppp_phase_network(sp); 2942 break; 2943 2944 case CHAP_FAILURE: 2945 if (debug) { 2946 log(LOG_INFO, "%s%d: chap failure", 2947 ifp->if_name, ifp->if_unit); 2948 if (len > 4) { 2949 addlog(": "); 2950 sppp_print_string((char*)(h + 1), len - 4); 2951 } 2952 addlog("\n"); 2953 } else 2954 log(LOG_INFO, "%s%d: chap failure\n", 2955 ifp->if_name, ifp->if_unit); 2956 /* await LCP shutdown by authenticator */ 2957 break; 2958 2959 /* response is my authproto */ 2960 case CHAP_RESPONSE: 2961 value = 1 + (u_char*)(h+1); 2962 value_len = value[-1]; 2963 name = value + value_len; 2964 name_len = len - value_len - 5; 2965 if (name_len < 0) { 2966 if (debug) { 2967 log(LOG_DEBUG, 2968 "%s%d: chap corrupted response " 2969 "<%s id=0x%x len=%d", 2970 ifp->if_name, ifp->if_unit, 2971 sppp_auth_type_name(PPP_CHAP, h->type), 2972 h->ident, ntohs(h->len)); 2973 if (len > 4) 2974 sppp_print_bytes((u_char*)(h+1), len-4); 2975 addlog(">\n"); 2976 } 2977 break; 2978 } 2979 if (h->ident != sp->confid[IDX_CHAP]) { 2980 if (debug) 2981 log(LOG_DEBUG, 2982 "%s%d: chap dropping response for old ID " 2983 "(got %d, expected %d)\n", 2984 h->ident, sp->confid[IDX_CHAP]); 2985 break; 2986 } 2987 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 2988 || bcmp(name, sp->hisauth.name, name_len) != 0) { 2989 log(LOG_INFO, "%s%d: chap response, his name ", 2990 ifp->if_name, ifp->if_unit); 2991 sppp_print_string(name, name_len); 2992 addlog(" != expected "); 2993 sppp_print_string(sp->hisauth.name, 2994 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 2995 addlog("\n"); 2996 } 2997 if (debug) { 2998 log(LOG_DEBUG, "%s%d: chap input(%s) " 2999 "<%s id=0x%x len=%d name=", 3000 ifp->if_name, ifp->if_unit, 3001 sppp_state_name(sp->state[IDX_CHAP]), 3002 sppp_auth_type_name(PPP_CHAP, h->type), 3003 h->ident, ntohs (h->len)); 3004 sppp_print_string((char*)name, name_len); 3005 addlog(" value-size=%d value=", value_len); 3006 sppp_print_bytes(value, value_len); 3007 addlog(">\n"); 3008 } 3009 if (value_len != AUTHKEYLEN) { 3010 if (debug) 3011 log(LOG_DEBUG, 3012 "%s%d: chap bad hash value length: " 3013 "%d bytes, should be %d\n", 3014 ifp->if_name, ifp->if_unit, value_len, 3015 AUTHKEYLEN); 3016 break; 3017 } 3018 3019 MD5Init(&ctx); 3020 MD5Update(&ctx, &h->ident, 1); 3021 MD5Update(&ctx, sp->hisauth.secret, 3022 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 3023 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 3024 MD5Final(digest, &ctx); 3025 3026#define FAILMSG "Failed..." 3027#define SUCCMSG "Welcome!" 3028 3029 if (value_len != sizeof digest || 3030 bcmp(digest, value, value_len) != 0) { 3031 /* action scn, tld */ 3032 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3033 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3034 0); 3035 chap.tld(sp); 3036 break; 3037 } 3038 /* action sca, perhaps tlu */ 3039 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3040 sp->state[IDX_CHAP] == STATE_OPENED) 3041 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3042 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3043 0); 3044 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3045 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3046 chap.tlu(sp); 3047 } 3048 break; 3049 3050 default: 3051 /* Unknown CHAP packet type -- ignore. */ 3052 if (debug) { 3053 log(LOG_DEBUG, "%s%d: chap unknown input(%s) " 3054 "<0x%x id=0x%xh len=%d", 3055 ifp->if_name, ifp->if_unit, 3056 sppp_state_name(sp->state[IDX_CHAP]), 3057 h->type, h->ident, ntohs(h->len)); 3058 if (len > 4) 3059 sppp_print_bytes((u_char*)(h+1), len-4); 3060 addlog(">\n"); 3061 } 3062 break; 3063 3064 } 3065} 3066 3067static void 3068sppp_chap_init(struct sppp *sp) 3069{ 3070 /* Chap doesn't have STATE_INITIAL at all. */ 3071 sp->state[IDX_CHAP] = STATE_CLOSED; 3072 sp->fail_counter[IDX_CHAP] = 0; 3073 callout_handle_init(&sp->ch[IDX_CHAP]); 3074} 3075 3076static void 3077sppp_chap_open(struct sppp *sp) 3078{ 3079 if (sp->myauth.proto == PPP_CHAP && 3080 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3081 /* we are authenticator for CHAP, start it */ 3082 chap.scr(sp); 3083 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3084 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3085 } 3086 /* nothing to be done if we are peer, await a challenge */ 3087} 3088 3089static void 3090sppp_chap_close(struct sppp *sp) 3091{ 3092 if (sp->state[IDX_CHAP] != STATE_CLOSED) 3093 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3094} 3095 3096static void 3097sppp_chap_TO(void *cookie) 3098{ 3099 struct sppp *sp = (struct sppp *)cookie; 3100 STDDCL; 3101 int s; 3102 3103 s = splimp(); 3104 if (debug) 3105 log(LOG_DEBUG, "%s%d: chap TO(%s) rst_counter = %d\n", 3106 ifp->if_name, ifp->if_unit, 3107 sppp_state_name(sp->state[IDX_CHAP]), 3108 sp->rst_counter[IDX_CHAP]); 3109 3110 if (--sp->rst_counter[IDX_CHAP] < 0) 3111 /* TO- event */ 3112 switch (sp->state[IDX_CHAP]) { 3113 case STATE_REQ_SENT: 3114 chap.tld(sp); 3115 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3116 break; 3117 } 3118 else 3119 /* TO+ (or TO*) event */ 3120 switch (sp->state[IDX_CHAP]) { 3121 case STATE_OPENED: 3122 /* TO* event */ 3123 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3124 /* fall through */ 3125 case STATE_REQ_SENT: 3126 chap.scr(sp); 3127 /* sppp_cp_change_state() will restart the timer */ 3128 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3129 break; 3130 } 3131 3132 splx(s); 3133} 3134 3135static void 3136sppp_chap_tlu(struct sppp *sp) 3137{ 3138 STDDCL; 3139 int i, x; 3140 3141 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3142 3143 /* 3144 * Some broken CHAP implementations (Conware CoNet, firmware 3145 * 4.0.?) don't want to re-authenticate their CHAP once the 3146 * initial challenge-response exchange has taken place. 3147 * Provide for an option to avoid rechallenges. 3148 */ 3149 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 3150 /* 3151 * Compute the re-challenge timeout. This will yield 3152 * a number between 300 and 810 seconds. 3153 */ 3154 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 3155 3156 sp->ch[IDX_CHAP] = timeout(chap.TO, (void *)sp, i * hz); 3157 } 3158 3159 if (debug) { 3160 log(LOG_DEBUG, 3161 "%s%d: chap %s, ", 3162 ifp->if_name, ifp->if_unit, 3163 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 3164 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 3165 addlog("next re-challenge in %d seconds\n", i); 3166 else 3167 addlog("re-challenging supressed\n"); 3168 } 3169 3170 x = splimp(); 3171 /* indicate to LCP that we need to be closed down */ 3172 sp->lcp.protos |= (1 << IDX_CHAP); 3173 3174 if (sp->pp_flags & PP_NEEDAUTH) { 3175 /* 3176 * Remote is authenticator, but his auth proto didn't 3177 * complete yet. Defer the transition to network 3178 * phase. 3179 */ 3180 splx(x); 3181 return; 3182 } 3183 splx(x); 3184 3185 /* 3186 * If we are already in phase network, we are done here. This 3187 * is the case if this is a dummy tlu event after a re-challenge. 3188 */ 3189 if (sp->pp_phase != PHASE_NETWORK) 3190 sppp_phase_network(sp); 3191} 3192 3193static void 3194sppp_chap_tld(struct sppp *sp) 3195{ 3196 STDDCL; 3197 3198 if (debug) 3199 log(LOG_DEBUG, "%s%d: chap tld\n", ifp->if_name, ifp->if_unit); 3200 untimeout(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 3201 sp->lcp.protos &= ~(1 << IDX_CHAP); 3202 3203 lcp.Close(sp); 3204} 3205 3206static void 3207sppp_chap_scr(struct sppp *sp) 3208{ 3209 struct timeval tv; 3210 u_long *ch, seed; 3211 u_char clen; 3212 3213 /* Compute random challenge. */ 3214 ch = (u_long *)sp->myauth.challenge; 3215 microtime(&tv); 3216 seed = tv.tv_sec ^ tv.tv_usec; 3217 ch[0] = seed ^ random(); 3218 ch[1] = seed ^ random(); 3219 ch[2] = seed ^ random(); 3220 ch[3] = seed ^ random(); 3221 clen = AUTHKEYLEN; 3222 3223 sp->confid[IDX_CHAP] = ++sp->pp_seq; 3224 3225 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 3226 sizeof clen, (const char *)&clen, 3227 AUTHKEYLEN, sp->myauth.challenge, 3228 sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3229 sp->myauth.name, 3230 0); 3231} 3232/* 3233 *--------------------------------------------------------------------------* 3234 * * 3235 * The PAP implementation. * 3236 * * 3237 *--------------------------------------------------------------------------* 3238 */ 3239/* 3240 * For PAP, we need to keep a little state also if we are the peer, not the 3241 * authenticator. This is since we don't get a request to authenticate, but 3242 * have to repeatedly authenticate ourself until we got a response (or the 3243 * retry counter is expired). 3244 */ 3245 3246/* 3247 * Handle incoming PAP packets. */ 3248static void 3249sppp_pap_input(struct sppp *sp, struct mbuf *m) 3250{ 3251 STDDCL; 3252 struct lcp_header *h; 3253 int len, x; 3254 u_char *name, *passwd, mlen; 3255 int name_len, passwd_len; 3256 3257 len = m->m_pkthdr.len; 3258 if (len < 5) { 3259 if (debug) 3260 log(LOG_DEBUG, 3261 "%s%d: pap invalid packet length: %d bytes\n", 3262 ifp->if_name, ifp->if_unit, len); 3263 return; 3264 } 3265 h = mtod (m, struct lcp_header*); 3266 if (len > ntohs (h->len)) 3267 len = ntohs (h->len); 3268 switch (h->type) { 3269 /* PAP request is my authproto */ 3270 case PAP_REQ: 3271 name = 1 + (u_char*)(h+1); 3272 name_len = name[-1]; 3273 passwd = name + name_len + 1; 3274 if (name_len > len - 6 || 3275 (passwd_len = passwd[-1]) > len - 6 - name_len) { 3276 if (debug) { 3277 log(LOG_DEBUG, "%s%d: pap corrupted input " 3278 "<%s id=0x%x len=%d", 3279 ifp->if_name, ifp->if_unit, 3280 sppp_auth_type_name(PPP_PAP, h->type), 3281 h->ident, ntohs(h->len)); 3282 if (len > 4) 3283 sppp_print_bytes((u_char*)(h+1), len-4); 3284 addlog(">\n"); 3285 } 3286 break; 3287 } 3288 if (debug) { 3289 log(LOG_DEBUG, "%s%d: pap input(%s) " 3290 "<%s id=0x%x len=%d name=", 3291 ifp->if_name, ifp->if_unit, 3292 sppp_state_name(sp->state[IDX_PAP]), 3293 sppp_auth_type_name(PPP_PAP, h->type), 3294 h->ident, ntohs(h->len)); 3295 sppp_print_string((char*)name, name_len); 3296 addlog(" passwd="); 3297 sppp_print_string((char*)passwd, passwd_len); 3298 addlog(">\n"); 3299 } 3300 if (name_len > AUTHNAMELEN || 3301 passwd_len > AUTHKEYLEN || 3302 bcmp(name, sp->hisauth.name, name_len) != 0 || 3303 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 3304 /* action scn, tld */ 3305 mlen = sizeof(FAILMSG) - 1; 3306 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 3307 sizeof mlen, (const char *)&mlen, 3308 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3309 0); 3310 pap.tld(sp); 3311 break; 3312 } 3313 /* action sca, perhaps tlu */ 3314 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 3315 sp->state[IDX_PAP] == STATE_OPENED) { 3316 mlen = sizeof(SUCCMSG) - 1; 3317 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 3318 sizeof mlen, (const char *)&mlen, 3319 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3320 0); 3321 } 3322 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 3323 sppp_cp_change_state(&pap, sp, STATE_OPENED); 3324 pap.tlu(sp); 3325 } 3326 break; 3327 3328 /* ack and nak are his authproto */ 3329 case PAP_ACK: 3330 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3331 if (debug) { 3332 log(LOG_DEBUG, "%s%d: pap success", 3333 ifp->if_name, ifp->if_unit); 3334 name_len = *((char *)h); 3335 if (len > 5 && name_len) { 3336 addlog(": "); 3337 sppp_print_string((char*)(h+1), name_len); 3338 } 3339 addlog("\n"); 3340 } 3341 x = splimp(); 3342 sp->pp_flags &= ~PP_NEEDAUTH; 3343 if (sp->myauth.proto == PPP_PAP && 3344 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3345 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 3346 /* 3347 * We are authenticator for PAP but didn't 3348 * complete yet. Leave it to tlu to proceed 3349 * to network phase. 3350 */ 3351 splx(x); 3352 break; 3353 } 3354 splx(x); 3355 sppp_phase_network(sp); 3356 break; 3357 3358 case PAP_NAK: 3359 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3360 if (debug) { 3361 log(LOG_INFO, "%s%d: pap failure", 3362 ifp->if_name, ifp->if_unit); 3363 name_len = *((char *)h); 3364 if (len > 5 && name_len) { 3365 addlog(": "); 3366 sppp_print_string((char*)(h+1), name_len); 3367 } 3368 addlog("\n"); 3369 } else 3370 log(LOG_INFO, "%s%d: pap failure\n", 3371 ifp->if_name, ifp->if_unit); 3372 /* await LCP shutdown by authenticator */ 3373 break; 3374 3375 default: 3376 /* Unknown PAP packet type -- ignore. */ 3377 if (debug) { 3378 log(LOG_DEBUG, "%s%d: pap corrupted input " 3379 "<0x%x id=0x%x len=%d", 3380 ifp->if_name, ifp->if_unit, 3381 h->type, h->ident, ntohs(h->len)); 3382 if (len > 4) 3383 sppp_print_bytes((u_char*)(h+1), len-4); 3384 addlog(">\n"); 3385 } 3386 break; 3387 3388 } 3389} 3390 3391static void 3392sppp_pap_init(struct sppp *sp) 3393{ 3394 /* PAP doesn't have STATE_INITIAL at all. */ 3395 sp->state[IDX_PAP] = STATE_CLOSED; 3396 sp->fail_counter[IDX_PAP] = 0; 3397 callout_handle_init(&sp->ch[IDX_PAP]); 3398 callout_handle_init(&sp->pap_my_to_ch); 3399} 3400 3401static void 3402sppp_pap_open(struct sppp *sp) 3403{ 3404 if (sp->hisauth.proto == PPP_PAP && 3405 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3406 /* we are authenticator for PAP, start our timer */ 3407 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3408 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3409 } 3410 if (sp->myauth.proto == PPP_PAP) { 3411 /* we are peer, send a request, and start a timer */ 3412 pap.scr(sp); 3413 sp->pap_my_to_ch = timeout(sppp_pap_my_TO, (void *)sp, 3414 sp->lcp.timeout); 3415 } 3416} 3417 3418static void 3419sppp_pap_close(struct sppp *sp) 3420{ 3421 if (sp->state[IDX_PAP] != STATE_CLOSED) 3422 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3423} 3424 3425/* 3426 * That's the timeout routine if we are authenticator. Since the 3427 * authenticator is basically passive in PAP, we can't do much here. 3428 */ 3429static void 3430sppp_pap_TO(void *cookie) 3431{ 3432 struct sppp *sp = (struct sppp *)cookie; 3433 STDDCL; 3434 int s; 3435 3436 s = splimp(); 3437 if (debug) 3438 log(LOG_DEBUG, "%s%d: pap TO(%s) rst_counter = %d\n", 3439 ifp->if_name, ifp->if_unit, 3440 sppp_state_name(sp->state[IDX_PAP]), 3441 sp->rst_counter[IDX_PAP]); 3442 3443 if (--sp->rst_counter[IDX_PAP] < 0) 3444 /* TO- event */ 3445 switch (sp->state[IDX_PAP]) { 3446 case STATE_REQ_SENT: 3447 pap.tld(sp); 3448 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3449 break; 3450 } 3451 else 3452 /* TO+ event, not very much we could do */ 3453 switch (sp->state[IDX_PAP]) { 3454 case STATE_REQ_SENT: 3455 /* sppp_cp_change_state() will restart the timer */ 3456 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3457 break; 3458 } 3459 3460 splx(s); 3461} 3462 3463/* 3464 * That's the timeout handler if we are peer. Since the peer is active, 3465 * we need to retransmit our PAP request since it is apparently lost. 3466 * XXX We should impose a max counter. 3467 */ 3468static void 3469sppp_pap_my_TO(void *cookie) 3470{ 3471 struct sppp *sp = (struct sppp *)cookie; 3472 STDDCL; 3473 3474 if (debug) 3475 log(LOG_DEBUG, "%s%d: pap peer TO\n", 3476 ifp->if_name, ifp->if_unit); 3477 3478 pap.scr(sp); 3479} 3480 3481static void 3482sppp_pap_tlu(struct sppp *sp) 3483{ 3484 STDDCL; 3485 int x; 3486 3487 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3488 3489 if (debug) 3490 log(LOG_DEBUG, "%s%d: %s tlu\n", 3491 ifp->if_name, ifp->if_unit, pap.name); 3492 3493 x = splimp(); 3494 /* indicate to LCP that we need to be closed down */ 3495 sp->lcp.protos |= (1 << IDX_PAP); 3496 3497 if (sp->pp_flags & PP_NEEDAUTH) { 3498 /* 3499 * Remote is authenticator, but his auth proto didn't 3500 * complete yet. Defer the transition to network 3501 * phase. 3502 */ 3503 splx(x); 3504 return; 3505 } 3506 splx(x); 3507 sppp_phase_network(sp); 3508} 3509 3510static void 3511sppp_pap_tld(struct sppp *sp) 3512{ 3513 STDDCL; 3514 3515 if (debug) 3516 log(LOG_DEBUG, "%s%d: pap tld\n", ifp->if_name, ifp->if_unit); 3517 untimeout(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 3518 untimeout(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3519 sp->lcp.protos &= ~(1 << IDX_PAP); 3520 3521 lcp.Close(sp); 3522} 3523 3524static void 3525sppp_pap_scr(struct sppp *sp) 3526{ 3527 STDDCL; 3528 u_char idlen, pwdlen; 3529 3530 sp->confid[IDX_PAP] = ++sp->pp_seq; 3531 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 3532 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 3533 3534 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 3535 sizeof idlen, (const char *)&idlen, 3536 (unsigned)idlen, sp->myauth.name, 3537 sizeof pwdlen, (const char *)&pwdlen, 3538 (unsigned)pwdlen, sp->myauth.secret, 3539 0); 3540} 3541/* 3542 * Random miscellaneous functions. 3543 */ 3544 3545/* 3546 * Send a PAP or CHAP proto packet. 3547 * 3548 * Varadic function, each of the elements for the ellipsis is of type 3549 * ``unsigned mlen, const u_char *msg''. Processing will stop iff 3550 * mlen == 0. 3551 */ 3552 3553static void 3554sppp_auth_send(const struct cp *cp, struct sppp *sp, u_char type, u_char id, 3555 ...) 3556{ 3557 STDDCL; 3558 struct ppp_header *h; 3559 struct lcp_header *lh; 3560 struct mbuf *m; 3561 u_char *p; 3562 int len; 3563 unsigned mlen; 3564 const char *msg; 3565 va_list ap; 3566 3567 MGETHDR (m, M_DONTWAIT, MT_DATA); 3568 if (! m) 3569 return; 3570 m->m_pkthdr.rcvif = 0; 3571 3572 h = mtod (m, struct ppp_header*); 3573 h->address = PPP_ALLSTATIONS; /* broadcast address */ 3574 h->control = PPP_UI; /* Unnumbered Info */ 3575 h->protocol = htons(cp->proto); 3576 3577 lh = (struct lcp_header*)(h + 1); 3578 lh->type = type; 3579 lh->ident = id; 3580 p = (u_char*) (lh+1); 3581 3582 va_start(ap, id); 3583 len = 0; 3584 3585 while ((mlen = va_arg(ap, unsigned)) != 0) { 3586 msg = va_arg(ap, const char *); 3587 len += mlen; 3588 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 3589 va_end(ap); 3590 m_freem(m); 3591 return; 3592 } 3593 3594 bcopy(msg, p, mlen); 3595 p += mlen; 3596 } 3597 va_end(ap); 3598 3599 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 3600 lh->len = htons (LCP_HEADER_LEN + len); 3601 3602 if (debug) { 3603 log(LOG_DEBUG, "%s%d: %s output <%s id=0x%x len=%d", 3604 ifp->if_name, ifp->if_unit, cp->name, 3605 sppp_auth_type_name(cp->proto, lh->type), 3606 lh->ident, ntohs(lh->len)); 3607 if (len) 3608 sppp_print_bytes((u_char*) (lh+1), len); 3609 addlog(">\n"); 3610 } 3611 if (IF_QFULL (&sp->pp_cpq)) { 3612 IF_DROP (&sp->pp_fastq); 3613 IF_DROP (&ifp->if_snd); 3614 m_freem (m); 3615 ++ifp->if_oerrors; 3616 } else 3617 IF_ENQUEUE (&sp->pp_cpq, m); 3618 if (! (ifp->if_flags & IFF_OACTIVE)) 3619 (*ifp->if_start) (ifp); 3620 ifp->if_obytes += m->m_pkthdr.len + 3; 3621} 3622 3623/* 3624 * Flush interface queue. 3625 */ 3626static void 3627sppp_qflush(struct ifqueue *ifq) 3628{ 3629 struct mbuf *m, *n; 3630 3631 n = ifq->ifq_head; 3632 while ((m = n)) { 3633 n = m->m_act; 3634 m_freem (m); 3635 } 3636 ifq->ifq_head = 0; 3637 ifq->ifq_tail = 0; 3638 ifq->ifq_len = 0; 3639} 3640 3641/* 3642 * Send keepalive packets, every 10 seconds. 3643 */ 3644static void 3645sppp_keepalive(void *dummy) 3646{ 3647 struct sppp *sp; 3648 int s; 3649 3650 s = splimp(); 3651 for (sp=spppq; sp; sp=sp->pp_next) { 3652 struct ifnet *ifp = &sp->pp_if; 3653 3654 /* Keepalive mode disabled or channel down? */ 3655 if (! (sp->pp_flags & PP_KEEPALIVE) || 3656 ! (ifp->if_flags & IFF_RUNNING)) 3657 continue; 3658 3659 /* No keepalive in PPP mode if LCP not opened yet. */ 3660 if (! (sp->pp_flags & PP_CISCO) && 3661 sp->pp_phase < PHASE_AUTHENTICATE) 3662 continue; 3663 3664 if (sp->pp_alivecnt == MAXALIVECNT) { 3665 /* No keepalive packets got. Stop the interface. */ 3666 printf ("%s%d: down\n", ifp->if_name, ifp->if_unit); 3667 if_down (ifp); 3668 sppp_qflush (&sp->pp_cpq); 3669 if (! (sp->pp_flags & PP_CISCO)) { 3670 /* XXX */ 3671 /* Shut down the PPP link. */ 3672 lcp.Down(sp); 3673 /* Initiate negotiation. XXX */ 3674 lcp.Up(sp); 3675 } 3676 } 3677 if (sp->pp_alivecnt <= MAXALIVECNT) 3678 ++sp->pp_alivecnt; 3679 if (sp->pp_flags & PP_CISCO) 3680 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, ++sp->pp_seq, 3681 sp->pp_rseq); 3682 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 3683 long nmagic = htonl (sp->lcp.magic); 3684 sp->lcp.echoid = ++sp->pp_seq; 3685 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 3686 sp->lcp.echoid, 4, &nmagic); 3687 } 3688 } 3689 splx(s); 3690 keepalive_ch = timeout(sppp_keepalive, 0, hz * 10); 3691} 3692 3693/* 3694 * Get both IP addresses. 3695 */ 3696static void 3697sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 3698{ 3699 struct ifnet *ifp = &sp->pp_if; 3700 struct ifaddr *ifa; 3701 struct sockaddr_in *si, *sm; 3702 u_long ssrc, ddst; 3703 3704 ssrc = ddst = 0L; 3705 /* 3706 * Pick the first AF_INET address from the list, 3707 * aliases don't make any sense on a p2p link anyway. 3708 */ 3709 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 3710 ifa; 3711 ifa = ifa->ifa_link.tqe_next) 3712 if (ifa->ifa_addr->sa_family == AF_INET) { 3713 si = (struct sockaddr_in *)ifa->ifa_addr; 3714 sm = (struct sockaddr_in *)ifa->ifa_netmask; 3715 if (si) 3716 break; 3717 } 3718 if (ifa) { 3719 if (si && si->sin_addr.s_addr) { 3720 ssrc = si->sin_addr.s_addr; 3721 if (srcmask) 3722 *srcmask = ntohl(sm->sin_addr.s_addr); 3723 } 3724 3725 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 3726 if (si && si->sin_addr.s_addr) 3727 ddst = si->sin_addr.s_addr; 3728 } 3729 3730 if (dst) *dst = ntohl(ddst); 3731 if (src) *src = ntohl(ssrc); 3732} 3733 3734/* 3735 * Set my IP address. Must be called at splimp. 3736 */ 3737static void 3738sppp_set_ip_addr(struct sppp *sp, u_long src) 3739{ 3740 struct ifnet *ifp = &sp->pp_if; 3741 struct ifaddr *ifa; 3742 struct sockaddr_in *si; 3743 u_long ssrc, ddst; 3744 3745 /* 3746 * Pick the first AF_INET address from the list, 3747 * aliases don't make any sense on a p2p link anyway. 3748 */ 3749 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 3750 ifa; 3751 ifa = ifa->ifa_link.tqe_next) 3752 if (ifa->ifa_addr->sa_family == AF_INET) { 3753 si = (struct sockaddr_in *)ifa->ifa_addr; 3754 if (si) 3755 break; 3756 } 3757 if (ifa && si) 3758 si->sin_addr.s_addr = htonl(src); 3759} 3760 3761static int 3762sppp_params(struct sppp *sp, int cmd, void *data) 3763{ 3764 int subcmd; 3765 struct ifreq *ifr = (struct ifreq *)data; 3766 struct spppreq spr; 3767 3768 /* 3769 * ifr->ifr_data is supposed to point to a struct spppreq. 3770 * Check the cmd word first before attempting to fetch all the 3771 * data. 3772 */ 3773 if ((subcmd = fuword(ifr->ifr_data)) == -1) 3774 return EFAULT; 3775 3776 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0) 3777 return EFAULT; 3778 3779 switch (subcmd) { 3780 case SPPPIOGDEFS: 3781 if (cmd != SIOCGIFGENERIC) 3782 return EINVAL; 3783 /* 3784 * We copy over the entire current state, but clean 3785 * out some of the stuff we don't wanna pass up. 3786 * Remember, SIOCGIFGENERIC is unprotected, and can be 3787 * called by any user. No need to ever get PAP or 3788 * CHAP secrets back to userland anyway. 3789 */ 3790 bcopy(sp, &spr.defs, sizeof(struct sppp)); 3791 bzero(spr.defs.myauth.secret, AUTHKEYLEN); 3792 bzero(spr.defs.myauth.challenge, AUTHKEYLEN); 3793 bzero(spr.defs.hisauth.secret, AUTHKEYLEN); 3794 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN); 3795 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr); 3796 3797 case SPPPIOSDEFS: 3798 if (cmd != SIOCSIFGENERIC) 3799 return EINVAL; 3800 /* 3801 * We have a very specific idea of which fields we allow 3802 * being passed back from userland, so to not clobber our 3803 * current state. For one, we only allow setting 3804 * anything if LCP is in dead phase. Once the LCP 3805 * negotiations started, the authentication settings must 3806 * not be changed again. (The administrator can force an 3807 * ifconfig down in order to get LCP back into dead 3808 * phase.) 3809 * 3810 * Also, we only allow for authentication parameters to be 3811 * specified. 3812 * 3813 * XXX Should allow to set or clear pp_flags. 3814 * 3815 * Finally, if the respective authentication protocol to 3816 * be used is set differently than 0, but the secret is 3817 * passed as all zeros, we don't trash the existing secret. 3818 * This allows an administrator to change the system name 3819 * only without clobbering the secret (which he didn't get 3820 * back in a previous SPPPIOGDEFS call). However, the 3821 * secrets are cleared if the authentication protocol is 3822 * reset to 0. 3823 */ 3824 if (sp->pp_phase != PHASE_DEAD) 3825 return EBUSY; 3826 3827 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP && 3828 spr.defs.myauth.proto != PPP_CHAP) || 3829 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP && 3830 spr.defs.hisauth.proto != PPP_CHAP)) 3831 return EINVAL; 3832 3833 if (spr.defs.myauth.proto == 0) 3834 /* resetting myauth */ 3835 bzero(&sp->myauth, sizeof sp->myauth); 3836 else { 3837 /* setting/changing myauth */ 3838 sp->myauth.proto = spr.defs.myauth.proto; 3839 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 3840 if (spr.defs.myauth.secret[0] != '\0') 3841 bcopy(spr.defs.myauth.secret, sp->myauth.secret, 3842 AUTHKEYLEN); 3843 } 3844 if (spr.defs.hisauth.proto == 0) 3845 /* resetting hisauth */ 3846 bzero(&sp->hisauth, sizeof sp->hisauth); 3847 else { 3848 /* setting/changing hisauth */ 3849 sp->hisauth.proto = spr.defs.hisauth.proto; 3850 sp->hisauth.flags = spr.defs.hisauth.flags; 3851 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 3852 if (spr.defs.hisauth.secret[0] != '\0') 3853 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret, 3854 AUTHKEYLEN); 3855 } 3856 break; 3857 3858 default: 3859 return EINVAL; 3860 } 3861 3862 return 0; 3863} 3864 3865static void 3866sppp_phase_network(struct sppp *sp) 3867{ 3868 struct ifnet *ifp = &sp->pp_if; 3869 int i; 3870 u_long mask; 3871 3872 sp->pp_phase = PHASE_NETWORK; 3873 3874 log(LOG_INFO, "%s%d: phase %s\n", ifp->if_name, ifp->if_unit, 3875 sppp_phase_name(sp->pp_phase)); 3876 3877 /* Notify NCPs now. */ 3878 for (i = 0; i < IDX_COUNT; i++) 3879 if ((cps[i])->flags & CP_NCP) 3880 (cps[i])->Open(sp); 3881 3882 /* Send Up events to all NCPs. */ 3883 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 3884 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 3885 (cps[i])->Up(sp); 3886 3887 /* if no NCP is starting, all this was in vain, close down */ 3888 sppp_lcp_check_and_close(sp); 3889} 3890 3891 3892static const char * 3893sppp_cp_type_name(u_char type) 3894{ 3895 static char buf[12]; 3896 switch (type) { 3897 case CONF_REQ: return "conf-req"; 3898 case CONF_ACK: return "conf-ack"; 3899 case CONF_NAK: return "conf-nak"; 3900 case CONF_REJ: return "conf-rej"; 3901 case TERM_REQ: return "term-req"; 3902 case TERM_ACK: return "term-ack"; 3903 case CODE_REJ: return "code-rej"; 3904 case PROTO_REJ: return "proto-rej"; 3905 case ECHO_REQ: return "echo-req"; 3906 case ECHO_REPLY: return "echo-reply"; 3907 case DISC_REQ: return "discard-req"; 3908 } 3909 sprintf (buf, "0x%x", type); 3910 return buf; 3911} 3912 3913static const char * 3914sppp_auth_type_name(u_short proto, u_char type) 3915{ 3916 static char buf[12]; 3917 switch (proto) { 3918 case PPP_CHAP: 3919 switch (type) { 3920 case CHAP_CHALLENGE: return "challenge"; 3921 case CHAP_RESPONSE: return "response"; 3922 case CHAP_SUCCESS: return "success"; 3923 case CHAP_FAILURE: return "failure"; 3924 } 3925 case PPP_PAP: 3926 switch (type) { 3927 case PAP_REQ: return "req"; 3928 case PAP_ACK: return "ack"; 3929 case PAP_NAK: return "nak"; 3930 } 3931 } 3932 sprintf (buf, "0x%x", type); 3933 return buf; 3934} 3935 3936static const char * 3937sppp_lcp_opt_name(u_char opt) 3938{ 3939 static char buf[12]; 3940 switch (opt) { 3941 case LCP_OPT_MRU: return "mru"; 3942 case LCP_OPT_ASYNC_MAP: return "async-map"; 3943 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 3944 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 3945 case LCP_OPT_MAGIC: return "magic"; 3946 case LCP_OPT_PROTO_COMP: return "proto-comp"; 3947 case LCP_OPT_ADDR_COMP: return "addr-comp"; 3948 } 3949 sprintf (buf, "0x%x", opt); 3950 return buf; 3951} 3952 3953static const char * 3954sppp_ipcp_opt_name(u_char opt) 3955{ 3956 static char buf[12]; 3957 switch (opt) { 3958 case IPCP_OPT_ADDRESSES: return "addresses"; 3959 case IPCP_OPT_COMPRESSION: return "compression"; 3960 case IPCP_OPT_ADDRESS: return "address"; 3961 } 3962 sprintf (buf, "0x%x", opt); 3963 return buf; 3964} 3965 3966static const char * 3967sppp_state_name(int state) 3968{ 3969 switch (state) { 3970 case STATE_INITIAL: return "initial"; 3971 case STATE_STARTING: return "starting"; 3972 case STATE_CLOSED: return "closed"; 3973 case STATE_STOPPED: return "stopped"; 3974 case STATE_CLOSING: return "closing"; 3975 case STATE_STOPPING: return "stopping"; 3976 case STATE_REQ_SENT: return "req-sent"; 3977 case STATE_ACK_RCVD: return "ack-rcvd"; 3978 case STATE_ACK_SENT: return "ack-sent"; 3979 case STATE_OPENED: return "opened"; 3980 } 3981 return "illegal"; 3982} 3983 3984static const char * 3985sppp_phase_name(enum ppp_phase phase) 3986{ 3987 switch (phase) { 3988 case PHASE_DEAD: return "dead"; 3989 case PHASE_ESTABLISH: return "establish"; 3990 case PHASE_TERMINATE: return "terminate"; 3991 case PHASE_AUTHENTICATE: return "authenticate"; 3992 case PHASE_NETWORK: return "network"; 3993 } 3994 return "illegal"; 3995} 3996 3997static const char * 3998sppp_proto_name(u_short proto) 3999{ 4000 static char buf[12]; 4001 switch (proto) { 4002 case PPP_LCP: return "lcp"; 4003 case PPP_IPCP: return "ipcp"; 4004 case PPP_PAP: return "pap"; 4005 case PPP_CHAP: return "chap"; 4006 } 4007 sprintf(buf, "0x%x", (unsigned)proto); 4008 return buf; 4009} 4010 4011static void 4012sppp_print_bytes(const u_char *p, u_short len) 4013{ 4014 addlog(" %x", *p++); 4015 while (--len > 0) 4016 addlog("-%x", *p++); 4017} 4018 4019static void 4020sppp_print_string(const char *p, u_short len) 4021{ 4022 u_char c; 4023 4024 while (len-- > 0) { 4025 c = *p++; 4026 /* 4027 * Print only ASCII chars directly. RFC 1994 recommends 4028 * using only them, but we don't rely on it. */ 4029 if (c < ' ' || c > '~') 4030 addlog("\\x%x", c); 4031 else 4032 addlog("%c", c); 4033 } 4034} 4035 4036static const char * 4037sppp_dotted_quad(u_long addr) 4038{ 4039 static char s[16]; 4040 sprintf(s, "%d.%d.%d.%d", 4041 (addr >> 24) & 0xff, 4042 (addr >> 16) & 0xff, 4043 (addr >> 8) & 0xff, 4044 addr & 0xff); 4045 return s; 4046} 4047 4048static int 4049sppp_strnlen(u_char *p, int max) 4050{ 4051 int len; 4052 4053 for (len = 0; len < max && *p; ++p) 4054 ++len; 4055 return len; 4056} 4057 4058/* a dummy, used to drop uninteresting events */ 4059static void 4060sppp_null(struct sppp *unused) 4061{ 4062 /* do just nothing */ 4063} 4064/* 4065 * This file is large. Tell emacs to highlight it nevertheless. 4066 * 4067 * Local Variables: 4068 * hilit-auto-highlight-maxout: 120000 4069 * End: 4070 */ 4071